diff --git a/.github/workflows/github-merit-badger.yml b/.github/workflows/github-merit-badger.yml index 75f641c9383c8..65492d037bc91 100644 --- a/.github/workflows/github-merit-badger.yml +++ b/.github/workflows/github-merit-badger.yml @@ -17,4 +17,4 @@ jobs: badges: '[beginning-contributor,repeat-contributor,valued-contributor,admired-contributor,star-contributor,distinguished-contributor]' thresholds: '[0,3,6,13,25,50]' badge-type: 'achievement' - ignore-usernames: '[rix0rrr,iliapolo,otaviomacedo,kaizencc,comcalvi,TheRealAmazonKendra,vinayak-kukreja,mrgrain,pahud,cgarvis,kellertk,ashishdhingra,HBobertz,sumupitchayan,SankyRed,udaypant,colifran,khushail,scanlonp,mikewrighton,moelasmar,paulhcsun,awsmjs,evgenyka,GavinZZ,aaythapa,xazhao,ConnorRobertson,ssenchenko,gracelu0,jfuss,SimonCMoore,shikha372,kirtishrinkhala,godwingrs22,bergjaak,IanKonlog,Leo10Gama,samson-keung,scorbiere,michelle-wangg,jiayiwang7,aws-cdk-automation,dependabot[bot],mergify[bot]]' + ignore-usernames: '[rix0rrr,iliapolo,otaviomacedo,kaizencc,comcalvi,TheRealAmazonKendra,vinayak-kukreja,mrgrain,pahud,cgarvis,kellertk,ashishdhingra,HBobertz,sumupitchayan,SankyRed,udaypant,colifran,khushail,scanlonp,mikewrighton,moelasmar,paulhcsun,awsmjs,evgenyka,GavinZZ,aaythapa,xazhao,ConnorRobertson,ssenchenko,gracelu0,jfuss,SimonCMoore,shikha372,kirtishrinkhala,godwingrs22,bergjaak,IanKonlog,Leo10Gama,samson-keung,scorbiere,michelle-wangg,jiayiwang7,1kaileychen,aws-cdk-automation,dependabot[bot],mergify[bot]]' diff --git a/.mergify.yml b/.mergify.yml index d895d5ee87938..51c56adf1f83b 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -11,7 +11,7 @@ pull_request_rules: label: add: [ contribution/core ] conditions: - - author~=^(rix0rrr|iliapolo|otaviomacedo|kaizencc|comcalvi|TheRealAmazonKendra|vinayak-kukreja|mrgrain|pahud|ashishdhingra|cgarvis|kellertk|HBobertz|sumupitchayan|SankyRed|udaypant|colifran|scanlonp|mikewrighton|moelasmar|paulhcsun|awsmjs|evgenyka|GavinZZ|aaythapa|xazhao|ConnorRobertson|ssenchenko|gracelu0|jfuss|SimonCMoore|shikha372|kirtishrinkhala|godwingrs22|bergjaak|samson-keung|IanKonlog|Leo10Gama|scorbiere|michelle-wangg|jiayiwang7)$ + - author~=^(rix0rrr|iliapolo|otaviomacedo|kaizencc|comcalvi|TheRealAmazonKendra|vinayak-kukreja|mrgrain|pahud|ashishdhingra|cgarvis|kellertk|HBobertz|sumupitchayan|SankyRed|udaypant|colifran|scanlonp|mikewrighton|moelasmar|paulhcsun|awsmjs|evgenyka|GavinZZ|aaythapa|xazhao|ConnorRobertson|ssenchenko|gracelu0|jfuss|SimonCMoore|shikha372|kirtishrinkhala|godwingrs22|bergjaak|samson-keung|IanKonlog|Leo10Gama|scorbiere|michelle-wangg|jiayiwang7|1kaileychen)$ - -label~="contribution/core" - name: automatic merge actions: diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index ed2a67f5a9f34..8328af6ac86ee 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,47 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.159.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.158.0-alpha.0...v2.159.0-alpha.0) (2024-09-18) + + +### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES + +* **kinesisfirehose-alpha:** `encryptionKey` property is removed and `encryption` property type has changed from the `StreamEncryption` enum to the `StreamEncryption` class. + +To pass in a KMS key for the customer managed key case, use `StreamEncryption.customerManagedKey(key)` + +#### Details +Replaced `encryption` and `encryptionKey` properties with a single property `encryption` of type `StreamEncryption` and is used by calling one of the 3 methods: +```ts +SreamEncryption.unencrypted() +StreamEncryption.awsOwnedKey() +StreamEncryption.customerManagedKey(key?: IKey) +``` + +This makes it so it's not longer possible to pass in a key when the encryption type is AWS owned or unencrypted. The `key` is an optional parameter in `StreamEncryption.customerManagedKey(key?: IKey)` so following the previous behaviour, if a key is provided it will be used, otherwise a key will be created for the user. +### Description of how you validated changes + +Generated templates do not change so behaviour remains the same. + +Updated integ/unit tests. + +### Checklist +- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) + +### Features + +* **ivs:** support RTMP ingest for IVS channel ([#31380](https://github.com/aws/aws-cdk/issues/31380)) ([a907a7e](https://github.com/aws/aws-cdk/commit/a907a7eb0a54f51b6e77ff57cac278de9574eee2)) + + +### Bug Fixes + +* **ec2:** fixing vpc endpoint pattern for ecr and ecr docker ([#31434](https://github.com/aws/aws-cdk/issues/31434)) ([95c49ab](https://github.com/aws/aws-cdk/commit/95c49abdfa4ad77a0c0fcb82a230778dcc2ea59a)) + + +### Miscellaneous Chores + +* **kinesisfirehose-alpha:** refactor encryption property to combine encryptionKey ([#31430](https://github.com/aws/aws-cdk/issues/31430)) ([8e92185](https://github.com/aws/aws-cdk/commit/8e9218525b606d72b2dfe55933fa1c515d26d386)) + ## [2.158.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.157.0-alpha.0...v2.158.0-alpha.0) (2024-09-11) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 2679320c10ffe..8307e278cda32 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,34 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.159.0](https://github.com/aws/aws-cdk/compare/v2.158.0...v2.159.0) (2024-09-18) + + +### Features + +* update L1 CloudFormation resource definitions ([#31484](https://github.com/aws/aws-cdk/issues/31484)) ([60ce351](https://github.com/aws/aws-cdk/commit/60ce351c16eda105ba3514508c00a6b05282384e)), closes [/docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2](https://github.com/aws//docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html/issues/cfn-ec2) [/docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2](https://github.com/aws//docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html/issues/cfn-ec2) [/docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2](https://github.com/aws//docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html/issues/cfn-ec2) [/docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2](https://github.com/aws//docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html/issues/cfn-ec2) +* **opensearch:** support OpenSearch version 2.15 ([#31398](https://github.com/aws/aws-cdk/issues/31398)) ([33eea3f](https://github.com/aws/aws-cdk/commit/33eea3f7f2e832d63dc2c1823c56f5e235c80076)) +* update L1 CloudFormation resource definitions ([#31460](https://github.com/aws/aws-cdk/issues/31460)) ([e220e90](https://github.com/aws/aws-cdk/commit/e220e90c879360447c5c1f6034213018d98ca636)) +* **apigatewayv2:** support for setting `routeSelectionExpression` for an HTTP API ([#31373](https://github.com/aws/aws-cdk/issues/31373)) ([36baf51](https://github.com/aws/aws-cdk/commit/36baf5172d3d70bb906a5dccbf28b22b1473ed11)), closes [#31104](https://github.com/aws/aws-cdk/issues/31104) +* **elasticloadbalancingv2:** alb dualstack without public ipv4 ([#30248](https://github.com/aws/aws-cdk/issues/30248)) ([4068af3](https://github.com/aws/aws-cdk/commit/4068af3c047bbd2351593aa107e69c1eb6001fc9)), closes [#30256](https://github.com/aws/aws-cdk/issues/30256) +* **events-target:** support Dead Letter Queue for Kinesis Stream Event Target ([#31435](https://github.com/aws/aws-cdk/issues/31435)) ([358f231](https://github.com/aws/aws-cdk/commit/358f231adb628b308c2240e99166fe1f0a83bee9)), closes [#31428](https://github.com/aws/aws-cdk/issues/31428) [#13600](https://github.com/aws/aws-cdk/issues/13600) +* **stepfunctions-tasks:** support idle timeout for EmrCreateCluster ([#31142](https://github.com/aws/aws-cdk/issues/31142)) ([432ffaf](https://github.com/aws/aws-cdk/commit/432ffafb8e06d695609ec3881b8fe7f24b4dc391)), closes [#29926](https://github.com/aws/aws-cdk/issues/29926) +* **vpcv2:** implementation of add gateway method ([#31224](https://github.com/aws/aws-cdk/issues/31224)) ([4b90bfc](https://github.com/aws/aws-cdk/commit/4b90bfc3cebcb38d312dcecc46bbfe856b39a44f)) + + +### Bug Fixes + +* **cli:** bootstrap respects qualifier from cdk.json ([#31410](https://github.com/aws/aws-cdk/issues/31410)) ([44134ad](https://github.com/aws/aws-cdk/commit/44134adfe8701c4e5b51ae3a34cd1d09f91735ec)), closes [#28249](https://github.com/aws/aws-cdk/issues/28249) +* **cli:** hotswapping appsync functions fails when API does not return function on the first page ([#31406](https://github.com/aws/aws-cdk/issues/31406)) ([0da4f43](https://github.com/aws/aws-cdk/commit/0da4f4347b0852b7eb7742504ae613a9c14b5958)), closes [/github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts#L23-L36](https://github.com/aws//github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts/issues/L23-L36) +* **cli:** release outdir lock when synth fails ([#30874](https://github.com/aws/aws-cdk/issues/30874)) ([b6ad97f](https://github.com/aws/aws-cdk/commit/b6ad97f4b4e1c185ddc53f60e15b0dabd8022694)), closes [#27864](https://github.com/aws/aws-cdk/issues/27864) +* **cognito:** deprecate privateKey and add privateKeyValue as typed SecureValue ([#31409](https://github.com/aws/aws-cdk/issues/31409)) ([7ee183d](https://github.com/aws/aws-cdk/commit/7ee183d788a71015fb5aeafeaee1fa8001cc44ad)), closes [/github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/google.ts#L28](https://github.com/aws//github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/google.ts/issues/L28) +* **ecs:** reduce ecs service task role cloudwatch permissions when no log configured (under feature flag) ([#31475](https://github.com/aws/aws-cdk/issues/31475)) ([de7ab7c](https://github.com/aws/aws-cdk/commit/de7ab7c662d326b9818514e236d82ea1228d1263)) +* **eks:** fargateCluster compatibility with AuthenticationMode.API ([#31267](https://github.com/aws/aws-cdk/issues/31267)) ([4d12833](https://github.com/aws/aws-cdk/commit/4d128330b058bf92c405661f6a2cb29fccaf6b38)) +* **eks:** update private ecr repo url regex ([#31394](https://github.com/aws/aws-cdk/issues/31394)) ([386fca3](https://github.com/aws/aws-cdk/commit/386fca3e1408a9389efac08598bde2d93d53fbba)) +* **lambda:** invalid Version object created from Version.fromVersionArn ([#31433](https://github.com/aws/aws-cdk/issues/31433)) ([1726abd](https://github.com/aws/aws-cdk/commit/1726abddbe10a22c092de7bf0b566710d13f5efd)) +* **ssm:** update ssm-context to prevent raising an error on missing parameter ([#31415](https://github.com/aws/aws-cdk/issues/31415)) ([ff02cca](https://github.com/aws/aws-cdk/commit/ff02ccaf12bddc9ed9236c5b5f2693604745f3c6)), closes [#7051](https://github.com/aws/aws-cdk/issues/7051) [#22064](https://github.com/aws/aws-cdk/issues/22064) [#7259](https://github.com/aws/aws-cdk/issues/7259) +* pipelines ties cli version with cdk-assets version ([#31261](https://github.com/aws/aws-cdk/issues/31261)) ([4392ab4](https://github.com/aws/aws-cdk/commit/4392ab46de282a4f70365be0952c308e2d7cb8b8)), closes [#31253](https://github.com/aws/aws-cdk/issues/31253) + ## [2.158.0](https://github.com/aws/aws-cdk/compare/v2.157.0...v2.158.0) (2024-09-11) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service-idle-timeout.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service-idle-timeout.ts index 902771af07f35..38e51b7d64a87 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service-idle-timeout.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service-idle-timeout.ts @@ -11,6 +11,7 @@ import { AUTOSCALING_GENERATE_LAUNCH_TEMPLATE } from 'aws-cdk-lib/cx-api'; const app = new App({ postCliContext: { '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': false, + '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': false, }, }); const stack = new Stack(app, 'aws-ecs-integ-alb-idle-timeout'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service.ts index 2f2d617beaad8..dfbaf2e4e5f42 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service.ts @@ -3,9 +3,14 @@ import { Cluster, ContainerImage } from 'aws-cdk-lib/aws-ecs'; import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { ApplicationMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns'; -import { AUTOSCALING_GENERATE_LAUNCH_TEMPLATE } from 'aws-cdk-lib/cx-api'; +import { AUTOSCALING_GENERATE_LAUNCH_TEMPLATE, REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS } from 'aws-cdk-lib/cx-api'; -const app = new App({ postCliContext: { [AUTOSCALING_GENERATE_LAUNCH_TEMPLATE]: false } }); +const app = new App({ + postCliContext: { + [AUTOSCALING_GENERATE_LAUNCH_TEMPLATE]: false, + [REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS]: false, + }, +}); const stack = new Stack(app, 'aws-ecs-integ-multiple-alb'); const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts index a1667b5df6246..b707476962b53 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.ts @@ -6,7 +6,11 @@ import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns'; -const app = new App(); +const app = new App({ + postCliContext: { + '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': false, + }, +}); const stack = new Stack(app, 'aws-ecs-integ-alb-fg-https'); const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); const cluster = new Cluster(stack, 'Cluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js new file mode 100644 index 0000000000000..02033f55cf612 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js @@ -0,0 +1,155 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.assets.json new file mode 100644 index 0000000000000..635a5063c2ce0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.24", + "files": { + "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1": { + "source": { + "path": "asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "9a76fcba4ced44546bf4b1f9cf657a8c109221e81feca9c7f01c078c620b4b8e": { + "source": { + "path": "aws-ecs-integ-enable-execute-command.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "9a76fcba4ced44546bf4b1f9cf657a8c109221e81feca9c7f01c078c620b4b8e.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.template.json new file mode 100644 index 0000000000000..87151a29fffd3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.template.json @@ -0,0 +1,1370 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1RouteTableAssociation97140677" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet2EIP3C605A87": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2NATGateway9182C01D": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet2EIP3C605A87", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTableAssociationDD5762D8" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + }, + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "TaskDefTaskRole1EDB4A67": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TaskDefTaskRoleDefaultPolicyA592CB18": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucketLocation", + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Ref": "EcsExecBucket4F468651" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:GetEncryptionConfiguration", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Ref": "EcsExecBucket4F468651" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "TaskDefTaskRoleDefaultPolicyA592CB18", + "Roles": [ + { + "Ref": "TaskDefTaskRole1EDB4A67" + } + ] + } + }, + "TaskDef54694570": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Essential": true, + "Image": "amazon/amazon-ecs-sample", + "MemoryReservation": 256, + "Name": "web", + "PortMappings": [ + { + "ContainerPort": 80, + "HostPort": 8080, + "Protocol": "tcp" + } + ] + } + ], + "Family": "awsecsintegenableexecutecommandTaskDefE1A02A6B", + "NetworkMode": "bridge", + "RequiresCompatibilities": [ + "EC2" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "EcsExecBucket4F468651": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "ASGInstanceSecurityGroup0525485D": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-ecs-integ-enable-execute-command/ASG/InstanceSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/ASG" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "ASGInstanceRoleE263A41B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/ASG" + } + ] + } + }, + "ASGInstanceRoleDefaultPolicy7636D8BF": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ecs:DeregisterContainerInstance", + "ecs:RegisterContainerInstance", + "ecs:Submit*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "EC2CPClusterD5F0FD32", + "Arn" + ] + } + }, + { + "Action": [ + "ecs:Poll", + "ecs:StartTelemetrySession" + ], + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "EC2CPClusterD5F0FD32", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ASGInstanceRoleDefaultPolicy7636D8BF", + "Roles": [ + { + "Ref": "ASGInstanceRoleE263A41B" + } + ] + } + }, + "ASGInstanceProfile0A2834D7": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "ASGInstanceRoleE263A41B" + } + ] + } + }, + "ASGLaunchTemplate0CA92847": { + "Type": "AWS::EC2::LaunchTemplate", + "Properties": { + "LaunchTemplateData": { + "IamInstanceProfile": { + "Arn": { + "Fn::GetAtt": [ + "ASGInstanceProfile0A2834D7", + "Arn" + ] + } + }, + "ImageId": { + "Ref": "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t2.micro", + "Monitoring": { + "Enabled": false + }, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "ASGInstanceSecurityGroup0525485D", + "GroupId" + ] + } + ], + "TagSpecifications": [ + { + "ResourceType": "instance", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/ASG/LaunchTemplate" + } + ] + }, + { + "ResourceType": "volume", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/ASG/LaunchTemplate" + } + ] + } + ], + "UserData": { + "Fn::Base64": { + "Fn::Join": [ + "", + [ + "#!/bin/bash\necho ECS_CLUSTER=", + { + "Ref": "EC2CPClusterD5F0FD32" + }, + " >> /etc/ecs/ecs.config\nsudo iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP\nsudo service iptables save\necho ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config" + ] + ] + } + } + }, + "TagSpecifications": [ + { + "ResourceType": "launch-template", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/ASG/LaunchTemplate" + } + ] + } + ] + }, + "DependsOn": [ + "ASGInstanceRoleDefaultPolicy7636D8BF", + "ASGInstanceRoleE263A41B" + ] + }, + "ASG46ED3070": { + "Type": "AWS::AutoScaling::AutoScalingGroup", + "Properties": { + "LaunchTemplate": { + "LaunchTemplateId": { + "Ref": "ASGLaunchTemplate0CA92847" + }, + "Version": { + "Fn::GetAtt": [ + "ASGLaunchTemplate0CA92847", + "LatestVersionNumber" + ] + } + }, + "MaxSize": "1", + "MinSize": "1", + "Tags": [ + { + "Key": "Name", + "PropagateAtLaunch": true, + "Value": "aws-ecs-integ-enable-execute-command/ASG" + } + ], + "VPCZoneIdentifier": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + }, + "UpdatePolicy": { + "AutoScalingScheduledAction": { + "IgnoreUnmodifiedGroupSizeProperties": true + } + } + }, + "ASGDrainECSHookFunctionServiceRoleC12963BB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/ASG" + } + ] + } + }, + "ASGDrainECSHookFunctionServiceRoleDefaultPolicy16848A27": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ec2:DescribeHosts", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":autoscaling:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":autoScalingGroup:*:autoScalingGroupName/", + { + "Ref": "ASG46ED3070" + } + ] + ] + } + }, + { + "Action": [ + "ecs:DescribeContainerInstances", + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" + ], + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "EC2CPClusterD5F0FD32", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ecs:ListContainerInstances", + "ecs:SubmitContainerStateChange", + "ecs:SubmitTaskStateChange" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "EC2CPClusterD5F0FD32", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ASGDrainECSHookFunctionServiceRoleDefaultPolicy16848A27", + "Roles": [ + { + "Ref": "ASGDrainECSHookFunctionServiceRoleC12963BB" + } + ] + } + }, + "ASGDrainECSHookFunction5F24CF4D": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "import boto3, json, os, time\n\necs = boto3.client('ecs')\nautoscaling = boto3.client('autoscaling')\n\n\ndef lambda_handler(event, context):\n print(json.dumps(dict(event, ResponseURL='...')))\n cluster = os.environ['CLUSTER']\n snsTopicArn = event['Records'][0]['Sns']['TopicArn']\n lifecycle_event = json.loads(event['Records'][0]['Sns']['Message'])\n instance_id = lifecycle_event.get('EC2InstanceId')\n if not instance_id:\n print('Got event without EC2InstanceId: %s', json.dumps(dict(event, ResponseURL='...')))\n return\n\n instance_arn = container_instance_arn(cluster, instance_id)\n print('Instance %s has container instance ARN %s' % (lifecycle_event['EC2InstanceId'], instance_arn))\n\n if not instance_arn:\n return\n\n task_arns = container_instance_task_arns(cluster, instance_arn)\n\n if task_arns:\n print('Instance ARN %s has task ARNs %s' % (instance_arn, ', '.join(task_arns)))\n\n while has_tasks(cluster, instance_arn, task_arns):\n time.sleep(10)\n\n try:\n print('Terminating instance %s' % instance_id)\n autoscaling.complete_lifecycle_action(\n LifecycleActionResult='CONTINUE',\n **pick(lifecycle_event, 'LifecycleHookName', 'LifecycleActionToken', 'AutoScalingGroupName'))\n except Exception as e:\n # Lifecycle action may have already completed.\n print(str(e))\n\n\ndef container_instance_arn(cluster, instance_id):\n \"\"\"Turn an instance ID into a container instance ARN.\"\"\"\n arns = ecs.list_container_instances(cluster=cluster, filter='ec2InstanceId==' + instance_id)['containerInstanceArns']\n if not arns:\n return None\n return arns[0]\n\ndef container_instance_task_arns(cluster, instance_arn):\n \"\"\"Fetch tasks for a container instance ARN.\"\"\"\n arns = ecs.list_tasks(cluster=cluster, containerInstance=instance_arn)['taskArns']\n return arns\n\ndef has_tasks(cluster, instance_arn, task_arns):\n \"\"\"Return True if the instance is running tasks for the given cluster.\"\"\"\n instances = ecs.describe_container_instances(cluster=cluster, containerInstances=[instance_arn])['containerInstances']\n if not instances:\n return False\n instance = instances[0]\n\n if instance['status'] == 'ACTIVE':\n # Start draining, then try again later\n set_container_instance_to_draining(cluster, instance_arn)\n return True\n\n task_count = None\n\n if task_arns:\n # Fetch details for tasks running on the container instance\n tasks = ecs.describe_tasks(cluster=cluster, tasks=task_arns)['tasks']\n if tasks:\n # Consider any non-stopped tasks as running\n task_count = sum(task['lastStatus'] != 'STOPPED' for task in tasks) + instance['pendingTasksCount']\n\n if not task_count:\n # Fallback to instance task counts if detailed task information is unavailable\n task_count = instance['runningTasksCount'] + instance['pendingTasksCount']\n\n print('Instance %s has %s tasks' % (instance_arn, task_count))\n\n return task_count > 0\n\ndef set_container_instance_to_draining(cluster, instance_arn):\n ecs.update_container_instances_state(\n cluster=cluster,\n containerInstances=[instance_arn], status='DRAINING')\n\n\ndef pick(dct, *keys):\n \"\"\"Pick a subset of a dict.