Merge branch 'master' into nija-at/lambda-eventsourcemapping-docs

packages/@aws-cdk/aws-batch/README.md

@@ -242,10 +242,27 @@ new batch.JobDefinition(stack, 'batch-job-def-from-local', {
 
 ### Importing an existing Job Definition
 
-To import an existing batch job definition, call `JobDefinition.fromJobDefinitionArn()`.
+#### From ARN
+
+To import an existing batch job definition from its ARN, call `JobDefinition.fromJobDefinitionArn()`.
 
 Below is an example:
 
 ```ts
 const job = batch.JobDefinition.fromJobDefinitionArn(this, 'imported-job-definition', 'arn:aws:batch:us-east-1:555555555555:job-definition/my-job-definition');
 ```
+
+#### From Name
+
+To import an existing batch job definition from its name, call `JobDefinition.fromJobDefinitionName()`.
+If name is specified without a revision then the latest active revision is used.
+
+Below is an example:
+
+```ts
+// Without revision
+const job = batch.JobDefinition.fromJobDefinitionName(this, 'imported-job-definition', 'my-job-definition');
+
+// With revision
+const job = batch.JobDefinition.fromJobDefinitionName(this, 'imported-job-definition', 'my-job-definition:3');
+```

packages/@aws-cdk/aws-batch/lib/job-definition.ts

@@ -269,6 +269,31 @@ export class JobDefinition extends Resource implements IJobDefinition {
     return new Import(scope, id);
   }
 
+  /**
+   * Imports an existing batch job definition by its name.
+   * If name is specified without a revision then the latest active revision is used.
+   *
+   * @param scope
+   * @param id
+   * @param jobDefinitionName
+   */
+  public static fromJobDefinitionName(scope: Construct, id: string, jobDefinitionName: string): IJobDefinition {
+    const stack = Stack.of(scope);
+    const jobDefArn = stack.formatArn({
+      service: 'batch',
+      resource: 'job-definition',
+      sep: '/',
+      resourceName: jobDefinitionName,
+    });
+
+    class Import extends Resource implements IJobDefinition {
+      public readonly jobDefinitionArn = jobDefArn;
+      public readonly jobDefinitionName = jobDefinitionName;
+    }
+
+    return new Import(scope, id);
+  }
+
   public readonly jobDefinitionArn: string;
   public readonly jobDefinitionName: string;
   private readonly imageConfig: JobDefinitionImageConfig;

packages/@aws-cdk/aws-batch/test/job-definition.test.ts

@@ -200,4 +200,14 @@ describe('Batch Job Definition', () => {
     expect(importedJob.jobDefinitionName).toEqual('job-def-name:1');
     expect(importedJob.jobDefinitionArn).toEqual('arn:aws:batch:us-east-1:123456789012:job-definition/job-def-name:1');
   });
+
+  test('can be imported from a name', () => {
+    // WHEN
+    const importedJob = batch.JobDefinition.fromJobDefinitionName(stack, 'job-def-clone', 'job-def-name');
+
+    // THEN
+    expect(importedJob.jobDefinitionName).toEqual('job-def-name');
+    expect(importedJob.jobDefinitionArn)
+      .toEqual('arn:${Token[AWS.Partition.3]}:batch:${Token[AWS.Region.4]}:${Token[AWS.AccountId.0]}:job-definition/job-def-name');
+  });
 });

