diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/manifest.json b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/manifest.json index ccaa85a3ed081..769e8e43f6a09 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/manifest.json @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/cf636658ec15133bceba498f25c92e3b2a42f090f11883a69d8fd68b873600a1.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f75ab8f9b4f9b4569a43902e069684cc217226d66b42e025930c87f6f6dd1cb4.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -57,12 +57,6 @@ "data": "MyBucketF68F3FF0" } ], - "/test-stack/MyStream/Service Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyStreamServiceRole8C50608A" - } - ], "/test-stack/MyStream/S3 Destination Role/Resource": [ { "type": "aws:cdk:logicalId", @@ -110,6 +104,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "MyStreamServiceRole8C50608A": [ + { + "type": "aws:cdk:logicalId", + "data": "MyStreamServiceRole8C50608A", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "test-stack" diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.assets.json b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.assets.json index 87af5de455d97..889e2678b517e 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.assets.json +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.assets.json @@ -1,7 +1,7 @@ { "version": "34.0.0", "files": { - "cf636658ec15133bceba498f25c92e3b2a42f090f11883a69d8fd68b873600a1": { + "f75ab8f9b4f9b4569a43902e069684cc217226d66b42e025930c87f6f6dd1cb4": { "source": { "path": "test-stack.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "cf636658ec15133bceba498f25c92e3b2a42f090f11883a69d8fd68b873600a1.json", + "objectKey": "f75ab8f9b4f9b4569a43902e069684cc217226d66b42e025930c87f6f6dd1cb4.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json index 1aeb03a2cc954..e131d7e92c610 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json @@ -77,23 +77,6 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "MyStreamServiceRole8C50608A": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "firehose.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, "MyStreamS3DestinationRole5E0BA960": { "Type": "AWS::IAM::Role", "Properties": { diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/tree.json b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/tree.json index e644b6f7f8e74..5ad56f532fb0c 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/tree.json @@ -42,8 +42,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iot.CfnTopicRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "TopicRuleActionRole": { @@ -54,8 +54,8 @@ "id": "ImportTopicRuleActionRole", "path": "test-stack/TopicRule/TopicRuleActionRole/ImportTopicRuleActionRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -79,8 +79,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultPolicy": { @@ -120,20 +120,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, @@ -154,63 +154,20 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "MyStream": { "id": "MyStream", "path": "test-stack/MyStream", "children": { - "Service Role": { - "id": "Service Role", - "path": "test-stack/MyStream/Service Role", - "children": { - "ImportService Role": { - "id": "ImportService Role", - "path": "test-stack/MyStream/Service Role/ImportService Role", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "test-stack/MyStream/Service Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "firehose.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, "S3 Destination Role": { "id": "S3 Destination Role", "path": "test-stack/MyStream/S3 Destination Role", @@ -219,8 +176,8 @@ "id": "ImportS3 Destination Role", "path": "test-stack/MyStream/S3 Destination Role/ImportS3 Destination Role", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -244,8 +201,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultPolicy": { @@ -322,20 +279,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "LogGroup": { @@ -352,8 +309,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "S3Destination": { @@ -372,20 +329,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.CfnLogStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.LogStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.LogGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -421,44 +378,44 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-kinesisfirehose-alpha.DeliveryStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "@aws-cdk--aws-kinesisfirehose.CidrBlocks": { "id": "@aws-cdk--aws-kinesisfirehose.CidrBlocks", "path": "test-stack/@aws-cdk--aws-kinesisfirehose.CidrBlocks", "constructInfo": { - "fqn": "aws-cdk-lib.CfnMapping", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "test-stack/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "test-stack/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Tree": { @@ -466,13 +423,13 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.69" + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md index 8f13c4dd240d3..04e87b0365571 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md @@ -430,13 +430,15 @@ The DeliveryStream class automatically creates IAM service roles with all the mi necessary permissions for Kinesis Data Firehose to access the resources referenced by your delivery stream. One service role is created for the delivery stream that allows Kinesis Data Firehose to read from a Kinesis data stream (if one is configured as the delivery -stream source) and for server-side encryption. Another service role is created for each -destination, which gives Kinesis Data Firehose write access to the destination resource, -as well as the ability to invoke data transformers and read schemas for record format -conversion. If you wish, you may