\"\"\"\n return {k: v for k, v in dct.items() if k in keys}\n" + }, + "Environment": { + "Variables": { + "CLUSTER": { + "Ref": "EC2CPClusterD5F0FD32" + } + } + }, + "Handler": "index.lambda_handler", + "Role": { + "Fn::GetAtt": [ + "ASGDrainECSHookFunctionServiceRoleC12963BB", + "Arn" + ] + }, + "Runtime": "python3.9", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/ASG" + } + ], + "Timeout": 310 + }, + "DependsOn": [ + "ASGDrainECSHookFunctionServiceRoleDefaultPolicy16848A27", + "ASGDrainECSHookFunctionServiceRoleC12963BB" + ] + }, + "ASGDrainECSHookFunctionAllowInvokeawsecsintegenableexecutecommandASGLifecycleHookDrainHookTopic82F943978D25E256": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "ASGDrainECSHookFunction5F24CF4D", + "Arn" + ] + }, + "Principal": "sns.amazonaws.com", + "SourceArn": { + "Ref": "ASGLifecycleHookDrainHookTopicA8AD4ACB" + } + } + }, + "ASGDrainECSHookFunctionTopicD6FC59F7": { + "Type": "AWS::SNS::Subscription", + "Properties": { + "Endpoint": { + "Fn::GetAtt": [ + "ASGDrainECSHookFunction5F24CF4D", + "Arn" + ] + }, + "Protocol": "lambda", + "TopicArn": { + "Ref": "ASGLifecycleHookDrainHookTopicA8AD4ACB" + } + } + }, + "ASGLifecycleHookDrainHookTopicA8AD4ACB": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/ASG" + } + ] + } + }, + "ASGLifecycleHookDrainHookRoleD640316C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "autoscaling.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/ASG" + } + ] + } + }, + "ASGLifecycleHookDrainHookRoleDefaultPolicy3EEFDE57": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": { + "Ref": "ASGLifecycleHookDrainHookTopicA8AD4ACB" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ASGLifecycleHookDrainHookRoleDefaultPolicy3EEFDE57", + "Roles": [ + { + "Ref": "ASGLifecycleHookDrainHookRoleD640316C" + } + ] + } + }, + "ASGLifecycleHookDrainHookFE4AFEBE": { + "Type": "AWS::AutoScaling::LifecycleHook", + "Properties": { + "AutoScalingGroupName": { + "Ref": "ASG46ED3070" + }, + "DefaultResult": "CONTINUE", + "HeartbeatTimeout": 300, + "LifecycleTransition": "autoscaling:EC2_INSTANCE_TERMINATING", + "NotificationTargetARN": { + "Ref": "ASGLifecycleHookDrainHookTopicA8AD4ACB" + }, + "RoleARN": { + "Fn::GetAtt": [ + "ASGLifecycleHookDrainHookRoleD640316C", + "Arn" + ] + } + }, + "DependsOn": [ + "ASGLifecycleHookDrainHookRoleDefaultPolicy3EEFDE57", + "ASGLifecycleHookDrainHookRoleD640316C" + ] + }, + "EC2CapacityProvider5A2E35CD": { + "Type": "AWS::ECS::CapacityProvider", + "Properties": { + "AutoScalingGroupProvider": { + "AutoScalingGroupArn": { + "Ref": "ASG46ED3070" + }, + "ManagedScaling": { + "Status": "ENABLED", + "TargetCapacity": 100 + }, + "ManagedTerminationProtection": "DISABLED" + }, + "Name": "cp-aws-ecs-integ-enable-execute-commandEC2CapacityProvider4341E2A3" + } + }, + "EC2CPClusterD5F0FD32": { + "Type": "AWS::ECS::Cluster", + "Properties": { + "Configuration": { + "ExecuteCommandConfiguration": { + "LogConfiguration": { + "S3BucketName": { + "Ref": "EcsExecBucket4F468651" + }, + "S3EncryptionEnabled": true, + "S3KeyPrefix": "exec-output" + }, + "Logging": "OVERRIDE" + } + } + } + }, + "EC2CPCluster4CFED4DD": { + "Type": "AWS::ECS::ClusterCapacityProviderAssociations", + "Properties": { + "CapacityProviders": [ + { + "Ref": "EC2CapacityProvider5A2E35CD" + } + ], + "Cluster": { + "Ref": "EC2CPClusterD5F0FD32" + }, + "DefaultCapacityProviderStrategy": [] + } + }, + "EC2Service5392EF94": { + "Type": "AWS::ECS::Service", + "Properties": { + "Cluster": { + "Ref": "EC2CPClusterD5F0FD32" + }, + "DeploymentConfiguration": { + "MaximumPercent": 200, + "MinimumHealthyPercent": 50 + }, + "EnableECSManagedTags": false, + "EnableExecuteCommand": true, + "LaunchType": "EC2", + "SchedulingStrategy": "REPLICA", + "TaskDefinition": { + "Ref": "TaskDef54694570" + } + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + } + }, + "Mappings": { + "LatestNodeRuntimeMap": { + "af-south-1": { + "value": "nodejs20.x" + }, + "ap-east-1": { + "value": "nodejs20.x" + }, + "ap-northeast-1": { + "value": "nodejs20.x" + }, + "ap-northeast-2": { + "value": "nodejs20.x" + }, + "ap-northeast-3": { + "value": "nodejs20.x" + }, + "ap-south-1": { + "value": "nodejs20.x" + }, + "ap-south-2": { + "value": "nodejs20.x" + }, + "ap-southeast-1": { + "value": "nodejs20.x" + }, + "ap-southeast-2": { + "value": "nodejs20.x" + }, + "ap-southeast-3": { + "value": "nodejs20.x" + }, + "ap-southeast-4": { + "value": "nodejs20.x" + }, + "ap-southeast-5": { + "value": "nodejs20.x" + }, + "ap-southeast-7": { + "value": "nodejs20.x" + }, + "ca-central-1": { + "value": "nodejs20.x" + }, + "ca-west-1": { + "value": "nodejs20.x" + }, + "cn-north-1": { + "value": "nodejs18.x" + }, + "cn-northwest-1": { + "value": "nodejs18.x" + }, + "eu-central-1": { + "value": "nodejs20.x" + }, + "eu-central-2": { + "value": "nodejs20.x" + }, + "eu-isoe-west-1": { + "value": "nodejs18.x" + }, + "eu-north-1": { + "value": "nodejs20.x" + }, + "eu-south-1": { + "value": "nodejs20.x" + }, + "eu-south-2": { + "value": "nodejs20.x" + }, + "eu-west-1": { + "value": "nodejs20.x" + }, + "eu-west-2": { + "value": "nodejs20.x" + }, + "eu-west-3": { + "value": "nodejs20.x" + }, + "il-central-1": { + "value": "nodejs20.x" + }, + "me-central-1": { + "value": "nodejs20.x" + }, + "me-south-1": { + "value": "nodejs20.x" + }, + "mx-central-1": { + "value": "nodejs20.x" + }, + "sa-east-1": { + "value": "nodejs20.x" + }, + "us-east-1": { + "value": "nodejs20.x" + }, + "us-east-2": { + "value": "nodejs20.x" + }, + "us-gov-east-1": { + "value": "nodejs18.x" + }, + "us-gov-west-1": { + "value": "nodejs18.x" + }, + "us-iso-east-1": { + "value": "nodejs18.x" + }, + "us-iso-west-1": { + "value": "nodejs18.x" + }, + "us-isob-east-1": { + "value": "nodejs18.x" + }, + "us-west-1": { + "value": "nodejs20.x" + }, + "us-west-2": { + "value": "nodejs20.x" + } + } + }, + "Parameters": { + "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id" + }, + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/cdk.out new file mode 100644 index 0000000000000..4efaa16f29af9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.24"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets.json new file mode 100644 index 0000000000000..7f0719e1c6254 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.24", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/integ.json new file mode 100644 index 0000000000000..65492a8c788d0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.24", + "testCases": { + "enable-execute-command-test/DefaultTest": { + "stacks": [ + "aws-ecs-integ-enable-execute-command" + ], + "assertionStack": "enable-execute-command-test/DefaultTest/DeployAssert", + "assertionStackName": "enableexecutecommandtestDefaultTestDeployAssertDF06DF37" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/manifest.json new file mode 100644 index 0000000000000..f3a1b3fc0b580 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/manifest.json @@ -0,0 +1,419 @@ +{ + "version": "36.0.24", + "artifacts": { + "aws-ecs-integ-enable-execute-command.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-ecs-integ-enable-execute-command.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-ecs-integ-enable-execute-command": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-ecs-integ-enable-execute-command.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9a76fcba4ced44546bf4b1f9cf657a8c109221e81feca9c7f01c078c620b4b8e.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-ecs-integ-enable-execute-command.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-ecs-integ-enable-execute-command.assets" + ], + "metadata": { + "/aws-ecs-integ-enable-execute-command/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1EIPD7E02669" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1NATGateway4D7517AA" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2EIP3C605A87" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2NATGateway9182C01D" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1Subnet536B997A" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableB2C5B500" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableAssociation70C59FA6" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1DefaultRouteBE02A9ED" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableA678073B" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2DefaultRoute060D2087" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE" + } + ], + "/aws-ecs-integ-enable-execute-command/LatestNodeRuntimeMap": [ + { + "type": "aws:cdk:logicalId", + "data": "LatestNodeRuntimeMap" + } + ], + "/aws-ecs-integ-enable-execute-command/Custom::VpcRestrictDefaultSGCustomResourceProvider": [ + { + "type": "aws:cdk:is-custom-resource-handler-customResourceProvider", + "data": true + } + ], + "/aws-ecs-integ-enable-execute-command/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/aws-ecs-integ-enable-execute-command/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefTaskRole1EDB4A67" + } + ], + "/aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefTaskRoleDefaultPolicyA592CB18" + } + ], + "/aws-ecs-integ-enable-execute-command/TaskDef/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDef54694570" + } + ], + "/aws-ecs-integ-enable-execute-command/EcsExecBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EcsExecBucket4F468651" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/InstanceSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGInstanceSecurityGroup0525485D" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/InstanceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGInstanceRoleE263A41B" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/InstanceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGInstanceRoleDefaultPolicy7636D8BF" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGInstanceProfile0A2834D7" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/LaunchTemplate/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGLaunchTemplate0CA92847" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/ASG": [ + { + "type": "aws:cdk:logicalId", + "data": "ASG46ED3070" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGDrainECSHookFunctionServiceRoleC12963BB" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGDrainECSHookFunctionServiceRoleDefaultPolicy16848A27" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGDrainECSHookFunction5F24CF4D" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/AllowInvoke:awsecsintegenableexecutecommandASGLifecycleHookDrainHookTopic82F94397": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGDrainECSHookFunctionAllowInvokeawsecsintegenableexecutecommandASGLifecycleHookDrainHookTopic82F943978D25E256" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/Topic/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGDrainECSHookFunctionTopicD6FC59F7" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Topic/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGLifecycleHookDrainHookTopicA8AD4ACB" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGLifecycleHookDrainHookRoleD640316C" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGLifecycleHookDrainHookRoleDefaultPolicy3EEFDE57" + } + ], + "/aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ASGLifecycleHookDrainHookFE4AFEBE" + } + ], + "/aws-ecs-integ-enable-execute-command/SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ + { + "type": "aws:cdk:logicalId", + "data": "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + } + ], + "/aws-ecs-integ-enable-execute-command/EC2CapacityProvider/EC2CapacityProvider": [ + { + "type": "aws:cdk:logicalId", + "data": "EC2CapacityProvider5A2E35CD" + } + ], + "/aws-ecs-integ-enable-execute-command/EC2CPCluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EC2CPClusterD5F0FD32" + } + ], + "/aws-ecs-integ-enable-execute-command/EC2CPCluster/EC2CPCluster": [ + { + "type": "aws:cdk:logicalId", + "data": "EC2CPCluster4CFED4DD" + } + ], + "/aws-ecs-integ-enable-execute-command/EC2Service/Service": [ + { + "type": "aws:cdk:logicalId", + "data": "EC2Service5392EF94" + } + ], + "/aws-ecs-integ-enable-execute-command/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-ecs-integ-enable-execute-command/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-ecs-integ-enable-execute-command" + }, + "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "enableexecutecommandtestDefaultTestDeployAssertDF06DF37": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets" + ], + "metadata": { + "/enable-execute-command-test/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/enable-execute-command-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "enable-execute-command-test/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/tree.json new file mode 100644 index 0000000000000..70839e030a68d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.js.snapshot/tree.json @@ -0,0 +1,1929 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-ecs-integ-enable-execute-command": { + "id": "aws-ecs-integ-enable-execute-command", + "path": "aws-ecs-integ-enable-execute-command", + "children": { + "Vpc": { + "id": "Vpc", + "path": "aws-ecs-integ-enable-execute-command/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet2EIP3C605A87", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "aws-ecs-integ-enable-execute-command/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "aws-ecs-integ-enable-execute-command/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "aws-ecs-integ-enable-execute-command/Vpc/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "aws-ecs-integ-enable-execute-command/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "LatestNodeRuntimeMap": { + "id": "LatestNodeRuntimeMap", + "path": "aws-ecs-integ-enable-execute-command/LatestNodeRuntimeMap", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnMapping", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "aws-ecs-integ-enable-execute-command/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-ecs-integ-enable-execute-command/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-ecs-integ-enable-execute-command/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "aws-ecs-integ-enable-execute-command/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "TaskDef": { + "id": "TaskDef", + "path": "aws-ecs-integ-enable-execute-command/TaskDef", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/TaskRole", + "children": { + "ImportTaskRole": { + "id": "ImportTaskRole", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/ImportTaskRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucketLocation", + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Ref": "EcsExecBucket4F468651" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:GetEncryptionConfiguration", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Ref": "EcsExecBucket4F468651" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "TaskDefTaskRoleDefaultPolicyA592CB18", + "roles": [ + { + "Ref": "TaskDefTaskRole1EDB4A67" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "essential": true, + "image": "amazon/amazon-ecs-sample", + "memoryReservation": 256, + "name": "web", + "portMappings": [ + { + "containerPort": 80, + "hostPort": 8080, + "protocol": "tcp" + } + ] + } + ], + "family": "awsecsintegenableexecutecommandTaskDefE1A02A6B", + "networkMode": "bridge", + "requiresCompatibilities": [ + "EC2" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "0.0.0" + } + }, + "web": { + "id": "web", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/web", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Ec2TaskDefinition", + "version": "0.0.0" + } + }, + "EcsExecBucket": { + "id": "EcsExecBucket", + "path": "aws-ecs-integ-enable-execute-command/EcsExecBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/EcsExecBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "ASG": { + "id": "ASG", + "path": "aws-ecs-integ-enable-execute-command/ASG", + "children": { + "InstanceSecurityGroup": { + "id": "InstanceSecurityGroup", + "path": "aws-ecs-integ-enable-execute-command/ASG/InstanceSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/InstanceSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-ecs-integ-enable-execute-command/ASG/InstanceSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/ASG" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceRole": { + "id": "InstanceRole", + "path": "aws-ecs-integ-enable-execute-command/ASG/InstanceRole", + "children": { + "ImportInstanceRole": { + "id": "ImportInstanceRole", + "path": "aws-ecs-integ-enable-execute-command/ASG/InstanceRole/ImportInstanceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/InstanceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/ASG" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-ecs-integ-enable-execute-command/ASG/InstanceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/InstanceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ecs:DeregisterContainerInstance", + "ecs:RegisterContainerInstance", + "ecs:Submit*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "EC2CPClusterD5F0FD32", + "Arn" + ] + } + }, + { + "Action": [ + "ecs:Poll", + "ecs:StartTelemetrySession" + ], + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "EC2CPClusterD5F0FD32", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "ASGInstanceRoleDefaultPolicy7636D8BF", + "roles": [ + { + "Ref": "ASGInstanceRoleE263A41B" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "aws-ecs-integ-enable-execute-command/ASG/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "ASGInstanceRoleE263A41B" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "ImportedInstanceProfile": { + "id": "ImportedInstanceProfile", + "path": "aws-ecs-integ-enable-execute-command/ASG/ImportedInstanceProfile", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "LaunchTemplate": { + "id": "LaunchTemplate", + "path": "aws-ecs-integ-enable-execute-command/ASG/LaunchTemplate", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/LaunchTemplate/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::LaunchTemplate", + "aws:cdk:cloudformation:props": { + "launchTemplateData": { + "iamInstanceProfile": { + "arn": { + "Fn::GetAtt": [ + "ASGInstanceProfile0A2834D7", + "Arn" + ] + } + }, + "imageId": { + "Ref": "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "instanceType": "t2.micro", + "monitoring": { + "enabled": false + }, + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "ASGInstanceSecurityGroup0525485D", + "GroupId" + ] + } + ], + "tagSpecifications": [ + { + "resourceType": "instance", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/ASG/LaunchTemplate" + } + ] + }, + { + "resourceType": "volume", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/ASG/LaunchTemplate" + } + ] + } + ], + "userData": { + "Fn::Base64": { + "Fn::Join": [ + "", + [ + "#!/bin/bash\necho ECS_CLUSTER=", + { + "Ref": "EC2CPClusterD5F0FD32" + }, + " >> /etc/ecs/ecs.config\nsudo iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP\nsudo service iptables save\necho ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config" + ] + ] + } + } + }, + "tagSpecifications": [ + { + "resourceType": "launch-template", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/ASG/LaunchTemplate" + } + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnLaunchTemplate", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.LaunchTemplate", + "version": "0.0.0" + } + }, + "ASG": { + "id": "ASG", + "path": "aws-ecs-integ-enable-execute-command/ASG/ASG", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AutoScaling::AutoScalingGroup", + "aws:cdk:cloudformation:props": { + "launchTemplate": { + "launchTemplateId": { + "Ref": "ASGLaunchTemplate0CA92847" + }, + "version": { + "Fn::GetAtt": [ + "ASGLaunchTemplate0CA92847", + "LatestVersionNumber" + ] + } + }, + "maxSize": "1", + "minSize": "1", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/ASG", + "propagateAtLaunch": true + } + ], + "vpcZoneIdentifier": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_autoscaling.CfnAutoScalingGroup", + "version": "0.0.0" + } + }, + "DrainECSHook": { + "id": "DrainECSHook", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook", + "children": { + "Function": { + "id": "Function", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ], + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/ASG" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ec2:DescribeHosts", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":autoscaling:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":autoScalingGroup:*:autoScalingGroupName/", + { + "Ref": "ASG46ED3070" + } + ] + ] + } + }, + { + "Action": [ + "ecs:DescribeContainerInstances", + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" + ], + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "EC2CPClusterD5F0FD32", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ecs:ListContainerInstances", + "ecs:SubmitContainerStateChange", + "ecs:SubmitTaskStateChange" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "EC2CPClusterD5F0FD32", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "ASGDrainECSHookFunctionServiceRoleDefaultPolicy16848A27", + "roles": [ + { + "Ref": "ASGDrainECSHookFunctionServiceRoleC12963BB" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "import boto3, json, os, time\n\necs = boto3.client('ecs')\nautoscaling = boto3.client('autoscaling')\n\n\ndef lambda_handler(event, context):\n print(json.dumps(dict(event, ResponseURL='...')))\n cluster = os.environ['CLUSTER']\n snsTopicArn = event['Records'][0]['Sns']['TopicArn']\n lifecycle_event = json.loads(event['Records'][0]['Sns']['Message'])\n instance_id = lifecycle_event.get('EC2InstanceId')\n if not instance_id:\n print('Got event without EC2InstanceId: %s', json.dumps(dict(event, ResponseURL='...')))\n return\n\n instance_arn = container_instance_arn(cluster, instance_id)\n print('Instance %s has container instance ARN %s' % (lifecycle_event['EC2InstanceId'], instance_arn))\n\n if not instance_arn:\n return\n\n task_arns = container_instance_task_arns(cluster, instance_arn)\n\n if task_arns:\n print('Instance ARN %s has task ARNs %s' % (instance_arn, ', '.join(task_arns)))\n\n while has_tasks(cluster, instance_arn, task_arns):\n time.sleep(10)\n\n try:\n print('Terminating instance %s' % instance_id)\n autoscaling.complete_lifecycle_action(\n LifecycleActionResult='CONTINUE',\n **pick(lifecycle_event, 'LifecycleHookName', 'LifecycleActionToken', 'AutoScalingGroupName'))\n except Exception as e:\n # Lifecycle action may have already completed.