diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 42c6427330b45..dab556bf17858 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.157.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.156.0-alpha.0...v2.157.0-alpha.0) (2024-09-09) + ## [2.156.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.155.0-alpha.0...v2.156.0-alpha.0) (2024-09-05) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index cdc02868e4599..36531fa7924f1 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,20 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.157.0](https://github.com/aws/aws-cdk/compare/v2.156.0...v2.157.0) (2024-09-09) + + +### Features + +* update L1 CloudFormation resource definitions ([#31361](https://github.com/aws/aws-cdk/issues/31361)) ([bc4dbfd](https://github.com/aws/aws-cdk/commit/bc4dbfdb05a1fe02d30c4724958d09f239a3656f)) +* **appsync:** support DEBUG and INFO logging levels for AppSync GraphQL APIs ([#31326](https://github.com/aws/aws-cdk/issues/31326)) ([4b9643f](https://github.com/aws/aws-cdk/commit/4b9643f28edc2c530809931ccd7a17a811891af2)) +* **lambda:** added new property allowAllIpv6Outbound to FunctionOptions ([#31013](https://github.com/aws/aws-cdk/issues/31013)) ([fa55194](https://github.com/aws/aws-cdk/commit/fa55194698960b9161590e05cf1138a813315615)), closes [#30994](https://github.com/aws/aws-cdk/issues/30994) [/github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts#L272](https://github.com/aws//github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts/issues/L272) [/github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L146C18-L146C33](https://github.com/aws//github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts/issues/L146C18-L146C33) [/github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L296C12-L296C28](https://github.com/aws//github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts/issues/L296C12-L296C28) [/github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1464C11-L1464C23](https://github.com/aws//github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts/issues/L1464C11-L1464C23) [/github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1503](https://github.com/aws//github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts/issues/L1503) + + +### Bug Fixes + +* **rds:** proxy target group does not depend on database instances when using writer property for database cluster ([#31354](https://github.com/aws/aws-cdk/issues/31354)) ([6542207](https://github.com/aws/aws-cdk/commit/65422077123fa5870106e29594b8f0392484da3f)), closes [#31304](https://github.com/aws/aws-cdk/issues/31304) [/github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts#L535-L539](https://github.com/aws//github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts/issues/L535-L539) + ## [2.156.0](https://github.com/aws/aws-cdk/compare/v2.155.0...v2.156.0) (2024-09-05) @@ -15,7 +29,7 @@ All notable changes to this project will be documented in this file. See [standa * **eks:** support alb controller versions 2.7.0-2.8.2 ([#31264](https://github.com/aws/aws-cdk/issues/31264)) ([a3863a6](https://github.com/aws/aws-cdk/commit/a3863a6b5607dd462b3774f01f21d9dea4fd15d5)) * **events-targets:** support for `RedshiftDataParameters` ([#29462](https://github.com/aws/aws-cdk/issues/29462)) ([84c6442](https://github.com/aws/aws-cdk/commit/84c6442d6a4253472df1fee5589f154590bae182)), closes [#15712](https://github.com/aws/aws-cdk/issues/15712) [#31017](https://github.com/aws/aws-cdk/issues/31017) * **synthetics:** syn-nodejs-puppeteer-9.0 as supported runtime ([#31272](https://github.com/aws/aws-cdk/issues/31272)) ([c1d7782](https://github.com/aws/aws-cdk/commit/c1d778254346aea444ae844a17d0cab296cce4bb)), closes [#31271](https://github.com/aws/aws-cdk/issues/31271) - +* **custom-resources:** update python runtime for custom resources ([#31166](https://github.com/aws/aws-cdk/pull/31166)) ([03ebca8](https://github.com/aws/aws-cdk/commit/03ebca8a9768b6415e6942893e0310ac412d4b80)), closes [#31245](https://github.com/aws/aws-cdk/issues/31245) ### Bug Fixes diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index dc40e8d24d86b..6bd1959a5e67b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,6 +18,7 @@ let us know if it's not up-to-date (even better, submit a PR with your correctio - [Publishing Your Own Package](#publishing-your-own-package) - [Trust and Third Party Packages](#trust-and-third-party-packages) - [Third Party Package Administration](#third-party-package-administration) +- [Quick Start](#quick-start) - [Getting Started](#getting-started) - [Local setup](#setup) - [Dev Container](#dev-container) @@ -124,7 +125,7 @@ This is by far the strongest signal you can give to the CDK team that a feature #### Trust and Third Party Packages -An argument we commonly hear why contributors don't want to publish their contributions in their own packages, is that organizations have restrictions on what packages they allow to be used and these restrictions commonly include limiting usage of packages to those owned and distributed only from trusted sources. We recognize trust is an important part of the software dependency chain, and we take that into consideration when evaluating contributions in aws-cdk. However, not everything can be owned by the aws-cdk team. Strictly from a technical limitation perspective, `aws-cdk-lib` is big. Continuing a system that makes it, potentially, many multiple times bigger, has a cost on usability. Additionally, as the surface area widens, the aws-cdk team becomes stretched ever thinner and isn't able to property maintain what we own. +An argument we commonly hear why contributors don't want to publish their contributions in their own packages, is that organizations have restrictions on what packages they allow to be used and these restrictions commonly include limiting usage of packages to those owned and distributed only from trusted sources. We recognize trust is an important part of the software dependency chain, and we take that into consideration when evaluating contributions in aws-cdk. However, not everything can be owned by the aws-cdk team. Strictly from a technical limitation perspective, `aws-cdk-lib` is big. Continuing a system that makes it, potentially, many multiple times bigger, has a cost on usability. Additionally, as the surface area widens, the aws-cdk team becomes stretched ever thinner and isn't able to properly maintain what we own. That being said, "trust", isn't as black and white as "it's owned by aws, so it's okay". The best way to trust that the packages you depend on to help generate your aws resources is to use [policy validation](https://docs.aws.amazon.com/cdk/v2/guide/policy-validation-synthesis.html) on the output of your application in order to ensure it is following the rules that are important to you or your organization. @@ -136,6 +137,62 @@ Another reason we hear from authors that they don't want to publish their own pa 1. [Publib](https://github.com/cdklabs/publib) - A toolchain for publishing packages to multiple repositories. A lot of this is included in projen and we recommend using that instead of publib directly, but it may be useful for specific cases. 1. [Construct Hub](https://constructs.dev) - An index of all construct libraries published to NPM. When you publish a construct library, it will automatically have documentation generated and published to Construct Hub. +## Quick Start + +### Setup +Fork the aws-cdk repository into your account: https://github.com/aws/aws-cdk/fork + +Clone the forked repository: +```console +$ git clone https://github.com/{your-account}/aws-cdk.git +$ cd aws-cdk +$ yarn install +``` + +Before you create a pull request: +* Write code changes +* Write unit tests +* Write integ tests (aws-cdk/packages/@aws-cdk-testing/) +* Commit changes and push to remote branch + +Build the entire aws-cdk repo (this may take some time): +```console +$ npx lerna run build --skip-nx-cache +``` + +### Testing +Run the unit tests for the modules(e.g. aws-lambda) you've changed: +```console +$ cd aws-cdk/packages/aws-cdk-lib +$ yarn test aws-lambda +``` + +Run the integration tests for the modules(e.g. aws-lambda) you've changed: +```console +$ cd aws-cdk/packages/@aws-cdk-testing/framework-integ +$ yarn integ test/aws-lambda/test/integ.lambda.js --update-on-failed +``` + +If you've made changes to sample code in any README, ensure those examples compile with: +```console +$ /bin/bash ./scripts/run-rosetta.sh +``` + +### Linking +If you would like to test your code changes against a CDK App, create the App and link your local CDK with it: +```console +$ mkdir cdkApp # in parent dir of aws-cdk +$ cd cdkApp +$ npx cdk init app --language typescript +$ npx cdk --version # shows the latest CDK version e.g. 2.155.0 (build 34dcc5a) +$ ../aws-cdk/link-all.sh # link the aws-cdk repo with your cdkApp +$ npx cdk --version # verify linked cdk version 0.0.0 +# Define the resource that uses your aws-cdk changes in cdkApp lib folder +$ npx cdk deploy # deploy successfully +``` + +Congratulations! Create pull request for review. + ## Getting Started The following steps describe how to set up the AWS CDK repository on your local machine. @@ -154,7 +211,7 @@ The following tools need to be installed on your system prior to installing the - [Docker >= 19.03](https://docs.docker.com/get-docker/) - the Docker daemon must also be running -First fork the repository, and then run the following commands to clone the repository locally. +First fork the repository https://github.com/aws/aws-cdk/fork, and then run the following commands to clone the repository locally. ```console $ git clone https://github.com/{your-account}/aws-cdk.git diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets.json new file mode 100644 index 0000000000000..5488e46f889eb --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/asset.e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/asset.e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035/index.js new file mode 100644 index 0000000000000..ae6165a46ea1e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/asset.e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035/index.js @@ -0,0 +1 @@ +"use strict";var h=Object.create;var d=Object.defineProperty;var w=Object.getOwnPropertyDescriptor;var f=Object.getOwnPropertyNames;var C=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty;var b=(e,o)=>{for(var n in o)d(e,n,{get:o[n],enumerable:!0})},p=(e,o,n,t)=>{if(o&&typeof o=="object"||typeof o=="function")for(let r of f(o))!P.call(e,r)&&r!==n&&d(e,r,{get:()=>o[r],enumerable:!(t=w(o,r))||t.enumerable});return e};var S=(e,o,n)=>(n=e!=null?h(C(e)):{},p(o||!e||!e.__esModule?d(n,"default",{value:e,enumerable:!0}):n,e)),G=e=>p(d({},"__esModule",{value:!0}),e);var q={};b(q,{handler:()=>E});module.exports=G(q);var i=S(require("@aws-sdk/client-cloudwatch-logs"));async function R(e,o,n){await n(async()=>{try{let t={logGroupName:e},r=new i.CreateLogGroupCommand(t);await o.send(r)}catch(t){if(t.name==="ResourceAlreadyExistsException")return;throw t}})}async function x(e,o,n){await n(async()=>{try{let t={logGroupName:e},r=new i.DeleteLogGroupCommand(t);await o.send(r)}catch(t){if(t.name==="ResourceNotFoundException")return;throw t}})}async function y(e,o,n,t){await n(async()=>{if(t){let r={logGroupName:e,retentionInDays:t},s=new i.PutRetentionPolicyCommand(r);await o.send(s)}else{let r={logGroupName:e},s=new i.DeleteRetentionPolicyCommand(r);await o.send(s)}})}async function E(e,o){try{console.log(JSON.stringify({...e,ResponseURL:"..."}));let t=e.ResourceProperties.LogGroupName,r=e.ResourceProperties.LogGroupRegion,s=L(e.ResourceProperties.SdkRetry?.maxRetries)??5,a=I(s),m={logger:console,region:r,maxAttempts:Math.max(5,s)},c=new i.CloudWatchLogsClient(m);if((e.RequestType==="Create"||e.RequestType==="Update")&&(await R(t,c,a),await y(t,c,a,L(e.ResourceProperties.RetentionInDays)),e.RequestType==="Create")){let g=new i.CloudWatchLogsClient({logger:console,region:process.env.AWS_REGION});await R(`/aws/lambda/${o.functionName}`,g,a),await y(`/aws/lambda/${o.functionName}`,g,a,1)}e.RequestType==="Delete"&&e.ResourceProperties.RemovalPolicy==="destroy"&&await x(t,c,a),await n("SUCCESS","OK",t)}catch(t){console.log(t),await n("FAILED",t.message,e.ResourceProperties.LogGroupName)}function n(t,r,s){let a=JSON.stringify({Status:t,Reason:r,PhysicalResourceId:s,StackId:e.StackId,RequestId:e.RequestId,LogicalResourceId:e.LogicalResourceId,Data:{LogGroupName:e.ResourceProperties.LogGroupName}});console.log("Responding",a);let m=require("url").parse(e.ResponseURL),c={hostname:m.hostname,path:m.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(a,"utf8")}};return new Promise((g,l)=>{try{let u=require("https").request(c,g);u.on("error",l),u.write(a),u.end()}catch(u){l(u)}})}}function L(e,o=10){if(e!==void 0)return parseInt(e,o)}function I(e,o=100,n=10*1e3){return async t=>{let r=0;do try{return await t()}catch(s){if(s.name==="OperationAbortedException"||s.name==="ThrottlingException")if(rsetTimeout(a,k(r,o,n)));continue}else throw new Error("Out of attempts to change log group");throw s}while(!0)}}function k(e,o,n){return Math.round(Math.random()*Math.min(n,o*2**e))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.assets.json new file mode 100644 index 0000000000000..a046dbac9c594 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.5", + "files": { + "e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035": { + "source": { + "path": "asset.e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "57fb978b024ca21f315c2ab7a4d2c94dc91e01b0976bbdaaef87d312c7fabd6b": { + "source": { + "path": "aws-cdk-appsync-graphql-field-level-log.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "57fb978b024ca21f315c2ab7a4d2c94dc91e01b0976bbdaaef87d312c7fabd6b.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.template.json new file mode 100644 index 0000000000000..20ad84d2c90b0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/aws-cdk-appsync-graphql-field-level-log.template.json @@ -0,0 +1,347 @@ +{ + "Resources": { + "LambdaAPIApiLogsRole4F7D908F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "appsync.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs" + ] + ] + } + ] + } + }, + "LambdaAPID6A5A92B": { + "Type": "AWS::AppSync::GraphQLApi", + "Properties": { + "AuthenticationType": "API_KEY", + "LogConfig": { + "CloudWatchLogsRoleArn": { + "Fn::GetAtt": [ + "LambdaAPIApiLogsRole4F7D908F", + "Arn" + ] + }, + "FieldLogLevel": "INFO" + }, + "Name": "LambdaAPI" + } + }, + "LambdaAPISchemaCC5CA3D2": { + "Type": "AWS::AppSync::GraphQLSchema", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "LambdaAPID6A5A92B", + "ApiId" + ] + }, + "Definition": "schema {\n query: Query\n mutation: Mutation\n}\n\ntype Query {\n getPost(id:ID!): Post\n allPosts: [Post]\n}\n\ntype Mutation {\n addPost(id: ID!, author: String!, title: String, content: String, url: String): Post!\n}\n\ntype Post {\n id: ID!\n author: String!