From 3b4a46ec37639cbb1fac070f45e3dc4b0bf9b71a Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Sun, 28 Jan 2024 13:29:50 -0800 Subject: [PATCH 1/5] (app-staging-synthesizer-alpha): encryption type for staging bucket --- .../Dockerfile | 3 + .../index.py | 6 + .../app-staging-synthesizer-alpha/README.md | 14 + .../lib/default-staging-stack.ts | 32 +- .../test/app-staging-synthesizer.test.ts | 83 ++- ...-resourcesmax-ACCOUNT-REGION.template.json | 362 +++++++++++++ .../cdk.out | 1 + .../integ.json | 13 + ...efaultTestDeployAssert44C8D370.assets.json | 19 + ...aultTestDeployAssert44C8D370.template.json | 36 ++ .../manifest.json | 148 +++++ .../synthesize-default-encryption.assets.json | 19 + ...ynthesize-default-encryption.template.json | 1 + .../tree.json | 511 ++++++++++++++++++ .../test/integ.synth-default-encryption.ts | 29 + ...c2a01b7f7965833643ab37e62799f19a37f650.zip | Bin 0 -> 319 bytes packages/aws-cdk-lib/amzn-sdc/.jsiirc.json | 13 + packages/aws-cdk-lib/amzn-sdc/README.md | 39 ++ packages/aws-cdk-lib/amzn-sdc/index.ts | 1 + packages/aws-cdk-lib/amzn-sdc/lib/index.ts | 2 + .../aws-cdk-lib/aws-codetest/.jsiirc.json | 13 + packages/aws-cdk-lib/aws-codetest/README.md | 39 ++ packages/aws-cdk-lib/aws-codetest/index.ts | 1 + .../aws-cdk-lib/aws-codetest/lib/index.ts | 2 + 24 files changed, 1381 insertions(+), 6 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/Dockerfile create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/index.py create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/synthesize-default-encryption.assets.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/synthesize-default-encryption.template.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/.cache/68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip create mode 100644 packages/aws-cdk-lib/amzn-sdc/.jsiirc.json create mode 100644 packages/aws-cdk-lib/amzn-sdc/README.md create mode 100644 packages/aws-cdk-lib/amzn-sdc/index.ts create mode 100644 packages/aws-cdk-lib/amzn-sdc/lib/index.ts create mode 100644 packages/aws-cdk-lib/aws-codetest/.jsiirc.json create mode 100644 packages/aws-cdk-lib/aws-codetest/README.md create mode 100644 packages/aws-cdk-lib/aws-codetest/index.ts create mode 100644 packages/aws-cdk-lib/aws-codetest/lib/index.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/Dockerfile b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/Dockerfile new file mode 100644 index 0000000000000..23cf9b3e22f5d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/Dockerfile @@ -0,0 +1,3 @@ +FROM public.ecr.aws/docker/library/python:3.12 +ADD index.py . +CMD [ "python3", "./index.py" ] diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/index.py b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/index.py new file mode 100644 index 0000000000000..c4cab119afc2d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/index.py @@ -0,0 +1,6 @@ +#!/usr/bin/python +import os +import pprint + +print('Hello from ECS!') +pprint.pprint(dict(os.environ)) diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md b/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md index ab4fca8e865cb..6a7a6cf5125a9 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md @@ -265,6 +265,20 @@ const app = new App({ }); ``` +### Staging Bucket Encryption + +By default, the staging resources will be stored in an S3 Bucket with KMS encryption. To use +SSE-S3, set `stagingBucketEncryption` to `BucketEncryption.S3_MANAGED`. + +```ts +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: 'my-app-id', + stagingBucketEncryption: BucketEncryption.S3_MANAGED, + }), +}); +``` + ## Using a Custom Staging Stack per Environment If you want to customize some behavior that is not configurable via properties, diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts index b76b36fee7f5b..91be588696fc2 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts @@ -61,6 +61,13 @@ export interface DefaultStagingStackOptions { */ readonly stagingBucketName?: string; + /** + * Encryption type for staging bucket + * + * @default - s3.BucketEncryption.KMS + */ + readonly stagingBucketEncryption?: s3.BucketEncryption; + /** * Pass in an existing role to be used as the file publishing role. * @@ -219,6 +226,7 @@ export class DefaultStagingStack extends Stack implements IStagingResources { private readonly appId: string; private readonly stagingBucketName?: string; + private stagingBucketEncryption?: s3.BucketEncryption; /** * File publish role ARN in asset manifest format @@ -259,8 +267,12 @@ export class DefaultStagingStack extends Stack implements IStagingResources { this.deployRoleArn = props.deployRoleArn; this.stagingBucketName = props.stagingBucketName; + this.stagingBucketEncryption = props.stagingBucketEncryption; const specializer = new StringSpecializer(this, props.qualifier); + // eslint-disable-next-line no-console + console.log(`BLAH: ${props.stagingBucketEncryption}`); + this.providedFileRole = props.fileAssetPublishingRole?._specialize(specializer); this.providedImageRole = props.imageAssetPublishingRole?._specialize(specializer); this.stagingRepos = {}; @@ -358,7 +370,23 @@ export class DefaultStagingStack extends Stack implements IStagingResources { } this.ensureFileRole(); - const key = this.createBucketKey(); + + // eslint-disable-next-line no-console + console.log(`HERE: ${this.stagingBucketEncryption}`); + + let key = undefined; + if (this.stagingBucketEncryption === s3.BucketEncryption.KMS || this.stagingBucketEncryption === undefined) { + if (this.stagingBucketEncryption === undefined) { + // default is KMS for backwards compatibility + this.stagingBucketEncryption = s3.BucketEncryption.KMS; + } + key = this.createBucketKey(); + } + + // eslint-disable-next-line no-console + console.log(`FINALLY: ${this.stagingBucketEncryption}`); + // eslint-disable-next-line no-console + console.log(`KEY: ${key}`); // Create the bucket once the dependencies have been created const bucket = new s3.Bucket(this, bucketId, { @@ -369,7 +397,7 @@ export class DefaultStagingStack extends Stack implements IStagingResources { } : { removalPolicy: RemovalPolicy.RETAIN, }), - encryption: s3.BucketEncryption.KMS, + encryption: this.stagingBucketEncryption, encryptionKey: key, // Many AWS account safety checkers will complain when buckets aren't versioned diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts index c3a8d96299b8b..894ce8b53ea23 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts @@ -3,6 +3,7 @@ import * as path from 'path'; import { App, Stack, CfnResource, FileAssetPackaging, Token, Lazy, Duration } from 'aws-cdk-lib'; import { Match, Template } from 'aws-cdk-lib/assertions'; import * as lambda from 'aws-cdk-lib/aws-lambda'; +import { BucketEncryption } from 'aws-cdk-lib/aws-s3'; import * as cxschema from 'aws-cdk-lib/cloud-assembly-schema'; import { CloudAssembly } from 'aws-cdk-lib/cx-api'; import { evaluateCFN } from './evaluate-cfn'; @@ -257,7 +258,7 @@ describe(AppStagingSynthesizer, () => { stack = new Stack(app, 'Stack', { env: { account: '000000000000', - region: 'us-west-2', + region: 'us-east-1', }, }); new CfnResource(stack, 'Resource', { @@ -268,9 +269,7 @@ describe(AppStagingSynthesizer, () => { const asm = app.synth(); // THEN - const stagingStackArtifact = asm.getStackArtifact(`StagingStack-${APP_ID}-000000000000-us-west-2`); - - Template.fromJSON(stagingStackArtifact.template).hasResourceProperties('AWS::S3::Bucket', { + Template.fromJSON(getStagingResourceStack(asm).template).hasResourceProperties('AWS::S3::Bucket', { LifecycleConfiguration: { Rules: Match.arrayWith([{ ExpirationInDays: 1, @@ -278,6 +277,52 @@ describe(AppStagingSynthesizer, () => { Status: 'Enabled', }]), }, + // When stagingBucketEncryption is not specified, it should be KMS for backwards compatibility + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'aws:kms', + }, + }, + ], + }, + }); + }); + + test('staging bucket with SSE-S3 encryption', () => { + // GIVEN + app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID, + deployTimeFileAssetLifetime: Duration.days(1), + stagingBucketEncryption: BucketEncryption.S3_MANAGED, + }), + }); + stack = new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + new CfnResource(stack, 'Resource', { + type: 'Some::Resource', + }); + + // WHEN + const asm = app.synth(); + + // THEN + Template.fromJSON(getStagingResourceStack(asm).template).hasResourceProperties('AWS::S3::Bucket', { + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, }); }); }); @@ -515,6 +560,36 @@ describe(AppStagingSynthesizer, () => { expect(getStagingResourceStack(asm, prefix).template).toBeDefined(); }); + // test('staging bucket with SSE-S3 encryption', () => { + // // GIVEN + // new CfnResource(stack, 'Resource', { + // type: 'Some::Resource', + // }); + + // app = new App({ + // defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + // appId: APP_ID, + // stagingBucketEncryption: BucketEncryption.S3_MANAGED, + // }), + // }); + + // // WHEN + // const asm = app.synth(); + + // // THEN + // Template.fromJSON(getStagingResourceStack(asm).template).hasResourceProperties('AWS::S3::Bucket', { + // BucketEncryption: { + // ServerSideEncryptionConfiguration: [ + // { + // ServerSideEncryptionByDefault: { + // SSEAlgorithm: 'AES256', + // }, + // }, + // ], + // }, + // }); + // }); + describe('environment specifics', () => { test('throws if App includes env-agnostic and specific env stacks', () => { // GIVEN - App with Stack with specific environment diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json new file mode 100644 index 0000000000000..94b5eb207a2e0 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json @@ -0,0 +1,362 @@ +{ + "Description": "This stack includes resources needed to deploy the AWS CDK app default-resourcesmax into this environment", + "Resources": { + "CdkFileRoleE26CEABA": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "RoleName": { + "Fn::Join": [ + "", + [ + "cdk-default-resourcesmax-file-role-", + { + "Ref": "AWS::Region" + } + ] + ] + } + } + }, + "CdkFileRoleDefaultPolicy621C7E5B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "CdkFileRoleDefaultPolicy621C7E5B", + "Roles": [ + { + "Ref": "CdkFileRoleE26CEABA" + } + ] + } + }, + "CdkStagingBucket1636058C": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + } + ] + }, + "BucketName": { + "Fn::Join": [ + "", + [ + "cdk-default-resourcesmax-staging-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + }, + "LifecycleConfiguration": { + "Rules": [ + { + "NoncurrentVersionExpiration": { + "NoncurrentDays": 365 + }, + "Status": "Enabled" + }, + { + "ExpirationInDays": 30, + "Prefix": "deploy-time/", + "Status": "Enabled" + } + ] + }, + "VersioningConfiguration": { + "Status": "Enabled" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CdkStagingBucketPolicy42BD1F92": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "CdkStagingBucket1636058C" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "CdkStagingBucketAutoDeleteObjectsCustomResource800E998D": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "CdkStagingBucket1636058C" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "\"use strict\";var C=Object.create;var i=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var w=Object.getOwnPropertyNames;var P=Object.getPrototypeOf,A=Object.prototype.hasOwnProperty;var L=(e,t)=>{for(var o in t)i(e,o,{get:t[o],enumerable:!0})},d=(e,t,o,r)=>{if(t&&typeof t==\"object\"||typeof t==\"function\")for(let s of w(t))!A.call(e,s)&&s!==o&&i(e,s,{get:()=>t[s],enumerable:!(r=I(t,s))||r.enumerable});return e};var l=(e,t,o)=>(o=e!=null?C(P(e)):{},d(t||!e||!e.__esModule?i(o,\"default\",{value:e,enumerable:!0}):o,e)),k=e=>d(i({},\"__esModule\",{value:!0}),e);var U={};L(U,{autoDeleteHandler:()=>S,handler:()=>_});module.exports=k(U);var h=require(\"@aws-sdk/client-s3\");var y=l(require(\"https\")),m=l(require(\"url\")),a={sendHttpRequest:T,log:b,includeStackTraces:!0,userHandlerIndex:\"./index\"},p=\"AWSCDK::CustomResourceProviderFramework::CREATE_FAILED\",B=\"AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID\";function R(e){return async(t,o)=>{let r={...t,ResponseURL:\"...\"};if(a.log(JSON.stringify(r,void 0,2)),t.RequestType===\"Delete\"&&t.PhysicalResourceId===p){a.log(\"ignoring DELETE event caused by a failed CREATE event\"),await u(\"SUCCESS\",t);return}try{let s=await e(r,o),n=D(t,s);await u(\"SUCCESS\",n)}catch(s){let n={...t,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(t.RequestType===\"Create\"?(a.log(\"CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored\"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. \"PhysicalResourceId\" is required: ${JSON.stringify(t)}`)),await u(\"FAILED\",n)}}}function D(e,t={}){let o=t.PhysicalResourceId??e.PhysicalResourceId??e.RequestId;if(e.RequestType===\"Delete\"&&o!==e.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from \"${e.PhysicalResourceId}\" to \"${t.PhysicalResourceId}\" during deletion`);return{...e,...t,PhysicalResourceId:o}}async function u(e,t){let o={Status:e,Reason:t.Reason??e,StackId:t.StackId,RequestId:t.RequestId,PhysicalResourceId:t.PhysicalResourceId||B,LogicalResourceId:t.LogicalResourceId,NoEcho:t.NoEcho,Data:t.Data};a.log(\"submit response to cloudformation\",o);let r=JSON.stringify(o),s=m.parse(t.ResponseURL),n={hostname:s.hostname,path:s.path,method:\"PUT\",headers:{\"content-type\":\"\",\"content-length\":Buffer.byteLength(r,\"utf8\")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(n,r)}async function T(e,t){return new Promise((o,r)=>{try{let s=y.request(e,n=>o());s.on(\"error\",r),s.write(t),s.end()}catch(s){r(s)}})}function b(e,...t){console.log(e,...t)}function O(e,t){return async(...o)=>{let r=e.attempts,s=e.sleep;for(;;)try{return await t(...o)}catch(n){if(r--<=0)throw n;await x(Math.floor(Math.random()*s)),s*=2}}}async function x(e){return new Promise(t=>setTimeout(t,e))}var g=\"aws-cdk:auto-delete-objects\",H=JSON.stringify({Version:\"2012-10-17\",Statement:[]}),c=new h.S3({}),_=R(S);async function S(e){switch(e.RequestType){case\"Create\":return;case\"Update\":return F(e);case\"Delete\":return f(e.ResourceProperties?.BucketName)}}async function F(e){let t=e,o=t.OldResourceProperties?.BucketName,r=t.ResourceProperties?.BucketName;if(r!=null&&o!=null&&r!==o)return f(o)}async function N(e){try{let t=(await c.getBucketPolicy({Bucket:e}))?.Policy??H,o=JSON.parse(t);o.Statement.push({Principal:\"*\",Effect:\"Deny\",Action:[\"s3:PutObject\"],Resource:[`arn:aws:s3:::${e}/*`]}),await c.putBucketPolicy({Bucket:e,Policy:JSON.stringify(o)})}catch(t){if(t.name===\"NoSuchBucket\")throw t;console.log(`Could not set new object deny policy on bucket '${e}' prior to deletion.`)}}async function E(e){let t=await c.listObjectVersions({Bucket:e}),o=[...t.Versions??[],...t.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:e,Delete:{Objects:r}}),t?.IsTruncated&&await E(e)}async function f(e){if(!e)throw new Error(\"No BucketName was provided.\");try{if(!await W(e)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await N(e),await E(e)}catch(t){if(t.name===\"NoSuchBucket\"){console.log(`Bucket '${e}' does not exist.