\n print(str(e))\n\n\ndef container_instance_arn(cluster, instance_id):\n \"\"\"Turn an instance ID into a container instance ARN.\"\"\"\n arns = ecs.list_container_instances(cluster=cluster, filter='ec2InstanceId==' + instance_id)['containerInstanceArns']\n if not arns:\n return None\n return arns[0]\n\ndef container_instance_task_arns(cluster, instance_arn):\n \"\"\"Fetch tasks for a container instance ARN.\"\"\"\n arns = ecs.list_tasks(cluster=cluster, containerInstance=instance_arn)['taskArns']\n return arns\n\ndef has_tasks(cluster, instance_arn, task_arns):\n \"\"\"Return True if the instance is running tasks for the given cluster.\"\"\"\n instances = ecs.describe_container_instances(cluster=cluster, containerInstances=[instance_arn])['containerInstances']\n if not instances:\n return False\n instance = instances[0]\n\n if instance['status'] == 'ACTIVE':\n # Start draining, then try again later\n set_container_instance_to_draining(cluster, instance_arn)\n return True\n\n task_count = None\n\n if task_arns:\n # Fetch details for tasks running on the container instance\n tasks = ecs.describe_tasks(cluster=cluster, tasks=task_arns)['tasks']\n if tasks:\n # Consider any non-stopped tasks as running\n task_count = sum(task['lastStatus'] != 'STOPPED' for task in tasks) + instance['pendingTasksCount']\n\n if not task_count:\n # Fallback to instance task counts if detailed task information is unavailable\n task_count = instance['runningTasksCount'] + instance['pendingTasksCount']\n\n print('Instance %s has %s tasks' % (instance_arn, task_count))\n\n return task_count > 0\n\ndef set_container_instance_to_draining(cluster, instance_arn):\n ecs.update_container_instances_state(\n cluster=cluster,\n containerInstances=[instance_arn], status='DRAINING')\n\n\ndef pick(dct, *keys):\n \"\"\"Pick a subset of a dict.\"\"\"\n return {k: v for k, v in dct.items() if k in keys}\n" + }, + "environment": { + "variables": { + "CLUSTER": { + "Ref": "EC2CPClusterD5F0FD32" + } + } + }, + "handler": "index.lambda_handler", + "role": { + "Fn::GetAtt": [ + "ASGDrainECSHookFunctionServiceRoleC12963BB", + "Arn" + ] + }, + "runtime": "python3.9", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/ASG" + } + ], + "timeout": 310 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + }, + "AllowInvoke:awsecsintegenableexecutecommandASGLifecycleHookDrainHookTopic82F94397": { + "id": "AllowInvoke:awsecsintegenableexecutecommandASGLifecycleHookDrainHookTopic82F94397", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/AllowInvoke:awsecsintegenableexecutecommandASGLifecycleHookDrainHookTopic82F94397", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "ASGDrainECSHookFunction5F24CF4D", + "Arn" + ] + }, + "principal": "sns.amazonaws.com", + "sourceArn": { + "Ref": "ASGLifecycleHookDrainHookTopicA8AD4ACB" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", + "version": "0.0.0" + } + }, + "Topic": { + "id": "Topic", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/Topic", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/DrainECSHook/Function/Topic/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SNS::Subscription", + "aws:cdk:cloudformation:props": { + "endpoint": { + "Fn::GetAtt": [ + "ASGDrainECSHookFunction5F24CF4D", + "Arn" + ] + }, + "protocol": "lambda", + "topicArn": { + "Ref": "ASGLifecycleHookDrainHookTopicA8AD4ACB" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sns.CfnSubscription", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sns.Subscription", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "LifecycleHookDrainHook": { + "id": "LifecycleHookDrainHook", + "path": "aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook", + "children": { + "Topic": { + "id": "Topic", + "path": "aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Topic", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Topic/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SNS::Topic", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/ASG" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sns.CfnTopic", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sns.Topic", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "autoscaling.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/ASG" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": { + "Ref": "ASGLifecycleHookDrainHookTopicA8AD4ACB" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "ASGLifecycleHookDrainHookRoleDefaultPolicy3EEFDE57", + "roles": [ + { + "Ref": "ASGLifecycleHookDrainHookRoleD640316C" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/ASG/LifecycleHookDrainHook/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AutoScaling::LifecycleHook", + "aws:cdk:cloudformation:props": { + "autoScalingGroupName": { + "Ref": "ASG46ED3070" + }, + "defaultResult": "CONTINUE", + "heartbeatTimeout": 300, + "lifecycleTransition": "autoscaling:EC2_INSTANCE_TERMINATING", + "notificationTargetArn": { + "Ref": "ASGLifecycleHookDrainHookTopicA8AD4ACB" + }, + "roleArn": { + "Fn::GetAtt": [ + "ASGLifecycleHookDrainHookRoleD640316C", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_autoscaling.CfnLifecycleHook", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_autoscaling.LifecycleHook", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_autoscaling.AutoScalingGroup", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { + "id": "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "path": "aws-ecs-integ-enable-execute-command/SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118": { + "id": "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118", + "path": "aws-ecs-integ-enable-execute-command/SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "EC2CapacityProvider": { + "id": "EC2CapacityProvider", + "path": "aws-ecs-integ-enable-execute-command/EC2CapacityProvider", + "children": { + "EC2CapacityProvider": { + "id": "EC2CapacityProvider", + "path": "aws-ecs-integ-enable-execute-command/EC2CapacityProvider/EC2CapacityProvider", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::CapacityProvider", + "aws:cdk:cloudformation:props": { + "autoScalingGroupProvider": { + "autoScalingGroupArn": { + "Ref": "ASG46ED3070" + }, + "managedScaling": { + "status": "ENABLED", + "targetCapacity": 100 + }, + "managedTerminationProtection": "DISABLED" + }, + "name": "cp-aws-ecs-integ-enable-execute-commandEC2CapacityProvider4341E2A3" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnCapacityProvider", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.AsgCapacityProvider", + "version": "0.0.0" + } + }, + "EC2CPCluster": { + "id": "EC2CPCluster", + "path": "aws-ecs-integ-enable-execute-command/EC2CPCluster", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/EC2CPCluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Cluster", + "aws:cdk:cloudformation:props": { + "configuration": { + "executeCommandConfiguration": { + "logConfiguration": { + "s3BucketName": { + "Ref": "EcsExecBucket4F468651" + }, + "s3EncryptionEnabled": true, + "s3KeyPrefix": "exec-output" + }, + "logging": "OVERRIDE" + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnCluster", + "version": "0.0.0" + } + }, + "EC2CPCluster": { + "id": "EC2CPCluster", + "path": "aws-ecs-integ-enable-execute-command/EC2CPCluster/EC2CPCluster", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::ClusterCapacityProviderAssociations", + "aws:cdk:cloudformation:props": { + "capacityProviders": [ + { + "Ref": "EC2CapacityProvider5A2E35CD" + } + ], + "cluster": { + "Ref": "EC2CPClusterD5F0FD32" + }, + "defaultCapacityProviderStrategy": [] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnClusterCapacityProviderAssociations", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Cluster", + "version": "0.0.0" + } + }, + "EC2Service": { + "id": "EC2Service", + "path": "aws-ecs-integ-enable-execute-command/EC2Service", + "children": { + "Service": { + "id": "Service", + "path": "aws-ecs-integ-enable-execute-command/EC2Service/Service", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Service", + "aws:cdk:cloudformation:props": { + "cluster": { + "Ref": "EC2CPClusterD5F0FD32" + }, + "deploymentConfiguration": { + "maximumPercent": 200, + "minimumHealthyPercent": 50 + }, + "enableEcsManagedTags": false, + "enableExecuteCommand": true, + "launchType": "EC2", + "schedulingStrategy": "REPLICA", + "taskDefinition": { + "Ref": "TaskDef54694570" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnService", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Ec2Service", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-ecs-integ-enable-execute-command/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-ecs-integ-enable-execute-command/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "enable-execute-command-test": { + "id": "enable-execute-command-test", + "path": "enable-execute-command-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "enable-execute-command-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "enable-execute-command-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "enable-execute-command-test/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "enable-execute-command-test/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "enable-execute-command-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.ts new file mode 100644 index 0000000000000..daf79843ebfb2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.enable-execute-command.ts @@ -0,0 +1,66 @@ + +import * as autoscaling from 'aws-cdk-lib/aws-autoscaling'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as cdk from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as ecs from 'aws-cdk-lib/aws-ecs'; + +const app = new cdk.App({ + postCliContext: { + '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': true, + }, +}); +const stack = new cdk.Stack(app, 'aws-ecs-integ-enable-execute-command'); + +const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2 }); + +const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef'); + +taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + memoryReservationMiB: 256, + portMappings: [ + { + containerPort: 80, + hostPort: 8080, + protocol: ecs.Protocol.TCP, + }, + ], +}); + +const execBucket = new s3.Bucket(stack, 'EcsExecBucket'); + +const cp = new ecs.AsgCapacityProvider(stack, 'EC2CapacityProvider', { + autoScalingGroup: new autoscaling.AutoScalingGroup(stack, 'ASG', { + vpc, + instanceType: new ec2.InstanceType('t2.micro'), + machineImage: ecs.EcsOptimizedImage.amazonLinux2(), + }), + // This is to allow cdk destroy to work; otherwise deletion will hang bc ASG cannot be deleted + enableManagedTerminationProtection: false, +}); + +const cluster = new ecs.Cluster(stack, 'EC2CPCluster', { + vpc, + executeCommandConfiguration: { + logConfiguration: { + s3Bucket: execBucket, + s3EncryptionEnabled: true, + s3KeyPrefix: 'exec-output', + }, + logging: ecs.ExecuteCommandLogging.OVERRIDE, + }, +}); +cluster.addAsgCapacityProvider(cp); + +new ecs.Ec2Service(stack, 'EC2Service', { + cluster, + taskDefinition, + enableExecuteCommand: true, +}); + +new integ.IntegTest(app, 'enable-execute-command-test', { + testCases: [stack], +}); +app.synth(); \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.assets.json new file mode 100644 index 0000000000000..2954aa1e7e6f0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.24", + "files": { + "8ab1b60d42154f4ec9905f5060f143bcacbf671faae37e3f0fd8da43dc8515b2": { + "source": { + "path": "aws-ecs-integ-enable-execute-command.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "8ab1b60d42154f4ec9905f5060f143bcacbf671faae37e3f0fd8da43dc8515b2.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.template.json new file mode 100644 index 0000000000000..d7885f3ffdd1e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/aws-ecs-integ-enable-execute-command.template.json @@ -0,0 +1,702 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1RouteTableAssociation97140677" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet2EIP3C605A87": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2NATGateway9182C01D": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet2EIP3C605A87", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTableAssociationDD5762D8" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-enable-execute-command/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "KmsKey46693ADD": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "EcsExecBucket4F468651": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::GetAtt": [ + "KmsKey46693ADD", + "Arn" + ] + }, + "SSEAlgorithm": "aws:kms" + } + } + ] + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "FargateCluster7CCD5F93": { + "Type": "AWS::ECS::Cluster", + "Properties": { + "Configuration": { + "ExecuteCommandConfiguration": { + "KmsKeyId": { + "Fn::GetAtt": [ + "KmsKey46693ADD", + "Arn" + ] + }, + "LogConfiguration": { + "S3BucketName": { + "Ref": "EcsExecBucket4F468651" + }, + "S3EncryptionEnabled": true, + "S3KeyPrefix": "exec-output" + }, + "Logging": "OVERRIDE" + } + } + } + }, + "TaskDefTaskRole1EDB4A67": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TaskDefTaskRoleDefaultPolicyA592CB18": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucketLocation", + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "KmsKey46693ADD", + "Arn" + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Ref": "EcsExecBucket4F468651" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:GetEncryptionConfiguration", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Ref": "EcsExecBucket4F468651" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "TaskDefTaskRoleDefaultPolicyA592CB18", + "Roles": [ + { + "Ref": "TaskDefTaskRole1EDB4A67" + } + ] + } + }, + "TaskDef54694570": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Essential": true, + "HealthCheck": { + "Command": [ + "CMD-SHELL", + "curl localhost:8000" + ], + "Interval": 60, + "Retries": 3, + "Timeout": 40 + }, + "Image": "amazon/amazon-ecs-sample", + "Name": "web" + } + ], + "Cpu": "256", + "Family": "awsecsintegenableexecutecommandTaskDefE1A02A6B", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "FargateServiceAC2B3B85": { + "Type": "AWS::ECS::Service", + "Properties": { + "Cluster": { + "Ref": "FargateCluster7CCD5F93" + }, + "DeploymentConfiguration": { + "MaximumPercent": 200, + "MinimumHealthyPercent": 50 + }, + "EnableECSManagedTags": false, + "EnableExecuteCommand": true, + "LaunchType": "FARGATE", + "NetworkConfiguration": { + "AwsvpcConfiguration": { + "AssignPublicIp": "DISABLED", + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "FargateServiceSecurityGroup0A0E79CB", + "GroupId" + ] + } + ], + "Subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + } + }, + "TaskDefinition": { + "Ref": "TaskDef54694570" + } + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + }, + "FargateServiceSecurityGroup0A0E79CB": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-ecs-integ-enable-execute-command/FargateService/SecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "DependsOn": [ + "TaskDefTaskRoleDefaultPolicyA592CB18", + "TaskDefTaskRole1EDB4A67" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/cdk.out new file mode 100644 index 0000000000000..4efaa16f29af9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.24"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets.json new file mode 100644 index 0000000000000..7f0719e1c6254 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.24", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/enableexecutecommandtestDefaultTestDeployAssertDF06DF37.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/integ.json new file mode 100644 index 0000000000000..cc9bfd026067b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/integ.json @@ -0,0 +1,20 @@ +{ + "version": "36.0.24", + "testCases": { + "enable-execute-command-test/DefaultTest": { + "stacks": [ + "aws-ecs-integ-enable-execute-command" + ], + "diffAssets": true, + "cdkCommandOptions": { + "deploy": { + "args": { + "rollback": true + } + } + }, + "assertionStack": "enable-execute-command-test/DefaultTest/DeployAssert", + "assertionStackName": "enableexecutecommandtestDefaultTestDeployAssertDF06DF37" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/manifest.json new file mode 100644 index 0000000000000..a620b5542e53f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/manifest.json @@ -0,0 +1,293 @@ +{ + "version": "36.0.24", + "artifacts": { + "aws-ecs-integ-enable-execute-command.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-ecs-integ-enable-execute-command.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-ecs-integ-enable-execute-command": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-ecs-integ-enable-execute-command.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/8ab1b60d42154f4ec9905f5060f143bcacbf671faae37e3f0fd8da43dc8515b2.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-ecs-integ-enable-execute-command.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-ecs-integ-enable-execute-command.assets" + ], + "metadata": { + "/aws-ecs-integ-enable-execute-command/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1EIPD7E02669" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1NATGateway4D7517AA" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2EIP3C605A87" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2NATGateway9182C01D" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1Subnet536B997A" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableB2C5B500" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableAssociation70C59FA6" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1DefaultRouteBE02A9ED" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableA678073B" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2DefaultRoute060D2087" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/aws-ecs-integ-enable-execute-command/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/aws-ecs-integ-enable-execute-command/KmsKey/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "KmsKey46693ADD" + } + ], + "/aws-ecs-integ-enable-execute-command/EcsExecBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EcsExecBucket4F468651" + } + ], + "/aws-ecs-integ-enable-execute-command/FargateCluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "FargateCluster7CCD5F93" + } + ], + "/aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefTaskRole1EDB4A67" + } + ], + "/aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefTaskRoleDefaultPolicyA592CB18" + } + ], + "/aws-ecs-integ-enable-execute-command/TaskDef/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDef54694570" + } + ], + "/aws-ecs-integ-enable-execute-command/FargateService/Service": [ + { + "type": "aws:cdk:logicalId", + "data": "FargateServiceAC2B3B85" + } + ], + "/aws-ecs-integ-enable-execute-command/FargateService/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "FargateServiceSecurityGroup0A0E79CB" + } + ], + "/aws-ecs-integ-enable-execute-command/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-ecs-integ-enable-execute-command/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-ecs-integ-enable-execute-command" + }, + "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "enableexecutecommandtestDefaultTestDeployAssertDF06DF37": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "enableexecutecommandtestDefaultTestDeployAssertDF06DF37.assets" + ], + "metadata": { + "/enable-execute-command-test/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/enable-execute-command-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "enable-execute-command-test/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/tree.json new file mode 100644 index 0000000000000..1379657206ef3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.js.snapshot/tree.json @@ -0,0 +1,1165 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-ecs-integ-enable-execute-command": { + "id": "aws-ecs-integ-enable-execute-command", + "path": "aws-ecs-integ-enable-execute-command", + "children": { + "Vpc": { + "id": "Vpc", + "path": "aws-ecs-integ-enable-execute-command/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet2EIP3C605A87", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-ecs-integ-enable-execute-command/Vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "aws-ecs-integ-enable-execute-command/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-ecs-integ-enable-execute-command/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "aws-ecs-integ-enable-execute-command/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "KmsKey": { + "id": "KmsKey", + "path": "aws-ecs-integ-enable-execute-command/KmsKey", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/KmsKey/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "EcsExecBucket": { + "id": "EcsExecBucket", + "path": "aws-ecs-integ-enable-execute-command/EcsExecBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/EcsExecBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "aws:kms", + "kmsMasterKeyId": { + "Fn::GetAtt": [ + "KmsKey46693ADD", + "Arn" + ] + } + } + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "FargateCluster": { + "id": "FargateCluster", + "path": "aws-ecs-integ-enable-execute-command/FargateCluster", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/FargateCluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Cluster", + "aws:cdk:cloudformation:props": { + "configuration": { + "executeCommandConfiguration": { + "kmsKeyId": { + "Fn::GetAtt": [ + "KmsKey46693ADD", + "Arn" + ] + }, + "logConfiguration": { + "s3BucketName": { + "Ref": "EcsExecBucket4F468651" + }, + "s3EncryptionEnabled": true, + "s3KeyPrefix": "exec-output" + }, + "logging": "OVERRIDE" + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnCluster", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Cluster", + "version": "0.0.0" + } + }, + "TaskDef": { + "id": "TaskDef", + "path": "aws-ecs-integ-enable-execute-command/TaskDef", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/TaskRole", + "children": { + "ImportTaskRole": { + "id": "ImportTaskRole", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/ImportTaskRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/TaskRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucketLocation", + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "KmsKey46693ADD", + "Arn" + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Ref": "EcsExecBucket4F468651" + }, + "/*" + ] + ] + } + }, + { + "Action": "s3:GetEncryptionConfiguration", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Ref": "EcsExecBucket4F468651" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "TaskDefTaskRoleDefaultPolicyA592CB18", + "roles": [ + { + "Ref": "TaskDefTaskRole1EDB4A67" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "essential": true, + "image": "amazon/amazon-ecs-sample", + "name": "web", + "healthCheck": { + "command": [ + "CMD-SHELL", + "curl localhost:8000" + ], + "interval": 60, + "retries": 3, + "timeout": 40 + } + } + ], + "cpu": "256", + "family": "awsecsintegenableexecutecommandTaskDefE1A02A6B", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "0.0.0" + } + }, + "web": { + "id": "web", + "path": "aws-ecs-integ-enable-execute-command/TaskDef/web", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "0.0.0" + } + }, + "FargateService": { + "id": "FargateService", + "path": "aws-ecs-integ-enable-execute-command/FargateService", + "children": { + "Service": { + "id": "Service", + "path": "aws-ecs-integ-enable-execute-command/FargateService/Service", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Service", + "aws:cdk:cloudformation:props": { + "cluster": { + "Ref": "FargateCluster7CCD5F93" + }, + "deploymentConfiguration": { + "maximumPercent": 200, + "minimumHealthyPercent": 50 + }, + "enableEcsManagedTags": false, + "enableExecuteCommand": true, + "launchType": "FARGATE", + "networkConfiguration": { + "awsvpcConfiguration": { + "assignPublicIp": "DISABLED", + "subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "securityGroups": [ + { + "Fn::GetAtt": [ + "FargateServiceSecurityGroup0A0E79CB", + "GroupId" + ] + } + ] + } + }, + "taskDefinition": { + "Ref": "TaskDef54694570" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnService", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-ecs-integ-enable-execute-command/FargateService/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-ecs-integ-enable-execute-command/FargateService/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-ecs-integ-enable-execute-command/FargateService/SecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateService", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-ecs-integ-enable-execute-command/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-ecs-integ-enable-execute-command/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "enable-execute-command-test": { + "id": "enable-execute-command-test", + "path": "enable-execute-command-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "enable-execute-command-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "enable-execute-command-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "enable-execute-command-test/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "enable-execute-command-test/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "enable-execute-command-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.ts new file mode 100644 index 0000000000000..ecf39f103f62b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.enable-execute-command.ts @@ -0,0 +1,64 @@ +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as cdk from 'aws-cdk-lib'; +import { Duration } from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as ecs from 'aws-cdk-lib/aws-ecs'; + +const app = new cdk.App({ + postCliContext: { + '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': true, + }, +}); +const stack = new cdk.Stack(app, 'aws-ecs-integ-enable-execute-command'); + +const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); + +const kmsKey = new kms.Key(stack, 'KmsKey'); + +const execBucket = new s3.Bucket(stack, 'EcsExecBucket', { + encryptionKey: kmsKey, +}); + +const cluster = new ecs.Cluster(stack, 'FargateCluster', { + vpc, + executeCommandConfiguration: { + kmsKey, + logConfiguration: { + s3Bucket: execBucket, + s3EncryptionEnabled: true, + s3KeyPrefix: 'exec-output', + }, + logging: ecs.ExecuteCommandLogging.OVERRIDE, + }, +}); + +const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef'); + +taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + healthCheck: { + command: ['CMD-SHELL', 'curl localhost:8000'], + interval: Duration.seconds(60), + timeout: Duration.seconds(40), + }, +}); + +new ecs.FargateService(stack, 'FargateService', { + cluster, + taskDefinition, + enableExecuteCommand: true, +}); + +new integ.IntegTest(app, 'enable-execute-command-test', { + testCases: [stack], + diffAssets: true, + cdkCommandOptions: { + deploy: { + args: { + rollback: true, + }, + }, + }, +}); diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts index 1277bd682013f..c738279822b0a 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts @@ -1,7 +1,7 @@ import { CfnIdentityPool, - UserPool, - UserPoolClient, + IUserPool, + IUserPoolClient, } from 'aws-cdk-lib/aws-cognito'; import { IOpenIdConnectProvider, @@ -158,7 +158,7 @@ export class IdentityPoolProviderUrl { } /** User Pool Provider Url */ - public static userPool(userPool: UserPool, userPoolClient: UserPoolClient): IdentityPoolProviderUrl { + public static userPool(userPool: IUserPool, userPoolClient: IUserPoolClient): IdentityPoolProviderUrl { const url = `${userPool.userPoolProviderName}:${userPoolClient.userPoolClientId}`; return new IdentityPoolProviderUrl(IdentityPoolProviderType.USER_POOL, url); } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts index 417c848c4407f..d7864e97cfb3f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts @@ -3,6 +3,7 @@ import { } from 'aws-cdk-lib/assertions'; import { UserPool, + UserPoolClient, UserPoolIdentityProvider, } from 'aws-cdk-lib/aws-cognito'; import { @@ -728,4 +729,39 @@ describe('role mappings', () => { }, }); }); + + test('role mapping with an imported user pool and client', () => { + const stack = new Stack(); + const importedPool = UserPool.fromUserPoolArn(stack, 'ImportedPool', 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); + const importedClient = UserPoolClient.fromUserPoolClientId(stack, 'ImportedPoolClient', 'client-id'); + new IdentityPool(stack, 'TestIdentityPoolRoleMappingRules', { + roleMappings: [{ + mappingKey: 'cognito', + providerUrl: IdentityPoolProviderUrl.userPool(importedPool, importedClient), + useToken: true, + }], + }); + const temp = Template.fromStack(stack); + temp.resourceCountIs('AWS::Cognito::IdentityPoolRoleAttachment', 1); + temp.hasResourceProperties('AWS::Cognito::IdentityPoolRoleAttachment', { + IdentityPoolId: { + Ref: 'TestIdentityPoolRoleMappingRulesC8C07BC3', + }, + RoleMappings: { + cognito: { + IdentityProvider: { + 'Fn::Join': [ + '', + [ + 'cognito-idp.us-east-1.', + { Ref: 'AWS::URLSuffix' }, + '/test-user-pool:client-id', + ], + ], + }, + Type: 'Token', + }, + }, + }); + }); }); diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out index 588d7b269d34f..4efaa16f29af9 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"36.0.24"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json index 2d422e5ff0227..c1102a1836ed7 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json @@ -1,7 +1,7 @@ { - "version": "20.0.0", + "version": "36.0.24", "files": { - "ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850": { + "95c3270b9957ed0d53e5665bfe7322f80c61e9fecf25b42cd297caf6bee04ddf": { "source": { "path": "integ-identitypool.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850.json", + "objectKey": "95c3270b9957ed0d53e5665bfe7322f80c61e9fecf25b42cd297caf6bee04ddf.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json index 2b238e357aaa4..a9e51577a8bd5 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json @@ -34,9 +34,6 @@ "PooltestClientFE8D4935": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { - "UserPoolId": { - "Ref": "PoolD3F588B8" - }, "AllowedOAuthFlows": [ "implicit", "code" @@ -57,17 +54,15 @@ "Ref": "PoolProviderGoogle76A1E8D0" }, "COGNITO" - ] + ], + "UserPoolId": { + "Ref": "PoolD3F588B8" + } } }, "PoolProviderGoogle76A1E8D0": { "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { - "ProviderName": "Google", - "ProviderType": "Google", - "UserPoolId": { - "Ref": "PoolD3F588B8" - }, "AttributeMapping": { "given_name": "given_name", "family_name": "family_name", @@ -79,6 +74,11 @@ "client_id": "google-client-id", "client_secret": "google-client-secret", "authorize_scopes": "profile" + }, + "ProviderName": "Google", + "ProviderType": "Google", + "UserPoolId": { + "Ref": "PoolD3F588B8" } } }, @@ -116,9 +116,6 @@ "OtherPoolUserPoolAuthenticationProviderClient08F670F8": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { - "UserPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "AllowedOAuthFlows": [ "implicit", "code" @@ -139,17 +136,15 @@ "Ref": "OtherPoolProviderAmazon4EB0592F" }, "COGNITO" - ] + ], + "UserPoolId": { + "Ref": "OtherPool7DA7F2F7" + } } }, "OtherPoolProviderAmazon4EB0592F": { "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { - "ProviderName": "LoginWithAmazon", - "ProviderType": "LoginWithAmazon", - "UserPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "AttributeMapping": { "given_name": "name", "email": "email", @@ -159,14 +154,76 @@ "client_id": "amzn-client-id", "client_secret": "amzn-client-secret", "authorize_scopes": "profile" + }, + "ProviderName": "LoginWithAmazon", + "ProviderType": "LoginWithAmazon", + "UserPoolId": { + "Ref": "OtherPool7DA7F2F7" + } + } + }, + "UserPoolToImport1A7C21D3": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "UserPoolToImportclientToImport6885CDF7": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "UserPoolToImport1A7C21D3" } } }, "identitypoolE2A6D099": { "Type": "AWS::Cognito::IdentityPool", "Properties": { - "AllowUnauthenticatedIdentities": false, "AllowClassicFlow": true, + "AllowUnauthenticatedIdentities": false, "CognitoIdentityProviders": [ { "ClientId": { @@ -193,6 +250,54 @@ }, "ServerSideTokenCheck": true }, + { + "ClientId": { + "Ref": "UserPoolToImportclientToImport6885CDF7" + }, + "ProviderName": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } + ] + } + ] + ] + }, + "ServerSideTokenCheck": true + }, { "ClientId": { "Ref": "OtherPoolUserPoolAuthenticationProviderClient08F670F8" @@ -407,6 +512,69 @@ ] }, "Type": "Token" + }, + "importedUserPool": { + "AmbiguousRoleResolution": "Deny", + "IdentityProvider": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } + ] + }, + ":", + { + "Ref": "UserPoolToImportclientToImport6885CDF7" + } + ] + ] + }, + "Type": "Token" } }, "Roles": { diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json index 835feb143da7e..a6da93ace5e11 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "36.0.24", "testCases": { "integ.identitypool": { "stacks": [ diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json index abaafd1395aee..143493c68d4b7 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "36.0.24", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "integ-identitypool.assets": { "type": "cdk:asset-manifest", "properties": { @@ -20,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "integ-identitypool.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/95c3270b9957ed0d53e5665bfe7322f80c61e9fecf25b42cd297caf6bee04ddf.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -75,6 +70,18 @@ "data": "OtherPoolProviderAmazon4EB0592F" } ], + "/integ-identitypool/UserPoolToImport/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UserPoolToImport1A7C21D3" + } + ], + "/integ-identitypool/UserPoolToImport/clientToImport/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UserPoolToImportclientToImport6885CDF7" + } + ], "/integ-identitypool/identitypool/Resource": [ { "type": "aws:cdk:logicalId", @@ -122,18 +129,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "PoolUserPoolAuthenticationProviderClient20F2FFC4": [ - { - "type": "aws:cdk:logicalId", - "data": "PoolUserPoolAuthenticationProviderClient20F2FFC4", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "integ-identitypool" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json index fe5732fa13788..4f98d36a67bea 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "integ-identitypool": { "id": "integ-identitypool", "path": "integ-identitypool", @@ -53,7 +45,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPool", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", "version": "0.0.0" } }, @@ -67,9 +59,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { - "userPoolId": { - "Ref": "PoolD3F588B8" - }, "allowedOAuthFlows": [ "implicit", "code" @@ -90,23 +79,26 @@ "Ref": "PoolProviderGoogle76A1E8D0" }, "COGNITO" - ] + ], + "userPoolId": { + "Ref": "PoolD3F588B8" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPool", + "fqn": "aws-cdk-lib.aws_cognito.UserPool", "version": "0.0.0" } }, @@ -120,11 +112,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { - "providerName": "Google", - "providerType": "Google", - "userPoolId": { - "Ref": "PoolD3F588B8" - }, "attributeMapping": { "given_name": "given_name", "family_name": "family_name", @@ -136,17 +123,22 @@ "client_id": "google-client-id", "client_secret": "google-client-secret", "authorize_scopes": "profile" + }, + "providerName": "Google", + "providerType": "Google", + "userPoolId": { + "Ref": "PoolD3F588B8" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolIdentityProvider", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolIdentityProvider", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolIdentityProviderGoogle", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderGoogle", "version": "0.0.0" } }, @@ -187,7 +179,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPool", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", "version": "0.0.0" } }, @@ -201,9 +193,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { - "userPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "allowedOAuthFlows": [ "implicit", "code" @@ -224,23 +213,26 @@ "Ref": "OtherPoolProviderAmazon4EB0592F" }, "COGNITO" - ] + ], + "userPoolId": { + "Ref": "OtherPool7DA7F2F7" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPool", + "fqn": "aws-cdk-lib.aws_cognito.UserPool", "version": "0.0.0" } }, @@ -254,11 +246,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { - "providerName": "LoginWithAmazon", - "providerType": "LoginWithAmazon", - "userPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "attributeMapping": { "given_name": "name", "email": "email", @@ -268,17 +255,129 @@ "client_id": "amzn-client-id", "client_secret": "amzn-client-secret", "authorize_scopes": "profile" + }, + "providerName": "LoginWithAmazon", + "providerType": "LoginWithAmazon", + "userPoolId": { + "Ref": "OtherPool7DA7F2F7" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolIdentityProvider", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolIdentityProvider", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolIdentityProviderAmazon", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderAmazon", + "version": "0.0.0" + } + }, + "UserPoolToImport": { + "id": "UserPoolToImport", + "path": "integ-identitypool/UserPoolToImport", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-identitypool/UserPoolToImport/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", + "version": "0.0.0" + } + }, + "clientToImport": { + "id": "clientToImport", + "path": "integ-identitypool/UserPoolToImport/clientToImport", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-identitypool/UserPoolToImport/clientToImport/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "UserPoolToImport1A7C21D3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.UserPool", + "version": "0.0.0" + } + }, + "ImportedUserPool": { + "id": "ImportedUserPool", + "path": "integ-identitypool/ImportedUserPool", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "ImportedUserPoolClient": { + "id": "ImportedUserPoolClient", + "path": "integ-identitypool/ImportedUserPoolClient", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -292,8 +391,8 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::IdentityPool", "aws:cdk:cloudformation:props": { - "allowUnauthenticatedIdentities": false, "allowClassicFlow": true, + "allowUnauthenticatedIdentities": false, "cognitoIdentityProviders": [ { "clientId": { @@ -320,6 +419,54 @@ }, "serverSideTokenCheck": true }, + { + "clientId": { + "Ref": "UserPoolToImportclientToImport6885CDF7" + }, + "providerName": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } + ] + } + ] + ] + }, + "serverSideTokenCheck": true + }, { "clientId": { "Ref": "OtherPoolUserPoolAuthenticationProviderClient08F670F8" @@ -354,7 +501,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnIdentityPool", + "fqn": "aws-cdk-lib.aws_cognito.CfnIdentityPool", "version": "0.0.0" } }, @@ -362,6 +509,14 @@ "id": "AuthenticatedRole", "path": "integ-identitypool/identitypool/AuthenticatedRole", "children": { + "ImportAuthenticatedRole": { + "id": "ImportAuthenticatedRole", + "path": "integ-identitypool/identitypool/AuthenticatedRole/ImportAuthenticatedRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "integ-identitypool/identitypool/AuthenticatedRole/Resource", @@ -407,7 +562,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -440,19 +595,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -460,6 +615,14 @@ "id": "UnauthenticatedRole", "path": "integ-identitypool/identitypool/UnauthenticatedRole", "children": { + "ImportUnauthenticatedRole": { + "id": "ImportUnauthenticatedRole", + "path": "integ-identitypool/identitypool/UnauthenticatedRole/ImportUnauthenticatedRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "integ-identitypool/identitypool/UnauthenticatedRole/Resource", @@ -505,7 +668,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -538,19 +701,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -588,6 +751,69 @@ ] ] } + }, + "importedUserPool": { + "ambiguousRoleResolution": "Deny", + "type": "Token", + "identityProvider": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } + ] + }, + ":", + { + "Ref": "UserPoolToImportclientToImport6885CDF7" + } + ] + ] + } } }, "roles": { @@ -607,32 +833,56 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnIdentityPoolRoleAttachment", + "fqn": "aws-cdk-lib.aws_cognito.CfnIdentityPoolRoleAttachment", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito-identitypool.IdentityPoolRoleAttachment", + "fqn": "@aws-cdk/aws-cognito-identitypool-alpha.IdentityPoolRoleAttachment", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito-identitypool.IdentityPool", + "fqn": "@aws-cdk/aws-cognito-identitypool-alpha.IdentityPool", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-identitypool/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-identitypool/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts index e2d1ff3b4528c..02e2aaa8069ec 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts @@ -3,6 +3,7 @@ import { UserPoolIdentityProviderGoogle, UserPoolIdentityProviderAmazon, ProviderAttribute, + UserPoolClient, } from 'aws-cdk-lib/aws-cognito'; import { Effect, @@ -52,10 +53,15 @@ new UserPoolIdentityProviderAmazon(stack, 'OtherPoolProviderAmazon', { }, }); const client = userPool.addClient('testClient'); +const userPoolToImport = new UserPool(stack, 'UserPoolToImport'); +const clientToImport = userPoolToImport.addClient('clientToImport'); +const importedUserPool = UserPool.fromUserPoolArn(stack, 'ImportedUserPool', userPoolToImport.userPoolArn); +const importedUserPoolClient = UserPoolClient.fromUserPoolClientId(stack, 'ImportedUserPoolClient', clientToImport.userPoolClientId); const provider = new UserPoolAuthenticationProvider({ userPool, userPoolClient: client }); +const importedProvider = new UserPoolAuthenticationProvider({ userPool: importedUserPool, userPoolClient: importedUserPoolClient }); const idPool = new IdentityPool(stack, 'identitypool', { authenticationProviders: { - userPools: [provider], + userPools: [provider, importedProvider], amazon: { appId: 'amzn1.application.12312k3j234j13rjiwuenf' }, google: { clientId: '12345678012.apps.googleusercontent.com' }, }, @@ -65,6 +71,11 @@ const idPool = new IdentityPool(stack, 'identitypool', { providerUrl: IdentityPoolProviderUrl.userPool(userPool, client), useToken: true, }, + { + mappingKey: 'importedUserPool', + providerUrl: IdentityPoolProviderUrl.userPool(importedUserPool, importedUserPoolClient), + useToken: true, + }, ], allowClassicFlow: true, identityPoolName: 'my-id-pool', diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/route.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/route.ts index 64ec3932aa03e..ad098d68cf950 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/route.