diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 017082b42b536..11aa9b609dd1c 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,20 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.182.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.181.1-alpha.0...v2.182.0-alpha.0) (2025-03-04) + + +### Features + +* **pipes-alpha:** support for customer-managed KMS keys to encrypt pipe data ([#33546](https://github.com/aws/aws-cdk/issues/33546)) ([dd0d62f](https://github.com/aws/aws-cdk/commit/dd0d62f84da06e2cafbe7a8bac80899d86b6f153)), closes [#31453](https://github.com/aws/aws-cdk/issues/31453) + + +### Bug Fixes + +* **cognito-identitypool-alpha:** prevent stacks from not deploying correctly ([#33609](https://github.com/aws/aws-cdk/issues/33609)) ([e220bc8](https://github.com/aws/aws-cdk/commit/e220bc8ca9b75bcbb4bb7447703f32737b47fc77)), closes [#33510](https://github.com/aws/aws-cdk/issues/33510) +* **eks-v2-alpha:** can't delete fargate cluster ([#33573](https://github.com/aws/aws-cdk/issues/33573)) ([4ada313](https://github.com/aws/aws-cdk/commit/4ada3132e73e8f6b299548003d46e68f9db353a5)), closes [#33347](https://github.com/aws/aws-cdk/issues/33347) +* **scheduler-targets:** update kinesis firehose imports ([#33615](https://github.com/aws/aws-cdk/issues/33615)) ([1df1a78](https://github.com/aws/aws-cdk/commit/1df1a784ca4d4ed8c724f0a8840137724fb46ca9)) + ## [2.181.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.181.0-alpha.0...v2.181.1-alpha.0) (2025-02-27) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 42963bb19adbc..8a4a33aafba44 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,31 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.182.0](https://github.com/aws/aws-cdk/compare/v2.181.1...v2.182.0) (2025-03-04) + + +### Features + +* **assertions:** added getResourceId method to Template ([#33521](https://github.com/aws/aws-cdk/issues/33521)) ([a96b0f1](https://github.com/aws/aws-cdk/commit/a96b0f1dca27b262fb2c72637ed9043830477c2c)) +* **autoscaling:** add new `HealthChecks` for multiple health check types, including EBS and VPC_LATTICE types ([#31286](https://github.com/aws/aws-cdk/issues/31286)) ([b3edd0d](https://github.com/aws/aws-cdk/commit/b3edd0da9d0f49070b94120051c48716a69102c3)), closes [#31289](https://github.com/aws/aws-cdk/issues/31289) [/github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts#L233](https://github.com/aws//github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts/issues/L233) [/github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts#L2232-L2258](https://github.com/aws//github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts/issues/L2232-L2258) [/github.com/aws/aws-cdk/pull/31286#discussion_r1740763781](https://github.com/aws//github.com/aws/aws-cdk/pull/31286/issues/discussion_r1740763781) +* **ecs:** encrypting managed storage ([#33535](https://github.com/aws/aws-cdk/issues/33535)) ([07f0fe3](https://github.com/aws/aws-cdk/commit/07f0fe3a851cce328433ada9aac674ab9464b5ca)), closes [#33380](https://github.com/aws/aws-cdk/issues/33380) +* **inspector:** add minimal L2 interface for Inspector assessment template and fromCfnAssessmentTemplate() ([#33614](https://github.com/aws/aws-cdk/issues/33614)) ([d51f70a](https://github.com/aws/aws-cdk/commit/d51f70ab40d237a3145d986e75c7ea2465afd6b4)) +* **opensearchservice:** nodeoptions for domain ([#32936](https://github.com/aws/aws-cdk/issues/32936)) ([1b6f0c3](https://github.com/aws/aws-cdk/commit/1b6f0c3d0eb4aedfc72c716ee18aa3ae4dbf16b8)), closes [#32553](https://github.com/aws/aws-cdk/issues/32553) +* **rds:** `DatabaseCluster` support `replicationSourceIdentifier` ([#33471](https://github.com/aws/aws-cdk/issues/33471)) ([878ad54](https://github.com/aws/aws-cdk/commit/878ad546c2d4f330c777734a0c7919bd6ce46395)), closes [#33280](https://github.com/aws/aws-cdk/issues/33280) +* update L1 CloudFormation resource definitions ([#33676](https://github.com/aws/aws-cdk/issues/33676)) ([92dba49](https://github.com/aws/aws-cdk/commit/92dba49571caec118001b9f13b82378bec2150f0)) +* upgrade @aws-cdk/cloud-assembly-schema to v40 ([#33620](https://github.com/aws/aws-cdk/issues/33620)) ([127059e](https://github.com/aws/aws-cdk/commit/127059e890c78fcfaf11a97a961395b2ceb2a339)) + + +### Bug Fixes + +* **apigateway:** move endpointConfiguration to RestApiBaseProps ([#33514](https://github.com/aws/aws-cdk/issues/33514)) ([e07a89c](https://github.com/aws/aws-cdk/commit/e07a89ccb053fe22bcb96456c75304ac7a3c7670)), closes [#33295](https://github.com/aws/aws-cdk/issues/33295) +* **appsync:** appsync Event API integration assertion tests ([#33572](https://github.com/aws/aws-cdk/issues/33572)) ([6f966a6](https://github.com/aws/aws-cdk/commit/6f966a6dcc010fe6af7999e7b5f97a447287aed3)) +* **cloudwatch:** update regex expression that prevents CloudWatch:Mah:UnknownIdentifier warnings ([#33591](https://github.com/aws/aws-cdk/issues/33591)) ([#33592](https://github.com/aws/aws-cdk/issues/33592)) ([97744e7](https://github.com/aws/aws-cdk/commit/97744e746670bf067da40c8ff6a902a9c15b707e)) +* **iam:** adding organization id pattern verification ([#33555](https://github.com/aws/aws-cdk/issues/33555)) ([6df9bfe](https://github.com/aws/aws-cdk/commit/6df9bfe566a913c6c0538b2f380a83d06891a027)), closes [#32756](https://github.com/aws/aws-cdk/issues/32756) +* **lambda-nodejs:** do not require a frozen lockfile for bun ([#32908](https://github.com/aws/aws-cdk/issues/32908)) ([a21190e](https://github.com/aws/aws-cdk/commit/a21190eb85bbc64820389ca5979a324932b9ab4b)), closes [#32906](https://github.com/aws/aws-cdk/issues/32906) [#32906](https://github.com/aws/aws-cdk/issues/32906) +* **s3:** cannot deploy multiple replication source buckets (under feature flag) ([#33360](https://github.com/aws/aws-cdk/issues/33360)) ([d580853](https://github.com/aws/aws-cdk/commit/d580853c546b4ee2d49afb52be75b4eb036bd6cd)), closes [#33355](https://github.com/aws/aws-cdk/issues/33355) +* **sns:** for SSE topics, add KMS permissions in grantPublish ([#32794](https://github.com/aws/aws-cdk/issues/32794)) ([f1c0926](https://github.com/aws/aws-cdk/commit/f1c092634a391b0b7aed0f75626dd6d0ffd56564)), closes [#18387](https://github.com/aws/aws-cdk/issues/18387) [#31012](https://github.com/aws/aws-cdk/issues/31012) [#24848](https://github.com/aws/aws-cdk/issues/24848) [#16271](https://github.com/aws/aws-cdk/issues/16271) [#29511](https://github.com/aws/aws-cdk/issues/29511) [/github.com/aws/aws-cdk/issues/16271#issuecomment-917221985](https://github.com/aws//github.com/aws/aws-cdk/issues/16271/issues/issuecomment-917221985) + ## [2.181.1](https://github.com/aws/aws-cdk/compare/v2.181.0...v2.181.1) (2025-02-27) ## [2.181.0](https://github.com/aws/aws-cdk/compare/v2.180.0...v2.181.0) (2025-02-25) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/aws-cdk-log-group-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/aws-cdk-log-group-integ.assets.json index 1a63f09b0460b..3f39978bd9c2f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/aws-cdk-log-group-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/aws-cdk-log-group-integ.assets.json @@ -1,7 +1,7 @@ { "version": "39.0.0", "files": { - "f73440b0e32a261b64b3f44b72f9e681bc775595740055ca82b47830bc9b3535": { + "67c684a3a20aaf6222eb1845b08f0d8dde625acf4e0f6a6430aa7e1f94a6017a": { "source": { "path": "aws-cdk-log-group-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f73440b0e32a261b64b3f44b72f9e681bc775595740055ca82b47830bc9b3535.json", + "objectKey": "67c684a3a20aaf6222eb1845b08f0d8dde625acf4e0f6a6430aa7e1f94a6017a.