From 5dc1d96e77ec2359a77aed7266c4e7769d04e084 Mon Sep 17 00:00:00 2001 From: Iiro Huikko Date: Fri, 23 Oct 2020 21:58:56 +0300 Subject: [PATCH 1/3] fix(ses-actions): invalid action in policy statement created when using SES S3 action (#11061) Current SES S3 action does not work out of the box because there is a typo in a policy statement action. This PR fixes that `km:Encrypt` => `kms:Encrypt`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-ses-actions/lib/s3.ts | 2 +- packages/@aws-cdk/aws-ses-actions/test/actions.test.ts | 2 +- .../@aws-cdk/aws-ses-actions/test/integ.actions.expected.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-ses-actions/lib/s3.ts b/packages/@aws-cdk/aws-ses-actions/lib/s3.ts index 35014d7a381f9..9be2fd8750378 100644 --- a/packages/@aws-cdk/aws-ses-actions/lib/s3.ts +++ b/packages/@aws-cdk/aws-ses-actions/lib/s3.ts @@ -72,7 +72,7 @@ export class S3 implements ses.IReceiptRuleAction { // See https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-permissions.html#receiving-email-permissions-kms if (this.props.kmsKey && !/alias\/aws\/ses$/.test(this.props.kmsKey.keyArn)) { const kmsStatement = new iam.PolicyStatement({ - actions: ['km:Encrypt', 'kms:GenerateDataKey'], + actions: ['kms:Encrypt', 'kms:GenerateDataKey'], principals: [new iam.ServicePrincipal('ses.amazonaws.com')], resources: ['*'], conditions: { diff --git a/packages/@aws-cdk/aws-ses-actions/test/actions.test.ts b/packages/@aws-cdk/aws-ses-actions/test/actions.test.ts index fb84ae69a372b..3a963fcf3f24b 100644 --- a/packages/@aws-cdk/aws-ses-actions/test/actions.test.ts +++ b/packages/@aws-cdk/aws-ses-actions/test/actions.test.ts @@ -267,7 +267,7 @@ test('add s3 action', () => { }, { Action: [ - 'km:Encrypt', + 'kms:Encrypt', 'kms:GenerateDataKey', ], Condition: { diff --git a/packages/@aws-cdk/aws-ses-actions/test/integ.actions.expected.json b/packages/@aws-cdk/aws-ses-actions/test/integ.actions.expected.json index db7a2a0f70eaa..2bde038826803 100644 --- a/packages/@aws-cdk/aws-ses-actions/test/integ.actions.expected.json +++ b/packages/@aws-cdk/aws-ses-actions/test/integ.actions.expected.json @@ -161,7 +161,7 @@ }, { "Action": [ - "km:Encrypt", + "kms:Encrypt", "kms:GenerateDataKey" ], "Condition": { @@ -389,4 +389,4 @@ } } } -} \ No newline at end of file +} From 7435db853636628a60c8aa465481fc01136aa4a1 Mon Sep 17 00:00:00 2001 From: Shiv Lakshminarayan Date: Fri, 23 Oct 2020 12:26:49 -0700 Subject: [PATCH 2/3] feat(cognito): Cognito User Pools is now in Generally Available (stable) (#11003) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-cognito/README.md | 4 ++-- packages/@aws-cdk/aws-cognito/package.json | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito/README.md b/packages/@aws-cdk/aws-cognito/README.md index 2974610b23b1c..7160d9cf60efc 100644 --- a/packages/@aws-cdk/aws-cognito/README.md +++ b/packages/@aws-cdk/aws-cognito/README.md @@ -5,12 +5,12 @@ | Features | Stability | | --- | --- | | CFN Resources | ![Stable](https://img.shields.io/badge/stable-success.svg?style=for-the-badge) | -| Higher level constructs for User Pools | ![Developer Preview](https://img.shields.io/badge/developer--preview-informational.svg?style=for-the-badge) | +| Higher level constructs for User Pools | ![Stable](https://img.shields.io/badge/stable-success.svg?style=for-the-badge) | | Higher level constructs for Identity Pools | ![Not Implemented](https://img.shields.io/badge/not--implemented-black.svg?style=for-the-badge) | > **CFN Resources:** All classes with the `Cfn` prefix in this module ([CFN Resources](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) are always stable and safe to use. -> **Developer Preview:** Higher level constructs in this module that are marked as developer preview have completed their phase of active development and are looking for adoption and feedback. While the same caveats around non-backward compatible as Experimental constructs apply, they will undergo fewer breaking changes. Just as with Experimental constructs, these are not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be announced in the release notes. +> **Stable:** Higher level