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/route.ts @@ -1,5 +1,5 @@ import { CfnEIP, CfnEgressOnlyInternetGateway, CfnInternetGateway, CfnNatGateway, CfnRoute, CfnRouteTable, CfnVPCGatewayAttachment, CfnVPNGateway, CfnVPNGatewayRoutePropagation, GatewayVpcEndpoint, IRouteTable, IVpcEndpoint, RouterType } from 'aws-cdk-lib/aws-ec2'; -import { Construct, IConstruct, IDependable } from 'constructs'; +import { Construct, IDependable } from 'constructs'; import { Annotations, Duration, IResource, Resource } from 'aws-cdk-lib/core'; import { IVpcV2, VPNGatewayV2Options } from './vpc-v2-base'; import { NetworkUtils, allRouteTableIds } from './util'; @@ -456,7 +456,7 @@ export class RouteTargetType { /** * Interface to define a route. */ -export interface IRoute extends IConstruct, IResource { +export interface IRouteV2 extends IResource { /** * The ID of the route table for the route. * @attribute routeTable @@ -512,7 +512,7 @@ export interface RouteProps { * Creates a new route with added functionality. * @resource AWS::EC2::Route */ -export class Route extends Resource implements IRoute, IDependable { +export class Route extends Resource implements IRouteV2 { /** * The IPv4 or IPv6 CIDR block used for the destination match. * diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/README.md b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/README.md index 4dccb1716255f..49a6d1fe10d1c 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/README.md +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/README.md @@ -46,7 +46,7 @@ const flinkApp = new flink.Application(this, 'Application', { }, }, // ... - runtime: flink.Runtime.FLINK_1_19, + runtime: flink.Runtime.FLINK_1_20, code: flink.ApplicationCode.fromBucket(bucket, 'my-app.jar'), }); ``` @@ -59,7 +59,7 @@ snapshotting, monitoring, and parallelism. declare const bucket: s3.Bucket; const flinkApp = new flink.Application(this, 'Application', { code: flink.ApplicationCode.fromBucket(bucket, 'my-app.jar'), - runtime: flink.Runtime.FLINK_1_19, + runtime: flink.Runtime.FLINK_1_20, checkpointingEnabled: true, // default is true checkpointInterval: Duration.seconds(30), // default is 1 minute minPauseBetweenCheckpoints: Duration.seconds(10), // default is 5 seconds @@ -80,7 +80,7 @@ declare const bucket: s3.Bucket; declare const vpc: ec2.Vpc; const flinkApp = new flink.Application(this, 'Application', { code: flink.ApplicationCode.fromBucket(bucket, 'my-app.jar'), - runtime: flink.Runtime.FLINK_1_19, + runtime: flink.Runtime.FLINK_1_20, vpc, }); ``` diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/lib/types.ts b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/lib/types.ts index 6e4dad7da8ea9..024d8f2496923 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/lib/types.ts +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/lib/types.ts @@ -72,6 +72,9 @@ export class Runtime { /** Flink Version 1.19 */ public static readonly FLINK_1_19 = Runtime.of('FLINK-1_19'); + /** Flink Version 1.20 */ + public static readonly FLINK_1_20 = Runtime.of('FLINK-1_20'); + /** Create a new Runtime with with an arbitrary Flink version string */ public static of(value: string) { return new Runtime(value); diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/application.test.ts b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/application.test.ts index e9323c26d3fef..3f4d4a4224d0a 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/application.test.ts +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/application.test.ts @@ -21,21 +21,32 @@ describe('Application', () => { stack = new core.Stack(); bucket = new s3.Bucket(stack, 'CodeBucket'); requiredProps = { - runtime: flink.Runtime.FLINK_1_19, + runtime: flink.Runtime.FLINK_1_20, code: flink.ApplicationCode.fromBucket(bucket, 'my-app.jar'), }; }); - test('default Flink Application', () => { + const flinkRuntimes = [ + flink.Runtime.FLINK_1_6, + flink.Runtime.FLINK_1_8, + flink.Runtime.FLINK_1_11, + flink.Runtime.FLINK_1_13, + flink.Runtime.FLINK_1_15, + flink.Runtime.FLINK_1_18, + flink.Runtime.FLINK_1_19, + flink.Runtime.FLINK_1_20, + ]; + + test.each(flinkRuntimes)('Flink Application with %s', (runtime) => { new flink.Application(stack, 'FlinkApplication', { - runtime: flink.Runtime.FLINK_1_19, + runtime, code: flink.ApplicationCode.fromBucket(bucket, 'my-app.jar'), applicationName: 'MyFlinkApplication', }); Template.fromStack(stack).hasResourceProperties('AWS::KinesisAnalyticsV2::Application', { ApplicationName: 'MyFlinkApplication', - RuntimeEnvironment: 'FLINK-1_19', + RuntimeEnvironment: runtime.value, ServiceExecutionRole: { 'Fn::GetAtt': [ 'FlinkApplicationRole2F7BCBF6', diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/ApplicationTestDefaultTestDeployAssertF9C5F731.assets.json b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/ApplicationTestDefaultTestDeployAssertF9C5F731.assets.json new file mode 100644 index 0000000000000..953b9c1586861 --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/ApplicationTestDefaultTestDeployAssertF9C5F731.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "ApplicationTestDefaultTestDeployAssertF9C5F731.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/ApplicationTestDefaultTestDeployAssertF9C5F731.template.json b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/ApplicationTestDefaultTestDeployAssertF9C5F731.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/ApplicationTestDefaultTestDeployAssertF9C5F731.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.assets.json b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.assets.json index dce3d0ca52cd9..74f371abf38d8 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.assets.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577": { "source": { @@ -14,7 +14,7 @@ } } }, - "1c62c36f9601016c7fec8f26431c7c7438490b95747135095f9af7ecd84ddb1d": { + "539ea479a53381b85109d0220f8067dd583db122c2272078f2e00d541ee3738d": { "source": { "path": "FlinkAppTest.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "1c62c36f9601016c7fec8f26431c7c7438490b95747135095f9af7ecd84ddb1d.json", + "objectKey": "539ea479a53381b85109d0220f8067dd583db122c2272078f2e00d541ee3738d.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.template.json b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.template.json index e818a2566e993..922954d200785 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.template.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.template.json @@ -1,6 +1,6 @@ { "Resources": { - "AppRole1AF9B530": { + "AppFLINK16RoleA21DF652": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -17,7 +17,7 @@ } } }, - "AppRoleDefaultPolicy9CADBAA1": { + "AppFLINK16RoleDefaultPolicy312C949D": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -97,7 +97,7 @@ "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "AppLogGroupC72EEC8C", + "AppFLINK16LogGroup6709DAA8", "Arn" ] } @@ -123,11 +123,11 @@ }, ":log-group:", { - "Ref": "AppLogGroupC72EEC8C" + "Ref": "AppFLINK16LogGroup6709DAA8" }, ":log-stream:", { - "Ref": "AppLogStream3CAF66A7" + "Ref": "AppFLINK16LogStream203A3C4A" } ] ] @@ -136,15 +136,1605 @@ ], "Version": "2012-10-17" }, - "PolicyName": "AppRoleDefaultPolicy9CADBAA1", + "PolicyName": "AppFLINK16RoleDefaultPolicy312C949D", "Roles": [ { - "Ref": "AppRole1AF9B530" + "Ref": "AppFLINK16RoleA21DF652" } ] } }, - "AppF1B96344": { + "AppFLINK16C87388A5": { + "Type": "AWS::KinesisAnalyticsV2::Application", + "Properties": { + "ApplicationConfiguration": { + "ApplicationCodeConfiguration": { + "CodeContent": { + "S3ContentLocation": { + "BucketARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "FileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "CodeContentType": "ZIPFILE" + }, + "ApplicationSnapshotConfiguration": { + "SnapshotsEnabled": true + } + }, + "RuntimeEnvironment": "FLINK-1_6", + "ServiceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK16RoleA21DF652", + "Arn" + ] + } + }, + "DependsOn": [ + "AppFLINK16RoleDefaultPolicy312C949D", + "AppFLINK16RoleA21DF652" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "AppFLINK16LogGroup6709DAA8": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK16LogStream203A3C4A": { + "Type": "AWS::Logs::LogStream", + "Properties": { + "LogGroupName": { + "Ref": "AppFLINK16LogGroup6709DAA8" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK16LoggingOption6A093E18": { + "Type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "Properties": { + "ApplicationName": { + "Ref": "AppFLINK16C87388A5" + }, + "CloudWatchLoggingOption": { + "LogStreamARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK16LogGroup6709DAA8" + }, + ":log-stream:", + { + "Ref": "AppFLINK16LogStream203A3C4A" + } + ] + ] + } + } + } + }, + "AlarmFLINK16629EC33E": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "Application", + "Value": { + "Ref": "AppFLINK16C87388A5" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "fullRestarts", + "Namespace": "AWS/KinesisAnalytics", + "Period": 300, + "Statistic": "Sum", + "Threshold": 3 + } + }, + "AppFLINK18RoleF2B5E704": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "AppFLINK18RoleDefaultPolicy3E0E376C": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK18LogGroupEC247BE6", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK18LogGroupEC247BE6" + }, + ":log-stream:", + { + "Ref": "AppFLINK18LogStream773D6792" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AppFLINK18RoleDefaultPolicy3E0E376C", + "Roles": [ + { + "Ref": "AppFLINK18RoleF2B5E704" + } + ] + } + }, + "AppFLINK18DFC0B750": { + "Type": "AWS::KinesisAnalyticsV2::Application", + "Properties": { + "ApplicationConfiguration": { + "ApplicationCodeConfiguration": { + "CodeContent": { + "S3ContentLocation": { + "BucketARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "FileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "CodeContentType": "ZIPFILE" + }, + "ApplicationSnapshotConfiguration": { + "SnapshotsEnabled": true + } + }, + "RuntimeEnvironment": "FLINK-1_8", + "ServiceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK18RoleF2B5E704", + "Arn" + ] + } + }, + "DependsOn": [ + "AppFLINK18RoleDefaultPolicy3E0E376C", + "AppFLINK18RoleF2B5E704" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "AppFLINK18LogGroupEC247BE6": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK18LogStream773D6792": { + "Type": "AWS::Logs::LogStream", + "Properties": { + "LogGroupName": { + "Ref": "AppFLINK18LogGroupEC247BE6" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK18LoggingOptionFA3821B9": { + "Type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "Properties": { + "ApplicationName": { + "Ref": "AppFLINK18DFC0B750" + }, + "CloudWatchLoggingOption": { + "LogStreamARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK18LogGroupEC247BE6" + }, + ":log-stream:", + { + "Ref": "AppFLINK18LogStream773D6792" + } + ] + ] + } + } + } + }, + "AlarmFLINK188AA6547E": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "Application", + "Value": { + "Ref": "AppFLINK18DFC0B750" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "fullRestarts", + "Namespace": "AWS/KinesisAnalytics", + "Period": 300, + "Statistic": "Sum", + "Threshold": 3 + } + }, + "AppFLINK111Role85754B20": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "AppFLINK111RoleDefaultPolicy76505541": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK111LogGroup8B96ECB4", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK111LogGroup8B96ECB4" + }, + ":log-stream:", + { + "Ref": "AppFLINK111LogStream9FBA643C" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AppFLINK111RoleDefaultPolicy76505541", + "Roles": [ + { + "Ref": "AppFLINK111Role85754B20" + } + ] + } + }, + "AppFLINK1115BD3FEB8": { + "Type": "AWS::KinesisAnalyticsV2::Application", + "Properties": { + "ApplicationConfiguration": { + "ApplicationCodeConfiguration": { + "CodeContent": { + "S3ContentLocation": { + "BucketARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "FileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "CodeContentType": "ZIPFILE" + }, + "ApplicationSnapshotConfiguration": { + "SnapshotsEnabled": true + } + }, + "RuntimeEnvironment": "FLINK-1_11", + "ServiceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK111Role85754B20", + "Arn" + ] + } + }, + "DependsOn": [ + "AppFLINK111RoleDefaultPolicy76505541", + "AppFLINK111Role85754B20" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "AppFLINK111LogGroup8B96ECB4": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK111LogStream9FBA643C": { + "Type": "AWS::Logs::LogStream", + "Properties": { + "LogGroupName": { + "Ref": "AppFLINK111LogGroup8B96ECB4" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK111LoggingOptionB868A248": { + "Type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "Properties": { + "ApplicationName": { + "Ref": "AppFLINK1115BD3FEB8" + }, + "CloudWatchLoggingOption": { + "LogStreamARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK111LogGroup8B96ECB4" + }, + ":log-stream:", + { + "Ref": "AppFLINK111LogStream9FBA643C" + } + ] + ] + } + } + } + }, + "AlarmFLINK111B1BFA12F": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "Application", + "Value": { + "Ref": "AppFLINK1115BD3FEB8" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "fullRestarts", + "Namespace": "AWS/KinesisAnalytics", + "Period": 300, + "Statistic": "Sum", + "Threshold": 3 + } + }, + "AppFLINK113RoleE0638828": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "AppFLINK113RoleDefaultPolicy701032C8": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK113LogGroupF5F42067", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK113LogGroupF5F42067" + }, + ":log-stream:", + { + "Ref": "AppFLINK113LogStream63C2732B" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AppFLINK113RoleDefaultPolicy701032C8", + "Roles": [ + { + "Ref": "AppFLINK113RoleE0638828" + } + ] + } + }, + "AppFLINK1138C7FE76E": { + "Type": "AWS::KinesisAnalyticsV2::Application", + "Properties": { + "ApplicationConfiguration": { + "ApplicationCodeConfiguration": { + "CodeContent": { + "S3ContentLocation": { + "BucketARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "FileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "CodeContentType": "ZIPFILE" + }, + "ApplicationSnapshotConfiguration": { + "SnapshotsEnabled": true + } + }, + "RuntimeEnvironment": "FLINK-1_13", + "ServiceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK113RoleE0638828", + "Arn" + ] + } + }, + "DependsOn": [ + "AppFLINK113RoleDefaultPolicy701032C8", + "AppFLINK113RoleE0638828" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "AppFLINK113LogGroupF5F42067": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK113LogStream63C2732B": { + "Type": "AWS::Logs::LogStream", + "Properties": { + "LogGroupName": { + "Ref": "AppFLINK113LogGroupF5F42067" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK113LoggingOption98F806DA": { + "Type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "Properties": { + "ApplicationName": { + "Ref": "AppFLINK1138C7FE76E" + }, + "CloudWatchLoggingOption": { + "LogStreamARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK113LogGroupF5F42067" + }, + ":log-stream:", + { + "Ref": "AppFLINK113LogStream63C2732B" + } + ] + ] + } + } + } + }, + "AlarmFLINK1136262934D": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "Application", + "Value": { + "Ref": "AppFLINK1138C7FE76E" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "fullRestarts", + "Namespace": "AWS/KinesisAnalytics", + "Period": 300, + "Statistic": "Sum", + "Threshold": 3 + } + }, + "AppFLINK115RoleD758509C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "AppFLINK115RoleDefaultPolicy402697BF": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK115LogGroupBACCAB69", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK115LogGroupBACCAB69" + }, + ":log-stream:", + { + "Ref": "AppFLINK115LogStreamD7900E5F" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AppFLINK115RoleDefaultPolicy402697BF", + "Roles": [ + { + "Ref": "AppFLINK115RoleD758509C" + } + ] + } + }, + "AppFLINK11548C6DD0B": { + "Type": "AWS::KinesisAnalyticsV2::Application", + "Properties": { + "ApplicationConfiguration": { + "ApplicationCodeConfiguration": { + "CodeContent": { + "S3ContentLocation": { + "BucketARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "FileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "CodeContentType": "ZIPFILE" + }, + "ApplicationSnapshotConfiguration": { + "SnapshotsEnabled": true + } + }, + "RuntimeEnvironment": "FLINK-1_15", + "ServiceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK115RoleD758509C", + "Arn" + ] + } + }, + "DependsOn": [ + "AppFLINK115RoleDefaultPolicy402697BF", + "AppFLINK115RoleD758509C" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "AppFLINK115LogGroupBACCAB69": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK115LogStreamD7900E5F": { + "Type": "AWS::Logs::LogStream", + "Properties": { + "LogGroupName": { + "Ref": "AppFLINK115LogGroupBACCAB69" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK115LoggingOption201B75CF": { + "Type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "Properties": { + "ApplicationName": { + "Ref": "AppFLINK11548C6DD0B" + }, + "CloudWatchLoggingOption": { + "LogStreamARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK115LogGroupBACCAB69" + }, + ":log-stream:", + { + "Ref": "AppFLINK115LogStreamD7900E5F" + } + ] + ] + } + } + } + }, + "AlarmFLINK1151BBA9866": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "Application", + "Value": { + "Ref": "AppFLINK11548C6DD0B" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "fullRestarts", + "Namespace": "AWS/KinesisAnalytics", + "Period": 300, + "Statistic": "Sum", + "Threshold": 3 + } + }, + "AppFLINK118Role1B878112": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "AppFLINK118RoleDefaultPolicy1D8097BB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK118LogGroupEF87F95A", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK118LogGroupEF87F95A" + }, + ":log-stream:", + { + "Ref": "AppFLINK118LogStreamAFAF3379" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AppFLINK118RoleDefaultPolicy1D8097BB", + "Roles": [ + { + "Ref": "AppFLINK118Role1B878112" + } + ] + } + }, + "AppFLINK118BEACE639": { + "Type": "AWS::KinesisAnalyticsV2::Application", + "Properties": { + "ApplicationConfiguration": { + "ApplicationCodeConfiguration": { + "CodeContent": { + "S3ContentLocation": { + "BucketARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "FileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "CodeContentType": "ZIPFILE" + }, + "ApplicationSnapshotConfiguration": { + "SnapshotsEnabled": true + } + }, + "RuntimeEnvironment": "FLINK-1_18", + "ServiceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK118Role1B878112", + "Arn" + ] + } + }, + "DependsOn": [ + "AppFLINK118RoleDefaultPolicy1D8097BB", + "AppFLINK118Role1B878112" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "AppFLINK118LogGroupEF87F95A": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK118LogStreamAFAF3379": { + "Type": "AWS::Logs::LogStream", + "Properties": { + "LogGroupName": { + "Ref": "AppFLINK118LogGroupEF87F95A" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK118LoggingOption6EEBD514": { + "Type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "Properties": { + "ApplicationName": { + "Ref": "AppFLINK118BEACE639" + }, + "CloudWatchLoggingOption": { + "LogStreamARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK118LogGroupEF87F95A" + }, + ":log-stream:", + { + "Ref": "AppFLINK118LogStreamAFAF3379" + } + ] + ] + } + } + } + }, + "AlarmFLINK118680AE078": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "Application", + "Value": { + "Ref": "AppFLINK118BEACE639" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "fullRestarts", + "Namespace": "AWS/KinesisAnalytics", + "Period": 300, + "Statistic": "Sum", + "Threshold": 3 + } + }, + "AppFLINK119Role6594F124": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "AppFLINK119RoleDefaultPolicy6EB1C39D": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK119LogGroup472EA32B", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK119LogGroup472EA32B" + }, + ":log-stream:", + { + "Ref": "AppFLINK119LogStream5FD726B5" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AppFLINK119RoleDefaultPolicy6EB1C39D", + "Roles": [ + { + "Ref": "AppFLINK119Role6594F124" + } + ] + } + }, + "AppFLINK119DAC5CF3C": { "Type": "AWS::KinesisAnalyticsV2::Application", "Properties": { "ApplicationConfiguration": { @@ -178,19 +1768,284 @@ "RuntimeEnvironment": "FLINK-1_19", "ServiceExecutionRole": { "Fn::GetAtt": [ - "AppRole1AF9B530", + "AppFLINK119Role6594F124", + "Arn" + ] + } + }, + "DependsOn": [ + "AppFLINK119RoleDefaultPolicy6EB1C39D", + "AppFLINK119Role6594F124" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "AppFLINK119LogGroup472EA32B": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK119LogStream5FD726B5": { + "Type": "AWS::Logs::LogStream", + "Properties": { + "LogGroupName": { + "Ref": "AppFLINK119LogGroup472EA32B" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AppFLINK119LoggingOption224F0C40": { + "Type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "Properties": { + "ApplicationName": { + "Ref": "AppFLINK119DAC5CF3C" + }, + "CloudWatchLoggingOption": { + "LogStreamARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK119LogGroup472EA32B" + }, + ":log-stream:", + { + "Ref": "AppFLINK119LogStream5FD726B5" + } + ] + ] + } + } + } + }, + "AlarmFLINK1194841405B": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "Application", + "Value": { + "Ref": "AppFLINK119DAC5CF3C" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "fullRestarts", + "Namespace": "AWS/KinesisAnalytics", + "Period": 300, + "Statistic": "Sum", + "Threshold": 3 + } + }, + "AppFLINK120RoleDC5875D6": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "AppFLINK120RoleDefaultPolicy2540C6BA": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK120LogGroupFFF89194", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK120LogGroupFFF89194" + }, + ":log-stream:", + { + "Ref": "AppFLINK120LogStream155EEEF9" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AppFLINK120RoleDefaultPolicy2540C6BA", + "Roles": [ + { + "Ref": "AppFLINK120RoleDC5875D6" + } + ] + } + }, + "AppFLINK120E80F19CE": { + "Type": "AWS::KinesisAnalyticsV2::Application", + "Properties": { + "ApplicationConfiguration": { + "ApplicationCodeConfiguration": { + "CodeContent": { + "S3ContentLocation": { + "BucketARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "FileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "CodeContentType": "ZIPFILE" + }, + "ApplicationSnapshotConfiguration": { + "SnapshotsEnabled": true + } + }, + "RuntimeEnvironment": "FLINK-1_20", + "ServiceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK120RoleDC5875D6", "Arn" ] } }, "DependsOn": [ - "AppRoleDefaultPolicy9CADBAA1", - "AppRole1AF9B530" + "AppFLINK120RoleDefaultPolicy2540C6BA", + "AppFLINK120RoleDC5875D6" ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "AppLogGroupC72EEC8C": { + "AppFLINK120LogGroupFFF89194": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 731 @@ -198,21 +2053,21 @@ "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "AppLogStream3CAF66A7": { + "AppFLINK120LogStream155EEEF9": { "Type": "AWS::Logs::LogStream", "Properties": { "LogGroupName": { - "Ref": "AppLogGroupC72EEC8C" + "Ref": "AppFLINK120LogGroupFFF89194" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "AppLoggingOption75BE995E": { + "AppFLINK120LoggingOption6B00A786": { "Type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", "Properties": { "ApplicationName": { - "Ref": "AppF1B96344" + "Ref": "AppFLINK120E80F19CE" }, "CloudWatchLoggingOption": { "LogStreamARN": { @@ -233,11 +2088,11 @@ }, ":log-group:", { - "Ref": "AppLogGroupC72EEC8C" + "Ref": "AppFLINK120LogGroupFFF89194" }, ":log-stream:", { - "Ref": "AppLogStream3CAF66A7" + "Ref": "AppFLINK120LogStream155EEEF9" } ] ] @@ -245,7 +2100,7 @@ } } }, - "Alarm7103F465": { + "AlarmFLINK120DB2152C4": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "ComparisonOperator": "GreaterThanOrEqualToThreshold", @@ -253,7 +2108,7 @@ { "Name": "Application", "Value": { - "Ref": "AppF1B96344" + "Ref": "AppFLINK120E80F19CE" } } ], diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/cdk.out b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/cdk.out index 1f0068d32659a..bd5311dc372de 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/integ.json b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/integ.json index a0d917194b8c1..cb069974a7eea 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/integ.json @@ -1,14 +1,12 @@ { - "version": "36.0.0", + "version": "36.0.5", "testCases": { - "integ.application.lit": { + "ApplicationTest/DefaultTest": { "stacks": [ "FlinkAppTest" ], - "diffAssets": false, - "stackUpdateWorkflow": true + "assertionStack": "ApplicationTest/DefaultTest/DeployAssert", + "assertionStackName": "ApplicationTestDefaultTestDeployAssertF9C5F731" } - }, - "synthContext": {}, - "enableLookups": false + } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/manifest.json index 0109af83fd75c..fe18f4181fca4 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "artifacts": { "FlinkAppTest.