Merge branch 'main' into ecs-new-arn-format

package.json

@@ -23,10 +23,10 @@
     "fs-extra": "^9.1.0",
     "graceful-fs": "^4.2.10",
     "jest-junit": "^13.2.0",
-    "jsii-diff": "^1.62.0",
-    "jsii-pacmak": "^1.62.0",
-    "jsii-reflect": "^1.62.0",
-    "jsii-rosetta": "^1.62.0",
+    "jsii-diff": "^1.63.0",
+    "jsii-pacmak": "^1.63.0",
+    "jsii-reflect": "^1.63.0",
+    "jsii-rosetta": "^1.63.0",
     "lerna": "^4.0.0",
     "patch-package": "^6.4.7",
     "semver": "^6.3.0",

packages/@aws-cdk/aws-apigateway/lib/restapi.ts

@@ -180,6 +180,13 @@ export interface RestApiBaseProps {
    * @default false
    */
   readonly disableExecuteApiEndpoint?: boolean;
+
+  /**
+   * A description of the RestApi construct.
+   *
+   * @default - 'Automatically created by the RestApi construct'
+   */
+  readonly description?: string;
 }
 
 /**
@@ -193,12 +200,6 @@ export interface RestApiOptions extends RestApiBaseProps, ResourceOptions {
  * Props to create a new instance of RestApi
  */
 export interface RestApiProps extends RestApiOptions {
-  /**
-   * A description of the purpose of this API Gateway RestApi resource.
-   *
-   * @default - No description.
-   */
-  readonly description?: string;
 
   /**
    * The list of binary media mime-types that are supported by the RestApi
@@ -554,7 +555,7 @@ export abstract class RestApiBase extends Resource implements IRestApi {
     if (deploy) {
 
       this._latestDeployment = new Deployment(this, 'Deployment', {
-        description: 'Automatically created by the RestApi construct',
+        description: props.description? props.description :'Automatically created by the RestApi construct',
         api: this,
         retainDeployments: props.retainDeployments,
       });

packages/@aws-cdk/aws-apigateway/test/restapi.test.ts

@@ -1096,4 +1096,36 @@ describe('restapi', () => {
       DisableExecuteApiEndpoint: true,
     });
   });
+
+
+  describe('Description', () => {
+    test('description can be set', () => {
+      // GIVEN
+      const stack = new Stack();
+
+      // WHEN
+      const api = new apigw.RestApi(stack, 'my-api', { description: 'My API' });
+      api.root.addMethod('GET');
+
+      // THEN
+      Template.fromStack(stack).hasResourceProperties(
+        'AWS::ApiGateway::RestApi',
+        {
+          Description: 'My API',
+        });
+    });
+
+    test('description is not set', () => {
+      // GIVEN
+      const stack = new Stack();
+
+      // WHEN
+      const api = new apigw.RestApi(stack, 'my-api');
+      api.root.addMethod('GET');
+
+      // THEN
+      Template.fromStack(stack).hasResourceProperties(
+        'AWS::ApiGateway::RestApi', {});
+    });
+  });
 });

packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts

@@ -818,18 +818,6 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
         ? `${props.comment.slice(0, 128 - 3)}...`
         : props.comment;
 
-    let distributionConfig: CfnDistribution.DistributionConfigProperty = {
-      comment: trimmedComment,
-      enabled: props.enabled ?? true,
-      defaultRootObject: props.defaultRootObject ?? 'index.html',
-      httpVersion: props.httpVersion || HttpVersion.HTTP2,
-      priceClass: props.priceClass || PriceClass.PRICE_CLASS_100,
-      ipv6Enabled: props.enableIpV6 ?? true,
-      // eslint-disable-next-line max-len
-      customErrorResponses: props.errorConfigurations, // TODO: validation : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html#cfn-cloudfront-distribution-customerrorresponse-errorcachingminttl
-      webAclId: props.webACLId,
-    };
-
     const behaviors: BehaviorWithOrigin[] = [];
 
     const origins: CfnDistribution.OriginProperty[] = [];
@@ -892,19 +880,12 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
           quantity: originGroups.length,
         }
         : undefined;
-    distributionConfig = {
-      ...distributionConfig,
-      origins,
-      originGroups: originGroupsDistConfig,
-    };
 
     const defaultBehaviors = behaviors.filter(behavior => behavior.isDefaultBehavior);
     if (defaultBehaviors.length !== 1) {
       throw new Error('There can only be one default behavior across all sources. [ One default behavior per distribution ].');
     }
 