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/aws-cdk-log-group-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/aws-cdk-log-group-integ.template.json index 67ad305cbcb04..cb312fe63be3a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/aws-cdk-log-group-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/aws-cdk-log-group-integ.template.json @@ -112,6 +112,14 @@ ] } }, + "FieldIndexPolicies": [ + { + "Fields": [ + "Operation", + "RequestId" + ] + } + ], "RetentionInDays": 731 }, "UpdateReplacePolicy": "Retain", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/manifest.json index 4cdf84372be65..c0800da6610fb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f73440b0e32a261b64b3f44b72f9e681bc775595740055ca82b47830bc9b3535.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/67c684a3a20aaf6222eb1845b08f0d8dde625acf4e0f6a6430aa7e1f94a6017a.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/tree.json index 4f4b3c111c0da..49e8317d80b4a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.js.snapshot/tree.json @@ -166,6 +166,14 @@ ] } }, + "fieldIndexPolicies": [ + { + "Fields": [ + "Operation", + "RequestId" + ] + } + ], "retentionInDays": 731 } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.ts index 162e76687dfa0..6b55c786dc0ef 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.log-group.ts @@ -1,7 +1,7 @@ import { Bucket } from 'aws-cdk-lib/aws-s3'; import { App, Stack, StackProps } from 'aws-cdk-lib'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; -import { LogGroup, DataProtectionPolicy, DataIdentifier, CustomDataIdentifier } from 'aws-cdk-lib/aws-logs'; +import { LogGroup, DataProtectionPolicy, DataIdentifier, CustomDataIdentifier, FieldIndexPolicy } from 'aws-cdk-lib/aws-logs'; class LogGroupIntegStack extends Stack { constructor(scope: App, id: string, props?: StackProps) { @@ -19,8 +19,13 @@ class LogGroupIntegStack extends Stack { s3BucketAuditDestination: bucket, }); + const fieldIndexPolicy = new FieldIndexPolicy({ + fields: ['Operation', 'RequestId'], + }); + new LogGroup(this, 'LogGroupLambda', { dataProtectionPolicy: dataProtectionPolicy, + fieldIndexPolicies: [fieldIndexPolicy], }); } } diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/README.md b/packages/@aws-cdk/aws-scheduler-targets-alpha/README.md index 1758f6e2fb87b..145760347527e 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/README.md +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/README.md @@ -222,7 +222,9 @@ called every hour by EventBridge Scheduler. ```ts import * as inspector from 'aws-cdk-lib/aws-inspector'; -declare const assessmentTemplate: inspector.CfnAssessmentTemplate; +declare const cfnAssessmentTemplate: inspector.CfnAssessmentTemplate; + +const assessmentTemplate = inspector.AssessmentTemplate.fromCfnAssessmentTemplate(this, 'MyAssessmentTemplate', cfnAssessmentTemplate); new Schedule(this, 'Schedule', { schedule: ScheduleExpression.rate(Duration.minutes(60)), @@ -316,7 +318,7 @@ new Schedule(this, 'Schedule', { ## Invoke a wider set of AWS API -Use the `Universal` target to invoke AWS API. See https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html +Use the `Universal` target to invoke AWS API. See The code snippet below creates an event rule with AWS API as the target which is called at midnight every day by EventBridge Scheduler. diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/inspector-start-assessment-run.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/inspector-start-assessment-run.ts index 15fa16c866a10..5434c22915db3 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/inspector-start-assessment-run.ts +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/inspector-start-assessment-run.ts @@ -1,6 +1,6 @@ import { IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha'; import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam'; -import { CfnAssessmentTemplate } from 'aws-cdk-lib/aws-inspector'; +import { IAssessmentTemplate } from 'aws-cdk-lib/aws-inspector'; import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target'; /** @@ -8,15 +8,17 @@ import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target'; */ export class InspectorStartAssessmentRun extends ScheduleTargetBase implements IScheduleTarget { constructor( - template: CfnAssessmentTemplate, + template: IAssessmentTemplate, props: ScheduleTargetBaseProps = {}, ) { - super(props, template.attrArn); + super(props, template.assessmentTemplateArn); } protected addTargetActionToRole(role: IRole): void { role.addToPrincipalPolicy(new PolicyStatement({ actions: ['inspector:StartAssessmentRun'], + // The wildcard is intentional here as Amazon Inspector does not support specifying a resource ARN in the Resource element of an IAM policy statement. + // See https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninspector.html#amazoninspector-resources-for-iam-policies. resources: ['*'], })); } diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/inspector-start-assessment-run.test.