Merge #26
Merged
Merge #26
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Co-authored-by: Noah Litov <noahlitov@gmail.com>
Automatically retry on Lambda service exceptions for `LambdaInvoke`. Follows the best practice from https://docs.aws.amazon.com/step-functions/latest/dg/bp-lambda-serviceexception.html ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Patches partially inspired by: - https://github.com/aws-cloudformation/cfn-python-lint/pull/1697/files - aws-cloudformation/cfn-lint#1671 BREAKING CHANGE: Fixed ECS task definition within the L1 layer. Fixed the casing of the `efsVolumeConfiguration` property to match the spec published by cloudformation. Fixed the type of the `DockerVolumeConfiguration.labels` property to allow users to properly apply labels. * **ecs**: Task definitions configured with an `efsVolumeConfiguration` will incur a resource replacement due to wrong casing of the underlying resources introduced in this [PR](https://github.com/aws/aws-cdk/pull/8467/files). This replacement will in turn cause a rolling update to any running tasks that use that definition. * **ecs**: `DockerVolumeConfiguration.labels` changed from an **array** to a **map**. This was a long standing latent bug and in fact configuring labels in the old format would have resulted in the wrong behavior.
…rd (#10404) This will allow upcoming major versions of the dotnet runtime to be used if the current target runtime (`netcoreapp3.1`) is not available; for example it will allow using `netcoreapp5` whent his becomes available. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ostgres (#10132) When the `s3ImportBuckets` or `s3ExportBuckets` properties are set, we also need to include the name of the feature for the DB instance that the IAM role is to be associated with. Excluding the feature name causes a deploy-time failure as follows: > The feature-name parameter must be provided with the current operation ... Added an `EngineFeatures` struct to specify the feature name for `s3Import` and `s3Export` Closes #4419 Closes #8201 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The modern bootstrap stack used to unconditionally create a KMS Customer Master Key (CMK) for users. This incurs a $1/month charge for every user of the CDK for every region and account they want to deploy in, which is not acceptable if we're going to make this the default bootstrapping experience in the future. This PR switches off the creation of the CMK by default for new bootstrap stacks. Bootstrap stacks that already exist can remove the existing CMK by running: ``` cdk bootstrap --bootstrap-customer-key=false [aws://...] ``` This change is backwards compatible: updates to existing (modern) bootstrap stacks will leave the current KMS key in place. To achieve this, the new default is encoded into the CLI, not into the template. Fixes #10115. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add missing braces around `if` added in #10386 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Added the following Conditons: * `Condition.isPresent` - matches if a json path is present * `Condition.isNotPresent` - matches if a json path is not present * `Condition.isString` - matches if a json path contains a string * `Condition.isNotString` - matches if a json path is not a string * `Condition.isNumeric` - matches if a json path is numeric * `Condition.isNotNumeric` - matches if a json path is not numeric * `Condition.isBoolean` - matches if a json path is boolean * `Condition.isNotBoolean` - matches if a json path is not boolean * `Condition.isTimestamp` - matches if a json path is a timestamp * `Condition.isNotTimestamp` - matches if a json path is not a timestamp * `Condition.isNotNull` - matches if a json path is not null * `Condition.isNull` - matches if a json path is null * `Condition.booleanEqualsJsonPath` - matches if a boolean field equals a value in a given mapping path * `Condition.stringEqualsJsonPath` - matches if a string field equals a given mapping path * `Condition.stringLessThanJsonPath` - Matches if a string field sorts before a value at given mapping path * `Condition.stringLessThanEqualsJsonPath` - Matches if a string field sorts equal to or before a given mapping * `Condition.stringGreaterThanJsonPath` - Matches if a string field sorts after a value at a given mapping path * `Condition.stringGreaterThanEqualsJsonPath` - Matches if a string field sorts after or equal to value at a given mapping path * `Condition.numberEqualsJsonPath` - matches if a numeric field has the value in a given mapping path * `Condition.numberLessThan` - matches if a numeric field is less than the given value * `Condition.numberLessThanJsonPath` - matches if a numeric field is less than the value at the given mapping path * `Condition.numberLessThanEqualsJsonPath` - matches if a numeric field is less than or equal to the numeric value at given mapping path * `Condition.numberGreaterThanJsonPath` - matches if a numeric field is greater than the value at a given mapping path * `Condition.numberGreaterThanEqualsJsonPath` - matches if a numeric field is greater than or equal to the