diff --git a/.mergify.yml b/.mergify.yml index 24f5698c49f27..55a700cee4e2f 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -4,7 +4,17 @@ queue_rules: update_method: merge merge_method: merge conditions: + - -title~=(WIP|wip) + - -label~=(blocked|do-not-merge) + # Only if no-squash is set + - label~=no-squash + - -merged + - -closed + - "#approved-reviews-by>=1" + - -approved-reviews-by~=author + - "#changes-requested-reviews-by=0" - status-success~=AWS CodeBuild us-east-1 + - status-success=validate-pr commit_message_template: |- {{ title }} (#{{ number }}) {{ body }} @@ -13,7 +23,16 @@ queue_rules: update_method: merge merge_method: squash conditions: + - base!=release + - -title~=(WIP|wip) + - -label~=(blocked|do-not-merge|no-squash) + - -merged + - -closed + - "#approved-reviews-by>=1" + - -approved-reviews-by~=author + - "#changes-requested-reviews-by=0" - status-success~=AWS CodeBuild us-east-1 + - status-success=validate-pr commit_message_template: |- {{ title }} (#{{ number }}) {{ body }} diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 9038ec97d4f2d..05f256ef79507 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,29 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.165.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.164.1-alpha.0...v2.165.0-alpha.0) (2024-10-31) + + +### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES + +* **ec2-alpha:** The new `VpcCidrBlock` L2 construct replaces `CfnVPCCidrBlock`. This change alters the logical ID of `AWS::EC2::VPCCidrBlock` resources in CloudFormation templates. Existing deployments will see errors like `CIDR range conflicts with x.xx.xx.xx/xx with association ID vpc-cidr-assoc-ABCD`. To resolve this, you must recreate your existing stacks to use the new module. + +### Features + +* **apprunner:** support vpc ingress connection ([#30623](https://github.com/aws/aws-cdk/issues/30623)) ([048e753](https://github.com/aws/aws-cdk/commit/048e7538dd71d69c2add28ff454b6d9c69b4f256)), closes [#22850](https://github.com/aws/aws-cdk/issues/22850) +* **ec2-alpha:** adding imports for SubnetV2 and VpcV2 ([#31765](https://github.com/aws/aws-cdk/issues/31765)) ([d108a80](https://github.com/aws/aws-cdk/commit/d108a8003e463301acea15076501cd815b0eda4a)) +* **location:** support Tracker and TrackerConsumer ([#31268](https://github.com/aws/aws-cdk/issues/31268)) ([046f041](https://github.com/aws/aws-cdk/commit/046f0418a3de08a59c940a7a3d93148cb5f0659b)), closes [#30712](https://github.com/aws/aws-cdk/issues/30712) +* **pipes-enrichments:** support API Gateway enrichment ([#31794](https://github.com/aws/aws-cdk/issues/31794)) ([09052c2](https://github.com/aws/aws-cdk/commit/09052c2060c410028896fd54e76a857b2141c8a4)), closes [#29384](https://github.com/aws/aws-cdk/issues/29384) +* **pipes-targets:** add SageMaker ([#30696](https://github.com/aws/aws-cdk/issues/30696)) ([a5fdf57](https://github.com/aws/aws-cdk/commit/a5fdf570beb1456b1307276f56d90fd1ba0b46d8)) +* **redshift-alpha:** query execution timeout setting during table creation ([#31818](https://github.com/aws/aws-cdk/issues/31818)) ([40f07ae](https://github.com/aws/aws-cdk/commit/40f07ae330d074cfa7861e24a0427da7ec427f68)), closes [#31329](https://github.com/aws/aws-cdk/issues/31329) +* **kinesisfirehose-alpha:** kinesis firehose and kinesis firehose destinations modules are now in Developer Preview ([#31952](https://github.com/aws/aws-cdk/pull/31952)) + +### Bug Fixes + +* **location:** remove base class from PlaceIndex class ([#31287](https://github.com/aws/aws-cdk/issues/31287)) ([bc67866](https://github.com/aws/aws-cdk/commit/bc67866f579c401556d427eb150bcd118d69bd17)), closes [#30711](https://github.com/aws/aws-cdk/issues/30711) [#30682](https://github.com/aws/aws-cdk/issues/30682) +* **scheduler-alpha:** scheduler input always get transformed to string with extra double quotes ([#31894](https://github.com/aws/aws-cdk/issues/31894)) ([186b8ab](https://github.com/aws/aws-cdk/commit/186b8abfab8452b31cba13b56998242f63c43159)) +* **scheduler-alpha:** too many KMS permissions granted ([#31923](https://github.com/aws/aws-cdk/issues/31923)) ([06678a3](https://github.com/aws/aws-cdk/commit/06678a39e029582af14c8b021f946b9ce9cac9be)), closes [#31785](https://github.com/aws/aws-cdk/issues/31785) + ## [2.164.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.164.0-alpha.0...v2.164.1-alpha.0) (2024-10-25) ## [2.164.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.163.1-alpha.0...v2.164.0-alpha.0) (2024-10-24) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 1013b47650314..33e340ebc90e5 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,29 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.165.0](https://github.com/aws/aws-cdk/compare/v2.164.1...v2.165.0) (2024-10-31) + + +### Features + +* **bootstrap:** add lifecycle rule to abort multipart uploads after 7 days ([#31956](https://github.com/aws/aws-cdk/issues/31956)) ([b800da8](https://github.com/aws/aws-cdk/commit/b800da8172919a1ab27f885549e701d98323c9bb)), closes [#29045](https://github.com/aws/aws-cdk/issues/29045) +* **bootstrap:** delete noncurrent versions after 30 days ([#31949](https://github.com/aws/aws-cdk/issues/31949)) ([579041e](https://github.com/aws/aws-cdk/commit/579041e5d41e780ce1f6fb9f778c353868fb6938)) +* **cli:** garbage collect ecr assets (under --unstable flag) ([#31841](https://github.com/aws/aws-cdk/issues/31841)) ([da85e54](https://github.com/aws/aws-cdk/commit/da85e54d7d3dfb4e33942f58564e91039e7d22ff)), closes [#31611](https://github.com/aws/aws-cdk/issues/31611) +* **codebuild:** add support of organization webhook in github source ([#31740](https://github.com/aws/aws-cdk/issues/31740)) ([8c15b5f](https://github.com/aws/aws-cdk/commit/8c15b5f19a0c289fd0dad8c35b6734232d957836)), closes [#31736](https://github.com/aws/aws-cdk/issues/31736) +* **cognito:** support UserPoolGroup ([#31351](https://github.com/aws/aws-cdk/issues/31351)) ([408b20f](https://github.com/aws/aws-cdk/commit/408b20f92122069a04ff5776b4783ae220d04a56)), closes [#21026](https://github.com/aws/aws-cdk/issues/21026) +* update L1 CloudFormation resource definitions ([#31917](https://github.com/aws/aws-cdk/issues/31917)) ([8c93291](https://github.com/aws/aws-cdk/commit/8c93291f789b441397bc5a64308816e89f682199)) + + +### Bug Fixes + +* **assertions:** throw error or warn when `synth` is called multiple times on mutated construct tree ([#31865](https://github.com/aws/aws-cdk/issues/31865)) ([a261c9d](https://github.com/aws/aws-cdk/commit/a261c9d8a316ec389f19c873122691d48c5ca16d)), closes [#24689](https://github.com/aws/aws-cdk/issues/24689) +* **cli:** ecr garbage collection hangs when repository has no images ([#31951](https://github.com/aws/aws-cdk/issues/31951)) ([a235a9f](https://github.com/aws/aws-cdk/commit/a235a9fad29bf0da141b27ca391861fa613f42b8)) +* **cli:** garbage collection ignores review_in_progress stacks ([#31906](https://github.com/aws/aws-cdk/issues/31906)) ([cb3ecfe](https://github.com/aws/aws-cdk/commit/cb3ecfe8f255e626db3706632c9590c86c28bea5)) +* **s3-assets:** cannot publish a file without extension ([#30597](https://github.com/aws/aws-cdk/issues/30597)) ([ccab485](https://github.com/aws/aws-cdk/commit/ccab485b87a7090ddf0773508d7b8ee84ff654b0)), closes [#30471](https://github.com/aws/aws-cdk/issues/30471) +* **sqs:** queue with `fifo: false` does not deploy ([#31922](https://github.com/aws/aws-cdk/issues/31922)) ([a9d3b02](https://github.com/aws/aws-cdk/commit/a9d3b02783104fe862a3e863e8c89af845b49c8c)), closes [#8550](https://github.com/aws/aws-cdk/issues/8550) +* enable node-fips compatible body checksums for S3 ([#31883](https://github.com/aws/aws-cdk/issues/31883)) ([4f29c1d](https://github.com/aws/aws-cdk/commit/4f29c1d04533b68535c1a5706855066d1d1ea577)) + + ## [2.164.1](https://github.com/aws/aws-cdk/compare/v2.164.0...v2.164.1) (2024-10-25) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c6e612584e352 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integ.json new file mode 100644 index 0000000000000..b3f8f40c776a5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "38.0.1", + "testCases": { + "integ-kinesis-resource-policy/DefaultTest": { + "stacks": [ + "kinesis-resource-policy" + ], + "stackUpdateWorkflow": false, + "assertionStack": "integ-kinesis-resource-policy/DefaultTest/DeployAssert", + "assertionStackName": "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets.json new file mode 100644 index 0000000000000..10ed04c6cb3b2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.assets.json new file mode 100644 index 0000000000000..41aa262dfadaa --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "25f5843484c10a3b762cdda9cddcdbaf948c1d795dd2294a83ba77c6c1b732ef": { + "source": { + "path": "kinesis-resource-policy.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "25f5843484c10a3b762cdda9cddcdbaf948c1d795dd2294a83ba77c6c1b732ef.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.template.json new file mode 100644 index 0000000000000..7431a787d0228 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.template.json @@ -0,0 +1,128 @@ +{ + "Resources": { + "MyStream5C050E93": { + "Type": "AWS::Kinesis::Stream", + "Properties": { + "RetentionPeriodHours": 24, + "ShardCount": 1, + "StreamEncryption": { + "Fn::If": [ + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + { + "Ref": "AWS::NoValue" + }, + { + "EncryptionType": "KMS", + "KeyId": "alias/aws/kinesis" + } + ] + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "MyStreamPolicyC34ACF94": { + "Type": "AWS::Kinesis::ResourcePolicy", + "Properties": { + "ResourceArn": { + "Fn::GetAtt": [ + "MyStream5C050E93", + "Arn" + ] + }, + "ResourcePolicy": { + "Statement": [ + { + "Action": [ + "kinesis:DescribeStreamSummary", + "kinesis:GetRecords" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": { + "Fn::GetAtt": [ + "MyStream5C050E93", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + } + } + } + }, + "Conditions": { + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": { + "Fn::Or": [ + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "cn-north-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "cn-northwest-1" + ] + } + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/manifest.json new file mode 100644 index 0000000000000..5b7e1577fd04f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/manifest.json @@ -0,0 +1,127 @@ +{ + "version": "38.0.1", + "artifacts": { + "kinesis-resource-policy.