packages/@aws-cdk/aws-cognito/README.md

@@ -566,3 +566,10 @@ const signInUrl = domain.signInUrl(client, {
 })
 ```
 
+Exisiting domains can be imported into CDK apps using `UserPoolDomain.fromDomainName()` API
+
+```ts
+const stack = new Stack(app, 'my-stack');
+
+const myUserPoolDomain = UserPoolDomain.fromDomainName(stack, 'my-user-pool-domain', 'domain-name');
+```

packages/@aws-cdk/aws-cognito/lib/user-pool-client.ts

@@ -30,12 +30,6 @@ export interface AuthFlow {
    * @default false
    */
   readonly userSrp?: boolean;
-
-  /**
-   * Enable authflow to refresh tokens
-   * @default false
-   */
-  readonly refreshToken?: boolean;
 }
 
 /**
@@ -320,7 +314,7 @@ export class UserPoolClient extends Resource implements IUserPoolClient {
       explicitAuthFlows: this.configureAuthFlows(props),
       allowedOAuthFlows: props.disableOAuth ? undefined : this.configureOAuthFlows(),
       allowedOAuthScopes: props.disableOAuth ? undefined : this.configureOAuthScopes(props.oAuth),
-      callbackUrLs: callbackUrls && callbackUrls.length > 0 ? callbackUrls : undefined,
+      callbackUrLs: callbackUrls && callbackUrls.length > 0 && !props.disableOAuth ? callbackUrls : undefined,
       logoutUrLs: props.oAuth?.logoutUrls,
       allowedOAuthFlowsUserPoolClient: !props.disableOAuth,
       preventUserExistenceErrors: this.configurePreventUserExistenceErrors(props.preventUserExistenceErrors),
@@ -343,12 +337,18 @@ export class UserPoolClient extends Resource implements IUserPoolClient {
   }
 
   private configureAuthFlows(props: UserPoolClientProps): string[] | undefined {
+    if (!props.authFlows) return undefined;
+
     const authFlows: string[] = [];
-    if (props.authFlows?.userPassword) { authFlows.push('ALLOW_USER_PASSWORD_AUTH'); }
-    if (props.authFlows?.adminUserPassword) { authFlows.push('ALLOW_ADMIN_USER_PASSWORD_AUTH'); }
-    if (props.authFlows?.custom) { authFlows.push('ALLOW_CUSTOM_AUTH'); }
-    if (props.authFlows?.userSrp) { authFlows.push('ALLOW_USER_SRP_AUTH'); }
-    if (props.authFlows?.refreshToken) { authFlows.push('ALLOW_REFRESH_TOKEN_AUTH'); }
+    if (props.authFlows.userPassword) { authFlows.push('ALLOW_USER_PASSWORD_AUTH'); }
+    if (props.authFlows.adminUserPassword) { authFlows.push('ALLOW_ADMIN_USER_PASSWORD_AUTH'); }
+    if (props.authFlows.custom) { authFlows.push('ALLOW_CUSTOM_AUTH'); }
+    if (props.authFlows.userSrp) { authFlows.push('ALLOW_USER_SRP_AUTH'); }
+
+    // refreshToken should always be allowed if authFlows are present
+    if (authFlows.length > 0) {
+      authFlows.push('ALLOW_REFRESH_TOKEN_AUTH');
+    }
 
     if (authFlows.length === 0) {
       return undefined;

packages/@aws-cdk/aws-cognito/lib/user-pool-domain.ts

@@ -80,6 +80,17 @@ export interface UserPoolDomainProps extends UserPoolDomainOptions {
  * Define a user pool domain
  */
 export class UserPoolDomain extends Resource implements IUserPoolDomain {
+  /**
+   * Import a UserPoolDomain given its domain name
+   */
+  public static fromDomainName(scope: Construct, id: string, userPoolDomainName: string): IUserPoolDomain {
+    class Import extends Resource implements IUserPoolDomain {
+      public readonly domainName = userPoolDomainName;
+    }
+
+    return new Import(scope, id);
+  }
+
   public readonly domainName: string;
   private isCognitoDomain: boolean;
 

packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts

@@ -11,7 +11,6 @@ userpool.addClient('myuserpoolclient', {
   authFlows: {
     adminUserPassword: true,
     custom: true,
-    refreshToken: true,
     userPassword: true,
     userSrp: true,
   },

packages/@aws-cdk/aws-cognito/test/user-pool-client.test.ts

@@ -78,7 +78,6 @@ describe('User Pool Client', () => {
       authFlows: {
         adminUserPassword: true,
         custom: true,
-        refreshToken: true,
         userPassword: true,
         userSrp: true,
       },
@@ -95,6 +94,26 @@ describe('User Pool Client', () => {
     });
   });
 
+  test('ExplicitAuthFlows makes refreshToken true by default', () => {
+    // GIVEN
+    const stack = new Stack();
+    const pool = new UserPool(stack, 'Pool');
+
+    // WHEN
+    pool.addClient('Client', {
+      authFlows: {
+        userSrp: true,
+      },
+    });
+
+    expect(stack).toHaveResourceLike('AWS::Cognito::UserPoolClient', {
+      ExplicitAuthFlows: [
+        'ALLOW_USER_SRP_AUTH',
+        'ALLOW_REFRESH_TOKEN_AUTH',
+      ],
+    });
+  });
+
   test('AllowedOAuthFlows are correctly named', () => {
     // GIVEN
     const stack = new Stack();
@@ -175,6 +194,23 @@ describe('User Pool Client', () => {
     });
   });
 
+  test('callbackUrls are not rendered if OAuth is disabled ', () => {
+    // GIVEN
+    const stack = new Stack();
+    const pool = new UserPool(stack, 'Pool');
+
+    // WHEN
+    new UserPoolClient(stack, 'PoolClient', {
+      userPool: pool,
+      disableOAuth: true,
+    });
+
+    // THEN
+    expect(stack).toHaveResourceLike('AWS::Cognito::UserPoolClient', {
+      CallbackURLs: ABSENT,
+    });
+  });
+
