Merge branch 'main' into 33034-add-versioned-access

.github/workflows/README.md

@@ -55,11 +55,6 @@ When approved this pushes the PR to the testing pipeline,
 thus starting the cli integ test build.
 Owner: Core CDK team
 
-### Initial Priority Assignment
-
-[project-prioritization-assignment.yml](project-prioritization-assignment.yml): GitHub action for automatically adding PR's with priorities to the project priority board based on their labels.
-Owner: CDK Support team
-
 ## Issue Triggered
 
 ### Closed Issue Message
@@ -108,13 +103,3 @@ Owner: Core CDK team
 
 [update-contributors.yml](update-contributors.yml): GitHub action that runs monthly to create a pull request for updating a CONTRIBUTORS file with the top contributors.
 Owner: Core CDK team
-
-### R2 Priority Assignment
-
-[project-prioritization-r2-assignment.yml](project-prioritization-r2-assignment.yml): GitHub action that runs every 6 hours to add PR's to the priority project board that satisfies R2 Priority.
-Owner: CDK Support team
-
-### R5 Priority Assignment
-
-[project-prioritization-r5-assignment.yml](project-prioritization-r5-assignment.yml): GitHub action that runs every day to add PR's to the priority project board that satisfies R5 Priority.
-Owner: CDK Support team

packages/@aws-cdk/aws-amplify-alpha/README.md

@@ -250,7 +250,7 @@ const amplifyApp = new amplify.App(this, 'MyApp', {
 
 Amplify uses Amazon CloudFront to manage the caching configuration for your hosted applications. A cache configuration is applied to each app to optimize for the best performance.
 
-Setting the `cacheConfigType` field on the Amplify `App` construct can be used to control cache configguration. By default, the value is set to `AMPLIFY_MANAGED`. If you want to exclude all cookies from the cache key, set `AMPLIFY_MANAGED_NO_COOKIES`.
+Setting the `cacheConfigType` field on the Amplify `App` construct can be used to control cache configuration. By default, the value is set to `AMPLIFY_MANAGED`. If you want to exclude all cookies from the cache key, set `AMPLIFY_MANAGED_NO_COOKIES`.
 
 For more information, see [Managing the cache configuration for an app](https://docs.aws.amazon.com/amplify/latest/userguide/caching.html).
 

packages/@aws-cdk/aws-ec2-alpha/README.md

@@ -105,6 +105,38 @@ new VpcV2(this, 'Vpc', {
 
 Since `VpcV2` does not create subnets automatically, users have full control over IP addresses allocation across subnets.
 
+### Bring your own IPv6 addresses (BYOIP) 
+
+If you have your own IP address that you would like to use with EC2, you can set up an IPv6 pool via the AWS CLI, and use that pool ID in your application.
+
+Once you have certified your IP address block with an ROA and have obtained an X-509 certificate, you can run the following command to provision your CIDR block in your AWS account:
+
+```shell
+aws ec2 provision-byoip-cidr --region <region> --cidr <your CIDR block> --cidr-authorization-context Message="1|aws|<account>|<your CIDR block>|<expiration date>|SHA256".Signature="<signature>"
+```
+
+When your BYOIP CIDR is provisioned, you can run the following command to retrieve your IPv6 pool ID, which will be used in your VPC declaration:
+
+```shell
+aws ec2 describe-byoip-cidr --region <region>
+```
+
+For more help on setting up your IPv6 address, please review the [EC2 Documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html).
+
+Once you have provisioned your address block, you can use the IPv6 in your VPC as follows:
+
+```ts
+const myVpc = new VpcV2(this, 'Vpc', {
+  primaryAddressBlock: IpAddresses.ipv4('10.1.0.0/16'),
+  secondaryAddressBlocks: [IpAddresses.ipv6ByoipPool({
+    cidrBlockName: 'MyByoipCidrBlock',
+    ipv6PoolId: 'ipv6pool-ec2-someHashValue',
+    ipv6CidrBlock: '2001:db8::/32'
+  })],
+  enableDnsHostnames: true,
+  enableDnsSupport: true,
+});
+```
 