-    distributionConfig = { ...distributionConfig, defaultCacheBehavior: this.toBehavior(defaultBehaviors[0], props.viewerProtocolPolicy) };
-
     const otherBehaviors: CfnDistribution.CacheBehaviorProperty[] = [];
     for (const behavior of behaviors.filter(b => !b.isDefaultBehavior)) {
       if (!behavior.pathPattern) {
@@ -913,7 +894,23 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
       otherBehaviors.push(this.toBehavior(behavior, props.viewerProtocolPolicy) as CfnDistribution.CacheBehaviorProperty);
     }
 
-    distributionConfig = { ...distributionConfig, cacheBehaviors: otherBehaviors.length > 0 ? otherBehaviors : undefined };
+    let distributionConfig: CfnDistribution.DistributionConfigProperty = {
+      comment: trimmedComment,
+      enabled: props.enabled ?? true,
+      defaultRootObject: props.defaultRootObject ?? 'index.html',
+      httpVersion: props.httpVersion || HttpVersion.HTTP2,
+      priceClass: props.priceClass || PriceClass.PRICE_CLASS_100,
+      ipv6Enabled: props.enableIpV6 ?? true,
+      // eslint-disable-next-line max-len
+      customErrorResponses: props.errorConfigurations, // TODO: validation : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html#cfn-cloudfront-distribution-customerrorresponse-errorcachingminttl
+      webAclId: props.webACLId,
+
+      origins,
+      originGroups: originGroupsDistConfig,
+
+      defaultCacheBehavior: this.toBehavior(defaultBehaviors[0], props.viewerProtocolPolicy),
+      cacheBehaviors: otherBehaviors.length > 0 ? otherBehaviors : undefined,
+    };
 
     if (props.aliasConfiguration && props.viewerCertificate) {
       throw new Error([

packages/@aws-cdk/aws-config/lib/rule.ts

@@ -783,6 +783,16 @@ export class ManagedRuleIdentifiers {
    * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-imdsv2-check.html
    */
   public static readonly EC2_IMDSV2_CHECK = 'EC2_IMDSV2_CHECK';
+  /**
+   * Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running the oldest supported version.
+   * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-oldest-supported-version.html
+   */
+  public static readonly EKS_CLUSTER_OLDEST_SUPPORTED_VERSION = 'EKS_CLUSTER_OLDEST_SUPPORTED_VERSION';
+  /**
+    * Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running a supported Kubernetes version.
+    * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-supported-version.html
+    */
+  public static readonly EKS_CLUSTER_SUPPORTED_VERSION = 'EKS_CLUSTER_SUPPORTED_VERSION';
   /**
    * Checks whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoint is not publicly accessible.
    * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-endpoint-no-public-access.html
@@ -1322,6 +1332,8 @@ export class ResourceType {
   public static readonly EC2_VPC_ENDPOINT_SERVICE = new ResourceType('AWS::EC2::VPCEndpointService');
   /** EC2 VPC peering connection */
   public static readonly EC2_VPC_PEERING_CONNECTION = new ResourceType('AWS::EC2::VPCPeeringConnection');
+  /** Amazon Elastic Kubernetes Service cluster */
+  public static readonly EKS_CLUSTER = new ResourceType('AWS::EKS::Cluster');
   /** Amazon ElasticSearch domain */
   public static readonly ELASTICSEARCH_DOMAIN = new ResourceType('AWS::Elasticsearch::Domain');
   /** Amazon QLDB ledger */

