Skip to content

Commit

Permalink
Merge branch 'main' into fix/ivs-physical-name
Browse files Browse the repository at this point in the history
  • Loading branch information
mergify[bot] authored Mar 22, 2023
2 parents 4e58586 + a51346e commit 0f9bf75
Show file tree
Hide file tree
Showing 75 changed files with 2,959 additions and 332 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/auto-approve.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,6 @@ jobs:
permissions:
pull-requests: write
steps:
- uses: hmarr/auto-approve-action@v3.2.0
- uses: hmarr/auto-approve-action@v3.2.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
54 changes: 47 additions & 7 deletions packages/@aws-cdk/aws-autoscaling/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,11 @@ declare const vpc: ec2.Vpc;
new autoscaling.AutoScalingGroup(this, 'ASG', {
vpc,
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO),
machineImage: new ec2.AmazonLinuxImage() // get the latest Amazon Linux image

// The latest Amazon Linux image of a particular generation
machineImage: ec2.MachineImage.latestAmazonLinux({
generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
}),
});
```

Expand All @@ -41,7 +45,9 @@ const mySecurityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', { vpc });
new autoscaling.AutoScalingGroup(this, 'ASG', {
vpc,
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO),
machineImage: new ec2.AmazonLinuxImage(),
machineImage: ec2.MachineImage.latestAmazonLinux({
generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
}),
securityGroup: mySecurityGroup,
});
```
Expand Down Expand Up @@ -538,6 +544,40 @@ new autoscaling.AutoScalingGroup(this, 'ASG', {
});
```

## Connecting to your instances using SSM Session Manager

SSM Session Manager makes it possible to connect to your instances from the
AWS Console, without preparing SSH keys.

To do so, you need to:

* Use an image with [SSM agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) installed
and configured. [Many images come with SSM Agent
preinstalled](https://docs.aws.amazon.com/systems-manager/latest/userguide/ami-preinstalled-agent.html), otherwise you
may need to manually put instructions to [install SSM
Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html) into your
instance's UserData or use EC2 Init).
* Create the AutoScalingGroup with `ssmSessionPermissions: true`.

If these conditions are met, you can connect to the instance from the EC2 Console. Example:

```ts
declare const vpc: ec2.Vpc;

new autoscaling.AutoScalingGroup(this, 'ASG', {
vpc,
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO),

// Amazon Linux 2 comes with SSM Agent by default
machineImage: ec2.MachineImage.latestAmazonLinux({
generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
}),

// Turn on SSM
ssmSessionPermissions: true,
});
```

## Configuring Instance Metadata Service (IMDS)

### Toggling IMDSv1
Expand Down Expand Up @@ -596,13 +636,13 @@ autoScalingGroup.addWarmPool({

### Default Instance Warming

You can use the default instance warmup feature to improve the Amazon CloudWatch metrics used for dynamic scaling.
When default instance warmup is not enabled, each instance starts contributing usage data to the aggregated metrics
as soon as the instance reaches the InService state. However, if you enable default instance warmup, this lets
You can use the default instance warmup feature to improve the Amazon CloudWatch metrics used for dynamic scaling.
When default instance warmup is not enabled, each instance starts contributing usage data to the aggregated metrics
as soon as the instance reaches the InService state. However, if you enable default instance warmup, this lets
your instances finish warming up before they contribute the usage data.

To optimize the performance of scaling policies that scale continuously, such as target tracking and step scaling
policies, we strongly recommend that you enable the default instance warmup, even if its value is set to 0 seconds.
To optimize the performance of scaling policies that scale continuously, such as target tracking and step scaling
policies, we strongly recommend that you enable the default instance warmup, even if its value is set to 0 seconds.

To set up Default Instance Warming for an autoscaling group, simply pass it in as a prop

Expand Down
21 changes: 21 additions & 0 deletions packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,23 @@ export interface CommonAutoScalingGroupProps {
*
*/
readonly capacityRebalance?: boolean;

/**
* Add SSM session permissions to the instance role
*
* Setting this to `true` adds the necessary permissions to connect
* to the instance using SSM Session Manager. You can do this
* from the AWS Console.
*
* NOTE: Setting this flag to `true` may not be enough by itself.
* You must also use an AMI that comes with the SSM Agent, or install
* the SSM Agent yourself. See
* [Working with SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html)
* in the SSM Developer Guide.
*
* @default false
*/
readonly ssmSessionPermissions?: boolean;
}

/**
Expand Down Expand Up @@ -1278,6 +1295,10 @@ export class AutoScalingGroup extends AutoScalingGroupBase implements

this.grantPrincipal = this._role;

if (props.ssmSessionPermissions) {
this.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore'));
}

const iamProfile = new iam.CfnInstanceProfile(this, 'InstanceProfile', {
roles: [this.role.roleName],
});
Expand Down
24 changes: 24 additions & 0 deletions packages/@aws-cdk/aws-autoscaling/test/auto-scaling-group.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2051,6 +2051,30 @@ test('add price-capacity-optimized', () => {
});
});

test('ssm permissions adds right managed policy', () => {
// GIVEN
const stack = new cdk.Stack();

// WHEN
new autoscaling.AutoScalingGroup(stack, 'mip-asg', {
vpc: mockVpc(stack),
machineImage: new AmazonLinuxImage(),
instanceType: InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.LARGE),
ssmSessionPermissions: true,
});

Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', {
ManagedPolicyArns: [
{
'Fn::Join': ['', [
'arn:',
{ Ref: 'AWS::Partition' },
':iam::aws:policy/AmazonSSMManagedInstanceCore',
]],
},
],
});
});

function mockSecurityGroup(stack: cdk.Stack) {
return ec2.SecurityGroup.fromSecurityGroupId(stack, 'MySG', 'most-secure');
Expand Down
15 changes: 15 additions & 0 deletions packages/@aws-cdk/aws-cloudwatch/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -697,3 +697,18 @@ new cloudwatch.Row(widgetA, widgetB);

You can add a widget after object instantiation with the method
`addWidget()`.

### Interval duration for dashboard

Interval duration for metrics in dashboard. You can specify `defaultInterval` with
the relative time(eg. 7 days) as `cdk.Duration.days(7)`.