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "kinesis-resource-policy.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "kinesis-resource-policy": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "kinesis-resource-policy.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/25f5843484c10a3b762cdda9cddcdbaf948c1d795dd2294a83ba77c6c1b732ef.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "kinesis-resource-policy.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "kinesis-resource-policy.assets" + ], + "metadata": { + "/kinesis-resource-policy/MyStream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyStream5C050E93" + } + ], + "/kinesis-resource-policy/MyStream/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyStreamPolicyC34ACF94" + } + ], + "/kinesis-resource-policy/AwsCdkKinesisEncryptedStreamsUnsupportedRegions": [ + { + "type": "aws:cdk:logicalId", + "data": "AwsCdkKinesisEncryptedStreamsUnsupportedRegions" + } + ], + "/kinesis-resource-policy/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/kinesis-resource-policy/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "kinesis-resource-policy" + }, + "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets" + ], + "metadata": { + "/integ-kinesis-resource-policy/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-kinesis-resource-policy/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-kinesis-resource-policy/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/tree.json new file mode 100644 index 0000000000000..1cb4e4dd9901b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/tree.json @@ -0,0 +1,211 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "kinesis-resource-policy": { + "id": "kinesis-resource-policy", + "path": "kinesis-resource-policy", + "children": { + "MyStream": { + "id": "MyStream", + "path": "kinesis-resource-policy/MyStream", + "children": { + "Resource": { + "id": "Resource", + "path": "kinesis-resource-policy/MyStream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Kinesis::Stream", + "aws:cdk:cloudformation:props": { + "retentionPeriodHours": 24, + "shardCount": 1, + "streamEncryption": { + "Fn::If": [ + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + { + "Ref": "AWS::NoValue" + }, + { + "EncryptionType": "KMS", + "KeyId": "alias/aws/kinesis" + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.CfnStream", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "kinesis-resource-policy/MyStream/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "kinesis-resource-policy/MyStream/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Kinesis::ResourcePolicy", + "aws:cdk:cloudformation:props": { + "resourceArn": { + "Fn::GetAtt": [ + "MyStream5C050E93", + "Arn" + ] + }, + "resourcePolicy": { + "Statement": [ + { + "Action": [ + "kinesis:DescribeStreamSummary", + "kinesis:GetRecords" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": { + "Fn::GetAtt": [ + "MyStream5C050E93", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.CfnResourcePolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.ResourcePolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.Stream", + "version": "0.0.0" + } + }, + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": { + "id": "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + "path": "kinesis-resource-policy/AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnCondition", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "kinesis-resource-policy/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "kinesis-resource-policy/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integ-kinesis-resource-policy": { + "id": "integ-kinesis-resource-policy", + "path": "integ-kinesis-resource-policy", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-kinesis-resource-policy/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-kinesis-resource-policy/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-kinesis-resource-policy/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-kinesis-resource-policy/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-kinesis-resource-policy/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.ts new file mode 100644 index 0000000000000..bd9911520e5c6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.ts @@ -0,0 +1,23 @@ +import { App, Stack } from 'aws-cdk-lib'; +import { Stream } from 'aws-cdk-lib/aws-kinesis'; +import { AccountPrincipal, PolicyStatement } from 'aws-cdk-lib/aws-iam'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new App(); +const stack = new Stack(app, 'kinesis-resource-policy'); + +const stream = new Stream(stack, 'MyStream'); + +stream.addToResourcePolicy(new PolicyStatement({ + resources: [stream.streamArn], + actions: [ + 'kinesis:DescribeStreamSummary', + 'kinesis:GetRecords', + ], + principals: [new AccountPrincipal(stack.account)], +})); + +new IntegTest(app, 'integ-kinesis-resource-policy', { + testCases: [stack], + stackUpdateWorkflow: false, +}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets.json new file mode 100644 index 0000000000000..7490b2af331b6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c6e612584e352 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/integ.json new file mode 100644 index 0000000000000..c30c931da4d49 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "38.0.1", + "testCases": { + "Route53RecordWeightFromCfnParameterInteg/DefaultTest": { + "stacks": [ + "record-weight-from-cfnparameter" + ], + "assertionStack": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert", + "assertionStackName": "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/manifest.json new file mode 100644 index 0000000000000..097e080ec6024 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/manifest.json @@ -0,0 +1,163 @@ +{ + "version": "38.0.1", + "artifacts": { + "record-weight-from-cfnparameter.