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1c62c36f9601016c7fec8f26431c7c7438490b95747135095f9af7ecd84ddb1d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/539ea479a53381b85109d0220f8067dd583db122c2272078f2e00d541ee3738d.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -34,68 +34,467 @@ "FlinkAppTest.assets" ], "metadata": { - "/FlinkAppTest/App/Role/Resource": [ + "/FlinkAppTest/App-FLINK-1_6/Role/Resource": [ { "type": "aws:cdk:logicalId", - "data": "AppRole1AF9B530" + "data": "AppFLINK16RoleA21DF652" } ], - "/FlinkAppTest/App/Role/DefaultPolicy/Resource": [ + "/FlinkAppTest/App-FLINK-1_6/Role/DefaultPolicy/Resource": [ { "type": "aws:cdk:logicalId", - "data": "AppRoleDefaultPolicy9CADBAA1" + "data": "AppFLINK16RoleDefaultPolicy312C949D" } ], - "/FlinkAppTest/App/Resource": [ + "/FlinkAppTest/App-FLINK-1_6/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK16C87388A5" + } + ], + "/FlinkAppTest/App-FLINK-1_6/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK16LogGroup6709DAA8" + } + ], + "/FlinkAppTest/App-FLINK-1_6/LogStream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK16LogStream203A3C4A" + } + ], + "/FlinkAppTest/App-FLINK-1_6/LoggingOption": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK16LoggingOption6A093E18" + } + ], + "/FlinkAppTest/Alarm-FLINK-1_6/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AlarmFLINK16629EC33E" + } + ], + "/FlinkAppTest/App-FLINK-1_8/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK18RoleF2B5E704" + } + ], + "/FlinkAppTest/App-FLINK-1_8/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK18RoleDefaultPolicy3E0E376C" + } + ], + "/FlinkAppTest/App-FLINK-1_8/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK18DFC0B750" + } + ], + "/FlinkAppTest/App-FLINK-1_8/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK18LogGroupEC247BE6" + } + ], + "/FlinkAppTest/App-FLINK-1_8/LogStream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK18LogStream773D6792" + } + ], + "/FlinkAppTest/App-FLINK-1_8/LoggingOption": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK18LoggingOptionFA3821B9" + } + ], + "/FlinkAppTest/Alarm-FLINK-1_8/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AlarmFLINK188AA6547E" + } + ], + "/FlinkAppTest/App-FLINK-1_11/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK111Role85754B20" + } + ], + "/FlinkAppTest/App-FLINK-1_11/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK111RoleDefaultPolicy76505541" + } + ], + "/FlinkAppTest/App-FLINK-1_11/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK1115BD3FEB8" + } + ], + "/FlinkAppTest/App-FLINK-1_11/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK111LogGroup8B96ECB4" + } + ], + "/FlinkAppTest/App-FLINK-1_11/LogStream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK111LogStream9FBA643C" + } + ], + "/FlinkAppTest/App-FLINK-1_11/LoggingOption": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK111LoggingOptionB868A248" + } + ], + "/FlinkAppTest/Alarm-FLINK-1_11/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AlarmFLINK111B1BFA12F" + } + ], + "/FlinkAppTest/App-FLINK-1_13/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK113RoleE0638828" + } + ], + "/FlinkAppTest/App-FLINK-1_13/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK113RoleDefaultPolicy701032C8" + } + ], + "/FlinkAppTest/App-FLINK-1_13/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK1138C7FE76E" + } + ], + "/FlinkAppTest/App-FLINK-1_13/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK113LogGroupF5F42067" + } + ], + "/FlinkAppTest/App-FLINK-1_13/LogStream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK113LogStream63C2732B" + } + ], + "/FlinkAppTest/App-FLINK-1_13/LoggingOption": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK113LoggingOption98F806DA" + } + ], + "/FlinkAppTest/Alarm-FLINK-1_13/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AlarmFLINK1136262934D" + } + ], + "/FlinkAppTest/App-FLINK-1_15/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK115RoleD758509C" + } + ], + "/FlinkAppTest/App-FLINK-1_15/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK115RoleDefaultPolicy402697BF" + } + ], + "/FlinkAppTest/App-FLINK-1_15/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK11548C6DD0B" + } + ], + "/FlinkAppTest/App-FLINK-1_15/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK115LogGroupBACCAB69" + } + ], + "/FlinkAppTest/App-FLINK-1_15/LogStream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK115LogStreamD7900E5F" + } + ], + "/FlinkAppTest/App-FLINK-1_15/LoggingOption": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK115LoggingOption201B75CF" + } + ], + "/FlinkAppTest/Alarm-FLINK-1_15/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AlarmFLINK1151BBA9866" + } + ], + "/FlinkAppTest/App-FLINK-1_18/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK118Role1B878112" + } + ], + "/FlinkAppTest/App-FLINK-1_18/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK118RoleDefaultPolicy1D8097BB" + } + ], + "/FlinkAppTest/App-FLINK-1_18/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK118BEACE639" + } + ], + "/FlinkAppTest/App-FLINK-1_18/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK118LogGroupEF87F95A" + } + ], + "/FlinkAppTest/App-FLINK-1_18/LogStream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK118LogStreamAFAF3379" + } + ], + "/FlinkAppTest/App-FLINK-1_18/LoggingOption": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK118LoggingOption6EEBD514" + } + ], + "/FlinkAppTest/Alarm-FLINK-1_18/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AlarmFLINK118680AE078" + } + ], + "/FlinkAppTest/App-FLINK-1_19/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK119Role6594F124" + } + ], + "/FlinkAppTest/App-FLINK-1_19/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK119RoleDefaultPolicy6EB1C39D" + } + ], + "/FlinkAppTest/App-FLINK-1_19/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK119DAC5CF3C" + } + ], + "/FlinkAppTest/App-FLINK-1_19/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK119LogGroup472EA32B" + } + ], + "/FlinkAppTest/App-FLINK-1_19/LogStream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK119LogStream5FD726B5" + } + ], + "/FlinkAppTest/App-FLINK-1_19/LoggingOption": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK119LoggingOption224F0C40" + } + ], + "/FlinkAppTest/Alarm-FLINK-1_19/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AlarmFLINK1194841405B" + } + ], + "/FlinkAppTest/App-FLINK-1_20/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK120RoleDC5875D6" + } + ], + "/FlinkAppTest/App-FLINK-1_20/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK120RoleDefaultPolicy2540C6BA" + } + ], + "/FlinkAppTest/App-FLINK-1_20/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK120E80F19CE" + } + ], + "/FlinkAppTest/App-FLINK-1_20/LogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK120LogGroupFFF89194" + } + ], + "/FlinkAppTest/App-FLINK-1_20/LogStream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK120LogStream155EEEF9" + } + ], + "/FlinkAppTest/App-FLINK-1_20/LoggingOption": [ + { + "type": "aws:cdk:logicalId", + "data": "AppFLINK120LoggingOption6B00A786" + } + ], + "/FlinkAppTest/Alarm-FLINK-1_20/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AlarmFLINK120DB2152C4" + } + ], + "/FlinkAppTest/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/FlinkAppTest/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ], + "AppRole1AF9B530": [ + { + "type": "aws:cdk:logicalId", + "data": "AppRole1AF9B530", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "AppRoleDefaultPolicy9CADBAA1": [ + { + "type": "aws:cdk:logicalId", + "data": "AppRoleDefaultPolicy9CADBAA1", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "AppF1B96344": [ { "type": "aws:cdk:logicalId", "data": "AppF1B96344", "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" ] } ], - "/FlinkAppTest/App/LogGroup/Resource": [ + "AppLogGroupC72EEC8C": [ { "type": "aws:cdk:logicalId", - "data": "AppLogGroupC72EEC8C" + "data": "AppLogGroupC72EEC8C", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] } ], - "/FlinkAppTest/App/LogStream/Resource": [ + "AppLogStream3CAF66A7": [ { "type": "aws:cdk:logicalId", - "data": "AppLogStream3CAF66A7" + "data": "AppLogStream3CAF66A7", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] } ], - "/FlinkAppTest/App/LoggingOption": [ + "AppLoggingOption75BE995E": [ { "type": "aws:cdk:logicalId", "data": "AppLoggingOption75BE995E", "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" ] } ], - "/FlinkAppTest/Alarm/Resource": [ + "Alarm7103F465": [ { "type": "aws:cdk:logicalId", - "data": "Alarm7103F465" + "data": "Alarm7103F465", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] } + ] + }, + "displayName": "FlinkAppTest" + }, + "ApplicationTestDefaultTestDeployAssertF9C5F731.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "ApplicationTestDefaultTestDeployAssertF9C5F731.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "ApplicationTestDefaultTestDeployAssertF9C5F731": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "ApplicationTestDefaultTestDeployAssertF9C5F731.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "ApplicationTestDefaultTestDeployAssertF9C5F731.assets" ], - "/FlinkAppTest/BootstrapVersion": [ + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "ApplicationTestDefaultTestDeployAssertF9C5F731.assets" + ], + "metadata": { + "/ApplicationTest/DefaultTest/DeployAssert/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/FlinkAppTest/CheckBootstrapVersion": [ + "/ApplicationTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "FlinkAppTest" + "displayName": "ApplicationTest/DefaultTest/DeployAssert" }, "Tree": { "type": "cdk:tree", diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/tree.json b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/tree.json index a5810d986631b..8e7c036a3ed0e 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/tree.json @@ -8,17 +8,17 @@ "id": "FlinkAppTest", "path": "FlinkAppTest", "children": { - "App": { - "id": "App", - "path": "FlinkAppTest/App", + "App-FLINK-1_6": { + "id": "App-FLINK-1_6", + "path": "FlinkAppTest/App-FLINK-1_6", "children": { "Role": { "id": "Role", - "path": "FlinkAppTest/App/Role", + "path": "FlinkAppTest/App-FLINK-1_6/Role", "children": { "ImportRole": { "id": "ImportRole", - "path": "FlinkAppTest/App/Role/ImportRole", + "path": "FlinkAppTest/App-FLINK-1_6/Role/ImportRole", "constructInfo": { "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" @@ -26,7 +26,7 @@ }, "Resource": { "id": "Resource", - "path": "FlinkAppTest/App/Role/Resource", + "path": "FlinkAppTest/App-FLINK-1_6/Role/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::IAM::Role", "aws:cdk:cloudformation:props": { @@ -51,11 +51,11 @@ }, "DefaultPolicy": { "id": "DefaultPolicy", - "path": "FlinkAppTest/App/Role/DefaultPolicy", + "path": "FlinkAppTest/App-FLINK-1_6/Role/DefaultPolicy", "children": { "Resource": { "id": "Resource", - "path": "FlinkAppTest/App/Role/DefaultPolicy/Resource", + "path": "FlinkAppTest/App-FLINK-1_6/Role/DefaultPolicy/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::IAM::Policy", "aws:cdk:cloudformation:props": { @@ -136,7 +136,7 @@ "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "AppLogGroupC72EEC8C", + "AppFLINK16LogGroup6709DAA8", "Arn" ] } @@ -162,11 +162,11 @@ }, ":log-group:", { - "Ref": "AppLogGroupC72EEC8C" + "Ref": "AppFLINK16LogGroup6709DAA8" }, ":log-stream:", { - "Ref": "AppLogStream3CAF66A7" + "Ref": "AppFLINK16LogStream203A3C4A" } ] ] @@ -175,10 +175,10 @@ ], "Version": "2012-10-17" }, - "policyName": "AppRoleDefaultPolicy9CADBAA1", + "policyName": "AppFLINK16RoleDefaultPolicy312C949D", "roles": [ { - "Ref": "AppRole1AF9B530" + "Ref": "AppFLINK16RoleA21DF652" } ] } @@ -202,11 +202,11 @@ }, "Code": { "id": "Code", - "path": "FlinkAppTest/App/Code", + "path": "FlinkAppTest/App-FLINK-1_6/Code", "children": { "Stage": { "id": "Stage", - "path": "FlinkAppTest/App/Code/Stage", + "path": "FlinkAppTest/App-FLINK-1_6/Code/Stage", "constructInfo": { "fqn": "aws-cdk-lib.AssetStaging", "version": "0.0.0" @@ -214,7 +214,7 @@ }, "AssetBucket": { "id": "AssetBucket", - "path": "FlinkAppTest/App/Code/AssetBucket", + "path": "FlinkAppTest/App-FLINK-1_6/Code/AssetBucket", "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.BucketBase", "version": "0.0.0" @@ -228,7 +228,2437 @@ }, "Resource": { "id": "Resource", - "path": "FlinkAppTest/App/Resource", + "path": "FlinkAppTest/App-FLINK-1_6/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::Application", + "aws:cdk:cloudformation:props": { + "applicationConfiguration": { + "applicationCodeConfiguration": { + "codeContent": { + "s3ContentLocation": { + "bucketArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "fileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "codeContentType": "ZIPFILE" + }, + "applicationSnapshotConfiguration": { + "snapshotsEnabled": true + } + }, + "runtimeEnvironment": "FLINK-1_6", + "serviceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK16RoleA21DF652", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationV2", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "FlinkAppTest/App-FLINK-1_6/LogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_6/LogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 731 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" + } + }, + "LogStream": { + "id": "LogStream", + "path": "FlinkAppTest/App-FLINK-1_6/LogStream", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_6/LogStream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogStream", + "aws:cdk:cloudformation:props": { + "logGroupName": { + "Ref": "AppFLINK16LogGroup6709DAA8" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogStream", + "version": "0.0.0" + } + }, + "LoggingOption": { + "id": "LoggingOption", + "path": "FlinkAppTest/App-FLINK-1_6/LoggingOption", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "aws:cdk:cloudformation:props": { + "applicationName": { + "Ref": "AppFLINK16C87388A5" + }, + "cloudWatchLoggingOption": { + "logStreamArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK16LogGroup6709DAA8" + }, + ":log-stream:", + { + "Ref": "AppFLINK16LogStream203A3C4A" + } + ] + ] + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Alarm-FLINK-1_6": { + "id": "Alarm-FLINK-1_6", + "path": "FlinkAppTest/Alarm-FLINK-1_6", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/Alarm-FLINK-1_6/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "Application", + "value": { + "Ref": "AppFLINK16C87388A5" + } + } + ], + "evaluationPeriods": 1, + "metricName": "fullRestarts", + "namespace": "AWS/KinesisAnalytics", + "period": 300, + "statistic": "Sum", + "threshold": 3 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "App-FLINK-1_8": { + "id": "App-FLINK-1_8", + "path": "FlinkAppTest/App-FLINK-1_8", + "children": { + "Role": { + "id": "Role", + "path": "FlinkAppTest/App-FLINK-1_8/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "FlinkAppTest/App-FLINK-1_8/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_8/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "FlinkAppTest/App-FLINK-1_8/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_8/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK18LogGroupEC247BE6", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK18LogGroupEC247BE6" + }, + ":log-stream:", + { + "Ref": "AppFLINK18LogStream773D6792" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "AppFLINK18RoleDefaultPolicy3E0E376C", + "roles": [ + { + "Ref": "AppFLINK18RoleF2B5E704" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "FlinkAppTest/App-FLINK-1_8/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "FlinkAppTest/App-FLINK-1_8/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "FlinkAppTest/App-FLINK-1_8/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_8/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::Application", + "aws:cdk:cloudformation:props": { + "applicationConfiguration": { + "applicationCodeConfiguration": { + "codeContent": { + "s3ContentLocation": { + "bucketArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "fileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "codeContentType": "ZIPFILE" + }, + "applicationSnapshotConfiguration": { + "snapshotsEnabled": true + } + }, + "runtimeEnvironment": "FLINK-1_8", + "serviceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK18RoleF2B5E704", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationV2", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "FlinkAppTest/App-FLINK-1_8/LogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_8/LogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 731 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" + } + }, + "LogStream": { + "id": "LogStream", + "path": "FlinkAppTest/App-FLINK-1_8/LogStream", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_8/LogStream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogStream", + "aws:cdk:cloudformation:props": { + "logGroupName": { + "Ref": "AppFLINK18LogGroupEC247BE6" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogStream", + "version": "0.0.0" + } + }, + "LoggingOption": { + "id": "LoggingOption", + "path": "FlinkAppTest/App-FLINK-1_8/LoggingOption", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "aws:cdk:cloudformation:props": { + "applicationName": { + "Ref": "AppFLINK18DFC0B750" + }, + "cloudWatchLoggingOption": { + "logStreamArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK18LogGroupEC247BE6" + }, + ":log-stream:", + { + "Ref": "AppFLINK18LogStream773D6792" + } + ] + ] + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Alarm-FLINK-1_8": { + "id": "Alarm-FLINK-1_8", + "path": "FlinkAppTest/Alarm-FLINK-1_8", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/Alarm-FLINK-1_8/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "Application", + "value": { + "Ref": "AppFLINK18DFC0B750" + } + } + ], + "evaluationPeriods": 1, + "metricName": "fullRestarts", + "namespace": "AWS/KinesisAnalytics", + "period": 300, + "statistic": "Sum", + "threshold": 3 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "App-FLINK-1_11": { + "id": "App-FLINK-1_11", + "path": "FlinkAppTest/App-FLINK-1_11", + "children": { + "Role": { + "id": "Role", + "path": "FlinkAppTest/App-FLINK-1_11/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "FlinkAppTest/App-FLINK-1_11/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_11/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "FlinkAppTest/App-FLINK-1_11/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_11/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK111LogGroup8B96ECB4", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK111LogGroup8B96ECB4" + }, + ":log-stream:", + { + "Ref": "AppFLINK111LogStream9FBA643C" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "AppFLINK111RoleDefaultPolicy76505541", + "roles": [ + { + "Ref": "AppFLINK111Role85754B20" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "FlinkAppTest/App-FLINK-1_11/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "FlinkAppTest/App-FLINK-1_11/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "FlinkAppTest/App-FLINK-1_11/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_11/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::Application", + "aws:cdk:cloudformation:props": { + "applicationConfiguration": { + "applicationCodeConfiguration": { + "codeContent": { + "s3ContentLocation": { + "bucketArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "fileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "codeContentType": "ZIPFILE" + }, + "applicationSnapshotConfiguration": { + "snapshotsEnabled": true + } + }, + "runtimeEnvironment": "FLINK-1_11", + "serviceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK111Role85754B20", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationV2", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "FlinkAppTest/App-FLINK-1_11/LogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_11/LogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 731 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" + } + }, + "LogStream": { + "id": "LogStream", + "path": "FlinkAppTest/App-FLINK-1_11/LogStream", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_11/LogStream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogStream", + "aws:cdk:cloudformation:props": { + "logGroupName": { + "Ref": "AppFLINK111LogGroup8B96ECB4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogStream", + "version": "0.0.0" + } + }, + "LoggingOption": { + "id": "LoggingOption", + "path": "FlinkAppTest/App-FLINK-1_11/LoggingOption", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "aws:cdk:cloudformation:props": { + "applicationName": { + "Ref": "AppFLINK1115BD3FEB8" + }, + "cloudWatchLoggingOption": { + "logStreamArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK111LogGroup8B96ECB4" + }, + ":log-stream:", + { + "Ref": "AppFLINK111LogStream9FBA643C" + } + ] + ] + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Alarm-FLINK-1_11": { + "id": "Alarm-FLINK-1_11", + "path": "FlinkAppTest/Alarm-FLINK-1_11", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/Alarm-FLINK-1_11/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "Application", + "value": { + "Ref": "AppFLINK1115BD3FEB8" + } + } + ], + "evaluationPeriods": 1, + "metricName": "fullRestarts", + "namespace": "AWS/KinesisAnalytics", + "period": 300, + "statistic": "Sum", + "threshold": 3 