diff --git a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-docdb-cluster-rotation.assets.json b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-docdb-cluster-rotation.assets.json index db774132f479a..e79687b2c71f4 100644 --- a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-docdb-cluster-rotation.assets.json +++ b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-docdb-cluster-rotation.assets.json @@ -1,7 +1,7 @@ { - "version": "20.0.0", + "version": "30.1.0", "files": { - "16960a7525b0e7f3fc99af30374461429f32d815db45bab3e136c4a994140575": { + "ffa0280c20139b5a0ec753fdb4365af29fb08ea9703b9139810054417bc99c10": { "source": { "path": "aws-cdk-docdb-cluster-rotation.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "16960a7525b0e7f3fc99af30374461429f32d815db45bab3e136c4a994140575.json", + "objectKey": "ffa0280c20139b5a0ec753fdb4365af29fb08ea9703b9139810054417bc99c10.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-docdb-cluster-rotation.template.json b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-docdb-cluster-rotation.template.json index 18907654c9a2e..0f59b9f2136f3 100644 --- a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-docdb-cluster-rotation.template.json +++ b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-docdb-cluster-rotation.template.json @@ -508,7 +508,7 @@ } } }, - "DatabaseSecretAttachmentPolicy5ACFE6CA": { + "DatabaseSecretPolicyEE73D3F8": { "Type": "AWS::SecretsManager::ResourcePolicy", "Properties": { "ResourcePolicy": { @@ -540,7 +540,7 @@ "Version": "2012-10-17" }, "SecretId": { - "Ref": "DatabaseSecretAttachmentE5D1B020" + "Ref": "DatabaseSecret3B817195" } } }, diff --git a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/cdk.out b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/cdk.out index 588d7b269d34f..b72fef144f05c 100644 --- a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"30.1.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/integ.json b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/integ.json index 5466489d4db95..60a46976636ef 100644 --- a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "30.1.0", "testCases": { "integ.cluster-rotation.lit": { "stacks": [ diff --git a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/manifest.json b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/manifest.json index 521408f82eb4a..be159955f9791 100644 --- a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "30.1.0", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "aws-cdk-docdb-cluster-rotation.assets": { "type": "cdk:asset-manifest", "properties": { @@ -23,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/16960a7525b0e7f3fc99af30374461429f32d815db45bab3e136c4a994140575.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ffa0280c20139b5a0ec753fdb4365af29fb08ea9703b9139810054417bc99c10.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -213,10 +207,10 @@ "data": "DatabaseSecretAttachmentRotationScheduleA4E9F034" } ], - "/aws-cdk-docdb-cluster-rotation/Database/Secret/Attachment/Policy/Resource": [ + "/aws-cdk-docdb-cluster-rotation/Database/Secret/Policy/Resource": [ { "type": "aws:cdk:logicalId", - "data": "DatabaseSecretAttachmentPolicy5ACFE6CA" + "data": "DatabaseSecretPolicyEE73D3F8" } ], "/aws-cdk-docdb-cluster-rotation/Database/Resource": [ @@ -260,9 +254,24 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "DatabaseSecretAttachmentPolicy5ACFE6CA": [ + { + "type": "aws:cdk:logicalId", + "data": "DatabaseSecretAttachmentPolicy5ACFE6CA", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "aws-cdk-docdb-cluster-rotation" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/tree.json b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/tree.json index d6b2cf350eea3..22d76ec24c566 100644 --- a/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-docdb/test/integ.cluster-rotation.lit.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "aws-cdk-docdb-cluster-rotation": { "id": "aws-cdk-docdb-cluster-rotation", "path": "aws-cdk-docdb-cluster-rotation", @@ -91,8 +83,8 @@ "id": "Acl", "path": "aws-cdk-docdb-cluster-rotation/VPC/PublicSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -258,8 +250,8 @@ "id": "Acl", "path": "aws-cdk-docdb-cluster-rotation/VPC/PublicSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -425,8 +417,8 @@ "id": "Acl", "path": "aws-cdk-docdb-cluster-rotation/VPC/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -544,8 +536,8 @@ "id": "Acl", "path": "aws-cdk-docdb-cluster-rotation/VPC/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -850,64 +842,64 @@ "fqn": "@aws-cdk/aws-secretsmanager.RotationSchedule", "version": "0.0.0" } - }, - "Policy": { - "id": "Policy", - "path": "aws-cdk-docdb-cluster-rotation/Database/Secret/Attachment/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-docdb-cluster-rotation/Database/Secret/Attachment/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", - "aws:cdk:cloudformation:props": { - "resourcePolicy": { - "Statement": [ - { - "Action": "secretsmanager:DeleteSecret", - "Effect": "Deny", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "aws-cdk-docdb-cluster-rotation/Database/Secret/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-docdb-cluster-rotation/Database/Secret/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", + "aws:cdk:cloudformation:props": { + "resourcePolicy": { + "Statement": [ + { + "Action": "secretsmanager:DeleteSecret", + "Effect": "Deny", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] } - ], - "Version": "2012-10-17" - }, - "secretId": { - "Ref": "DatabaseSecretAttachmentE5D1B020" + }, + "Resource": "*" } - } + ], + "Version": "2012-10-17" }, - "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", - "version": "0.0.0" + "secretId": { + "Ref": "DatabaseSecret3B817195" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", + "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", "version": "0.0.0" } } @@ -1025,8 +1017,8 @@ "id": "SARMapping", "path": "aws-cdk-docdb-cluster-rotation/Database/RotationSingleUser/SARMapping", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.CfnMapping", + "version": "0.0.0" } }, "Resource": { @@ -1120,17 +1112,41 @@ "fqn": "@aws-cdk/aws-docdb.DatabaseCluster", "version": "0.0.0" } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-docdb-cluster-rotation/BootstrapVersion", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-docdb-cluster-rotation/CheckBootstrapVersion", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnRule", + "version": "0.0.0" + } } }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.1.252" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.assets.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.assets.json index ae1f3168553a8..6256aa3105eec 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.assets.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.assets.json @@ -1,7 +1,7 @@ { - "version": "21.0.0", + "version": "30.1.0", "files": { - "dfc2f8e8aa2f2f42357312f7f92524a12cb383c762b91eaecbbefb8ad8400f82": { + "f1be03db0810455e897d5600a00d7d089273d1f89b9a319be25928bf241a9490": { "source": { "path": "aws-cdk-rds-cluster-rotation.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "dfc2f8e8aa2f2f42357312f7f92524a12cb383c762b91eaecbbefb8ad8400f82.json", + "objectKey": "f1be03db0810455e897d5600a00d7d089273d1f89b9a319be25928bf241a9490.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.template.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.template.json index bd800aaa20877..0252e7533406a 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.template.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.template.json @@ -606,7 +606,7 @@ } } }, - "DatabaseSecretAttachmentPolicy5ACFE6CA": { + "DatabaseSecretPolicyEE73D3F8": { "Type": "AWS::SecretsManager::ResourcePolicy", "Properties": { "ResourcePolicy": { @@ -638,18 +638,18 @@ "Version": "2012-10-17" }, "SecretId": { - "Ref": "DatabaseSecretAttachmentE5D1B020" + "Ref": "DatabaseSecret3B817195" } } }, "DatabaseB269D8BB": { "Type": "AWS::RDS::DBCluster", "Properties": { - "Engine": "aurora", "CopyTagsToSnapshot": true, "DBSubnetGroupName": { "Ref": "DatabaseSubnets56F17B9A" }, + "Engine": "aurora", "MasterUsername": { "Fn::Join": [ "", @@ -924,7 +924,7 @@ } } }, - "CustomRotationOptionsSecretAttachmentPolicyAB818C64": { + "CustomRotationOptionsSecretPolicyA73E17A8": { "Type": "AWS::SecretsManager::ResourcePolicy", "Properties": { "ResourcePolicy": { @@ -956,18 +956,18 @@ "Version": "2012-10-17" }, "SecretId": { - "Ref": "CustomRotationOptionsSecretAttachment697A23BF" + "Ref": "CustomRotationOptionsSecret7DCFFFDB" } } }, "CustomRotationOptions7CA9E132": { "Type": "AWS::RDS::DBCluster", "Properties": { - "Engine": "aurora", "CopyTagsToSnapshot": true, "DBSubnetGroupName": { "Ref": "CustomRotationOptionsSubnets52AEBCED" }, + "Engine": "aurora", "MasterUsername": { "Fn::Join": [ "", diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/cdk.out b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/cdk.out index 8ecc185e9dbee..b72fef144f05c 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"21.0.0"} \ No newline at end of file +{"version":"30.1.