From 8e21e783d50bf75550298d7c111ad3ddb97f5343 Mon Sep 17 00:00:00 2001
From: Niranjan Jayakar <16217941+nija-at@users.noreply.github.com>
Date: Thu, 20 Feb 2020 10:40:08 +0000
Subject: [PATCH 1/3] fix(lambda): erroneous inline code support for ruby
 (#6365)

See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile

fixes #6302



----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

<!--
Please read the contribution guidelines and follow the pull-request checklist:
https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md
 -->
---
 packages/@aws-cdk/aws-lambda/lib/runtime.ts   |  2 +-
 .../@aws-cdk/aws-lambda/test/test.function.ts | 10 ++++
 .../@aws-cdk/aws-lambda/test/test.lambda.ts   | 49 -------------------
 3 files changed, 11 insertions(+), 50 deletions(-)

diff --git a/packages/@aws-cdk/aws-lambda/lib/runtime.ts b/packages/@aws-cdk/aws-lambda/lib/runtime.ts
index 29f1d0358b977..61a1475ee3c89 100644
--- a/packages/@aws-cdk/aws-lambda/lib/runtime.ts
+++ b/packages/@aws-cdk/aws-lambda/lib/runtime.ts
@@ -47,7 +47,7 @@ export class Runtime {
   public static readonly DOTNET_CORE_2 =  new Runtime('dotnetcore2.0',  RuntimeFamily.DOTNET_CORE);
   public static readonly DOTNET_CORE_2_1 = new Runtime('dotnetcore2.1',  RuntimeFamily.DOTNET_CORE);
   public static readonly GO_1_X =         new Runtime('go1.x',          RuntimeFamily.GO);
-  public static readonly RUBY_2_5 =       new Runtime('ruby2.5',        RuntimeFamily.RUBY, { supportsInlineCode: true });
+  public static readonly RUBY_2_5 =       new Runtime('ruby2.5',        RuntimeFamily.RUBY);
   public static readonly PROVIDED =     new Runtime('provided',       RuntimeFamily.OTHER);
 
   /**
diff --git a/packages/@aws-cdk/aws-lambda/test/test.function.ts b/packages/@aws-cdk/aws-lambda/test/test.function.ts
index cfe793480b997..6a9e2fa343090 100644
--- a/packages/@aws-cdk/aws-lambda/test/test.function.ts
+++ b/packages/@aws-cdk/aws-lambda/test/test.function.ts
@@ -169,4 +169,14 @@ export = testCase({
 
     test.done();
   },
+
+  'fails when inline code is specified on an incompatible runtime'(test: Test) {
+    const stack = new cdk.Stack();
+    test.throws(() => new lambda.Function(stack, 'fn', {
+      handler: 'foo',
+      runtime: lambda.Runtime.PROVIDED,
+      code: lambda.Code.fromInline('foo')
+    }), /Inline source not allowed for/);
+    test.done();
+  }
 });
diff --git a/packages/@aws-cdk/aws-lambda/test/test.lambda.ts b/packages/@aws-cdk/aws-lambda/test/test.lambda.ts
index 513203ecee1a3..49de97a2625bc 100644
--- a/packages/@aws-cdk/aws-lambda/test/test.lambda.ts
+++ b/packages/@aws-cdk/aws-lambda/test/test.lambda.ts
@@ -1181,55 +1181,6 @@ export = {
     test.same(bindTarget, fn);
     test.done();
   },
-  'support inline code for Ruby runtime'(test: Test) {
-    const stack = new cdk.Stack();
-
-    new lambda.Function(stack, 'MyLambda', {
-      code: new lambda.InlineCode('foo'),
-      handler: 'index.handler',
-      runtime: lambda.Runtime.RUBY_2_5,
-    });
-
-    expect(stack).toMatch({
-      Resources:
-      {
-        MyLambdaServiceRole4539ECB6:
-        {
-          Type: 'AWS::IAM::Role',
-          Properties:
-          {
-            AssumeRolePolicyDocument:
-            {
-              Statement:
-                [{
-                  Action: 'sts:AssumeRole',
-                  Effect: 'Allow',
-                  Principal: { Service: "lambda.amazonaws.com" }
-                }],
-              Version: '2012-10-17'
-            },
-            ManagedPolicyArns:
-              // arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-              // tslint:disable-next-line:max-line-length
-              [{ 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole']] }],
-          }
-        },
-        MyLambdaCCE802FB:
-        {
-          Type: 'AWS::Lambda::Function',
-          Properties:
-          {
-            Code: { ZipFile: 'foo' },
-            Handler: 'index.handler',
-            Role: { 'Fn::GetAtt': ['MyLambdaServiceRole4539ECB6', 'Arn'] },
-            Runtime: 'ruby2.5'
-          },
-          DependsOn: ['MyLambdaServiceRole4539ECB6']
-        }
-      }
-    });
-    test.done();
-  },
 
   'using an incompatible layer'(test: Test) {
     // GIVEN

From d0682ab334b5a8791b280465502f1b575d4fdb86 Mon Sep 17 00:00:00 2001
From: flemjame-at-amazon
 <57235867+flemjame-at-amazon@users.noreply.github.com>
Date: Thu, 20 Feb 2020 06:33:10 -0500
Subject: [PATCH 2/3]  fix(ec2): BastionHostLinux subnet type fallback behavior
 (#6355)

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
---
 packages/@aws-cdk/aws-ec2/lib/bastion-host.ts |  4 +-
 .../aws-ec2/test/test.bastion-host.ts         | 50 +++++++++++++++++++
 2 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 packages/@aws-cdk/aws-ec2/test/test.bastion-host.ts

diff --git a/packages/@aws-cdk/aws-ec2/lib/bastion-host.ts b/packages/@aws-cdk/aws-ec2/lib/bastion-host.ts
index 92ffb6dd61cb5..fb0ef6bed51f8 100644
--- a/packages/@aws-cdk/aws-ec2/lib/bastion-host.ts
+++ b/packages/@aws-cdk/aws-ec2/lib/bastion-host.ts
@@ -7,7 +7,7 @@ import { IMachineImage, MachineImage } from "./machine-image";
 import { IPeer } from "./peer";
 import { Port } from "./port";
 import { ISecurityGroup } from "./security-group";
-import { IVpc, SubnetSelection, SubnetType } from "./vpc";
+import { IVpc, SubnetSelection } from "./vpc";
 
 /**
  * Properties of the bastion host
@@ -136,7 +136,7 @@ export class BastionHostLinux extends Construct implements IInstance {
       instanceName: props.instanceName ?? 'BastionHost',
       instanceType: props.instanceType ?? InstanceType.of(InstanceClass.T3, InstanceSize.NANO),
       machineImage: props.machineImage ?? MachineImage.latestAmazonLinux({ generation: AmazonLinuxGeneration.AMAZON_LINUX_2 }),
-      vpcSubnets: props.subnetSelection ?? { subnetType: SubnetType.PRIVATE },
+      vpcSubnets: props.subnetSelection ?? {},
     });
     this.instance.addToRolePolicy(new PolicyStatement({
       actions: [
diff --git a/packages/@aws-cdk/aws-ec2/test/test.bastion-host.ts b/packages/@aws-cdk/aws-ec2/test/test.bastion-host.ts
new file mode 100644
index 0000000000000..aff6dd3e35728
--- /dev/null
+++ b/packages/@aws-cdk/aws-ec2/test/test.bastion-host.ts
@@ -0,0 +1,50 @@
+import { expect, haveResource } from '@aws-cdk/assert';
+import { Stack } from '@aws-cdk/core';
+import { Test } from 'nodeunit';
+import { BastionHostLinux, SubnetType, Vpc } from "../lib";
+
+export = {
+  'default instance is created in basic'(test: Test) {
+    // GIVEN
+    const stack = new Stack();
+    const vpc = new Vpc(stack, 'VPC');
+
+    // WHEN
+    new BastionHostLinux(stack, 'Bastion', {
+      vpc,
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::EC2::Instance', {
+      InstanceType: 't3.nano',
+      SubnetId: {Ref: "VPCPrivateSubnet1Subnet8BCA10E0"}
+    }));
+
+    test.done();
+  },
+  'default instance is created in isolated vpc'(test: Test) {
+    // GIVEN
+    const stack = new Stack();
+    const vpc = new Vpc(stack, 'VPC', {
+        subnetConfiguration: [
+          {
+            subnetType: SubnetType.ISOLATED,
+            name: 'Isolated',
+          }
+        ]
+      });
+
+    // WHEN
+    new BastionHostLinux(stack, 'Bastion', {
+      vpc
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::EC2::Instance', {
+      InstanceType: 't3.nano',
+      SubnetId: {Ref: "VPCIsolatedSubnet1SubnetEBD00FC6"}
+    }));
+
+    test.done();
+  },
+};

From 0a953dadae023248b5b66aeac5d359e0645f8766 Mon Sep 17 00:00:00 2001
From: Joseph Atkins-Turkish <spacerat3004@gmail.com>
Date: Thu, 20 Feb 2020 04:17:13 -0800
Subject: [PATCH 3/3] docs(cloudtrail): fix bullet point list (#6353)

The indent was causing the list to fail to render.

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
---
 packages/@aws-cdk/aws-cloudtrail/README.md | 23 +++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/packages/@aws-cdk/aws-cloudtrail/README.md b/packages/@aws-cdk/aws-cloudtrail/README.md
index 4a34113c146be..663a507294ca9 100644
--- a/packages/@aws-cdk/aws-cloudtrail/README.md
+++ b/packages/@aws-cdk/aws-cloudtrail/README.md
@@ -26,17 +26,18 @@ const trail = new cloudtrail.Trail(this, 'CloudTrail');
 ```
 
 You can instantiate the CloudTrail construct with no arguments - this will by default:
-    * Create a new S3 Bucket and associated Policy that allows CloudTrail to write to it
-    * Create a CloudTrail with the following configuration:
-        * Logging Enabled
-        * Log file validation enabled
-        * Multi Region set to true
-        * Global Service Events set to true
-        * The created S3 bucket
-        * CloudWatch Logging Disabled
-        * No SNS configuartion
-        * No tags
-        * No fixed name
+
+ * Create a new S3 Bucket and associated Policy that allows CloudTrail to write to it
+ * Create a CloudTrail with the following configuration:
+     * Logging Enabled
+     * Log file validation enabled
+     * Multi Region set to true
+     * Global Service Events set to true
+     * The created S3 bucket
+     * CloudWatch Logging Disabled
+     * No SNS configuartion
+     * No tags
+     * No fixed name
 
 You can override any of these properties using the `CloudTrailProps` configuraiton object.