Merge pull request #324 from awslabs/bump/1.115.0

chore(release): 1.115.0

.viperlightignore

@@ -20,19 +20,24 @@ source/tools/cdk-integ-tools/package-lock.json:373
 source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.js:115
 source/patterns/@aws-solutions-constructs/core/test/lambda-helper.test.ts:297
 source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts:102
+source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/dynamodbstreams-lambda.test.ts:102
 source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts:219
 source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts:186
 source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts:66
 source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts:129
+source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/lambda-stepfunctions.test.ts:129
 source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/events-rule-sns-topic.test.ts:243
+source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/eventbridge-sns-topic.test.ts:243
 source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/events-rule-sqs-queue.test.ts:131
+source/patterns/@aws-solutions-constructs/aws-eventbridge-sqs/test/eventbridge-sqs-queue.test.ts:131
 source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts:105
+source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/dynamodbstreams-lambda.test.ts:105
 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/README.md:39
 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.defaultParams.expected.json:266
 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.overrideParams.expected.json:269
 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts:29
 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.override_auth_api_keys.expected.json:267
-source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts:111
+source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts:123
 source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts:171
 source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/test.s3-sqs.test.ts:251
 source/use_cases/aws-custom-glue-etl/stream-producer/generate_data.py:86

CHANGELOG.md

@@ -2,6 +2,25 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.115.0](https://github.com/awslabs/aws-solutions-constructs/compare/v1.114.0...v1.115.0) (2021-08-11)
+
+### Added
+
+* Added new constructs that provide the same implementation as existing constructs but have names that follow our naming standard. aws-lambda-stepfunctions ([285](https://github.com/awslabs/aws-solutions-constructs/issues/285)), aws-eventbridge-stepfunctions ([299](https://github.com/awslabs/aws-solutions-constructs/issues/299)), aws-eventbridge-sns ([309](https://github.com/awslabs/aws-solutions-constructs/issues/309)), aws-eventbridge-kinesisfirehose-s3 ([310](https://github.com/awslabs/aws-solutions-constructs/issues/310)), aws-eventbridge-kinesisstreams ([311](https://github.com/awslabs/aws-solutions-constructs/issues/311)), aws-eventbridge-lambda ([312](https://github.com/awslabs/aws-solutions-constructs/issues/312))aws-eventbridge-sqs ([315](https://github.com/awslabs/aws-solutions-constructs/issues/315)), aws-dynamodbstreams-lambda-elasticsearch-kibana ([319](https://github.com/awslabs/aws-solutions-constructs/issues/319))
+
+### Changed
+
+* Upgraded all patterns to CDK v1.115.0
+* Encrypt scrap buckets created for integration tests ([314](https://github.com/awslabs/aws-solutions-constructs/issues/314))
+* fixed cfn_nag error when using existingBucketInterface on cloudfront-s3 ([320](https://github.com/awslabs/aws-solutions-constructs/issues/320))
+* allow passing sqsEventSourceProps into LambdaToSqsToLambda ([321](https://github.com/awslabs/aws-solutions-constructs/issues/321))
+* Set eligible constructs to Stable (9 constructs) ([323](https://github.com/awslabs/aws-solutions-constructs/issues/323))
+
+### ⚠ BREAKING CHANGES
+
+* CloudFrontToApiGateway - use cloudfront function instead of lambda@edge ([313](https://github.com/awslabs/aws-solutions-constructs/issues/))
+* CloudFrontToMediaStore - use cloudfront function instead of lambda@edge ([317](https://github.com/awslabs/aws-solutions-constructs/issues/))
+
 ## [1.114.0](https://github.com/awslabs/aws-solutions-constructs/compare/v1.113.0...v1.114.0) (2021-07-27)
 
 ### Changed

source/lerna.json

@@ -6,5 +6,5 @@
     "./patterns/@aws-solutions-constructs/*"
   ],
   "rejectCycles": "true",
-  "version": "1.114.0"
+  "version": "1.115.0"
 }

source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/README.md

@@ -3,11 +3,7 @@
 
 ---
 
-![Stability: Experimental](https://img.shields.io/badge/stability-Experimental-important.svg?style=for-the-badge)
-
-> All classes are under active development and subject to non-backward compatible changes or removal in any
-> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
-> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
+![Stability: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)
 