specify your own IAM role for either the delivery stream -or the destination service role, or both. It must have the correct trust policy (it must -allow Kinesis Data Firehose to assume it) or delivery stream creation or data delivery -will fail. Other required permissions to destination resources, encryption keys, etc., +stream source) and for server-side encryption. Note that if the DeliveryStream is created +without specifying `sourceStream` or `encryptionKey`, this role is not created as it is not needed. + +Another service role is created for each destination, which gives Kinesis Data Firehose write +access to the destination resource, as well as the ability to invoke data transformers and +read schemas for record format conversion. If you wish, you may specify your own IAM role for +either the delivery stream or the destination service role, or both. It must have the correct +trust policy (it must allow Kinesis Data Firehose to assume it) or delivery stream creation or +data delivery will fail. Other required permissions to destination resources, encryption keys, etc., will be provided automatically. ```ts diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts index 7704c9f594199..f3b5e76e18570 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts @@ -311,21 +311,34 @@ export class DeliveryStream extends DeliveryStreamBase { readonly deliveryStreamArn: string; - readonly grantPrincipal: iam.IPrincipal; + private _role?: iam.IRole; + + public get grantPrincipal(): iam.IPrincipal { + if (this._role) { + return this._role; + } + // backwards compatibility + return new iam.Role(this, 'Service Role', { + assumedBy: new iam.ServicePrincipal('firehose.amazonaws.com'), + }); + } constructor(scope: Construct, id: string, props: DeliveryStreamProps) { super(scope, id, { physicalName: props.deliveryStreamName, }); + this._role = props.role; + if (props.destinations.length !== 1) { throw new Error(`Only one destination is allowed per delivery stream, given ${props.destinations.length}`); } - const role = props.role ?? new iam.Role(this, 'Service Role', { - assumedBy: new iam.ServicePrincipal('firehose.amazonaws.com'), - }); - this.grantPrincipal = role; + if (props.encryptionKey || props.sourceStream) { + this._role = this._role ?? new iam.Role(this, 'Service Role', { + assumedBy: new iam.ServicePrincipal('firehose.amazonaws.com'), + }); + } if ( props.sourceStream && @@ -351,13 +364,19 @@ export class DeliveryStream extends DeliveryStreamBase { * period where data will be buffered and retried if access is denied to the encryption key. For that reason, it is * acceptable to omit the dependency for now. See: https://github.com/aws/aws-cdk/issues/15790 */ - encryptionKey?.grantEncryptDecrypt(role); + if (this._role && encryptionKey) { + encryptionKey?.grantEncryptDecrypt(this._role); + } - const sourceStreamConfig = props.sourceStream ? { - kinesisStreamArn: props.sourceStream.streamArn, - roleArn: role.roleArn, - } : undefined; - const readStreamGrant = props.sourceStream?.grantRead(role); + let sourceStreamConfig = undefined; + let readStreamGrant = undefined; + if (this._role && props.sourceStream) { + sourceStreamConfig = { + kinesisStreamArn: props.sourceStream.streamArn, + roleArn: this._role.roleArn, + }; + readStreamGrant = props.sourceStream.grantRead(this._role); + } const destinationConfig = props.destinations[0].bind(this, {}); diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts index 730d0864798ac..95c46d6acf649 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts @@ -71,7 +71,7 @@ describe('delivery stream', () => { expect(deliveryStream.grantPrincipal).toBe(role); }); - test('not providing role creates one', () => { + test('not providing sourceStream or encryptionKey creates only one role (used for S3 destination)', () => { new firehose.DeliveryStream(stack, 'Delivery Stream', { destinations: [mockS3Destination], }); @@ -87,6 +87,54 @@ describe('delivery stream', () => { ], }, }); + + Template.fromStack(stack).resourceCountIs('AWS::IAM::Role', 1); + }); + + test('not providing role but specifying sourceStream creates two roles', () => { + const sourceStream = new kinesis.Stream(stack, 'Source Stream'); + + new firehose.DeliveryStream(stack, 'Delivery Stream', { + destinations: [mockS3Destination], + sourceStream: sourceStream, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [ + Match.objectLike({ + Principal: { + Service: 'firehose.amazonaws.com', + }, + }), + ], + }, + }); + + Template.fromStack(stack).resourceCountIs('AWS::IAM::Role', 2); + }); + + test('not providing role but specifying encryptionKey creates two roles', () => { + const key = new kms.Key(stack, 'Key'); + + new firehose.DeliveryStream(stack, 'Delivery Stream', { + destinations: [mockS3Destination], + encryptionKey: key, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [ + Match.objectLike({ + Principal: { + Service: 'firehose.amazonaws.com', + }, + }), + ], + }, + }); + + Template.fromStack(stack).resourceCountIs('AWS::IAM::Role', 2); }); test('providing source stream creates configuration and grants permission', () => { @@ -339,6 +387,13 @@ describe('delivery stream', () => { })).toThrowError(/Only one destination is allowed per delivery stream/); }); + test('creating new stream should return IAM role when calling getter for grantPrincipal (backwards compatibility)', () => { + const deliveryStream = new firehose.DeliveryStream(stack, 'Delivery Stream', { + destinations: [mockS3Destination], + }); + expect(deliveryStream.grantPrincipal).toBeInstanceOf(iam.Role); + }); + describe('metric methods provide a Metric with configured and attached properties', () => { let deliveryStream: firehose.DeliveryStream; diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json index 106cd93b4da13..bc3086aee09a9 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json @@ -1,7 +1,7 @@ { "version": "34.0.0", "files": { - "640b28d2373feb2deadbb687c33440f275591afdfb429e490f7bae063b146cc5": { + "f08cb1eab080f1654e59530816541dc69a75d3a1248eac16524a832b8a62a463": { "source": { "path": "aws-cdk-firehose-delivery-stream.