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/inspector-start-assessment-run.test.ts index d93c20ea4629c..4ab0b14b7e9e9 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/inspector-start-assessment-run.test.ts +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/inspector-start-assessment-run.test.ts @@ -2,14 +2,14 @@ import { ScheduleExpression, Schedule, Group } from '@aws-cdk/aws-scheduler-alph import { App, Duration, Stack } from 'aws-cdk-lib'; import { Template } from 'aws-cdk-lib/assertions'; import { AccountRootPrincipal, Role } from 'aws-cdk-lib/aws-iam'; -import { CfnAssessmentTarget, CfnAssessmentTemplate } from 'aws-cdk-lib/aws-inspector'; +import { AssessmentTemplate, CfnAssessmentTarget, CfnAssessmentTemplate, IAssessmentTemplate } from 'aws-cdk-lib/aws-inspector'; import * as sqs from 'aws-cdk-lib/aws-sqs'; import { InspectorStartAssessmentRun } from '../lib'; describe('schedule target', () => { let app: App; let stack: Stack; - let template: CfnAssessmentTemplate; + let template: IAssessmentTemplate; const expr = ScheduleExpression.at(new Date(Date.UTC(1969, 10, 20, 0, 0, 0))); const roleId = 'SchedulerRoleForTarget78b2d848BF7444'; @@ -17,11 +17,12 @@ describe('schedule target', () => { app = new App({ context: { '@aws-cdk/aws-iam:minimizePolicies': true } }); stack = new Stack(app, 'Stack', { env: { region: 'us-east-1', account: '123456789012' } }); const assessmentTarget = new CfnAssessmentTarget(stack, 'MyAssessmentTarget'); - template = new CfnAssessmentTemplate(stack, 'MyTemplate', { + const cfnAssessmentTemplate = new CfnAssessmentTemplate(stack, 'MyTemplate', { assessmentTargetArn: assessmentTarget.attrArn, durationInSeconds: 3600, rulesPackageArns: ['arn:aws:inspector:us-east-1:316112463485:rulespackage/0-gEjTy7T7'], }); + template = AssessmentTemplate.fromCfnAssessmentTemplate(stack, 'AssessmentTemplate', cfnAssessmentTemplate); }); test('creates IAM role and IAM policy for inspector assessment template in the same account', () => { @@ -278,11 +279,12 @@ describe('schedule target', () => { }, }); const assessmentTarget = new CfnAssessmentTarget(stack2, 'AnotherTarget'); - const anotherTemplate = new CfnAssessmentTemplate(stack2, 'AnotherTemplate', { + const cfnAssessmentTemplate = new CfnAssessmentTemplate(stack2, 'AnotherTemplate', { assessmentTargetArn: assessmentTarget.attrArn, durationInSeconds: 3600, rulesPackageArns: ['arn:aws:inspector:us-east-1:316112463485:rulespackage/0-gEjTy7T7'], }); + const anotherTemplate = AssessmentTemplate.fromCfnAssessmentTemplate(stack2, 'AnotherAssessmentTemplate', cfnAssessmentTemplate); const inspectorTarget = new InspectorStartAssessmentRun(anotherTemplate); @@ -363,11 +365,12 @@ describe('schedule target', () => { }, }); const assessmentTarget = new CfnAssessmentTarget(stack2, 'AnotherTarget'); - const anotherTemplate = new CfnAssessmentTemplate(stack2, 'AnotherTemplate', { + const cfnAssessmentTemplate = new CfnAssessmentTemplate(stack2, 'AnotherTemplate', { assessmentTargetArn: assessmentTarget.attrArn, durationInSeconds: 3600, rulesPackageArns: ['arn:aws:inspector:us-east-1:316112463485:rulespackage/0-gEjTy7T7'], }); + const anotherTemplate = AssessmentTemplate.fromCfnAssessmentTemplate(stack2, 'AnotherAssessmentTemplate', cfnAssessmentTemplate); const importedRole = Role.fromRoleArn(stack, 'ImportedRole', 'arn:aws:iam::123456789012:role/someRole'); const inspectorTarget = new InspectorStartAssessmentRun(anotherTemplate, { diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.inspector-start-assessment-run.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.inspector-start-assessment-run.ts index 8b001f86eae2d..5cb3142a22551 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.inspector-start-assessment-run.ts +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.inspector-start-assessment-run.ts @@ -1,7 +1,7 @@ import * as scheduler from '@aws-cdk/aws-scheduler-alpha'; import { ExpectedResult, IntegTest } from '@aws-cdk/integ-tests-alpha'; import * as cdk from 'aws-cdk-lib'; -import { CfnAssessmentTarget, CfnAssessmentTemplate } from 'aws-cdk-lib/aws-inspector'; +import { AssessmentTemplate, CfnAssessmentTarget, CfnAssessmentTemplate } from 'aws-cdk-lib/aws-inspector'; import { InspectorStartAssessmentRun } from '../lib'; /* @@ -17,12 +17,12 @@ const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-cdk-scheduler-targets-inspector-start-assessment-run'); const assessmentTarget = new CfnAssessmentTarget(stack, 'MyAssessmentTarget'); -const assessmentTemplate = new CfnAssessmentTemplate(stack, 'MyAssessmentTemplate', { +const cfnAssessmentTemplate = new CfnAssessmentTemplate(stack, 'MyAssessmentTemplate', { assessmentTargetArn: assessmentTarget.attrArn, durationInSeconds: 3600, - // https://docs.aws.amazon.com/inspector/v1/userguide/inspector_rules-arns.html#us-east-1 rulesPackageArns: ['arn:aws:inspector:us-east-1:316112463485:rulespackage/0-gEjTy7T7'], }); +const assessmentTemplate = AssessmentTemplate.fromCfnAssessmentTemplate(stack, 'AssessmentTemplate', cfnAssessmentTemplate); new scheduler.Schedule(stack, 'Schedule', { schedule: scheduler.ScheduleExpression.rate(cdk.Duration.minutes(10)), @@ -36,10 +36,10 @@ const integrationTest = new IntegTest(app, 'integrationtest-inspector-start-asse // Verifies that the assessment run by the scheduler integrationTest.assertions.awsApiCall('Inspector', 'listAssessmentRuns', { - AssessmentTemplateArns: [assessmentTemplate.attrArn], + AssessmentTemplateArns: [assessmentTemplate.assessmentTemplateArn], }).assertAtPath( 'assessmentRunArns.0', - ExpectedResult.stringLikeRegexp(assessmentTemplate.attrArn), + ExpectedResult.stringLikeRegexp(assessmentTemplate.assessmentTemplateArn), ).waitForAssertions({ interval: cdk.Duration.seconds(30), totalTimeout: cdk.Duration.minutes(10), diff --git a/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/cluster-resource-handler/cluster.ts b/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/cluster-resource-handler/cluster.ts index e802e4e770e50..7fe12005051dc 100644 --- a/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/cluster-resource-handler/cluster.ts +++ b/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/cluster-resource-handler/cluster.ts @@ -218,6 +218,18 @@ export class ClusterResourceHandler extends ResourceHandler { } if (updates.updateAuthMode) { + // update-authmode will fail if we try to update to the same mode, + // so skip in this case. + try { + const cluster = (await this.eks.describeCluster({ name: this.clusterName })).cluster; + if (cluster?.accessConfig?.authenticationMode === this.newProps.accessConfig?.authenticationMode) { + console.log(`cluster already at ${cluster?.accessConfig?.authenticationMode}, skipping authMode update`); + return; + } + } catch (e: any) { + throw e; + } + // the update path must be // `undefined or CONFIG_MAP` -> `API_AND_CONFIG_MAP` -> `API` // and it's one way path. @@ -247,17 +259,6 @@ export class ClusterResourceHandler extends ResourceHandler { this.newProps.accessConfig?.authenticationMode === 'API') { throw new Error('Cannot update from CONFIG_MAP to API'); } - // update-authmode will fail if we try to update to the same mode, - // so skip in this case. - try { - const cluster = (await this.eks.describeCluster({ name: this.clusterName })).cluster; - if (cluster?.accessConfig?.authenticationMode === this.newProps.accessConfig?.authenticationMode) { - console.log(`cluster already at ${cluster?.accessConfig?.authenticationMode}, skipping authMode update`); - return; - } - } catch (e: any) { - throw e; - } config.accessConfig = this.newProps.accessConfig; } diff --git a/packages/@aws-cdk/custom-resource-handlers/test/aws-eks/cluster-resource-handler-mocks.ts b/packages/@aws-cdk/custom-resource-handlers/test/aws-eks/cluster-resource-handler-mocks.ts