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "record-weight-from-cfnparameter.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "record-weight-from-cfnparameter": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "record-weight-from-cfnparameter.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9603704f36aac4a47218ab44a07a0ea096d4ef0e4c35203a39f72aef7b709c33.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "record-weight-from-cfnparameter.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "record-weight-from-cfnparameter.assets" + ], + "metadata": { + "/record-weight-from-cfnparameter/HostedZone/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HostedZoneDB99F866" + } + ], + "/record-weight-from-cfnparameter/RecordWeight0": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWeight0" + } + ], + "/record-weight-from-cfnparameter/RecordWeight1": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWeight1" + } + ], + "/record-weight-from-cfnparameter/RecordWeight2": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWeight2" + } + ], + "/record-weight-from-cfnparameter/RecordWeight3": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWeight3" + } + ], + "/record-weight-from-cfnparameter/RecordWithParamWeight0/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWithParamWeight01950FDF7" + } + ], + "/record-weight-from-cfnparameter/RecordWithParamWeight1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWithParamWeight182FF0BDE" + } + ], + "/record-weight-from-cfnparameter/RecordWithParamWeight2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWithParamWeight2C5120D0E" + } + ], + "/record-weight-from-cfnparameter/RecordWithParamWeight3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWithParamWeight37D431545" + } + ], + "/record-weight-from-cfnparameter/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/record-weight-from-cfnparameter/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "record-weight-from-cfnparameter" + }, + "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets" + ], + "metadata": { + "/Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.assets.json new file mode 100644 index 0000000000000..739fa4bf65e2e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "9603704f36aac4a47218ab44a07a0ea096d4ef0e4c35203a39f72aef7b709c33": { + "source": { + "path": "record-weight-from-cfnparameter.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "9603704f36aac4a47218ab44a07a0ea096d4ef0e4c35203a39f72aef7b709c33.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.template.json new file mode 100644 index 0000000000000..6a96397fb1b62 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.template.json @@ -0,0 +1,184 @@ +{ + "Resources": { + "HostedZoneDB99F866": { + "Type": "AWS::Route53::HostedZone", + "Properties": { + "Name": "cdk.dev." + } + }, + "RecordWithParamWeight01950FDF7": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "ResourceRecords": [ + "1.2.3.4" + ], + "SetIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight0" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight059BCC4E1" + ] + ] + }, + "TTL": "10", + "Type": "A", + "Weight": { + "Ref": "RecordWeight0" + } + } + }, + "RecordWithParamWeight182FF0BDE": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "ResourceRecords": [ + "2.3.4.5" + ], + "SetIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight1" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight1304B1475" + ] + ] + }, + "TTL": "10", + "Type": "A", + "Weight": { + "Ref": "RecordWeight1" + } + } + }, + "RecordWithParamWeight2C5120D0E": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "ResourceRecords": [ + "3.4.5.6" + ], + "SetIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight2" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight25B9D18F1" + ] + ] + }, + "TTL": "10", + "Type": "A", + "Weight": { + "Ref": "RecordWeight2" + } + } + }, + "RecordWithParamWeight37D431545": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "ResourceRecords": [ + "4.5.6.7" + ], + "SetIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight3" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight37DA83B23" + ] + ] + }, + "TTL": "10", + "Type": "A", + "Weight": { + "Ref": "RecordWeight3" + } + } + } + }, + "Parameters": { + "RecordWeight0": { + "Type": "Number", + "Default": 0, + "MaxValue": 255, + "MinValue": 0 + }, + "RecordWeight1": { + "Type": "Number", + "Default": 