 ---
 <!--END STABILITY BANNER-->

source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/README.md

@@ -3,11 +3,7 @@
 
 ---
 
-![Stability: Experimental](https://img.shields.io/badge/stability-Experimental-important.svg?style=for-the-badge)
-
-> All classes are under active development and subject to non-backward compatible changes or removal in any
-> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
-> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
+![Stability: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)
 
 ---
 <!--END STABILITY BANNER-->

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/README.md

@@ -66,7 +66,7 @@ _Parameters_
 | **Name**     | **Type**        | **Description** |
 |:-------------|:----------------|-----------------|
 |cloudFrontWebDistribution|[`cloudfront.CloudFrontWebDistribution`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.CloudFrontWebDistribution.html)|Returns an instance of cloudfront.CloudFrontWebDistribution created by the construct|
-|edgeLambdaFunctionVersion|[`lambda.Version`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.Version.html)|Returns an instance of the edge Lambda function version created by the pattern.|
+|cloudFrontFunction?|[`cloudfront.Function`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.Function.html)|Returns an instance of the Cloudfront function created by the pattern.|
 |cloudFrontLoggingBucket|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-s3-readme.html)|Returns an instance of the logging bucket for CloudFront WebDistribution.|
 |apiGateway|[`api.RestApi`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html)|Returns an instance of the API Gateway REST API created by the pattern.|
 |apiGatewayCloudWatchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.|

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/lib/index.ts

@@ -66,7 +66,7 @@ export interface CloudFrontToApiGatewayToLambdaProps {
 
 export class CloudFrontToApiGatewayToLambda extends Construct {
   public readonly cloudFrontWebDistribution: cloudfront.Distribution;
-  public readonly edgeLambdaFunctionVersion?: lambda.Version;
+  public readonly cloudFrontFunction?: cloudfront.Function;
   public readonly cloudFrontLoggingBucket?: s3.Bucket;
   public readonly apiGateway: api.RestApi;
   public readonly apiGatewayCloudWatchRole: iam.Role;
@@ -116,7 +116,7 @@ export class CloudFrontToApiGatewayToLambda extends Construct {
     });
 
     this.cloudFrontWebDistribution = apiCloudfront.cloudFrontWebDistribution;
-    this.edgeLambdaFunctionVersion = apiCloudfront.edgeLambdaFunctionVersion;
+    this.cloudFrontFunction = apiCloudfront.cloudFrontFunction;
     this.cloudFrontLoggingBucket = apiCloudfront.cloudFrontLoggingBucket;
   }
 }