constructs in this module that are marked stable will not undergo any breaking changes. They will strictly follow the [Semantic Versioning](https://semver.org/) model. --- diff --git a/packages/@aws-cdk/aws-cognito/package.json b/packages/@aws-cdk/aws-cognito/package.json index c54873f73863e..423f7cca2eae4 100644 --- a/packages/@aws-cdk/aws-cognito/package.json +++ b/packages/@aws-cdk/aws-cognito/package.json @@ -111,12 +111,12 @@ "props-physical-name:@aws-cdk/aws-cognito.UserPoolIdentityProviderGoogleProps" ] }, - "stability": "experimental", - "maturity": "developer-preview", + "stability": "stable", + "maturity": "stable", "features": [ { "name": "Higher level constructs for User Pools", - "stability": "Developer Preview" + "stability": "Stable" }, { "name": "Higher level constructs for Identity Pools", From f4f53a65e55d895338aecf8cb63637c6d265b929 Mon Sep 17 00:00:00 2001 From: wtho Date: Fri, 23 Oct 2020 21:54:42 +0200 Subject: [PATCH 3/3] feat(lambda-event-sources): disable source mapping (#10927) Specifically, it enables this flag in the props of which resources use an underlying Cfn EventSourceMapping, which carries the Enabled flag itself. These are currently: SQS, DynamoDb Streams and Kinesis. MSK is also listed in the Cfn Docs, but I could not find MSK in `lambda-event-sources`. Closes #5750 - [X] Added Unit Tests - [X] Documented addition in `README.md` This change is not breaking. I did not add integration tests so far, but could write some if required. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-lambda-event-sources/README.md | 3 +++ .../aws-lambda-event-sources/lib/sqs.ts | 8 ++++++ .../aws-lambda-event-sources/lib/stream.ts | 8 ++++++ .../test/test.dynamo.ts | 26 +++++++++++++++++++ .../test/test.kinesis.ts | 20 ++++++++++++++ .../aws-lambda-event-sources/test/test.sqs.ts | 19 ++++++++++++++ 6 files changed, 84 insertions(+) diff --git a/packages/@aws-cdk/aws-lambda-event-sources/README.md b/packages/@aws-cdk/aws-lambda-event-sources/README.md index b88ce808a9d9f..9f33fb689b54d 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/README.md +++ b/packages/@aws-cdk/aws-lambda-event-sources/README.md @@ -51,6 +51,7 @@ behavior: * __receiveMessageWaitTime__: Will determine [long poll](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-long-polling.html) duration. The default value is 20 seconds. +* __enabled__: If the SQS event source mapping should be enabled. The default is true. ```ts import * as sqs from '@aws-cdk/aws-sqs'; @@ -145,6 +146,7 @@ and add it to your Lambda function. The following parameters will impact Amazon * __parallelizationFactor__: The number of batches to concurrently process on each shard. * __retryAttempts__: The maximum number of times a record should be retried in the event of failure. * __startingPosition__: Will determine where to being consumption, either at the most recent ('LATEST') record or the oldest record ('TRIM_HORIZON'). 'TRIM_HORIZON' will ensure you process all available data, while 'LATEST' will ignore all records that arrived prior to attaching the event source. +* __enabled__: If the DynamoDB Streams event source mapping should be enabled. The default is true. ```ts import * as dynamodb from '@aws-cdk/aws-dynamodb'; @@ -188,6 +190,7 @@ behavior: * __parallelizationFactor__: The number of batches to concurrently process on each shard. * __retryAttempts__: The maximum number of times a record should be retried in the event of failure. * __startingPosition__: Will determine where to being consumption, either at the most recent ('LATEST') record or the oldest record ('TRIM_HORIZON'). 'TRIM_HORIZON' will ensure you process all available data, while 'LATEST' will ignore all records that arrived prior to attaching the event source. +* __enabled__: If the DynamoDB Streams event source mapping should be enabled. The default is true. ```ts import * as lambda from '@aws-cdk/aws-lambda'; diff --git a/packages/@aws-cdk/aws-lambda-event-sources/lib/sqs.ts b/packages/@aws-cdk/aws-lambda-event-sources/lib/sqs.ts index 9badef3e6f8bc..2c379e128541c 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/lib/sqs.