`);return}throw t}}async function W(e){return(await c.getBucketTagging({Bucket:e})).TagSet?.some(o=>o.Key===g&&o.Value===\"true\")}0&&(module.exports={autoDeleteHandler,handler});\n" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "CdkStagingBucket1636058C" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/cdk.out b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integ.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integ.json new file mode 100644 index 0000000000000..08ce00fc3f00c --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "36.0.0", + "testCases": { + "integ-tests/DefaultTest": { + "stacks": [ + "StagingStack-default-resourcesmax-ACCOUNT-REGION", + "synthesize-default-encryption" + ], + "assertionStack": "integ-tests/DefaultTest/DeployAssert", + "assertionStackName": "integtestsDefaultTestDeployAssert44C8D370" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json new file mode 100644 index 0000000000000..50121024f8d99 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestsDefaultTestDeployAssert44C8D370.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/manifest.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/manifest.json new file mode 100644 index 0000000000000..675984ebcad5b --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/manifest.json @@ -0,0 +1,148 @@ +{ + "version": "36.0.0", + "artifacts": { + "synthesize-default-encryption.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "synthesize-default-encryption.assets.json" + }, + "dependencies": [ + "StagingStack-default-resourcesmax-ACCOUNT-REGION" + ] + }, + "synthesize-default-encryption": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "synthesize-default-encryption.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "additionalDependencies": [ + "synthesize-default-encryption.assets" + ], + "stackTemplateAssetObjectUrl": "s3://cdk-default-resourcesmax-staging-${AWS::AccountId}-${AWS::Region}/deploy-time/44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a.json", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}" + } + }, + "dependencies": [ + "StagingStack-default-resourcesmax-ACCOUNT-REGION", + "synthesize-default-encryption.assets" + ], + "displayName": "synthesize-default-encryption" + }, + "StagingStack-default-resourcesmax-ACCOUNT-REGION": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackName": "StagingStack-default-resourcesmax" + }, + "metadata": { + "/StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkFileRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkFileRoleE26CEABA" + } + ], + "/StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkFileRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkFileRoleDefaultPolicy621C7E5B" + } + ], + "/StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkStagingBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkStagingBucket1636058C" + } + ], + "/StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkStagingBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkStagingBucketPolicy42BD1F92" + } + ], + "/StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkStagingBucket/AutoDeleteObjectsCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkStagingBucketAutoDeleteObjectsCustomResource800E998D" + } + ], + "/StagingStack-default-resourcesmax-ACCOUNT-REGION/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + } + ], + "/StagingStack-default-resourcesmax-ACCOUNT-REGION/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" + } + ] + }, + "displayName": "StagingStack-default-resourcesmax-ACCOUNT-REGION" + }, + "integtestsDefaultTestDeployAssert44C8D370.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestsDefaultTestDeployAssert44C8D370.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestsDefaultTestDeployAssert44C8D370": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestsDefaultTestDeployAssert44C8D370.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestsDefaultTestDeployAssert44C8D370.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestsDefaultTestDeployAssert44C8D370.assets" + ], + "metadata": { + "/integ-tests/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-tests/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-tests/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/synthesize-default-encryption.assets.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/synthesize-default-encryption.assets.json new file mode 100644 index 0000000000000..9015dadf1bdde --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/synthesize-default-encryption.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a": { + "source": { + "path": "synthesize-default-encryption.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-default-resourcesmax-staging-${AWS::AccountId}-${AWS::Region}", + "objectKey": "deploy-time/44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-default-resourcesmax-file-role-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/synthesize-default-encryption.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/synthesize-default-encryption.template.json new file mode 100644 index 0000000000000..9e26dfeeb6e64 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/synthesize-default-encryption.template.