\n title: String\n content: String\n url: String\n ups: Int\n downs: Int\n relatedPosts: [Post]\n relatedPostsMaxBatchSize: [Post]\n}" + } + }, + "LambdaAPIDefaultApiKey15F6897D": { + "Type": "AWS::AppSync::ApiKey", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "LambdaAPID6A5A92B", + "ApiId" + ] + } + }, + "DependsOn": [ + "LambdaAPISchemaCC5CA3D2" + ] + }, + "LambdaAPILogRetention217BE0A6": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/appsync/apis/", + { + "Fn::GetAtt": [ + "LambdaAPID6A5A92B", + "ApiId" + ] + } + ] + ] + } + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:DeleteRetentionPolicy", + "logs:PutRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "Roles": [ + { + "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + }, + "Timeout": 900, + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035.zip" + }, + "Role": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", + "Arn" + ] + } + }, + "DependsOn": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + ] + } + }, + "Mappings": { + "LatestNodeRuntimeMap": { + "af-south-1": { + "value": "nodejs20.x" + }, + "ap-east-1": { + "value": "nodejs20.x" + }, + "ap-northeast-1": { + "value": "nodejs20.x" + }, + "ap-northeast-2": { + "value": "nodejs20.x" + }, + "ap-northeast-3": { + "value": "nodejs20.x" + }, + "ap-south-1": { + "value": "nodejs20.x" + }, + "ap-south-2": { + "value": "nodejs20.x" + }, + "ap-southeast-1": { + "value": "nodejs20.x" + }, + "ap-southeast-2": { + "value": "nodejs20.x" + }, + "ap-southeast-3": { + "value": "nodejs20.x" + }, + "ap-southeast-4": { + "value": "nodejs20.x" + }, + "ap-southeast-5": { + "value": "nodejs20.x" + }, + "ap-southeast-7": { + "value": "nodejs20.x" + }, + "ca-central-1": { + "value": "nodejs20.x" + }, + "ca-west-1": { + "value": "nodejs20.x" + }, + "cn-north-1": { + "value": "nodejs18.x" + }, + "cn-northwest-1": { + "value": "nodejs18.x" + }, + "eu-central-1": { + "value": "nodejs20.x" + }, + "eu-central-2": { + "value": "nodejs20.x" + }, + "eu-isoe-west-1": { + "value": "nodejs18.x" + }, + "eu-north-1": { + "value": "nodejs20.x" + }, + "eu-south-1": { + "value": "nodejs20.x" + }, + "eu-south-2": { + "value": "nodejs20.x" + }, + "eu-west-1": { + "value": "nodejs20.x" + }, + "eu-west-2": { + "value": "nodejs20.x" + }, + "eu-west-3": { + "value": "nodejs20.x" + }, + "il-central-1": { + "value": "nodejs20.x" + }, + "me-central-1": { + "value": "nodejs20.x" + }, + "me-south-1": { + "value": "nodejs20.x" + }, + "mx-central-1": { + "value": "nodejs20.x" + }, + "sa-east-1": { + "value": "nodejs20.x" + }, + "us-east-1": { + "value": "nodejs20.x" + }, + "us-east-2": { + "value": "nodejs20.x" + }, + "us-gov-east-1": { + "value": "nodejs18.x" + }, + "us-gov-west-1": { + "value": "nodejs18.x" + }, + "us-iso-east-1": { + "value": "nodejs18.x" + }, + "us-iso-west-1": { + "value": "nodejs18.x" + }, + "us-isob-east-1": { + "value": "nodejs18.x" + }, + "us-west-1": { + "value": "nodejs20.x" + }, + "us-west-2": { + "value": "nodejs20.x" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/cdk.out new file mode 100644 index 0000000000000..bd5311dc372de --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/integ.json new file mode 100644 index 0000000000000..4442ce0691a5c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.5", + "testCases": { + "GraphQLFieldLevelLog/DefaultTest": { + "stacks": [ + "aws-cdk-appsync-graphql-field-level-log" + ], + "assertionStack": "GraphQLFieldLevelLog/DefaultTest/DeployAssert", + "assertionStackName": "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/manifest.json new file mode 100644 index 0000000000000..f213619663d70 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/manifest.json @@ -0,0 +1,161 @@ +{ + "version": "36.0.5", + "artifacts": { + "aws-cdk-appsync-graphql-field-level-log.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-appsync-graphql-field-level-log.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-appsync-graphql-field-level-log": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-appsync-graphql-field-level-log.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/57fb978b024ca21f315c2ab7a4d2c94dc91e01b0976bbdaaef87d312c7fabd6b.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-appsync-graphql-field-level-log.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-appsync-graphql-field-level-log.assets" + ], + "metadata": { + "/aws-cdk-appsync-graphql-field-level-log/LambdaAPI/ApiLogsRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaAPIApiLogsRole4F7D908F" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LambdaAPI/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaAPID6A5A92B" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LambdaAPI/Schema": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaAPISchemaCC5CA3D2" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LambdaAPI/DefaultApiKey": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaAPIDefaultApiKey15F6897D" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LambdaAPI/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdaAPILogRetention217BE0A6" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/LatestNodeRuntimeMap": [ + { + "type": "aws:cdk:logicalId", + "data": "LatestNodeRuntimeMap" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-appsync-graphql-field-level-log/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-appsync-graphql-field-level-log" + }, + "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "GraphQLFieldLevelLogDefaultTestDeployAssert06C4E034.assets" + ], + "metadata": { + "/GraphQLFieldLevelLog/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/GraphQLFieldLevelLog/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "GraphQLFieldLevelLog/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/tree.json new file mode 100644 index 0000000000000..87579bbdf63c1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.js.snapshot/tree.json @@ -0,0 +1,408 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-appsync-graphql-field-level-log": { + "id": "aws-cdk-appsync-graphql-field-level-log", + "path": "aws-cdk-appsync-graphql-field-level-log", + "children": { + "LambdaAPI": { + "id": "LambdaAPI", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI", + "children": { + "ApiLogsRole": { + "id": "ApiLogsRole", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/ApiLogsRole", + "children": { + "ImportApiLogsRole": { + "id": "ImportApiLogsRole", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/ApiLogsRole/ImportApiLogsRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/ApiLogsRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "appsync.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::GraphQLApi", + "aws:cdk:cloudformation:props": { + "authenticationType": "API_KEY", + "logConfig": { + "cloudWatchLogsRoleArn": { + "Fn::GetAtt": [ + "LambdaAPIApiLogsRole4F7D908F", + "Arn" + ] + }, + "fieldLogLevel": "INFO" + }, + "name": "LambdaAPI" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnGraphQLApi", + "version": "0.0.0" + } + }, + "Schema": { + "id": "Schema", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/Schema", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::GraphQLSchema", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "LambdaAPID6A5A92B", + "ApiId" + ] + }, + "definition": "schema {\n query: Query\n mutation: Mutation\n}\n\ntype Query {\n getPost(id:ID!): Post\n allPosts: [Post]\n}\n\ntype Mutation {\n addPost(id: ID!, author: String!, title: String, content: String, url: String): Post!\n}\n\ntype Post {\n id: ID!\n author: String!\n title: String\n content: String\n url: String\n ups: Int\n downs: Int\n relatedPosts: [Post]\n relatedPostsMaxBatchSize: [Post]\n}" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnGraphQLSchema", + "version": "0.0.0" + } + }, + "DefaultApiKey": { + "id": "DefaultApiKey", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/DefaultApiKey", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::ApiKey", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "LambdaAPID6A5A92B", + "ApiId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnApiKey", + "version": "0.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "aws-cdk-appsync-graphql-field-level-log/LambdaAPI/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.GraphqlApi", + "version": "0.0.0" + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a": { + "id": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a", + "children": { + "Code": { + "id": "Code", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:DeleteRetentionPolicy", + "logs:PutRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "roles": [ + { + "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-appsync-graphql-field-level-log/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "LatestNodeRuntimeMap": { + "id": "LatestNodeRuntimeMap", + "path": "aws-cdk-appsync-graphql-field-level-log/LatestNodeRuntimeMap", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnMapping", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-appsync-graphql-field-level-log/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-appsync-graphql-field-level-log/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "GraphQLFieldLevelLog": { + "id": "GraphQLFieldLevelLog", + "path": "GraphQLFieldLevelLog", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "GraphQLFieldLevelLog/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "GraphQLFieldLevelLog/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "GraphQLFieldLevelLog/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "GraphQLFieldLevelLog/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "GraphQLFieldLevelLog/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.ts new file mode 100644 index 0000000000000..722a6df3d054f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-field-level-log.ts @@ -0,0 +1,19 @@ +import * as path from 'path'; +import * as cdk from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as appsync from 'aws-cdk-lib/aws-appsync'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-appsync-graphql-field-level-log'); + +new appsync.GraphqlApi(stack, 'LambdaAPI', { + name: 'LambdaAPI', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.lambda.graphql')), + logConfig: { + fieldLogLevel: appsync.FieldLogLevel.INFO, + }, +}); + +new IntegTest(app, 'GraphQLFieldLevelLog', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.assets.json new file mode 100644 index 0000000000000..9896b3e2fbdf1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.0", + "files": { + "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1": { + "source": { + "path": "asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "92b844e801c730b2c23c901b00744a890a687685af0a280b290fa0fc0a7e3d7c": { + "source": { + "path": "LambdaAllowAllIpv6Outbound.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "92b844e801c730b2c23c901b00744a890a687685af0a280b290fa0fc0a7e3d7c.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.template.json new file mode 100644 index 0000000000000..0dd23820e9dd0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/LambdaAllowAllIpv6Outbound.template.json @@ -0,0 +1,794 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1RouteTableAssociation0B0896DC" + ] + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet2EIP4947BC00": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2NATGateway3C070193": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2RouteTableAssociation5A808732" + ] + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "LambdaAllowAllIpv6Outbound/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCRestrictDefaultSecurityGroupCustomResource59474679": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "VPCB9E5F0B4", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "VPCB9E5F0B4", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + }, + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "LambdawithIPv6VPCServiceRoleC3866C85": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + }, + "DependsOn": [ + "VPCPrivateSubnet1DefaultRouteAE1D6490", + "VPCPrivateSubnet1RouteTableAssociation347902D1", + "VPCPrivateSubnet2DefaultRouteF4F5CFD2", + "VPCPrivateSubnet2RouteTableAssociation0C73D413" + ] + }, + "LambdawithIPv6VPCSecurityGroup1BC5651B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Automatic security group for Lambda Function LambdaAllowAllIpv6OutboundLambdawithIPv6VPCFB0F6DBC", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + }, + { + "CidrIpv6": "::/0", + "Description": "Allow all outbound ipv6 traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + }, + "DependsOn": [ + "VPCPrivateSubnet1DefaultRouteAE1D6490", + "VPCPrivateSubnet1RouteTableAssociation347902D1", + "VPCPrivateSubnet2DefaultRouteF4F5CFD2", + "VPCPrivateSubnet2RouteTableAssociation0C73D413" + ] + }, + "LambdawithIPv6VPCF50054B3": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "def main(event, context): pass" + }, + "Handler": "index.main", + "Role": { + "Fn::GetAtt": [ + "LambdawithIPv6VPCServiceRoleC3866C85", + "Arn" + ] + }, + "Runtime": "python3.9", + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "LambdawithIPv6VPCSecurityGroup1BC5651B", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ] + } + }, + "DependsOn": [ + "LambdawithIPv6VPCServiceRoleC3866C85", + "VPCPrivateSubnet1DefaultRouteAE1D6490", + "VPCPrivateSubnet1RouteTableAssociation347902D1", + "VPCPrivateSubnet2DefaultRouteF4F5CFD2", + "VPCPrivateSubnet2RouteTableAssociation0C73D413" + ] + } + }, + "Mappings": { + "LatestNodeRuntimeMap": { + "af-south-1": { + "value": "nodejs20.x" + }, + "ap-east-1": { + "value": "nodejs20.x" + }, + "ap-northeast-1": { + "value": "nodejs20.x" + }, + "ap-northeast-2": { + "value": "nodejs20.x" + }, + "ap-northeast-3": { + "value": "nodejs20.x" + }, + "ap-south-1": { + "value": "nodejs20.x" + }, + "ap-south-2": { + "value": "nodejs20.x" + }, + "ap-southeast-1": { + "value": "nodejs20.x" + }, + "ap-southeast-2": { + "value": "nodejs20.x" + }, + "ap-southeast-3": { + "value": "nodejs20.x" + }, + "ap-southeast-4": { + "value": "nodejs20.x" + }, + "ap-southeast-5": { + "value": "nodejs20.x" + }, + "ap-southeast-7": { + "value": "nodejs20.x" + }, + "ca-central-1": { + "value": "nodejs20.x" + }, + "ca-west-1": { + "value": "nodejs20.x" + }, + "cn-north-1": { + "value": "nodejs18.x" + }, + "cn-northwest-1": { + "value": "nodejs18.x" + }, + "eu-central-1": { + "value": "nodejs20.x" + }, + "eu-central-2": { + "value": "nodejs20.x" + }, + "eu-isoe-west-1": { + "value": "nodejs18.x" + }, + "eu-north-1": { + "value": "nodejs20.x" + }, + "eu-south-1": { + "value": "nodejs20.x" + }, + "eu-south-2": { + "value": "nodejs20.x" + }, + "eu-west-1": { + "value": "nodejs20.x" + }, + "eu-west-2": { + "value": "nodejs20.x" + }, + "eu-west-3": { + "value": "nodejs20.x" + }, + "il-central-1": { + "value": "nodejs20.x" + }, + "me-central-1": { + "value": "nodejs20.x" + }, + "me-south-1": { + "value": "nodejs20.x" + }, + "mx-central-1": { + "value": "nodejs20.x" + }, + "sa-east-1": { + "value": "nodejs20.x" + }, + "us-east-1": { + "value": "nodejs20.x" + }, + "us-east-2": { + "value": "nodejs20.x" + }, + "us-gov-east-1": { + "value": "nodejs18.x" + }, + "us-gov-west-1": { + "value": "nodejs18.x" + }, + "us-iso-east-1": { + "value": "nodejs18.x" + }, + "us-iso-west-1": { + "value": "nodejs18.x" + }, + "us-isob-east-1": { + "value": "nodejs18.x" + }, + "us-west-1": { + "value": "nodejs20.x" + }, + "us-west-2": { + "value": "nodejs20.x" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js new file mode 100644 index 0000000000000..02033f55cf612 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js @@ -0,0 +1,155 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/integ.json new file mode 100644 index 0000000000000..9eb8989644cfc --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "lambda-allow-all-ipv6-outbound/DefaultTest": { + "stacks": [ + "LambdaAllowAllIpv6Outbound" + ], + "assertionStack": "lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert", + "assertionStackName": "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets.json new file mode 100644 index 0000000000000..1c948b74b852d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/manifest.json new file mode 100644 index 0000000000000..cb6891136e768 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/manifest.json @@ -0,0 +1,287 @@ +{ + "version": "36.0.0", + "artifacts": { + "LambdaAllowAllIpv6Outbound.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "LambdaAllowAllIpv6Outbound.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "LambdaAllowAllIpv6Outbound": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "LambdaAllowAllIpv6Outbound.