Merge pull request #36 from aws-solutions/feature/v1.0.4

Update to v1.0.4
aws-solutions · Sep 28, 2023 · a04ba58 · a04ba58
2 parents b6905a6 + 6f4bc47
commit a04ba58
Show file tree

Hide file tree

Showing 57 changed files with 46,416 additions and 2,415 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,24 +1,41 @@
 # Change Log
+
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.4] - 2023-09-27
+
+### Changed
+
+- Updated Lambda function(s) runtime to nodejs18.x
+- Update AWS JS SDK to v3
+- Various code quality and security updates
+
 ## [1.0.3] - 2023-08-02
+
 ### Changed
+
 - Updated Lambda function(s) runtime to nodejs16.x
 
 ## [1.0.2] - 2023-05-03
+
 ### Changed
+
 - Enabled Amazon S3 server access logging on logging bucket(s) using bucket policy
 
 ## [1.0.1] - 2021-05-21
+
 ### Added
-- Updated SNS Topic Display Name ([#7](https://github.com/awslabs/cognito-user-profiles-export-reference-architecture/issues/7))
-- Updated regular expression for secondary region CloudFormation parameter ([#2](https://github.com/awslabs/cognito-user-profiles-export-reference-architecture/issues/2))
-- Updated README to include instructions on staging assets in secondary region when building from source ([#3](https://github.com/awslabs/cognito-user-profiles-export-reference-architecture/issues/3))
+
+- Updated SNS Topic Display Name ([#7](https://github.com/aws-solutions/cognito-user-profiles-export-reference-architecture/issues/7))
+- Updated regular expression for secondary region CloudFormation parameter ([#2](https://github.com/aws-solutions/cognito-user-profiles-export-reference-architecture/issues/2))
+- Updated README to include instructions on staging assets in secondary region when building from source ([#3](https://github.com/aws-solutions/cognito-user-profiles-export-reference-architecture/issues/3))
 - Updated Node runtime for Lambda functions
 
 ## [1.0.0] - 2020-08-31
+
 ### Added
-- Launch Cognito User Profiles Export Reference Architecture
+
+- Launch Cognito User Profiles Export Reference Architecture
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -1,4 +1,5 @@
 ## Code of Conduct
-This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
-For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
+
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
 [email protected] with any additional questions or comments.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -6,56 +6,55 @@ documentation, we greatly value feedback and contributions from our community.
 Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
 information to effectively respond to your bug report or contribution.
 
-
 ## Reporting Bugs/Feature Requests
 
 We welcome you to use the GitHub issue tracker to report bugs or suggest features.
 
-When filing an issue, please check [existing open](https://github.com/awslabs/cognito-user-profiles-export-reference-architecture/issues), or [recently closed](https://github.com/awslabs/cognito-user-profiles-export-reference-architecture/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
+When filing an issue, please check [existing open](https://github.com/aws-solutions/cognito-user-profiles-export-reference-architecture/issues), or [recently closed](https://github.com/aws-solutions/cognito-user-profiles-export-reference-architecture/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
 reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
 
-* A reproducible test case or series of steps
-* The version of our code being used
-* Any modifications you've made relevant to the bug
-* Anything unusual about your environment or deployment
-
+- A reproducible test case or series of steps
+- The version of our code being used
+- Any modifications you've made relevant to the bug
+- Anything unusual about your environment or deployment
 
 ## Contributing via Pull Requests
+
 Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
 
-1. You are working against the latest source on the *master* branch.
+1. You are working against the latest source on the _master_ branch.
 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
 
 To send us a pull request, please:
 
 1. Fork the repository.
 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
-3. Ensure local tests pass.
-4. Commit to your fork using clear commit messages.
-5. Send us a pull request, answering any default questions in the pull request interface.
-6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
+3. Ensure all build processes execute successfully (see README.md for additional guidance).
+4. Ensure all unit, integration, and/or snapshot tests pass, as applicable.
+5. Commit to your fork using clear commit messages.
+6. Send us a pull request, answering any default questions in the pull request interface.
+7. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
 
 GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
 [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
 
-
 ## Finding contributions to work on
-Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/awslabs/cognito-user-profiles-export-reference-architecture/labels/help%20wanted) issues is a great place to start.
 
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/cognito-user-profiles-export-reference-architecture/labels/help%20wanted) issues is a great place to start.
 
 ## Code of Conduct
+
 This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
 For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
 [email protected] with any additional questions or comments.
 
-
 ## Security issue notifications
-If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
 
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue.
 