index 2c76acfb415bf..5c65a471f87a9 100644 --- a/packages/@aws-cdk/custom-resource-handlers/test/aws-eks/cluster-resource-handler-mocks.ts +++ b/packages/@aws-cdk/custom-resource-handlers/test/aws-eks/cluster-resource-handler-mocks.ts @@ -90,6 +90,7 @@ export const client: EksClient = { arn: 'arn:cluster-arn', certificateAuthority: { data: 'certificateAuthority-data' }, endpoint: 'http://endpoint', + accessConfig: { authenticationMode: 'CONFIG_MAP' }, status: simulateResponse.describeClusterResponseMockStatus || 'ACTIVE', }, }; diff --git a/packages/@aws-cdk/custom-resource-handlers/test/aws-eks/cluster-resource-provider.test.ts b/packages/@aws-cdk/custom-resource-handlers/test/aws-eks/cluster-resource-provider.test.ts index a7e49575ee0d4..8b012cec1e03d 100644 --- a/packages/@aws-cdk/custom-resource-handlers/test/aws-eks/cluster-resource-provider.test.ts +++ b/packages/@aws-cdk/custom-resource-handlers/test/aws-eks/cluster-resource-provider.test.ts @@ -590,21 +590,6 @@ describe('cluster resource provider', () => { expect(error.message).toEqual('Cannot fallback authenticationMode from defined to undefined'); }); - test('fails from API_AND_CONFIG_MAP to CONFIG_MAP', async () => { - const handler = new ClusterResourceHandler(mocks.client, mocks.newRequest('Update', { - accessConfig: { authenticationMode: 'CONFIG_MAP' }, - }, { - accessConfig: { authenticationMode: 'API_AND_CONFIG_MAP' }, - })); - let error: any; - try { - await handler.onEvent(); - } catch (e) { - error = e; - } - - expect(error.message).toEqual('Cannot fallback authenticationMode from API_AND_CONFIG_MAP to CONFIG_MAP'); - }); test('fails from API to undefined', async () => { const handler = new ClusterResourceHandler(mocks.client, mocks.newRequest('Update', { accessConfig: { authenticationMode: undefined }, @@ -635,21 +620,6 @@ describe('cluster resource provider', () => { expect(error.message).toEqual('Cannot fallback authenticationMode from API to API_AND_CONFIG_MAP'); }); - test('fails from API to CONFIG_MAP', async () => { - const handler = new ClusterResourceHandler(mocks.client, mocks.newRequest('Update', { - accessConfig: { authenticationMode: 'CONFIG_MAP' }, - }, { - accessConfig: { authenticationMode: 'API' }, - })); - let error: any; - try { - await handler.onEvent(); - } catch (e) { - error = e; - } - - expect(error.message).toEqual('Cannot fallback authenticationMode from API to CONFIG_MAP'); - }); test('fails from undefined to API', async () => { const handler = new ClusterResourceHandler(mocks.client, mocks.newRequest('Update', { accessConfig: { authenticationMode: 'API' }, diff --git a/packages/aws-cdk-lib/aws-logs/README.md b/packages/aws-cdk-lib/aws-logs/README.md index 07863d584b932..f5cee1f441a08 100644 --- a/packages/aws-cdk-lib/aws-logs/README.md +++ b/packages/aws-cdk-lib/aws-logs/README.md @@ -441,6 +441,29 @@ new logs.LogGroup(this, 'LogGroupLambda', { }); ``` +## Field Index Policies + +Creates or updates a field index policy for the specified log group. You can use field index policies to create field indexes on fields found in log events in the log group. Creating field indexes lowers the costs for CloudWatch Logs Insights queries that reference those field indexes, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields that have high cardinality of values. + +For more information, see [Create field indexes to improve query performance and reduce costs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html). + +Only log groups in the Standard log class support field index policies. +Currently, this array supports only one field index policy object. + +Example: + +```ts + +const fieldIndexPolicy = new logs.FieldIndexPolicy({ + fields: ['Operation', 'RequestId'], +}); + +new logs.LogGroup(this, 'LogGroup', { + logGroupName: 'cdkIntegLogGroup', + fieldIndexPolicies: [fieldIndexPolicy], +}); +``` + ## Notes Be aware that Log Group ARNs will always have the string `:*` appended to diff --git a/packages/aws-cdk-lib/aws-logs/lib/field-index-policy.ts b/packages/aws-cdk-lib/aws-logs/lib/field-index-policy.ts new file mode 100644 index 0000000000000..2df85826a866c --- /dev/null +++ b/packages/aws-cdk-lib/aws-logs/lib/field-index-policy.ts @@ -0,0 +1,34 @@ +import { Construct } from 'constructs'; + +/** + * Creates a field index policy for CloudWatch Logs log groups. + */ +export class FieldIndexPolicy { + private readonly fieldIndexPolicyProps: FieldIndexPolicyProps; + + constructor(props: FieldIndexPolicyProps) { + if (props.fields.length > 20) { + throw new Error('A maximum of 20 fields can be indexed per log group'); + } + this.fieldIndexPolicyProps = props; + } + + /** + * @internal + */ + public _bind(_scope: Construct) { + return { Fields: this.fieldIndexPolicyProps.fields }; + } +} + +/** + * Properties for creating field index policies + */ +export interface FieldIndexPolicyProps { + /** + * List of fields to index in log events. + * + * @default no fields + */ + readonly fields: string[]; +} diff --git a/packages/aws-cdk-lib/aws-logs/lib/index.ts b/packages/aws-cdk-lib/aws-logs/lib/index.ts index 71f2717cc4447..19981d33d8e7d 100644 --- a/packages/aws-cdk-lib/aws-logs/lib/index.ts +++ b/packages/aws-cdk-lib/aws-logs/lib/index.ts @@ -8,6 +8,7 @@ export * from './log-retention'; export * from './policy'; export * from './query-definition'; export * from './data-protection-policy'; +export * from './field-index-policy'; // AWS::Logs CloudFormation Resources: export * from './logs.generated'; diff --git a/packages/aws-cdk-lib/aws-logs/lib/log-group.ts b/packages/aws-cdk-lib/aws-logs/lib/log-group.ts index 9ed431de8d39a..ef1c71b477a01 100644 --- a/packages/aws-cdk-lib/aws-logs/lib/log-group.ts +++ b/packages/aws-cdk-lib/aws-logs/lib/log-group.ts @@ -1,5 +1,6 @@ import { Construct } from 'constructs'; import { DataProtectionPolicy } from './data-protection-policy'; +import { FieldIndexPolicy } from './field-index-policy'; import { LogStream } from './log-stream'; import { CfnLogGroup } from './logs.generated'; import { MetricFilter } from './metric-filter'; @@ -506,6 +507,13 @@ export interface LogGroupProps { */ readonly dataProtectionPolicy?: DataProtectionPolicy; + /** + * Field Index Policies for this log group. + * + * @default - no field index policies for this log group. + */ + readonly fieldIndexPolicies?: FieldIndexPolicy[]; + /** * How long, in days, the log contents will be retained. * @@ -630,6 +638,12 @@ export class LogGroup extends LogGroupBase { } const dataProtectionPolicy = props.dataProtectionPolicy?._bind(this); + const fieldIndexPolicies: any[] = []; + if (props.fieldIndexPolicies) { + props.fieldIndexPolicies.forEach((fieldIndexPolicy) => { + fieldIndexPolicies.push(fieldIndexPolicy._bind(this)); + }); + } const resource = new CfnLogGroup(this, 'Resource', { kmsKeyId: props.encryptionKey?.keyArn, @@ -643,6 +657,7 @@ export class LogGroup extends LogGroupBase { Statement: dataProtectionPolicy?.statement, Configuration: dataProtectionPolicy?.configuration, } : undefined, + ...