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/92b844e801c730b2c23c901b00744a890a687685af0a280b290fa0fc0a7e3d7c.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "LambdaAllowAllIpv6Outbound.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "LambdaAllowAllIpv6Outbound.assets" + ], + "metadata": { + "/LambdaAllowAllIpv6Outbound/VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCB9E5F0B4" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1SubnetB4246D30" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableFEE4B781" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableAssociation0B0896DC" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1DefaultRoute91CEF279" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1EIP6AD938E8" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1NATGatewayE0556630" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2Subnet74179F39" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTable6F1A15F1" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTableAssociation5A808732" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2DefaultRouteB7481BBA" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2EIP4947BC00" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2NATGateway3C070193" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1Subnet8BCA10E0" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableBE8A6027" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableAssociation347902D1" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1DefaultRouteAE1D6490" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTable0A19E10E" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTableAssociation0C73D413" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2DefaultRouteF4F5CFD2" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIGWB7E252D3" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCVPCGW99B986DC" + } + ], + "/LambdaAllowAllIpv6Outbound/VPC/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCRestrictDefaultSecurityGroupCustomResource59474679" + } + ], + "/LambdaAllowAllIpv6Outbound/LatestNodeRuntimeMap": [ + { + "type": "aws:cdk:logicalId", + "data": "LatestNodeRuntimeMap" + } + ], + "/LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdawithIPv6VPCServiceRoleC3866C85" + } + ], + "/LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdawithIPv6VPCSecurityGroup1BC5651B" + } + ], + "/LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LambdawithIPv6VPCF50054B3" + } + ], + "/LambdaAllowAllIpv6Outbound/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/LambdaAllowAllIpv6Outbound/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "LambdaAllowAllIpv6Outbound" + }, + "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "lambdaallowallipv6outboundDefaultTestDeployAssert52B7EB97.assets" + ], + "metadata": { + "/lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/tree.json new file mode 100644 index 0000000000000..12f595edb2892 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.js.snapshot/tree.json @@ -0,0 +1,964 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "LambdaAllowAllIpv6Outbound": { + "id": "LambdaAllowAllIpv6Outbound", + "path": "LambdaAllowAllIpv6Outbound", + "children": { + "VPC": { + "id": "VPC", + "path": "LambdaAllowAllIpv6Outbound/VPC", + "children": { + "Resource": { + "id": "Resource", + "path": "LambdaAllowAllIpv6Outbound/VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "LambdaAllowAllIpv6Outbound/VPC/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "LambdaAllowAllIpv6Outbound/VPC/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "LambdaAllowAllIpv6Outbound/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "LambdaAllowAllIpv6Outbound/VPC/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "LambdaAllowAllIpv6Outbound/VPC/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "LambdaAllowAllIpv6Outbound/VPC/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "LatestNodeRuntimeMap": { + "id": "LatestNodeRuntimeMap", + "path": "LambdaAllowAllIpv6Outbound/LatestNodeRuntimeMap", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnMapping", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "LambdaAllowAllIpv6Outbound/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "Lambda_with_IPv6_VPC": { + "id": "Lambda_with_IPv6_VPC", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Automatic security group for Lambda Function LambdaAllowAllIpv6OutboundLambdawithIPv6VPCFB0F6DBC", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + }, + { + "ipProtocol": "-1", + "cidrIpv6": "::/0", + "description": "Allow all outbound ipv6 traffic by default" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "LambdaAllowAllIpv6Outbound/Lambda_with_IPv6_VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "def main(event, context): pass" + }, + "handler": "index.main", + "role": { + "Fn::GetAtt": [ + "LambdawithIPv6VPCServiceRoleC3866C85", + "Arn" + ] + }, + "runtime": "python3.9", + "vpcConfig": { + "subnetIds": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "LambdawithIPv6VPCSecurityGroup1BC5651B", + "GroupId" + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "LambdaAllowAllIpv6Outbound/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "LambdaAllowAllIpv6Outbound/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "lambda-allow-all-ipv6-outbound": { + "id": "lambda-allow-all-ipv6-outbound", + "path": "lambda-allow-all-ipv6-outbound", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "lambda-allow-all-ipv6-outbound/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "lambda-allow-all-ipv6-outbound/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "lambda-allow-all-ipv6-outbound/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.ts new file mode 100644 index 0000000000000..f03e18223a58a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda-allow-all-ipv6-outbound.ts @@ -0,0 +1,25 @@ +import { App, Stack } from 'aws-cdk-lib/core'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new App(); +const stack = new Stack(app, 'LambdaAllowAllIpv6Outbound'); + +const vpc = new ec2.Vpc(stack, 'VPC', { + maxAzs: 2, +}); + +new lambda.Function(stack, 'Lambda_with_IPv6_VPC', { + code: new lambda.InlineCode('def main(event, context): pass'), + handler: 'index.main', + runtime: lambda.Runtime.PYTHON_3_9, + vpc, + allowAllIpv6Outbound: true, +}); + +new IntegTest(app, 'lambda-allow-all-ipv6-outbound', { + testCases: [stack], +}); + +app.synth(); \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json index 45550d77e835b..455acf0505f1e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { - "f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553": { + "24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af": { "source": { "path": "aws-cdk-rds-proxy.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553.json", + "objectKey": "24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json index 8d7cb0c299935..5f3722c21fa1f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json @@ -1,1191 +1,1869 @@ { - "Resources": { - "vpcA2121C38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc" - } - ] + "Resources": { + "vpcA2121C38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc" + } + ] + } + }, + "vpcPublicSubnet1Subnet2E65531E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet1Subnet2E65531E": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet1RouteTable48A2DF9B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet1RouteTableAssociation5D3F4579": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" }, - "vpcPublicSubnet1RouteTable48A2DF9B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + } + } + }, + "vpcPublicSubnet1DefaultRoute10708846": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" }, - "vpcPublicSubnet1RouteTableAssociation5D3F4579": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - } - } + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet1EIPDA49DCBE": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet1NATGateway9C16659E": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet1EIPDA49DCBE", + "AllocationId" + ] }, - "vpcPublicSubnet1DefaultRoute10708846": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - } - }, - "DependsOn": ["vpcVPCGW7984C166"] - }, - "vpcPublicSubnet1EIPDA49DCBE": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ] + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1RouteTableAssociation5D3F4579" + ] + }, + "vpcPublicSubnet2Subnet009B674F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet1NATGateway9C16659E": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": ["vpcPublicSubnet1EIPDA49DCBE", "AllocationId"] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ] - }, - "DependsOn": [ - "vpcPublicSubnet1DefaultRoute10708846", - "vpcPublicSubnet1RouteTableAssociation5D3F4579" - ] + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet2RouteTableEB40D4CB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet2RouteTableAssociation21F81B59": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" }, - "vpcPublicSubnet2Subnet009B674F": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + } + } + }, + "vpcPublicSubnet2DefaultRouteA1EC0F60": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" }, - "vpcPublicSubnet2RouteTableEB40D4CB": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet2EIP9B3743B1": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet2NATGateway9B8AE11A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet2EIP9B3743B1", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2RouteTableAssociation21F81B59" + ] + }, + "vpcPrivateSubnet1Subnet934893E8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet2RouteTableAssociation21F81B59": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - } + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet1RouteTableB41A48CC": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet1RouteTableAssociation67945127": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet1NATGateway9C16659E" + }, + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + } + } + }, + "vpcPrivateSubnet2Subnet7031C2BA": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet2RouteTable7280F23E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet2RouteTableAssociation007E94D3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "vpcPrivateSubnet2DefaultRouteB0E07F99": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" }, - "vpcPublicSubnet2DefaultRouteA1EC0F60": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + } + } + }, + "vpcIGWE57CBDCA": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc" + } + ] + } + }, + "vpcVPCGW7984C166": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "vpcIGWE57CBDCA" + }, + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "SecretEncryptionKey40C82244": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] } + }, + "Resource": "*" }, - "DependsOn": ["vpcVPCGW7984C166"] - }, - "vpcPublicSubnet2EIP9B3743B1": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ] - } - }, - "vpcPublicSubnet2NATGateway9B8AE11A": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": ["vpcPublicSubnet2EIP9B3743B1", "AllocationId"] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ] + { + "Action": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" }, - "DependsOn": [ - "vpcPublicSubnet2DefaultRouteA1EC0F60", - "vpcPublicSubnet2RouteTableAssociation21F81B59" - ] - }, - "vpcPrivateSubnet1Subnet934893E8": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, + { + "Action": "kms:Decrypt", + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", { - "Fn::GetAZs": "" - } + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] ] - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" + } } - } - }, - "vpcPrivateSubnet1RouteTableB41A48CC": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] } + }, + "Resource": "*" } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "dbInstanceSubnetGroupD062EC9E": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnet group for dbInstance database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbInstanceSecurityGroupA58A00A3": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Security group for dbInstance database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbInstanceSecurityGroupfromawscdkrdsproxydbProxyProxySecurityGroupA345AFE5IndirectPortE3621D4F": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Instance from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] }, - "vpcPrivateSubnet1RouteTableAssociation67945127": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - } - } + "GroupId": { + "Fn::GetAtt": [ + "dbInstanceSecurityGroupA58A00A3", + "GroupId" + ] }, - "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet1NATGateway9C16659E" - }, - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - } - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbProxyProxySecurityGroup16E727A7", + "GroupId" + ] }, - "vpcPrivateSubnet2Subnet7031C2BA": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "ToPort": { + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] + } + } + }, + "dbInstanceSecret032D3661": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "vpcPrivateSubnet2RouteTable7280F23E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "GenerateSecretString": { + "ExcludeCharacters": "\"@/\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"master\"}" }, - "vpcPrivateSubnet2RouteTableAssociation007E94D3": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - } + "KmsKeyId": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbInstanceSecretAttachment88CFBDAE": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbInstanceSecret032D3661" }, - "vpcPrivateSubnet2DefaultRouteB0E07F99": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" - }, - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - } - } + "TargetId": { + "Ref": "dbInstance4076B1EC" }, - "vpcIGWE57CBDCA": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc" - } - ] - } + "TargetType": "AWS::RDS::DBInstance" + } + }, + "dbInstance4076B1EC": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "AllocatedStorage": "100", + "CopyTagsToSnapshot": true, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbInstanceSubnetGroupD062EC9E" }, - "vpcVPCGW7984C166": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "InternetGatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "Engine": "postgres", + "EngineVersion": "16.3", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbInstanceSecret032D3661" + }, + ":SecretString:password::}}" + ] + ] }, - "SecretEncryptionKey40C82244": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Condition": { - "StringEquals": { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": "kms:Decrypt", - "Condition": { - "StringEquals": { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbInstanceSecret032D3661" + }, + ":SecretString:username::}}" + ] + ] + }, + "StorageType": "gp2", + "VPCSecurityGroups": [ + { + "Fn::GetAtt": [ + "dbInstanceSecurityGroupA58A00A3", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbProxyIAMRole662F3AB8": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "dbProxyIAMRoleDefaultPolicy99AB98F3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbInstanceSecretAttachment88CFBDAE" + } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "dbInstanceSubnetGroupD062EC9E": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnet group for dbInstance database", - "SubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } + { + "Action": "kms:Decrypt", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "dbInstanceSecurityGroupA58A00A3": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Security group for dbInstance database", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "PolicyName": "dbProxyIAMRoleDefaultPolicy99AB98F3", + "Roles": [ + { + "Ref": "dbProxyIAMRole662F3AB8" + } + ] + } + }, + "dbProxyProxySecurityGroup16E727A7": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbProxy3B89EAF2": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "ClientPasswordAuthType": "POSTGRES_SCRAM_SHA_256", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbInstanceSecretAttachment88CFBDAE" } + } + ], + "DBProxyName": "awscdkrdsproxydbProxy0E60A1B7", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] }, - "dbInstanceSecurityGroupfromawscdkrdsproxydbProxyProxySecurityGroupA345AFE5IndirectPortE3621D4F": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Instance from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbInstanceSecurityGroupA58A00A3", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbProxyProxySecurityGroup16E727A7", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] - } - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbProxyProxySecurityGroup16E727A7", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbProxyProxyTargetGroup8DA26A77": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": { + "ConnectionBorrowTimeout": 30, + "MaxConnectionsPercent": 50 }, - "dbInstanceSecret032D3661": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": "\"@/\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"master\"}" - }, - "KmsKeyId": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbInstanceSecretAttachment88CFBDAE": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "dbInstanceSecret032D3661" - }, - "TargetId": { - "Ref": "dbInstance4076B1EC" - }, - "TargetType": "AWS::RDS::DBInstance" - } + "DBInstanceIdentifiers": [ + { + "Ref": "dbInstance4076B1EC" + } + ], + "DBProxyName": { + "Ref": "dbProxy3B89EAF2" }, - "dbInstance4076B1EC": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "AllocatedStorage": "100", - "CopyTagsToSnapshot": true, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbInstanceSubnetGroupD062EC9E" - }, - "Engine": "postgres", - "EngineVersion": "16.3", - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbInstanceSecret032D3661" - }, - ":SecretString:password::}}" - ] - ] - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbInstanceSecret032D3661" - }, - ":SecretString:username::}}" - ] - ] - }, - "StorageType": "gp2", - "VPCSecurityGroups": [ - { - "Fn::GetAtt": ["dbInstanceSecurityGroupA58A00A3", "GroupId"] - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbProxyIAMRole662F3AB8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } + "TargetGroupName": "default" + } + }, + "dbClusterSubnets03B9B0E1": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for dbCluster database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterSecurityGroupCAA1A91F": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09IndirectPort152B2D99": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, - "dbProxyIAMRoleDefaultPolicy99AB98F3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbInstanceSecretAttachment88CFBDAE" - } - }, - { - "Action": "kms:Decrypt", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbProxyIAMRoleDefaultPolicy99AB98F3", - "Roles": [ - { - "Ref": "dbProxyIAMRole662F3AB8" - } - ] - } + "GroupId": { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] }, - "dbProxyProxySecurityGroup16E727A7": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterProxyProxySecurityGroup170F327D", + "GroupId" + ] }, - "dbProxy3B89EAF2": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "ClientPasswordAuthType": "POSTGRES_SCRAM_SHA_256", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbInstanceSecretAttachment88CFBDAE" - } - } - ], - "DBProxyName": "awscdkrdsproxydbProxy0E60A1B7", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": ["dbProxyProxySecurityGroup16E727A7", "GroupId"] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - } + "ToPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] + } + } + }, + "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853FIndirectPort61009070": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, - "dbProxyProxyTargetGroup8DA26A77": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": { - "ConnectionBorrowTimeout": 30, - "MaxConnectionsPercent": 50 - }, - "DBInstanceIdentifiers": [ - { - "Ref": "dbInstance4076B1EC" - } - ], - "DBProxyName": { - "Ref": "dbProxy3B89EAF2" - }, - "TargetGroupName": "default" - } + "GroupId": { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] }, - "dbClusterSubnets03B9B0E1": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnets for dbCluster database", - "SubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterProxy2ProxySecurityGroupB44507AE", + "GroupId" + ] }, - "dbClusterSecurityGroupCAA1A91F": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "RDS security group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "ToPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] + } + } + }, + "dbClusterSecretCEA6D7B6": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09IndirectPort152B2D99": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Cluster from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbClusterProxyProxySecurityGroup170F327D", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - } - } + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterSecretAttachmentAB67A752": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbClusterSecretCEA6D7B6" }, - "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853FIndirectPort61009070": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Cluster from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbClusterProxy2ProxySecurityGroupB44507AE", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - } - } + "TargetId": { + "Ref": "dbClusterE86E47AE" }, - "dbClusterSecretCEA6D7B6": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"postgres\"}" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterSecretAttachmentAB67A752": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "dbClusterSecretCEA6D7B6" - }, - "TargetId": { - "Ref": "dbClusterE86E47AE" - }, - "TargetType": "AWS::RDS::DBCluster" - } + "TargetType": "AWS::RDS::DBCluster" + } + }, + "dbClusterE86E47AE": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-postgresql14", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" }, - "dbClusterE86E47AE": { - "Type": "AWS::RDS::DBCluster", - "Properties": { - "CopyTagsToSnapshot": true, - "DBClusterParameterGroupName": "default.aurora-postgresql14", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql", - "EngineVersion": "14.5", - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbClusterSecretCEA6D7B6" - }, - ":SecretString:password::}}" - ] - ] - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbClusterSecretCEA6D7B6" - }, - ":SecretString:username::}}" - ] - ] - }, - "Port": 5432, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - } - ] - }, - "UpdateReplacePolicy": "Snapshot", - "DeletionPolicy": "Snapshot" - }, - "dbClusterInstance1BCE092AC": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBClusterIdentifier": { - "Ref": "dbClusterE86E47AE" - }, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql" - }, - "DependsOn": [ - "vpcPrivateSubnet1DefaultRoute1AA8E2E5", - "vpcPrivateSubnet1RouteTableAssociation67945127", - "vpcPrivateSubnet2DefaultRouteB0E07F99", - "vpcPrivateSubnet2RouteTableAssociation007E94D3" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterInstance20BA1ECD9": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBClusterIdentifier": { - "Ref": "dbClusterE86E47AE" - }, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql" - }, - "DependsOn": [ - "vpcPrivateSubnet1DefaultRoute1AA8E2E5", - "vpcPrivateSubnet1RouteTableAssociation67945127", - "vpcPrivateSubnet2DefaultRouteB0E07F99", - "vpcPrivateSubnet2RouteTableAssociation007E94D3" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterProxyIAMRole693E39F5": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } + "Engine": "aurora-postgresql", + "EngineVersion": "14.5", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterSecretCEA6D7B6" + }, + ":SecretString:password::}}" + ] + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterSecretCEA6D7B6" + }, + ":SecretString:username::}}" + ] + ] + }, + "Port": 5432, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + }, + "dbClusterInstance1BCE092AC": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterE86E47AE" + }, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" + }, + "Engine": "aurora-postgresql" + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterInstance20BA1ECD9": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterE86E47AE" + }, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" + }, + "Engine": "aurora-postgresql" + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterProxyIAMRole693E39F5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterProxyIAMRoleDefaultPolicyEEE23224": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterSecretAttachmentAB67A752" + } } + ], + "Version": "2012-10-17" }, - "dbClusterProxyIAMRoleDefaultPolicyEEE23224": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbClusterProxyIAMRoleDefaultPolicyEEE23224", - "Roles": [ - { - "Ref": "dbClusterProxyIAMRole693E39F5" - } - ] + "PolicyName": "dbClusterProxyIAMRoleDefaultPolicyEEE23224", + "Roles": [ + { + "Ref": "dbClusterProxyIAMRole693E39F5" + } + ] + } + }, + "dbClusterProxyProxySecurityGroup170F327D": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterProxyAB5F8181": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterSecretAttachmentAB67A752" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterProxyE88930B6", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterProxyIAMRole693E39F5", + "Arn" + ] }, - "dbClusterProxyProxySecurityGroup170F327D": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterProxyProxySecurityGroup170F327D", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterProxyProxyTargetGroupB7010C0D": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterE86E47AE" + } + ], + "DBProxyName": { + "Ref": "dbClusterProxyAB5F8181" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterInstance1BCE092AC", + "dbClusterInstance20BA1ECD9", + "dbClusterE86E47AE" + ] + }, + "dbClusterProxy2IAMRole190D217C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterSecretAttachmentAB67A752" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxyAB5F8181": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "DBProxyName": "awscdkrdsproxydbClusterProxyE88930B6", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbClusterProxyIAMRole693E39F5", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": [ - "dbClusterProxyProxySecurityGroup170F327D", - "GroupId" - ] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] + "PolicyName": "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8", + "Roles": [ + { + "Ref": "dbClusterProxy2IAMRole190D217C" + } + ] + } + }, + "dbClusterProxy2ProxySecurityGroupB44507AE": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterProxy28BBD43D5": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterSecretAttachmentAB67A752" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterProxy27493E9A7", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterProxy2IAMRole190D217C", + "Arn" + ] }, - "dbClusterProxyProxyTargetGroupB7010C0D": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": {}, - "DBClusterIdentifiers": [ - { - "Ref": "dbClusterE86E47AE" - } - ], - "DBProxyName": { - "Ref": "dbClusterProxyAB5F8181" - }, - "TargetGroupName": "default" - }, - "DependsOn": [ - "dbClusterInstance1BCE092AC", - "dbClusterInstance20BA1ECD9", - "dbClusterE86E47AE" + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterProxy2ProxySecurityGroupB44507AE", + "GroupId" ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterProxy2ProxyTargetGroup8BD48F57": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterE86E47AE" + } + ], + "DBProxyName": { + "Ref": "dbClusterProxy28BBD43D5" }, - "dbClusterProxy2IAMRole190D217C": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterInstance1BCE092AC", + "dbClusterInstance20BA1ECD9", + "dbClusterE86E47AE" + ] + }, + "dbClusterWithWriterAndReadersSubnetsD9FBAD2A": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for dbClusterWithWriterAndReaders database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxyProxy3ProxySecurityGroup211267B8IndirectPort9336325A": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8FIndirectPort905C5505": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AFIndirectPort5D2FF883": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecret3ED37A64": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersSecretAttachment9F7B2148": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + "TargetId": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "TargetType": "AWS::RDS::DBCluster" + } + }, + "dbClusterWithWriterAndReaders6627D259": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-postgresql14", + "DBSubnetGroupName": { + "Ref": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + }, + "Engine": "aurora-postgresql", + "EngineVersion": "14.5", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:password::}}" + ] + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:username::}}" + ] + ] + }, + "Port": 5432, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + }, + "dbClusterWithWriterAndReaderswriter6BAC1240": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "DBInstanceClass": "db.t3.medium", + "Engine": "aurora-postgresql", + "PromotionTier": 0 + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersreader042B2B99": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "DBInstanceClass": "db.t3.medium", + "Engine": "aurora-postgresql", + "PromotionTier": 2 + }, + "DependsOn": [ + "dbClusterWithWriterAndReaderswriter6BAC1240", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8", - "Roles": [ - { - "Ref": "dbClusterProxy2IAMRole190D217C" - } - ] + "PolicyName": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4", + "Roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersProxy4C6584761": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy401E48F9F", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2", + "Arn" + ] }, - "dbClusterProxy2ProxySecurityGroupB44507AE": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy4ProxyTargetGroup69B133B1": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy4C6584761" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + }, + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxy28BBD43D5": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "DBProxyName": "awscdkrdsproxydbClusterProxy27493E9A7", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbClusterProxy2IAMRole190D217C", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": [ - "dbClusterProxy2ProxySecurityGroupB44507AE", - "GroupId" - ] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] + "PolicyName": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628", + "Roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersProxy5FA5F5557": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy5EFD158FA", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E", + "Arn" + ] }, - "dbClusterProxy2ProxyTargetGroup8BD48F57": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": {}, - "DBClusterIdentifiers": [ - { - "Ref": "dbClusterE86E47AE" - } - ], - "DBProxyName": { - "Ref": "dbClusterProxy28BBD43D5" - }, - "TargetGroupName": "default" - }, - "DependsOn": [ - "dbClusterInstance1BCE092AC", - "dbClusterInstance20BA1ECD9", - "dbClusterE86E47AE" + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy5ProxyTargetGroupE76C811F": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy5FA5F5557" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + }, + "Proxy3IAMRole26B82D9F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" } + } + }, + "Proxy3IAMRoleDefaultPolicyEBD54677": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "Proxy3IAMRoleDefaultPolicyEBD54677", + "Roles": [ + { + "Ref": "Proxy3IAMRole26B82D9F" + } + ] + } }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + "Proxy3ProxySecurityGroupF29F0434": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" } + } }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - ["1", "2", "3", "4", "5"], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } + "Proxy39463A146": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "DBProxyName": "awscdkrdsproxyProxy396989E4B", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "Proxy3IAMRole26B82D9F", + "Arn" + ] + }, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "Proxy3ProxyTargetGroup5A623A38": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "Proxy39463A146" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } + ] } -} + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out index 1f0068d32659a..bd5311dc372de 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json index a2b39265333af..2f779cc54513c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json index 5edeed336de2c..86fe159acd460 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "testCases": { "database-proxy-integ-test/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json index d5cd0fa6a2610..bf694779d2b9d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "artifacts": { "aws-cdk-rds-proxy.