diff --git a/.projen/deps.json b/.projen/deps.json index f522776..88e7a3c 100644 --- a/.projen/deps.json +++ b/.projen/deps.json @@ -21,7 +21,7 @@ }, { "name": "aws-cdk", - "version": "^2.1.0", + "version": "^2.154.1", "type": "build" }, { @@ -68,7 +68,7 @@ }, { "name": "aws-cdk-lib", - "version": "^2.1.0", + "version": "^2.154.1", "type": "runtime" }, { diff --git a/.projenrc.ts b/.projenrc.ts index d1ae03e..d603179 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -1,8 +1,8 @@ import { awscdk } from 'projen'; const project = new awscdk.AwsCdkTypeScriptApp({ - cdkVersion: '2.1.0', + cdkVersion: '2.154.1', defaultReleaseBranch: 'main', - name: 'cdk-assets-bug-2', + name: 'cdk-assets-bug', projenrcTs: true, // deps: [], /* Runtime dependencies of this module. */ diff --git a/package.json b/package.json index 33a26b9..a67b857 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "name": "cdk-assets-bug-2", + "name": "cdk-assets-bug", "scripts": { "build": "npx projen build", "bundle": "npx projen bundle", @@ -28,7 +28,7 @@ "@types/node": "^18", "@typescript-eslint/eslint-plugin": "^7", "@typescript-eslint/parser": "^7", - "aws-cdk": "^2.1.0", + "aws-cdk": "^2.154.1", "esbuild": "^0.23.1", "eslint": "^8", "eslint-import-resolver-typescript": "^3.6.3", @@ -41,7 +41,7 @@ "typescript": "^5.5.4" }, "dependencies": { - "aws-cdk-lib": "^2.1.0", + "aws-cdk-lib": "^2.154.1", "constructs": "^10.0.5" }, "license": "Apache-2.0", diff --git a/src/main.ts b/src/main.ts index 06b76a6..a514f1d 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,11 +1,52 @@ -import { App, Stack, StackProps } from 'aws-cdk-lib'; +import { App, Stack, StackProps, Stage, StageProps } from 'aws-cdk-lib'; +import { Role } from 'aws-cdk-lib/aws-iam'; +import { CrossAccountZoneDelegationRecord, HostedZone } from 'aws-cdk-lib/aws-route53'; +import { ShellStep, CodePipeline, CodePipelineSource } from 'aws-cdk-lib/pipelines'; import { Construct } from 'constructs'; +class MyServiceStack extends Stack { + constructor(scope: Construct, id: string, props?: StackProps) { + super(scope, id, props); + + // This Construct adds a node with the type `publish-assets` which triggers the behavior. + new CrossAccountZoneDelegationRecord(this, 'cross-account-zone', { + delegatedZone: HostedZone.fromHostedZoneAttributes(this, 'my-hosted-zone', { + hostedZoneId: 'Z01201272X6Y0ABCDE0FG', + zoneName: 'zone.name', + }), + delegationRole: Role.fromRoleName(this, 'my-role', 'my-role-name'), + parentHostedZoneId: 'parent-hosted-zone', + }); + } +} + +class MyStage extends Stage { + constructor(scope: Construct, id: string, props?: StageProps) { + super(scope, id, props); + + new MyServiceStack(this, 'my-stack'); + } +} + export class MyStack extends Stack { constructor(scope: Construct, id: string, props: StackProps = {}) { super(scope, id, props); - // define resources here... + const pipeline = new CodePipeline(this, 'my-pipeline', { + synth: new ShellStep('my-build', { + input: CodePipelineSource.gitHub( + 'my-org/my-repo', + 'main', + ), + commands: [ + "echo 'hello world'", + ], + }), + cliVersion: '2.154.1', + }); + + const wave = pipeline.addWave('my-wave'); + wave.addStage(new MyStage(this, 'my-stage')); } } @@ -17,7 +58,6 @@ const devEnv = { const app = new App(); -new MyStack(app, 'cdk-assets-bug-2-dev', { env: devEnv }); -// new MyStack(app, 'cdk-assets-bug-2-prod', { env: prodEnv }); +new MyStack(app, 'cdk-assets-bug-dev', { env: devEnv }); -app.synth(); \ No newline at end of file +app.synth(); diff --git a/test/__snapshots__/main.test.ts.snap b/test/__snapshots__/main.test.ts.snap new file mode 100644 index 0000000..3ad0416 --- /dev/null +++ b/test/__snapshots__/main.test.ts.snap @@ -0,0 +1,1255 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`Snapshot 1`] = ` +{ + "Parameters": { + "BootstrapVersion": { + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", + "Type": "AWS::SSM::Parameter::Value", + }, + }, + "Resources": { + "mypipelineAssetsFileAsset18008F02D": { + "Properties": { + "Artifacts": { + "Type": "CODEPIPELINE", + }, + "Cache": { + "Type": "NO_CACHE", + }, + "Description": "Pipeline step test/Pipeline/Assets/FileAsset1", + "EncryptionKey": "alias/aws/s3", + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/standard:7.