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "App-FLINK-1_13": { + "id": "App-FLINK-1_13", + "path": "FlinkAppTest/App-FLINK-1_13", + "children": { + "Role": { + "id": "Role", + "path": "FlinkAppTest/App-FLINK-1_13/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "FlinkAppTest/App-FLINK-1_13/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_13/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "FlinkAppTest/App-FLINK-1_13/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_13/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK113LogGroupF5F42067", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK113LogGroupF5F42067" + }, + ":log-stream:", + { + "Ref": "AppFLINK113LogStream63C2732B" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "AppFLINK113RoleDefaultPolicy701032C8", + "roles": [ + { + "Ref": "AppFLINK113RoleE0638828" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "FlinkAppTest/App-FLINK-1_13/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "FlinkAppTest/App-FLINK-1_13/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "FlinkAppTest/App-FLINK-1_13/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_13/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::Application", + "aws:cdk:cloudformation:props": { + "applicationConfiguration": { + "applicationCodeConfiguration": { + "codeContent": { + "s3ContentLocation": { + "bucketArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "fileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "codeContentType": "ZIPFILE" + }, + "applicationSnapshotConfiguration": { + "snapshotsEnabled": true + } + }, + "runtimeEnvironment": "FLINK-1_13", + "serviceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK113RoleE0638828", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationV2", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "FlinkAppTest/App-FLINK-1_13/LogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_13/LogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 731 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" + } + }, + "LogStream": { + "id": "LogStream", + "path": "FlinkAppTest/App-FLINK-1_13/LogStream", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_13/LogStream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogStream", + "aws:cdk:cloudformation:props": { + "logGroupName": { + "Ref": "AppFLINK113LogGroupF5F42067" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogStream", + "version": "0.0.0" + } + }, + "LoggingOption": { + "id": "LoggingOption", + "path": "FlinkAppTest/App-FLINK-1_13/LoggingOption", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "aws:cdk:cloudformation:props": { + "applicationName": { + "Ref": "AppFLINK1138C7FE76E" + }, + "cloudWatchLoggingOption": { + "logStreamArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK113LogGroupF5F42067" + }, + ":log-stream:", + { + "Ref": "AppFLINK113LogStream63C2732B" + } + ] + ] + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Alarm-FLINK-1_13": { + "id": "Alarm-FLINK-1_13", + "path": "FlinkAppTest/Alarm-FLINK-1_13", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/Alarm-FLINK-1_13/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "Application", + "value": { + "Ref": "AppFLINK1138C7FE76E" + } + } + ], + "evaluationPeriods": 1, + "metricName": "fullRestarts", + "namespace": "AWS/KinesisAnalytics", + "period": 300, + "statistic": "Sum", + "threshold": 3 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "App-FLINK-1_15": { + "id": "App-FLINK-1_15", + "path": "FlinkAppTest/App-FLINK-1_15", + "children": { + "Role": { + "id": "Role", + "path": "FlinkAppTest/App-FLINK-1_15/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "FlinkAppTest/App-FLINK-1_15/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_15/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "FlinkAppTest/App-FLINK-1_15/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_15/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK115LogGroupBACCAB69", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK115LogGroupBACCAB69" + }, + ":log-stream:", + { + "Ref": "AppFLINK115LogStreamD7900E5F" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "AppFLINK115RoleDefaultPolicy402697BF", + "roles": [ + { + "Ref": "AppFLINK115RoleD758509C" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "FlinkAppTest/App-FLINK-1_15/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "FlinkAppTest/App-FLINK-1_15/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "FlinkAppTest/App-FLINK-1_15/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_15/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::Application", + "aws:cdk:cloudformation:props": { + "applicationConfiguration": { + "applicationCodeConfiguration": { + "codeContent": { + "s3ContentLocation": { + "bucketArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "fileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "codeContentType": "ZIPFILE" + }, + "applicationSnapshotConfiguration": { + "snapshotsEnabled": true + } + }, + "runtimeEnvironment": "FLINK-1_15", + "serviceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK115RoleD758509C", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationV2", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "FlinkAppTest/App-FLINK-1_15/LogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_15/LogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 731 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" + } + }, + "LogStream": { + "id": "LogStream", + "path": "FlinkAppTest/App-FLINK-1_15/LogStream", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_15/LogStream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogStream", + "aws:cdk:cloudformation:props": { + "logGroupName": { + "Ref": "AppFLINK115LogGroupBACCAB69" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogStream", + "version": "0.0.0" + } + }, + "LoggingOption": { + "id": "LoggingOption", + "path": "FlinkAppTest/App-FLINK-1_15/LoggingOption", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "aws:cdk:cloudformation:props": { + "applicationName": { + "Ref": "AppFLINK11548C6DD0B" + }, + "cloudWatchLoggingOption": { + "logStreamArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK115LogGroupBACCAB69" + }, + ":log-stream:", + { + "Ref": "AppFLINK115LogStreamD7900E5F" + } + ] + ] + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Alarm-FLINK-1_15": { + "id": "Alarm-FLINK-1_15", + "path": "FlinkAppTest/Alarm-FLINK-1_15", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/Alarm-FLINK-1_15/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "Application", + "value": { + "Ref": "AppFLINK11548C6DD0B" + } + } + ], + "evaluationPeriods": 1, + "metricName": "fullRestarts", + "namespace": "AWS/KinesisAnalytics", + "period": 300, + "statistic": "Sum", + "threshold": 3 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "App-FLINK-1_18": { + "id": "App-FLINK-1_18", + "path": "FlinkAppTest/App-FLINK-1_18", + "children": { + "Role": { + "id": "Role", + "path": "FlinkAppTest/App-FLINK-1_18/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "FlinkAppTest/App-FLINK-1_18/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_18/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "FlinkAppTest/App-FLINK-1_18/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_18/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK118LogGroupEF87F95A", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK118LogGroupEF87F95A" + }, + ":log-stream:", + { + "Ref": "AppFLINK118LogStreamAFAF3379" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "AppFLINK118RoleDefaultPolicy1D8097BB", + "roles": [ + { + "Ref": "AppFLINK118Role1B878112" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "FlinkAppTest/App-FLINK-1_18/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "FlinkAppTest/App-FLINK-1_18/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "FlinkAppTest/App-FLINK-1_18/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_18/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::Application", + "aws:cdk:cloudformation:props": { + "applicationConfiguration": { + "applicationCodeConfiguration": { + "codeContent": { + "s3ContentLocation": { + "bucketArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "fileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "codeContentType": "ZIPFILE" + }, + "applicationSnapshotConfiguration": { + "snapshotsEnabled": true + } + }, + "runtimeEnvironment": "FLINK-1_18", + "serviceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK118Role1B878112", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationV2", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "FlinkAppTest/App-FLINK-1_18/LogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_18/LogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 731 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" + } + }, + "LogStream": { + "id": "LogStream", + "path": "FlinkAppTest/App-FLINK-1_18/LogStream", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_18/LogStream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogStream", + "aws:cdk:cloudformation:props": { + "logGroupName": { + "Ref": "AppFLINK118LogGroupEF87F95A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogStream", + "version": "0.0.0" + } + }, + "LoggingOption": { + "id": "LoggingOption", + "path": "FlinkAppTest/App-FLINK-1_18/LoggingOption", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "aws:cdk:cloudformation:props": { + "applicationName": { + "Ref": "AppFLINK118BEACE639" + }, + "cloudWatchLoggingOption": { + "logStreamArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK118LogGroupEF87F95A" + }, + ":log-stream:", + { + "Ref": "AppFLINK118LogStreamAFAF3379" + } + ] + ] + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Alarm-FLINK-1_18": { + "id": "Alarm-FLINK-1_18", + "path": "FlinkAppTest/Alarm-FLINK-1_18", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/Alarm-FLINK-1_18/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "Application", + "value": { + "Ref": "AppFLINK118BEACE639" + } + } + ], + "evaluationPeriods": 1, + "metricName": "fullRestarts", + "namespace": "AWS/KinesisAnalytics", + "period": 300, + "statistic": "Sum", + "threshold": 3 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "App-FLINK-1_19": { + "id": "App-FLINK-1_19", + "path": "FlinkAppTest/App-FLINK-1_19", + "children": { + "Role": { + "id": "Role", + "path": "FlinkAppTest/App-FLINK-1_19/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "FlinkAppTest/App-FLINK-1_19/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_19/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "FlinkAppTest/App-FLINK-1_19/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_19/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK119LogGroup472EA32B", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK119LogGroup472EA32B" + }, + ":log-stream:", + { + "Ref": "AppFLINK119LogStream5FD726B5" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "AppFLINK119RoleDefaultPolicy6EB1C39D", + "roles": [ + { + "Ref": "AppFLINK119Role6594F124" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "FlinkAppTest/App-FLINK-1_19/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "FlinkAppTest/App-FLINK-1_19/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "FlinkAppTest/App-FLINK-1_19/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_19/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::Application", "aws:cdk:cloudformation:props": { @@ -263,7 +2693,412 @@ "runtimeEnvironment": "FLINK-1_19", "serviceExecutionRole": { "Fn::GetAtt": [ - "AppRole1AF9B530", + "AppFLINK119Role6594F124", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationV2", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "FlinkAppTest/App-FLINK-1_19/LogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_19/LogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 731 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" + } + }, + "LogStream": { + "id": "LogStream", + "path": "FlinkAppTest/App-FLINK-1_19/LogStream", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_19/LogStream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogStream", + "aws:cdk:cloudformation:props": { + "logGroupName": { + "Ref": "AppFLINK119LogGroup472EA32B" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogStream", + "version": "0.0.0" + } + }, + "LoggingOption": { + "id": "LoggingOption", + "path": "FlinkAppTest/App-FLINK-1_19/LoggingOption", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", + "aws:cdk:cloudformation:props": { + "applicationName": { + "Ref": "AppFLINK119DAC5CF3C" + }, + "cloudWatchLoggingOption": { + "logStreamArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK119LogGroup472EA32B" + }, + ":log-stream:", + { + "Ref": "AppFLINK119LogStream5FD726B5" + } + ] + ] + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Alarm-FLINK-1_19": { + "id": "Alarm-FLINK-1_19", + "path": "FlinkAppTest/Alarm-FLINK-1_19", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/Alarm-FLINK-1_19/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "Application", + "value": { + "Ref": "AppFLINK119DAC5CF3C" + } + } + ], + "evaluationPeriods": 1, + "metricName": "fullRestarts", + "namespace": "AWS/KinesisAnalytics", + "period": 300, + "statistic": "Sum", + "threshold": 3 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "App-FLINK-1_20": { + "id": "App-FLINK-1_20", + "path": "FlinkAppTest/App-FLINK-1_20", + "children": { + "Role": { + "id": "Role", + "path": "FlinkAppTest/App-FLINK-1_20/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "FlinkAppTest/App-FLINK-1_20/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_20/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kinesisanalytics.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "FlinkAppTest/App-FLINK-1_20/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_20/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + }, + { + "Action": "logs:DescribeLogGroups", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:*" + ] + ] + } + }, + { + "Action": "logs:DescribeLogStreams", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "AppFLINK120LogGroupFFF89194", + "Arn" + ] + } + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "AppFLINK120LogGroupFFF89194" + }, + ":log-stream:", + { + "Ref": "AppFLINK120LogStream155EEEF9" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "AppFLINK120RoleDefaultPolicy2540C6BA", + "roles": [ + { + "Ref": "AppFLINK120RoleDC5875D6" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "FlinkAppTest/App-FLINK-1_20/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "FlinkAppTest/App-FLINK-1_20/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "FlinkAppTest/App-FLINK-1_20/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "FlinkAppTest/App-FLINK-1_20/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::Application", + "aws:cdk:cloudformation:props": { + "applicationConfiguration": { + "applicationCodeConfiguration": { + "codeContent": { + "s3ContentLocation": { + "bucketArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + }, + "fileKey": "8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577.zip" + } + }, + "codeContentType": "ZIPFILE" + }, + "applicationSnapshotConfiguration": { + "snapshotsEnabled": true + } + }, + "runtimeEnvironment": "FLINK-1_20", + "serviceExecutionRole": { + "Fn::GetAtt": [ + "AppFLINK120RoleDC5875D6", "Arn" ] } @@ -276,11 +3111,11 @@ }, "LogGroup": { "id": "LogGroup", - "path": "FlinkAppTest/App/LogGroup", + "path": "FlinkAppTest/App-FLINK-1_20/LogGroup", "children": { "Resource": { "id": "Resource", - "path": "FlinkAppTest/App/LogGroup/Resource", + "path": "FlinkAppTest/App-FLINK-1_20/LogGroup/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", "aws:cdk:cloudformation:props": { @@ -300,16 +3135,16 @@ }, "LogStream": { "id": "LogStream", - "path": "FlinkAppTest/App/LogStream", + "path": "FlinkAppTest/App-FLINK-1_20/LogStream", "children": { "Resource": { "id": "Resource", - "path": "FlinkAppTest/App/LogStream/Resource", + "path": "FlinkAppTest/App-FLINK-1_20/LogStream/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Logs::LogStream", "aws:cdk:cloudformation:props": { "logGroupName": { - "Ref": "AppLogGroupC72EEC8C" + "Ref": "AppFLINK120LogGroupFFF89194" } } }, @@ -326,12 +3161,12 @@ }, "LoggingOption": { "id": "LoggingOption", - "path": "FlinkAppTest/App/LoggingOption", + "path": "FlinkAppTest/App-FLINK-1_20/LoggingOption", "attributes": { "aws:cdk:cloudformation:type": "AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption", "aws:cdk:cloudformation:props": { "applicationName": { - "Ref": "AppF1B96344" + "Ref": "AppFLINK120E80F19CE" }, "cloudWatchLoggingOption": { "logStreamArn": { @@ -352,11 +3187,11 @@ }, ":log-group:", { - "Ref": "AppLogGroupC72EEC8C" + "Ref": "AppFLINK120LogGroupFFF89194" }, ":log-stream:", { - "Ref": "AppLogStream3CAF66A7" + "Ref": "AppFLINK120LogStream155EEEF9" } ] ] @@ -371,17 +3206,17 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-kinesisanalytics-flink-alpha.Application", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, - "Alarm": { - "id": "Alarm", - "path": "FlinkAppTest/Alarm", + "Alarm-FLINK-1_20": { + "id": "Alarm-FLINK-1_20", + "path": "FlinkAppTest/Alarm-FLINK-1_20", "children": { "Resource": { "id": "Resource", - "path": "FlinkAppTest/Alarm/Resource", + "path": "FlinkAppTest/Alarm-FLINK-1_20/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", "aws:cdk:cloudformation:props": { @@ -390,7 +3225,7 @@ { "name": "Application", "value": { - "Ref": "AppF1B96344" + "Ref": "AppFLINK120E80F19CE" } } ], @@ -435,6 +3270,60 @@ "version": "0.0.0" } }, + "ApplicationTest": { + "id": "ApplicationTest", + "path": "ApplicationTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "ApplicationTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "ApplicationTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "ApplicationTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "ApplicationTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "ApplicationTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, "Tree": { "id": "Tree", "path": "Tree", diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.ts b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.ts index 392d8290c1a1b..00b88316ff8a6 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.ts +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.ts @@ -1,22 +1,36 @@ -///! show import * as path from 'path'; import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch'; import * as core from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; import * as flink from '../lib'; const app = new core.App(); const stack = new core.Stack(app, 'FlinkAppTest'); -const flinkApp = new flink.Application(stack, 'App', { - code: flink.ApplicationCode.fromAsset(path.join(__dirname, 'code-asset')), - runtime: flink.Runtime.FLINK_1_19, -}); +const flinkRuntimes = [ + flink.Runtime.FLINK_1_6, + flink.Runtime.FLINK_1_8, + flink.Runtime.FLINK_1_11, + flink.Runtime.FLINK_1_13, + flink.Runtime.FLINK_1_15, + flink.Runtime.FLINK_1_18, + flink.Runtime.FLINK_1_19, + flink.Runtime.FLINK_1_20, +]; + +flinkRuntimes.forEach((runtime) => { + const flinkApp = new flink.Application(stack, `App-${runtime.value}`, { + code: flink.ApplicationCode.fromAsset(path.join(__dirname, 'code-asset')), + runtime: runtime, + }); -new cloudwatch.Alarm(stack, 'Alarm', { - metric: flinkApp.metricFullRestarts(), - evaluationPeriods: 1, - threshold: 3, + new cloudwatch.Alarm(stack, `Alarm-${runtime.value}`, { + metric: flinkApp.metricFullRestarts(), + evaluationPeriods: 1, + threshold: 3, + }); }); -///! hide -app.synth(); +new integ.IntegTest(app, 'ApplicationTest', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index 5b1a42dbbf8a5..50b6baffb22de 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -23,8 +23,8 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.23", - "@aws-cdk/service-spec-types": "^0.0.90", + "@aws-cdk/aws-service-spec": "^0.1.24", + "@aws-cdk/service-spec-types": "^0.0.91", "chalk": "^4", "diff": "^5.2.0", "fast-deep-equal": "^3.1.3", diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index 65a03c0dee58d..09410f8d028f5 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -74,7 +74,7 @@ "@aws-cdk/cloud-assembly-schema": "^38.0.0", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", - "@aws-cdk/aws-service-spec": "^0.1.23", + "@aws-cdk/aws-service-spec": "^0.1.24", "cdk-assets": "^2.152.0", "@aws-cdk/cdk-cli-wrapper": "0.0.0", "aws-cdk": "0.0.0", diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts index 0778024aa2c26..ede93a84af1f0 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts @@ -767,6 +767,13 @@ export interface IUserPool extends IResource { */ readonly userPoolArn: string; + /** + * The provider name of this user pool resource + * + * @attribute + */ + readonly userPoolProviderName: string; + /** * Get all identity providers registered with this user pool. */ @@ -805,6 +812,7 @@ export interface IUserPool extends IResource { abstract class UserPoolBase extends Resource implements IUserPool { public abstract readonly userPoolId: string; public abstract readonly userPoolArn: string; + public abstract readonly userPoolProviderName: string; public readonly identityProviders: IUserPoolIdentityProvider[] = []; public addClient(id: string, options?: UserPoolClientOptions): UserPoolClient { @@ -870,10 +878,14 @@ export class UserPool extends UserPoolBase { } const userPoolId = arnParts.resourceName; + // ex) cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi + const providerName = `cognito-idp.${arnParts.region}.