```ts
import * as cw from '@aws-cdk/aws-cloudwatch';

const dashboard = new cw.Dashboard(stack, 'Dash', {
defaultInterval: cdk.Duration.days(7),
});
```

Here, the dashboard would show the metrics for the last 7 days.
18 changes: 15 additions & 3 deletions packages/@aws-cdk/aws-cloudwatch/lib/dashboard.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { Lazy, Resource, Stack, Token, Annotations } from '@aws-cdk/core';
import { Lazy, Resource, Stack, Token, Annotations, Duration } from '@aws-cdk/core';
import { Construct } from 'constructs';
import { CfnDashboard } from './cloudwatch.generated';
import { Column, Row } from './layout';
Expand Down Expand Up @@ -31,6 +31,14 @@ export interface DashboardProps {
*/
readonly dashboardName?: string;

/**
* Interval duration for metrics.
* You can specify defaultInterval with the relative time(eg. cdk.Duration.days(7)).
*
* @default When the dashboard loads, the defaultInterval time will be the default time range.
*/
readonly defaultInterval?: Duration

/**
* The start of the time range to use for each widget on the dashboard.
* You can specify start without specifying end to specify a relative time range that ends with the current time.
Expand Down Expand Up @@ -107,15 +115,19 @@ export class Dashboard extends Resource {
}
}

if (props.start !== undefined && props.defaultInterval !== undefined) {
throw ('both properties defaultInterval and start cannot be set at once');
}

const dashboard = new CfnDashboard(this, 'Resource', {
dashboardName: this.physicalName,
dashboardBody: Lazy.string({
produce: () => {
const column = new Column(...this.rows);
column.position(0, 0);
return Stack.of(this).toJsonString({
start: props.start,
end: props.end,
start: props.defaultInterval !== undefined ? `-${props.defaultInterval?.toIsoString()}` : props.start,
end: props.defaultInterval !== undefined ? undefined : props.end,
periodOverride: props.periodOverride,
widgets: column.toJson(),
});
Expand Down
27 changes: 26 additions & 1 deletion packages/@aws-cdk/aws-cloudwatch/test/dashboard.test.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { Template, Annotations, Match } from '@aws-cdk/assertions';
import { App, Stack } from '@aws-cdk/core';
import { App, Duration, Stack } from '@aws-cdk/core';
import { Dashboard, GraphWidget, PeriodOverride, TextWidget, MathExpression, TextWidgetBackground } from '../lib';

describe('Dashboard', () => {
Expand Down Expand Up @@ -131,6 +131,31 @@ describe('Dashboard', () => {

});

test('defaultInterval test', () => {
// GIVEN
const stack = new Stack();
// WHEN
const dashboard = new Dashboard(stack, 'Dash', {
defaultInterval: Duration.days(7),
});
dashboard.addWidgets(
new GraphWidget({ width: 1, height: 1 }), // GraphWidget has internal reference to current region
);

// THEN
Template.fromStack(stack).hasResourceProperties('AWS::CloudWatch::Dashboard', {
DashboardBody: {
'Fn::Join': ['', [
'{"start":"-P7D",\
"widgets":[{"type":"metric","width":1,"height":1,"x":0,"y":0,"properties":{"view":"timeSeries","region":"',
{ Ref: 'AWS::Region' },
'","yAxis":{}}}]}',
]],
},
});

});

test('DashboardName is set when provided', () => {
// GIVEN
const app = new App();
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "30.0.0",
"version": "31.0.0",
"files": {
"21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
"source": {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