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "640b28d2373feb2deadbb687c33440f275591afdfb429e490f7bae063b146cc5.json", + "objectKey": "f08cb1eab080f1654e59530816541dc69a75d3a1248eac16524a832b8a62a463.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json index 5b37e723ccdf8..32d90ce852d89 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json @@ -189,6 +189,29 @@ "DependsOn": [ "RoleDefaultPolicy5FFB7DAB" ] + }, + "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82": { + "Type": "AWS::KinesisFirehose::DeliveryStream", + "Properties": { + "DeliveryStreamType": "DirectPut", + "ExtendedS3DestinationConfiguration": { + "BucketARN": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "RoleARN": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + }, + "DependsOn": [ + "RoleDefaultPolicy5FFB7DAB" + ] } }, "Mappings": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json index 5c6ee86cd16ad..87f0eb72a23d2 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/640b28d2373feb2deadbb687c33440f275591afdfb429e490f7bae063b146cc5.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f08cb1eab080f1654e59530816541dc69a75d3a1248eac16524a832b8a62a463.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -81,6 +81,12 @@ "data": "awscdkawskinesisfirehoseCidrBlocks" } ], + "/aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82" + } + ], "/aws-cdk-firehose-delivery-stream/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -92,6 +98,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "DeliveryStreamNoSourceorEncryptionKey49457027": [ + { + "type": "aws:cdk:logicalId", + "data": "DeliveryStreamNoSourceorEncryptionKey49457027", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "aws-cdk-firehose-delivery-stream" diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/tree.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/tree.json index eeab73e8aacad..5343e9edb5617 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/tree.json @@ -20,14 +20,14 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Role": { @@ -38,8 +38,8 @@ "id": "ImportRole", "path": "aws-cdk-firehose-delivery-stream/Role/ImportRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -63,8 +63,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultPolicy": { @@ -128,20 +128,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Key": { @@ -185,14 +185,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Delivery Stream": { @@ -207,8 +207,8 @@ "id": "ImportService Role", "path": "aws-cdk-firehose-delivery-stream/Delivery Stream/Service Role/ImportService Role", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -232,8 +232,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultPolicy": { @@ -275,20 +275,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -324,44 +324,82 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-kinesisfirehose-alpha.DeliveryStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "@aws-cdk--aws-kinesisfirehose.CidrBlocks": { "id": "@aws-cdk--aws-kinesisfirehose.CidrBlocks", "path": "aws-cdk-firehose-delivery-stream/@aws-cdk--aws-kinesisfirehose.CidrBlocks", "constructInfo": { - "fqn": "aws-cdk-lib.CfnMapping", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Delivery Stream No Source Or Encryption Key": { + "id": "Delivery Stream No Source Or Encryption Key", + "path": "aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisFirehose::DeliveryStream", + "aws:cdk:cloudformation:props": { + "deliveryStreamType": "DirectPut", + "extendedS3DestinationConfiguration": { + "bucketArn": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-firehose-delivery-stream/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-cdk-firehose-delivery-stream/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Tree": { @@ -369,13 +407,13 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.69" + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json index 0978a157ea39d..d539b8c1f38c4 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json @@ -1,7 +1,7 @@ { "version": "34.0.0", "files": { - "fabdaa202a85f04a6691c0ef240a5c50b959db08f877fe728c420ad4e86f6c3d": { + "64eae3903c3ecdce5113c92844e63dfd0056464ecf7d1351e86180364d20c1c0": { "source": { "path": "aws-cdk-firehose-delivery-stream-source-stream.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "fabdaa202a85f04a6691c0ef240a5c50b959db08f877fe728c420ad4e86f6c3d.json", + "objectKey": "64eae3903c3ecdce5113c92844e63dfd0056464ecf7d1351e86180364d20c1c0.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json index 88b0f1cefe44e..68977b6dcbc15 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json @@ -183,6 +183,29 @@ "DeliveryStreamServiceRoleDefaultPolicyB87D9ACF", "RoleDefaultPolicy5FFB7DAB" ] + }, + "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82": { + "Type": "AWS::KinesisFirehose::DeliveryStream", + "Properties": { + "DeliveryStreamType": "DirectPut", + "ExtendedS3DestinationConfiguration": { + "BucketARN": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "RoleARN": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + }, + "DependsOn": [ + "RoleDefaultPolicy5FFB7DAB" + ] } }, "Conditions": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json index 68fb1f87c01ca..0a7108ae6b432 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/fabdaa202a85f04a6691c0ef240a5c50b959db08f877fe728c420ad4e86f6c3d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64eae3903c3ecdce5113c92844e63dfd0056464ecf7d1351e86180364d20c1c0.