packages/@aws-cdk/aws-config/test/rule.test.ts

@@ -264,4 +264,38 @@ describe('rule', () => {
       },
     });
   });
+
+  test('Add EKS Cluster check to ManagedRule', () => {
+    // GIVEN
+    const stack1 = new cdk.Stack();
+    const stack2 = new cdk.Stack();
+
+    // WHEN
+    new config.ManagedRule(stack1, 'RuleEksClusterOldest', {
+      identifier: config.ManagedRuleIdentifiers.EKS_CLUSTER_OLDEST_SUPPORTED_VERSION,
+      ruleScope: config.RuleScope.fromResource(config.ResourceType.EKS_CLUSTER),
+    });
+    new config.ManagedRule(stack2, 'RuleEksClusterVersion', {
+      identifier: config.ManagedRuleIdentifiers.EKS_CLUSTER_SUPPORTED_VERSION,
+      ruleScope: config.RuleScope.fromResources([config.ResourceType.EKS_CLUSTER]),
+    });
+
+    // THEN
+    Template.fromStack(stack1).hasResourceProperties('AWS::Config::ConfigRule', {
+      Source: {
+        SourceIdentifier: 'EKS_CLUSTER_OLDEST_SUPPORTED_VERSION',
+      },
+      Scope: {
+        ComplianceResourceTypes: ['AWS::EKS::Cluster'],
+      },
+    });
+    Template.fromStack(stack2).hasResourceProperties('AWS::Config::ConfigRule', {
+      Source: {
+        SourceIdentifier: 'EKS_CLUSTER_SUPPORTED_VERSION',
+      },
+      Scope: {
+        ComplianceResourceTypes: ['AWS::EKS::Cluster'],
+      },
+    });
+  });
 });

packages/@aws-cdk/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.ts

@@ -144,9 +144,11 @@ export class ApplicationLoadBalancedFargateService extends ApplicationLoadBalanc
       const containerName = taskImageOptions.containerName ?? 'web';
       const container = this.taskDefinition.addContainer(containerName, {
         image: taskImageOptions.image,
-        logging: logDriver,
+        cpu: props.cpu,
+        memoryLimitMiB: props.memoryLimitMiB,
         environment: taskImageOptions.environment,
         secrets: taskImageOptions.secrets,
+        logging: logDriver,
         dockerLabels: taskImageOptions.dockerLabels,
       });
       container.addPortMappings({

packages/@aws-cdk/aws-ecs-patterns/lib/fargate/application-multiple-target-groups-fargate-service.ts

@@ -134,9 +134,11 @@ export class ApplicationMultipleTargetGroupsFargateService extends ApplicationMu
       const containerName = taskImageOptions.containerName ?? 'web';
       const container = this.taskDefinition.addContainer(containerName, {
         image: taskImageOptions.image,
-        logging: this.logDriver,
+        cpu: props.cpu,
+        memoryLimitMiB: props.memoryLimitMiB,
         environment: taskImageOptions.environment,
         secrets: taskImageOptions.secrets,
+        logging: this.logDriver,
         dockerLabels: taskImageOptions.dockerLabels,
       });
       if (taskImageOptions.containerPorts) {

packages/@aws-cdk/aws-ecs-patterns/lib/fargate/network-load-balanced-fargate-service.ts

@@ -131,9 +131,11 @@ export class NetworkLoadBalancedFargateService extends NetworkLoadBalancedServic
       const containerName = taskImageOptions.containerName ?? 'web';
       const container = this.taskDefinition.addContainer(containerName, {
         image: taskImageOptions.image,
-        logging: logDriver,
+        cpu: props.cpu,
+        memoryLimitMiB: props.memoryLimitMiB,
         environment: taskImageOptions.environment,
         secrets: taskImageOptions.secrets,
+        logging: logDriver,
         dockerLabels: taskImageOptions.dockerLabels,
       });
       container.addPortMappings({

packages/@aws-cdk/aws-ecs-patterns/lib/fargate/network-multiple-target-groups-fargate-service.ts

@@ -134,9 +134,11 @@ export class NetworkMultipleTargetGroupsFargateService extends NetworkMultipleTa
       const containerName = taskImageOptions.containerName ?? 'web';
       const container = this.taskDefinition.addContainer(containerName, {
         image: taskImageOptions.image,
-        logging: this.logDriver,
+        cpu: props.cpu,
+        memoryLimitMiB: props.memoryLimitMiB,
         environment: taskImageOptions.environment,
         secrets: taskImageOptions.secrets,
+        logging: this.logDriver,
         dockerLabels: taskImageOptions.dockerLabels,
       });
       if (taskImageOptions.containerPorts) {

packages/@aws-cdk/aws-ecs-patterns/lib/fargate/queue-processing-fargate-service.ts

@@ -120,17 +120,22 @@ export class QueueProcessingFargateService extends QueueProcessingServiceBase {
   constructor(scope: Construct, id: string, props: QueueProcessingFargateServiceProps) {
     super(scope, id, props);
 