{
"version": "30.0.0",
"version": "31.0.0",
"files": {
"53eb5ec97b9df3953bc84bdc2aee87ace7b502c665b7e5b9f7b7d14dd46cea69": {
"1a70f8470c838c02020b9010528363b17eebd55d55c1a53fb3e0f6760a606c98": {
"source": {
"path": "DashboardIntegrationTestStack.template.json",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "53eb5ec97b9df3953bc84bdc2aee87ace7b502c665b7e5b9f7b7d14dd46cea69.json",
"objectKey": "1a70f8470c838c02020b9010528363b17eebd55d55c1a53fb3e0f6760a606c98.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"DashCCD7F836": {
"Type": "AWS::CloudWatch::Dashboard",
"Properties": {
"DashboardBody": "{\"widgets\":[{\"type\":\"text\",\"width\":6,\"height\":2,\"x\":0,\"y\":0,\"properties\":{\"markdown\":\"I don't have a background\",\"background\":\"transparent\"}}]}"
"DashboardBody": "{\"start\":\"-P7D\",\"widgets\":[{\"type\":\"text\",\"width\":6,\"height\":2,\"x\":0,\"y\":0,\"properties\":{\"markdown\":\"I don't have a background\",\"background\":\"transparent\"}}]}"
}
}
},
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"version":"30.0.0"}
{"version":"31.0.0"}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "30.0.0",
"version": "31.0.0",
"testCases": {
"DashboardIntegrationTest/DefaultTest": {
"stacks": [
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "30.0.0",
"version": "31.0.0",
"artifacts": {
"DashboardIntegrationTestStack.assets": {
"type": "cdk:asset-manifest",
Expand All @@ -17,7 +17,7 @@
"validateOnSynth": false,
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/53eb5ec97b9df3953bc84bdc2aee87ace7b502c665b7e5b9f7b7d14dd46cea69.json",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1a70f8470c838c02020b9010528363b17eebd55d55c1a53fb3e0f6760a606c98.json",
"requiresBootstrapStackVersion": 6,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
"additionalDependencies": [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
"attributes": {
"aws:cdk:cloudformation:type": "AWS::CloudWatch::Dashboard",
"aws:cdk:cloudformation:props": {
"dashboardBody": "{\"widgets\":[{\"type\":\"text\",\"width\":6,\"height\":2,\"x\":0,\"y\":0,\"properties\":{\"markdown\":\"I don't have a background\",\"background\":\"transparent\"}}]}"
"dashboardBody": "{\"start\":\"-P7D\",\"widgets\":[{\"type\":\"text\",\"width\":6,\"height\":2,\"x\":0,\"y\":0,\"properties\":{\"markdown\":\"I don't have a background\",\"background\":\"transparent\"}}]}"
}
},
"constructInfo": {
Expand Down Expand Up @@ -75,7 +75,7 @@
"path": "DashboardIntegrationTest/DefaultTest/Default",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.252"
"version": "10.1.270"
}
},
"DeployAssert": {
Expand Down Expand Up @@ -121,7 +121,7 @@
"path": "Tree",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.252"
"version": "10.1.270"
}
}
},
Expand Down
4 changes: 3 additions & 1 deletion packages/@aws-cdk/aws-cloudwatch/test/integ.dashboard.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ const app = new cdk.App();

const stack = new cdk.Stack(app, 'DashboardIntegrationTestStack');

const dashboard = new cloudwatch.Dashboard(stack, 'Dash');
const dashboard = new cloudwatch.Dashboard(stack, 'Dash', {
defaultInterval: cdk.Duration.days(7),
});

dashboard.addWidgets(new cloudwatch.TextWidget({
markdown: 'I don\'t have a background',
Expand Down
Loading

0 comments on commit 0f9bf75

Please sign in to comment.