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -87,6 +87,12 @@ "data": "awscdkawskinesisfirehoseCidrBlocks" } ], + "/aws-cdk-firehose-delivery-stream-source-stream/Delivery Stream No Source Or Encryption Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82" + } + ], "/aws-cdk-firehose-delivery-stream-source-stream/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -98,6 +104,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "DeliveryStreamNoSourceorEncryptionKey49457027": [ + { + "type": "aws:cdk:logicalId", + "data": "DeliveryStreamNoSourceorEncryptionKey49457027", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "aws-cdk-firehose-delivery-stream-source-stream" diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/tree.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/tree.json index 2661f5a95d84a..f097397ad370a 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/tree.json @@ -20,14 +20,14 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Role": { @@ -38,8 +38,8 @@ "id": "ImportRole", "path": "aws-cdk-firehose-delivery-stream-source-stream/Role/ImportRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -63,8 +63,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultPolicy": { @@ -128,20 +128,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Source Stream": { @@ -171,22 +171,22 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kinesis.CfnStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kinesis.Stream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": { "id": "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", "path": "aws-cdk-firehose-delivery-stream-source-stream/AwsCdkKinesisEncryptedStreamsUnsupportedRegions", "constructInfo": { - "fqn": "aws-cdk-lib.CfnCondition", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Delivery Stream": { @@ -201,8 +201,8 @@ "id": "ImportService Role", "path": "aws-cdk-firehose-delivery-stream-source-stream/Delivery Stream/Service Role/ImportService Role", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -226,8 +226,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultPolicy": { @@ -273,20 +273,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -327,44 +327,82 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-kinesisfirehose-alpha.DeliveryStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "@aws-cdk--aws-kinesisfirehose.CidrBlocks": { "id": "@aws-cdk--aws-kinesisfirehose.CidrBlocks", "path": "aws-cdk-firehose-delivery-stream-source-stream/@aws-cdk--aws-kinesisfirehose.CidrBlocks", "constructInfo": { - "fqn": "aws-cdk-lib.CfnMapping", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Delivery Stream No Source Or Encryption Key": { + "id": "Delivery Stream No Source Or Encryption Key", + "path": "aws-cdk-firehose-delivery-stream-source-stream/Delivery Stream No Source Or Encryption Key", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream-source-stream/Delivery Stream No Source Or Encryption Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisFirehose::DeliveryStream", + "aws:cdk:cloudformation:props": { + "deliveryStreamType": "DirectPut", + "extendedS3DestinationConfiguration": { + "bucketArn": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-firehose-delivery-stream-source-stream/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-cdk-firehose-delivery-stream-source-stream/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Tree": { @@ -372,13 +410,13 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.69" + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts index 98e10e1a1fe6b..a9455bedabf6e 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts @@ -38,4 +38,8 @@ new firehose.DeliveryStream(stack, 'Delivery Stream', { sourceStream, }); +new firehose.DeliveryStream(stack, 'Delivery Stream No Source Or Encryption Key', { + destinations: [mockS3Destination], +}); + app.synth(); diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.ts index 06d1c62c62165..3ceea04b3bcad 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.ts @@ -40,4 +40,8 @@ new firehose.DeliveryStream(stack, 'Delivery Stream', { encryptionKey: key, }); +new firehose.DeliveryStream(stack, 'Delivery Stream No Source Or Encryption Key', { + destinations: [mockS3Destination], +}); + app.synth(); diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.assets.json index 9d16e71c2475d..74d86931f9827 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.assets.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.assets.json @@ -27,7 +27,7 @@ } } }, - "9ac5268230e454afd58b6cf9612aa29b3d11789a5e7ef26a9825818b68b7db5e": { + "a3433596c2722440b4d61d5e77abdba8e304a02adbe509054bceb064468a85d2": { "source": { "path": "aws-cdk-firehose-delivery-stream-s3-all-properties.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "9ac5268230e454afd58b6cf9612aa29b3d11789a5e7ef26a9825818b68b7db5e.json", + "objectKey": "a3433596c2722440b4d61d5e77abdba8e304a02adbe509054bceb064468a85d2.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json index 242dfc806a218..23eb3f098454b 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json @@ -371,23 +371,6 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "DeliveryStreamServiceRole964EEBCC": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "firehose.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, "DeliveryStreamS3DestinationRole500FC089": { "Type": "AWS::IAM::Role", "Properties": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/manifest.json index 1b72143f72bb4..a0c5c6aa746d1 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/manifest.json @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9ac5268230e454afd58b6cf9612aa29b3d11789a5e7ef26a9825818b68b7db5e.