0, + "MaxValue": 255, + "MinValue": 0 + }, + "RecordWeight2": { + "Type": "Number", + "Default": 0, + "MaxValue": 255, + "MinValue": 0 + }, + "RecordWeight3": { + "Type": "Number", + "Default": 0, + "MaxValue": 255, + "MinValue": 0 + }, + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/tree.json new file mode 100644 index 0000000000000..17c358fac61fc --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/tree.json @@ -0,0 +1,345 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "record-weight-from-cfnparameter": { + "id": "record-weight-from-cfnparameter", + "path": "record-weight-from-cfnparameter", + "children": { + "HostedZone": { + "id": "HostedZone", + "path": "record-weight-from-cfnparameter/HostedZone", + "children": { + "Resource": { + "id": "Resource", + "path": "record-weight-from-cfnparameter/HostedZone/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::HostedZone", + "aws:cdk:cloudformation:props": { + "name": "cdk.dev." + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWeight0": { + "id": "RecordWeight0", + "path": "record-weight-from-cfnparameter/RecordWeight0", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWeight1": { + "id": "RecordWeight1", + "path": "record-weight-from-cfnparameter/RecordWeight1", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWeight2": { + "id": "RecordWeight2", + "path": "record-weight-from-cfnparameter/RecordWeight2", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWeight3": { + "id": "RecordWeight3", + "path": "record-weight-from-cfnparameter/RecordWeight3", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWithParamWeight0": { + "id": "RecordWithParamWeight0", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight0", + "children": { + "Resource": { + "id": "Resource", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight0/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "resourceRecords": [ + "1.2.3.4" + ], + "setIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight0" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight059BCC4E1" + ] + ] + }, + "ttl": "10", + "type": "A", + "weight": { + "Ref": "RecordWeight0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWithParamWeight1": { + "id": "RecordWithParamWeight1", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight1", + "children": { + "Resource": { + "id": "Resource", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "resourceRecords": [ + "2.3.4.5" + ], + "setIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight1" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight1304B1475" + ] + ] + }, + "ttl": "10", + "type": "A", + "weight": { + "Ref": "RecordWeight1" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWithParamWeight2": { + "id": "RecordWithParamWeight2", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight2", + "children": { + "Resource": { + "id": "Resource", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "resourceRecords": [ + "3.4.5.6" + ], + "setIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight2" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight25B9D18F1" + ] + ] + }, + "ttl": "10", + "type": "A", + "weight": { + "Ref": "RecordWeight2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWithParamWeight3": { + "id": "RecordWithParamWeight3", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight3", + "children": { + "Resource": { + "id": "Resource", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "resourceRecords": [ + "4.5.6.7" + ], + "setIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight3" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight37DA83B23" + ] + ] + }, + "ttl": "10", + "type": "A", + "weight": { + "Ref": "RecordWeight3" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "record-weight-from-cfnparameter/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "record-weight-from-cfnparameter/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "Route53RecordWeightFromCfnParameterInteg": { + "id": "Route53RecordWeightFromCfnParameterInteg", + "path": "Route53RecordWeightFromCfnParameterInteg", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "Route53RecordWeightFromCfnParameterInteg/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.ts new file mode 100644 index 0000000000000..6d2d2160aa059 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.ts @@ -0,0 +1,44 @@ +import { App, CfnParameter, Duration, Stack, StackProps } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import * as route53 from 'aws-cdk-lib/aws-route53'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +class TestStack extends Stack { + constructor(scope: Construct, id: string, props?: StackProps) { + super(scope, id, props); + + const hostedZone = new route53.PublicHostedZone(this, 'HostedZone', { + zoneName: 'cdk.dev', + }); + + const weightParameterProps = { + type: 'Number', + default: 0, + minValue: 0, + maxValue: 255, + }; + + [ + { target: '1.2.3.4', weight: new CfnParameter(this, 'RecordWeight0', weightParameterProps) }, + { target: '2.3.4.5', weight: new CfnParameter(this, 'RecordWeight1', weightParameterProps) }, + { target: '3.4.5.6', weight: new CfnParameter(this, 