 ## Routing
 

packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts

@@ -456,7 +456,7 @@ function storeSubnetToVpcByType(vpc: IVpcV2, subnet: SubnetV2, type: SubnetType)
 function validateSupportIpv6(vpc: IVpcV2) {
   if (vpc.secondaryCidrBlock) {
     if (vpc.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true ||
-  secondaryAddress.ipv6IpamPoolId != undefined)) {
+  secondaryAddress.ipv6IpamPoolId !== undefined || secondaryAddress.ipv6Pool !== undefined)) {
       return true;
     } else {
       throw new Error('To use IPv6, the VPC must enable IPv6 support.');

packages/@aws-cdk/aws-ec2-alpha/lib/util.ts

@@ -323,13 +323,54 @@ export class CidrBlockIpv6 {
   }
 
   /**
-   * @returns Maximum IPv6 address for a provided CIDR
+   * Calculates the maximum IPv6 address in the CIDR block
+   * @returns The maximum IPv6 address as a string
    */
   public maxIp(): string {
+    /**
+     * Calculate how many 16-bit blocks are needed for the network portion
+     * e.g. for /56, networkPartLength = ceil(56/16) = 4 blocks
+     */
+    const networkPartLength = Math.ceil(this.cidrPrefix / 16);
+    /**
+     * Calculate remaining bits in last network block
+     * e.g. for /56, remainingBits = 56 % 16 = 8 bits
+     */
+    const remainingBits = this.cidrPrefix % 16;
+    /**
+     * Create copy of network portion of address
+     * e.g. [2001, db8, 0, 0] for 2001:db8::/56
+     */
     const endIP = [...this.networkPart];
-    const hostPart = Array(8 - this.networkPart.length).fill(BigInt(0xffff));
-    endIP.push(...hostPart);
 
+    /**
+     * If there are remaining bits in last network block,
+     * create appropriate bitmask and apply to last network block
+     * e.g. for /56: mask = (1 << (16-8)) - 1 = 0x00FF
+     */
+    if (remainingBits > 0) {
+      const lastNetworkIndex = networkPartLength - 1;
+      const mask = (BigInt(1) << BigInt(16 - remainingBits)) - BigInt(1);
+      /**
+       * Apply bitmask to last network block using bitwise OR
+       * e.g. if lastNetworkIndex=3 and mask=0x00FF:
+       * networkPart[3]=0x0000 | 0x00FF = 0x00FF
+       */
+      endIP[lastNetworkIndex] = this.networkPart[lastNetworkIndex] | mask;
+    }
+
+    /**
+     * Fill remaining blocks with maximum value 0xFFFF
+     * e.g. [2001, db8, 0, ff, ffff, ffff, ffff, ffff]
+     */
+    for (let i = networkPartLength; i < 8; i++) {
+      endIP.push(BigInt('0xffff'));
+    }
+
+    /**
+     * Convert blocks to hex strings and join with colons
+     * e.g. 2001:db8:0:ff:ffff:ffff:ffff:ffff
+     */
     return endIP.map(this.formatIPv6Part).join(':');
   }
 
@@ -342,26 +383,18 @@ export class CidrBlockIpv6 {
    * @returns true if two ranges overlap, false otherwise
    */
   public rangesOverlap(range1: string, range2: string): boolean {
-    const [start1, end1] = this.getIPv6Range(range1);
-    const [start2, end2] = this.getIPv6Range(range2);
+    // Create new CidrBlockIpv6 instances for both ranges
+    const cidr1 = new CidrBlockIpv6(range1);
+    const cidr2 = new CidrBlockIpv6(range2);
 
-    return (start1 <= end2) && (start2 <= end1);
-  }
+    // Convert min and max IPs to numeric values for comparison
+    const start1 = this.ipv6ToNumber(cidr1.minIp());
+    const end1 = this.ipv6ToNumber(cidr1.maxIp());
+    const start2 = this.ipv6ToNumber(cidr2.minIp());
+    const end2 = this.ipv6ToNumber(cidr2.maxIp());
 
-  /**
-   *
-   * @param cidr
-   * @returns Range in the from of big int number [start, end]
-   */
-  private getIPv6Range(cidr: string): [bigint, bigint] {
-    const [ipv6Address, prefixLength] = cidr.split('/');
-    const ipv6Number = this.ipv6ToNumber(ipv6Address);
-    const mask = (BigInt(1) << BigInt(128 - Number(prefixLength))) - BigInt(1);
-    const networkPrefix = ipv6Number & ~mask;
-    const start = networkPrefix;
-    const end = networkPrefix | mask;
-
-    return [start, end];
+    // Check for overlap
+    return (start1 <= end2) && (start2 <= end1);
   }
 
   /**

packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts

@@ -430,7 +430,7 @@ export abstract class VpcV2Base extends Resource implements IVpcV2 {
     let useIpv6;
     if (this.secondaryCidrBlock) {
       useIpv6 = (this.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true ||
-    secondaryAddress.ipv6IpamPoolId != undefined));
+    secondaryAddress.ipv6IpamPoolId !== undefined || secondaryAddress.ipv6CidrBlock !== undefined));
     }
 
     if (!useIpv6) {