${Stack.of(scope).urlSuffix}/${userPoolId}`;; class ImportedUserPool extends UserPoolBase { public readonly userPoolArn = userPoolArn; public readonly userPoolId = userPoolId; + public readonly userPoolProviderName = providerName; + constructor() { super(scope, id, { account: arnParts.account, diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts index 934f6a312c81b..d44a0c4e35e61 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts @@ -300,6 +300,9 @@ describe('User Pool', () => { const pool = UserPool.fromUserPoolArn(stack, 'userpool', userPoolArn); expect(pool.userPoolId).toEqual('test-user-pool'); expect(stack.resolve(pool.userPoolArn)).toEqual('arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); + expect(stack.resolve(pool.userPoolProviderName)).toEqual( + { 'Fn::Join': ['', ['cognito-idp.us-east-1.', { Ref: 'AWS::URLSuffix' }, '/test-user-pool']] }, + ); }); test('import using arn without resourceName fails', () => { diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index 7e3cedf219e09..4fe13c0992b5d 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -306,7 +306,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly BEDROCK_AGENT = new InterfaceVpcEndpointAwsService('bedrock-agent'); public static readonly BEDROCK_AGENT_RUNTIME = new InterfaceVpcEndpointAwsService('bedrock-agent-runtime'); public static readonly BEDROCK_RUNTIME = new InterfaceVpcEndpointAwsService('bedrock-runtime'); - public static readonly BILLING_AND_COST_MANAGEMENT_FREETIER = new InterfaceVpcEndpointAwsService('freetier'); + public static readonly BILLING_AND_COST_MANAGEMENT_FREETIER = new InterfaceVpcEndpointAwsService('freetier', 'aws.api'); public static readonly BILLING_AND_COST_MANAGEMENT_TAX = new InterfaceVpcEndpointAwsService('tax'); public static readonly BILLING_CONDUCTOR = new InterfaceVpcEndpointAwsService('billingconductor'); public static readonly BRAKET = new InterfaceVpcEndpointAwsService('braket'); @@ -366,7 +366,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly CONTROL_CATALOG = new InterfaceVpcEndpointAwsService('controlcatalog'); public static readonly COST_EXPLORER = new InterfaceVpcEndpointAwsService('ce'); public static readonly DATA_EXCHANGE = new InterfaceVpcEndpointAwsService('dataexchange'); - public static readonly DATA_EXPORTS = new InterfaceVpcEndpointAwsService('bcm-data-exports'); + public static readonly DATA_EXPORTS = new InterfaceVpcEndpointAwsService('bcm-data-exports', 'aws.api'); public static readonly DATASYNC = new InterfaceVpcEndpointAwsService('datasync'); public static readonly DATAZONE = new InterfaceVpcEndpointAwsService('datazone'); public static readonly DATABASE_MIGRATION_SERVICE = new InterfaceVpcEndpointAwsService('dms'); @@ -421,6 +421,8 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly GRAFANA = new InterfaceVpcEndpointAwsService('grafana'); public static readonly GRAFANA_WORKSPACE = new InterfaceVpcEndpointAwsService('grafana-workspace'); public static readonly GROUNDSTATION = new InterfaceVpcEndpointAwsService('groundstation'); + public static readonly GUARDDUTY = new InterfaceVpcEndpointAwsService('guardduty'); + public static readonly GUARDDUTY_FIPS = new InterfaceVpcEndpointAwsService('guardduty-fips'); public static readonly GUARDDUTY_DATA = new InterfaceVpcEndpointAwsService('guardduty-data'); public static readonly GUARDDUTY_DATA_FIPS = new InterfaceVpcEndpointAwsService('guardduty-data-fips'); public static readonly HEALTH_IMAGING = new InterfaceVpcEndpointAwsService('medical-imaging'); diff --git a/packages/aws-cdk-lib/aws-ecs/lib/base/base-service.ts b/packages/aws-cdk-lib/aws-ecs/lib/base/base-service.ts index 89fc0d7434f41..9f5891ba78e55 100644 --- a/packages/aws-cdk-lib/aws-ecs/lib/base/base-service.ts +++ b/packages/aws-cdk-lib/aws-ecs/lib/base/base-service.ts @@ -1033,23 +1033,30 @@ export abstract class BaseService extends Resource } private executeCommandLogConfiguration() { + const reducePermissions = FeatureFlags.of(this).isEnabled(cxapi.REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS); const logConfiguration = this.cluster.executeCommandConfiguration?.logConfiguration; - this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({ - actions: [ - 'logs:DescribeLogGroups', - ], - resources: ['*'], - })); - const logGroupArn = logConfiguration?.cloudWatchLogGroup ? `arn:${this.stack.partition}:logs:${this.env.region}:${this.env.account}:log-group:${logConfiguration.cloudWatchLogGroup.logGroupName}:*` : '*'; - this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({ - actions: [ - 'logs:CreateLogStream', - 'logs:DescribeLogStreams', - 'logs:PutLogEvents', - ], - resources: [logGroupArn], - })); + // When Feature Flag is false, keep the previous behaviour for non-breaking changes. + // When Feature Flag is true and when cloudwatch log group is specified in logConfiguration, then + // append the necessary permissions to the task definition. + if (!reducePermissions || logConfiguration?.cloudWatchLogGroup) { + this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({ + actions: [ + 'logs:DescribeLogGroups', + ], + resources: ['*'], + })); + + const logGroupArn = logConfiguration?.cloudWatchLogGroup ? `arn:${this.stack.partition}:logs:${this.env.region}:${this.env.account}:log-group:${logConfiguration.cloudWatchLogGroup.logGroupName}:*` : '*'; + this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({ + actions: [ + 'logs:CreateLogStream', + 'logs:DescribeLogStreams', + 'logs:PutLogEvents', + ], + resources: [logGroupArn], + })); + } if (logConfiguration?.s3Bucket?.bucketName) { this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({ diff --git a/packages/aws-cdk-lib/aws-ecs/test/ec2/ec2-service.test.ts b/packages/aws-cdk-lib/aws-ecs/test/ec2/ec2-service.test.ts index 879bd919a7849..b6aff9a744f7a 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/ec2/ec2-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/ec2/ec2-service.test.ts @@ -63,6 +63,223 @@ describe('ec2 service', () => { }); + [false, undefined].forEach((value) => { + test('set cloudwatch permissions based on falsy feature flag when no cloudwatch log configured', () => { + // GIVEN + const app = new App( + { + context: { + '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': value, + }, + }, + ); + const stack = new cdk.Stack(app); + const vpc = new ec2.Vpc(stack, 'MyVpc', {}); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc }); + addDefaultCapacityProvider(cluster, stack, vpc); + const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'Ec2TaskDef'); + + taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + memoryLimitMiB: 512, + }); + + new ecs.Ec2Service(stack, 'Ec2Service', { + cluster, + taskDefinition, + enableExecuteCommand: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: [ + 'ssmmessages:CreateControlChannel', + 'ssmmessages:CreateDataChannel', + 'ssmmessages:OpenControlChannel', + 'ssmmessages:OpenDataChannel', + ], + Effect: 'Allow', + Resource: '*', + }, + { + Action: 'logs:DescribeLogGroups', + Effect: 'Allow', + Resource: '*', + }, + { + Action: [ + 'logs:CreateLogStream', + 'logs:DescribeLogStreams', + 'logs:PutLogEvents', + ], + Effect: 'Allow', + Resource: '*', + }, + ], + Version: '2012-10-17', + }, + PolicyName: 'Ec2TaskDefTaskRoleDefaultPolicyA24FB970', + Roles: [ + { + Ref: 'Ec2TaskDefTaskRole400FA349', + }, + ], + }); + }); + }); + + test('set cloudwatch permissions based on true feature flag when no cloudwatch log configured', () => { + // GIVEN + const app = new App( + { + context: { + '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': true, + }, + }, + ); + const stack = new cdk.Stack(app); + const vpc = new ec2.Vpc(stack, 'MyVpc', {}); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc }); + addDefaultCapacityProvider(cluster, stack, vpc); + const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'Ec2TaskDef'); + + taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + memoryLimitMiB: 512, + }); + + new ecs.Ec2Service(stack, 'Ec2Service', { + cluster, + taskDefinition, + enableExecuteCommand: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: [ + 'ssmmessages:CreateControlChannel', + 'ssmmessages:CreateDataChannel', + 'ssmmessages:OpenControlChannel', + 'ssmmessages:OpenDataChannel', + ], + Effect: 'Allow', + Resource: '*', + }, + ], + Version: '2012-10-17', + }, + PolicyName: 'Ec2TaskDefTaskRoleDefaultPolicyA24FB970', + Roles: [ + { + Ref: 'Ec2TaskDefTaskRole400FA349', + }, + ], + }); + }); + + test('set cloudwatch permissions based on true feature flag when cloudwatch log is configured', () => { + // GIVEN + const app = new App( + { + context: { + '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': true, + }, + }, + ); + const stack = new cdk.Stack(app); + const vpc = new ec2.Vpc(stack, 'MyVpc', {}); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { + vpc, + executeCommandConfiguration: { + logConfiguration: { + cloudWatchLogGroup: new logs.LogGroup(stack, 'LogGroup'), + }, + logging: ecs.ExecuteCommandLogging.OVERRIDE, + }, + }); + addDefaultCapacityProvider(cluster, stack, vpc); + const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'Ec2TaskDef'); + + taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + memoryLimitMiB: 512, + }); + + new ecs.Ec2Service(stack, 'Ec2Service', { + cluster, + taskDefinition, + enableExecuteCommand: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: [ + 'ssmmessages:CreateControlChannel', + 'ssmmessages:CreateDataChannel', + 'ssmmessages:OpenControlChannel', + 'ssmmessages:OpenDataChannel', + ], + Effect: 'Allow', + Resource: '*', + }, + { + Action: 'logs:DescribeLogGroups', + Effect: 'Allow', + Resource: '*', + }, + { + Action: [ + 'logs:CreateLogStream', + 'logs:DescribeLogStreams', + 'logs:PutLogEvents', + ], + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':logs:', + { + Ref: 'AWS::Region', + }, + ':', + { + Ref: 'AWS::AccountId', + }, + ':log-group:', + { + Ref: 'LogGroupF5B46931', + }, + ':*', + ], + ], + }, + }, + ], + Version: '2012-10-17', + }, + PolicyName: 'Ec2TaskDefTaskRoleDefaultPolicyA24FB970', + Roles: [ + { + Ref: 'Ec2TaskDefTaskRole400FA349', + }, + ], + }); + }); + test('allows setting enable execute command', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-service.test.ts b/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-service.test.ts index 1775d5ed2eb6e..9abe512daefa5 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-service.test.ts @@ -206,6 +206,223 @@ describe('fargate service', () => { }); }); + [false, undefined].forEach((value) => { + test('set cloudwatch permissions based on falsy feature flag when no cloudwatch log configured', () => { + // GIVEN + const app = new App( + { + context: { + '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': value, + }, + }, + ); + const stack = new cdk.Stack(app); + const vpc = new ec2.Vpc(stack, 'MyVpc', {}); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc }); + addDefaultCapacityProvider(cluster, stack, vpc); + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'Ec2TaskDef'); + + taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + memoryLimitMiB: 512, + }); + + new ecs.FargateService(stack, 'Ec2Service', { + cluster, + taskDefinition, + enableExecuteCommand: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: [ + 'ssmmessages:CreateControlChannel', + 'ssmmessages:CreateDataChannel', + 'ssmmessages:OpenControlChannel', + 'ssmmessages:OpenDataChannel', + ], + Effect: 'Allow', + Resource: '*', + }, + { + Action: 'logs:DescribeLogGroups', + Effect: 'Allow', + Resource: '*', + }, + { + Action: [ + 'logs:CreateLogStream', + 'logs:DescribeLogStreams', + 'logs:PutLogEvents', + ], + Effect: 'Allow', + Resource: '*', + }, + ], + Version: '2012-10-17', + }, + PolicyName: 'Ec2TaskDefTaskRoleDefaultPolicyA24FB970', + Roles: [ + { + Ref: 'Ec2TaskDefTaskRole400FA349', + }, + ], + }); + }); + }); + + test('set cloudwatch permissions based on true feature flag when no cloudwatch log configured', () => { + // GIVEN + const app = new App( + { + context: { + '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': true, + }, + }, + ); + const stack = new cdk.Stack(app); + const vpc = new ec2.Vpc(stack, 'MyVpc', {}); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc }); + addDefaultCapacityProvider(cluster, stack, vpc); + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'Ec2TaskDef'); + + taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + memoryLimitMiB: 512, + }); + + new ecs.FargateService(stack, 'Ec2Service', { + cluster, + taskDefinition, + enableExecuteCommand: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: [ + 'ssmmessages:CreateControlChannel', + 'ssmmessages:CreateDataChannel', + 'ssmmessages:OpenControlChannel', + 'ssmmessages:OpenDataChannel', + ], + Effect: 'Allow', + Resource: '*', + }, + ], + Version: '2012-10-17', + }, + PolicyName: 'Ec2TaskDefTaskRoleDefaultPolicyA24FB970', + Roles: [ + { + Ref: 'Ec2TaskDefTaskRole400FA349', + }, + ], + }); + }); + + test('set cloudwatch permissions based on true feature flag when cloudwatch log is configured', () => { + // GIVEN + const app = new App( + { + context: { + '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': true, + }, + }, + ); + const stack = new cdk.Stack(app); + const vpc = new ec2.Vpc(stack, 'MyVpc', {}); + const cluster = new ecs.Cluster(stack, 'EcsCluster', { + vpc, + executeCommandConfiguration: { + logConfiguration: { + cloudWatchLogGroup: new logs.LogGroup(stack, 'LogGroup'), + }, + logging: ecs.ExecuteCommandLogging.OVERRIDE, + }, + }); + addDefaultCapacityProvider(cluster, stack, vpc); + const taskDefinition = new ecs.FargateTaskDefinition(stack, 'Ec2TaskDef'); + + taskDefinition.addContainer('web', { + image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), + memoryLimitMiB: 512, + }); + + new ecs.FargateService(stack, 'Ec2Service', { + cluster, + taskDefinition, + enableExecuteCommand: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: [ + 'ssmmessages:CreateControlChannel', + 'ssmmessages:CreateDataChannel', + 'ssmmessages:OpenControlChannel', + 'ssmmessages:OpenDataChannel', + ], + Effect: 'Allow', + Resource: '*', + }, + { + Action: 'logs:DescribeLogGroups', + Effect: 'Allow', + Resource: '*', + }, + { + Action: [ + 'logs:CreateLogStream', + 'logs:DescribeLogStreams', + 'logs:PutLogEvents', + ], + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':logs:', + { + Ref: 'AWS::Region', + }, + ':', + { + Ref: 'AWS::AccountId', + }, + ':log-group:', + { + Ref: 'LogGroupF5B46931', + }, + ':*', + ], + ], + }, + }, + ], + Version: '2012-10-17', + }, + PolicyName: 'Ec2TaskDefTaskRoleDefaultPolicyA24FB970', + Roles: [ + { + Ref: 'Ec2TaskDefTaskRole400FA349', + }, + ], + }); + }); + test('does not set launchType when capacity provider strategies specified', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index 634630f6e9b41..beadd60aa4ed2 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -73,6 +73,7 @@ Flags come in three types: | [@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault](#aws-cdkcustom-resourceslogapiresponsedatapropertytruedefault) | When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default | 2.145.0 | (fix) | | [@aws-cdk/aws-s3:keepNotificationInImportedBucket](#aws-cdkaws-s3keepnotificationinimportedbucket) | When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack. | 2.155.0 | (fix) | | [@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask](#aws-cdkaws-stepfunctions-tasksusenews3uriparametersforbedrockinvokemodeltask) | When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model. | 2.156.0 | (fix) | +| [@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions](#aws-cdkaws-ecsreduceec2fargatecloudwatchpermissions) | When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration | 2.159.0 | (fix) | @@ -134,7 +135,8 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true, "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true, "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false, - "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true } } ``` @@ -1378,4 +1380,22 @@ When this feature flag is enabled, specify newly introduced props 's3InputUri' a **Compatibility with old behavior:** Disable the feature flag to use input and output path fields for s3 URI +### @aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions + +*When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration* (fix) + +Currently, we automatically add a number of cloudwatch permissions to the task role when no cloudwatch log group is +specified as logConfiguration and it will grant 'Resources': ['*'] to the task role. + +When this feature flag is enabled, we will only grant the necessary permissions when users specify cloudwatch log group. + + +| Since | Default | Recommended | +| ----- | ----- | ----- | +| (not in v1) | | | +| 2.159.0 | `false` | `true` | + +**Compatibility with old behavior:** Disable the feature flag to continue grant permissions to log group when no log group is specified + + diff --git a/packages/aws-cdk-lib/cx-api/README.md b/packages/aws-cdk-lib/cx-api/README.md index d094fd410d235..946c8ae6224c5 100644 --- a/packages/aws-cdk-lib/cx-api/README.md +++ b/packages/aws-cdk-lib/cx-api/README.md @@ -391,4 +391,21 @@ _cdk.json_ "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": true } } -``` \ No newline at end of file +``` + +* `@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions` + +Currently, we will automatically add a number of cloudwatch permissions to the task role when no cloudwatch log group is +specified as logConfiguration and it will grant 'Resources': ['*'] to the task role. + +When this feature flag is enabled, we will only grant the necessary permissions when users specify cloudwatch log group. + +_cdk.json_ + +```json +{ + "context": { + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true + } +} +``` diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index 2c3155bcf8b6c..e1035fd94fee2 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -107,6 +107,7 @@ export const ECS_REMOVE_DEFAULT_DEPLOYMENT_ALARM = '@aws-cdk/aws-ecs:removeDefau export const LOG_API_RESPONSE_DATA_PROPERTY_TRUE_DEFAULT = '@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault'; export const S3_KEEP_NOTIFICATION_IN_IMPORTED_BUCKET = '@aws-cdk/aws-s3:keepNotificationInImportedBucket'; export const USE_NEW_S3URI_PARAMETERS_FOR_BEDROCK_INVOKE_MODEL_TASK = '@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask'; +export const REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS = '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions'; export const FLAGS: Record = { ////////////////////////////////////////////////////////////////////// @@ -1126,6 +1127,21 @@ export const FLAGS: Record = { recommendedValue: true, compatibilityWithOldBehaviorMd: 'Disable the feature flag to use input and output path fields for s3 URI', }, + + ////////////////////////////////////////////////////////////////////// + [REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS]: { + type: FlagType.BugFix, + summary: 'When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration', + detailsMd: ` + Currently, we automatically add a number of cloudwatch permissions to the task role when no cloudwatch log group is + specified as logConfiguration and it will grant 'Resources': ['*'] to the task role. + + When this feature flag is enabled, we will only grant the necessary permissions when users specify cloudwatch log group. + `, + introducedIn: { v2: '2.159.0' }, + recommendedValue: true, + compatibilityWithOldBehaviorMd: 'Disable the feature flag to continue grant permissions to log group when no log group is specified', + }, }; const CURRENT_MV = 'v2'; diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index 8c52cb473aab7..bb7f78cfe3553 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -136,7 +136,7 @@ "mime-types": "^2.1.35" }, "devDependencies": { - "@aws-cdk/aws-service-spec": "^0.1.23", + "@aws-cdk/aws-service-spec": "^0.1.24", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/custom-resource-handlers": "0.0.0", "@aws-cdk/pkglint": "0.0.0", diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json index 4b982f488d3dd..a344e3a14b49d 100644 --- a/tools/@aws-cdk/spec2cdk/package.json +++ b/tools/@aws-cdk/spec2cdk/package.json @@ -32,9 +32,9 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.23", - "@aws-cdk/service-spec-importers": "^0.0.47", - "@aws-cdk/service-spec-types": "^0.0.90", + "@aws-cdk/aws-service-spec": "^0.1.24", + "@aws-cdk/service-spec-importers": "^0.0.48", + "@aws-cdk/service-spec-types": "^0.0.91", "@cdklabs/tskb": "^0.0.3", "@cdklabs/typewriter": "^0.0.3", "camelcase": "^6", diff --git a/version.v2.json b/version.v2.json index 26e27ecf4410c..5b10cb0da6bc0 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.158.0", - "alphaVersion": "2.158.0-alpha.0" + "version": "2.159.0", + "alphaVersion": "2.159.0-alpha.0" } \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 1c36618fa6caf..4ccc97ff85c0f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -51,12 +51,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.1.0.tgz#6d3c7860354d4856a7e75375f2f0ecab313b4989" integrity sha512-7bY3J8GCVxLupn/kNmpPc5VJz8grx+4RKfnnJiO1LG+uxkZfANZG3RMHhE+qQxxwkyQ9/MfPtTpf748UhR425A== -"@aws-cdk/aws-service-spec@^0.1.23": - version "0.1.23" - resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.23.tgz#88ac3ef86a3412eefa7f3e2dbc6642959bf2530a" - integrity sha512-AR31T//3HTyU1jshiYV+fI6cb7JxwDbcBP0Lb2ruQTYEviLK0j+BVrG5F1R4kQ4e1d/TMPujCzXoOSs2TcHCvw== +"@aws-cdk/aws-service-spec@^0.1.24": + version "0.1.24" + resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.24.tgz#a4f76708430e7fee2f2721ba4686d4fba675fb6a" + integrity sha512-8CTXSMyuNXwp/dnDj7SJi45VG7n+gbtH6zjHBIJNRw8Xt3DdArgyG/C9D+Epl9SRKqRu/xQyM/IZwSi9Fl01Vw== dependencies: - "@aws-cdk/service-spec-types" "^0.0.90" + "@aws-cdk/service-spec-types" "^0.0.91" "@cdklabs/tskb" "^0.0.3" "@aws-cdk/cloud-assembly-schema@2.153.0": @@ -105,12 +105,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v30/-/lambda-layer-kubectl-v30-2.0.1.tgz#2adbb8fc27f926596914f35ab3617622ca088066" integrity sha512-R4N2OTq9jCxARAmrp2TBNRkVreVa01wgAC4GNRRfZ8C4UD5+Cz+vylIyyJsVPD7WWZpdBSWDidnVMpvwTpAsQQ== -"@aws-cdk/service-spec-importers@^0.0.47": - version "0.0.47" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.47.tgz#fffad95201bbca58cb4faefc20259e422649a906" - integrity sha512-paZjDcpeMcwlT03xWLKCETlnbObsG8LImY81BRqabzarwGVEUEx2WYrVKzXBZUzkK3yn9xB4Sp20Q7Wu9wyZCQ== +"@aws-cdk/service-spec-importers@^0.0.48": + version "0.0.48" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.48.tgz#fe3a8bf2b68e492e2207616eb1cb46f29d4d9ede" + integrity sha512-RNPIl8egwYhmlK9g3DPfIHYcvwV03aSOuLwGN4FtSxRJ8Au/Fv1DCy+p+HQhczwhSVarYvLJmul5c2rNoMqZfw== dependencies: - "@aws-cdk/service-spec-types" "^0.0.89" + "@aws-cdk/service-spec-types" "^0.0.91" "@cdklabs/tskb" "^0.0.3" ajv "^6" canonicalize "^2.0.0" @@ -121,17 +121,10 @@ glob "^8" sort-json "^2.0.1" -"@aws-cdk/service-spec-types@^0.0.89": - version "0.0.89" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.89.tgz#c6d87b21d6aa5165ef728997b3f90fa7729b3ac6" - integrity sha512-T6xoePPlZMz1c/0PRj9Ce2B+OyHN4BLJXcsuVYN5Y/7Y3EeVYWSr9OHGFt03Mbvg8bfKIoazaDtuc/m9jo3+Qw== - dependencies: - "@cdklabs/tskb" "^0.0.3" - -"@aws-cdk/service-spec-types@^0.0.90": - version "0.0.90" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.90.tgz#3410fe525a82eceabf188ec161fadce2569846f2" - integrity sha512-gHRyWiOGyu9kbc+3BUjoOxf6pgPprP3SjGbjhK25X6cRBGOPmR8a5gS9EHGxyPiZq8Qcr0yHvt3q02cjBGi4cA== +"@aws-cdk/service-spec-types@^0.0.91": + version "0.0.91" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.91.tgz#e6a0daf0831a77b34dc6e72cd4908916a6909a62" + integrity sha512-J6YyYvH0Ov6bzA2FR68WUDQrp6fQkw8968UjUqMS9Vq0h2iZ/0n4nBcLGWqQuGPVT/Yex7Hfj4dhFsRXCJGEDw== dependencies: "@cdklabs/tskb" "^0.0.3"