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap

@@ -80,11 +80,14 @@ Object {
           "DefaultCacheBehavior": Object {
             "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
             "Compress": true,
-            "LambdaFunctionAssociations": Array [
+            "FunctionAssociations": Array [
               Object {
-                "EventType": "origin-response",
-                "LambdaFunctionARN": Object {
-                  "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersVersion1946ABC2",
+                "EventType": "viewer-response",
+                "FunctionARN": Object {
+                  "Fn::GetAtt": Array [
+                    "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A",
+                    "FunctionARN",
+                  ],
                 },
               },
             ],
@@ -257,149 +260,16 @@ Object {
       "Type": "AWS::S3::BucketPolicy",
     },
     "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A": Object {
-      "DependsOn": Array [
-        "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy2016F196",
-        "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleCA39BFFF",
-      ],
-      "Metadata": Object {
-        "cfn_nag": Object {
-          "rules_to_suppress": Array [
-            Object {
-              "id": "W58",
-              "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.",
-            },
-            Object {
-              "id": "W89",
-              "reason": "This is not a rule for the general case, just for specific use cases/industries",
-            },
-            Object {
-              "id": "W92",
-              "reason": "Impossible for us to define the correct concurrency for clients",
-            },
-          ],
-        },
-      },
       "Properties": Object {
-        "Code": Object {
-          "ZipFile": "exports.handler = (event, context, callback) => {           const response = event.Records[0].cf.response;           const headers = response.headers;           headers['x-xss-protection'] = [             {               key: 'X-XSS-Protection',               value: '1; mode=block'             }           ];           headers['x-frame-options'] = [             {               key: 'X-Frame-Options',               value: 'DENY'             }           ];           headers['x-content-type-options'] = [             {               key: 'X-Content-Type-Options',               value: 'nosniff'             }           ];           headers['strict-transport-security'] = [             {               key: 'Strict-Transport-Security',               value: 'max-age=63072000; includeSubdomains; preload'             }           ];           headers['referrer-policy'] = [             {               key: 'Referrer-Policy',               value: 'same-origin'             }           ];           headers['content-security-policy'] = [             {               key: 'Content-Security-Policy',               value: \\"default-src 'none'; base-uri 'self'; img-src 'self'; script-src 'self'; style-src 'self' https:; object-src 'none'; frame-ancestors 'none'; font-src 'self' https:; form-action 'self'; manifest-src 'self'; connect-src 'self'\\"              }           ];           callback(null, response);         };",
-        },
-        "Handler": "index.handler",
-        "Role": Object {
-          "Fn::GetAtt": Array [
-            "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleCA39BFFF",
-            "Arn",
-          ],
-        },
-        "Runtime": "nodejs12.x",
-        "TracingConfig": Object {
-          "Mode": "Active",
-        },
-      },
-      "Type": "AWS::Lambda::Function",
-    },
-    "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleCA39BFFF": Object {
-      "Properties": Object {
-        "AssumeRolePolicyDocument": Object {
-          "Statement": Array [
-            Object {
-              "Action": "sts:AssumeRole",
-              "Effect": "Allow",
-              "Principal": Object {
-                "Service": "lambda.amazonaws.com",
-              },
-            },
-            Object {
-              "Action": "sts:AssumeRole",
-              "Effect": "Allow",
-              "Principal": Object {
-                "Service": "edgelambda.amazonaws.com",
-              },
-            },
-          ],
-          "Version": "2012-10-17",
-        },
-        "Policies": Array [
-          Object {
-            "PolicyDocument": Object {
-              "Statement": Array [
-                Object {
-                  "Action": Array [
-                    "logs:CreateLogGroup",
-                    "logs:CreateLogStream",
-                    "logs:PutLogEvents",
-                  ],
-                  "Effect": "Allow",
-                  "Resource": Object {
-                    "Fn::Join": Array [
-                      "",
-                      Array [
-                        "arn:",
-                        Object {
-                          "Ref": "AWS::Partition",
-                        },
-                        ":logs:",
-                        Object {
-                          "Ref": "AWS::Region",
-                        },
-                        ":",
-                        Object {
-                          "Ref": "AWS::AccountId",
-                        },
-                        ":log-group:/aws/lambda/*",
-                      ],
-                    ],
-                  },
-                },
-              ],
-              "Version": "2012-10-17",
-            },
-            "PolicyName": "LambdaFunctionServiceRolePolicy",
-          },
-        ],
-      },
-      "Type": "AWS::IAM::Role",
-    },
-    "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy2016F196": Object {
-      "Metadata": Object {
-        "cfn_nag": Object {
-          "rules_to_suppress": Array [
-            Object {
-              "id": "W12",
-              "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.",
-            },
-          ],
-        },
-      },
-      "Properties": Object {
-        "PolicyDocument": Object {
-          "Statement": Array [
-            Object {
-              "Action": Array [
-                "xray:PutTraceSegments",
-                "xray:PutTelemetryRecords",
-              ],
-              "Effect": "Allow",
-              "Resource": "*",
-            },
-          ],
-          "Version": "2012-10-17",
-        },
-        "PolicyName": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy2016F196",
-        "Roles": Array [
-          Object {
-            "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleCA39BFFF",
-          },
-        ],
-      },
-      "Type": "AWS::IAM::Policy",
-    },
-    "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersVersion1946ABC2": Object {
-      "Properties": Object {
-        "FunctionName": Object {
-          "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A",
+        "AutoPublish": true,
+        "FunctionCode": "function handler(event) { var response = event.response;       var headers = response.headers;       headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'};       headers['content-security-policy'] = { value: \\"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\\"};       headers['x-content-type-options'] = { value: 'nosniff'};       headers['x-frame-options'] = {value: 'DENY'};       headers['x-xss-protection'] = {value: '1; mode=block'};       return response;     }",
+        "FunctionConfig": Object {
+          "Comment": "SetHttpSecurityHeadersc8921a01111335c3cb09d76a1618677328b11c1cb8",
+          "Runtime": "cloudfront-js-1.0",
         },
+        "Name": "SetHttpSecurityHeadersc8921a01111335c3cb09d76a1618677328b11c1cb8",
       },
-      "Type": "AWS::Lambda::Version",
+      "Type": "AWS::CloudFront::Function",
     },
     "testcloudfrontapigatewaylambdaLambdaFunction17A55E65": Object {
       "DependsOn": Array [