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -358,6 +358,156 @@ "data": "dbClusterProxy2ProxyTargetGroup8BD48F57" } ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroup1D462CCA" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxyProxy3ProxySecurityGroup211267B8IndirectPort9336325A" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8FIndirectPort905C5505" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AFIndirectPort5D2FF883" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecret3ED37A64" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReaders6627D259" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReaderswriter6BAC1240" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersreader042B2B99" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4C6584761" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4ProxyTargetGroup69B133B1" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5FA5F5557" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5ProxyTargetGroupE76C811F" + } + ], + "/aws-cdk-rds-proxy/Proxy3/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3IAMRole26B82D9F" + } + ], + "/aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3IAMRoleDefaultPolicyEBD54677" + } + ], + "/aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3ProxySecurityGroupF29F0434" + } + ], + "/aws-cdk-rds-proxy/Proxy3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy39463A146" + } + ], + "/aws-cdk-rds-proxy/Proxy3/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3ProxyTargetGroup5A623A38" + } + ], "/aws-cdk-rds-proxy/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json index 87d132f060e44..28db74f6c2be6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json @@ -31,8 +31,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PublicSubnet1": { @@ -75,16 +75,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PublicSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -105,8 +105,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -124,8 +124,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -144,8 +144,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "EIP": { @@ -164,8 +164,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "NATGateway": { @@ -192,14 +192,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PublicSubnet2": { @@ -242,16 +242,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PublicSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -272,8 +272,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -291,8 +291,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -311,8 +311,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "EIP": { @@ -331,8 +331,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "NATGateway": { @@ -359,14 +359,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PrivateSubnet1": { @@ -409,16 +409,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -439,8 +439,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -458,8 +458,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -478,14 +478,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PrivateSubnet2": { @@ -528,16 +528,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -558,8 +558,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -577,8 +577,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -597,14 +597,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "IGW": { @@ -622,8 +622,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "VPCGW": { @@ -641,14 +641,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.Vpc", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecretEncryptionKey": { @@ -753,7 +753,10 @@ "Effect": "Allow", "Principal": { "AWS": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] } }, "Resource": "*" @@ -764,14 +767,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbInstance": { @@ -800,14 +803,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecurityGroup": { @@ -834,8 +837,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbProxyProxySecurityGroupA345AFE5:{IndirectPort}": { @@ -846,7 +849,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Instance from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -862,19 +868,22 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Secret": { @@ -905,13 +914,16 @@ "excludeCharacters": "\"@/\\" }, "kmsKeyId": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Attachment": { @@ -934,20 +946,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -963,7 +975,7 @@ "Ref": "dbInstanceSubnetGroupD062EC9E" }, "engine": "postgres", - "EngineVersion": "16.3", + "engineVersion": "16.3", "masterUsername": { "Fn::Join": [ "", @@ -1000,14 +1012,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbProxy": { @@ -1022,8 +1034,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbProxy/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1047,8 +1059,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1095,20 +1107,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1135,14 +1147,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1165,7 +1177,10 @@ "engineFamily": "POSTGRESQL", "requireTls": true, "roleArn": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] }, "vpcSecurityGroupIds": [ { @@ -1186,8 +1201,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1212,14 +1227,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbCluster": { @@ -1248,14 +1263,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecurityGroup": { @@ -1282,8 +1297,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09:{IndirectPort}": { @@ -1294,7 +1309,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Cluster from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -1310,13 +1328,16 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853F:{IndirectPort}": { @@ -1327,7 +1348,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Cluster from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -1343,27 +1367,30 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup": { "id": "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", "path": "aws-cdk-rds-proxy/dbCluster/AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Secret": { @@ -1396,8 +1423,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Attachment": { @@ -1420,20 +1447,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1485,8 +1512,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBCluster", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Instance1": { @@ -1506,8 +1533,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Instance2": { @@ -1527,8 +1554,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Proxy": { @@ -1543,8 +1570,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbCluster/Proxy/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1568,8 +1595,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1606,20 +1633,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1646,14 +1673,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1675,7 +1702,10 @@ "engineFamily": "POSTGRESQL", "requireTls": true, "roleArn": { - "Fn::GetAtt": ["dbClusterProxyIAMRole693E39F5", "Arn"] + "Fn::GetAtt": [ + "dbClusterProxyIAMRole693E39F5", + "Arn" + ] }, "vpcSecurityGroupIds": [ { @@ -1696,8 +1726,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1719,14 +1749,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Proxy2": { @@ -1741,8 +1771,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbCluster/Proxy2/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1766,8 +1796,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1804,20 +1834,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1844,14 +1874,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1897,8 +1927,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1920,84 +1950,1069 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseCluster", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "aws-cdk-rds-proxy/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "aws-cdk-rds-proxy/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "database-proxy-integ-test": { - "id": "database-proxy-integ-test", - "path": "database-proxy-integ-test", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "database-proxy-integ-test/DefaultTest", + "dbClusterWithWriterAndReaders": { + "id": "dbClusterWithWriterAndReaders", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders", "children": { - "Default": { - "id": "Default", - "path": "database-proxy-integ-test/DefaultTest/Default", + "Subnets": { + "id": "Subnets", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Subnets for dbClusterWithWriterAndReaders database", + "subnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, "constructInfo": { "fqn": "constructs.Construct", "version": "10.3.0" } }, - "DeployAssert": { - "id": "DeployAssert", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert", + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup", "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert/BootstrapVersion", + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "RDS security group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}": { + "id": "from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}": { + "id": "from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}": { + "id": "from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup": { + "id": "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Secret": { + "id": "Secret", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"postgres\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + "targetId": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "targetType": "AWS::RDS::DBCluster" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", + "aws:cdk:cloudformation:props": { + "copyTagsToSnapshot": true, + "dbClusterParameterGroupName": "default.aurora-postgresql14", + "dbSubnetGroupName": { + "Ref": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + }, + "engine": "aurora-postgresql", + "engineVersion": "14.5", + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:password::}}" + ] + ] + }, + "port": 5432, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "writer": { + "id": "writer", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "dbInstanceClass": "db.t3.medium", + "engine": "aurora-postgresql", + "promotionTier": 0 + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "reader": { + "id": "reader", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "dbInstanceClass": "db.t3.medium", + "engine": "aurora-postgresql", + "promotionTier": 2 + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy4": { + "id": "Proxy4", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4", + "roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy401E48F9F", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy4C6584761" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy5": { + "id": "Proxy5", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628", + "roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy5EFD158FA", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy5FA5F5557" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy3": { + "id": "Proxy3", + "path": "aws-cdk-rds-proxy/Proxy3", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "Proxy3IAMRoleDefaultPolicyEBD54677", + "roles": [ + { + "Ref": "Proxy3IAMRole26B82D9F" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxyProxy396989E4B", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "Proxy3IAMRole26B82D9F", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/Proxy3/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "Proxy39463A146" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-rds-proxy/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-rds-proxy/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "database-proxy-integ-test": { + "id": "database-proxy-integ-test", + "path": "database-proxy-integ-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "database-proxy-integ-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "database-proxy-integ-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -2022,8 +3037,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts index 53c0f38ed3d04..dfda38ebde6ed 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts @@ -52,6 +52,30 @@ cluster.addProxy('Proxy2', { vpc, }); +// With `writer` and `readers` properties instead of the legacy `instanceProps` +const clusterWithWriterAndReaders = new rds.DatabaseCluster(stack, 'dbClusterWithWriterAndReaders', { + engine: rds.DatabaseClusterEngine.auroraPostgres({ + version: rds.AuroraPostgresEngineVersion.VER_14_5, + }), + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], +}); + +new rds.DatabaseProxy(stack, 'Proxy3', { + proxyTarget: rds.ProxyTarget.fromCluster(clusterWithWriterAndReaders), + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); +clusterWithWriterAndReaders.addProxy('Proxy4', { + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); +clusterWithWriterAndReaders.addProxy('Proxy5', { + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); + new integ.IntegTest(app, 'database-proxy-integ-test', { testCases: [stack], diffAssets: true, diff --git a/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts b/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts index cc68d8a49cefd..089333b436237 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts @@ -76,6 +76,14 @@ export class EngineVersion { * Neptune engine version 1.2.1.0 */ public static readonly V1_2_1_0 = new EngineVersion('1.2.1.0'); + /** + * Neptune engine version 1.2.1.1 + */ + public static readonly V1_2_1_1 = new EngineVersion('1.2.1.1'); + /** + * Neptune engine version 1.2.1.2 + */ + public static readonly V1_2_1_2 = new EngineVersion('1.2.1.2'); /** * Neptune engine version 1.3.0.0 */ @@ -84,6 +92,18 @@ export class EngineVersion { * Neptune engine version 1.3.1.0 */ public static readonly V1_3_1_0 = new EngineVersion('1.3.1.0'); + /** + * Neptune engine version 1.3.2.0 + */ + public static readonly V1_3_2_0 = new EngineVersion('1.3.2.0'); + /** + * Neptune engine version 1.3.2.1 + */ + public static readonly V1_3_2_1 = new EngineVersion('1.3.2.1'); + /** + * Neptune engine version 1.3.3.0 + */ + public static readonly V1_3_3_0 = new EngineVersion('1.3.3.0'); /** * Constructor for specifying a custom engine version diff --git a/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts b/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts index eac8c65df3aa5..a3c8bae9cf389 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts @@ -12,6 +12,75 @@ import { IParameterGroup } from './parameter-group'; * used for defining `DatabaseInstanceProps.instanceType`. */ export class InstanceType { + /** + * db.x2g.large + */ + public static readonly X2G_LARGE = InstanceType.of('db.x2g.large'); + + /** + * db.x2g.xlarge + */ + public static readonly X2G_XLARGE = InstanceType.of('db.x2g.xlarge'); + + /** + * db.x2g.2xlarge + */ + public static readonly X2G_2XLARGE = InstanceType.of('db.x2g.2xlarge'); + + /** + * db.x2g.4xlarge + */ + public static readonly X2G_4XLARGE = InstanceType.of('db.x2g.4xlarge'); + + /** + * db.x2g.8xlarge + */ + public static readonly X2G_8XLARGE = InstanceType.of('db.x2g.8xlarge'); + + /** + * db.x2g.12xlarge + */ + public static readonly X2G_12XLARGE = InstanceType.of('db.x2g.12xlarge'); + + /** + * db.x2g.16xlarge + */ + public static readonly X2G_16XLARGE = InstanceType.of('db.x2g.16xlarge'); + + /** + * db.x2iedn.xlarge + */ + public static readonly X2IEDN_XLARGE = InstanceType.of('db.x2iedn.xlarge'); + + /** + * db.x2iedn.2xlarge + */ + public static readonly X2IEDN_2XLARGE = InstanceType.of('db.x2iedn.2xlarge'); + + /** + * db.x2iedn.4xlarge + */ + public static readonly X2IEDN_4XLARGE = InstanceType.of('db.x2iedn.4xlarge'); + + /** + * db.x2iedn.8xlarge + */ + public static readonly X2IEDN_8XLARGE = InstanceType.of('db.x2iedn.8xlarge'); + + /** + * db.x2iedn.16xlarge + */ + public static readonly X2IEDN_16XLARGE = InstanceType.of('db.x2iedn.16xlarge'); + + /** + * db.x2iedn.24xlarge + */ + public static readonly X2IEDN_24XLARGE = InstanceType.of('db.x2iedn.24xlarge'); + + /** + * db.x2iedn.32xlarge + */ + public static readonly X2IEDN_32XLARGE = InstanceType.of('db.x2iedn.32xlarge'); /** * db.r6g.large @@ -49,9 +118,49 @@ export class InstanceType { public static readonly R6G_16XLARGE = InstanceType.of('db.r6g.16xlarge'); /** - * db.t4g.medium + * db.r6i.large */ - public static readonly T4G_MEDIUM = InstanceType.of('db.t4g.medium'); + public static readonly R6I_LARGE = InstanceType.of('db.r6i.large'); + + /** + * db.r6i.xlarge + */ + public static readonly R6I_XLARGE = InstanceType.of('db.r6i.xlarge'); + + /** + * db.r6i.2xlarge + */ + public static readonly R6I_2XLARGE = InstanceType.of('db.r6i.2xlarge'); + + /** + * db.r6i.4xlarge + */ + public static readonly R6I_4XLARGE = InstanceType.of('db.r6i.4xlarge'); + + /** + * db.r6i.8xlarge + */ + public static readonly R6I_8XLARGE = InstanceType.of('db.r6i.8xlarge'); + + /** + * db.r6i.12xlarge + */ + public static readonly R6I_12XLARGE = InstanceType.of('db.r6i.12xlarge'); + + /** + * db.r6i.16xlarge + */ + public static readonly R6I_16XLARGE = InstanceType.of('db.r6i.16xlarge'); + + /** + * db.r6i.24xlarge + */ + public static readonly R6I_24XLARGE = InstanceType.of('db.r6i.24xlarge'); + + /** + * db.r6i.32xlarge + */ + public static readonly R6I_32XLARGE = InstanceType.of('db.r6i.32xlarge'); /** * db.r5.large @@ -83,11 +192,56 @@ export class InstanceType { */ public static readonly R5_12XLARGE = InstanceType.of('db.r5.12xlarge'); + /** + * db.r5.16xlarge + */ + public static readonly R5_16XLARGE = InstanceType.of('db.r5.16xlarge'); + /** * db.r5.24xlarge */ public static readonly R5_24XLARGE = InstanceType.of('db.r5.24xlarge'); + /** + * db.r5d.large + */ + public static readonly R5D_LARGE = InstanceType.of('db.r5d.large'); + + /** + * db.r5d.xlarge + */ + public static readonly R5D_XLARGE = InstanceType.of('db.r5d.xlarge'); + + /** + * db.r5d.2xlarge + */ + public static readonly R5D_2XLARGE = InstanceType.of('db.r5d.2xlarge'); + + /** + * db.r5d.4xlarge + */ + public static readonly R5D_4XLARGE = InstanceType.of('db.r5d.4xlarge'); + + /** + * db.r5d.8xlarge + */ + public static readonly R5D_8XLARGE = InstanceType.of('db.r5d.8xlarge'); + + /** + * db.r5d.12xlarge + */ + public static readonly R5D_12XLARGE = InstanceType.of('db.r5d.12xlarge'); + + /** + * db.r5d.16xlarge + */ + public static readonly R5D_16XLARGE = InstanceType.of('db.r5d.16xlarge'); + + /** + * db.r5d.24xlarge + */ + public static readonly R5D_24XLARGE = InstanceType.of('db.r5d.24xlarge'); + /** * db.r4.large */ @@ -113,6 +267,11 @@ export class InstanceType { */ public static readonly R4_8XLARGE = InstanceType.of('db.r4.8xlarge'); + /** + * db.t4g.medium + */ + public static readonly T4G_MEDIUM = InstanceType.of('db.t4g.medium'); + /** * db.t3.medium */ diff --git a/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts b/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts index 5bcce8cd0e4d0..aeb5bd31401d5 100644 --- a/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts +++ b/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts @@ -151,7 +151,7 @@ function calculateTemplateDiff(currentTemplate: { [key: string]: any }, newTempl /** * Replace all references to the given logicalID on the given template, in-place * - * Returns true iff any references were replaced. + * Returns true if any references were replaced. */ function propagateReplacedReferences(template: object, logicalId: string): boolean { let ret = false; diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index 2f25c5217a762..562f2b47626ea 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -23,8 +23,8 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.21", - "@aws-cdk/service-spec-types": "^0.0.88", + "@aws-cdk/aws-service-spec": "^0.1.23", + "@aws-cdk/service-spec-types": "^0.0.90", "chalk": "^4", "diff": "^5.2.0", "fast-deep-equal": "^3.1.3", diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index fb93b466d8261..b840369327ebc 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -74,7 +74,7 @@ "@aws-cdk/cloud-assembly-schema": "^36.0.5", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", - "@aws-cdk/aws-service-spec": "^0.1.21", + "@aws-cdk/aws-service-spec": "^0.1.23", "cdk-assets": "^2.151.2", "@aws-cdk/cdk-cli-wrapper": "0.0.0", "aws-cdk": "0.0.0", diff --git a/packages/aws-cdk-lib/aws-appsync/README.md b/packages/aws-cdk-lib/aws-appsync/README.md index 675d10dadbfc2..40ba93f974350 100644 --- a/packages/aws-cdk-lib/aws-appsync/README.md +++ b/packages/aws-cdk-lib/aws-appsync/README.md @@ -544,21 +544,24 @@ new route53.CnameRecord(this, `CnameApiRecord`, { AppSync automatically create a log group with the name `/aws/appsync/apis/` upon deployment with log data set to never expire. If you want to set a different expiration period, use the `logConfig.retention` property. +Also you can choose the log level by setting the `logConfig.fieldLogLevel` property. + +For more information, see [CloudWatch logs](https://docs.aws.amazon.com/en_us/appsync/latest/devguide/monitoring.html#cwl). + To obtain the GraphQL API's log group as a `logs.ILogGroup` use the `logGroup` property of the `GraphqlApi` construct. ```ts import * as logs from 'aws-cdk-lib/aws-logs'; -const logConfig: appsync.LogConfig = { - retention: logs.RetentionDays.ONE_WEEK, -}; - new appsync.GraphqlApi(this, 'api', { authorizationConfig: {}, name: 'myApi', definition: appsync.Definition.fromFile(path.join(__dirname, 'myApi.graphql')), - logConfig, + logConfig: { + fieldLogLevel: appsync.FieldLogLevel.INFO, + retention: logs.RetentionDays.ONE_WEEK, + }, }); ``` diff --git a/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts b/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts index 4332257d5484c..9bf1bd3b1a8e9 100644 --- a/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts +++ b/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts @@ -186,15 +186,23 @@ export interface AuthorizationConfig { */ export enum FieldLogLevel { /** - * No logging + * Resolver logging is disabled */ NONE = 'NONE', /** - * Error logging + * Only Error messages appear in logs */ ERROR = 'ERROR', /** - * All logging + * Info and Error messages appear in logs + */ + INFO = 'INFO', + /** + * Debug, Info, and Error messages, appear in logs + */ + DEBUG = 'DEBUG', + /** + * All messages (Debug, Error, Info, and Trace) appear in logs */ ALL = 'ALL', } diff --git a/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts b/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts index 015491c97e891..87950c2d6c827 100644 --- a/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts +++ b/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts @@ -370,4 +370,28 @@ test('when resolver limit is out of range, it throws an error', () => { expect(() => buildWithLimit('resolver-limit-max', 10000)).not.toThrow(errorString); expect(() => buildWithLimit('resolver-limit-high', 10001)).toThrow(errorString); -}); \ No newline at end of file +}); + +test.each([ + [appsync.FieldLogLevel.ALL], + [appsync.FieldLogLevel.ERROR], + [appsync.FieldLogLevel.NONE], + [appsync.FieldLogLevel.INFO], + [appsync.FieldLogLevel.DEBUG], +])('GraphQLApi with LogLevel %s', (fieldLogLevel) => { + // WHEN + new appsync.GraphqlApi(stack, 'GraphQLApi', { + name: 'api', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.test.graphql')), + logConfig: { + fieldLogLevel, + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::AppSync::GraphQLApi', { + LogConfig: { + FieldLogLevel: fieldLogLevel, + }, + }); +}); diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts index 495513bb9a737..1dc2fe099ac50 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts @@ -15,7 +15,7 @@ import * as cloudwatch from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; import * as lambda from '../../aws-lambda'; import * as s3 from '../../aws-s3'; -import { ArnFormat, IResource, Lazy, Resource, Stack, Token, Duration, Names, FeatureFlags } from '../../core'; +import { ArnFormat, IResource, Lazy, Resource, Stack, Token, Duration, Names, FeatureFlags, Annotations } from '../../core'; import { CLOUDFRONT_DEFAULT_SECURITY_POLICY_TLS_V1_2_2021 } from '../../cx-api'; /** @@ -321,6 +321,10 @@ export class Distribution extends Resource implements IDistribution { if (!Token.isUnresolved(certificateRegion) && certificateRegion !== 'us-east-1') { throw new Error(`Distribution certificates must be in the us-east-1 region and the certificate you provided is in ${certificateRegion}.`); } + + if ((props.domainNames ?? []).length === 0) { + Annotations.of(this).addWarningV2('@aws-cdk/aws-cloudfront:emptyDomainNames', 'No domain names are specified. You will need to specify it after running associate-alias CLI command manually. See the "Moving an alternate domain name to a different distribution" section of module\'s README for more info.'); + } } const originId = this.addOrigin(props.defaultBehavior.origin); diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts index 7ad33d02a336e..fb06b7b1b9ef5 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts @@ -1,5 +1,5 @@ import { defaultOrigin, defaultOriginGroup } from './test-origin'; -import { Match, Template } from '../../assertions'; +import { Annotations, Match, Template } from '../../assertions'; import * as acm from '../../aws-certificatemanager'; import * as cloudwatch from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; @@ -473,6 +473,7 @@ describe('certificates', () => { }, }, }); + Annotations.fromStack(stack).hasWarning('/Stack/Dist1', 'No domain names are specified. You will need to specify it after running associate-alias CLI command manually. See the "Moving an alternate domain name to a different distribution" section of module\'s README for more info. [ack: @aws-cdk/aws-cloudfront:emptyDomainNames]'); }); test('use the TLSv1.2_2021 security policy by default', () => { diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts index 109c357576c34..0f3439a3f68d2 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts @@ -3,7 +3,7 @@ import { Certificate } from '../../aws-certificatemanager'; import { CfnParameter, Stack } from '../../core'; import { UserPool, UserPoolDomain } from '../lib'; -describe('User Pool Client', () => { +describe('User Pool Domain', () => { test('custom domain name', () => { // GIVEN const stack = new Stack(); diff --git a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts index 2eb98ad26e6fa..8dbcbd58bd921 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts @@ -177,7 +177,7 @@ export interface InstanceProps { * UserData, which will cause CloudFormation to replace it if the UserData * changes. * - * @default - true iff `initOptions` is specified, false otherwise. + * @default - true if `initOptions` is specified, false otherwise. */ readonly userDataCausesReplacement?: boolean; diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index ad76046aba257..f69caf275bd24 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -275,7 +275,9 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly ACCESS_ANALYZER = new InterfaceVpcEndpointAwsService('access-analyzer'); public static readonly ACCOUNT_MANAGEMENT = new InterfaceVpcEndpointAwsService('account'); public static readonly AIRFLOW_API = new InterfaceVpcEndpointAwsService('airflow.api'); + public static readonly AIRFLOW_API_FIPS = new InterfaceVpcEndpointAwsService('airflow.api-fips'); public static readonly AIRFLOW_ENV = new InterfaceVpcEndpointAwsService('airflow.env'); + public static readonly AIRFLOW_ENV_FIPS = new InterfaceVpcEndpointAwsService('airflow.env-fips'); public static readonly AIRFLOW_OPS = new InterfaceVpcEndpointAwsService('airflow.ops'); public static readonly APIGATEWAY = new InterfaceVpcEndpointAwsService('execute-api'); /** @deprecated - Use InterfaceVpcEndpointAwsService.APP_MESH_ENVOY_MANAGEMENT instead. */ @@ -323,6 +325,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly CODEWHISPERER = new InterfaceVpcEndpointAwsService('codewhisperer'); /** @deprecated - Use InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING instead. */ public static readonly CLOUDWATCH = new InterfaceVpcEndpointAwsService('monitoring'); + public static readonly CLOUDWATCH_APPLICATION_INSIGHTS = new InterfaceVpcEndpointAwsService('applicationinsights'); public static readonly CLOUDWATCH_APPLICATION_SIGNALS = new InterfaceVpcEndpointAwsService('application-signals'); /** @deprecated - Use InterfaceVpcEndpointAwsService.EVENTBRIDGE instead. */ public static readonly CLOUDWATCH_EVENTS = new InterfaceVpcEndpointAwsService('events'); @@ -395,6 +398,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly EMR = new InterfaceVpcEndpointAwsService('elasticmapreduce'); public static readonly EMR_EKS = new InterfaceVpcEndpointAwsService('emr-containers'); public static readonly EMR_SERVERLESS = new InterfaceVpcEndpointAwsService('emr-serverless'); + public static readonly EMR_SERVERLESS_LIVY = new InterfaceVpcEndpointAwsService('emr-serverless-services.livy'); public static readonly EMR_WAL = new InterfaceVpcEndpointAwsService('emrwal.prod'); public static readonly ENTITY_RESOLUTION = new InterfaceVpcEndpointAwsService('entityresolution'); public static readonly EVENTBRIDGE = new InterfaceVpcEndpointAwsService('events'); @@ -446,6 +450,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly KEYSPACES = new InterfaceVpcEndpointAwsService('cassandra', '', 9142); public static readonly KEYSPACES_FIPS = new InterfaceVpcEndpointAwsService('cassandra-fips', '', 9142); public static readonly KINESIS_STREAMS = new InterfaceVpcEndpointAwsService('kinesis-streams'); + public static readonly KINESIS_STREAMS_FIPS = new InterfaceVpcEndpointAwsService('kinesis-streams-fips'); public static readonly KINESIS_FIREHOSE = new InterfaceVpcEndpointAwsService('kinesis-firehose'); public static readonly KMS = new InterfaceVpcEndpointAwsService('kms'); public static readonly KMS_FIPS = new InterfaceVpcEndpointAwsService('kms-fips'); @@ -485,6 +490,8 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly OMICS_TAGS = new InterfaceVpcEndpointAwsService('tags-omics'); public static readonly OMICS_WORKFLOWS = new InterfaceVpcEndpointAwsService('workflows-omics'); public static readonly PANORAMA = new InterfaceVpcEndpointAwsService('panorama'); + public static readonly PARALLEL_COMPUTING_SERVICE = new