 ## Licensing
 
-See the [LICENSE](https://github.com/awslabs/cognito-user-profiles-export-reference-architecture/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+See the [LICENSE](https://github.com/aws-solutions/cognito-user-profiles-export-reference-architecture/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
 
-We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
+We may ask you to sign a [Contributor License Agreement (CLA)](https://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
diff --git a/NOTICE.txt b/NOTICE.txt
@@ -1,5 +1,6 @@
 Cognito User Profiles Export Reference Architecture
-Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except
 in compliance with the License. A copy of the License is located at http://www.apache.org/licenses/
 or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,

diff --git a/README.md b/README.md
@@ -22,15 +22,15 @@ For more information and a detailed deployment guide visit the [solution home pa
 ### 1. Prerequsites
 The following procedures assumes that all of the OS-level configuration has been completed. They are:
 - [AWS Command Line Interface](https://aws.amazon.com/cli/)
-- Node.js 16.x
+- Node.js 18.x
 
-The Cognito User Profiles Export Reference Architecture is developed with Node.js for the microservices that run in AWS Lambda. The latest version has been tested with Node.js 16.x.
+The Cognito User Profiles Export Reference Architecture is developed with Node.js for the microservices that run in AWS Lambda. The latest version has been tested with Node.js 18.x.
 
 ### 2. Clone the Cognito User Profiles Export Reference Architecture repository
 Clone the ```cognito-user-profiles-export-reference-architecture``` GitHub repositroy, then make the desired code changes.
 
 ```bash
-git clone https://github.com/awslabs/cognito-user-profiles-export-reference-architecture.git
+git clone https://github.com/aws-solutions/cognito-user-profiles-export-reference-architecture.git
 ```
 
 ### 3. Run unit tests
@@ -50,8 +50,10 @@ export SOLUTION_NAME=my-solution-name
 export VERSION=my-version # version number for the customized code
 ```
 
+_Note:_ When you define `DIST_OUTPUT_BUCKET`, a randomized value is recommended. Below, you will create two S3 buckets using this value in the two regions you want to use. 
+
 ### 5. Create an Amazon S3 bucket
-The AWS CloudFormation template is configured to pull the AWS Lambda deployment packages from Amazon S3 bucket in the region the template is being launched in. Create a bucket in the desitred region name appended to the name of the bucket. _Note:_ you must have the AWS Command Line Interface installed.
+The AWS CloudFormation template is configured to pull the AWS Lambda deployment packages from Amazon S3 bucket in the region the template is being launched in. Create a bucket in the desired region name appended to the name of the bucket. _Note:_ you must have the AWS Command Line Interface installed.
 ```bash
 aws s3 mb s3://$DIST_OUTPUT_BUCKET-$REGION --region $REGION
 aws s3 mb s3://$DIST_OUTPUT_BUCKET-$SECONDARY_REGION --region $SECONDARY_REGION
@@ -64,6 +66,14 @@ chmod +x ./build-s3-dist.sh
 ```
 
 ### 7. Upload deployment assets to your Amazon S3 bucket
+* If your S3 buckets were previously created, you can verify bucket ownership before uploading assets. No output from the `s3api` commands below indicates expected ownership. Unexpected owners will result in an error.
+
+```bash
+export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+aws s3api head-bucket --bucket $DIST_OUTPUT_BUCKET-$REGION --expected-bucket-owner $ACCOUNT_ID
+aws s3api head-bucket --bucket $DIST_OUTPUT_BUCKET-$SECONDARY_REGION --expected-bucket-owner $ACCOUNT_ID
+```
+
 * Deploy the distributable to an Amazon S3 bucket in your account. _Note:_ you must have the AWS Command Line Interface installed.
 ```bash
 aws s3 cp ./regional-s3-assets/ s3://$DIST_OUTPUT_BUCKET-$REGION/$SOLUTION_NAME/$VERSION/ --recursive --acl bucket-owner-full-control
@@ -93,11 +103,11 @@ aws s3 cp ./regional-s3-assets/ s3://$DIST_OUTPUT_BUCKET-$SECONDARY_REGION/$SOLU
   |- utils/
     |- custom-resource-helper-functions.js                      [ Exports common functions that can be used within custom resource lambda functions ]
     |- helper-functions.js                                      [ Exports utility functions to be used throughout the solution ]
-    |- metrics.js                                               [ Client for sending anonymous operational metrics ]
+    |- metrics.js                                               [ Client for sending anonymized operational metrics ]
   |- workflow-common/
     |- check-state-machine-executions.js                        [ Checks whether a state machine has multiple executions running ]
     |- check-workflow-queues.js                                 [ Checks whether the SQS queues used by the workflow are empty prior to proceeding ]
-    |- message-broker.js                                        [ Publishes info and error messages to the solution's SNS topic and if enabled, sends anonymous operational metrics ]
+    |- message-broker.js                                        [ Publishes info and error messages to the solution's SNS topic and if enabled, sends anonymized operational metrics ]
   |- workflow-export/
     |- backup-table-cleanup.js                                  [ Cleans up the Backup Table by identifying items that were not updated during the most recent export and removing them ]
     |- check-user-pool-config.js                                [ Checks the configuration of the primary user pool to ensure it is supported by the solution ]
@@ -114,7 +124,7 @@ aws s3 cp ./regional-s3-assets/ s3://$DIST_OUTPUT_BUCKET-$SECONDARY_REGION/$SOLU
 
 ## Collection of operational metrics
 
-This solution collects anonymous operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/cognito-user-profiles-export-reference-architecture/appendix-c.html).
+This solution collects anonymized operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/cognito-user-profiles-export-reference-architecture/appendix-c.html).
 