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/integ.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/integ.json index 3cee3075c64cc..5bbe8121413b0 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "21.0.0", + "version": "30.1.0", "testCases": { "integ.cluster-rotation.lit": { "stacks": [ diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/manifest.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/manifest.json index 21ee20339ed5f..0da5ccc5e746a 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "21.0.0", + "version": "30.1.0", "artifacts": { "aws-cdk-rds-cluster-rotation.assets": { "type": "cdk:asset-manifest", @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/dfc2f8e8aa2f2f42357312f7f92524a12cb383c762b91eaecbbefb8ad8400f82.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f1be03db0810455e897d5600a00d7d089273d1f89b9a319be25928bf241a9490.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -225,10 +225,10 @@ "data": "DatabaseSecretAttachmentRotationScheduleA4E9F034" } ], - "/aws-cdk-rds-cluster-rotation/Database/Secret/Attachment/Policy/Resource": [ + "/aws-cdk-rds-cluster-rotation/Database/Secret/Policy/Resource": [ { "type": "aws:cdk:logicalId", - "data": "DatabaseSecretAttachmentPolicy5ACFE6CA" + "data": "DatabaseSecretPolicyEE73D3F8" } ], "/aws-cdk-rds-cluster-rotation/Database/Resource": [ @@ -264,10 +264,7 @@ "/aws-cdk-rds-cluster-rotation/Database/RotationSingleUser/Resource": [ { "type": "aws:cdk:logicalId", - "data": "DatabaseRotationSingleUser65F55654", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" - ] + "data": "DatabaseRotationSingleUser65F55654" } ], "/aws-cdk-rds-cluster-rotation/CustomRotationOptions/Subnets/Default": [ @@ -306,10 +303,10 @@ "data": "CustomRotationOptionsSecretAttachmentRotationScheduleD5AEB622" } ], - "/aws-cdk-rds-cluster-rotation/CustomRotationOptions/Secret/Attachment/Policy/Resource": [ + "/aws-cdk-rds-cluster-rotation/CustomRotationOptions/Secret/Policy/Resource": [ { "type": "aws:cdk:logicalId", - "data": "CustomRotationOptionsSecretAttachmentPolicyAB818C64" + "data": "CustomRotationOptionsSecretPolicyA73E17A8" } ], "/aws-cdk-rds-cluster-rotation/CustomRotationOptions/Resource": [ @@ -354,10 +351,19 @@ "data": "CheckBootstrapVersion" } ], - "DatabaseSecurityGroupfromawscdkrdsclusterrotationSecurityGroupB986D266IndirectPortE461A61D": [ + "DatabaseSecretAttachmentPolicy5ACFE6CA": [ + { + "type": "aws:cdk:logicalId", + "data": "DatabaseSecretAttachmentPolicy5ACFE6CA", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "CustomRotationOptionsSecretAttachmentPolicyAB818C64": [ { "type": "aws:cdk:logicalId", - "data": "DatabaseSecurityGroupfromawscdkrdsclusterrotationSecurityGroupB986D266IndirectPortE461A61D", + "data": "CustomRotationOptionsSecretAttachmentPolicyAB818C64", "trace": [ "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" ] diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/tree.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/tree.json index 756823a7c2091..5eefe4ba0e14b 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/tree.json @@ -1004,64 +1004,64 @@ "fqn": "@aws-cdk/aws-secretsmanager.RotationSchedule", "version": "0.0.0" } - }, - "Policy": { - "id": "Policy", - "path": "aws-cdk-rds-cluster-rotation/Database/Secret/Attachment/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-rds-cluster-rotation/Database/Secret/Attachment/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", - "aws:cdk:cloudformation:props": { - "resourcePolicy": { - "Statement": [ - { - "Action": "secretsmanager:DeleteSecret", - "Effect": "Deny", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "aws-cdk-rds-cluster-rotation/Database/Secret/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-cluster-rotation/Database/Secret/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", + "aws:cdk:cloudformation:props": { + "resourcePolicy": { + "Statement": [ + { + "Action": "secretsmanager:DeleteSecret", + "Effect": "Deny", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] } - ], - "Version": "2012-10-17" - }, - "secretId": { - "Ref": "DatabaseSecretAttachmentE5D1B020" + }, + "Resource": "*" } - } + ], + "Version": "2012-10-17" }, - "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", - "version": "0.0.0" + "secretId": { + "Ref": "DatabaseSecret3B817195" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", + "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", "version": "0.0.0" } } @@ -1077,11 +1077,11 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", "aws:cdk:cloudformation:props": { - "engine": "aurora", "copyTagsToSnapshot": true, "dbSubnetGroupName": { "Ref": "DatabaseSubnets56F17B9A" }, + "engine": "aurora", "masterUsername": { "Fn::Join": [ "", @@ -1502,64 +1502,64 @@ "fqn": "@aws-cdk/aws-secretsmanager.RotationSchedule", "version": "0.0.0" } - }, - "Policy": { - "id": "Policy", - "path": "aws-cdk-rds-cluster-rotation/CustomRotationOptions/Secret/Attachment/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-rds-cluster-rotation/CustomRotationOptions/Secret/Attachment/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", - "aws:cdk:cloudformation:props": { - "resourcePolicy": { - "Statement": [ - { - "Action": "secretsmanager:DeleteSecret", - "Effect": "Deny", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "aws-cdk-rds-cluster-rotation/CustomRotationOptions/Secret/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-cluster-rotation/CustomRotationOptions/Secret/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", + "aws:cdk:cloudformation:props": { + "resourcePolicy": { + "Statement": [ + { + "Action": "secretsmanager:DeleteSecret", + "Effect": "Deny", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] } - ], - "Version": "2012-10-17" - }, - "secretId": { - "Ref": "CustomRotationOptionsSecretAttachment697A23BF" + }, + "Resource": "*" } - } + ], + "Version": "2012-10-17" }, - "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", - "version": "0.0.0" + "secretId": { + "Ref": "CustomRotationOptionsSecret7DCFFFDB" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", + "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", "version": "0.0.0" } } @@ -1575,11 +1575,11 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", "aws:cdk:cloudformation:props": { - "engine": "aurora", "copyTagsToSnapshot": true, "dbSubnetGroupName": { "Ref": "CustomRotationOptionsSubnets52AEBCED" }, + "engine": "aurora", "masterUsername": { "Fn::Join": [ "", @@ -1796,7 +1796,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.161" + "version": "10.1.252" } } }, diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/outbound.js b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/outbound.js deleted file mode 100644 index 70203dcc42f3f..0000000000000 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/outbound.js +++ /dev/null @@ -1,45 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.httpRequest = exports.invokeFunction = exports.startExecution = void 0; -/* istanbul ignore file */ -const https = require("https"); -// eslint-disable-next-line import/no-extraneous-dependencies -const AWS = require("aws-sdk"); -const FRAMEWORK_HANDLER_TIMEOUT = 900000; // 15 minutes -// In order to honor the overall maximum timeout set for the target process, -// the default 2 minutes from AWS SDK has to be overriden: -// https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#httpOptions-property -const awsSdkConfig = { - httpOptions: { timeout: FRAMEWORK_HANDLER_TIMEOUT }, -}; -async function defaultHttpRequest(options, responseBody) { - return new Promise((resolve, reject) => { - try { - const request = https.request(options, resolve); - request.on('error', reject); - request.write(responseBody); - request.end(); - } - catch (e) { - reject(e); - } - }); -} -let sfn; -let lambda; -async function defaultStartExecution(req) { - if (!sfn) { - sfn = new AWS.StepFunctions(awsSdkConfig); - } - return sfn.startExecution(req).promise(); -} -async function defaultInvokeFunction(req) { - if (!lambda) { - lambda = new AWS.Lambda(awsSdkConfig); - } - return lambda.invoke(req).promise(); -} -exports.startExecution = defaultStartExecution; -exports.invokeFunction = defaultInvokeFunction; -exports.httpRequest = defaultHttpRequest; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3V0Ym91bmQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJvdXRib3VuZC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwwQkFBMEI7QUFDMUIsK0JBQStCO0FBQy9CLDZEQUE2RDtBQUM3RCwrQkFBK0I7QUFJL0IsTUFBTSx5QkFBeUIsR0FBRyxNQUFNLENBQUMsQ0FBQyxhQUFhO0FBRXZELDRFQUE0RTtBQUM1RSwwREFBMEQ7QUFDMUQsMkZBQTJGO0FBQzNGLE1BQU0sWUFBWSxHQUF5QjtJQUN6QyxXQUFXLEVBQUUsRUFBRSxPQUFPLEVBQUUseUJBQXlCLEVBQUU7Q0FDcEQsQ0FBQztBQUVGLEtBQUssVUFBVSxrQkFBa0IsQ0FBQyxPQUE2QixFQUFFLFlBQW9CO0lBQ25GLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLEVBQUU7UUFDckMsSUFBSTtZQUNGLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ2hELE9BQU8sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQzVCLE9BQU8sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDNUIsT0FBTyxDQUFDLEdBQUcsRUFBRSxDQUFDO1NBQ2Y7UUFBQyxPQUFPLENBQUMsRUFBRTtZQUNWLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUNYO0lBQ0gsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsSUFBSSxHQUFzQixDQUFDO0FBQzNCLElBQUksTUFBa0IsQ0FBQztBQUV2QixLQUFLLFVBQVUscUJBQXFCLENBQUMsR0FBMEM7SUFDN0UsSUFBSSxDQUFDLEdBQUcsRUFBRTtRQUNSLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxhQUFhLENBQUMsWUFBWSxDQUFDLENBQUM7S0FDM0M7SUFFRCxPQUFPLEdBQUcsQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7QUFDM0MsQ0FBQztBQUVELEtBQUssVUFBVSxxQkFBcUIsQ0FBQyxHQUFpQztJQUNwRSxJQUFJLENBQUMsTUFBTSxFQUFFO1FBQ1gsTUFBTSxHQUFHLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztLQUN2QztJQUVELE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztBQUN0QyxDQUFDO0FBRVUsUUFBQSxjQUFjLEdBQUcscUJBQXFCLENBQUM7QUFDdkMsUUFBQSxjQUFjLEdBQUcscUJBQXFCLENBQUM7QUFDdkMsUUFBQSxXQUFXLEdBQUcsa0JBQWtCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKiBpc3RhbmJ1bCBpZ25vcmUgZmlsZSAqL1xuaW1wb3J0ICogYXMgaHR0cHMgZnJvbSAnaHR0cHMnO1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0ICogYXMgQVdTIGZyb20gJ2F3cy1zZGsnO1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0IHR5cGUgeyBDb25maWd1cmF0aW9uT3B0aW9ucyB9IGZyb20gJ2F3cy1zZGsvbGliL2NvbmZpZy1iYXNlJztcblxuY29uc3QgRlJBTUVXT1JLX0hBTkRMRVJfVElNRU9VVCA9IDkwMDAwMDsgLy8gMTUgbWludXRlc1xuXG4vLyBJbiBvcmRlciB0byBob25vciB0aGUgb3ZlcmFsbCBtYXhpbXVtIHRpbWVvdXQgc2V0IGZvciB0aGUgdGFyZ2V0IHByb2Nlc3MsXG4vLyB0aGUgZGVmYXVsdCAyIG1pbnV0ZXMgZnJvbSBBV1MgU0RLIGhhcyB0byBiZSBvdmVycmlkZW46XG4vLyBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy9sYXRlc3QvQVdTL0NvbmZpZy5odG1sI2h0dHBPcHRpb25zLXByb3BlcnR5XG5jb25zdCBhd3NTZGtDb25maWc6IENvbmZpZ3VyYXRpb25PcHRpb25zID0ge1xuICBodHRwT3B0aW9uczogeyB0aW1lb3V0OiBGUkFNRVdPUktfSEFORExFUl9USU1FT1VUIH0sXG59O1xuXG5hc3luYyBmdW5jdGlvbiBkZWZhdWx0SHR0cFJlcXVlc3Qob3B0aW9uczogaHR0cHMuUmVxdWVzdE9wdGlvbnMsIHJlc3BvbnNlQm9keTogc3RyaW5nKSB7XG4gIHJldHVybiBuZXcgUHJvbWlzZSgocmVzb2x2ZSwgcmVqZWN0KSA9PiB7XG4gICAgdHJ5IHtcbiAgICAgIGNvbnN0IHJlcXVlc3QgPSBodHRwcy5yZXF1ZXN0KG9wdGlvbnMsIHJlc29sdmUpO1xuICAgICAgcmVxdWVzdC5vbignZXJyb3InLCByZWplY3QpO1xuICAgICAgcmVxdWVzdC53cml0ZShyZXNwb25zZUJvZHkpO1xuICAgICAgcmVxdWVzdC5lbmQoKTtcbiAgICB9IGNhdGNoIChlKSB7XG4gICAgICByZWplY3QoZSk7XG4gICAgfVxuICB9KTtcbn1cblxubGV0IHNmbjogQVdTLlN0ZXBGdW5jdGlvbnM7XG5sZXQgbGFtYmRhOiBBV1MuTGFtYmRhO1xuXG5hc3luYyBmdW5jdGlvbiBkZWZhdWx0U3RhcnRFeGVjdXRpb24ocmVxOiBBV1MuU3RlcEZ1bmN0aW9ucy5TdGFydEV4ZWN1dGlvbklucHV0KTogUHJvbWlzZTxBV1MuU3RlcEZ1bmN0aW9ucy5TdGFydEV4ZWN1dGlvbk91dHB1dD4ge1xuICBpZiAoIXNmbikge1xuICAgIHNmbiA9IG5ldyBBV1MuU3RlcEZ1bmN0aW9ucyhhd3NTZGtDb25maWcpO1xuICB9XG5cbiAgcmV0dXJuIHNmbi5zdGFydEV4ZWN1dGlvbihyZXEpLnByb21pc2UoKTtcbn1cblxuYXN5bmMgZnVuY3Rpb24gZGVmYXVsdEludm9rZUZ1bmN0aW9uKHJlcTogQVdTLkxhbWJkYS5JbnZvY2F0aW9uUmVxdWVzdCk6IFByb21pc2U8QVdTLkxhbWJkYS5JbnZvY2F0aW9uUmVzcG9uc2U+IHtcbiAgaWYgKCFsYW1iZGEpIHtcbiAgICBsYW1iZGEgPSBuZXcgQVdTLkxhbWJkYShhd3NTZGtDb25maWcpO1xuICB9XG5cbiAgcmV0dXJuIGxhbWJkYS5pbnZva2UocmVxKS5wcm9taXNlKCk7XG59XG5cbmV4cG9ydCBsZXQgc3RhcnRFeGVjdXRpb24gPSBkZWZhdWx0U3RhcnRFeGVjdXRpb247XG5leHBvcnQgbGV0IGludm9rZUZ1bmN0aW9uID0gZGVmYXVsdEludm9rZUZ1bmN0aW9uO1xuZXhwb3J0IGxldCBodHRwUmVxdWVzdCA9IGRlZmF1bHRIdHRwUmVxdWVzdDtcbiJdfQ== \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/cfn-response.js b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/cfn-response.js similarity index 100% rename from packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/cfn-response.js rename to packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/cfn-response.js diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/consts.js b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/consts.js similarity index 100% rename from packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/consts.js rename to packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/consts.js diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/framework.js b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/framework.js similarity index 100% rename from packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/framework.js rename to packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/framework.js diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/outbound.js b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/outbound.js new file mode 100644 index 0000000000000..cc0667d42f0e8 --- /dev/null +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/outbound.js @@ -0,0 +1,69 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.httpRequest = exports.invokeFunction = exports.startExecution = void 0; +/* istanbul ignore file */ +const https = require("https"); +// eslint-disable-next-line import/no-extraneous-dependencies +const AWS = require("aws-sdk"); +const FRAMEWORK_HANDLER_TIMEOUT = 900000; // 15 minutes +// In order to honor the overall maximum timeout set for the target process, +// the default 2 minutes from AWS SDK has to be overriden: +// https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#httpOptions-property +const awsSdkConfig = { + httpOptions: { timeout: FRAMEWORK_HANDLER_TIMEOUT }, +}; +async function defaultHttpRequest(options, responseBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, resolve); + request.on('error', reject); + request.write(responseBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +let sfn; +let lambda; +async function defaultStartExecution(req) { + if (!sfn) { + sfn = new AWS.StepFunctions(awsSdkConfig); + } + return sfn.startExecution(req).promise(); +} +async function defaultInvokeFunction(req) { + if (!lambda) { + lambda = new AWS.Lambda(awsSdkConfig); + } + try { + /** + * Try an initial invoke. + * + * When you try to invoke a function that is inactive, the invocation fails and Lambda sets + * the function to pending state until the function resources are recreated. + * If Lambda fails to recreate the resources, the function is set to the inactive state. + * + * We're using invoke first because `waitFor` doesn't trigger an inactive function to do anything, + * it just runs `getFunction` and checks the state. + */ + return await lambda.invoke(req).promise(); + } + catch (error) { + /** + * The status of the Lambda function is checked every second for up to 300 seconds. + * Exits the loop on 'Active' state and throws an error on 'Inactive' or 'Failed'. + * + * And now we wait. + */ + await lambda.waitFor('functionActiveV2', { + FunctionName: req.FunctionName, + }).promise(); + return await lambda.invoke(req).promise(); + } +} +exports.startExecution = defaultStartExecution; +exports.invokeFunction = defaultInvokeFunction; +exports.httpRequest = defaultHttpRequest; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3V0Ym91bmQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJvdXRib3VuZC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwwQkFBMEI7QUFDMUIsK0JBQStCO0FBQy9CLDZEQUE2RDtBQUM3RCwrQkFBK0I7QUFJL0IsTUFBTSx5QkFBeUIsR0FBRyxNQUFNLENBQUMsQ0FBQyxhQUFhO0FBRXZELDRFQUE0RTtBQUM1RSwwREFBMEQ7QUFDMUQsMkZBQTJGO0FBQzNGLE1BQU0sWUFBWSxHQUF5QjtJQUN6QyxXQUFXLEVBQUUsRUFBRSxPQUFPLEVBQUUseUJBQXlCLEVBQUU7Q0FDcEQsQ0FBQztBQUVGLEtBQUssVUFBVSxrQkFBa0IsQ0FBQyxPQUE2QixFQUFFLFlBQW9CO0lBQ25GLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLEVBQUU7UUFDckMsSUFBSTtZQUNGLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ2hELE9BQU8sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQzVCLE9BQU8sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDNUIsT0FBTyxDQUFDLEdBQUcsRUFBRSxDQUFDO1NBQ2Y7UUFBQyxPQUFPLENBQUMsRUFBRTtZQUNWLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUNYO0lBQ0gsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsSUFBSSxHQUFzQixDQUFDO0FBQzNCLElBQUksTUFBa0IsQ0FBQztBQUV2QixLQUFLLFVBQVUscUJBQXFCLENBQUMsR0FBMEM7SUFDN0UsSUFBSSxDQUFDLEdBQUcsRUFBRTtRQUNSLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxhQUFhLENBQUMsWUFBWSxDQUFDLENBQUM7S0FDM0M7SUFFRCxPQUFPLEdBQUcsQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7QUFDM0MsQ0FBQztBQUVELEtBQUssVUFBVSxxQkFBcUIsQ0FBQyxHQUFpQztJQUNwRSxJQUFJLENBQUMsTUFBTSxFQUFFO1FBQ1gsTUFBTSxHQUFHLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztLQUN2QztJQUVELElBQUk7UUFDRjs7Ozs7Ozs7O1dBU0c7UUFDSCxPQUFPLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztLQUMzQztJQUFDLE9BQU8sS0FBSyxFQUFFO1FBRWQ7Ozs7O1dBS0c7UUFDSCxNQUFNLE1BQU0sQ0FBQyxPQUFPLENBQUMsa0JBQWtCLEVBQUU7WUFDdkMsWUFBWSxFQUFFLEdBQUcsQ0FBQyxZQUFZO1NBQy9CLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNiLE9BQU8sTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDO0tBQzNDO0FBQ0gsQ0FBQztBQUVVLFFBQUEsY0FBYyxHQUFHLHFCQUFxQixDQUFDO0FBQ3ZDLFFBQUEsY0FBYyxHQUFHLHFCQUFxQixDQUFDO0FBQ3ZDLFFBQUEsV0FBVyxHQUFHLGtCQUFrQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cbmltcG9ydCAqIGFzIGh0dHBzIGZyb20gJ2h0dHBzJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIEFXUyBmcm9tICdhd3Mtc2RrJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCB0eXBlIHsgQ29uZmlndXJhdGlvbk9wdGlvbnMgfSBmcm9tICdhd3Mtc2RrL2xpYi9jb25maWctYmFzZSc7XG5cbmNvbnN0IEZSQU1FV09SS19IQU5ETEVSX1RJTUVPVVQgPSA5MDAwMDA7IC8vIDE1IG1pbnV0ZXNcblxuLy8gSW4gb3JkZXIgdG8gaG9ub3IgdGhlIG92ZXJhbGwgbWF4aW11bSB0aW1lb3V0IHNldCBmb3IgdGhlIHRhcmdldCBwcm9jZXNzLFxuLy8gdGhlIGRlZmF1bHQgMiBtaW51dGVzIGZyb20gQVdTIFNESyBoYXMgdG8gYmUgb3ZlcnJpZGVuOlxuLy8gaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FXU0phdmFTY3JpcHRTREsvbGF0ZXN0L0FXUy9Db25maWcuaHRtbCNodHRwT3B0aW9ucy1wcm9wZXJ0eVxuY29uc3QgYXdzU2RrQ29uZmlnOiBDb25maWd1cmF0aW9uT3B0aW9ucyA9IHtcbiAgaHR0cE9wdGlvbnM6IHsgdGltZW91dDogRlJBTUVXT1JLX0hBTkRMRVJfVElNRU9VVCB9LFxufTtcblxuYXN5bmMgZnVuY3Rpb24gZGVmYXVsdEh0dHBSZXF1ZXN0KG9wdGlvbnM6IGh0dHBzLlJlcXVlc3RPcHRpb25zLCByZXNwb25zZUJvZHk6IHN0cmluZykge1xuICByZXR1cm4gbmV3IFByb21pc2UoKHJlc29sdmUsIHJlamVjdCkgPT4ge1xuICAgIHRyeSB7XG4gICAgICBjb25zdCByZXF1ZXN0ID0gaHR0cHMucmVxdWVzdChvcHRpb25zLCByZXNvbHZlKTtcbiAgICAgIHJlcXVlc3Qub24oJ2Vycm9yJywgcmVqZWN0KTtcbiAgICAgIHJlcXVlc3Qud3JpdGUocmVzcG9uc2VCb2R5KTtcbiAgICAgIHJlcXVlc3QuZW5kKCk7XG4gICAgfSBjYXRjaCAoZSkge1xuICAgICAgcmVqZWN0KGUpO1xuICAgIH1cbiAgfSk7XG59XG5cbmxldCBzZm46IEFXUy5TdGVwRnVuY3Rpb25zO1xubGV0IGxhbWJkYTogQVdTLkxhbWJkYTtcblxuYXN5bmMgZnVuY3Rpb24gZGVmYXVsdFN0YXJ0RXhlY3V0aW9uKHJlcTogQVdTLlN0ZXBGdW5jdGlvbnMuU3RhcnRFeGVjdXRpb25JbnB1dCk6IFByb21pc2U8QVdTLlN0ZXBGdW5jdGlvbnMuU3RhcnRFeGVjdXRpb25PdXRwdXQ+IHtcbiAgaWYgKCFzZm4pIHtcbiAgICBzZm4gPSBuZXcgQVdTLlN0ZXBGdW5jdGlvbnMoYXdzU2RrQ29uZmlnKTtcbiAgfVxuXG4gIHJldHVybiBzZm4uc3RhcnRFeGVjdXRpb24ocmVxKS5wcm9taXNlKCk7XG59XG5cbmFzeW5jIGZ1bmN0aW9uIGRlZmF1bHRJbnZva2VGdW5jdGlvbihyZXE6IEFXUy5MYW1iZGEuSW52b2NhdGlvblJlcXVlc3QpOiBQcm9taXNlPEFXUy5MYW1iZGEuSW52b2NhdGlvblJlc3BvbnNlPiB7XG4gIGlmICghbGFtYmRhKSB7XG4gICAgbGFtYmRhID0gbmV3IEFXUy5MYW1iZGEoYXdzU2RrQ29uZmlnKTtcbiAgfVxuXG4gIHRyeSB7XG4gICAgLyoqXG4gICAgICogVHJ5IGFuIGluaXRpYWwgaW52b2tlLlxuICAgICAqXG4gICAgICogV2hlbiB5b3UgdHJ5IHRvIGludm9rZSBhIGZ1bmN0aW9uIHRoYXQgaXMgaW5hY3RpdmUsIHRoZSBpbnZvY2F0aW9uIGZhaWxzIGFuZCBMYW1iZGEgc2V0c1xuICAgICAqIHRoZSBmdW5jdGlvbiB0byBwZW5kaW5nIHN0YXRlIHVudGlsIHRoZSBmdW5jdGlvbiByZXNvdXJjZXMgYXJlIHJlY3JlYXRlZC5cbiAgICAgKiBJZiBMYW1iZGEgZmFpbHMgdG8gcmVjcmVhdGUgdGhlIHJlc291cmNlcywgdGhlIGZ1bmN0aW9uIGlzIHNldCB0byB0aGUgaW5hY3RpdmUgc3RhdGUuXG4gICAgICpcbiAgICAgKiBXZSdyZSB1c2luZyBpbnZva2UgZmlyc3QgYmVjYXVzZSBgd2FpdEZvcmAgZG9lc24ndCB0cmlnZ2VyIGFuIGluYWN0aXZlIGZ1bmN0aW9uIHRvIGRvIGFueXRoaW5nLFxuICAgICAqIGl0IGp1c3QgcnVucyBgZ2V0RnVuY3Rpb25gIGFuZCBjaGVja3MgdGhlIHN0YXRlLlxuICAgICAqL1xuICAgIHJldHVybiBhd2FpdCBsYW1iZGEuaW52b2tlKHJlcSkucHJvbWlzZSgpO1xuICB9IGNhdGNoIChlcnJvcikge1xuXG4gICAgLyoqXG4gICAgICogVGhlIHN0YXR1cyBvZiB0aGUgTGFtYmRhIGZ1bmN0aW9uIGlzIGNoZWNrZWQgZXZlcnkgc2Vjb25kIGZvciB1cCB0byAzMDAgc2Vjb25kcy5cbiAgICAgKiBFeGl0cyB0aGUgbG9vcCBvbiAnQWN0aXZlJyBzdGF0ZSBhbmQgdGhyb3dzIGFuIGVycm9yIG9uICdJbmFjdGl2ZScgb3IgJ0ZhaWxlZCcuXG4gICAgICpcbiAgICAgKiBBbmQgbm93IHdlIHdhaXQuXG4gICAgICovXG4gICAgYXdhaXQgbGFtYmRhLndhaXRGb3IoJ2Z1bmN0aW9uQWN0aXZlVjInLCB7XG4gICAgICBGdW5jdGlvbk5hbWU6IHJlcS5GdW5jdGlvbk5hbWUsXG4gICAgfSkucHJvbWlzZSgpO1xuICAgIHJldHVybiBhd2FpdCBsYW1iZGEuaW52b2tlKHJlcSkucHJvbWlzZSgpO1xuICB9XG59XG5cbmV4cG9ydCBsZXQgc3RhcnRFeGVjdXRpb24gPSBkZWZhdWx0U3RhcnRFeGVjdXRpb247XG5leHBvcnQgbGV0IGludm9rZUZ1bmN0aW9uID0gZGVmYXVsdEludm9rZUZ1bmN0aW9uO1xuZXhwb3J0IGxldCBodHRwUmVxdWVzdCA9IGRlZmF1bHRIdHRwUmVxdWVzdDtcbiJdfQ== \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/util.js b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/util.js similarity index 100% rename from packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/util.js rename to packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585/util.js diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.assets.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.assets.json index 52f14f55deb74..91d24983fc3c9 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.assets.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.assets.json @@ -1,5 +1,5 @@ { - "version": "21.0.0", + "version": "30.1.0", "files": { "2e7ee01d9005281c0784e709cad69500591734343d1cb95da2fb4a3f5076aadd": { "source": { @@ -14,20 +14,20 @@ } } }, - "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037": { + "a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585": { "source": { - "path": "asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037", + "path": "asset.a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip", + "objectKey": "a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "58fc394d5f5f45f41e0b793cb553bcba2bb2899eec75a6b2e00e1df08ad19eff": { + "f52756563b89062acac165275c62a93cfda25f7fa3aed987a65809db27bc37a5": { "source": { "path": "cdk-integ-cluster-snapshot.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "58fc394d5f5f45f41e0b793cb553bcba2bb2899eec75a6b2e00e1df08ad19eff.json", + "objectKey": "f52756563b89062acac165275c62a93cfda25f7fa3aed987a65809db27bc37a5.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.template.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.template.json index ecff73b539c94..5a9b5e79c4b51 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.template.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.template.json @@ -425,12 +425,12 @@ "ClusterEB0386A7": { "Type": "AWS::RDS::DBCluster", "Properties": { - "Engine": "aurora-mysql", "CopyTagsToSnapshot": true, "DBClusterParameterGroupName": "default.aurora-mysql5.7", "DBSubnetGroupName": { "Ref": "ClusterSubnetsDCFA5CB7" }, + "Engine": "aurora-mysql", "EngineVersion": "5.7.mysql_aurora.2.10.2", "MasterUsername": { "Fn::Join": [ @@ -858,7 +858,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + "S3Key": "a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585.zip" }, "Role": { "Fn::GetAtt": [ @@ -995,7 +995,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + "S3Key": "a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585.zip" }, "Role": { "Fn::GetAtt": [ @@ -1129,7 +1129,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + "S3Key": "a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585.zip" }, "Role": { "Fn::GetAtt": [ @@ -1446,7 +1446,7 @@ } } }, - "FromSnapshotSnapshotSecretAttachmentPolicy3136FEC0": { + "FromSnapshotSnapshotSecretPolicyA5C332BE": { "Type": "AWS::SecretsManager::ResourcePolicy", "Properties": { "ResourcePolicy": { @@ -1478,19 +1478,19 @@ "Version": "2012-10-17" }, "SecretId": { - "Ref": "FromSnapshotSnapshotSecretAttachmentA3F619B8" + "Ref": "cdkintegclustersnapshotFromSnapshotSnapshotSecretD93327943fdaad7efa858a3daf9490cf0a702aeb" } } }, "FromSnapshotEE0682C5": { "Type": "AWS::RDS::DBCluster", "Properties": { - "Engine": "aurora-mysql", "CopyTagsToSnapshot": true, "DBClusterParameterGroupName": "default.aurora-mysql5.7", "DBSubnetGroupName": { "Ref": "FromSnapshotSubnets9ED4B8EE" }, + "Engine": "aurora-mysql", "EngineVersion": "5.7.mysql_aurora.2.10.2", "MasterUserPassword": { "Fn::Join": [ diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk.out b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk.out index 8ecc185e9dbee..b72fef144f05c 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"21.0.0"} \ No newline at end of file +{"version":"30.1.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/integ.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/integ.json index 329077c22006c..daa81ef94fabf 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "21.0.0", + "version": "30.1.0", "testCases": { "integ.cluster-snapshot": { "stacks": [ diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/manifest.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/manifest.json index 323e4184407ac..f386e19c0f970 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "21.0.0", + "version": "30.1.0", "artifacts": { "cdk-integ-cluster-snapshot.assets": { "type": "cdk:asset-manifest", @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/58fc394d5f5f45f41e0b793cb553bcba2bb2899eec75a6b2e00e1df08ad19eff.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f52756563b89062acac165275c62a93cfda25f7fa3aed987a65809db27bc37a5.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -363,10 +363,10 @@ "data": "FromSnapshotSnapshotSecretAttachmentRotationSchedule102BDEB3" } ], - "/cdk-integ-cluster-snapshot/FromSnapshot/SnapshotSecret/Attachment/Policy/Resource": [ + "/cdk-integ-cluster-snapshot/FromSnapshot/SnapshotSecret/Policy/Resource": [ { "type": "aws:cdk:logicalId", - "data": "FromSnapshotSnapshotSecretAttachmentPolicy3136FEC0" + "data": "FromSnapshotSnapshotSecretPolicyA5C332BE" } ], "/cdk-integ-cluster-snapshot/FromSnapshot/Resource": [ @@ -416,6 +416,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "FromSnapshotSnapshotSecretAttachmentPolicy3136FEC0": [ + { + "type": "aws:cdk:logicalId", + "data": "FromSnapshotSnapshotSecretAttachmentPolicy3136FEC0", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "cdk-integ-cluster-snapshot" diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/tree.