From 59b356210d3004516ce41b501c990cc3cd584fea Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Thu, 31 Oct 2024 17:22:46 +0000 Subject: [PATCH 1/7] chore(release): 2.165.0 --- CHANGELOG.v2.alpha.md | 23 +++++++++++++++++++++++ CHANGELOG.v2.md | 29 +++++++++++++++++++++++++++++ version.v2.json | 4 ++-- 3 files changed, 54 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 9038ec97d4f2d..511fee422ff08 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,29 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.165.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.164.1-alpha.0...v2.165.0-alpha.0) (2024-10-31) + + +### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES + +* **ec2-alpha:** The new `VpcCidrBlock` L2 construct replaces `CfnVPCCidrBlock`. This change alters the logical ID of `AWS::EC2::VPCCidrBlock` resources in CloudFormation templates. Existing deployments will see errors like `CIDR range conflicts with x.xx.xx.xx/xx with association ID vpc-cidr-assoc-ABCD`. To resolve this, you must recreate your existing stacks to use the new module. + +### Features + +* **apprunner:** support vpc ingress connection ([#30623](https://github.com/aws/aws-cdk/issues/30623)) ([048e753](https://github.com/aws/aws-cdk/commit/048e7538dd71d69c2add28ff454b6d9c69b4f256)), closes [#22850](https://github.com/aws/aws-cdk/issues/22850) +* **ec2-alpha:** adding imports for SubnetV2 and VpcV2(WIP) ([#31765](https://github.com/aws/aws-cdk/issues/31765)) ([d108a80](https://github.com/aws/aws-cdk/commit/d108a8003e463301acea15076501cd815b0eda4a)) +* **location:** support Tracker and TrackerConsumer ([#31268](https://github.com/aws/aws-cdk/issues/31268)) ([046f041](https://github.com/aws/aws-cdk/commit/046f0418a3de08a59c940a7a3d93148cb5f0659b)), closes [#30712](https://github.com/aws/aws-cdk/issues/30712) +* **pipes-enrichments:** support API Gateway enrichment ([#31794](https://github.com/aws/aws-cdk/issues/31794)) ([09052c2](https://github.com/aws/aws-cdk/commit/09052c2060c410028896fd54e76a857b2141c8a4)), closes [#29384](https://github.com/aws/aws-cdk/issues/29384) +* **pipes-targets:** add SageMaker ([#30696](https://github.com/aws/aws-cdk/issues/30696)) ([a5fdf57](https://github.com/aws/aws-cdk/commit/a5fdf570beb1456b1307276f56d90fd1ba0b46d8)) +* **redshift-alpha:** query execution timeout setting during table creation ([#31818](https://github.com/aws/aws-cdk/issues/31818)) ([40f07ae](https://github.com/aws/aws-cdk/commit/40f07ae330d074cfa7861e24a0427da7ec427f68)), closes [#31329](https://github.com/aws/aws-cdk/issues/31329) [/github.com/aws/aws-cdk/issues/31329#issuecomment-2353613773](https://github.com/aws//github.com/aws/aws-cdk/issues/31329/issues/issuecomment-2353613773) + + +### Bug Fixes + +* **location:** remove base class from PlaceIndex class ([#31287](https://github.com/aws/aws-cdk/issues/31287)) ([bc67866](https://github.com/aws/aws-cdk/commit/bc67866f579c401556d427eb150bcd118d69bd17)), closes [#30711](https://github.com/aws/aws-cdk/issues/30711) [#30682](https://github.com/aws/aws-cdk/issues/30682) [/github.com/aws/aws-cdk/pull/30711#discussion_r1734937879](https://github.com/aws//github.com/aws/aws-cdk/pull/30711/issues/discussion_r1734937879) +* **scheduler-alpha:** scheduler input always get transformed to string with extra double quotes ([#31894](https://github.com/aws/aws-cdk/issues/31894)) ([186b8ab](https://github.com/aws/aws-cdk/commit/186b8abfab8452b31cba13b56998242f63c43159)) +* **scheduler-alpha:** too many KMS permissions granted ([#31923](https://github.com/aws/aws-cdk/issues/31923)) ([06678a3](https://github.com/aws/aws-cdk/commit/06678a39e029582af14c8b021f946b9ce9cac9be)), closes [#31785](https://github.com/aws/aws-cdk/issues/31785) + ## [2.164.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.164.0-alpha.0...v2.164.1-alpha.0) (2024-10-25) ## [2.164.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.163.1-alpha.0...v2.164.0-alpha.0) (2024-10-24) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 1013b47650314..119f45a42c028 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,35 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.165.0](https://github.com/aws/aws-cdk/compare/v2.164.1...v2.165.0) (2024-10-31) + + +### Features + +* **bootstrap:** add lifecycle rule to abort multipart uploads after 7 days ([#31956](https://github.com/aws/aws-cdk/issues/31956)) ([b800da8](https://github.com/aws/aws-cdk/commit/b800da8172919a1ab27f885549e701d98323c9bb)), closes [#29045](https://github.com/aws/aws-cdk/issues/29045) +* **bootstrap:** delete noncurrent versions after 30 days ([#31949](https://github.com/aws/aws-cdk/issues/31949)) ([579041e](https://github.com/aws/aws-cdk/commit/579041e5d41e780ce1f6fb9f778c353868fb6938)) +* **cdk:** update tsconfig to more modern settings in typescript init templates ([#31927](https://github.com/aws/aws-cdk/issues/31927)) ([8e4c247](https://github.com/aws/aws-cdk/commit/8e4c2473d9ac14bb26507a9aab1b1b62215d4c51)) +* **cli:** garbage collect ecr assets (under --unstable flag) ([#31841](https://github.com/aws/aws-cdk/issues/31841)) ([da85e54](https://github.com/aws/aws-cdk/commit/da85e54d7d3dfb4e33942f58564e91039e7d22ff)), closes [#31611](https://github.com/aws/aws-cdk/issues/31611) +* **codebuild:** add support of organization webhook in github source ([#31740](https://github.com/aws/aws-cdk/issues/31740)) ([8c15b5f](https://github.com/aws/aws-cdk/commit/8c15b5f19a0c289fd0dad8c35b6734232d957836)), closes [#31736](https://github.com/aws/aws-cdk/issues/31736) +* **cognito:** support UserPoolGroup ([#31351](https://github.com/aws/aws-cdk/issues/31351)) ([408b20f](https://github.com/aws/aws-cdk/commit/408b20f92122069a04ff5776b4783ae220d04a56)), closes [#21026](https://github.com/aws/aws-cdk/issues/21026) +* update L1 CloudFormation resource definitions ([#31917](https://github.com/aws/aws-cdk/issues/31917)) ([8c93291](https://github.com/aws/aws-cdk/commit/8c93291f789b441397bc5a64308816e89f682199)) +* **VpcV2:** adding imports for first draft ([52c087c](https://github.com/aws/aws-cdk/commit/52c087c9fe36c040c8aea62ad2fc016256b3ca6c)) + + +### Bug Fixes + +* **assertions:** throw error or warn when `synth` is called multiple times on mutated construct tree ([#31865](https://github.com/aws/aws-cdk/issues/31865)) ([a261c9d](https://github.com/aws/aws-cdk/commit/a261c9d8a316ec389f19c873122691d48c5ca16d)), closes [#24689](https://github.com/aws/aws-cdk/issues/24689) +* **cli:** ecr garbage collection hangs when repository has no images ([#31951](https://github.com/aws/aws-cdk/issues/31951)) ([a235a9f](https://github.com/aws/aws-cdk/commit/a235a9fad29bf0da141b27ca391861fa613f42b8)) +* **cli:** garbage collection ignores review_in_progress stacks ([#31906](https://github.com/aws/aws-cdk/issues/31906)) ([cb3ecfe](https://github.com/aws/aws-cdk/commit/cb3ecfe8f255e626db3706632c9590c86c28bea5)) +* **s3-assets:** cannot publish a file without extension ([#30597](https://github.com/aws/aws-cdk/issues/30597)) ([ccab485](https://github.com/aws/aws-cdk/commit/ccab485b87a7090ddf0773508d7b8ee84ff654b0)), closes [#30471](https://github.com/aws/aws-cdk/issues/30471) [/github.com/aws/aws-cdk/blob/c826d8faaeb310623eb9a1a1c82930b679768007/packages/aws-cdk-lib/core/lib/asset-staging.ts#L392](https://github.com/aws//github.com/aws/aws-cdk/blob/c826d8faaeb310623eb9a1a1c82930b679768007/packages/aws-cdk-lib/core/lib/asset-staging.ts/issues/L392) [/github.com/aws/aws-cdk/blob/c826d8faaeb310623eb9a1a1c82930b679768007/packages/aws-cdk-lib/core/lib/asset-staging.ts#L383](https://github.com/aws//github.com/aws/aws-cdk/blob/c826d8faaeb310623eb9a1a1c82930b679768007/packages/aws-cdk-lib/core/lib/asset-staging.ts/issues/L383) +* **sqs:** queue with `fifo: false` does not deploy ([#31922](https://github.com/aws/aws-cdk/issues/31922)) ([a9d3b02](https://github.com/aws/aws-cdk/commit/a9d3b02783104fe862a3e863e8c89af845b49c8c)), closes [#8550](https://github.com/aws/aws-cdk/issues/8550) +* enable node-fips compatible body checksums for S3 ([#31883](https://github.com/aws/aws-cdk/issues/31883)) ([4f29c1d](https://github.com/aws/aws-cdk/commit/4f29c1d04533b68535c1a5706855066d1d1ea577)) + + +### Reverts + +* feat(cdk): update tsconfig to more modern settings in typescript init templates ([#31953](https://github.com/aws/aws-cdk/issues/31953)) ([6f106c7](https://github.com/aws/aws-cdk/commit/6f106c7c042c05f59c9d1f7eb7e048264b394fb1)) + ## [2.164.1](https://github.com/aws/aws-cdk/compare/v2.164.0...v2.164.1) (2024-10-25) diff --git a/version.v2.json b/version.v2.json index 75a35f3583261..7a6a093413901 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.164.1", - "alphaVersion": "2.164.1-alpha.0" + "version": "2.165.0", + "alphaVersion": "2.165.0-alpha.0" } \ No newline at end of file From e33dd31030ea6f0ef2be568cf59819c466ef09da Mon Sep 17 00:00:00 2001 From: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:34:22 -0700 Subject: [PATCH 2/7] chore: update CHANGELOG.v2.alpha.md --- CHANGELOG.v2.alpha.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 511fee422ff08..41928fc5e1b5d 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -12,16 +12,15 @@ All notable changes to this project will be documented in this file. See [standa ### Features * **apprunner:** support vpc ingress connection ([#30623](https://github.com/aws/aws-cdk/issues/30623)) ([048e753](https://github.com/aws/aws-cdk/commit/048e7538dd71d69c2add28ff454b6d9c69b4f256)), closes [#22850](https://github.com/aws/aws-cdk/issues/22850) -* **ec2-alpha:** adding imports for SubnetV2 and VpcV2(WIP) ([#31765](https://github.com/aws/aws-cdk/issues/31765)) ([d108a80](https://github.com/aws/aws-cdk/commit/d108a8003e463301acea15076501cd815b0eda4a)) +* **ec2-alpha:** adding imports for SubnetV2 and VpcV2 ([#31765](https://github.com/aws/aws-cdk/issues/31765)) ([d108a80](https://github.com/aws/aws-cdk/commit/d108a8003e463301acea15076501cd815b0eda4a)) * **location:** support Tracker and TrackerConsumer ([#31268](https://github.com/aws/aws-cdk/issues/31268)) ([046f041](https://github.com/aws/aws-cdk/commit/046f0418a3de08a59c940a7a3d93148cb5f0659b)), closes [#30712](https://github.com/aws/aws-cdk/issues/30712) * **pipes-enrichments:** support API Gateway enrichment ([#31794](https://github.com/aws/aws-cdk/issues/31794)) ([09052c2](https://github.com/aws/aws-cdk/commit/09052c2060c410028896fd54e76a857b2141c8a4)), closes [#29384](https://github.com/aws/aws-cdk/issues/29384) * **pipes-targets:** add SageMaker ([#30696](https://github.com/aws/aws-cdk/issues/30696)) ([a5fdf57](https://github.com/aws/aws-cdk/commit/a5fdf570beb1456b1307276f56d90fd1ba0b46d8)) -* **redshift-alpha:** query execution timeout setting during table creation ([#31818](https://github.com/aws/aws-cdk/issues/31818)) ([40f07ae](https://github.com/aws/aws-cdk/commit/40f07ae330d074cfa7861e24a0427da7ec427f68)), closes [#31329](https://github.com/aws/aws-cdk/issues/31329) [/github.com/aws/aws-cdk/issues/31329#issuecomment-2353613773](https://github.com/aws//github.com/aws/aws-cdk/issues/31329/issues/issuecomment-2353613773) - +* **redshift-alpha:** query execution timeout setting during table creation ([#31818](https://github.com/aws/aws-cdk/issues/31818)) ([40f07ae](https://github.com/aws/aws-cdk/commit/40f07ae330d074cfa7861e24a0427da7ec427f68)), closes [#31329](https://github.com/aws/aws-cdk/issues/31329) ### Bug Fixes -* **location:** remove base class from PlaceIndex class ([#31287](https://github.com/aws/aws-cdk/issues/31287)) ([bc67866](https://github.com/aws/aws-cdk/commit/bc67866f579c401556d427eb150bcd118d69bd17)), closes [#30711](https://github.com/aws/aws-cdk/issues/30711) [#30682](https://github.com/aws/aws-cdk/issues/30682) [/github.com/aws/aws-cdk/pull/30711#discussion_r1734937879](https://github.com/aws//github.com/aws/aws-cdk/pull/30711/issues/discussion_r1734937879) +* **location:** remove base class from PlaceIndex class ([#31287](https://github.com/aws/aws-cdk/issues/31287)) ([bc67866](https://github.com/aws/aws-cdk/commit/bc67866f579c401556d427eb150bcd118d69bd17)), closes [#30711](https://github.com/aws/aws-cdk/issues/30711) [#30682](https://github.com/aws/aws-cdk/issues/30682) * **scheduler-alpha:** scheduler input always get transformed to string with extra double quotes ([#31894](https://github.com/aws/aws-cdk/issues/31894)) ([186b8ab](https://github.com/aws/aws-cdk/commit/186b8abfab8452b31cba13b56998242f63c43159)) * **scheduler-alpha:** too many KMS permissions granted ([#31923](https://github.com/aws/aws-cdk/issues/31923)) ([06678a3](https://github.com/aws/aws-cdk/commit/06678a39e029582af14c8b021f946b9ce9cac9be)), closes [#31785](https://github.com/aws/aws-cdk/issues/31785) From b3600f0afc18e747b41bf11c971559c872da863b Mon Sep 17 00:00:00 2001 From: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:42:00 -0700 Subject: [PATCH 3/7] chore: update CHANGELOG.v2.md --- CHANGELOG.v2.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 119f45a42c028..33e340ebc90e5 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -9,12 +9,10 @@ All notable changes to this project will be documented in this file. See [standa * **bootstrap:** add lifecycle rule to abort multipart uploads after 7 days ([#31956](https://github.com/aws/aws-cdk/issues/31956)) ([b800da8](https://github.com/aws/aws-cdk/commit/b800da8172919a1ab27f885549e701d98323c9bb)), closes [#29045](https://github.com/aws/aws-cdk/issues/29045) * **bootstrap:** delete noncurrent versions after 30 days ([#31949](https://github.com/aws/aws-cdk/issues/31949)) ([579041e](https://github.com/aws/aws-cdk/commit/579041e5d41e780ce1f6fb9f778c353868fb6938)) -* **cdk:** update tsconfig to more modern settings in typescript init templates ([#31927](https://github.com/aws/aws-cdk/issues/31927)) ([8e4c247](https://github.com/aws/aws-cdk/commit/8e4c2473d9ac14bb26507a9aab1b1b62215d4c51)) * **cli:** garbage collect ecr assets (under --unstable flag) ([#31841](https://github.com/aws/aws-cdk/issues/31841)) ([da85e54](https://github.com/aws/aws-cdk/commit/da85e54d7d3dfb4e33942f58564e91039e7d22ff)), closes [#31611](https://github.com/aws/aws-cdk/issues/31611) * **codebuild:** add support of organization webhook in github source ([#31740](https://github.com/aws/aws-cdk/issues/31740)) ([8c15b5f](https://github.com/aws/aws-cdk/commit/8c15b5f19a0c289fd0dad8c35b6734232d957836)), closes [#31736](https://github.com/aws/aws-cdk/issues/31736) * **cognito:** support UserPoolGroup ([#31351](https://github.com/aws/aws-cdk/issues/31351)) ([408b20f](https://github.com/aws/aws-cdk/commit/408b20f92122069a04ff5776b4783ae220d04a56)), closes [#21026](https://github.com/aws/aws-cdk/issues/21026) * update L1 CloudFormation resource definitions ([#31917](https://github.com/aws/aws-cdk/issues/31917)) ([8c93291](https://github.com/aws/aws-cdk/commit/8c93291f789b441397bc5a64308816e89f682199)) -* **VpcV2:** adding imports for first draft ([52c087c](https://github.com/aws/aws-cdk/commit/52c087c9fe36c040c8aea62ad2fc016256b3ca6c)) ### Bug Fixes @@ -22,15 +20,11 @@ All notable changes to this project will be documented in this file. See [standa * **assertions:** throw error or warn when `synth` is called multiple times on mutated construct tree ([#31865](https://github.com/aws/aws-cdk/issues/31865)) ([a261c9d](https://github.com/aws/aws-cdk/commit/a261c9d8a316ec389f19c873122691d48c5ca16d)), closes [#24689](https://github.com/aws/aws-cdk/issues/24689) * **cli:** ecr garbage collection hangs when repository has no images ([#31951](https://github.com/aws/aws-cdk/issues/31951)) ([a235a9f](https://github.com/aws/aws-cdk/commit/a235a9fad29bf0da141b27ca391861fa613f42b8)) * **cli:** garbage collection ignores review_in_progress stacks ([#31906](https://github.com/aws/aws-cdk/issues/31906)) ([cb3ecfe](https://github.com/aws/aws-cdk/commit/cb3ecfe8f255e626db3706632c9590c86c28bea5)) -* **s3-assets:** cannot publish a file without extension ([#30597](https://github.com/aws/aws-cdk/issues/30597)) ([ccab485](https://github.com/aws/aws-cdk/commit/ccab485b87a7090ddf0773508d7b8ee84ff654b0)), closes [#30471](https://github.com/aws/aws-cdk/issues/30471) [/github.com/aws/aws-cdk/blob/c826d8faaeb310623eb9a1a1c82930b679768007/packages/aws-cdk-lib/core/lib/asset-staging.ts#L392](https://github.com/aws//github.com/aws/aws-cdk/blob/c826d8faaeb310623eb9a1a1c82930b679768007/packages/aws-cdk-lib/core/lib/asset-staging.ts/issues/L392) [/github.com/aws/aws-cdk/blob/c826d8faaeb310623eb9a1a1c82930b679768007/packages/aws-cdk-lib/core/lib/asset-staging.ts#L383](https://github.com/aws//github.com/aws/aws-cdk/blob/c826d8faaeb310623eb9a1a1c82930b679768007/packages/aws-cdk-lib/core/lib/asset-staging.ts/issues/L383) +* **s3-assets:** cannot publish a file without extension ([#30597](https://github.com/aws/aws-cdk/issues/30597)) ([ccab485](https://github.com/aws/aws-cdk/commit/ccab485b87a7090ddf0773508d7b8ee84ff654b0)), closes [#30471](https://github.com/aws/aws-cdk/issues/30471) * **sqs:** queue with `fifo: false` does not deploy ([#31922](https://github.com/aws/aws-cdk/issues/31922)) ([a9d3b02](https://github.com/aws/aws-cdk/commit/a9d3b02783104fe862a3e863e8c89af845b49c8c)), closes [#8550](https://github.com/aws/aws-cdk/issues/8550) * enable node-fips compatible body checksums for S3 ([#31883](https://github.com/aws/aws-cdk/issues/31883)) ([4f29c1d](https://github.com/aws/aws-cdk/commit/4f29c1d04533b68535c1a5706855066d1d1ea577)) -### Reverts - -* feat(cdk): update tsconfig to more modern settings in typescript init templates ([#31953](https://github.com/aws/aws-cdk/issues/31953)) ([6f106c7](https://github.com/aws/aws-cdk/commit/6f106c7c042c05f59c9d1f7eb7e048264b394fb1)) - ## [2.164.1](https://github.com/aws/aws-cdk/compare/v2.164.0...v2.164.1) (2024-10-25) From 14561aca0ad9c0d5eef29729dbc97fc3ccd4d171 Mon Sep 17 00:00:00 2001 From: Nicholas Omer Chiasson Date: Thu, 31 Oct 2024 20:37:24 +0000 Subject: [PATCH 4/7] fix(aws_route53): cannot use CfnParameter.valueAsNumber for L2 RecordSet weight (#31823) ### Issue # (if applicable) Closes #31810. ### Reason for this change Could not use CfnParameter.valueAsNumber for L2 RecordSet weight. ### Description of changes Adding validation of weight property as a potential Token in RecordSet constructor. ### Description of how you validated changes Added unit and integration test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssertB313B703.assets.json | 19 + ...aultTestDeployAssertB313B703.template.json | 36 ++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 163 +++++++++ ...ecord-weight-from-cfnparameter.assets.json | 19 + ...ord-weight-from-cfnparameter.template.json | 184 ++++++++++ .../tree.json | 345 ++++++++++++++++++ .../integ.record-weight-from-cfnparameter.ts | 44 +++ .../aws-cdk-lib/aws-route53/lib/record-set.ts | 13 +- .../aws-route53/test/record-set.test.ts | 62 +++- 11 files changed, 894 insertions(+), 4 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets.json new file mode 100644 index 0000000000000..7490b2af331b6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c6e612584e352 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/integ.json new file mode 100644 index 0000000000000..c30c931da4d49 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "38.0.1", + "testCases": { + "Route53RecordWeightFromCfnParameterInteg/DefaultTest": { + "stacks": [ + "record-weight-from-cfnparameter" + ], + "assertionStack": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert", + "assertionStackName": "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/manifest.json new file mode 100644 index 0000000000000..097e080ec6024 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/manifest.json @@ -0,0 +1,163 @@ +{ + "version": "38.0.1", + "artifacts": { + "record-weight-from-cfnparameter.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "record-weight-from-cfnparameter.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "record-weight-from-cfnparameter": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "record-weight-from-cfnparameter.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9603704f36aac4a47218ab44a07a0ea096d4ef0e4c35203a39f72aef7b709c33.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "record-weight-from-cfnparameter.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "record-weight-from-cfnparameter.assets" + ], + "metadata": { + "/record-weight-from-cfnparameter/HostedZone/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HostedZoneDB99F866" + } + ], + "/record-weight-from-cfnparameter/RecordWeight0": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWeight0" + } + ], + "/record-weight-from-cfnparameter/RecordWeight1": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWeight1" + } + ], + "/record-weight-from-cfnparameter/RecordWeight2": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWeight2" + } + ], + "/record-weight-from-cfnparameter/RecordWeight3": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWeight3" + } + ], + "/record-weight-from-cfnparameter/RecordWithParamWeight0/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWithParamWeight01950FDF7" + } + ], + "/record-weight-from-cfnparameter/RecordWithParamWeight1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWithParamWeight182FF0BDE" + } + ], + "/record-weight-from-cfnparameter/RecordWithParamWeight2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWithParamWeight2C5120D0E" + } + ], + "/record-weight-from-cfnparameter/RecordWithParamWeight3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RecordWithParamWeight37D431545" + } + ], + "/record-weight-from-cfnparameter/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/record-weight-from-cfnparameter/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "record-weight-from-cfnparameter" + }, + "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "Route53RecordWeightFromCfnParameterIntegDefaultTestDeployAssertB313B703.assets" + ], + "metadata": { + "/Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.assets.json new file mode 100644 index 0000000000000..739fa4bf65e2e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "9603704f36aac4a47218ab44a07a0ea096d4ef0e4c35203a39f72aef7b709c33": { + "source": { + "path": "record-weight-from-cfnparameter.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "9603704f36aac4a47218ab44a07a0ea096d4ef0e4c35203a39f72aef7b709c33.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.template.json new file mode 100644 index 0000000000000..6a96397fb1b62 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/record-weight-from-cfnparameter.template.json @@ -0,0 +1,184 @@ +{ + "Resources": { + "HostedZoneDB99F866": { + "Type": "AWS::Route53::HostedZone", + "Properties": { + "Name": "cdk.dev." + } + }, + "RecordWithParamWeight01950FDF7": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "ResourceRecords": [ + "1.2.3.4" + ], + "SetIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight0" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight059BCC4E1" + ] + ] + }, + "TTL": "10", + "Type": "A", + "Weight": { + "Ref": "RecordWeight0" + } + } + }, + "RecordWithParamWeight182FF0BDE": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "ResourceRecords": [ + "2.3.4.5" + ], + "SetIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight1" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight1304B1475" + ] + ] + }, + "TTL": "10", + "Type": "A", + "Weight": { + "Ref": "RecordWeight1" + } + } + }, + "RecordWithParamWeight2C5120D0E": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "ResourceRecords": [ + "3.4.5.6" + ], + "SetIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight2" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight25B9D18F1" + ] + ] + }, + "TTL": "10", + "Type": "A", + "Weight": { + "Ref": "RecordWeight2" + } + } + }, + "RecordWithParamWeight37D431545": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "ResourceRecords": [ + "4.5.6.7" + ], + "SetIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight3" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight37DA83B23" + ] + ] + }, + "TTL": "10", + "Type": "A", + "Weight": { + "Ref": "RecordWeight3" + } + } + } + }, + "Parameters": { + "RecordWeight0": { + "Type": "Number", + "Default": 0, + "MaxValue": 255, + "MinValue": 0 + }, + "RecordWeight1": { + "Type": "Number", + "Default": 0, + "MaxValue": 255, + "MinValue": 0 + }, + "RecordWeight2": { + "Type": "Number", + "Default": 0, + "MaxValue": 255, + "MinValue": 0 + }, + "RecordWeight3": { + "Type": "Number", + "Default": 0, + "MaxValue": 255, + "MinValue": 0 + }, + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/tree.json new file mode 100644 index 0000000000000..17c358fac61fc --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.js.snapshot/tree.json @@ -0,0 +1,345 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "record-weight-from-cfnparameter": { + "id": "record-weight-from-cfnparameter", + "path": "record-weight-from-cfnparameter", + "children": { + "HostedZone": { + "id": "HostedZone", + "path": "record-weight-from-cfnparameter/HostedZone", + "children": { + "Resource": { + "id": "Resource", + "path": "record-weight-from-cfnparameter/HostedZone/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::HostedZone", + "aws:cdk:cloudformation:props": { + "name": "cdk.dev." + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWeight0": { + "id": "RecordWeight0", + "path": "record-weight-from-cfnparameter/RecordWeight0", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWeight1": { + "id": "RecordWeight1", + "path": "record-weight-from-cfnparameter/RecordWeight1", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWeight2": { + "id": "RecordWeight2", + "path": "record-weight-from-cfnparameter/RecordWeight2", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWeight3": { + "id": "RecordWeight3", + "path": "record-weight-from-cfnparameter/RecordWeight3", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWithParamWeight0": { + "id": "RecordWithParamWeight0", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight0", + "children": { + "Resource": { + "id": "Resource", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight0/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "resourceRecords": [ + "1.2.3.4" + ], + "setIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight0" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight059BCC4E1" + ] + ] + }, + "ttl": "10", + "type": "A", + "weight": { + "Ref": "RecordWeight0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWithParamWeight1": { + "id": "RecordWithParamWeight1", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight1", + "children": { + "Resource": { + "id": "Resource", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "resourceRecords": [ + "2.3.4.5" + ], + "setIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight1" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight1304B1475" + ] + ] + }, + "ttl": "10", + "type": "A", + "weight": { + "Ref": "RecordWeight1" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWithParamWeight2": { + "id": "RecordWithParamWeight2", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight2", + "children": { + "Resource": { + "id": "Resource", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "resourceRecords": [ + "3.4.5.6" + ], + "setIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight2" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight25B9D18F1" + ] + ] + }, + "ttl": "10", + "type": "A", + "weight": { + "Ref": "RecordWeight2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "RecordWithParamWeight3": { + "id": "RecordWithParamWeight3", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight3", + "children": { + "Resource": { + "id": "Resource", + "path": "record-weight-from-cfnparameter/RecordWithParamWeight3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "resourceRecords": [ + "4.5.6.7" + ], + "setIdentifier": { + "Fn::Join": [ + "", + [ + "WEIGHT_", + { + "Ref": "RecordWeight3" + }, + "_ID_recordweightfromcfnpaecordWithParamWeight37DA83B23" + ] + ] + }, + "ttl": "10", + "type": "A", + "weight": { + "Ref": "RecordWeight3" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "record-weight-from-cfnparameter/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "record-weight-from-cfnparameter/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "Route53RecordWeightFromCfnParameterInteg": { + "id": "Route53RecordWeightFromCfnParameterInteg", + "path": "Route53RecordWeightFromCfnParameterInteg", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "Route53RecordWeightFromCfnParameterInteg/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "Route53RecordWeightFromCfnParameterInteg/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.ts new file mode 100644 index 0000000000000..6d2d2160aa059 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.record-weight-from-cfnparameter.ts @@ -0,0 +1,44 @@ +import { App, CfnParameter, Duration, Stack, StackProps } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import * as route53 from 'aws-cdk-lib/aws-route53'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +class TestStack extends Stack { + constructor(scope: Construct, id: string, props?: StackProps) { + super(scope, id, props); + + const hostedZone = new route53.PublicHostedZone(this, 'HostedZone', { + zoneName: 'cdk.dev', + }); + + const weightParameterProps = { + type: 'Number', + default: 0, + minValue: 0, + maxValue: 255, + }; + + [ + { target: '1.2.3.4', weight: new CfnParameter(this, 'RecordWeight0', weightParameterProps) }, + { target: '2.3.4.5', weight: new CfnParameter(this, 'RecordWeight1', weightParameterProps) }, + { target: '3.4.5.6', weight: new CfnParameter(this, 'RecordWeight2', weightParameterProps) }, + { target: '4.5.6.7', weight: new CfnParameter(this, 'RecordWeight3', weightParameterProps) }, + ].forEach((data, index) => { + new route53.ARecord(this, `RecordWithParamWeight${index}`, { + zone: hostedZone, + recordName: 'www', + weight: data.weight.valueAsNumber, + ttl: Duration.seconds(10), + target: route53.RecordTarget.fromIpAddresses(data.target), + }); + }); + } +} + +const app = new App(); +const stack = new TestStack(app, 'record-weight-from-cfnparameter'); + +new IntegTest(app, 'Route53RecordWeightFromCfnParameterInteg', { + testCases: [stack], +}); +app.synth(); diff --git a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts index 6706443b1f260..ef5982da54610 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts @@ -296,7 +296,7 @@ export class RecordSet extends Resource implements IRecordSet { constructor(scope: Construct, id: string, props: RecordSetProps) { super(scope, id); - if (props.weight && (props.weight < 0 || props.weight > 255)) { + if (props.weight && !Token.isUnresolved(props.weight) && (props.weight < 0 || props.weight > 255)) { throw new Error(`weight must be between 0 and 255 inclusive, got: ${props.weight}`); } if (props.setIdentifier && (props.setIdentifier.length < 1 || props.setIdentifier.length > 128)) { @@ -406,8 +406,15 @@ export class RecordSet extends Resource implements IRecordSet { } if (this.weight !== undefined) { - const idPrefix = `WEIGHT_${this.weight}_ID_`; - return this.createIdentifier(idPrefix); + if (Token.isUnresolved(this.weight)) { + const replacement = 'XXX'; // XXX simply because 255 is the highest value for a record weight + const idPrefix = `WEIGHT_${replacement}_ID_`; + const idTemplate = this.createIdentifier(idPrefix); + return idTemplate.replace(replacement, Token.asString(this.weight)); + } else { + const idPrefix = `WEIGHT_${this.weight}_ID_`; + return this.createIdentifier(idPrefix); + } } if (this.region) { diff --git a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts index 20abd698ee68b..f66b283b1aaca 100644 --- a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts +++ b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts @@ -4,7 +4,7 @@ import * as cloudfront from '../../aws-cloudfront'; import * as origins from '../../aws-cloudfront-origins'; import * as iam from '../../aws-iam'; import * as targets from '../../aws-route53-targets'; -import { Duration, RemovalPolicy, Stack } from '../../core'; +import { CfnParameter, Duration, RemovalPolicy, Stack } from '../../core'; import * as route53 from '../lib'; describe('record set', () => { @@ -1248,6 +1248,66 @@ describe('record set', () => { }); }); + test('with weight provided by CfnParameter', () => { + // GIVEN + const stack = new Stack(); + + const zone = new route53.HostedZone(stack, 'HostedZone', { + zoneName: 'myzone', + }); + + const weightParameter = new CfnParameter(stack, 'RecordWeight', { + type: 'Number', + default: 0, + minValue: 0, + maxValue: 255, + }); + + // WHEN + new route53.RecordSet(stack, 'RecordSet', { + zone, + recordName: 'www', + recordType: route53.RecordType.CNAME, + target: route53.RecordTarget.fromValues('zzz'), + weight: weightParameter.valueAsNumber, + }); + + // THEN + Template.fromStack(stack).hasParameter('RecordWeight', { + Type: 'Number', + Default: 0, + MinValue: 0, + MaxValue: 255, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::Route53::RecordSet', { + Name: 'www.myzone.', + Type: 'CNAME', + HostedZoneId: { + Ref: 'HostedZoneDB99F866', + }, + ResourceRecords: [ + 'zzz', + ], + TTL: '1800', + Weight: { + Ref: 'RecordWeight', + }, + SetIdentifier: { + 'Fn::Join': [ + '', + [ + 'WEIGHT_', + { + Ref: 'RecordWeight', + }, + '_ID_RecordSet', + ], + ], + }, + }); + }); + test.each([ [-1], [256], From 7904f2a13d68cf664d52bc458985560000d0a075 Mon Sep 17 00:00:00 2001 From: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> Date: Thu, 31 Oct 2024 16:31:57 -0700 Subject: [PATCH 5/7] chore(mergify): update queue rules minimum required conditions (#31945) ### Reason for this change Update the Mergify queue rules, so if the [mergify queue command](https://docs.mergify.com/commands/queue/) used it will use the correct queue based on the conditions added to each queue, and to avoid human mistakes if this command used and the PR does not fulfill the minimum requirements to be merged. ### Description of changes Updated the default-merge, and default-squash queues to add the minimum requirements before to be checked before adding a PR to that queue. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .mergify.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.mergify.yml b/.mergify.yml index 24f5698c49f27..55a700cee4e2f 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -4,7 +4,17 @@ queue_rules: update_method: merge merge_method: merge conditions: + - -title~=(WIP|wip) + - -label~=(blocked|do-not-merge) + # Only if no-squash is set + - label~=no-squash + - -merged + - -closed + - "#approved-reviews-by>=1" + - -approved-reviews-by~=author + - "#changes-requested-reviews-by=0" - status-success~=AWS CodeBuild us-east-1 + - status-success=validate-pr commit_message_template: |- {{ title }} (#{{ number }}) {{ body }} @@ -13,7 +23,16 @@ queue_rules: update_method: merge merge_method: squash conditions: + - base!=release + - -title~=(WIP|wip) + - -label~=(blocked|do-not-merge|no-squash) + - -merged + - -closed + - "#approved-reviews-by>=1" + - -approved-reviews-by~=author + - "#changes-requested-reviews-by=0" - status-success~=AWS CodeBuild us-east-1 + - status-success=validate-pr commit_message_template: |- {{ title }} (#{{ number }}) {{ body }} From f15de81fb94ab45d9e887fb1b7b506a921bed29f Mon Sep 17 00:00:00 2001 From: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> Date: Thu, 31 Oct 2024 17:24:07 -0700 Subject: [PATCH 6/7] chore: update CHANGELOG.v2.alpha.md to announce kinesisfirehose as developer preview (#31969) Update the Change log file to announce kinesisfirehose as developer preview ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- CHANGELOG.v2.alpha.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 41928fc5e1b5d..05f256ef79507 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -17,6 +17,7 @@ All notable changes to this project will be documented in this file. See [standa * **pipes-enrichments:** support API Gateway enrichment ([#31794](https://github.com/aws/aws-cdk/issues/31794)) ([09052c2](https://github.com/aws/aws-cdk/commit/09052c2060c410028896fd54e76a857b2141c8a4)), closes [#29384](https://github.com/aws/aws-cdk/issues/29384) * **pipes-targets:** add SageMaker ([#30696](https://github.com/aws/aws-cdk/issues/30696)) ([a5fdf57](https://github.com/aws/aws-cdk/commit/a5fdf570beb1456b1307276f56d90fd1ba0b46d8)) * **redshift-alpha:** query execution timeout setting during table creation ([#31818](https://github.com/aws/aws-cdk/issues/31818)) ([40f07ae](https://github.com/aws/aws-cdk/commit/40f07ae330d074cfa7861e24a0427da7ec427f68)), closes [#31329](https://github.com/aws/aws-cdk/issues/31329) +* **kinesisfirehose-alpha:** kinesis firehose and kinesis firehose destinations modules are now in Developer Preview ([#31952](https://github.com/aws/aws-cdk/pull/31952)) ### Bug Fixes From 18fbd6d5a1a3069b0fc1356d87e534a75239e668 Mon Sep 17 00:00:00 2001 From: Matsuda Date: Fri, 1 Nov 2024 09:58:47 +0900 Subject: [PATCH 7/7] feat(kinesis): support resource policy for a data stream (#31909) ### Issue # (if applicable) Closes #28814 . ### Reason for this change To support resource policy for a Kinesis Data stream. ### Description of changes * Add `ResourcePolicy` Construct. * Add `addToResourcePolicy` method to `Stream` Construct. ### Description of how you validated changes Add unit tests and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../integ.resource-policy.js.snapshot/cdk.out | 1 + .../integ.json | 13 ++ ...efaultTestDeployAssert52C5D16C.assets.json | 19 ++ ...aultTestDeployAssert52C5D16C.template.json | 36 +++ .../kinesis-resource-policy.assets.json | 19 ++ .../kinesis-resource-policy.template.json | 128 +++++++++++ .../manifest.json | 127 +++++++++++ .../tree.json | 211 ++++++++++++++++++ .../aws-kinesis/test/integ.resource-policy.ts | 23 ++ packages/aws-cdk-lib/aws-kinesis/README.md | 48 ++++ packages/aws-cdk-lib/aws-kinesis/lib/index.ts | 1 + .../aws-kinesis/lib/resource-policy.ts | 54 +++++ .../aws-cdk-lib/aws-kinesis/lib/stream.ts | 55 ++++- .../aws-kinesis/test/resource-policy.test.ts | 45 ++++ .../aws-kinesis/test/stream.test.ts | 28 +++ packages/aws-cdk-lib/awslint.json | 1 + 16 files changed, 806 insertions(+), 3 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.ts create mode 100644 packages/aws-cdk-lib/aws-kinesis/lib/resource-policy.ts create mode 100644 packages/aws-cdk-lib/aws-kinesis/test/resource-policy.test.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c6e612584e352 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integ.json new file mode 100644 index 0000000000000..b3f8f40c776a5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "38.0.1", + "testCases": { + "integ-kinesis-resource-policy/DefaultTest": { + "stacks": [ + "kinesis-resource-policy" + ], + "stackUpdateWorkflow": false, + "assertionStack": "integ-kinesis-resource-policy/DefaultTest/DeployAssert", + "assertionStackName": "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets.json new file mode 100644 index 0000000000000..10ed04c6cb3b2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.assets.json new file mode 100644 index 0000000000000..41aa262dfadaa --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "25f5843484c10a3b762cdda9cddcdbaf948c1d795dd2294a83ba77c6c1b732ef": { + "source": { + "path": "kinesis-resource-policy.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "25f5843484c10a3b762cdda9cddcdbaf948c1d795dd2294a83ba77c6c1b732ef.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.template.json new file mode 100644 index 0000000000000..7431a787d0228 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/kinesis-resource-policy.template.json @@ -0,0 +1,128 @@ +{ + "Resources": { + "MyStream5C050E93": { + "Type": "AWS::Kinesis::Stream", + "Properties": { + "RetentionPeriodHours": 24, + "ShardCount": 1, + "StreamEncryption": { + "Fn::If": [ + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + { + "Ref": "AWS::NoValue" + }, + { + "EncryptionType": "KMS", + "KeyId": "alias/aws/kinesis" + } + ] + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "MyStreamPolicyC34ACF94": { + "Type": "AWS::Kinesis::ResourcePolicy", + "Properties": { + "ResourceArn": { + "Fn::GetAtt": [ + "MyStream5C050E93", + "Arn" + ] + }, + "ResourcePolicy": { + "Statement": [ + { + "Action": [ + "kinesis:DescribeStreamSummary", + "kinesis:GetRecords" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": { + "Fn::GetAtt": [ + "MyStream5C050E93", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + } + } + } + }, + "Conditions": { + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": { + "Fn::Or": [ + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "cn-north-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "cn-northwest-1" + ] + } + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/manifest.json new file mode 100644 index 0000000000000..5b7e1577fd04f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/manifest.json @@ -0,0 +1,127 @@ +{ + "version": "38.0.1", + "artifacts": { + "kinesis-resource-policy.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "kinesis-resource-policy.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "kinesis-resource-policy": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "kinesis-resource-policy.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/25f5843484c10a3b762cdda9cddcdbaf948c1d795dd2294a83ba77c6c1b732ef.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "kinesis-resource-policy.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "kinesis-resource-policy.assets" + ], + "metadata": { + "/kinesis-resource-policy/MyStream/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyStream5C050E93" + } + ], + "/kinesis-resource-policy/MyStream/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyStreamPolicyC34ACF94" + } + ], + "/kinesis-resource-policy/AwsCdkKinesisEncryptedStreamsUnsupportedRegions": [ + { + "type": "aws:cdk:logicalId", + "data": "AwsCdkKinesisEncryptedStreamsUnsupportedRegions" + } + ], + "/kinesis-resource-policy/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/kinesis-resource-policy/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "kinesis-resource-policy" + }, + "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integkinesisresourcepolicyDefaultTestDeployAssert52C5D16C.assets" + ], + "metadata": { + "/integ-kinesis-resource-policy/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-kinesis-resource-policy/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-kinesis-resource-policy/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/tree.json new file mode 100644 index 0000000000000..1cb4e4dd9901b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.js.snapshot/tree.json @@ -0,0 +1,211 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "kinesis-resource-policy": { + "id": "kinesis-resource-policy", + "path": "kinesis-resource-policy", + "children": { + "MyStream": { + "id": "MyStream", + "path": "kinesis-resource-policy/MyStream", + "children": { + "Resource": { + "id": "Resource", + "path": "kinesis-resource-policy/MyStream/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Kinesis::Stream", + "aws:cdk:cloudformation:props": { + "retentionPeriodHours": 24, + "shardCount": 