 ## License
 Cognito User Profiles Export Reference Architecture is distributed under the [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0).

diff --git a/deployment/cognito-user-profiles-export-reference-architecture.yaml b/deployment/cognito-user-profiles-export-reference-architecture.yaml
@@ -66,7 +66,7 @@ Metadata:
 Mappings:
   Solution:
     Config:
-      SendAnonymousData: "Yes" # change to 'No' to disable the collection of anonymous Operational Metrics for this solution
+      SendAnonymousData: "Yes" # change to 'No' to disable the collection of anonymized Operational Metrics for this solution
       SolutionId: SO0126
       Version: VERSION_PLACEHOLDER
       S3BucketPrefix: BUCKET_NAME_PLACEHOLDER
@@ -100,6 +100,7 @@ Resources:
 
   GlobalTableCreator:
     Type: AWS::Lambda::Function
+    DependsOn: GlobalTableCreatorRole
     Metadata:
       cfn_nag:
         rules_to_suppress:
@@ -114,7 +115,7 @@ Resources:
         S3Key: !Join ["/", [!FindInMap ["Solution", "Config", "S3KeyPrefix"], "custom-resources.zip"]]
       Handler: "custom-resources/global-table-creator.handler"
       Role: !GetAtt GlobalTableCreatorRole.Arn
-      Runtime: nodejs16.x
+      Runtime: nodejs18.x
       Timeout: 120
       MemorySize: 128
       Environment:
@@ -197,6 +198,7 @@ Resources:
 
   GlobalTableChecker:
     Type: AWS::Lambda::Function
+    DependsOn: GlobalTableCheckerRole
     Metadata:
       cfn_nag:
         rules_to_suppress:
@@ -214,7 +216,7 @@ Resources:
         S3Key: !Join ["/", [!FindInMap ["Solution", "Config", "S3KeyPrefix"], "custom-resources.zip"]]
       Handler: "custom-resources/global-table-checker.handler"
       Role: !GetAtt GlobalTableCheckerRole.Arn
-      Runtime: nodejs16.x
+      Runtime: nodejs18.x
       Timeout: 300
       MemorySize: 128
       Environment:
@@ -352,6 +354,7 @@ Resources:
 
   StackCheckerCustomResourceLambda:
     Type: AWS::Lambda::Function
+    DependsOn: StackCheckerCustomResourceLambdaRole
     Metadata:
       cfn_nag:
         rules_to_suppress:
@@ -369,7 +372,7 @@ Resources:
         S3Key: !Join ["/", [!FindInMap ["Solution", "Config", "S3KeyPrefix"], "custom-resources.zip"]]
       Handler: "custom-resources/stack-checker.handler"
       Role: !GetAtt StackCheckerCustomResourceLambdaRole.Arn
-      Runtime: nodejs16.x
+      Runtime: nodejs18.x
       Timeout: 120
       MemorySize: 128
       Environment:
@@ -447,6 +450,7 @@ Resources:
 
   SolutionConstantsCustomResourceLambda:
     Type: AWS::Lambda::Function
+    DependsOn: SolutionConstantsCustomResourceLambdaRole
     Metadata:
       cfn_nag:
         rules_to_suppress:
@@ -464,7 +468,7 @@ Resources:
         S3Key: !Join ["/", [!FindInMap ["Solution", "Config", "S3KeyPrefix"], "custom-resources.zip"]]
       Handler: "custom-resources/solution-constants.handler"
       Role: !GetAtt SolutionConstantsCustomResourceLambdaRole.Arn
-      Runtime: nodejs16.x
+      Runtime: nodejs18.x
       Timeout: 60
       MemorySize: 128
       Environment:
@@ -510,6 +514,7 @@ Resources:
 
   StackSetManagerCustomResourceLambda:
     Type: AWS::Lambda::Function
+    DependsOn: StackSetManagerCustomResourceLambdaRole
     Metadata:
       cfn_nag:
         rules_to_suppress:
@@ -527,7 +532,7 @@ Resources:
         S3Key: !Join ["/", [!FindInMap ["Solution", "Config", "S3KeyPrefix"], "custom-resources.zip"]]
       Handler: "custom-resources/stackset-manager.handler"
       Role: !GetAtt StackSetManagerCustomResourceLambdaRole.Arn
-      Runtime: nodejs16.x
+      Runtime: nodejs18.x
       Timeout: 300
       MemorySize: 128
       Environment:
@@ -808,6 +813,7 @@ Resources:
 
   StackSetCheckStatusLambda:
     Type: AWS::Lambda::Function
+    DependsOn: StackSetCheckStatusLambdaRole
     Metadata:
       cfn_nag:
         rules_to_suppress:
@@ -825,7 +831,7 @@ Resources:
         S3Key: !Join ["/", [!FindInMap ["Solution", "Config", "S3KeyPrefix"], "custom-resources.zip"]]
       Handler: "custom-resources/check-stackset-status.handler"
       Role: !GetAtt StackSetCheckStatusLambdaRole.Arn
-      Runtime: nodejs16.x
+      Runtime: nodejs18.x
       Timeout: 300
       MemorySize: 128
       Environment: