Merge branch 'master' into DaWyz/event-bus-grant-putevents

.gitallowed

@@ -22,3 +22,4 @@ account: '772975370895'
 account: '856666278305'
 account: '840364872350'
 account: '422531588944'
+account: '924023996002'

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/appmesh.ts

@@ -165,6 +165,7 @@ export class AppMeshExtension extends ServiceExtension {
 
         'me-south-1': this.accountIdForRegion('me-south-1'),
         'ap-east-1': this.accountIdForRegion('ap-east-1'),
+        'af-south-1': this.accountIdForRegion('af-south-1'),
       },
     });
 

packages/@aws-cdk-containers/ecs-service-extensions/test/integ.all-service-addons.expected.json

@@ -3354,6 +3354,9 @@
       },
       "ap-east-1": {
         "ecrRepo": "856666278305"
+      },
+      "af-south-1": {
+        "ecrRepo": "924023996002"
       }
     },
     "greetingenvoyimageaccountmapping": {
@@ -3413,6 +3416,9 @@
       },
       "ap-east-1": {
         "ecrRepo": "856666278305"
+      },
+      "af-south-1": {
+        "ecrRepo": "924023996002"
       }
     },
     "greeterenvoyimageaccountmapping": {
@@ -3472,6 +3478,9 @@
       },
       "ap-east-1": {
         "ecrRepo": "856666278305"
+      },
+      "af-south-1": {
+        "ecrRepo": "924023996002"
       }
     }
   },

packages/@aws-cdk-containers/ecs-service-extensions/test/integ.multiple-environments.expected.json

@@ -2173,6 +2173,9 @@
       },
       "ap-east-1": {
         "ecrRepo": "856666278305"
+      },
+      "af-south-1": {
+        "ecrRepo": "924023996002"
       }
     },
     "namedevelopmentenvoyimageaccountmapping": {
@@ -2232,6 +2235,9 @@
       },
       "ap-east-1": {
         "ecrRepo": "856666278305"
+      },
+      "af-south-1": {
+        "ecrRepo": "924023996002"
       }
     }
   }

packages/@aws-cdk/aws-cloudfront/lib/cache-policy.ts

@@ -231,6 +231,9 @@ export class CacheHeaderBehavior {
     if (headers.length === 0) {
       throw new Error('At least one header to allow must be provided');
     }
+    if (headers.length > 10) {
+      throw new Error(`Maximum allowed headers in Cache Policy is 10; got ${headers.length}.`);
+    }
     return new CacheHeaderBehavior('whitelist', headers);
   }
 

packages/@aws-cdk/aws-cloudfront/test/cache-policy.test.ts

@@ -96,6 +96,17 @@ describe('CachePolicy', () => {
     expect(() => new CachePolicy(stack, 'CachePolicy6', { cachePolicyName: 'My_Policy' })).not.toThrow();
   });
 
+  test('throws if more than 10 CacheHeaderBehavior headers are being passed', () => {
+    const errorMessage = /Maximum allowed headers in Cache Policy is 10; got (.*?)/;
+    expect(() => new CachePolicy(stack, 'CachePolicy1', {
+      headerBehavior: CacheHeaderBehavior.allowList('Lorem', 'ipsum', 'dolor', 'sit', 'amet', 'consectetur', 'adipiscing', 'elit', 'sed', 'do', 'eiusmod'),
+    })).toThrow(errorMessage);
+
+    expect(() => new CachePolicy(stack, 'CachePolicy2', {
+      headerBehavior: CacheHeaderBehavior.allowList('Lorem', 'ipsum', 'dolor', 'sit', 'amet', 'consectetur', 'adipiscing', 'elit', 'sed', 'do'),
+    })).not.toThrow();
+  });
+
   test('does not throw if cachePolicyName is a token', () => {
     expect(() => new CachePolicy(stack, 'CachePolicy', {
       cachePolicyName: Aws.STACK_NAME,

packages/@aws-cdk/aws-codebuild/README.md

@@ -617,3 +617,31 @@ if (project.enableBatchBuilds()) {
   console.log('Batch builds were enabled');
 }
 ```
+
+## Timeouts
+
+There are two types of timeouts that can be set when creating your Project.
+The `timeout` property can be used to set an upper limit on how long your Project is able to run without being marked as completed.
+The default is 60 minutes.
+An example of overriding the default follows.
+
+```ts
+import * as codebuild from '@aws-cdk/aws-codebuild';
+
+new codebuild.Project(stack, 'MyProject', {
+  timeout: Duration.minutes(90)
+});
+```
+
+The `queuedTimeout` property can be used to set an upper limit on how your Project remains queued to run.
+There is no default value for this property.
+As an example, to allow your Project to queue for up to thirty (30) minutes before the build fails,
+use the following code.
+
+```ts
+import * as codebuild from '@aws-cdk/aws-codebuild';
+
+new codebuild.Project(stack, 'MyProject', {
+  queuedTimeout: Duration.minutes(30)
+});
+```

packages/@aws-cdk/aws-codebuild/lib/project.ts

@@ -575,6 +575,15 @@ export interface CommonProjectProps {
    * @default - no log configuration is set
    */
   readonly logging?: LoggingOptions;
+
+  /**
+   * The number of minutes after which AWS CodeBuild stops the build if it's
+   * still in queue. For valid values, see the timeoutInMinutes field in the AWS
+   * CodeBuild User Guide.
+   *
+   * @default - no queue timeout is set
+   */
+  readonly queuedTimeout?: Duration
 }
 
 export interface ProjectProps extends CommonProjectProps {
@@ -869,6 +878,7 @@ export class Project extends ProjectBase {
       cache: cache._toCloudFormation(),
       name: this.physicalName,
       timeoutInMinutes: props.timeout && props.timeout.toMinutes(),
+      queuedTimeoutInMinutes: props.queuedTimeout && props.queuedTimeout.toMinutes(),
       secondarySources: Lazy.any({ produce: () => this.renderSecondarySources() }),
       secondarySourceVersions: Lazy.any({ produce: () => this.renderSecondarySourceVersions() }),
       secondaryArtifacts: Lazy.any({ produce: () => this.renderSecondaryArtifacts() }),

packages/@aws-cdk/aws-codebuild/test/test.project.ts

@@ -960,4 +960,47 @@ export = {
       test.done();
     },
   },
+
+  'Timeouts': {
+    'can add queued timeout'(test: Test) {
+      // GIVEN
+      const stack = new cdk.Stack();
+
+      // WHEN
+      new codebuild.Project(stack, 'Project', {
+        source: codebuild.Source.s3({
+          bucket: new s3.Bucket(stack, 'Bucket'),
+          path: 'path',
+        }),
+        queuedTimeout: cdk.Duration.minutes(30),
+      });
+
+      // THEN
+      expect(stack).to(haveResourceLike('AWS::CodeBuild::Project', {
+        QueuedTimeoutInMinutes: 30,
+      }));
+
+      test.done();
+    },
+    'can override build timeout'(test: Test) {
+      // GIVEN
+      const stack = new cdk.Stack();
+
+      // WHEN
+      new codebuild.Project(stack, 'Project', {
+        source: codebuild.Source.s3({
+          bucket: new s3.Bucket(stack, 'Bucket'),
+          path: 'path',
+        }),
+        timeout: cdk.Duration.minutes(30),
+      });
+
+      // THEN
+      expect(stack).to(haveResourceLike('AWS::CodeBuild::Project', {
+        TimeoutInMinutes: 30,
+      }));
+
+      test.done();
+    },
+  },
 };

packages/@aws-cdk/aws-docdb/lib/cluster.ts

@@ -238,7 +238,7 @@ export class DatabaseCluster extends DatabaseClusterBase {
   public readonly clusterResourceIdentifier: string;
 
   /**
-   * The connections object to implement IConectable
+   * The connections object to implement IConnectable
    */
   public readonly connections: ec2.Connections;
 

packages/@aws-cdk/aws-dynamodb-global/lib/global-table-coordinator.ts

@@ -19,7 +19,7 @@ export class GlobalTableCoordinator extends cdk.Stack {
       code: lambda.Code.fromAsset(path.resolve(__dirname, '../', 'lambda-packages', 'aws-global-table-coordinator', 'lib')),
       description: 'Lambda to make DynamoDB a global table',
       handler: 'index.handler',
-      runtime: lambda.Runtime.NODEJS_10_X,
+      runtime: lambda.Runtime.NODEJS_14_X,
       timeout: cdk.Duration.minutes(5),
       uuid: 'D38B65A6-6B54-4FB6-9BAD-9CD40A6DAC12',
     });

packages/@aws-cdk/aws-dynamodb-global/test/integ.dynamodb.global.expected.json

@@ -203,7 +203,7 @@
               "Arn"
             ]
           },
-          "Runtime": "nodejs10.x",
+          "Runtime": "nodejs14.x",
           "Description": "Lambda to make DynamoDB a global table",
           "Timeout": 300
         },

packages/@aws-cdk/aws-dynamodb/README.md

@@ -109,6 +109,17 @@ globalTable.autoScaleWriteCapacity({
 }).scaleOnUtilization({ targetUtilizationPercent: 75 });
 ```
 