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a3433596c2722440b4d61d5e77abdba8e304a02adbe509054bceb064468a85d2.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -117,12 +117,6 @@ "data": "BackupKey60B97760" } ], - "/aws-cdk-firehose-delivery-stream-s3-all-properties/Delivery Stream/Service Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "DeliveryStreamServiceRole964EEBCC" - } - ], "/aws-cdk-firehose-delivery-stream-s3-all-properties/Delivery Stream/S3 Destination Role/Resource": [ { "type": "aws:cdk:logicalId", @@ -170,6 +164,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "DeliveryStreamServiceRole964EEBCC": [ + { + "type": "aws:cdk:logicalId", + "data": "DeliveryStreamServiceRole964EEBCC", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "aws-cdk-firehose-delivery-stream-s3-all-properties" diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/tree.json b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/tree.json index 2f1a08ade2161..724036a2c2c53 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/tree.json @@ -27,8 +27,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Policy": { @@ -90,14 +90,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AutoDeleteObjectsCustomResource": { @@ -108,20 +108,20 @@ "id": "Default", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/Bucket/AutoDeleteObjectsCustomResource/Default", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Custom::S3AutoDeleteObjectsCustomResourceProvider": { @@ -132,30 +132,30 @@ "id": "Staging", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Role": { "id": "Role", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Handler": { "id": "Handler", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProvider", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BackupBucket": { @@ -177,8 +177,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Policy": { @@ -240,14 +240,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AutoDeleteObjectsCustomResource": { @@ -258,20 +258,20 @@ "id": "Default", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/BackupBucket/AutoDeleteObjectsCustomResource/Default", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "LogGroup": { @@ -288,8 +288,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "S3Destination": { @@ -308,20 +308,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.CfnLogStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.LogStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.LogGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DataProcessorFunction": { @@ -336,8 +336,8 @@ "id": "ImportServiceRole", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/DataProcessorFunction/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -375,14 +375,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Code": { @@ -393,22 +393,22 @@ "id": "Stage", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/DataProcessorFunction/Code/Stage", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AssetBucket": { "id": "AssetBucket", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/DataProcessorFunction/Code/AssetBucket", "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -440,14 +440,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda_nodejs.NodejsFunction", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Key": { @@ -491,14 +491,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BackupKey": { @@ -542,63 +542,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Delivery Stream": { "id": "Delivery Stream", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/Delivery Stream", "children": { - "Service Role": { - "id": "Service Role", - "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/Delivery Stream/Service Role", - "children": { - "ImportService Role": { - "id": "ImportService Role", - "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/Delivery Stream/Service Role/ImportService Role", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/Delivery Stream/Service Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "firehose.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, "S3 Destination Role": { "id": "S3 Destination Role", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/Delivery Stream/S3 Destination Role", @@ -607,8 +564,8 @@ "id": "ImportS3 Destination Role", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/Delivery Stream/S3 Destination Role/ImportS3 Destination Role", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -632,8 +589,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultPolicy": { @@ -787,20 +744,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "LogGroup": { @@ -817,8 +774,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "S3Backup": { @@ -837,20 +794,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.CfnLogStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.LogStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_logs.LogGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -984,44 +941,44 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-kinesisfirehose-alpha.DeliveryStream", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "@aws-cdk--aws-kinesisfirehose.CidrBlocks": { "id": "@aws-cdk--aws-kinesisfirehose.CidrBlocks", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/@aws-cdk--aws-kinesisfirehose.CidrBlocks", "constructInfo": { - "fqn": "aws-cdk-lib.CfnMapping", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-cdk-firehose-delivery-stream-s3-all-properties/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Tree": { @@ -1029,13 +986,13 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.69" + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } } \ No newline at end of file