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/lib/sqs.ts @@ -12,6 +12,13 @@ export interface SqsEventSourceProps { * @default 10 */ readonly batchSize?: number; + + /** + * If the SQS event source mapping should be enabled. + * + * @default true + */ + readonly enabled?: boolean; } /** @@ -29,6 +36,7 @@ export class SqsEventSource implements lambda.IEventSource { public bind(target: lambda.IFunction) { const eventSourceMapping = target.addEventSourceMapping(`SqsEventSource:${this.queue.node.uniqueId}`, { batchSize: this.props.batchSize, + enabled: this.props.enabled, eventSourceArn: this.queue.queueArn, }); this._eventSourceMappingId = eventSourceMapping.eventSourceMappingId; diff --git a/packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts b/packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts index 5dd6570c29712..d18eaaf3f947c 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts @@ -77,6 +77,13 @@ export interface StreamEventSourceProps { * @default Duration.seconds(0) */ readonly maxBatchingWindow?: Duration; + + /** + * If the stream event source mapping should be enabled. + * + * @default true + */ + readonly enabled?: boolean; } /** @@ -99,6 +106,7 @@ export abstract class StreamEventSource implements lambda.IEventSource { retryAttempts: this.props.retryAttempts, parallelizationFactor: this.props.parallelizationFactor, onFailure: this.props.onFailure, + enabled: this.props.enabled, }; } } diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/test.dynamo.ts b/packages/@aws-cdk/aws-lambda-event-sources/test/test.dynamo.ts index ec8de1664ac26..41d8535d90235 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/test.dynamo.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/test.dynamo.ts @@ -596,4 +596,30 @@ export = { test.done(); }, + + 'event source disabled'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const fn = new TestFunction(stack, 'Fn'); + const table = new dynamodb.Table(stack, 'T', { + partitionKey: { + name: 'id', + type: dynamodb.AttributeType.STRING, + }, + stream: dynamodb.StreamViewType.NEW_IMAGE, + }); + + // WHEN + fn.addEventSource(new sources.DynamoEventSource(table, { + startingPosition: lambda.StartingPosition.LATEST, + enabled: false, + })); + + //THEN + expect(stack).to(haveResource('AWS::Lambda::EventSourceMapping', { + 'Enabled': false, + })); + + test.done(); + }, }; diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/test.kinesis.ts b/packages/@aws-cdk/aws-lambda-event-sources/test/test.kinesis.ts index 6fea04f3d9089..b8791c99017ec 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/test.kinesis.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/test.kinesis.ts @@ -210,4 +210,24 @@ export = { test.throws(() => eventSource.eventSourceMappingId, /KinesisEventSource is not yet bound to an event source mapping/); test.done(); }, + + 'event source disabled'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const fn = new TestFunction(stack, 'Fn'); + const stream = new kinesis.Stream(stack, 'S'); + const eventSource = new sources.KinesisEventSource(stream, { + startingPosition: lambda.StartingPosition.LATEST, + enabled: false, + }); + + // WHEN + fn.addEventSource(eventSource); + + // THEN + expect(stack).to(haveResource('AWS::Lambda::EventSourceMapping', { + 'Enabled': false, + })); + test.done(); + }, }; diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/test.sqs.ts b/packages/@aws-cdk/aws-lambda-event-sources/test/test.sqs.ts index c2fcf18239b64..fd02dda47a304 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/test.sqs.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/test.sqs.ts @@ -138,4 +138,23 @@ export = { test.throws(() => eventSource.eventSourceMappingId, /SqsEventSource is not yet bound to an event source mapping/); test.done(); }, + + 'event source disabled'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const fn = new TestFunction(stack, 'Fn'); + const q = new sqs.Queue(stack, 'Q'); + + // WHEN + fn.addEventSource(new sources.SqsEventSource(q, { + enabled: false, + })); + + // THEN + expect(stack).to(haveResource('AWS::Lambda::EventSourceMapping', { + 'Enabled': false, + })); + + test.done(); + }, };