+When adding a replica region for a large table, you might want to increase the
+timeout for the replication operation:
+
+```ts
+const globalTable = new dynamodb.Table(this, 'Table', {
+  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
+  replicationRegions: ['us-east-1', 'us-east-2', 'us-west-2'],
+  replicationTimeout: Duration.hours(2), // defaults to Duration.minutes(30)
+});
+```
+
 ## Encryption
 
 All user data stored in Amazon DynamoDB is fully encrypted at rest. When creating a new table, you can choose to encrypt using the following customer master keys (CMK) to encrypt your table:

packages/@aws-cdk/aws-dynamodb/lib/replica-provider.ts

@@ -9,14 +9,26 @@ import { Construct } from 'constructs';
 // eslint-disable-next-line no-duplicate-imports, import/order
 import { Construct as CoreConstruct } from '@aws-cdk/core';
 
+/**
+ * Properties for a ReplicaProvider
+ */
+export interface ReplicaProviderProps {
+  /**
+   * The timeout for the replication operation.
+   *
+   * @default Duration.minutes(30)
+   */
+  readonly timeout?: Duration;
+}
+
 export class ReplicaProvider extends NestedStack {
   /**
    * Creates a stack-singleton resource provider nested stack.
    */
-  public static getOrCreate(scope: Construct) {
+  public static getOrCreate(scope: Construct, props: ReplicaProviderProps = {}) {
     const stack = Stack.of(scope);
     const uid = '@aws-cdk/aws-dynamodb.ReplicaProvider';
-    return stack.node.tryFindChild(uid) as ReplicaProvider || new ReplicaProvider(stack, uid);
+    return stack.node.tryFindChild(uid) as ReplicaProvider ?? new ReplicaProvider(stack, uid, props);
   }
 
   /**
@@ -34,7 +46,7 @@ export class ReplicaProvider extends NestedStack {
    */
   public readonly isCompleteHandler: lambda.Function;
 
-  private constructor(scope: Construct, id: string) {
+  private constructor(scope: Construct, id: string, props: ReplicaProviderProps = {}) {
     super(scope as CoreConstruct, id);
 
     const code = lambda.Code.fromAsset(path.join(__dirname, 'replica-handler'));
@@ -80,6 +92,7 @@ export class ReplicaProvider extends NestedStack {
       onEventHandler: this.onEventHandler,
       isCompleteHandler: this.isCompleteHandler,
       queryInterval: Duration.seconds(10),
+      totalTimeout: props.timeout,
     });
   }
 }

packages/@aws-cdk/aws-dynamodb/lib/table.ts

@@ -3,8 +3,8 @@ import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
 import * as iam from '@aws-cdk/aws-iam';
 import * as kms from '@aws-cdk/aws-kms';
 import {
-  Aws, CfnCondition, CfnCustomResource, CustomResource, Fn,
-  IResource, Lazy, Names, RemovalPolicy, Resource, Stack, Token,
+  Aws, CfnCondition, CfnCustomResource, CustomResource, Duration,
+  Fn, IResource, Lazy, Names, RemovalPolicy, Resource, Stack, Token,
 } from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import { DynamoDBMetrics } from './dynamodb-canned-metrics.generated';
@@ -218,6 +218,13 @@ export interface TableOptions {
    * @experimental
    */
   readonly replicationRegions?: string[];
+
+  /**
+   * The timeout for a table replication operation in a single region.
+   *
+   * @default Duration.minutes(30)
+   */
+  readonly replicationTimeout?: Duration;
 }
 
 /**
@@ -1135,7 +1142,7 @@ export class Table extends TableBase {
     }
 
     if (props.replicationRegions && props.replicationRegions.length > 0) {
-      this.createReplicaTables(props.replicationRegions);
+      this.createReplicaTables(props.replicationRegions, props.replicationTimeout);
     }
   }
 
@@ -1451,14 +1458,14 @@ export class Table extends TableBase {
    *
    * @param regions regions where to create tables
    */
-  private createReplicaTables(regions: string[]) {
+  private createReplicaTables(regions: string[], timeout?: Duration) {
     const stack = Stack.of(this);
 
     if (!Token.isUnresolved(stack.region) && regions.includes(stack.region)) {
       throw new Error('`replicationRegions` cannot include the region where this stack is deployed.');
     }
 
-    const provider = ReplicaProvider.getOrCreate(this);
+    const provider = ReplicaProvider.getOrCreate(this, { timeout });
 
     // Documentation at https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2gt_IAM.html
     // is currently incorrect. AWS Support recommends `dynamodb:*` in both source and destination regions