value at a given mapping path * `Condition.timestampEqualsJsonPath` - matches if a timestamp field is the same time as the timestamp at a given mapping path * `Condition.timestampLessThanJsonPath` - matches if a timestamp field is before the timestamp at a given mapping path * `Condition.timestampLessThanEqualsJsonPath` - matches if a timestamp field is before or equal to the timestamp at a given mapping path * `Condition.timestampGreaterThanJsonPath` - matches if a timestamp field is after the timestamp at a given mapping path * `Condition.timestampGreaterThanEqualsJsonPath` - matches if a timestamp field is after or equal to the timestamp at a given mapping path * `Condition.stringMatches` - matches a field with the ability to use as a wild card e.g: log-.txt or LATEST. No other characters other than "*" have any special meaning (* can be escaped: \\*) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…EADME (#10411) ---- removing the partitions.io board link and replacing with the cdk.dev slack channel. *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
As it turns out, there's one more resource attribute that we don't support currently: Version, used for custom CloudFormation resources. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In #10309, secretName was added to SecretAttributes, but given the ARN is always required, it's fairly redundant. Removing to reduce public API surface area. Not a breaking change, as #10309 has not yet been released. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…10408) Avoid things like #10406 See https://eslint.org/docs/rules/curly#multi-line ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In order to reduce the likelihood that subtle breakage happens due to behavioral changes introduced across major version bumps, all updates performed by `ncu` are now limited to the `--target=minor` setting (meaning the major version will not be changed by `ncu`). Co-authored-by: Mitchell Valine <valinm@amazon.com>
* feat(rds): S3 import and export for DatabaseInstances This change introduces S3 import/export for DatabaseInstances, the same as what currently exists today for DatabaseClusters. This change was heavily influenced by #10132 (the work to introduce feature names for DatabaseCluster), and steals patterns and names heavily from it. **Implementation Notes:** * Unlike for clusters, for instances, the feature names are required; if the feature name doesn't exist, we shouldn't be creating the role. * For both Oracle and SQL Server, all current/active versions support the same feature names. This simplified the implementation quite a bit. * I opted **not** to support features for the deprecated Oracle versions. * I moved the `setupS3ImportExport` helper function into a utils class. One quirk of the SQL Server requirement is that you must create an OptionGroup with only one role (for both import & export). Oracle, likewise, has a single feature for both import and export. So I opted to default to creating a single role (if necessary) for both import and export. Open to challenges on this. * The `OptionGroup` class needed some rework to be able to make the list of configurations dynamic. I then had to do some light tweaking to ensure backwards compatibility with the connections property. fixes #4419
Currently, database instances and clusters have different behaviors for removal policies and deletion protection. This fix standardizes the behavior and logical code paths so RDS behaves consistently. The new logic is that we will only set `deletionProtection` if the RemovalPolicy has been set to RETAIN. Otherwise (with SNAPSHOT or DELETE), deletion protection will be disabled (by default). BREAKING CHANGE: Cluster now has deletionProtection enabled if its removal policy is `RETAIN` * **rds**: Instance now has deletionProtection enabled by default only if its removal policy is `RETAIN` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Enable users with existing cluster subnet groups to specify an existing group, rather than creating a new group. _Note: Marked as exempt-readme because I don't think this deserves its own README section. Feel free to disagree._ fixes #9991 BREAKING CHANGE: removed protected member `subnetGroup` from DatabaseCluster classes ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…0422) CloudFormation allows for parameters of type 'Number' to be referenced, using the 'Ref' keyword, into properties that are of type 'String'. This will let customers now use CloudFormation maximum and minimum constraints on the number parameter type, and still use the resulting value in a property of string type. fixes #10228 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Upgrade dependency versions when available. Change the yarn-upgrade workflow to only upgrade minor versions automatically. This will prevent major version dependency upgrades from happening automatically in the future. Exclude `aws-sdk` from automatic upgrades temporarily due to changes in TS type definitions that removed `ConfigurationOptions` from the `aws-sdk/lib/config` entrypoint. See aws/aws-sdk-js#3453 for details.