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER", + }, + "ServiceRole": { + "Fn::GetAtt": [ + "mypipelineAssetsFileRole7EA0DD74", + "Arn", + ], + }, + "Source": { + "BuildSpec": "{ + "version": "0.2", + "phases": { + "install": { + "commands": [ + "npm install -g cdk-assets@2.154.1" + ] + }, + "build": { + "commands": [ + "cdk-assets --path \\"assembly-test-my-stage/testmystagemystack99E5AD2D.assets.json\\" --verbose publish \\"4cfc7e5d073ec23fbedf66061a6290221275ac87a2477bf6b9aae76b4ca74ddf:current_account-current_region\\"" + ] + } + } +}", + "Type": "CODEPIPELINE", + }, + }, + "Type": "AWS::CodeBuild::Project", + }, + "mypipelineAssetsFileRole7EA0DD74": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "mypipelineAssetsFileRoleDefaultPolicy2EA1A2FB": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":logs:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":log-group:/aws/codebuild/*", + ], + ], + }, + }, + { + "Action": [ + "codebuild:CreateReportGroup", + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + "codebuild:BatchPutCodeCoverages", + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":codebuild:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":report-group/*", + ], + ], + }, + }, + { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild", + "codebuild:StopBuild", + ], + "Effect": "Allow", + "Resource": "*", + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::Sub": "arn:\${AWS::Partition}:iam::\${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-\${AWS::AccountId}-\${AWS::Region}", + }, + }, + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "mypipelineAssetsFileRoleDefaultPolicy2EA1A2FB", + "Roles": [ + { + "Ref": "mypipelineAssetsFileRole7EA0DD74", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "mypipelineCodeBuildActionRole476E1555": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "mypipelinePipelineRole5CD0F82F", + "Arn", + ], + }, + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "mypipelineCodeBuildActionRoleDefaultPolicy1E1B880D": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild", + "codebuild:StopBuild", + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "mypipelinePipelineBuildmybuildCdkBuildProject0F86CC81", + "Arn", + ], + }, + }, + { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild", + "codebuild:StopBuild", + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "mypipelineUpdatePipelineSelfMutation71FE2B5C", + "Arn", + ], + }, + }, + { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild", + "codebuild:StopBuild", + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "mypipelineAssetsFileAsset18008F02D", + "Arn", + ], + }, + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "mypipelineCodeBuildActionRoleDefaultPolicy1E1B880D", + "Roles": [ + { + "Ref": "mypipelineCodeBuildActionRole476E1555", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "mypipelinePipelineArtifactsBucket8063FAB3": { + "DeletionPolicy": "Retain", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "aws:kms", + }, + }, + ], + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true, + }, + }, + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Retain", + }, + "mypipelinePipelineArtifactsBucketPolicy6DA2A104": { + "Properties": { + "Bucket": { + "Ref": "mypipelinePipelineArtifactsBucket8063FAB3", + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false", + }, + }, + "Effect": "Deny", + "Principal": { + "AWS": "*", + }, + "Resource": [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":iam::", + { + "Ref": "AWS::AccountId", + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId", + }, + "-", + { + "Ref": "AWS::Region", + }, + ], + ], + }, + }, + "Resource": [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::S3::BucketPolicy", + }, + "mypipelinePipelineBuildmybuildCdkBuildProject0F86CC81": { + "Properties": { + "Artifacts": { + "Type": "CODEPIPELINE", + }, + "Cache": { + "Type": "NO_CACHE", + }, + "Description": "Pipeline step test/Pipeline/Build/my-build", + "EncryptionKey": "alias/aws/s3", + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/standard:7.