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/tree.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/tree.json new file mode 100644 index 0000000000000..871e7830afede --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.js.snapshot/tree.json @@ -0,0 +1,511 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "synthesize-default-encryption": { + "id": "synthesize-default-encryption", + "path": "synthesize-default-encryption", + "children": { + "UsingAppStagingSynthesizer--synthesize-default-encryption": { + "id": "UsingAppStagingSynthesizer--synthesize-default-encryption", + "path": "synthesize-default-encryption/UsingAppStagingSynthesizer--synthesize-default-encryption", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "StagingStack-default-resourcesmax-ACCOUNT-REGION": { + "id": "StagingStack-default-resourcesmax-ACCOUNT-REGION", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION", + "children": { + "CdkFileRole": { + "id": "CdkFileRole", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkFileRole", + "children": { + "ImportCdkFileRole": { + "id": "ImportCdkFileRole", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkFileRole/ImportCdkFileRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkFileRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "roleName": { + "Fn::Join": [ + "", + [ + "cdk-default-resourcesmax-file-role-", + { + "Ref": "AWS::Region" + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkFileRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkFileRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "CdkFileRoleDefaultPolicy621C7E5B", + "roles": [ + { + "Ref": "CdkFileRoleE26CEABA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CdkStagingBucket": { + "id": "CdkStagingBucket", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkStagingBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkStagingBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "AES256" + } + } + ] + }, + "bucketName": { + "Fn::Join": [ + "", + [ + "cdk-default-resourcesmax-staging-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + }, + "lifecycleConfiguration": { + "rules": [ + { + "noncurrentVersionExpiration": { + "noncurrentDays": 365 + }, + "status": "Enabled" + }, + { + "expirationInDays": 30, + "prefix": "deploy-time/", + "status": "Enabled" + } + ] + }, + "versioningConfiguration": { + "status": "Enabled" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Policy": { + "id": "Policy", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkStagingBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkStagingBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "CdkStagingBucket1636058C" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "AutoDeleteObjectsCustomResource": { + "id": "AutoDeleteObjectsCustomResource", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkStagingBucket/AutoDeleteObjectsCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/CdkStagingBucket/AutoDeleteObjectsCustomResource/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Custom::S3AutoDeleteObjectsCustomResourceProvider": { + "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/Custom::S3AutoDeleteObjectsCustomResourceProvider", + "children": { + "Role": { + "id": "Role", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Handler": { + "id": "Handler", + "path": "StagingStack-default-resourcesmax-ACCOUNT-REGION/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "integ-tests": { + "id": "integ-tests", + "path": "integ-tests", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-tests/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-tests/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-tests/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-tests/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-tests/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.ts new file mode 100644 index 0000000000000..b094351f94938 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-encryption.ts @@ -0,0 +1,29 @@ +import * as integ from '@aws-cdk/integ-tests-alpha'; +import { App, Stack } from 'aws-cdk-lib'; +import { BucketEncryption } from 'aws-cdk-lib/aws-s3'; +import { APP_ID_MAX } from './util'; +import { AppStagingSynthesizer } from '../lib'; + +const app = new App({ + context: { + '@aws-cdk/aws-iam:minimizePolicies': true, + }, +}); + +const stackDefaultEncryption = new Stack(app, 'synthesize-default-encryption', { + synthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID_MAX, // this has implications on the overall template size + stagingBucketEncryption: BucketEncryption.S3_MANAGED, + }), +}); + +const defaultStagingStack = app.node.tryFindChild(`StagingStack-${APP_ID_MAX}-ACCOUNT-REGION`) as Stack; +if (!defaultStagingStack) { + throw new Error('Default Staging Stack not found.'); +} + +new integ.IntegTest(app, 'integ-tests', { + testCases: [defaultStagingStack, stackDefaultEncryption], +}); + +app.synth(); diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/.cache/68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/.cache/68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip new file mode 100644 index 0000000000000000000000000000000000000000..a8d776d324631f1285fc1859ce8a48c372ba2f8e GIT binary patch literal 319 zcmWIWW@Zs#-~d7f21Ou704^ZYB|kYkwJ0q!C$*US)Avvf4c}8IeXe=?