(props.fieldIndexPolicies && { fieldIndexPolicies: fieldIndexPolicies }), }); resource.applyRemovalPolicy(props.removalPolicy); diff --git a/packages/aws-cdk-lib/aws-logs/test/loggroup.test.ts b/packages/aws-cdk-lib/aws-logs/test/loggroup.test.ts index c12a7570253bd..722c5ba301597 100644 --- a/packages/aws-cdk-lib/aws-logs/test/loggroup.test.ts +++ b/packages/aws-cdk-lib/aws-logs/test/loggroup.test.ts @@ -4,7 +4,7 @@ import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; import { Bucket } from '../../aws-s3'; import { App, CfnParameter, Fn, RemovalPolicy, Stack } from '../../core'; -import { LogGroup, RetentionDays, LogGroupClass, DataProtectionPolicy, DataIdentifier, CustomDataIdentifier, ILogGroup, ILogSubscriptionDestination, FilterPattern } from '../lib'; +import { LogGroup, RetentionDays, LogGroupClass, DataProtectionPolicy, DataIdentifier, CustomDataIdentifier, ILogGroup, ILogSubscriptionDestination, FilterPattern, FieldIndexPolicy } from '../lib'; describe('log group', () => { test('set kms key when provided', () => { @@ -921,6 +921,66 @@ describe('log group', () => { }); }); +test('set field index policy with four fields indexed', () => { + // GIVEN + const stack = new Stack(); + + const fieldIndexPolicy = new FieldIndexPolicy({ + fields: ['Operation', 'RequestId', 'timestamp', 'message'], + }); + + // WHEN + const logGroupName = 'test-field-index-log-group'; + new LogGroup(stack, 'LogGroup', { + logGroupName: logGroupName, + fieldIndexPolicies: [fieldIndexPolicy], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Logs::LogGroup', { + LogGroupName: logGroupName, + FieldIndexPolicies: [{ + Fields: [ + 'Operation', + 'RequestId', + 'timestamp', + 'message', + ], + }], + }); +}); + +test('set more than 20 field indexes in a field index policy', () => { + let message; + try { + // GIVEN + const stack = new Stack(); + const fieldIndexPolicy = new FieldIndexPolicy({ + fields: createMoreThan20FieldIndexes(), + }); + + // WHEN + const logGroupName = 'test-field-multiple-field-index-policies'; + new LogGroup(stack, 'LogGroup', { + logGroupName: logGroupName, + fieldIndexPolicies: [fieldIndexPolicy], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Logs::LogGroup', { + LogGroupName: logGroupName, + FieldIndexPolicies: [{ + Fields: ['abc'], + }], + }); + } catch (e) { + message = (e as Error).message; + } + + expect(message).toBeDefined(); + expect(message).toEqual('A maximum of 20 fields can be indexed per log group'); +}); + describe('subscription filter', () => { test('add subscription filter with custom name', () => { // GIVEN @@ -953,6 +1013,14 @@ function dataDrivenTests(cases: string[], body: (suffix: string) => void): void } } +function createMoreThan20FieldIndexes(): string[] { + let arr: string[] = []; + for (let i = 0; i < 23; i++) { + arr.push('abc' + i.toString()); + } + return arr; +} + class FakeDestination implements ILogSubscriptionDestination { public bind(_scope: Construct, _sourceLogGroup: ILogGroup) { return { diff --git a/packages/aws-cdk-lib/core/lib/analytics-data-source/classes.ts b/packages/aws-cdk-lib/core/lib/analytics-data-source/classes.ts index bc7f406b4a9fb..83955bea90eb1 100644 --- a/packages/aws-cdk-lib/core/lib/analytics-data-source/classes.ts +++ b/packages/aws-cdk-lib/core/lib/analytics-data-source/classes.ts @@ -1549,14 +1549,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'notificationTarget': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'playerLatencyPolicies': { 'maximumIndividualPlayerLatency': '*' @@ -1605,14 +1609,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'notificationTarget': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'requestTimeout': '*', 'ruleSet': { @@ -1669,14 +1677,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'notificationTarget': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'requestTimeout': '*', 'ruleSet': { @@ -2394,14 +2406,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'deadLetterTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'tracing': 'Tracing', 'snapStart': '*', @@ -2664,14 +2680,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'deadLetterTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'tracing': 'Tracing', 'snapStart': '*', @@ -3451,7 +3471,17 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'logIncludeExecutionData': 'IncludeExecutionData', 'description': '*', 'desiredState': 'DesiredState', - 'tags': '*' + 'tags': '*', + 'kmsKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' + } } }, '@aws-cdk.aws-redshift-alpha': { @@ -4639,6 +4669,10 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'policy': '*' } ], + 'grantClusterAdmin': [ + '*', + '*' + ], 'getServiceLoadBalancerAddress': [ '*', { @@ -4702,6 +4736,10 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'notificationsTopic': { 'topicArn': '*', 'topicName': '*', + 'masterKey': { + 'keyArn': '*', + 'keyId': '*' + }, 'contentBasedDeduplication': 'boolean', 'fifo': 'boolean' }, @@ -4724,6 +4762,7 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'associatePublicIpAddress': 'boolean', 'spotPrice': '*', 'healthCheck': '*', + 'healthChecks': '*', 'blockDevices': { 'deviceName': '*', 'volume': '*', @@ -6279,12 +6318,6 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { } }, 'apiKeySourceType': 'ApiKeySourceType', - 'endpointConfiguration': { - 'types': 'EndpointType', - 'vpcEndpoints': { - 'vpcEndpointId': '*' - } - }, 'deploy': 'boolean', 'deployOptions': { 'stageName': '*', @@ -6344,6 +6377,12 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'cloudWatchRoleRemovalPolicy': 'RemovalPolicy', 'endpointExportName': '*', 'endpointTypes': 'EndpointType', + 'endpointConfiguration': { + 'types': 'EndpointType', + 'vpcEndpoints': { + 'vpcEndpointId': '*' + } + }, 'disableExecuteApiEndpoint': 'boolean', 'description': '*' }, @@ -6405,18 +6444,6 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { } }, 'apiKeySourceType': 'ApiKeySourceType', - 'endpointConfiguration': { - 'types': 'EndpointType', - 'vpcEndpoints': { - 'vpcEndpointId': '*', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' - }, - 'node': '*' - } - }, 'deploy': 'boolean', 'deployOptions': { 'stageName': '*', @@ -6483,6 +6510,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'cloudWatchRoleRemovalPolicy': 'RemovalPolicy', 'endpointExportName': '*', 'endpointTypes': 'EndpointType', + 'endpointConfiguration': { + 'types': 'EndpointType', + 'vpcEndpoints': { + 'vpcEndpointId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' + } + }, 'disableExecuteApiEndpoint': 