Add a method that allows you to load a nested stack after the CfnInclude object has been instantiated. To make this consistent in nested stack handling, rename the 'nestedStacks' property to 'loadNestedStacks'. BREAKING CHANGE: the construction property 'nestedStacks' of class 'CfnInclude' has been renamed to 'loadNestedStacks' ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…er Preview' (#10436) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…8450) When a table was deployed with `serverSideEncryption` set to `true` (by requesting `AWS_MANAGED` or `CUSTOM` server side encryption), it was not possible to switch back to `DEFAULT` as this could drop the `serverSideEncryption` configuration altogether, which CloudFormation will not allow. This changes makes `Table` continue to not set the `serverSideEncryption` configuration if nothing was configured (the user chose the implicit default behavior), but to actually set the value explicitly to `false` if the user *explicitly* requests `DEFAULT` encryption. This makes it possible to flip away from `AWS_MANAGED` and `CUSTOM` encryption to the cheaper alternative that is `DEFAULT`. Fixes #8286 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add the amzn scope to our version reporting, owned by Amazon: https://www.npmjs.com/org/amzn ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) By default asset bundling is skipped for `cdk list` and `cdk destroy`. For `cdk deploy`, `cdk diff` and `cdk synthesize` the default is to bundle assets for all stacks unless `exclusively` is specified. In this case, only the listed stacks will have their assets bundled. Closes #9540 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Support VPC property in ShellScriptAction. Partially fixes #9982 . ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When running `cdk deploy` the stack outputs to the terminal are currently returned in the same order as the `describe stacks` API call, which does not seem to provide a contract on ordering, per the [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_Stack.html). This change sorts the keys of the stack outputs before display, which is consistent with "outputs" tab in the AWS CloudFormation console. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR adds a machine image that is backed by a custom SSM parameter. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Graduate the module to *Developer Preview*. This PR also includes some last minute API changes we feel make it a little more semantically clear. In addition, the README was restructured to be more coherent. See [rendered version](https://github.com/aws/aws-cdk/blob/epolon/10364-eks-dev-preview/packages/%40aws-cdk/aws-eks/README.md). Happy to break this down to multiple PR's if you find it hard to review. BREAKING CHANGE: `cluster.addChart` renamed to `cluster.addHelmChart` * **eks:** `NodegroupOptions.launchTemplate` renamed to `NodegroupOptions.launchTemplateSpec` * **eks:** `cluster.addAutoScalingGroup` renamed to `cluster.connectAutoScalingGroupCapacity` * **eks:** `cluster.addNodegroup` renamed to `cluster.addNoedgroupCapacity` * **eks:** `cluster.addCapacity` renamed to `cluster.addAutoScalingGroupCapacity` * **eks:** `CapacityOptions` renamed to `AutoScalingGroupCapacityOptions`. Resolves #10364 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
`syn-nodejs-2.0` is the latest runtime. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library.html BREAKING CHANGE: the default runtime is now `syn-nodejs-2.0` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…#10552) Adding support for [additional S3 notification event types](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#supported-notification-event-types), including 's3:ObjectRestore:Completed' recently raised by @mauricioharley as a feature request. Closes #10498 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
According to the CloudFront docs, the logging bucket should be specified as the bucket domain name. #2554 updated origin buckets to use the regional bucket domain names -- which is correct -- but also incorrectly updated the logging bucket specifications as well. This has a minor impact of being unable to navigate to the logging bucket from the CloudFront console, but otherwise the logs are stored correctly. fixes #10512 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
We are currently on a pre-release version, and `ncu` will "upgrade" to the nightly builds, which is undesirable. Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…10539) Any CloudFormation resource that defines a single boolean property set to false is not rendered to the CloudFormation template. The bug is in implementation of `_toCloudFormation()` API in `CfnResource`. It treated `false` and `undefined` the same way. fixes #10455 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adding support for [EC2 C6g](https://aws.amazon.com/ec2/instance-types/c6/) instance classes. Closes #10372 --- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes listing same stack multiple times fails for cdk commands closes #9667 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…nitionName` (#10448) Add `fromJobDefinitionName` for `JobDefinition` construct. Ref: https://stackoverflow.com/a/55031183 closes #7172 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add fromDomainName import helper to UserPoolDomain construct closes #9988 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ns event source (#10567) This change allows `SnsEventSource` to be configured in the same way as its reverse construct, `LambdaSubscription`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…user pool clients (#10588) When the `UserPoolClient` property `disableOAuth` is set, callback URLs should not be rendered as it represents a list of allowed redirects for identity providers. Added in a condition that only renders the callback URL default of `https://example.com` if OAuth is enabled. Closes #10311 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