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/tree.json index fa892eca6a00d..780a8f2d8ebc6 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-snapshot.js.snapshot/tree.json @@ -757,12 +757,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", "aws:cdk:cloudformation:props": { - "engine": "aurora-mysql", "copyTagsToSnapshot": true, "dbClusterParameterGroupName": "default.aurora-mysql5.7", "dbSubnetGroupName": { "Ref": "ClusterSubnetsDCFA5CB7" }, + "engine": "aurora-mysql", "engineVersion": "5.7.mysql_aurora.2.10.2", "masterUsername": { "Fn::Join": [ @@ -863,6 +863,14 @@ "id": "ServiceRole", "path": "cdk-integ-cluster-snapshot/Snapshoter/OnEventHandler/ServiceRole", "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "cdk-integ-cluster-snapshot/Snapshoter/OnEventHandler/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "cdk-integ-cluster-snapshot/Snapshoter/OnEventHandler/ServiceRole/Resource", @@ -1061,6 +1069,14 @@ "id": "ServiceRole", "path": "cdk-integ-cluster-snapshot/Snapshoter/IsCompleteHandler/ServiceRole", "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "cdk-integ-cluster-snapshot/Snapshoter/IsCompleteHandler/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "cdk-integ-cluster-snapshot/Snapshoter/IsCompleteHandler/ServiceRole/Resource", @@ -1234,6 +1250,14 @@ "id": "ServiceRole", "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/framework-onEvent/ServiceRole", "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/framework-onEvent/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/framework-onEvent/ServiceRole/Resource", @@ -1402,7 +1426,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + "s3Key": "a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585.zip" }, "role": { "Fn::GetAtt": [ @@ -1454,6 +1478,14 @@ "id": "ServiceRole", "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/framework-isComplete/ServiceRole", "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/framework-isComplete/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/framework-isComplete/ServiceRole/Resource", @@ -1615,7 +1647,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + "s3Key": "a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585.zip" }, "role": { "Fn::GetAtt": [ @@ -1664,6 +1696,14 @@ "id": "ServiceRole", "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/framework-onTimeout/ServiceRole", "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/framework-onTimeout/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/framework-onTimeout/ServiceRole/Resource", @@ -1825,7 +1865,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + "s3Key": "a8a62b989c7866e3ad5b24f3eb6228f8ca91ebff5f5c76f1da466f6c805c0585.zip" }, "role": { "Fn::GetAtt": [ @@ -1874,6 +1914,14 @@ "id": "Role", "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/waiter-state-machine/Role", "children": { + "ImportRole": { + "id": "ImportRole", + "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/waiter-state-machine/Role/ImportRole", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "cdk-integ-cluster-snapshot/Snapshoter/SnapshotProvider/waiter-state-machine/Role/Resource", @@ -1996,7 +2044,7 @@ }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.140" + "version": "10.1.252" } } }, @@ -2026,7 +2074,7 @@ }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.140" + "version": "10.1.252" } }, "FromSnapshot": { @@ -2308,64 +2356,64 @@ "fqn": "@aws-cdk/aws-secretsmanager.RotationSchedule", "version": "0.0.0" } - }, - "Policy": { - "id": "Policy", - "path": "cdk-integ-cluster-snapshot/FromSnapshot/SnapshotSecret/Attachment/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "cdk-integ-cluster-snapshot/FromSnapshot/SnapshotSecret/Attachment/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", - "aws:cdk:cloudformation:props": { - "resourcePolicy": { - "Statement": [ - { - "Action": "secretsmanager:DeleteSecret", - "Effect": "Deny", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "cdk-integ-cluster-snapshot/FromSnapshot/SnapshotSecret/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-integ-cluster-snapshot/FromSnapshot/SnapshotSecret/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", + "aws:cdk:cloudformation:props": { + "resourcePolicy": { + "Statement": [ + { + "Action": "secretsmanager:DeleteSecret", + "Effect": "Deny", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] } - ], - "Version": "2012-10-17" - }, - "secretId": { - "Ref": "FromSnapshotSnapshotSecretAttachmentA3F619B8" + }, + "Resource": "*" } - } + ], + "Version": "2012-10-17" }, - "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", - "version": "0.0.0" + "secretId": { + "Ref": "cdkintegclustersnapshotFromSnapshotSnapshotSecretD93327943fdaad7efa858a3daf9490cf0a702aeb" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", + "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", "version": "0.0.0" } } @@ -2381,12 +2429,12 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", "aws:cdk:cloudformation:props": { - "engine": "aurora-mysql", "copyTagsToSnapshot": true, "dbClusterParameterGroupName": "default.aurora-mysql5.7", "dbSubnetGroupName": { "Ref": "FromSnapshotSubnets9ED4B8EE" }, + "engine": "aurora-mysql", "engineVersion": "5.7.mysql_aurora.2.10.2", "masterUserPassword": { "Fn::Join": [ @@ -2628,7 +2676,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.140" + "version": "10.1.252" } } }, diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.assets.json b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.assets.json index 5867eb7ea2b91..06206b4bc735d 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.assets.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.assets.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "30.1.0", "files": { "d01c24641c7d8cb6488393ffceaefff282370a9a522bf9d77b21da73fa257347": { "source": { @@ -14,7 +14,7 @@ } } }, - "ca59a5a9368640ecbf25d69e1e3312350b2d7b735c3b73b031c02657142ca94b": { + "e7bc0b577d93d8f59c7fe5e6f67a018347fe8fe4ea16a012eba5a7504564f2e0": { "source": { "path": "aws-cdk-rds-instance.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ca59a5a9368640ecbf25d69e1e3312350b2d7b735c3b73b031c02657142ca94b.json", + "objectKey": "e7bc0b577d93d8f59c7fe5e6f67a018347fe8fe4ea16a012eba5a7504564f2e0.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json index 4f724da4a1845..1e7427c56b992 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json @@ -623,7 +623,7 @@ } } }, - "InstanceSecretAttachmentPolicy60A8B8DE": { + "InstanceSecretPolicy87F03D0F": { "Type": "AWS::SecretsManager::ResourcePolicy", "Properties": { "ResourcePolicy": { @@ -655,7 +655,7 @@ "Version": "2012-10-17" }, "SecretId": { - "Ref": "InstanceSecretAttachment83BEE581" + "Ref": "InstanceSecret478E0A47" } } }, diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/cdk.out b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/cdk.out index 588d7b269d34f..b72fef144f05c 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"30.1.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/integ.json b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/integ.json index f00922c1b07f1..c82bfe665cd8e 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "30.1.0", "testCases": { "integ.instance.lit": { "stacks": [ diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/manifest.json b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/manifest.json index c78f81ebe89f1..95cadf434598f 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "30.1.0", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "aws-cdk-rds-instance.assets": { "type": "cdk:asset-manifest", "properties": { @@ -23,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ca59a5a9368640ecbf25d69e1e3312350b2d7b735c3b73b031c02657142ca94b.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e7bc0b577d93d8f59c7fe5e6f67a018347fe8fe4ea16a012eba5a7504564f2e0.