1, + "streamEncryption": { + "Fn::If": [ + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + { + "Ref": "AWS::NoValue" + }, + { + "EncryptionType": "KMS", + "KeyId": "alias/aws/kinesis" + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.CfnStream", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "kinesis-resource-policy/MyStream/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "kinesis-resource-policy/MyStream/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Kinesis::ResourcePolicy", + "aws:cdk:cloudformation:props": { + "resourceArn": { + "Fn::GetAtt": [ + "MyStream5C050E93", + "Arn" + ] + }, + "resourcePolicy": { + "Statement": [ + { + "Action": [ + "kinesis:DescribeStreamSummary", + "kinesis:GetRecords" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": { + "Fn::GetAtt": [ + "MyStream5C050E93", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.CfnResourcePolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.ResourcePolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesis.Stream", + "version": "0.0.0" + } + }, + "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": { + "id": "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + "path": "kinesis-resource-policy/AwsCdkKinesisEncryptedStreamsUnsupportedRegions", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnCondition", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "kinesis-resource-policy/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "kinesis-resource-policy/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integ-kinesis-resource-policy": { + "id": "integ-kinesis-resource-policy", + "path": "integ-kinesis-resource-policy", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-kinesis-resource-policy/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-kinesis-resource-policy/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-kinesis-resource-policy/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-kinesis-resource-policy/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-kinesis-resource-policy/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.ts new file mode 100644 index 0000000000000..bd9911520e5c6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.resource-policy.ts @@ -0,0 +1,23 @@ +import { App, Stack } from 'aws-cdk-lib'; +import { Stream } from 'aws-cdk-lib/aws-kinesis'; +import { AccountPrincipal, PolicyStatement } from 'aws-cdk-lib/aws-iam'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new App(); +const stack = new Stack(app, 'kinesis-resource-policy'); + +const stream = new Stream(stack, 'MyStream'); + +stream.addToResourcePolicy(new PolicyStatement({ + resources: [stream.streamArn], + actions: [ + 'kinesis:DescribeStreamSummary', + 'kinesis:GetRecords', + ], + principals: [new AccountPrincipal(stack.account)], +})); + +new IntegTest(app, 'integ-kinesis-resource-policy', { + testCases: [stack], + stackUpdateWorkflow: false, +}); diff --git a/packages/aws-cdk-lib/aws-kinesis/README.md b/packages/aws-cdk-lib/aws-kinesis/README.md index b8b22dffda657..27f89e65b7626 100644 --- a/packages/aws-cdk-lib/aws-kinesis/README.md +++ b/packages/aws-cdk-lib/aws-kinesis/README.md @@ -15,6 +15,8 @@ intake and aggregation. - [Write Permissions](#write-permissions) - [Custom Permissions](#custom-permissions) - [Metrics](#metrics) + - [Resource Policy](#resource-policy) + ## Streams @@ -186,3 +188,49 @@ stream.metricGetRecordsSuccess(); // using pre-defined and overriding the statistic stream.metricGetRecordsSuccess({ statistic: 'Maximum' }); ``` + +### Resource Policy + +You can create a resource policy for a data stream. +For more information, see [Controlling access to Amazon Kinesis Data Streams resources using IAM](https://docs.aws.amazon.com/streams/latest/dev/controlling-access.html). + +A resource policy is automatically created when `addToResourcePolicy` is called, if one doesn't already exist. + +Using `addToResourcePolicy` is the simplest way to add a resource policy: + +```ts +const stream = new kinesis.Stream(this, 'MyStream'); + +// create a resource policy via addToResourcePolicy method +stream.addToResourcePolicy(new iam.PolicyStatement({ + resources: [stream.streamArn], + actions: ['kinesis:GetRecords'], + principals: [new iam.AnyPrincipal()], +})); +``` + +You can create a resource manually by using `ResourcePolicy`. +Also, you can set a custom policy document to `ResourcePolicy`. +If not, a blank policy document will be set. + +```ts +const stream = new kinesis.Stream(this, 'MyStream'); + +// create a custom policy document +const policyDocument = new iam.PolicyDocument({ + assignSids: true, + statements: [ + new iam.PolicyStatement({ + actions: ['kinesis:GetRecords'], + resources: [stream.streamArn], + principals: [new iam.AnyPrincipal()], + }), + ], +}); + +// create a resource policy manually +new kinesis.ResourcePolicy(this, 'ResourcePolicy', { + stream, + policyDocument, +}); +``` \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-kinesis/lib/index.ts b/packages/aws-cdk-lib/aws-kinesis/lib/index.ts index bb8cedbc5558c..c239368eaa87c 100644 --- a/packages/aws-cdk-lib/aws-kinesis/lib/index.ts +++ b/packages/aws-cdk-lib/aws-kinesis/lib/index.ts @@ -1,4 +1,5 @@ export * from './stream'; +export * from './resource-policy'; // AWS::Kinesis CloudFormation Resources: export * from './kinesis.generated'; diff --git a/packages/aws-cdk-lib/aws-kinesis/lib/resource-policy.ts b/packages/aws-cdk-lib/aws-kinesis/lib/resource-policy.ts new file mode 100644 index 0000000000000..3987268f52bfe --- /dev/null +++ b/packages/aws-cdk-lib/aws-kinesis/lib/resource-policy.ts @@ -0,0 +1,54 @@ +import { Construct } from 'constructs'; +import { CfnResourcePolicy } from './kinesis.generated'; +import { IStream } from './stream'; +import { PolicyDocument } from '../../aws-iam'; +import { Resource } from '../../core'; + +/** + * Properties to associate a data stream with a policy + */ +export interface ResourcePolicyProps { + /** + * The stream this policy applies to. + */ + readonly stream: IStream; + + /** + * IAM policy document to apply to a data stream. + * + * @default - empty policy document + */ + readonly policyDocument?: PolicyDocument; +} + +/** + * The policy for a data stream or registered consumer. + * + * Policies define the operations that are allowed on this resource. + * + * You almost never need to define this construct directly. + * + * All AWS resources that support resource policies have a method called + * `addToResourcePolicy()`, which will automatically create a new resource + * policy if one doesn't exist yet, otherwise it will add to the existing + * policy. + * + * Prefer to use `addToResourcePolicy()` instead. + */ +export class ResourcePolicy extends Resource { + /** + * The IAM policy document for this policy. + */ + public readonly document = new PolicyDocument(); + + constructor(scope: Construct, id: string, props: ResourcePolicyProps) { + super(scope, id); + + this.document = props.policyDocument ?? this.document; + + new CfnResourcePolicy(this, 'Resource', { + resourcePolicy: this.document, + resourceArn: props.stream.streamArn, + }); + } +} diff --git a/packages/aws-cdk-lib/aws-kinesis/lib/stream.ts