'boolean', 'description': '*', 'defaultIntegration': '*', @@ -7660,6 +7699,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'cloudWatchRoleRemovalPolicy': 'RemovalPolicy', 'endpointExportName': '*', 'endpointTypes': 'EndpointType', + 'endpointConfiguration': { + 'types': 'EndpointType', + 'vpcEndpoints': { + 'vpcEndpointId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' + } + }, 'disableExecuteApiEndpoint': 'boolean', 'description': '*', 'addToResourcePolicy': [ @@ -7725,18 +7776,6 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { } }, 'apiKeySourceType': 'ApiKeySourceType', - 'endpointConfiguration': { - 'types': 'EndpointType', - 'vpcEndpoints': { - 'vpcEndpointId': '*', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' - }, - 'node': '*' - } - }, 'deploy': 'boolean', 'deployOptions': { 'stageName': '*', @@ -7803,6 +7842,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'cloudWatchRoleRemovalPolicy': 'RemovalPolicy', 'endpointExportName': '*', 'endpointTypes': 'EndpointType', + 'endpointConfiguration': { + 'types': 'EndpointType', + 'vpcEndpoints': { + 'vpcEndpointId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' + } + }, 'disableExecuteApiEndpoint': 'boolean', 'description': '*', 'defaultIntegration': '*', @@ -8041,18 +8092,6 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { } }, 'apiKeySourceType': 'ApiKeySourceType', - 'endpointConfiguration': { - 'types': 'EndpointType', - 'vpcEndpoints': { - 'vpcEndpointId': '*', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' - }, - 'node': '*' - } - }, 'deploy': 'boolean', 'deployOptions': { 'stageName': '*', @@ -8119,6 +8158,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'cloudWatchRoleRemovalPolicy': 'RemovalPolicy', 'endpointExportName': '*', 'endpointTypes': 'EndpointType', + 'endpointConfiguration': { + 'types': 'EndpointType', + 'vpcEndpoints': { + 'vpcEndpointId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' + } + }, 'disableExecuteApiEndpoint': 'boolean', 'description': '*', 'defaultIntegration': '*', @@ -9118,27 +9169,35 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'notificationsTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'notifications': { 'topic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'scalingEvents': '*' }, @@ -9160,6 +9219,7 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'associatePublicIpAddress': 'boolean', 'spotPrice': '*', 'healthCheck': '*', + 'healthChecks': '*', 'blockDevices': { 'deviceName': '*', 'volume': '*', @@ -9418,14 +9478,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'notificationTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'notificationEvents': 'BackupVaultEvents', 'removalPolicy': 'RemovalPolicy', @@ -10141,14 +10205,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'notificationTopics': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'loggingLevel': 'LoggingLevel', 'logRetention': 'RetentionDays', @@ -10181,14 +10249,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' } ] } @@ -10975,14 +11047,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'snsTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'trailName': '*', 's3KeyPrefix': '*', @@ -12271,14 +12347,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'topics': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'configRuleName': '*', 'description': '*', @@ -14261,6 +14341,7 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'associatePublicIpAddress': 'boolean', 'spotPrice': '*', 'healthCheck': '*', + 'healthChecks': '*', 'blockDevices': { 'deviceName': '*', 'volume': '*', @@ -14432,6 +14513,7 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'associatePublicIpAddress': 'boolean', 'spotPrice': '*', 'healthCheck': '*', + 'healthChecks': '*', 'blockDevices': { 'deviceName': '*', 'volume': '*', @@ -15282,6 +15364,10 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'notificationsTopic': { 'topicArn': '*', 'topicName': '*', + 'masterKey': { + 'keyArn': '*', + 'keyId': '*' + }, 'contentBasedDeduplication': 'boolean', 'fifo': 'boolean' }, @@ -15304,6 +15390,7 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'associatePublicIpAddress': 'boolean', 'spotPrice': '*', 'healthCheck': '*', + 'healthChecks': '*', 'blockDevices': { 'deviceName': '*', 'volume': '*', @@ -17060,6 +17147,9 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { ] } }, + 'aws-cdk-lib.aws-inspector': { + 'AssessmentTemplate': {} + }, 'aws-cdk-lib.aws-kinesis': { 'ResourcePolicy': { 'stream': { @@ -17658,14 +17748,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'deadLetterTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'tracing': 'Tracing', 'snapStart': '*', @@ -17977,14 +18071,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'deadLetterTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'tracing': 'Tracing', 'snapStart': '*', @@ -18334,14 +18432,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'deadLetterTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'tracing': 'Tracing', 'snapStart': '*', @@ -18679,14 +18781,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'deadLetterTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'tracing': 'Tracing', 'snapStart': '*', @@ -18978,7 +19084,15 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'dataNodeInstanceType': '*', 'warmNodes': '*', 'warmInstanceType': '*', - 'multiAzWithStandbyEnabled': 'boolean' + 'multiAzWithStandbyEnabled': 'boolean', + 'nodeOptions': { + 'nodeType': 'NodeType', + 'nodeConfig': { + 'enabled': 'boolean', + 'type': '*', + 'count': '*' + } + } }, 'zoneAwareness': { 'enabled': 'boolean', @@ -19269,6 +19383,7 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { }, 'DatabaseCluster': { 'credentials': '*', + 'replicationSourceIdentifier': '*', 'engine': { 'singleUserRotationApplication': '*', 'supportedLogTypes': '*', @@ -23047,14 +23162,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'topics': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'policyDocument': '*', 'enforceSSL': 'boolean' @@ -23063,14 +23182,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'topic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'protocol': 'SubscriptionProtocol', 'endpoint': '*', @@ -23841,14 +23964,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'deadLetterTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'tracing': 'Tracing', 'snapStart': '*', @@ -25484,14 +25611,18 @@ export const AWS_CDK_CONSTRUCTOR_PROPS: { [key: string]: any } = { 'deadLetterTopic': { 'topicArn': '*', 'topicName': '*', - 'contentBasedDeduplication': 'boolean', - 'fifo': 'boolean', - 'stack': '*', - 'env': { - 'account': '*', - 'region': '*' + 'masterKey': { + 'keyArn': '*', + 'keyId': '*', + 'stack': '*', + 'env': { + 'account': '*', + 'region': '*' + }, + 