InterfaceVpcEndpointAwsService('pcs'); + public static readonly PARALLEL_COMPUTING_SERVICE_FIPS = new InterfaceVpcEndpointAwsService('pcs-fips'); public static readonly PAYMENT_CRYPTOGRAPHY_CONTROLPLANE = new InterfaceVpcEndpointAwsService('payment-cryptography.controlplane'); public static readonly PAYMENT_CRYTOGRAPHY_DATAPLANE = new InterfaceVpcEndpointAwsService('payment-cryptography.dataplane'); public static readonly PERSONALIZE = new InterfaceVpcEndpointAwsService('personalize'); @@ -505,22 +512,29 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly PROMETHEUS_WORKSPACES = new InterfaceVpcEndpointAwsService('aps-workspaces'); public static readonly PROTON = new InterfaceVpcEndpointAwsService('proton'); public static readonly Q_BUSSINESS = new InterfaceVpcEndpointAwsService('qbusiness', 'aws.api'); + public static readonly Q_DEVELOPER = new InterfaceVpcEndpointAwsService('q'); public static readonly Q_DEVELOPER_CODE_WHISPERER = new InterfaceVpcEndpointAwsService('codewhisperer'); public static readonly Q_DEVELOPER_QAPPS = new InterfaceVpcEndpointAwsService('qapps'); + public static readonly Q_USER_SUBSCRIPTIONS = new InterfaceVpcEndpointAwsService('service.user-subscriptions'); public static readonly QLDB = new InterfaceVpcEndpointAwsService('qldb.session'); public static readonly QUICKSIGHT_WEBSITE = new InterfaceVpcEndpointAwsService('quicksight-website'); public static readonly RDS = new InterfaceVpcEndpointAwsService('rds'); public static readonly RDS_DATA = new InterfaceVpcEndpointAwsService('rds-data'); + public static readonly RDS_PERFORMANCE_INSIGHTS = new InterfaceVpcEndpointAwsService('pi'); + public static readonly RDS_PERFORMANCE_INSIGHTS_FIPS = new InterfaceVpcEndpointAwsService('pi-fips'); public static readonly REDSHIFT = new InterfaceVpcEndpointAwsService('redshift'); public static readonly REDSHIFT_FIPS = new InterfaceVpcEndpointAwsService('redshift-fips'); public static readonly REDSHIFT_DATA = new InterfaceVpcEndpointAwsService('redshift-data'); public static readonly REDSHIFT_DATA_FIPS = new InterfaceVpcEndpointAwsService('redshift-data-fips'); + public static readonly REDSHIFT_SERVERLESS = new InterfaceVpcEndpointAwsService('redshift-serverless'); + public static readonly REDSHIFT_SERVERLESS_FIPS = new InterfaceVpcEndpointAwsService('redshift-serverless-fips'); public static readonly REKOGNITION = new InterfaceVpcEndpointAwsService('rekognition'); public static readonly REKOGNITION_FIPS = new InterfaceVpcEndpointAwsService('rekognition-fips'); public static readonly REKOGNITION_STREAMING = new InterfaceVpcEndpointAwsService('streaming-rekognition'); public static readonly REKOGNITION_STREAMING_FIPS = new InterfaceVpcEndpointAwsService('streaming-rekognition-fips'); public static readonly REPOST_SPACE = new InterfaceVpcEndpointAwsService('repostspace'); public static readonly ROBOMAKER = new InterfaceVpcEndpointAwsService('robomaker'); + public static readonly RECYCLE_BIN = new InterfaceVpcEndpointAwsService('rbin'); public static readonly S3 = new InterfaceVpcEndpointAwsService('s3'); public static readonly S3_OUTPOSTS = new InterfaceVpcEndpointAwsService('s3-outposts'); public static readonly S3_MULTI_REGION_ACCESS_POINTS = new InterfaceVpcEndpointAwsService('s3-global.accesspoint', 'com.amazonaws', undefined, { global: true }); @@ -546,9 +560,11 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly SNS = new InterfaceVpcEndpointAwsService('sns'); public static readonly SQS = new InterfaceVpcEndpointAwsService('sqs'); public static readonly SSM = new InterfaceVpcEndpointAwsService('ssm'); + public static readonly SSM_FIPS = new InterfaceVpcEndpointAwsService('ssm-fips'); public static readonly SSM_MESSAGES = new InterfaceVpcEndpointAwsService('ssmmessages'); public static readonly SSM_CONTACTS = new InterfaceVpcEndpointAwsService('ssm-contacts'); public static readonly SSM_INCIDENTS = new InterfaceVpcEndpointAwsService('ssm-incidents'); + public static readonly SSM_QUICK_SETUP = new InterfaceVpcEndpointAwsService('ssm-quicksetup'); public static readonly STEP_FUNCTIONS = new InterfaceVpcEndpointAwsService('states'); public static readonly STEP_FUNCTIONS_SYNC = new InterfaceVpcEndpointAwsService('sync-states'); public static readonly STORAGE_GATEWAY = new InterfaceVpcEndpointAwsService('storagegateway'); @@ -560,12 +576,14 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly TEXTRACT = new InterfaceVpcEndpointAwsService('textract'); public static readonly TEXTRACT_FIPS = new InterfaceVpcEndpointAwsService('textract-fips'); public static readonly TIMESTREAM_INFLUXDB = new InterfaceVpcEndpointAwsService('timestream-influxdb'); + public static readonly TIMESTREAM_INFLUXDB_FIPS = new InterfaceVpcEndpointAwsService('timestream-influxdb-fips'); public static readonly TRANSCRIBE = new InterfaceVpcEndpointAwsService('transcribe'); public static readonly TRANSCRIBE_STREAMING = new InterfaceVpcEndpointAwsService('transcribestreaming'); public static readonly TRANSFER = new InterfaceVpcEndpointAwsService('transfer'); public static readonly TRANSFER_SERVER = new InterfaceVpcEndpointAwsService('transfer.server'); public static readonly TRANSLATE = new InterfaceVpcEndpointAwsService('translate'); public static readonly TRUSTED_ADVISOR = new InterfaceVpcEndpointAwsService('trustedadvisor'); + public static readonly WELL_ARCHITECTED_TOOL = new InterfaceVpcEndpointAwsService('wellarchitected'); public static readonly WORKSPACES = new InterfaceVpcEndpointAwsService('workspaces'); public static readonly WORKSPACES_THIN_CLIENT = new InterfaceVpcEndpointAwsService('thinclient.api'); public static readonly XRAY = new InterfaceVpcEndpointAwsService('xray'); diff --git a/packages/aws-cdk-lib/aws-lambda/README.md b/packages/aws-cdk-lib/aws-lambda/README.md index 8e707f04a255b..403460f8ed1b0 100644 --- a/packages/aws-cdk-lib/aws-lambda/README.md +++ b/packages/aws-cdk-lib/aws-lambda/README.md @@ -1213,6 +1213,26 @@ const fn = new lambda.Function(this, 'Lambda_with_IPv6_VPC', { }); ``` +## Outbound traffic +By default, when creating a Lambda function, it would add a security group outbound rule to allow sending all network traffic (except IPv6). This is controlled by `allowAllOutbound` in function properties, which has a default value of `true`. + +To allow outbound IPv6 traffic by default, explicitly set `allowAllIpv6Outbound` to `true` in function properties as shown below (the default value for `allowAllIpv6Outbound` is `false`): +```ts +import * as ec2 from 'aws-cdk-lib/aws-ec2'; + +const vpc = new ec2.Vpc(this, 'Vpc'); + +const fn = new lambda.Function(this, 'LambdaWithIpv6Outbound', { + code: new lambda.InlineCode('def main(event, context): pass'), + handler: 'index.main', + runtime: lambda.Runtime.PYTHON_3_9, + vpc: vpc, + allowAllIpv6Outbound: true, +}); +``` + +Do not specify `allowAllOutbound` or `allowAllIpv6Outbound` property if the `securityGroups` or `securityGroup` property is set. Instead, configure these properties directly on the security group. + ## Ephemeral Storage You can configure ephemeral storage on a function to control the amount of storage it gets for reading diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts index 6fab7f359084e..6615ffe179ac0 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/function.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/function.ts @@ -294,7 +294,7 @@ export interface FunctionOptions extends EventInvokeConfigOptions { readonly securityGroups?: ec2.ISecurityGroup[]; /** - * Whether to allow the Lambda to send all network traffic + * Whether to allow the Lambda to send all network traffic (except ipv6) * * If set to false, you must individually add traffic rules to allow the * Lambda to connect to network targets. @@ -306,6 +306,20 @@ export interface FunctionOptions extends EventInvokeConfigOptions { */ readonly allowAllOutbound?: boolean; + /** + * Whether to allow the Lambda to send all ipv6 network traffic + * + * If set to true, there will only be a single egress rule which allows all + * outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the + * Lambda to connect to network targets using ipv6. + * + * Do not specify this property if the `securityGroups` or `securityGroup` property is set. + * Instead, configure `allowAllIpv6Outbound` directly on the security group. + * + * @default false + */ + readonly allowAllIpv6Outbound?: boolean; + /** * Enabled DLQ. If `deadLetterQueue` is undefined, * an SQS queue with default options will be defined for your Function. @@ -1515,6 +1529,9 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett if (props.ipv6AllowedForDualStack) { throw new Error('Cannot configure \'ipv6AllowedForDualStack\' without configuring a VPC'); } + if (props.allowAllIpv6Outbound !== undefined) { + throw new Error('Cannot configure \'allowAllIpv6Outbound\' without configuring a VPC'); + } return undefined; } @@ -1527,6 +1544,15 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett } } + if (props.allowAllIpv6Outbound !== undefined) { + if (props.securityGroup) { + throw new Error('Configure \'allowAllIpv6Outbound\' directly on the supplied SecurityGroup.'); + } + if (hasSecurityGroups) { + throw new Error('Configure \'allowAllIpv6Outbound\' directly on the supplied SecurityGroups.'); + } + } + let securityGroups: ec2.ISecurityGroup[]; if (hasSecurityGroups) { @@ -1536,6 +1562,7 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett vpc: props.vpc, description: 'Automatic security group for Lambda Function ' + Names.uniqueId(this), allowAllOutbound: props.allowAllOutbound, + allowAllIpv6Outbound: props.allowAllIpv6Outbound, }); securityGroups = [securityGroup]; } diff --git a/packages/aws-cdk-lib/aws-lambda/test/function.test.ts b/packages/aws-cdk-lib/aws-lambda/test/function.test.ts index 0ce4ea8b47517..15e8465086bef 100644 --- a/packages/aws-cdk-lib/aws-lambda/test/function.test.ts +++ b/packages/aws-cdk-lib/aws-lambda/test/function.test.ts @@ -3803,6 +3803,77 @@ describe('function', () => { }), ).toThrow(/ADOT Lambda layer can't be configured with container image package type/); }); + + describe('allowAllIpv6Outbound', () => { + test('allowAllIpv6Outbound set to true', () => { + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Vpc'); + + new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, + allowAllIpv6Outbound: true, + vpc, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EC2::SecurityGroup', { + SecurityGroupEgress: [ + { + CidrIp: '0.0.0.0/0', + Description: 'Allow all outbound traffic by default', + IpProtocol: '-1', + }, + { + CidrIpv6: '::/0', + Description: 'Allow all outbound ipv6 traffic by default', + IpProtocol: '-1', + }, + ], + }); + }); + + test('throws when allowAllIpv6Outbound is defined without vpc', () => { + const stack = new cdk.Stack(); + + expect(() => new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, + allowAllIpv6Outbound: true, + })).toThrow(/Cannot configure \'allowAllIpv6Outbound\' without configuring a VPC/); + }); + + test('throws when both allowAllIpv6Outbound and securityGroup are defined', () => { + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Vpc'); + const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', { vpc: vpc }); + + expect(() => new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, + allowAllIpv6Outbound: true, + vpc, + securityGroup: securityGroup, + })).toThrow(/Configure \'allowAllIpv6Outbound\' directly on the supplied SecurityGroup./); + }); + + test('throws when both allowAllIpv6Outbound and securityGroups are defined', () => { + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Vpc'); + const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', { vpc: vpc }); + + expect(() => new lambda.Function(stack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, + allowAllIpv6Outbound: true, + vpc, + securityGroups: [securityGroup], + })).toThrow(/Configure \'allowAllIpv6Outbound\' directly on the supplied SecurityGroups./); + }); + }); }); test('throws if ephemeral storage size is out of bound', () => { diff --git a/packages/aws-cdk-lib/aws-pcaconnectorscep/.jsiirc.json b/packages/aws-cdk-lib/aws-pcaconnectorscep/.jsiirc.json new file mode 100644 index 0000000000000..b2f517e943e43 --- /dev/null +++ b/packages/aws-cdk-lib/aws-pcaconnectorscep/.jsiirc.json @@ -0,0 +1,13 @@ +{ + "targets": { + "java": { + "package": "software.amazon.awscdk.services.pcaconnectorscep" + }, + "dotnet": { + "package": "Amazon.CDK.AWS.PCAConnectorSCEP" + }, + "python": { + "module": "aws_cdk.aws_pcaconnectorscep" + } + } +} diff --git a/packages/aws-cdk-lib/aws-pcaconnectorscep/README.md b/packages/aws-cdk-lib/aws-pcaconnectorscep/README.md new file mode 100644 index 0000000000000..4fdd2c14b1b97 --- /dev/null +++ b/packages/aws-cdk-lib/aws-pcaconnectorscep/README.md @@ -0,0 +1,39 @@ +# AWS::PCAConnectorSCEP Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts nofixture +import * as pcaconnectorscep from 'aws-cdk-lib/aws-pcaconnectorscep'; +``` + + + +There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: + +- Search [Construct Hub for PCAConnectorSCEP construct libraries](https://constructs.dev/search?q=pcaconnectorscep) +- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::PCAConnectorSCEP resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_PCAConnectorSCEP.html) directly. + + + + +There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. +However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. + +For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::PCAConnectorSCEP](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_PCAConnectorSCEP.html). + +(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) + + diff --git a/packages/aws-cdk-lib/aws-pcaconnectorscep/index.ts b/packages/aws-cdk-lib/aws-pcaconnectorscep/index.ts new file mode 100644 index 0000000000000..f41a696fd204d --- /dev/null +++ b/packages/aws-cdk-lib/aws-pcaconnectorscep/index.ts @@ -0,0 +1 @@ +export * from './lib'; diff --git a/packages/aws-cdk-lib/aws-pcaconnectorscep/lib/index.ts b/packages/aws-cdk-lib/aws-pcaconnectorscep/lib/index.ts new file mode 100644 index 0000000000000..e674e1d9d28a2 --- /dev/null +++ b/packages/aws-cdk-lib/aws-pcaconnectorscep/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::PCAConnectorSCEP Cloudformation Resources +export * from './pcaconnectorscep.generated'; diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts index e0bfec6452b62..dbe3d17992280 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts @@ -494,6 +494,8 @@ export class MariaDbEngineVersion { public static readonly VER_10_5_24 = MariaDbEngineVersion.of('10.5.24', '10.5'); /** Version "10.5.25". */ public static readonly VER_10_5_25 = MariaDbEngineVersion.of('10.5.25', '10.5'); + /** Version "10.5.26". */ + public static readonly VER_10_5_26 = MariaDbEngineVersion.of('10.5.26', '10.5'); /** Version "10.6" (only a major version, without a specific minor version). */ public static readonly VER_10_6 = MariaDbEngineVersion.of('10.6', '10.6'); @@ -539,6 +541,8 @@ export class MariaDbEngineVersion { public static readonly VER_10_6_17 = MariaDbEngineVersion.of('10.6.17', '10.6'); /** Version "10.6.18". */ public static readonly VER_10_6_18 = MariaDbEngineVersion.of('10.6.18', '10.6'); + /** Version "10.6.19". */ + public static readonly VER_10_6_19 = MariaDbEngineVersion.of('10.6.19', '10.6'); /** Version "10.11" (only a major version, without a specific minor version). */ public static readonly VER_10_11 = MariaDbEngineVersion.of('10.11', '10.11'); @@ -552,6 +556,8 @@ export class MariaDbEngineVersion { public static readonly VER_10_11_7 = MariaDbEngineVersion.of('10.11.7', '10.11'); /** Version "10.11.8". */ public static readonly VER_10_11_8 = MariaDbEngineVersion.of('10.11.8', '10.11'); + /** Version "10.11.9". */ + public static readonly VER_10_11_9 = MariaDbEngineVersion.of('10.11.9', '10.11'); /** * Create a new MariaDbEngineVersion