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER", + }, + "ServiceRole": { + "Fn::GetAtt": [ + "mypipelinePipelineBuildmybuildCdkBuildProjectRoleC51B4970", + "Arn", + ], + }, + "Source": { + "BuildSpec": "{ + "version": "0.2", + "phases": { + "build": { + "commands": [ + "echo 'hello world'" + ] + } + }, + "artifacts": { + "base-directory": "cdk.out", + "files": "**/*" + } +}", + "Type": "CODEPIPELINE", + }, + }, + "Type": "AWS::CodeBuild::Project", + }, + "mypipelinePipelineBuildmybuildCdkBuildProjectRoleC51B4970": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "mypipelinePipelineBuildmybuildCdkBuildProjectRoleDefaultPolicyED992916": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":logs:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":log-group:/aws/codebuild/", + { + "Ref": "mypipelinePipelineBuildmybuildCdkBuildProject0F86CC81", + }, + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":logs:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":log-group:/aws/codebuild/", + { + "Ref": "mypipelinePipelineBuildmybuildCdkBuildProject0F86CC81", + }, + ":*", + ], + ], + }, + ], + }, + { + "Action": [ + "codebuild:CreateReportGroup", + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + "codebuild:BatchPutCodeCoverages", + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":codebuild:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":report-group/", + { + "Ref": "mypipelinePipelineBuildmybuildCdkBuildProject0F86CC81", + }, + "-*", + ], + ], + }, + }, + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging", + "s3:Abort*", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "mypipelinePipelineBuildmybuildCdkBuildProjectRoleDefaultPolicyED992916", + "Roles": [ + { + "Ref": "mypipelinePipelineBuildmybuildCdkBuildProjectRoleC51B4970", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "mypipelinePipelineD2793EEF": { + "DependsOn": [ + "mypipelinePipelineRoleDefaultPolicy4C54D2D1", + "mypipelinePipelineRole5CD0F82F", + ], + "Properties": { + "ArtifactStore": { + "Location": { + "Ref": "mypipelinePipelineArtifactsBucket8063FAB3", + }, + "Type": "S3", + }, + "PipelineType": "V1", + "RestartExecutionOnUpdate": true, + "RoleArn": { + "Fn::GetAtt": [ + "mypipelinePipelineRole5CD0F82F", + "Arn", + ], + }, + "Stages": [ + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Source", + "Owner": "ThirdParty", + "Provider": "GitHub", + "Version": "1", + }, + "Configuration": { + "Branch": "main", + "OAuthToken": "{{resolve:secretsmanager:github-token:SecretString:::}}", + "Owner": "my-org", + "PollForSourceChanges": false, + "Repo": "my-repo", + }, + "Name": "my-org_my-repo", + "OutputArtifacts": [ + { + "Name": "my_org_my_repo_Source", + }, + ], + "RunOrder": 1, + }, + ], + "Name": "Source", + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Build", + "Owner": "AWS", + "Provider": "CodeBuild", + "Version": "1", + }, + "Configuration": { + "EnvironmentVariables": "[{"name":"_PROJECT_CONFIG_HASH","type":"PLAINTEXT","value":"714ed1fc4768abcd1ef0eda98cb105db6e5bfe09d0825b27156559552d0c5b95"}]", + "ProjectName": { + "Ref": "mypipelinePipelineBuildmybuildCdkBuildProject0F86CC81", + }, + }, + "InputArtifacts": [ + { + "Name": "my_org_my_repo_Source", + }, + ], + "Name": "my-build", + "OutputArtifacts": [ + { + "Name": "my_build_Output", + }, + ], + "RoleArn": { + "Fn::GetAtt": [ + "mypipelineCodeBuildActionRole476E1555", + "Arn", + ], + }, + "RunOrder": 1, + }, + ], + "Name": "Build", + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Build", + "Owner": "AWS", + "Provider": "CodeBuild", + "Version": "1", + }, + "Configuration": { + "EnvironmentVariables": "[{"name":"_PROJECT_CONFIG_HASH","type":"PLAINTEXT","value":"755500dba580cfd3f3077e6f3e389e899f5999cc62dc285d9ae224f6477434b1"}]", + "ProjectName": { + "Ref": "mypipelineUpdatePipelineSelfMutation71FE2B5C", + }, + }, + "InputArtifacts": [ + { + "Name": "my_build_Output", + }, + ], + "Name": "SelfMutate", + "RoleArn": { + "Fn::GetAtt": [ + "mypipelineCodeBuildActionRole476E1555", + "Arn", + ], + }, + "RunOrder": 1, + }, + ], + "Name": "UpdatePipeline", + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Build", + "Owner": "AWS", + "Provider": "CodeBuild", + "Version": "1", + }, + "Configuration": { + "ProjectName": { + "Ref": "mypipelineAssetsFileAsset18008F02D", + }, + }, + "InputArtifacts": [ + { + "Name": "my_build_Output", + }, + ], + "Name": "FileAsset1", + "RoleArn": { + "Fn::GetAtt": [ + "mypipelineCodeBuildActionRole476E1555", + "Arn", + ], + }, + "RunOrder": 1, + }, + ], + "Name": "Assets", + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Deploy", + "Owner": "AWS", + "Provider": "CloudFormation", + "Version": "1", + }, + "Configuration": { + "ActionMode": "CHANGE_SET_REPLACE", + "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", + "ChangeSetName": "PipelineChange", + "RoleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":iam::", + { + "Ref": "AWS::AccountId", + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId", + }, + "-", + { + "Ref": "AWS::Region", + }, + ], + ], + }, + "StackName": "my-stage-my-stack", + "TemplatePath": "my_build_Output::assembly-test-my-stage/testmystagemystack99E5AD2D.template.json", + }, + "InputArtifacts": [ + { + "Name": "my_build_Output", + }, + ], + "Name": "Prepare", + "RoleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":iam::", + { + "Ref": "AWS::AccountId", + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId", + }, + "-", + { + "Ref": "AWS::Region", + }, + ], + ], + }, + "RunOrder": 1, + }, + { + "ActionTypeId": { + "Category": "Deploy", + "Owner": "AWS", + "Provider": "CloudFormation", + "Version": "1", + }, + "Configuration": { + "ActionMode": "CHANGE_SET_EXECUTE", + "ChangeSetName": "PipelineChange", + "StackName": "my-stage-my-stack", + }, + "Name": "Deploy", + "RoleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":iam::", + { + "Ref": "AWS::AccountId", + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId", + }, + "-", + { + "Ref": "AWS::Region", + }, + ], + ], + }, + "RunOrder": 2, + }, + ], + "Name": "my-stage", + }, + ], + }, + "Type": "AWS::CodePipeline::Pipeline", + }, + "mypipelinePipelineRole5CD0F82F": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codepipeline.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "mypipelinePipelineRoleDefaultPolicy4C54D2D1": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging", + "s3:Abort*", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "mypipelineCodeBuildActionRole476E1555", + "Arn", + ], + }, + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":iam::", + { + "Ref": "AWS::AccountId", + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId", + }, + "-", + { + "Ref": "AWS::Region", + }, + ], + ], + }, + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "mypipelinePipelineRoleDefaultPolicy4C54D2D1", + "Roles": [ + { + "Ref": "mypipelinePipelineRole5CD0F82F", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "mypipelinePipelineSourcemyorgmyrepoWebhookResource58E7F145": { + "Properties": { + "Authentication": "GITHUB_HMAC", + "AuthenticationConfiguration": { + "SecretToken": "{{resolve:secretsmanager:github-token:SecretString:::}}", + }, + "Filters": [ + { + "JsonPath": "$.ref", + "MatchEquals": "refs/heads/{Branch}", + }, + ], + "RegisterWithThirdParty": true, + "TargetAction": "my-org_my-repo", + "TargetPipeline": { + "Ref": "mypipelinePipelineD2793EEF", + }, + "TargetPipelineVersion": 1, + }, + "Type": "AWS::CodePipeline::Webhook", + }, + "mypipelineUpdatePipelineSelfMutation71FE2B5C": { + "Properties": { + "Artifacts": { + "Type": "CODEPIPELINE", + }, + "Cache": { + "Type": "NO_CACHE", + }, + "Description": "Pipeline step test/Pipeline/UpdatePipeline/SelfMutate", + "EncryptionKey": "alias/aws/s3", + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/standard:7.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER", + }, + "ServiceRole": { + "Fn::GetAtt": [ + "mypipelineUpdatePipelineSelfMutationRole9A4B5F96", + "Arn", + ], + }, + "Source": { + "BuildSpec": "{ + "version": "0.2", + "phases": { + "install": { + "commands": [ + "npm install -g aws-cdk@2.154.1" + ] + }, + "build": { + "commands": [ + "cdk -a . deploy test --require-approval=never --verbose" + ] + } + } +}", + "Type": "CODEPIPELINE", + }, + }, + "Type": "AWS::CodeBuild::Project", + }, + "mypipelineUpdatePipelineSelfMutationRole9A4B5F96": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "mypipelineUpdatePipelineSelfMutationRoleDefaultPolicy9FE8610D": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":logs:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":log-group:/aws/codebuild/", + { + "Ref": "mypipelineUpdatePipelineSelfMutation71FE2B5C", + }, + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":logs:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":log-group:/aws/codebuild/", + { + "Ref": "mypipelineUpdatePipelineSelfMutation71FE2B5C", + }, + ":*", + ], + ], + }, + ], + }, + { + "Action": [ + "codebuild:CreateReportGroup", + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + "codebuild:BatchPutCodeCoverages", + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":codebuild:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":report-group/", + { + "Ref": "mypipelineUpdatePipelineSelfMutation71FE2B5C", + }, + "-*", + ], + ], + }, + }, + { + "Action": "sts:AssumeRole", + "Condition": { + "ForAnyValue:StringEquals": { + "iam:ResourceTag/aws-cdk:bootstrap-role": [ + "image-publishing", + "file-publishing", + "deploy", + ], + }, + }, + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:*:iam::", + { + "Ref": "AWS::AccountId", + }, + ":role/*", + ], + ], + }, + }, + { + "Action": "cloudformation:DescribeStacks", + "Effect": "Allow", + "Resource": "*", + }, + { + "Action": "s3:ListBucket", + "Effect": "Allow", + "Resource": "*", + }, + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "mypipelinePipelineArtifactsBucket8063FAB3", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "mypipelineUpdatePipelineSelfMutationRoleDefaultPolicy9FE8610D", + "Roles": [ + { + "Ref": "mypipelineUpdatePipelineSelfMutationRole9A4B5F96", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5", + ], + { + "Ref": "BootstrapVersion", + }, + ], + }, + ], + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", + }, + ], + }, + }, +} +`; diff --git a/yarn.lock b/yarn.lock index eb1caab..8a9b00e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1219,7 +1219,7 @@ available-typed-arrays@^1.0.7: dependencies: possible-typed-array-names "^1.0.0" -aws-cdk-lib@^2.1.0: +aws-cdk-lib@^2.154.1: version "2.154.1" resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.154.1.tgz#92888bca6b196ab3ae27adad43e85a14fa81f9c4" integrity sha512-XV04/XyNKJ2yyMfYsiSmWx+rIKwTrcrd87p61t4xhE240Iy6Y6LxXVdvkNEOjjbeXVmOUQ7JBG9cW1BeeFiDgg== @@ -1240,7 +1240,7 @@ aws-cdk-lib@^2.1.0: table "^6.8.2" yaml "1.10.2" -aws-cdk@^2.1.0: +aws-cdk@^2.154.1: version "2.154.1" resolved "https://registry.yarnpkg.com/aws-cdk/-/aws-cdk-2.154.1.tgz#0d30d289512243044e4361abc92072f674489d9b" integrity sha512-yJoLTo+fUHRLD4YQMt/QoOPgiT/daci4I5KcaDK8Cx2fWA0Z3h5U9+bWS3ah+8OeZ91fciNCwt6Yt/0p+cp2GQ==