'node': '*' }, - 'node': '*' + 'contentBasedDeduplication': 'boolean', + 'fifo': 'boolean' }, 'tracing': 'Tracing', 'snapStart': '*', diff --git a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts index 1ea3e01135c06..20182a2d12e8f 100644 --- a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts +++ b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts @@ -70,6 +70,11 @@ export const AWS_CDK_ENUMS: { [key: string]: any } = { 'ON_DEPLOYMENT_ROLLED_BACK', 'AT_DEPLOYMENT_TICK' ], + 'AdditionalHealthCheckType': [ + 'ELB', + 'EBS', + 'VPC_LATTICE' + ], 'AddressFamily': [ 'IPv4', 'IPv6' @@ -1129,7 +1134,9 @@ export const AWS_CDK_ENUMS: { [key: string]: any } = { 's3:ObjectTagging:*', 's3:ObjectTagging:Put', 's3:ObjectTagging:Delete', - 's3:ObjectAcl:Put' + 's3:ObjectAcl:Put', + 's3:ObjectRestore:*', + 's3:Replication:*' ], 'ExecuteCommandLogging': [ 'NONE', @@ -2311,10 +2318,7 @@ export const AWS_CDK_ENUMS: { [key: string]: any } = { 'DUAL' ], 'NodeType': [ - 'Standard', - 'GPU', - 'INFERENTIA', - 'TRAINIUM' + 'coordinator' ], 'NodegroupAmiType': [ 'AL2_x86_64', @@ -2973,7 +2977,9 @@ export const AWS_CDK_ENUMS: { [key: string]: any } = { 'comprehend', 'kafka', 'elasticache', - 'neptune' + 'neptune', + 'cassandra', + 'workspaces' ], 'Shading': [ 'none', diff --git a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enumlikes.json b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enumlikes.json index be9969be14bb2..c120dd4a563ed 100644 --- a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enumlikes.json +++ b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enumlikes.json @@ -661,7 +661,11 @@ "KeyAlgorithm": [ "RSA_2048", "EC_PRIME256V1", - "EC_SECP384R1" + "EC_SECP384R1", + "EC_SECP521R1", + "RSA_4096", + "RSA_3072", + "RSA_1024" ] }, "aws-cdk/packages/aws-cdk-lib/aws-cloudfront/lib/cache-policy.ts": { @@ -1433,6 +1437,10 @@ "BEDROCK_AGENT", "BEDROCK_AGENT_RUNTIME", "BEDROCK_RUNTIME", + "BEDROCK_DATA_AUTOMATION", + "BEDROCK_DATA_AUTOMATION_FIPS", + "BEDROCK_DATA_AUTOMATION_RUNTIME", + "BEDROCK_DATA_AUTOMATION_RUNTIME_FIPS", "BILLING", "BILLING_AND_COST_MANAGEMENT_FREETIER", "BILLING_AND_COST_MANAGEMENT_TAX", @@ -1817,7 +1825,8 @@ "aws-cdk/packages/aws-cdk-lib/aws-ecr/lib/repository.ts": { "RepositoryEncryption": [ "AES_256", - "KMS" + "KMS", + "KMS_DSSE" ] }, "aws-cdk/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts": { @@ -1944,7 +1953,8 @@ "GZIP", "HADOOP_SNAPPY", "SNAPPY", - "ZIP" + "ZIP", + "UNCOMPRESSED" ] }, "aws-cdk/packages/aws-cdk-lib/aws-lambda/lib/adot-layers.ts": { @@ -2075,6 +2085,7 @@ "JAVA_21", "DOTNET_6", "DOTNET_8", + "DOTNET_9", "DOTNET_CORE_1", "DOTNET_CORE_2", "DOTNET_CORE_2_1", diff --git a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enums.json b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enums.json index cea0e5fae6aba..2c2918992605b 100644 --- a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enums.json +++ b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enums.json @@ -9,7 +9,8 @@ ], "Platform": [ "WEB", - "WEB_COMPUTE" + "WEB_COMPUTE", + "WEB_DYNAMIC" ], "CacheConfigType": [ "AMPLIFY_MANAGED", @@ -186,7 +187,8 @@ ], "CapacityType": [ "SPOT", - "ON_DEMAND" + "ON_DEMAND", + "CAPACITY_BLOCK" ], "TaintEffect": [ "NO_SCHEDULE", @@ -1112,7 +1114,9 @@ "comprehend", "kafka", "elasticache", - "neptune" + "neptune", + "cassandra", + "workspaces" ] }, "aws-cdk/packages/aws-cdk-lib/aws-applicationautoscaling/lib/step-scaling-action.ts": { @@ -1331,6 +1335,11 @@ "HealthCheckType": [ "EC2", "ELB" + ], + "AdditionalHealthCheckType": [ + "ELB", + "EBS", + "VPC_LATTICE" ] }, "aws-cdk/packages/aws-cdk-lib/aws-autoscaling/lib/lifecycle-hook.ts": { @@ -3980,7 +3989,8 @@ "aws-cdk/packages/aws-cdk-lib/aws-fsx/lib/file-system.ts": { "StorageType": [ "SSD", - "HDD" + "HDD", + "INTELLIGENT_TIERING" ] }, "aws-cdk/packages/aws-cdk-lib/aws-fsx/lib/lustre-file-system.ts": { @@ -4300,6 +4310,9 @@ "IpAddressType": [ "ipv4", "dualstack" + ], + "NodeType": [ + "coordinator" ] }, "aws-cdk/packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts": { @@ -4550,7 +4563,9 @@ "s3:ObjectTagging:*", "s3:ObjectTagging:Put", "s3:ObjectTagging:Delete", - "s3:ObjectAcl:Put" + "s3:ObjectAcl:Put", + "s3:ObjectRestore:*", + "s3:Replication:*" ], "BucketAccessControl": [ "Private", diff --git a/packages/aws-cdk-lib/core/lib/asset-staging.ts b/packages/aws-cdk-lib/core/lib/asset-staging.ts index e4dc76f269acb..cdbad86025ca3 100644 --- a/packages/aws-cdk-lib/core/lib/asset-staging.ts +++ b/packages/aws-cdk-lib/core/lib/asset-staging.ts @@ -438,19 +438,23 @@ export class AssetStaging extends Construct { private bundle(options: BundlingOptions, bundleDir: string) { if (fs.existsSync(bundleDir)) { return; } - fs.ensureDirSync(bundleDir); + const tempDir = `${bundleDir}-building`; + // Remove the tempDir if it exists, then recreate it + fs.rmSync(tempDir, { recursive: true, force: true }); + + fs.ensureDirSync(tempDir); // Chmod the bundleDir to full access. - fs.chmodSync(bundleDir, 0o777); + fs.chmodSync(tempDir, 0o777); let localBundling: boolean | undefined; try { process.stderr.write(`Bundling asset ${this.node.path}...\n`); - localBundling = options.local?.tryBundle(bundleDir, options); + localBundling = options.local?.tryBundle(tempDir, options); if (!localBundling) { const assetStagingOptions = { sourcePath: this.sourcePath, - bundleDir, + bundleDir: tempDir, ...options, }; @@ -464,18 +468,11 @@ export class AssetStaging extends Construct { break; } } - } catch (err) { - // When bundling fails, keep the bundle output for diagnosability, but - // rename it out of the way so that the next run doesn't assume it has a - // valid bundleDir. - const bundleErrorDir = bundleDir + '-error'; - if (fs.existsSync(bundleErrorDir)) { - // Remove the last bundleErrorDir. - fs.removeSync(bundleErrorDir); - } - fs.renameSync(bundleDir, bundleErrorDir); - throw new Error(`Failed to bundle asset ${this.node.path}, bundle output is located at ${bundleErrorDir}: ${err}`); + // Success, rename the tempDir into place + fs.renameSync(tempDir, bundleDir); + } catch (err) { + throw new Error(`Failed to bundle asset ${this.node.path}, bundle output is located at ${tempDir}: ${err}`); } if (FileSystem.isEmpty(bundleDir)) { diff --git a/packages/aws-cdk-lib/core/lib/assets.ts b/packages/aws-cdk-lib/core/lib/assets.ts index 7d4c3139b2380..49fa0c8730b46 100644 --- a/packages/aws-cdk-lib/core/lib/assets.ts +++ b/packages/aws-cdk-lib/core/lib/assets.ts @@ -53,8 +53,6 @@ export interface AssetOptions { * * @default - uploaded as-is to S3 if the asset is a regular file or a .zip file, * archived into a .zip file and uploaded to S3 otherwise - * - * */ readonly bundling?: BundlingOptions; } diff --git a/packages/aws-cdk-lib/core/test/app-that-is-interrupted-during-staging.ts