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -243,10 +237,10 @@ "data": "InstanceSecretAttachmentRotationScheduleCC555119" } ], - "/aws-cdk-rds-instance/Instance/Secret/Attachment/Policy/Resource": [ + "/aws-cdk-rds-instance/Instance/Secret/Policy/Resource": [ { "type": "aws:cdk:logicalId", - "data": "InstanceSecretAttachmentPolicy60A8B8DE" + "data": "InstanceSecretPolicy87F03D0F" } ], "/aws-cdk-rds-instance/Instance/Resource": [ @@ -356,9 +350,24 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "InstanceSecretAttachmentPolicy60A8B8DE": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceSecretAttachmentPolicy60A8B8DE", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "aws-cdk-rds-instance" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/tree.json b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/tree.json index 59040e2e6e3a0..504c4594cbf5b 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "aws-cdk-rds-instance": { "id": "aws-cdk-rds-instance", "path": "aws-cdk-rds-instance", @@ -91,8 +83,8 @@ "id": "Acl", "path": "aws-cdk-rds-instance/VPC/PublicSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -258,8 +250,8 @@ "id": "Acl", "path": "aws-cdk-rds-instance/VPC/PublicSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -425,8 +417,8 @@ "id": "Acl", "path": "aws-cdk-rds-instance/VPC/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -544,8 +536,8 @@ "id": "Acl", "path": "aws-cdk-rds-instance/VPC/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -920,6 +912,14 @@ "id": "MonitoringRole", "path": "aws-cdk-rds-instance/Instance/MonitoringRole", "children": { + "ImportMonitoringRole": { + "id": "ImportMonitoringRole", + "path": "aws-cdk-rds-instance/Instance/MonitoringRole/ImportMonitoringRole", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "aws-cdk-rds-instance/Instance/MonitoringRole/Resource", @@ -1057,64 +1057,64 @@ "fqn": "@aws-cdk/aws-secretsmanager.RotationSchedule", "version": "0.0.0" } - }, - "Policy": { - "id": "Policy", - "path": "aws-cdk-rds-instance/Instance/Secret/Attachment/Policy", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-rds-instance/Instance/Secret/Attachment/Policy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", - "aws:cdk:cloudformation:props": { - "resourcePolicy": { - "Statement": [ - { - "Action": "secretsmanager:DeleteSecret", - "Effect": "Deny", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "aws-cdk-rds-instance/Instance/Secret/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-instance/Instance/Secret/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", + "aws:cdk:cloudformation:props": { + "resourcePolicy": { + "Statement": [ + { + "Action": "secretsmanager:DeleteSecret", + "Effect": "Deny", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] } - ], - "Version": "2012-10-17" - }, - "secretId": { - "Ref": "InstanceSecretAttachment83BEE581" + }, + "Resource": "*" } - } + ], + "Version": "2012-10-17" }, - "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", - "version": "0.0.0" + "secretId": { + "Ref": "InstanceSecret478E0A47" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", + "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", "version": "0.0.0" } } @@ -1214,8 +1214,8 @@ "id": "Resource", "path": "aws-cdk-rds-instance/Instance/LogRetentiontrace/Resource", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, @@ -1232,8 +1232,8 @@ "id": "Resource", "path": "aws-cdk-rds-instance/Instance/LogRetentionaudit/Resource", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, @@ -1250,8 +1250,8 @@ "id": "Resource", "path": "aws-cdk-rds-instance/Instance/LogRetentionalert/Resource", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, @@ -1268,8 +1268,8 @@ "id": "Resource", "path": "aws-cdk-rds-instance/Instance/LogRetentionlistener/Resource", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, @@ -1320,8 +1320,8 @@ "id": "SARMapping", "path": "aws-cdk-rds-instance/Instance/RotationSingleUser/SARMapping", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.CfnMapping", + "version": "0.0.0" } }, "Resource": { @@ -1525,8 +1525,8 @@ "id": "Stage", "path": "aws-cdk-rds-instance/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -1547,6 +1547,14 @@ "id": "ServiceRole", "path": "aws-cdk-rds-instance/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole", "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "aws-cdk-rds-instance/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "aws-cdk-rds-instance/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource", @@ -1638,14 +1646,14 @@ "id": "Resource", "path": "aws-cdk-rds-instance/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.1.252" } }, "HighCPU": { @@ -1694,6 +1702,14 @@ "id": "ServiceRole", "path": "aws-cdk-rds-instance/Function/ServiceRole", "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "aws-cdk-rds-instance/Function/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "aws-cdk-rds-instance/Function/ServiceRole/Resource", @@ -1768,17 +1784,41 @@ "fqn": "@aws-cdk/aws-lambda.Function", "version": "0.0.0" } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-rds-instance/BootstrapVersion", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-rds-instance/CheckBootstrapVersion", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnRule", + "version": "0.0.0" + } } }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.1.252" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.assets.json b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.assets.json new file mode 100644 index 0000000000000..c67db596bcf31 --- /dev/null +++ b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.assets.json @@ -0,0 +1,19 @@ +{ + "version": "30.1.0", + "files": { + "3b78e7a70e98ec500faa058ecc14892c94df0ab8d0359ba99718203b67d4a2e6": { + "source": { + "path": "aws-cdk-rds-integ-secret-rotation.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "3b78e7a70e98ec500faa058ecc14892c94df0ab8d0359ba99718203b67d4a2e6.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json new file mode 100644 index 0000000000000..84e9db49cabdc --- /dev/null +++ b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json @@ -0,0 +1,234 @@ +{ + "Transform": "AWS::SecretsManager-2020-07-23", + "Resources": { + "DbSecurity381C2C15": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "testsecretF8BBC644": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"admin\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "testsecretAttachment19AD251F": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "testsecretF8BBC644" + }, + "TargetId": { + "Ref": "DatabaseB269D8BB" + }, + "TargetType": "AWS::RDS::DBCluster" + } + }, + "testsecrettestscheduleEA0B5085": { + "Type": "AWS::SecretsManager::RotationSchedule", + "Properties": { + "SecretId": { + "Ref": "testsecretF8BBC644" + }, + "HostedRotationLambda": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "RotationType": "MySQLSingleUser" + }, + "RotationRules": { + "AutomaticallyAfterDays": 30 + } + } + }, + "testsecretPolicyA5D2F46F": { + "Type": "AWS::SecretsManager::ResourcePolicy", + "Properties": { + "ResourcePolicy": { + "Statement": [ + { + "Action": "secretsmanager:DeleteSecret", + "Effect": "Deny", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + }, + "Service": "ecs-tasks.amazonaws.com" + }, + "Resource": { + "Ref": "testsecretAttachment19AD251F" + } + } + ], + "Version": "2012-10-17" + }, + "SecretId": { + "Ref": "testsecretF8BBC644" + } + } + }, + "DatabaseB269D8BB": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-mysql5.7", + "EnableHttpEndpoint": true, + "Engine": "aurora-mysql", + "EngineMode": "serverless", + "KmsKeyId": { + "Fn::GetAtt": [ + "DbSecurity381C2C15", + "Arn" + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "testsecretF8BBC644" + }, + ":SecretString:username::}}" + ] + ] + }, + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "testsecretF8BBC644" + }, + ":SecretString:password::}}" + ] + ] + }, + "StorageEncrypted": true, + "VpcSecurityGroupIds": [] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/cdk.out b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/cdk.out new file mode 100644 index 0000000000000..b72fef144f05c --- /dev/null +++ b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"30.1.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.assets.json b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.assets.json new file mode 100644 index 0000000000000..b8d0a12323139 --- /dev/null +++ b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.assets.json @@ -0,0 +1,19 @@ +{ + "version": "30.1.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.template.json b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/integ.json b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/integ.json new file mode 100644 index 0000000000000..796211c1a7c05 --- /dev/null +++ b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "30.1.0", + "testCases": { + "cdk-rds-integ-secret-rotation/DefaultTest": { + "stacks": [ + "aws-cdk-rds-integ-secret-rotation" + ], + "assertionStack": "cdk-rds-integ-secret-rotation/DefaultTest/DeployAssert", + "assertionStackName": "cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/manifest.json b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/manifest.json new file mode 100644 index 0000000000000..db97d586370c2 --- /dev/null +++ b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/manifest.json @@ -0,0 +1,141 @@ +{ + "version": "30.1.0", + "artifacts": { + "aws-cdk-rds-integ-secret-rotation.