b/packages/aws-cdk-lib/aws-kinesis/lib/stream.ts index 59ee9d4ff5d87..0fb74df769f50 100644 --- a/packages/aws-cdk-lib/aws-kinesis/lib/stream.ts +++ b/packages/aws-cdk-lib/aws-kinesis/lib/stream.ts @@ -1,10 +1,11 @@ import { Construct } from 'constructs'; import { KinesisMetrics } from './kinesis-fixed-canned-metrics'; import { CfnStream } from './kinesis.generated'; +import { ResourcePolicy } from './resource-policy'; import * as cloudwatch from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; -import { ArnFormat, Aws, CfnCondition, Duration, Fn, IResolvable, IResource, RemovalPolicy, Resource, Stack, Token } from '../../core'; +import { ArnFormat, Aws, CfnCondition, Duration, Fn, IResolvable, IResource, RemovalPolicy, Resource, ResourceProps, Stack, Token } from '../../core'; const READ_OPERATIONS = [ 'kinesis:DescribeStreamSummary', @@ -46,6 +47,15 @@ export interface IStream extends IResource { */ readonly encryptionKey?: kms.IKey; + /** + * Adds a statement to the IAM resource policy associated with this stream. + * + * If this stream was created in this stack (`new Stream`), a resource policy + * will be automatically created upon the first call to `addToResourcePolicy`. If + * the stream is imported (`Stream.import`), then this is a no-op. + */ + addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult; + /** * Grant read permissions for this stream and its contents to an IAM * principal (Role/Group/User). @@ -328,6 +338,41 @@ abstract class StreamBase extends Resource implements IStream { */ public abstract readonly encryptionKey?: kms.IKey; + /** + * Indicates if a stream resource policy should automatically be created upon + * the first call to `addToResourcePolicy`. + * + * Set by subclasses. + */ + protected abstract readonly autoCreatePolicy: boolean; + + private resourcePolicy?: ResourcePolicy; + + constructor(scope: Construct, id: string, props: ResourceProps = {}) { + super(scope, id, props); + + this.node.addValidation({ validate: () => this.resourcePolicy?.document.validateForResourcePolicy() ?? [] }); + } + + /** + * Adds a statement to the IAM resource policy associated with this stream. + * + * If this stream was created in this stack (`new Strem`), a resource policy + * will be automatically created upon the first call to `addToResourcePolicy`. If + * the stream is imported (`Stream.import`), then this is a no-op. + */ + public addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult { + if (!this.resourcePolicy && this.autoCreatePolicy) { + this.resourcePolicy = new ResourcePolicy(this, 'Policy', { stream: this }); + } + + if (this.resourcePolicy) { + this.resourcePolicy.document.addStatements(statement); + return { statementAdded: true, policyDependable: this.resourcePolicy }; + } + return { statementAdded: false }; + } + /** * Grant read permissions for this stream and its contents to an IAM * principal (Role/Group/User). @@ -747,6 +792,8 @@ export class Stream extends StreamBase { public readonly streamArn = attrs.streamArn; public readonly streamName = Stack.of(scope).splitArn(attrs.streamArn, ArnFormat.SLASH_RESOURCE_NAME).resourceName!; public readonly encryptionKey = attrs.encryptionKey; + + protected readonly autoCreatePolicy = false; } return new Import(scope, id, { @@ -760,6 +807,8 @@ export class Stream extends StreamBase { private readonly stream: CfnStream; + protected readonly autoCreatePolicy = true; + constructor(scope: Construct, id: string, props: StreamProps = {}) { super(scope, id, { physicalName: props.streamName, @@ -771,7 +820,7 @@ export class Stream extends StreamBase { if (streamMode === StreamMode.ON_DEMAND && shardCount !== undefined) { throw new Error(`streamMode must be set to ${StreamMode.PROVISIONED} (default) when specifying shardCount`); } - if ( (streamMode === StreamMode.PROVISIONED || streamMode === undefined) && shardCount === undefined) { + if ((streamMode === StreamMode.PROVISIONED || streamMode === undefined) && shardCount === undefined) { shardCount = 1; } @@ -849,7 +898,7 @@ export class Stream extends StreamBase { } if (encryptionType === StreamEncryption.UNENCRYPTED) { - return { }; + return {}; } if (encryptionType === StreamEncryption.MANAGED) { diff --git a/packages/aws-cdk-lib/aws-kinesis/test/resource-policy.test.ts b/packages/aws-cdk-lib/aws-kinesis/test/resource-policy.test.ts new file mode 100644 index 0000000000000..01cd727cf8aed --- /dev/null +++ b/packages/aws-cdk-lib/aws-kinesis/test/resource-policy.test.ts @@ -0,0 +1,45 @@ +import { Template } from '../../assertions'; +import * as iam from '../../aws-iam'; +import { Stack } from '../../core'; +import { ResourcePolicy, Stream } from '../lib'; + +describe('Kinesis resource policy', () => { + test('create resource policy', () => { + // GIVEN + const stack = new Stack(); + const stream = new Stream(stack, 'Stream', {}); + + // WHEN + const policyDocument = new iam.PolicyDocument({ + assignSids: true, + statements: [ + new iam.PolicyStatement({ + actions: ['kinesis:GetRecords'], + principals: [new iam.AnyPrincipal()], + resources: [stream.streamArn], + }), + ], + }); + + new ResourcePolicy(stack, 'ResourcePolicy', { + stream, + policyDocument, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Kinesis::ResourcePolicy', { + ResourcePolicy: { + Version: '2012-10-17', + Statement: [ + { + Sid: '0', + Action: 'kinesis:GetRecords', + Effect: 'Allow', + Principal: { AWS: '*' }, + Resource: stack.resolve(stream.streamArn), + }, + ], + }, + }); + }); +}); diff --git a/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts b/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts index 841c95877ef53..c9e7569bdf1d8 100644 --- a/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts +++ b/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts @@ -1289,4 +1289,32 @@ describe('Kinesis data streams', () => { DeletionPolicy: CfnDeletionPolicy.DELETE, }); }); + + test('addToResourcePolicy will automatically create a policy for this stream', () => { + // GIVEN + const stack = new Stack(); + const stream = new Stream(stack, 'Stream', {}); + + // WHEN + stream.addToResourcePolicy(new iam.PolicyStatement({ + actions: ['kinesis:GetRecords'], + principals: [new iam.AnyPrincipal()], + resources: [stream.streamArn], + })); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Kinesis::ResourcePolicy', { + ResourcePolicy: { + Version: '2012-10-17', + Statement: [ + { + Action: 'kinesis:GetRecords', + Effect: 'Allow', + Principal: { AWS: '*' }, + Resource: stack.resolve(stream.streamArn), + }, + ], + }, + }); + }); }); diff --git a/packages/aws-cdk-lib/awslint.json b/packages/aws-cdk-lib/awslint.json index d85aaef4834d9..987770519230f 100644 --- a/packages/aws-cdk-lib/awslint.json +++ b/packages/aws-cdk-lib/awslint.json @@ -124,6 +124,7 @@ "props-physical-name:aws-cdk-lib.aws_iam.OpenIdConnectProviderProps", "props-physical-name:aws-cdk-lib.aws_iam.SamlProviderProps", "props-physical-name:aws-cdk-lib.aws_kms.KeyProps", + "props-physical-name:aws-cdk-lib.aws_kinesis.ResourcePolicyProps", "props-physical-name:aws-cdk-lib.aws_lambda.CodeSigningConfigProps", "props-physical-name:aws-cdk-lib.aws_lambda.EventInvokeConfigProps", "props-physical-name:aws-cdk-lib.aws_lambda.EventSourceMappingProps",