-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
28 changed files
with
370 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# AWS CDK GitHub Actions | ||
|
||
These workflows and actions are configured in the AWS CDK GitHub repository. | ||
|
||
## Pull Request Triggered | ||
|
||
### Auto Approve | ||
[auto-approve.yml](auto-approve.yml): Approves merging PRs with the | ||
`pr/auto-approve` label. | ||
Owner: Core CDK team | ||
|
||
### PR Linter | ||
[pr-linter.yml](pr-linter.yml): Runs `tools/@aws-cdk-prlint` on each PR to | ||
check for correctness. | ||
Owner: Core CDK team | ||
|
||
### v2-main PR automation | ||
[v2-pull-request.yml](v2-pull-request.yml): Runs `pkglint` on merge forward PRs | ||
and commits the results. | ||
Owner: Core CDK team | ||
|
||
### Label Assigner | ||
[issue-label-assign.yml](issue-label-assign.yml): Github action for automatically adding labels and/or setting assignees when an Issue or PR is opened or edited based on user-defined Area | ||
Owner: CDK support team | ||
|
||
## Issue Triggered | ||
|
||
### Closed Issue Message | ||
[closed-issue-message.yml](closed-issue-message.yml): Adds a reminder message | ||
to issues that are closed. | ||
Owner: CDK support team | ||
|
||
### Label Assigner | ||
[issue-label-assign.yml](issue-label-assign.yml): Github action for automatically adding labels and/or setting assignees when an Issue or PR is opened or edited based on user-defined Area | ||
Owner: CDK support team | ||
|
||
## Scheduled Actions | ||
|
||
### Issue Lifecycle Handling | ||
[close-stale-issues.yml](close-stale-issues.yml): Handles labeling issues and | ||
PRs with `closing-soon`, `response-requested`, etc. | ||
Owner: CDK support team | ||
|
||
### Yarn Upgrader | ||
[yarn-upgrade.yml](yarn-upgrade.yml): Upgrades yarn dependencies and creates a | ||
patch file for downloading. | ||
Owner: Core CDK team |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
export * from './require-imdsv2-aspect'; |
38 changes: 38 additions & 0 deletions
38
packages/@aws-cdk/aws-autoscaling/lib/aspects/require-imdsv2-aspect.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
import * as cdk from '@aws-cdk/core'; | ||
import { AutoScalingGroup } from '../auto-scaling-group'; | ||
import { CfnLaunchConfiguration } from '../autoscaling.generated'; | ||
|
||
/** | ||
* Aspect that makes IMDSv2 required on instances deployed by AutoScalingGroups. | ||
*/ | ||
export class AutoScalingGroupRequireImdsv2Aspect implements cdk.IAspect { | ||
constructor() { | ||
} | ||
|
||
public visit(node: cdk.IConstruct): void { | ||
if (!(node instanceof AutoScalingGroup)) { | ||
return; | ||
} | ||
|
||
const launchConfig = node.node.tryFindChild('LaunchConfig') as CfnLaunchConfiguration; | ||
if (cdk.isResolvableObject(launchConfig.metadataOptions)) { | ||
this.warn(node, 'CfnLaunchConfiguration.MetadataOptions field is a CDK token.'); | ||
return; | ||
} | ||
|
||
launchConfig.metadataOptions = { | ||
...launchConfig.metadataOptions, | ||
httpTokens: 'required', | ||
}; | ||
} | ||
|
||
/** | ||
* Adds a warning annotation to a node. | ||
* | ||
* @param node The scope to add the warning to. | ||
* @param message The warning message. | ||
*/ | ||
protected warn(node: cdk.IConstruct, message: string) { | ||
cdk.Annotations.of(node).addWarning(`${AutoScalingGroupRequireImdsv2Aspect.name} failed on node ${node.node.id}: ${message}`); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
79 changes: 79 additions & 0 deletions
79
packages/@aws-cdk/aws-autoscaling/test/aspects/require-imdsv2-aspect.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
import { | ||
expect as expectCDK, | ||
haveResourceLike, | ||
} from '@aws-cdk/assert-internal'; | ||
import '@aws-cdk/assert-internal/jest'; | ||
import * as ec2 from '@aws-cdk/aws-ec2'; | ||
import * as cdk from '@aws-cdk/core'; | ||
import { | ||
AutoScalingGroup, | ||
AutoScalingGroupRequireImdsv2Aspect, | ||
CfnLaunchConfiguration, | ||
} from '../../lib'; | ||
|
||
describe('AutoScalingGroupRequireImdsv2Aspect', () => { | ||
let app: cdk.App; | ||
let stack: cdk.Stack; | ||
let vpc: ec2.Vpc; | ||
|
||
beforeEach(() => { | ||
app = new cdk.App(); | ||
stack = new cdk.Stack(app, 'Stack'); | ||
vpc = new ec2.Vpc(stack, 'Vpc'); | ||
}); | ||
|
||
test('warns when metadataOptions is a token', () => { | ||
// GIVEN | ||
const asg = new AutoScalingGroup(stack, 'AutoScalingGroup', { | ||
vpc, | ||
instanceType: new ec2.InstanceType('t2.micro'), | ||
machineImage: ec2.MachineImage.latestAmazonLinux(), | ||
}); | ||
const launchConfig = asg.node.tryFindChild('LaunchConfig') as CfnLaunchConfiguration; | ||
launchConfig.metadataOptions = fakeToken(); | ||
const aspect = new AutoScalingGroupRequireImdsv2Aspect(); | ||
|
||
// WHEN | ||
cdk.Aspects.of(stack).add(aspect); | ||
|
||
// THEN | ||
expectCDK(stack).notTo(haveResourceLike('AWS::AutoScaling::LaunchConfiguration', { | ||
MetadataOptions: { | ||
HttpTokens: 'required', | ||
}, | ||
})); | ||
expect(asg.node.metadataEntry).toContainEqual({ | ||
data: expect.stringContaining('CfnLaunchConfiguration.MetadataOptions field is a CDK token.'), | ||
type: 'aws:cdk:warning', | ||
trace: undefined, | ||
}); | ||
}); | ||
|
||
test('requires IMDSv2', () => { | ||
// GIVEN | ||
new AutoScalingGroup(stack, 'AutoScalingGroup', { | ||
vpc, | ||
instanceType: new ec2.InstanceType('t2.micro'), | ||
machineImage: ec2.MachineImage.latestAmazonLinux(), | ||
}); | ||
const aspect = new AutoScalingGroupRequireImdsv2Aspect(); | ||
|
||
// WHEN | ||
cdk.Aspects.of(stack).add(aspect); | ||
|
||
// THEN | ||
expectCDK(stack).to(haveResourceLike('AWS::AutoScaling::LaunchConfiguration', { | ||
MetadataOptions: { | ||
HttpTokens: 'required', | ||
}, | ||
})); | ||
}); | ||
}); | ||
|
||
function fakeToken(): cdk.IResolvable { | ||
return { | ||
creationStack: [], | ||
resolve: (_c) => {}, | ||
toString: () => '', | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.