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-rds-integ-secret-rotation.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-rds-integ-secret-rotation": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-rds-integ-secret-rotation.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3b78e7a70e98ec500faa058ecc14892c94df0ab8d0359ba99718203b67d4a2e6.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-rds-integ-secret-rotation.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-rds-integ-secret-rotation.assets" + ], + "metadata": { + "/aws-cdk-rds-integ-secret-rotation/DbSecurity/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DbSecurity381C2C15" + } + ], + "/aws-cdk-rds-integ-secret-rotation/test-secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testsecretF8BBC644" + } + ], + "/aws-cdk-rds-integ-secret-rotation/test-secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testsecretAttachment19AD251F" + } + ], + "/aws-cdk-rds-integ-secret-rotation/test-secret/test-schedule/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testsecrettestscheduleEA0B5085" + } + ], + "/aws-cdk-rds-integ-secret-rotation/test-secret/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testsecretPolicyA5D2F46F" + } + ], + "/aws-cdk-rds-integ-secret-rotation/Database/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DatabaseB269D8BB" + } + ], + "/aws-cdk-rds-integ-secret-rotation/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-rds-integ-secret-rotation/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-rds-integ-secret-rotation" + }, + "cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cdkrdsintegsecretrotationDefaultTestDeployAssert9780868B.assets" + ], + "metadata": { + "/cdk-rds-integ-secret-rotation/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cdk-rds-integ-secret-rotation/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cdk-rds-integ-secret-rotation/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/tree.json b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/tree.json new file mode 100644 index 0000000000000..324bde72c38a6 --- /dev/null +++ b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/tree.json @@ -0,0 +1,406 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-rds-integ-secret-rotation": { + "id": "aws-cdk-rds-integ-secret-rotation", + "path": "aws-cdk-rds-integ-secret-rotation", + "children": { + "DbSecurity": { + "id": "DbSecurity", + "path": "aws-cdk-rds-integ-secret-rotation/DbSecurity", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-integ-secret-rotation/DbSecurity/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-kms.Key", + "version": "0.0.0" + } + }, + "test-secret": { + "id": "test-secret", + "path": "aws-cdk-rds-integ-secret-rotation/test-secret", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-integ-secret-rotation/test-secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"admin\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.CfnSecret", + "version": "0.0.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "aws-cdk-rds-integ-secret-rotation/test-secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-integ-secret-rotation/test-secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "testsecretF8BBC644" + }, + "targetId": { + "Ref": "DatabaseB269D8BB" + }, + "targetType": "AWS::RDS::DBCluster" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.CfnSecretTargetAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.SecretTargetAttachment", + "version": "0.0.0" + } + }, + "test-schedule": { + "id": "test-schedule", + "path": "aws-cdk-rds-integ-secret-rotation/test-secret/test-schedule", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-integ-secret-rotation/test-secret/test-schedule/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::RotationSchedule", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "testsecretF8BBC644" + }, + "hostedRotationLambda": { + "rotationType": "MySQLSingleUser", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + }, + "rotationRules": { + "automaticallyAfterDays": 30 + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.CfnRotationSchedule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.RotationSchedule", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "aws-cdk-rds-integ-secret-rotation/test-secret/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-integ-secret-rotation/test-secret/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::ResourcePolicy", + "aws:cdk:cloudformation:props": { + "resourcePolicy": { + "Statement": [ + { + "Action": "secretsmanager:DeleteSecret", + "Effect": "Deny", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + }, + "Service": "ecs-tasks.amazonaws.com" + }, + "Resource": { + "Ref": "testsecretAttachment19AD251F" + } + } + ], + "Version": "2012-10-17" + }, + "secretId": { + "Ref": "testsecretF8BBC644" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-rds.DatabaseSecret", + "version": "0.0.0" + } + }, + "Database": { + "id": "Database", + "path": "aws-cdk-rds-integ-secret-rotation/Database", + "children": { + "AuroraMySqlDatabaseClusterEngineDefaultParameterGroup": { + "id": "AuroraMySqlDatabaseClusterEngineDefaultParameterGroup", + "path": "aws-cdk-rds-integ-secret-rotation/Database/AuroraMySqlDatabaseClusterEngineDefaultParameterGroup", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-integ-secret-rotation/Database/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", + "aws:cdk:cloudformation:props": { + "copyTagsToSnapshot": true, + "dbClusterParameterGroupName": "default.aurora-mysql5.7", + "enableHttpEndpoint": true, + "engine": "aurora-mysql", + "engineMode": "serverless", + "kmsKeyId": { + "Fn::GetAtt": [ + "DbSecurity381C2C15", + "Arn" + ] + }, + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "testsecretF8BBC644" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "testsecretF8BBC644" + }, + ":SecretString:password::}}" + ] + ] + }, + "storageEncrypted": true, + "vpcSecurityGroupIds": [] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-rds.CfnDBCluster", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-rds.ServerlessCluster", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-rds-integ-secret-rotation/BootstrapVersion", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-rds-integ-secret-rotation/CheckBootstrapVersion", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "cdk-rds-integ-secret-rotation": { + "id": "cdk-rds-integ-secret-rotation", + "path": "cdk-rds-integ-secret-rotation", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "cdk-rds-integ-secret-rotation/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "cdk-rds-integ-secret-rotation/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.252" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "cdk-rds-integ-secret-rotation/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cdk-rds-integ-secret-rotation/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cdk-rds-integ-secret-rotation/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.252" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.ts b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.ts new file mode 100644 index 0000000000000..af00df5d5ce99 --- /dev/null +++ b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster-secret-rotation.ts @@ -0,0 +1,33 @@ +import * as iam from '@aws-cdk/aws-iam'; +import * as kms from '@aws-cdk/aws-kms'; +import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; +import * as cdk from '@aws-cdk/core'; +import { IntegTest } from '@aws-cdk/integ-tests'; +import { Credentials, ServerlessCluster, DatabaseClusterEngine, DatabaseSecret } from '../lib'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-rds-integ-secret-rotation'); + +const kmsKey = new kms.Key(stack, 'DbSecurity'); +const secret = new DatabaseSecret(stack, 'test-secret', { + username: 'admin', +}); + +const cluster = new ServerlessCluster(stack, 'Database', { + engine: DatabaseClusterEngine.AURORA_MYSQL, + credentials: Credentials.fromSecret(secret), + storageEncryptionKey: kmsKey, +}); + +secret.addRotationSchedule('test-schedule', { + hostedRotation: secretsmanager.HostedRotation.mysqlSingleUser(), +}); + +cluster.grantDataApiAccess(new iam.AccountRootPrincipal()); +cluster.grantDataApiAccess(new iam.ServicePrincipal('ecs-tasks.amazonaws.com')); + +new IntegTest(app, 'cdk-rds-integ-secret-rotation', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts b/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts index bc49b5b6198ee..de80530b9ab6a 100644 --- a/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts +++ b/packages/@aws-cdk/aws-secretsmanager/lib/secret.ts @@ -835,22 +835,38 @@ export class SecretTargetAttachment extends SecretBase implements ISecretTargetA protected readonly autoCreatePolicy = true; + private readonly attachedSecret: ISecret; + constructor(scope: Construct, id: string, props: SecretTargetAttachmentProps) { super(scope, id); + this.attachedSecret = props.secret; const attachment = new secretsmanager.CfnSecretTargetAttachment(this, 'Resource', { - secretId: props.secret.secretArn, + secretId: this.attachedSecret.secretArn, targetId: props.target.asSecretAttachmentTarget().targetId, targetType: attachmentTargetTypeToString(props.target.asSecretAttachmentTarget().targetType), }); - this.encryptionKey = props.secret.encryptionKey; - this.secretName = props.secret.secretName; + this.encryptionKey = this.attachedSecret.encryptionKey; + this.secretName = this.attachedSecret.secretName; // This allows to reference the secret after attachment (dependency). this.secretArn = attachment.ref; this.secretTargetAttachmentSecretArn = attachment.ref; } + + /** + * Forward any additions to the resource policy to the original secret. + * This is required because a secret can only have a single resource policy. + * If we do not forward policy additions, a new policy resource is created using the secret attachment ARN. + * This ends up being rejected by CloudFormation. + */ + public addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult { + if (FeatureFlags.of(this).isEnabled(cxapi.SECRETS_MANAGER_TARGET_ATTACHMENT_RESOURCE_POLICY)) { + return this.attachedSecret.addToResourcePolicy(statement); + } + return super.addToResourcePolicy(statement); + } } /** diff --git a/packages/@aws-cdk/aws-secretsmanager/test/policy.test.ts b/packages/@aws-cdk/aws-secretsmanager/test/policy.test.ts new file mode 100644 index 0000000000000..a40c409b007b5 --- /dev/null +++ b/packages/@aws-cdk/aws-secretsmanager/test/policy.test.ts @@ -0,0 +1,43 @@ +import { Template } from '@aws-cdk/assertions'; +import * as iam from '@aws-cdk/aws-iam'; +import * as cdk from '@aws-cdk/core'; +import * as cxapi from '@aws-cdk/cx-api'; +import * as secretsmanager from '../lib'; +import { AttachmentTargetType, ISecretAttachmentTarget } from '../lib'; + +class MockAttachmentTarget extends cdk.Resource implements ISecretAttachmentTarget { + asSecretAttachmentTarget(): secretsmanager.SecretAttachmentTargetProps { + return { + targetId: 'mock-id', + targetType: AttachmentTargetType.RDS_DB_INSTANCE, + }; + } +} + +describe.each([ + [false, 2], + [true, 1], +])('@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments=%s', (featureFlagValue, expectedResourcePolicyCount) => { + const app = new cdk.App({ + context: { + [cxapi.SECRETS_MANAGER_TARGET_ATTACHMENT_RESOURCE_POLICY]: featureFlagValue, + }, + }); + const stack = new cdk.Stack(app); + + test('using addToResourcePolicy on a Secret and on a SecretAttachmentTarget attaching this Secret', () => { + // GIVEN + + const secret = new secretsmanager.Secret(stack, 'Secret'); + const servicePrincipalOne = new iam.ServicePrincipal('some-service-a'); + const servicePrincipalTwo = new iam.ServicePrincipal('some-service-b'); + const secretAttachment = secret.attach(new MockAttachmentTarget(stack, 'mock-target')); + + // WHEN + secret.grantRead(servicePrincipalOne); + secretAttachment.grantRead(servicePrincipalTwo); + + // THEN + Template.fromStack(stack).resourceCountIs('AWS::SecretsManager::ResourcePolicy', expectedResourcePolicyCount); + }); +}); diff --git a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md index 8e937da72da19..b1ef62b576767 100644 --- a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md +++ b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md @@ -47,6 +47,7 @@ Flags come in three types: | [@aws-cdk/aws-rds:databaseProxyUniqueResourceName](#aws-cdkaws-rdsdatabaseproxyuniqueresourcename) | Use unique resource name for Database Proxy | 2.65.0 | (fix) | | [@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId](#aws-cdkaws-apigatewayauthorizerchangedeploymentlogicalid) | Include authorizer configuration in the calculation of the API deployment logical ID. | 2.66.0 | (fix) | | [@aws-cdk/aws-ec2:launchTemplateDefaultUserData](#aws-cdkaws-ec2launchtemplatedefaultuserdata) | Define user data for a launch template by default when a machine image is provided. | V2NEXT | (fix) | +| [@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments](#aws-cdkaws-secretsmanageruseattachedsecretresourcepolicyforsecrettargetattachments) | SecretTargetAttachments uses the ResourcePolicy of the attached Secret. | V2NEXT | (fix) | @@ -84,7 +85,8 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true, "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true, "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true, - "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true } } ``` @@ -851,4 +853,26 @@ according to the OS of the machine image. | V2NEXT | `false` | `true` | +### @aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments + +*SecretTargetAttachments uses the ResourcePolicy of the attached Secret.* (fix) + +Enable this feature flag to make SecretTargetAttachments use the ResourcePolicy of the attached Secret. +SecretTargetAttachments are created to connect a Secret to a target resource. +In CDK code, they behave like regular Secret and can be used as a stand-in in most situations. +Previously, adding to the ResourcePolicy of a SecretTargetAttachment did attempt to create a separate ResourcePolicy for the same Secret. +However Secrets can only have a single ResourcePolicy, causing the CloudFormation deployment to fail. + +When enabling this feature flag for an existing Stack, ResourcePolicies created via a SecretTargetAttachment will need replacement. +This won't be possible without intervention due to limitation outlined above. +First remove all permissions granted to the Secret and deploy without the ResourcePolicies. +Then you can re-add the permissions and deploy again. + + +| Since | Default | Recommended | +| ----- | ----- | ----- | +| (not in v1) | | | +| V2NEXT | `false` | `true` | + + diff --git a/packages/@aws-cdk/cx-api/lib/features.ts b/packages/@aws-cdk/cx-api/lib/features.ts index 32c188740282c..1ae7e4dd6f2fc 100644 --- a/packages/@aws-cdk/cx-api/lib/features.ts +++ b/packages/@aws-cdk/cx-api/lib/features.ts @@ -82,6 +82,7 @@ export const DATABASE_PROXY_UNIQUE_RESOURCE_NAME = '@aws-cdk/aws-rds:databasePro export const CODEDEPLOY_REMOVE_ALARMS_FROM_DEPLOYMENT_GROUP = '@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup'; export const APIGATEWAY_AUTHORIZER_CHANGE_DEPLOYMENT_LOGICAL_ID = '@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId'; export const EC2_LAUNCH_TEMPLATE_DEFAULT_USER_DATA = '@aws-cdk/aws-ec2:launchTemplateDefaultUserData'; +export const SECRETS_MANAGER_TARGET_ATTACHMENT_RESOURCE_POLICY = '@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments'; export const FLAGS: Record = { ////////////////////////////////////////////////////////////////////// @@ -662,6 +663,7 @@ export const FLAGS: Record = { recommendedValue: true, }, + ////////////////////////////////////////////////////////////////////// [APIGATEWAY_AUTHORIZER_CHANGE_DEPLOYMENT_LOGICAL_ID]: { type: FlagType.BugFix, summary: 'Include authorizer configuration in the calculation of the API deployment logical ID.', @@ -675,6 +677,7 @@ export const FLAGS: Record = { recommendedValue: true, }, + ////////////////////////////////////////////////////////////////////// [EC2_LAUNCH_TEMPLATE_DEFAULT_USER_DATA]: { type: FlagType.BugFix, summary: 'Define user data for a launch template by default when a machine image is provided.', @@ -686,6 +689,26 @@ export const FLAGS: Record = { recommendedValue: true, introducedIn: { v2: 'V2NEXT' }, }, + + ////////////////////////////////////////////////////////////////////// + [SECRETS_MANAGER_TARGET_ATTACHMENT_RESOURCE_POLICY]: { + type: FlagType.BugFix, + summary: 'SecretTargetAttachments uses the ResourcePolicy of the attached Secret.', + detailsMd: ` + Enable this feature flag to make SecretTargetAttachments use the ResourcePolicy of the attached Secret. + SecretTargetAttachments are created to connect a Secret to a target resource. + In CDK code, they behave like regular Secret and can be used as a stand-in in most situations. + Previously, adding to the ResourcePolicy of a SecretTargetAttachment did attempt to create a separate ResourcePolicy for the same Secret. + However Secrets can only have a single ResourcePolicy, causing the CloudFormation deployment to fail. + + When enabling this feature flag for an existing Stack, ResourcePolicies created via a SecretTargetAttachment will need replacement. + This won't be possible without intervention due to limitation outlined above. + First remove all permissions granted to the Secret and deploy without the ResourcePolicies. + Then you can re-add the permissions and deploy again. + `, + recommendedValue: true, + introducedIn: { v2: 'V2NEXT' }, + }, }; const CURRENT_MV = 'v2';