'RecordWeight2', weightParameterProps) }, + { target: '4.5.6.7', weight: new CfnParameter(this, 'RecordWeight3', weightParameterProps) }, + ].forEach((data, index) => { + new route53.ARecord(this, `RecordWithParamWeight${index}`, { + zone: hostedZone, + recordName: 'www', + weight: data.weight.valueAsNumber, + ttl: Duration.seconds(10), + target: route53.RecordTarget.fromIpAddresses(data.target), + }); + }); + } +} + +const app = new App(); +const stack = new TestStack(app, 'record-weight-from-cfnparameter'); + +new IntegTest(app, 'Route53RecordWeightFromCfnParameterInteg', { + testCases: [stack], +}); +app.synth(); diff --git a/packages/aws-cdk-lib/aws-kinesis/README.md b/packages/aws-cdk-lib/aws-kinesis/README.md index b8b22dffda657..27f89e65b7626 100644 --- a/packages/aws-cdk-lib/aws-kinesis/README.md +++ b/packages/aws-cdk-lib/aws-kinesis/README.md @@ -15,6 +15,8 @@ intake and aggregation. - [Write Permissions](#write-permissions) - [Custom Permissions](#custom-permissions) - [Metrics](#metrics) + - [Resource Policy](#resource-policy) + ## Streams @@ -186,3 +188,49 @@ stream.metricGetRecordsSuccess(); // using pre-defined and overriding the statistic stream.metricGetRecordsSuccess({ statistic: 'Maximum' }); ``` + +### Resource Policy + +You can create a resource policy for a data stream. +For more information, see [Controlling access to Amazon Kinesis Data Streams resources using IAM](https://docs.aws.amazon.com/streams/latest/dev/controlling-access.html). + +A resource policy is automatically created when `addToResourcePolicy` is called, if one doesn't already exist. + +Using `addToResourcePolicy` is the simplest way to add a resource policy: + +```ts +const stream = new kinesis.Stream(this, 'MyStream'); + +// create a resource policy via addToResourcePolicy method +stream.addToResourcePolicy(new iam.PolicyStatement({ + resources: [stream.streamArn], + actions: ['kinesis:GetRecords'], + principals: [new iam.AnyPrincipal()], +})); +``` + +You can create a resource manually by using `ResourcePolicy`. +Also, you can set a custom policy document to `ResourcePolicy`. +If not, a blank policy document will be set. + +```ts +const stream = new kinesis.Stream(this, 'MyStream'); + +// create a custom policy document +const policyDocument = new iam.PolicyDocument({ + assignSids: true, + statements: [ + new iam.PolicyStatement({ + actions: ['kinesis:GetRecords'], + resources: [stream.streamArn], + principals: [new iam.AnyPrincipal()], + }), + ], +}); + +// create a resource policy manually +new kinesis.ResourcePolicy(this, 'ResourcePolicy', { + stream, + policyDocument, +}); +``` \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-kinesis/lib/index.ts b/packages/aws-cdk-lib/aws-kinesis/lib/index.ts index bb8cedbc5558c..c239368eaa87c 100644 --- a/packages/aws-cdk-lib/aws-kinesis/lib/index.ts +++ b/packages/aws-cdk-lib/aws-kinesis/lib/index.ts @@ -1,4 +1,5 @@ export * from './stream'; +export * from './resource-policy'; // AWS::Kinesis CloudFormation Resources: export * from './kinesis.generated'; diff --git a/packages/aws-cdk-lib/aws-kinesis/lib/resource-policy.ts b/packages/aws-cdk-lib/aws-kinesis/lib/resource-policy.ts new file mode 100644 index 0000000000000..3987268f52bfe --- /dev/null +++ b/packages/aws-cdk-lib/aws-kinesis/lib/resource-policy.ts @@ -0,0 +1,54 @@ +import { Construct } from 'constructs'; +import { CfnResourcePolicy } from './kinesis.generated'; +import { IStream } from './stream'; +import { PolicyDocument } from '../../aws-iam'; +import { Resource } from '../../core'; + +/** + * Properties to associate a data stream with a policy + */ +export interface ResourcePolicyProps { + /** + * The stream this policy applies to. + */ + readonly stream: IStream; + + /** + * IAM policy document to apply to a data stream. + * + * @default - empty policy document + */ + readonly policyDocument?: PolicyDocument; +} + +/** + * The policy for a data stream or registered consumer. + * + * Policies define the operations that are allowed on this resource. + * + * You almost never need to define this construct directly. + * + * All AWS resources that support resource policies have a method called + * `addToResourcePolicy()`, which will automatically create a new resource + * policy if one doesn't exist yet, otherwise it will add to the existing + * policy. + * + * Prefer to use `addToResourcePolicy()` instead. + */ +export class ResourcePolicy extends Resource { + /** + * The IAM policy document for this policy. + */ + public readonly document = new PolicyDocument(); + + constructor(scope: Construct, id: string, props: ResourcePolicyProps) { + super(scope, id); + + this.document = props.policyDocument ?? this.document; + + new CfnResourcePolicy(this, 'Resource', { + resourcePolicy: this.document, + resourceArn: props.stream.streamArn, + }); + } +} diff --git a/packages/aws-cdk-lib/aws-kinesis/lib/stream.ts b/packages/aws-cdk-lib/aws-kinesis/lib/stream.ts index 59ee9d4ff5d87..0fb74df769f50 100644 --- a/packages/aws-cdk-lib/aws-kinesis/lib/stream.ts +++ b/packages/aws-cdk-lib/aws-kinesis/lib/stream.ts @@ -1,10 +1,11 @@ import { Construct } from 'constructs'; import { KinesisMetrics } from './kinesis-fixed-canned-metrics'; import { CfnStream } from './kinesis.generated'; +import { ResourcePolicy } from './resource-policy'; import * as cloudwatch from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; -import { ArnFormat, Aws, CfnCondition, Duration, Fn, IResolvable, IResource, RemovalPolicy, Resource, Stack, Token } from '../../core'; +import { ArnFormat, Aws, CfnCondition, Duration, Fn, IResolvable, IResource, RemovalPolicy, Resource, ResourceProps, Stack, Token } from '../../core'; const READ_OPERATIONS = [ 'kinesis:DescribeStreamSummary', @@ -46,6 +47,15 @@ export interface IStream extends IResource { */ readonly encryptionKey?: kms.IKey; + /** + * Adds a statement to the IAM resource policy associated with this stream. + * + * If this stream was created in this stack (`new Stream`), a resource policy + * will be automatically created upon the first call to `addToResourcePolicy`. If + * the stream is imported (`Stream.import`), then this is a no-op. + */ + addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult; + /** * Grant read permissions for this stream and its contents to an IAM * principal (Role/Group/User). @@ -328,6 +338,41 @@ abstract class StreamBase extends Resource implements IStream { */ public abstract readonly encryptionKey?: kms.IKey; + /** + * Indicates if a stream resource policy should automatically be created upon + * the first call to `addToResourcePolicy`. + * + * Set by subclasses. + */ + protected abstract readonly autoCreatePolicy: boolean; + + private resourcePolicy?: ResourcePolicy; + + constructor(scope: Construct, id: string, props: ResourceProps = {}) { + super(scope, id, props); + + this.node.addValidation({ validate: () => this.resourcePolicy?.document.validateForResourcePolicy() ?? [] }); + } + + /** + * Adds a statement to the IAM resource policy associated with this stream. + * + * If this stream was created in this stack (`new Strem`), a resource policy + * will be automatically created upon the first call to `addToResourcePolicy`. If + * the stream is imported (`Stream.import`), then this is a no-op. + */ + public addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult { + if (!this.resourcePolicy && this.autoCreatePolicy) { + this.resourcePolicy = new ResourcePolicy(this, 'Policy', { stream: this }); + } + + if (this.resourcePolicy) { + this.resourcePolicy.document.addStatements(statement); + return { statementAdded: true, policyDependable: this.resourcePolicy }; + } + return { statementAdded: false }; + } + /** * Grant read permissions for this stream and its contents to an IAM * principal (Role/Group/User). @@ -747,6 +792,8 @@ export class Stream extends StreamBase { public readonly streamArn = attrs.streamArn; public readonly streamName = Stack.of(scope).splitArn(attrs.streamArn, ArnFormat.SLASH_RESOURCE_NAME).resourceName!; public readonly encryptionKey = attrs.encryptionKey; + + protected readonly autoCreatePolicy = false; } return new Import(scope, id, { @@ -760,6 +807,8 @@ export class Stream extends StreamBase { private readonly stream: CfnStream; + protected readonly autoCreatePolicy = true; + constructor(scope: Construct, id: string, props: StreamProps = {}) { super(scope, id, { physicalName: props.streamName, @@ -771,7 +820,7 @@ export class Stream extends StreamBase { if (streamMode === StreamMode.ON_DEMAND && shardCount !== undefined) { throw new Error(`streamMode must be set to ${StreamMode.PROVISIONED} (default) when specifying shardCount`); } - if ( (streamMode === StreamMode.PROVISIONED || streamMode === undefined) && shardCount === undefined) { + if ((streamMode === StreamMode.PROVISIONED || streamMode === undefined) && shardCount === undefined) { shardCount = 1; } @@ -849,7 +898,7 @@ export class Stream extends StreamBase { } if (encryptionType === StreamEncryption.UNENCRYPTED) { - return { }; + return {}; } if (encryptionType === StreamEncryption.MANAGED) { diff --git a/packages/aws-cdk-lib/aws-kinesis/test/resource-policy.test.ts b/packages/aws-cdk-lib/aws-kinesis/test/resource-policy.test.ts new file mode 100644 index 0000000000000..01cd727cf8aed --- /dev/null +++ b/packages/aws-cdk-lib/aws-kinesis/test/resource-policy.test.ts @@ -0,0 +1,45 @@ +import { Template } from '../../assertions'; +import * as iam from '../../aws-iam'; +import { Stack } from '../../core'; +import { ResourcePolicy, Stream } from '../lib'; + +describe('Kinesis resource policy', () => { + test('create resource policy', () => { + // GIVEN + const stack = new Stack(); + const stream = new Stream(stack, 'Stream', {}); + + // WHEN + const policyDocument = new iam.PolicyDocument({ + assignSids: true, + statements: [ + new iam.PolicyStatement({ + actions: ['kinesis:GetRecords'], + principals: [new iam.AnyPrincipal()], + resources: [stream.streamArn], + }), + ], + }); + + new ResourcePolicy(stack, 'ResourcePolicy', { + stream, + policyDocument, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Kinesis::ResourcePolicy', { + ResourcePolicy: { + Version: '2012-10-17', + Statement: [ + { + Sid: '0', + Action: 'kinesis:GetRecords', + Effect: 'Allow', + Principal: { AWS: '*' }, + Resource: stack.resolve(stream.streamArn), + }, + ], + }, + }); + }); +}); diff --git a/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts b/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts index 841c95877ef53..c9e7569bdf1d8 100644 --- a/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts +++ b/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts @@ -1289,4 +1289,32 @@ describe('Kinesis data streams', () => { DeletionPolicy: CfnDeletionPolicy.DELETE, }); }); + + test('addToResourcePolicy will automatically create a policy for this stream', () => { + // GIVEN + const stack = new Stack(); + const stream = new Stream(stack, 'Stream', {}); + + // WHEN + stream.addToResourcePolicy(new iam.PolicyStatement({ + actions: ['kinesis:GetRecords'], + principals: [new iam.AnyPrincipal()], + resources: [stream.streamArn], + })); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Kinesis::ResourcePolicy', { + ResourcePolicy: { + Version: '2012-10-17', + Statement: [ + { + Action: 'kinesis:GetRecords', + Effect: 'Allow', + Principal: { AWS: '*' }, + Resource: stack.resolve(stream.streamArn), + }, + ], + }, + }); + }); }); diff --git a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts index 6706443b1f260..ef5982da54610 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts @@ -296,7 +296,7 @@ export class RecordSet extends Resource implements IRecordSet { constructor(scope: Construct, id: string, props: RecordSetProps) { super(scope, id); - if (props.weight && (props.weight < 0 || props.weight > 255)) { + if (props.weight && !Token.isUnresolved(props.weight) && (props.weight < 0 || props.weight > 255)) { throw new Error(`weight must be between 0 and 255 inclusive, got: ${props.weight}`); } if (props.setIdentifier && (props.setIdentifier.length < 1 || props.setIdentifier.length > 128)) { @@ -406,8 +406,15 @@ export class RecordSet extends Resource implements IRecordSet { } if (this.weight !== undefined) { - const idPrefix = `WEIGHT_${this.weight}_ID_`; - return this.createIdentifier(idPrefix); + if (Token.isUnresolved(this.weight)) { + const replacement = 'XXX'; // XXX simply because 255 is the highest value for a record weight + const idPrefix = `WEIGHT_${replacement}_ID_`; + const idTemplate = this.createIdentifier(idPrefix); + return idTemplate.replace(replacement, Token.asString(this.weight)); + } else { + const idPrefix = `WEIGHT_${this.weight}_ID_`; + return this.createIdentifier(idPrefix); + } } if (this.region) { diff --git a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts index 20abd698ee68b..f66b283b1aaca 100644 --- a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts +++ b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts @@ -4,7 +4,7 @@ import * as cloudfront from '../../aws-cloudfront'; import * as origins from '../../aws-cloudfront-origins'; import * as iam from '../../aws-iam'; import * as targets from '../../aws-route53-targets'; -import { Duration, RemovalPolicy, Stack } from '../../core'; +import { CfnParameter, Duration, RemovalPolicy, Stack } from '../../core'; import * as route53 from '../lib'; describe('record set', () => { @@ -1248,6 +1248,66 @@ describe('record set', () => { }); }); + test('with weight provided by CfnParameter', () => { + // GIVEN + const stack = new Stack(); + + const zone = new route53.HostedZone(stack, 'HostedZone', { + zoneName: 'myzone', + }); + + const weightParameter = new CfnParameter(stack, 'RecordWeight', { + type: 'Number', + default: 0, + minValue: 0, + maxValue: 255, + }); + + // WHEN + new route53.RecordSet(stack, 'RecordSet', { + zone, + recordName: 'www', + recordType: route53.RecordType.CNAME, + target: route53.RecordTarget.fromValues('zzz'), + weight: weightParameter.valueAsNumber, + }); + + // THEN + Template.fromStack(stack).hasParameter('RecordWeight', { + Type: 'Number', + Default: 0, + MinValue: 0, + MaxValue: 255, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::Route53::RecordSet', { + Name: 'www.myzone.', + Type: 'CNAME', + HostedZoneId: { + Ref: 'HostedZoneDB99F866', + }, + ResourceRecords: [ + 'zzz', + ], + TTL: '1800', + Weight: { + Ref: 'RecordWeight', + }, + SetIdentifier: { + 'Fn::Join': [ + '', + [ + 'WEIGHT_', + { + Ref: 'RecordWeight', + }, + '_ID_RecordSet', + ], + ], + }, + }); + }); + test.each([ [-1], [256], diff --git a/packages/aws-cdk-lib/awslint.json b/packages/aws-cdk-lib/awslint.json index d85aaef4834d9..987770519230f 100644 --- a/packages/aws-cdk-lib/awslint.json +++ b/packages/aws-cdk-lib/awslint.json @@ -124,6 +124,7 @@ "props-physical-name:aws-cdk-lib.aws_iam.OpenIdConnectProviderProps", "props-physical-name:aws-cdk-lib.aws_iam.SamlProviderProps", "props-physical-name:aws-cdk-lib.aws_kms.KeyProps", + "props-physical-name:aws-cdk-lib.aws_kinesis.ResourcePolicyProps", "props-physical-name:aws-cdk-lib.aws_lambda.CodeSigningConfigProps", "props-physical-name:aws-cdk-lib.aws_lambda.EventInvokeConfigProps", "props-physical-name:aws-cdk-lib.aws_lambda.EventSourceMappingProps", diff --git a/version.v2.json b/version.v2.json index 75a35f3583261..7a6a093413901 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.164.1", - "alphaVersion": "2.164.1-alpha.0" + "version": "2.165.0", + "alphaVersion": "2.165.0-alpha.0" } \ No newline at end of file