>Rs~I(Z6=y z^Ng>T=N0`GIwwz@-)wZv*yKUcx6(il-*YFzPk5X?c`{t%y#6UqMuq@yc8>YS8hCAi zMp^@L08UFm&dAJ5Nv+T;sMOXtbw>MQz + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts nofixture +import * as amzn_sdc from 'aws-cdk-lib/amzn-sdc'; +``` + + + +There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: + +- Search [Construct Hub for SDC construct libraries](https://constructs.dev/search?q=sdc) +- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AMZN::SDC resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AMZN_SDC.html) directly. + + + + +There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. +However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. + +For more information on the resources and properties available for this service, see the [CloudFormation documentation for AMZN::SDC](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AMZN_SDC.html). + +(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) + + diff --git a/packages/aws-cdk-lib/amzn-sdc/index.ts b/packages/aws-cdk-lib/amzn-sdc/index.ts new file mode 100644 index 0000000000000..f41a696fd204d --- /dev/null +++ b/packages/aws-cdk-lib/amzn-sdc/index.ts @@ -0,0 +1 @@ +export * from './lib'; diff --git a/packages/aws-cdk-lib/amzn-sdc/lib/index.ts b/packages/aws-cdk-lib/amzn-sdc/lib/index.ts new file mode 100644 index 0000000000000..35a2984cc24f3 --- /dev/null +++ b/packages/aws-cdk-lib/amzn-sdc/lib/index.ts @@ -0,0 +1,2 @@ +// AMZN::SDC Cloudformation Resources +export * from './sdc.generated'; diff --git a/packages/aws-cdk-lib/aws-codetest/.jsiirc.json b/packages/aws-cdk-lib/aws-codetest/.jsiirc.json new file mode 100644 index 0000000000000..c2f229e5beedf --- /dev/null +++ b/packages/aws-cdk-lib/aws-codetest/.jsiirc.json @@ -0,0 +1,13 @@ +{ + "targets": { + "java": { + "package": "software.amazon.awscdk.services.codetest" + }, + "dotnet": { + "package": "Amazon.CDK.AWS.CodeTest" + }, + "python": { + "module": "aws_cdk.aws_codetest" + } + } +} diff --git a/packages/aws-cdk-lib/aws-codetest/README.md b/packages/aws-cdk-lib/aws-codetest/README.md new file mode 100644 index 0000000000000..57a3722006d41 --- /dev/null +++ b/packages/aws-cdk-lib/aws-codetest/README.md @@ -0,0 +1,39 @@ +# AWS::CodeTest Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts nofixture +import * as codetest from 'aws-cdk-lib/aws-codetest'; +``` + + + +There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: + +- Search [Construct Hub for CodeTest construct libraries](https://constructs.dev/search?q=codetest) +- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::CodeTest resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_CodeTest.html) directly. + + + + +There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. +However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. + +For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::CodeTest](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_CodeTest.html). + +(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) + + diff --git a/packages/aws-cdk-lib/aws-codetest/index.ts b/packages/aws-cdk-lib/aws-codetest/index.ts new file mode 100644 index 0000000000000..f41a696fd204d --- /dev/null +++ b/packages/aws-cdk-lib/aws-codetest/index.ts @@ -0,0 +1 @@ +export * from './lib'; diff --git a/packages/aws-cdk-lib/aws-codetest/lib/index.ts b/packages/aws-cdk-lib/aws-codetest/lib/index.ts new file mode 100644 index 0000000000000..f2606fb9ca317 --- /dev/null +++ b/packages/aws-cdk-lib/aws-codetest/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::CodeTest Cloudformation Resources +export * from './codetest.generated'; From d77918f43e81b52e1c04500609480ad804955975 Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Sun, 28 Jan 2024 13:31:05 -0800 Subject: [PATCH 2/5] remove console.log --- .../lib/default-staging-stack.ts | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts index 91be588696fc2..2d8f852ba44bb 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts @@ -270,9 +270,6 @@ export class DefaultStagingStack extends Stack implements IStagingResources { this.stagingBucketEncryption = props.stagingBucketEncryption; const specializer = new StringSpecializer(this, props.qualifier); - // eslint-disable-next-line no-console - console.log(`BLAH: ${props.stagingBucketEncryption}`); - this.providedFileRole = props.fileAssetPublishingRole?._specialize(specializer); this.providedImageRole = props.imageAssetPublishingRole?._specialize(specializer); this.stagingRepos = {}; @@ -371,9 +368,6 @@ export class DefaultStagingStack extends Stack implements IStagingResources { this.ensureFileRole(); - // eslint-disable-next-line no-console - console.log(`HERE: ${this.stagingBucketEncryption}`); - let key = undefined; if (this.stagingBucketEncryption === s3.BucketEncryption.KMS || this.stagingBucketEncryption === undefined) { if (this.stagingBucketEncryption === undefined) { @@ -383,11 +377,6 @@ export class DefaultStagingStack extends Stack implements IStagingResources { key = this.createBucketKey(); } - // eslint-disable-next-line no-console - console.log(`FINALLY: ${this.stagingBucketEncryption}`); - // eslint-disable-next-line no-console - console.log(`KEY: ${key}`); - // Create the bucket once the dependencies have been created const bucket = new s3.Bucket(this, bucketId, { bucketName: stagingBucketName, From cbc20080b28dd05d85736cbfd82bffb9741ab3eb Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Sun, 28 Jan 2024 13:34:13 -0800 Subject: [PATCH 3/5] clean up --- .../Dockerfile | 3 -- .../index.py | 6 --- .../test/app-staging-synthesizer.test.ts | 30 -------------- ...c2a01b7f7965833643ab37e62799f19a37f650.zip | Bin 319 -> 0 bytes packages/aws-cdk-lib/amzn-sdc/.jsiirc.json | 13 ------ packages/aws-cdk-lib/amzn-sdc/README.md | 39 ------------------ packages/aws-cdk-lib/amzn-sdc/index.ts | 1 - packages/aws-cdk-lib/amzn-sdc/lib/index.ts | 2 - .../aws-cdk-lib/aws-codetest/.jsiirc.json | 13 ------ packages/aws-cdk-lib/aws-codetest/README.md | 39 ------------------ packages/aws-cdk-lib/aws-codetest/index.ts | 1 - .../aws-cdk-lib/aws-codetest/lib/index.ts | 2 - 12 files changed, 149 deletions(-) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/Dockerfile delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/index.py delete mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/.cache/68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip delete mode 100644 packages/aws-cdk-lib/amzn-sdc/.jsiirc.json delete mode 100644 packages/aws-cdk-lib/amzn-sdc/README.md delete mode 100644 packages/aws-cdk-lib/amzn-sdc/index.ts delete mode 100644 packages/aws-cdk-lib/amzn-sdc/lib/index.ts delete mode 100644 packages/aws-cdk-lib/aws-codetest/.jsiirc.json delete mode 100644 packages/aws-cdk-lib/aws-codetest/README.md delete mode 100644 packages/aws-cdk-lib/aws-codetest/index.ts delete mode 100644 packages/aws-cdk-lib/aws-codetest/lib/index.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/Dockerfile b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/Dockerfile deleted file mode 100644 index 23cf9b3e22f5d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM public.ecr.aws/docker/library/python:3.12 -ADD index.py . -CMD [ "python3", "./index.py" ] diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/index.py b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/index.py deleted file mode 100644 index c4cab119afc2d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.68200e526120bbfea5d40f029ba8f890b9bf2d12e5a5284a9a8ddd798ee33a76/index.py +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/python -import os -import pprint - -print('Hello from ECS!') -pprint.pprint(dict(os.environ)) diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts index 894ce8b53ea23..9b0b502a967b1 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts @@ -560,36 +560,6 @@ describe(AppStagingSynthesizer, () => { expect(getStagingResourceStack(asm, prefix).template).toBeDefined(); }); - // test('staging bucket with SSE-S3 encryption', () => { - // // GIVEN - // new CfnResource(stack, 'Resource', { - // type: 'Some::Resource', - // }); - - // app = new App({ - // defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ - // appId: APP_ID, - // stagingBucketEncryption: BucketEncryption.S3_MANAGED, - // }), - // }); - - // // WHEN - // const asm = app.synth(); - - // // THEN - // Template.fromJSON(getStagingResourceStack(asm).template).hasResourceProperties('AWS::S3::Bucket', { - // BucketEncryption: { - // ServerSideEncryptionConfiguration: [ - // { - // ServerSideEncryptionByDefault: { - // SSEAlgorithm: 'AES256', - // }, - // }, - // ], - // }, - // }); - // }); - describe('environment specifics', () => { test('throws if App includes env-agnostic and specific env stacks', () => { // GIVEN - App with Stack with specific environment diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/.cache/68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/.cache/68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip deleted file mode 100644 index a8d776d324631f1285fc1859ce8a48c372ba2f8e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 319 zcmWIWW@Zs#-~d7f21Ou704^ZYB|kYkwJ0q!C$*US)Avvf4c}8IeXe=?