+    const cpu = props.cpu || 256;
+    const memoryLimitMiB = props.memoryLimitMiB || 512;
+
     // Create a Task Definition for the container to start
     this.taskDefinition = new FargateTaskDefinition(this, 'QueueProcessingTaskDef', {
-      memoryLimitMiB: props.memoryLimitMiB || 512,
-      cpu: props.cpu || 256,
+      cpu,
+      memoryLimitMiB,
       family: props.family,
     });
 
     const containerName = props.containerName ?? 'QueueProcessingContainer';
 
     this.taskDefinition.addContainer(containerName, {
       image: props.image,
+      cpu,
+      memoryLimitMiB,
       command: props.command,
       environment: this.environment,
       secrets: this.secrets,

packages/@aws-cdk/aws-ecs-patterns/lib/fargate/scheduled-fargate-task.ts

@@ -111,12 +111,17 @@ export class ScheduledFargateTask extends ScheduledTaskBase {
       this.taskDefinition = props.scheduledFargateTaskDefinitionOptions.taskDefinition;
     } else if (props.scheduledFargateTaskImageOptions) {
       const taskImageOptions = props.scheduledFargateTaskImageOptions;
+      const cpu = taskImageOptions.cpu || 256;
+      const memoryLimitMiB = taskImageOptions.memoryLimitMiB || 512;
+
       this.taskDefinition = new FargateTaskDefinition(this, 'ScheduledTaskDef', {
-        memoryLimitMiB: taskImageOptions.memoryLimitMiB || 512,
-        cpu: taskImageOptions.cpu || 256,
+        memoryLimitMiB,
+        cpu,
       });
       this.taskDefinition.addContainer('ScheduledContainer', {
         image: taskImageOptions.image,
+        memoryLimitMiB,
+        cpu,
         command: taskImageOptions.command,
         environment: taskImageOptions.environment,
         secrets: taskImageOptions.secrets,

packages/@aws-cdk/aws-ecs-patterns/test/ec2/l3s.test.ts

@@ -499,6 +499,8 @@ test('test Fargate loadbalanced construct', () => {
   // WHEN
   new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'Service', {
     cluster,
+    cpu: 1024,
+    memoryLimitMiB: 2048,
     taskImageOptions: {
       image: ecs.ContainerImage.fromRegistry('test'),
       environment: {
@@ -515,6 +517,11 @@ test('test Fargate loadbalanced construct', () => {
   Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', {
     ContainerDefinitions: [
       Match.objectLike({
+        Cpu: 1024,
+        DockerLabels: {
+          label1: 'labelValue1',
+          label2: 'labelValue2',
+        },
         Environment: [
           {
             Name: 'TEST_ENVIRONMENT_VARIABLE1',
@@ -525,6 +532,7 @@ test('test Fargate loadbalanced construct', () => {
             Value: 'test environment variable 2 value',
           },
         ],
+        Image: 'test',
         LogConfiguration: {
           LogDriver: 'awslogs',
           Options: {
@@ -533,12 +541,11 @@ test('test Fargate loadbalanced construct', () => {
             'awslogs-region': { Ref: 'AWS::Region' },
           },
         },
-        DockerLabels: {
-          label1: 'labelValue1',
-          label2: 'labelValue2',
-        },
+        Memory: 2048,
       }),
     ],
+    Cpu: '1024',
+    Memory: '2048',
   });
 
   Template.fromStack(stack).hasResourceProperties('AWS::ECS::Service', {

packages/@aws-cdk/aws-ecs-patterns/test/fargate/alb-fargate-service-https.integ.snapshot/aws-ecs-integ-alb-fg-https.template.json

@@ -636,6 +636,7 @@
         }
        }
       },
+      "Memory": 512,
       "Name": "web",
       "PortMappings": [
        {

packages/@aws-cdk/aws-ecs-patterns/test/fargate/circuit-breaker-load-balanced-fargate-service.integ.snapshot/aws-ecs-integ.template.json

@@ -529,6 +529,7 @@
         }
        }
       },
+      "Memory": 512,
       "Name": "web",
       "PortMappings": [
        {

packages/@aws-cdk/aws-ecs-patterns/test/fargate/circuit-breaker-queue-processing-fargate-service.integ.snapshot/aws-ecs-patterns-queue.template.json

@@ -461,6 +461,7 @@
    "Properties": {
     "ContainerDefinitions": [
      {
+      "Cpu": 256,
       "Environment": [
        {
         "Name": "QUEUE_NAME",
@@ -504,6 +505,7 @@
         }
        }
       },
+      "Memory": 512,
       "Name": "QueueProcessingContainer"
      }
     ],