with an arbitrary version. diff --git a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts index cf076a9668802..6c8ffe2fb1695 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts @@ -533,9 +533,17 @@ export class DatabaseProxy extends DatabaseProxyBase // To avoid this, use `CfnResource.addDependency` to add dependencies on `DatabaseCluster` and `DBInstance`. bindResult.dbClusters?.forEach((cluster) => { cluster.node.children.forEach((child) => { + // Legacy case using the `instanceProps` property of `DatabaseCluster`. if (child instanceof CfnDBInstance) { proxyTargetGroup.addDependency(child); } + // The case of `AuroraClusterInstance` constructs passed via the `writer` and `readers` properties of `DatabaseCluster`. + // We can't use the `AuroraClusterInstance` class to check the type with `instanceof` because the class is not exported. + // The `defaultChild` that the construct has should be a `CfnDBInstance`, so check it. + const resource = child.node.defaultChild; + if (resource instanceof CfnDBInstance) { + proxyTargetGroup.addDependency(resource); + } }); const clusterResource = cluster.node.defaultChild as cdk.CfnResource; if (clusterResource && cdk.CfnResource.isCfnResource(clusterResource)) { diff --git a/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts b/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts index 86d2b8b2dc574..107ff52094086 100644 --- a/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts @@ -1,4 +1,5 @@ import { Template } from '../../assertions'; +import * as ec2 from '../../aws-ec2'; import * as iam from '../../aws-iam'; import * as cdk from '../../core'; import * as rds from '../lib'; @@ -262,4 +263,57 @@ describe('instance engine', () => { expect(engineConfig.features?.s3Export).toEqual('s3Export'); }); }); + + describe('MariaDB engine version', () => { + test.each([ + ['10.4', rds.MariaDbEngineVersion.VER_10_4], + ['10.4.29', rds.MariaDbEngineVersion.VER_10_4_29], + ['10.4.30', rds.MariaDbEngineVersion.VER_10_4_30], + ['10.4.31', rds.MariaDbEngineVersion.VER_10_4_31], + ['10.4.32', rds.MariaDbEngineVersion.VER_10_4_32], + ['10.4.33', rds.MariaDbEngineVersion.VER_10_4_33], + ['10.4.34', rds.MariaDbEngineVersion.VER_10_4_34], + ['10.5', rds.MariaDbEngineVersion.VER_10_5], + ['10.5.20', rds.MariaDbEngineVersion.VER_10_5_20], + ['10.5.21', rds.MariaDbEngineVersion.VER_10_5_21], + ['10.5.22', rds.MariaDbEngineVersion.VER_10_5_22], + ['10.5.23', rds.MariaDbEngineVersion.VER_10_5_23], + ['10.5.24', rds.MariaDbEngineVersion.VER_10_5_24], + ['10.5.25', rds.MariaDbEngineVersion.VER_10_5_25], + ['10.5.26', rds.MariaDbEngineVersion.VER_10_5_26], + ['10.6', rds.MariaDbEngineVersion.VER_10_6], + ['10.6.13', rds.MariaDbEngineVersion.VER_10_6_13], + ['10.6.14', rds.MariaDbEngineVersion.VER_10_6_14], + ['10.6.15', rds.MariaDbEngineVersion.VER_10_6_15], + ['10.6.16', rds.MariaDbEngineVersion.VER_10_6_16], + ['10.6.17', rds.MariaDbEngineVersion.VER_10_6_17], + ['10.6.18', rds.MariaDbEngineVersion.VER_10_6_18], + ['10.6.19', rds.MariaDbEngineVersion.VER_10_6_19], + ['10.11', rds.MariaDbEngineVersion.VER_10_11], + ['10.11.4', rds.MariaDbEngineVersion.VER_10_11_4], + ['10.11.5', rds.MariaDbEngineVersion.VER_10_11_5], + ['10.11.6', rds.MariaDbEngineVersion.VER_10_11_6], + ['10.11.7', rds.MariaDbEngineVersion.VER_10_11_7], + ['10.11.8', rds.MariaDbEngineVersion.VER_10_11_8], + ['10.11.9', rds.MariaDbEngineVersion.VER_10_11_9], + ])('is passed correctly for %s', (engineVersion, version) => { + + // WHEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + new rds.DatabaseInstance(stack, 'Instance', { + engine: rds.DatabaseInstanceEngine.mariaDb({ version }), + vpc, + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBInstance', { + Properties: { + Engine: 'mariadb', + EngineVersion: engineVersion, + }, + }); + }); + }); }); diff --git a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts index 7c1d76a68a416..b8c31cdcb4595 100644 --- a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts @@ -558,6 +558,86 @@ describe('proxy', () => { }); }); + test('DBProxyTargetGroup should have dependency on the proxy targets when using cluster with writer and readers properties', () => { + // GIVEN + const cluster = new rds.DatabaseCluster(stack, 'cluster', { + engine: rds.DatabaseClusterEngine.AURORA, + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], + }); + + //WHEN + new rds.DatabaseProxy(stack, 'proxy', { + proxyTarget: rds.ProxyTarget.fromCluster(cluster), + secrets: [cluster.secret!], + vpc, + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'proxy3A1DA9C7', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + }); + + test('Correct dependencies are created when multiple DatabaseProxy are created with addProxy for cluster with writer and readers properties', () => { + // GIVEN + const cluster = new rds.DatabaseCluster(stack, 'cluster', { + engine: rds.DatabaseClusterEngine.AURORA, + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], + }); + + //WHEN + cluster.addProxy('Proxy', { + vpc, + secrets: [cluster.secret!], + }); + cluster.addProxy('Proxy2', { + vpc, + secrets: [cluster.secret!], + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'clusterProxy22303E35D', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'clusterProxyC4BEF551', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + }); + describe('clientPasswordAuthType', () => { test('create a DB proxy with specified client password authentication type', () => { // GIVEN diff --git a/packages/aws-cdk-lib/aws-ssmquicksetup/.jsiirc.json b/packages/aws-cdk-lib/aws-ssmquicksetup/.jsiirc.json new file mode 100644 index 0000000000000..663992255ab35 --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmquicksetup/.jsiirc.json @@ -0,0 +1,13 @@ +{ + "targets": { + "java": { + "package": "software.amazon.awscdk.services.ssmquicksetup" + }, + "dotnet": { + "package": "Amazon.CDK.AWS.SSMQuickSetup" + }, + "python": { + "module": "aws_cdk.aws_ssmquicksetup" + } + } +} diff --git a/packages/aws-cdk-lib/aws-ssmquicksetup/README.md b/packages/aws-cdk-lib/aws-ssmquicksetup/README.md new file mode 100644 index 0000000000000..3480bc441d2e3 --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmquicksetup/README.md @@ -0,0 +1,39 @@ +# AWS::SSMQuickSetup Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts nofixture +import * as ssmquicksetup from 'aws-cdk-lib/aws-ssmquicksetup'; +``` + + + +There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: + +- Search [Construct Hub for SSMQuickSetup construct libraries](https://constructs.dev/search?q=ssmquicksetup) +- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::SSMQuickSetup resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_SSMQuickSetup.html) directly. + + + + +There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. +However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. + +For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::SSMQuickSetup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_SSMQuickSetup.html). + +(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) + + diff --git a/packages/aws-cdk-lib/aws-ssmquicksetup/index.ts b/packages/aws-cdk-lib/aws-ssmquicksetup/index.ts new file mode 100644 index 0000000000000..f41a696fd204d --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmquicksetup/index.ts @@ -0,0 +1 @@ +export * from './lib'; diff --git a/packages/aws-cdk-lib/aws-ssmquicksetup/lib/index.ts b/packages/aws-cdk-lib/aws-ssmquicksetup/lib/index.ts new file mode 100644 index 0000000000000..a2cb6ae413289 --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmquicksetup/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::SSMQuickSetup Cloudformation Resources +export * from './ssmquicksetup.generated'; diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md index 2067a10332668..2bd0f0ea27132 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md @@ -1363,7 +1363,7 @@ const connection = new events.Connection(this, 'Connection', { new tasks.HttpInvoke(this, 'Invoke HTTP API', { apiRoot: 'https://api.example.com', - apiEndpoint: sfn.TaskInput.fromText('https://api.example.com/path/to/resource'), + apiEndpoint: sfn.TaskInput.fromText('path/to/resource'), body: sfn.TaskInput.fromObject({ foo: 'bar' }), connection, headers: sfn.TaskInput.fromObject({ 'Content-Type': 'application/json' }), diff --git a/packages/aws-cdk-lib/index.ts b/packages/aws-cdk-lib/index.ts index 3c6c45b5de2f2..6b6e4c01e5641 100644 --- a/packages/aws-cdk-lib/index.ts +++ b/packages/aws-cdk-lib/index.ts @@ -196,6 +196,7 @@ export * as aws_osis from './aws-osis'; export * as aws_panorama from './aws-panorama'; export * as aws_paymentcryptography from './aws-paymentcryptography'; export * as aws_pcaconnectorad from './aws-pcaconnectorad'; +export * as aws_pcaconnectorscep from './aws-pcaconnectorscep'; export * as aws_personalize from './aws-personalize'; export * as aws_pinpoint from './aws-pinpoint'; export * as aws_pinpointemail from './aws-pinpointemail'; @@ -251,6 +252,7 @@ export * as aws_sqs from './aws-sqs'; export * as aws_ssm from './aws-ssm'; export * as aws_ssmcontacts from './aws-ssmcontacts'; export * as aws_ssmincidents from './aws-ssmincidents'; +export * as aws_ssmquicksetup from './aws-ssmquicksetup'; export * as aws_sso from './aws-sso'; export * as aws_stepfunctions from './aws-stepfunctions'; export * as aws_stepfunctions_tasks from './aws-stepfunctions-tasks'; diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index 20a9feafdf7a1..d0878cf2f3554 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -136,7 +136,7 @@ "mime-types": "^2.1.35" }, "devDependencies": { - "@aws-cdk/aws-service-spec": "^0.1.21", + "@aws-cdk/aws-service-spec": "^0.1.23", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/custom-resource-handlers": "0.0.0", "@aws-cdk/pkglint": "0.0.0", @@ -411,6 +411,7 @@ "./aws-panorama": "./aws-panorama/index.js", "./aws-paymentcryptography": "./aws-paymentcryptography/index.js", "./aws-pcaconnectorad": "./aws-pcaconnectorad/index.js", + "./aws-pcaconnectorscep": "./aws-pcaconnectorscep/index.js", "./aws-personalize": "./aws-personalize/index.js", "./aws-pinpoint": "./aws-pinpoint/index.js", "./aws-pinpointemail": "./aws-pinpointemail/index.js", @@ -466,6 +467,7 @@ "./aws-ssm": "./aws-ssm/index.js", "./aws-ssmcontacts": "./aws-ssmcontacts/index.js", "./aws-ssmincidents": "./aws-ssmincidents/index.js", + "./aws-ssmquicksetup": "./aws-ssmquicksetup/index.js", "./aws-sso": "./aws-sso/index.js", "./aws-stepfunctions": "./aws-stepfunctions/index.js", "./aws-stepfunctions-tasks": "./aws-stepfunctions-tasks/index.js", diff --git a/packages/aws-cdk-lib/scripts/scope-map.json b/packages/aws-cdk-lib/scripts/scope-map.json index d3a316063c252..d91b3c05813e9 100644 --- a/packages/aws-cdk-lib/scripts/scope-map.json +++ b/packages/aws-cdk-lib/scripts/scope-map.json @@ -537,6 +537,9 @@ "aws-pcaconnectorad": [ "AWS::PCAConnectorAD" ], + "aws-pcaconnectorscep": [ + "AWS::PCAConnectorSCEP" + ], "aws-personalize": [ "AWS::Personalize" ], @@ -681,6 +684,9 @@ "aws-ssmincidents": [ "AWS::SSMIncidents" ], + "aws-ssmquicksetup": [ + "AWS::SSMQuickSetup" + ], "aws-sso": [ "AWS::SSO" ], diff --git a/packages/aws-cdk/lib/notices.ts b/packages/aws-cdk/lib/notices.ts index 1747369705fe1..747078e0a11da 100644 --- a/packages/aws-cdk/lib/notices.ts +++ b/packages/aws-cdk/lib/notices.ts @@ -255,7 +255,7 @@ export class NoticeFilter { } /** - * Returns true iff we should show this notice. + * Returns true if we should show this notice. */ apply(notice: Notice): boolean { if (this.acknowledgedIssueNumbers.has(notice.issueNumber)) { @@ -267,7 +267,7 @@ export class NoticeFilter { } /** - * Returns true iff we should show the notice. + * Returns true if we should show the notice. */ private applyVersion(notice: Notice, name: string, compareToVersion: string | undefined) { if (compareToVersion === undefined) { return false; } diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json index accb584539cc9..4b982f488d3dd 100644 --- a/tools/@aws-cdk/spec2cdk/package.json +++ b/tools/@aws-cdk/spec2cdk/package.json @@ -32,9 +32,9 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.1.21", - "@aws-cdk/service-spec-importers": "^0.0.46", - "@aws-cdk/service-spec-types": "^0.0.88", + "@aws-cdk/aws-service-spec": "^0.1.23", + "@aws-cdk/service-spec-importers": "^0.0.47", + "@aws-cdk/service-spec-types": "^0.0.90", "@cdklabs/tskb": "^0.0.3", "@cdklabs/typewriter": "^0.0.3", "camelcase": "^6", diff --git a/version.v2.json b/version.v2.json index 543b3795800ea..3e74324e1d8b2 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.156.0", - "alphaVersion": "2.156.0-alpha.0" + "version": "2.157.0", + "alphaVersion": "2.157.0-alpha.0" } \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 37d6bef067a89..db4a71cd4d968 100644 --- a/yarn.lock +++ b/yarn.lock @@ -51,12 +51,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz#9b5d213b5ce5ad4461f6a4720195ff8de72e6523" integrity sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg== -"@aws-cdk/aws-service-spec@^0.1.21": - version "0.1.21" - resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.21.tgz#8635f673787f498568251a3f61c0b355ab8be193" - integrity sha512-6wi6nzrR6n0n1pLIDQ2cpo1zRA/NkOEH22VkH6zIJviZnFRkx8vXt6C24Qismd9CKxaNgvPPv/H5gSOfYmgciA== +"@aws-cdk/aws-service-spec@^0.1.23": + version "0.1.23" + resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.23.tgz#88ac3ef86a3412eefa7f3e2dbc6642959bf2530a" + integrity sha512-AR31T//3HTyU1jshiYV+fI6cb7JxwDbcBP0Lb2ruQTYEviLK0j+BVrG5F1R4kQ4e1d/TMPujCzXoOSs2TcHCvw== dependencies: - "@aws-cdk/service-spec-types" "^0.0.88" + "@aws-cdk/service-spec-types" "^0.0.90" "@cdklabs/tskb" "^0.0.3" "@aws-cdk/cloud-assembly-schema@^36.0.0": @@ -97,12 +97,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v30/-/lambda-layer-kubectl-v30-2.0.0.tgz#97c40d31e5350ce7170be5d188361118b1e39231" integrity sha512-yES6NfrJ3QV1372lAZ2FLXp/no4bqDWBXeSREJdrpWjQzD0wvL/hCpHEyjZrzHhOi27YbMxFTQ3g9isKAul8+A== -"@aws-cdk/service-spec-importers@^0.0.46": - version "0.0.46" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.46.tgz#5bd54c562491255eb0c03ba755e2202372267ab3" - integrity sha512-iiQW4o8gS5ni4Zg/9chS+UxUuTgaDMSHZR5L/bxrhHhUj6Nmw6jVw0dJuYH+cWBjCigbAghBlmQgIIaiUoc1BA== +"@aws-cdk/service-spec-importers@^0.0.47": + version "0.0.47" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.47.tgz#fffad95201bbca58cb4faefc20259e422649a906" + integrity sha512-paZjDcpeMcwlT03xWLKCETlnbObsG8LImY81BRqabzarwGVEUEx2WYrVKzXBZUzkK3yn9xB4Sp20Q7Wu9wyZCQ== dependencies: - "@aws-cdk/service-spec-types" "^0.0.87" + "@aws-cdk/service-spec-types" "^0.0.89" "@cdklabs/tskb" "^0.0.3" ajv "^6" canonicalize "^2.0.0" @@ -113,17 +113,17 @@ glob "^8" sort-json "^2.0.1" -"@aws-cdk/service-spec-types@^0.0.87": - version "0.0.87" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.87.tgz#67c105096d66c2fe42bf49585e9cd382ba4a3a9d" - integrity sha512-HPFgxslPkL4idg4UCbaVWXaeVGzq9XEiUji6uUQdrYpe5K54O5k9rvNDA77FDMomxwnfQRTDTFlVlXC9291B4A== +"@aws-cdk/service-spec-types@^0.0.89": + version "0.0.89" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.89.tgz#c6d87b21d6aa5165ef728997b3f90fa7729b3ac6" + integrity sha512-T6xoePPlZMz1c/0PRj9Ce2B+OyHN4BLJXcsuVYN5Y/7Y3EeVYWSr9OHGFt03Mbvg8bfKIoazaDtuc/m9jo3+Qw== dependencies: "@cdklabs/tskb" "^0.0.3" -"@aws-cdk/service-spec-types@^0.0.88": - version "0.0.88" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.88.tgz#aa3ae69221ffc27e19f1a72f889034e4000c4310" - integrity sha512-Wk1UdXBT3QbVHouMl3eIYWx/0Mku4LM9DfEq5flwmqbSCCmXVFO8CAA2bClKznYy5WhiV7Zz7rviXBO5gdfW5w== +"@aws-cdk/service-spec-types@^0.0.90": + version "0.0.90" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.90.tgz#3410fe525a82eceabf188ec161fadce2569846f2" + integrity sha512-gHRyWiOGyu9kbc+3BUjoOxf6pgPprP3SjGbjhK25X6cRBGOPmR8a5gS9EHGxyPiZq8Qcr0yHvt3q02cjBGi4cA== dependencies: "@cdklabs/tskb" "^0.0.3"