   test('fails when callbackUrls is empty for codeGrant or implicitGrant', () => {
     const stack = new Stack();
     const pool = new UserPool(stack, 'Pool');

packages/@aws-cdk/aws-cognito/test/user-pool-domain.test.ts

@@ -152,6 +152,18 @@ describe('User Pool Client', () => {
     expect(cfDomainNameSecond).toEqual(cfDomainNameFirst);
   });
 
+  test('import', () => {
+    // GIVEN
+    const stack = new Stack();
+
+    // WHEN
+    const client = UserPoolDomain.fromDomainName(stack, 'Domain', 'domain-name-1');
+
+    // THEN
+    expect(client.domainName).toEqual('domain-name-1');
+    expect(stack).not.toHaveResource('AWS::Cognito::UserPoolDomain');
+  });
+
   describe('signInUrl', () => {
     test('returns the expected URL', () => {
       // GIVEN

packages/@aws-cdk/aws-ec2/README.md

@@ -281,8 +281,8 @@ const igwId = vpc.internetGatewayId;
 
 For a VPC with only `ISOLATED` subnets, this value will be undefined.
 
-This is only supported for VPC's created in the stack - currently you're
-unable to get the ID for imported VPC's. To do that you'd have to specifically
+This is only supported for VPCs created in the stack - currently you're
+unable to get the ID for imported VPCs. To do that you'd have to specifically
 look up the Internet Gateway by name, which would require knowing the name
 beforehand.
 
@@ -700,7 +700,7 @@ ec2.CloudFormationInit.fromElements(
 ### Bastion Hosts
 
 A bastion host functions as an instance used to access servers and resources in a VPC without open up the complete VPC on a network level.
-You can use bastion hosts using a standard SSH connection targetting port 22 on the host. As an alternative, you can connect the SSH connection
+You can use bastion hosts using a standard SSH connection targeting port 22 on the host. As an alternative, you can connect the SSH connection
 feature of AWS Systems Manager Session Manager, which does not need an opened security group. (https://aws.amazon.com/about-aws/whats-new/2019/07/session-manager-launches-tunneling-support-for-ssh-and-scp/)
 
 A default bastion host for use via SSM can be configured like:

packages/@aws-cdk/aws-ec2/lib/instance-types.ts

@@ -198,6 +198,28 @@ export enum InstanceClass {
    */
   C5N = 'c5n',
 
+  /**
+   * Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
+   */
+  COMPUTE6_GRAVITON2 = 'c6g',
+
+  /**
+   * Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
+   */
+  C6G = 'c6g',
+
+  /**
+   * Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
+   * and local NVME drive
+   */
+  COMPUTE6_GRAVITON2_NVME_DRIVE = 'c6gd',
+
+  /**
+   * Compute optimized instances for high performance computing, 6th generation with Graviton2 processors
+   * and local NVME drive
+   */
+  C6GD = 'c6gd',
+
   /**
    * Storage-optimized instances, 2nd generation
    */

packages/@aws-cdk/aws-ec2/test/instance.test.ts

@@ -19,12 +19,12 @@ nodeunitShim({
     new Instance(stack, 'Instance', {
       vpc,
       machineImage: new AmazonLinuxImage(),
-      instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.LARGE),
+      instanceType: InstanceType.of(InstanceClass.COMPUTE6_GRAVITON2, InstanceSize.LARGE),
     });
 
     // THEN
     cdkExpect(stack).to(haveResource('AWS::EC2::Instance', {
-      InstanceType: 't3.large',
+      InstanceType: 'c6g.large',
     }));
 
     test.done();

packages/@aws-cdk/aws-elasticloadbalancingv2-actions/test/integ.cognito.lit.ts

@@ -32,7 +32,6 @@ class CognitoStack extends Stack {
       generateSecret: true,
       authFlows: {
         userPassword: true,
-        refreshToken: true,
       },
       oAuth: {
         flows: {

packages/@aws-cdk/aws-lambda-event-sources/README.md

@@ -113,8 +113,12 @@ import * as sns from '@aws-cdk/aws-sns';
 import { SnsEventSource } from '@aws-cdk/aws-lambda-event-sources';
 
 const topic = new sns.Topic(...);
+const deadLetterQueue = new sqs.Queue(this, 'deadLetterQueue');
 
-lambda.addEventSource(new SnsEventSource(topic));
+lambda.addEventSource(new SnsEventSource(topic, {
+  filterPolicy: { ... },
+  deadLetterQueue: deadLetterQueue
+}));
 ```
 
 When a user calls the SNS Publish API on a topic that your Lambda function is

packages/@aws-cdk/aws-lambda-event-sources/lib/sns.ts

@@ -2,14 +2,23 @@ import * as lambda from '@aws-cdk/aws-lambda';
 import * as sns from '@aws-cdk/aws-sns';
 import * as subs from '@aws-cdk/aws-sns-subscriptions';
 
+/**
+ * Properties forwarded to the Lambda Subscription.
+ */
+export interface SnsEventSourceProps extends subs.LambdaSubscriptionProps {
+}
+
 /**
  * Use an Amazon SNS topic as an event source for AWS Lambda.
  */
 export class SnsEventSource implements lambda.IEventSource {
-  constructor(readonly topic: sns.ITopic) {
+  private readonly props?: SnsEventSourceProps;
+
+  constructor(readonly topic: sns.ITopic, props?: SnsEventSourceProps) {
+    this.props = props;
   }
 
   public bind(target: lambda.IFunction) {
-    this.topic.addSubscription(new subs.LambdaSubscription(target));
+    this.topic.addSubscription(new subs.LambdaSubscription(target, this.props));
   }
 }