b/packages/aws-cdk-lib/core/test/app-that-is-interrupted-during-staging.ts new file mode 100644 index 0000000000000..381e4694142f7 --- /dev/null +++ b/packages/aws-cdk-lib/core/test/app-that-is-interrupted-during-staging.ts @@ -0,0 +1,22 @@ +/** + * This is a CDK app that is guaranteed to kill itself during bundling + */ +import * as path from 'path'; +import { App, AssetStaging, DockerImage, Stack } from '../lib'; + +const app = new App(); +const stack = new Stack(app, 'stack'); +const directory = path.join(__dirname, 'fs', 'fixtures', 'test1'); + +const pid = process.pid; + +// WHEN +new AssetStaging(stack, 'Asset', { + sourcePath: directory, + bundling: { + image: DockerImage.fromRegistry('alpine'), + command: ['DOCKER_STUB_EXEC', 'kill', `${pid}`], + }, +}); + +app.synth(); diff --git a/packages/aws-cdk-lib/core/test/docker-stub.sh b/packages/aws-cdk-lib/core/test/docker-stub.sh index 2bb0934e7d304..c55b1c9aaf7c6 100755 --- a/packages/aws-cdk-lib/core/test/docker-stub.sh +++ b/packages/aws-cdk-lib/core/test/docker-stub.sh @@ -49,5 +49,14 @@ if echo "$@" | grep "DOCKER_STUB_SINGLE_FILE"; then exit 0 fi -echo "Docker mock only supports one of the following commands: DOCKER_STUB_SUCCESS_NO_OUTPUT,DOCKER_STUB_FAIL,DOCKER_STUB_SUCCESS,DOCKER_STUB_MULTIPLE_FILES,DOCKER_SINGLE_ARCHIVE" +if echo "$@" | grep "DOCKER_STUB_EXEC"; then + while [[ "$1" != "DOCKER_STUB_EXEC" ]]; do + shift + done + shift + + exec "$@" # Execute what's left +fi + +echo "Docker mock only supports one of the following commands: DOCKER_STUB_SUCCESS_NO_OUTPUT,DOCKER_STUB_FAIL,DOCKER_STUB_SUCCESS,DOCKER_STUB_MULTIPLE_FILES,DOCKER_SINGLE_ARCHIVE,DOCKER_STUB_EXEC, got '$@'" exit 1 diff --git a/packages/aws-cdk-lib/core/test/staging.test.ts b/packages/aws-cdk-lib/core/test/staging.test.ts index e4c21a3415611..c9208ea23a59b 100644 --- a/packages/aws-cdk-lib/core/test/staging.test.ts +++ b/packages/aws-cdk-lib/core/test/staging.test.ts @@ -1,3 +1,4 @@ +import { execSync } from 'child_process'; import * as os from 'os'; import * as path from 'path'; import { testDeprecated } from '@aws-cdk/cdk-build-tools'; @@ -610,13 +611,13 @@ describe('staging', () => { image: DockerImage.fromRegistry('alpine'), command: [DockerStubCommand.FAIL], }, - })).toThrow(/Failed.*bundl.*asset.*-error/); + })).toThrow(/Failed.*bundl.*asset.*-building/); // THEN const assembly = app.synth(); const dir = fs.readdirSync(assembly.directory); - expect(dir.some(entry => entry.match(/asset.*-error/))).toEqual(true); + expect(dir.some(entry => entry.match(/asset.*-building/))).toEqual(true); }); test('bundler re-uses assets from previous synths', () => { @@ -675,6 +676,44 @@ describe('staging', () => { ]); }); + test('if bundling is interrupted, target asset directory is not produced', () => { + // GIVEN + const TEST_OUTDIR = path.join(__dirname, 'cdk.out'); + if (fs.existsSync(TEST_OUTDIR)) { + fs.removeSync(TEST_OUTDIR); + } + + // WHEN + try { + execSync(`npx ts-node ${__dirname}/app-that-is-interrupted-during-staging.ts`, { + env: { + ...process.env, + CDK_OUTDIR: TEST_OUTDIR, + }, + }); + throw new Error('We expected the above command to fail'); + } catch (e) { + // We expect the command to be terminated with a signal, which sometimes shows + // as 'signal' is set to SIGTERM, and on some Linuxes as exitCode = 128 + 15 = 143 + if (e.signal === 'SIGTERM' || e.status === 143) { + // pass + } else { + throw e; + } + } + + // THEN + const generatedFiles = fs.readdirSync(TEST_OUTDIR); + // We expect a 'building' asset directory... + expect(generatedFiles).toContainEqual( + expect.stringMatching(/^asset\.[0-9a-f]+-building$/), + ); + // ...not a complete asset directory + expect(generatedFiles).not.toContainEqual( + expect.stringMatching(/^asset\.[0-9a-f]+$/), + ); + }); + test('bundler re-uses assets from previous synths, ignoring tokens', () => { // GIVEN const TEST_OUTDIR = path.join(__dirname, 'cdk.out'); diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index dce87ce47a996..fa116b8dc8daa 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -90,7 +90,7 @@ Flags come in three types: | [@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections](#aws-cdkaws-iamoidcrejectunauthorizedconnections) | When enabled, the default behaviour of OIDC provider will reject unauthorized connections | 2.177.0 | (fix) | | [@aws-cdk/core:enableAdditionalMetadataCollection](#aws-cdkcoreenableadditionalmetadatacollection) | When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues. | 2.178.0 | (config) | | [@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy](#aws-cdkaws-lambdacreatenewpolicieswithaddtorolepolicy) | When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement | 2.180.0 | (fix) | -| [@aws-cdk/aws-s3:setUniqueReplicationRoleName](#aws-cdkaws-s3setuniquereplicationrolename) | When enabled, CDK will automatically generate a unique role name that is used for s3 object replication. | V2NEXT | (fix) | +| [@aws-cdk/aws-s3:setUniqueReplicationRoleName](#aws-cdkaws-s3setuniquereplicationrolename) | When enabled, CDK will automatically generate a unique role name that is used for s3 object replication. | 2.182.0 | (fix) | @@ -1719,7 +1719,7 @@ When disabled, 'CDKReplicationRole' is always specified. | Since | Default | Recommended | | ----- | ----- | ----- | | (not in v1) | | | -| V2NEXT | `false` | `true` | +| 2.182.0 | `false` | `true` | diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index dac42aedaf8a1..891a8d066c932 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -1407,7 +1407,7 @@ export const FLAGS: Record = { When this feature flag is enabled, a unique role name is specified only when performing cross-account replication. When disabled, 'CDKReplicationRole' is always specified. `, - introducedIn: { v2: 'V2NEXT' }, + introducedIn: { v2: '2.182.0' }, recommendedValue: true, }, }; diff --git a/packages/aws-cdk-lib/recommended-feature-flags.json b/packages/aws-cdk-lib/recommended-feature-flags.json index 5008c39cb1146..6b0c08c274974 100644 --- a/packages/aws-cdk-lib/recommended-feature-flags.json +++ b/packages/aws-cdk-lib/recommended-feature-flags.json @@ -65,5 +65,6 @@ "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true, "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true, "@aws-cdk/core:enableAdditionalMetadataCollection": true, - "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": true + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": true, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true } \ No newline at end of file diff --git a/version.v2.json b/version.v2.json index 35cf70297852f..5d5dba2c96a21 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.181.1", - "alphaVersion": "2.181.1-alpha.0" + "version": "2.182.0", + "alphaVersion": "2.182.0-alpha.0" } \ No newline at end of file