refreshToken always allowed when authFlows present in UserPoolClient BREAKING CHANGE: `refreshToken` property is now removed from UserPoolClient. It will be included if any other `authFlow` is enabled. closes #7625 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The default value was incorrectly documented as 10000, while in fact, it is infinite. Ref: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts closes #10486 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In #10458, we started to default the master user name to 'admin'. As it turns out, that actually doesn't work with PostgreSQL, as 'admin' is a reserved word there. Add a new optional property to IEngine called defaultUsername that allows overriding the global 'admin' default on a per-Engine basis. Set it to 'adminuser' for the Aurora Postgres Cluster engine and the Postgres Instance engine. Fixes #10579 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…recated (#10605) The static constants in the DatabaseClusterEngine class were all deprecated in favor of using versioned engines. However, it turns out that it's very common to use the unversioned engines for serverless Clusters, for which the instances are fully managed, so updates are a lot less risky. Because of that, un-deprecate the constants, instead adding a note that we don't recommend using them for non-serverless Clusters. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) An overly-strict validation on secret ARNs prevented valid use cases where a customer provides a secret ARN without the SecretsManager-suffix. fixes #10604 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Make the GraphQL Schema construct multiple interface implementation in the following manner:
```gql
type Object implements Interface1 & interface2 {
...
}
```
Fixes #10479
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
I was using cdk to stand up an Elasticsearch domain and thought I might as well generalise the effort. Can I please get some feedback on the current implementation and if it is something you are happy to accept? This implementation is still missing tests, more documentation and features like importing the resource. I will add them once I know I'm on the right track. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds a new construct to specify Aurora Serverless clusters This is largely a stripped down version of `Cluster` as there are many properties within clusters that do not apply to Aurora Serverless. Some of the notable exclusions are: * backup windows * maintenance windows * associated roles (as S3 import/exports are not supported) * iam database authentication * exporting cloudwatch log exports * storage encryption is always true in Aurora serverless Added: * Scaling options which only apply to Aurora serverless and cannot be used for provisioned clusters * Enum `AuroraCapacityUnit` to specify the provisioned capacity * Enable http endpoint for a serverless cluster Closes #929 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…#10490) Addresses the first point on #9490 by allow access logging to be configured through props 1. Introduces a new `AccessLog` shared-interface as it can be reused in Virtual Gateways and Virtual Nodes 1. Removes the default access logging to stdout in Virtual Nodes and allows it to be configured via props BREAKING CHANGE: VirtualNode no longer has accessLog set to "/dev/stdout" by default ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
* feat: cloudformation spec v18.4.0 * add junit.xml to ignore * adding a linter exclusion for attribute added in APIGatewayv2 that is not yet exposed through the CDK * added a patch to rename AwsVpcConfiguration back to AwsvpcConfiguration to avoid breaking ECS users * add appflow to cloudformation-include * add appflow as peerDependencies in cloudformation-include * add appflow to aws-cdk-lib dependencies * update monocdk-experiment package.json * add python classifiers for appflow * adding patches for properties that cause compatibility checker to fail Co-authored-by: AWS CDK Team <aws-cdk@amazon.com> Co-authored-by: Neta Nir <neta1nir@gmail.com> Co-authored-by: Shiv Lakshminarayan <shivlaks@amazon.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
When running unit tests `outdir` defaults to a temporary directory in the system temp directory. On macOS `os.tmpdir()` is a symlink. In `v1.61.0` we changed the bundling directory to be a directory inside `outdir` (`cdk.out`). This makes Docker bundling fail during tests. Fix it by using `fs.realpathSync`. Closes #10262 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This commits expands on a previous [commit]. The remaining CDK modules have been migrated to use the `Construct` and `IConstruct` from the "constructs" module instead of the "@aws-cdk/core" module. Migrating modules to use the "constructs" module, prevents merge conflicts from arising in these files when the construct compatibility layer in "@aws-cdk/core" module is removed in the v2 branch. [commit]: c179699 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license