>Rs~I(Z6=y z^Ng>T=N0`GIwwz@-)wZv*yKUcx6(il-*YFzPk5X?c`{t%y#6UqMuq@yc8>YS8hCAi zMp^@L08UFm&dAJ5Nv+T;sMOXtbw>MQz - ---- - -![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) - -> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. -> -> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib - ---- - - - -This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. - -```ts nofixture -import * as amzn_sdc from 'aws-cdk-lib/amzn-sdc'; -``` - - - -There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: - -- Search [Construct Hub for SDC construct libraries](https://constructs.dev/search?q=sdc) -- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AMZN::SDC resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AMZN_SDC.html) directly. - - - - -There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. -However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. - -For more information on the resources and properties available for this service, see the [CloudFormation documentation for AMZN::SDC](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AMZN_SDC.html). - -(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) - - diff --git a/packages/aws-cdk-lib/amzn-sdc/index.ts b/packages/aws-cdk-lib/amzn-sdc/index.ts deleted file mode 100644 index f41a696fd204d..0000000000000 --- a/packages/aws-cdk-lib/amzn-sdc/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './lib'; diff --git a/packages/aws-cdk-lib/amzn-sdc/lib/index.ts b/packages/aws-cdk-lib/amzn-sdc/lib/index.ts deleted file mode 100644 index 35a2984cc24f3..0000000000000 --- a/packages/aws-cdk-lib/amzn-sdc/lib/index.ts +++ /dev/null @@ -1,2 +0,0 @@ -// AMZN::SDC Cloudformation Resources -export * from './sdc.generated'; diff --git a/packages/aws-cdk-lib/aws-codetest/.jsiirc.json b/packages/aws-cdk-lib/aws-codetest/.jsiirc.json deleted file mode 100644 index c2f229e5beedf..0000000000000 --- a/packages/aws-cdk-lib/aws-codetest/.jsiirc.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "targets": { - "java": { - "package": "software.amazon.awscdk.services.codetest" - }, - "dotnet": { - "package": "Amazon.CDK.AWS.CodeTest" - }, - "python": { - "module": "aws_cdk.aws_codetest" - } - } -} diff --git a/packages/aws-cdk-lib/aws-codetest/README.md b/packages/aws-cdk-lib/aws-codetest/README.md deleted file mode 100644 index 57a3722006d41..0000000000000 --- a/packages/aws-cdk-lib/aws-codetest/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# AWS::CodeTest Construct Library - - ---- - -![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) - -> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. -> -> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib - ---- - - - -This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. - -```ts nofixture -import * as codetest from 'aws-cdk-lib/aws-codetest'; -``` - - - -There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: - -- Search [Construct Hub for CodeTest construct libraries](https://constructs.dev/search?q=codetest) -- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::CodeTest resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_CodeTest.html) directly. - - - - -There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. -However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. - -For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::CodeTest](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_CodeTest.html). - -(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) - - diff --git a/packages/aws-cdk-lib/aws-codetest/index.ts b/packages/aws-cdk-lib/aws-codetest/index.ts deleted file mode 100644 index f41a696fd204d..0000000000000 --- a/packages/aws-cdk-lib/aws-codetest/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './lib'; diff --git a/packages/aws-cdk-lib/aws-codetest/lib/index.ts b/packages/aws-cdk-lib/aws-codetest/lib/index.ts deleted file mode 100644 index f2606fb9ca317..0000000000000 --- a/packages/aws-cdk-lib/aws-codetest/lib/index.ts +++ /dev/null @@ -1,2 +0,0 @@ -// AWS::CodeTest Cloudformation Resources -export * from './codetest.generated'; From fa191daf975a91db396386c3c20abecdc623978e Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Mon, 29 Jan 2024 16:32:02 -0800 Subject: [PATCH 4/5] fix readme --- packages/@aws-cdk/app-staging-synthesizer-alpha/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md b/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md index 6a7a6cf5125a9..6b430868f9865 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md @@ -271,6 +271,8 @@ By default, the staging resources will be stored in an S3 Bucket with KMS encryp SSE-S3, set `stagingBucketEncryption` to `BucketEncryption.S3_MANAGED`. ```ts +import { BucketEncryption } from 'aws-cdk-lib/aws-s3'; + const app = new App({ defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ appId: 'my-app-id', From 45958ac615939f6fc4aefcef9ed39be58118276a Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com> Date: Tue, 30 Jan 2024 11:29:31 -0500 Subject: [PATCH 5/5] Update packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts --- .../app-staging-synthesizer-alpha/lib/default-staging-stack.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts index 2d8f852ba44bb..70d5cfd65fbe3 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts @@ -371,7 +371,7 @@ export class DefaultStagingStack extends Stack implements IStagingResources { let key = undefined; if (this.stagingBucketEncryption === s3.BucketEncryption.KMS || this.stagingBucketEncryption === undefined) { if (this.stagingBucketEncryption === undefined) { - // default is KMS for backwards compatibility + // default is KMS as an AWS best practice, and for backwards compatibility this.stagingBucketEncryption = s3.BucketEncryption.KMS; } key = this.createBucketKey();