diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml
index 1e8a7ecb51f3e..181db20c10541 100644
--- a/.github/workflows/issue-label-assign.yml
+++ b/.github/workflows/issue-label-assign.yml
@@ -70,7 +70,6 @@ env:
[
{"area":"package/tools","keywords":["cli","command line","init","synth","diff","bootstrap"],"labels":["package/tools"],"enableGlobalAffixes":false},
{"area":"@aws-cdk/alexa-ask","keywords":["alexa-ask","alexa"],"labels":["@aws-cdk/alexa-ask"]},
- {"area":"@aws-cdk/app-delivery","keywords":["app-delivery"],"labels":["@aws-cdk/app-delivery"]},
{"area":"@aws-cdk/assert","keywords":["assert"],"labels":["@aws-cdk/assert"]},
{"area":"@aws-cdk/assertions","keywords":["assertions"],"labels":["@aws-cdk/assertions"]},
{"area":"@aws-cdk/assets","keywords":["assets","staging"],"labels":["@aws-cdk/assets"]},
diff --git a/packages/@aws-cdk/app-delivery/.eslintrc.js b/packages/@aws-cdk/app-delivery/.eslintrc.js
deleted file mode 100644
index 2658ee8727166..0000000000000
--- a/packages/@aws-cdk/app-delivery/.eslintrc.js
+++ /dev/null
@@ -1,3 +0,0 @@
-const baseConfig = require('@aws-cdk/cdk-build-tools/config/eslintrc');
-baseConfig.parserOptions.project = __dirname + '/tsconfig.json';
-module.exports = baseConfig;
diff --git a/packages/@aws-cdk/app-delivery/.gitignore b/packages/@aws-cdk/app-delivery/.gitignore
deleted file mode 100644
index a9f9cd7511b84..0000000000000
--- a/packages/@aws-cdk/app-delivery/.gitignore
+++ /dev/null
@@ -1,19 +0,0 @@
-dist
-.LAST_PACKAGE
-.LAST_BUILD
-.jsii
-.nyc_output
-nyc.config.js
-tsconfig.json
-*.js
-*.d.ts
-*.snk
-coverage
-!.eslintrc.js
-
-junit.xml
-!jest.config.js
-!**/*.snapshot/**/asset.*/*.js
-!**/*.snapshot/**/asset.*/*.d.ts
-
-!**/*.snapshot/**/asset.*/**
diff --git a/packages/@aws-cdk/app-delivery/.npmignore b/packages/@aws-cdk/app-delivery/.npmignore
deleted file mode 100644
index bb3cb4ce52e47..0000000000000
--- a/packages/@aws-cdk/app-delivery/.npmignore
+++ /dev/null
@@ -1,27 +0,0 @@
-
-dist
-.LAST_PACKAGE
-.LAST_BUILD
-*.ts
-!*.d.ts
-!*.js
-coverage
-.nyc_output
-*.tgz
-*.snk
-
-# Include .jsii
-!.jsii
-
-*.tsbuildinfo
-
-tsconfig.json
-.eslintrc.js
-
-# exclude cdk artifacts
-**/cdk.out
-junit.xml
-test/
-!*.lit.ts
-jest.config.js
-**/*.snapshot
diff --git a/packages/@aws-cdk/app-delivery/LICENSE b/packages/@aws-cdk/app-delivery/LICENSE
deleted file mode 100644
index 9b722c65c5481..0000000000000
--- a/packages/@aws-cdk/app-delivery/LICENSE
+++ /dev/null
@@ -1,201 +0,0 @@
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
diff --git a/packages/@aws-cdk/app-delivery/NOTICE b/packages/@aws-cdk/app-delivery/NOTICE
deleted file mode 100644
index a27b7dd317649..0000000000000
--- a/packages/@aws-cdk/app-delivery/NOTICE
+++ /dev/null
@@ -1,2 +0,0 @@
-AWS Cloud Development Kit (AWS CDK)
-Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
diff --git a/packages/@aws-cdk/app-delivery/README.md b/packages/@aws-cdk/app-delivery/README.md
deleted file mode 100644
index a8f0877f19b89..0000000000000
--- a/packages/@aws-cdk/app-delivery/README.md
+++ /dev/null
@@ -1,186 +0,0 @@
-# Continuous Integration / Continuous Delivery for CDK Applications
-
-
----
-
-![Deprecated](https://img.shields.io/badge/deprecated-critical.svg?style=for-the-badge)
-
-> This API may emit warnings. Backward compatibility is not guaranteed.
-
----
-
-
-
-This library includes a *CodePipeline* composite Action for deploying AWS CDK Applications.
-
-This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
-
-
-## Replacement recommended
-
-This library has been deprecated. We recommend you use the
-[@aws-cdk/pipelines](https://docs.aws.amazon.com/cdk/api/latest/docs/pipelines-readme.html) module instead.
-
-
-## Limitations
-
-The construct library in it's current form has the following limitations:
-
-1. It can only deploy stacks that are hosted in the same AWS account and region as the *CodePipeline* is.
-2. Stacks that make use of `Asset`s cannot be deployed successfully.
-
-## Getting Started
-
-In order to add the `PipelineDeployStackAction` to your *CodePipeline*, you need to have a *CodePipeline* artifact that
-contains the result of invoking `cdk synth -o
` on your *CDK App*. You can for example achieve this using a
-*CodeBuild* project.
-
-The example below defines a *CDK App* that contains 3 stacks:
-
-* `CodePipelineStack` manages the *CodePipeline* resources, and self-updates before deploying any other stack
-* `ServiceStackA` and `ServiceStackB` are service infrastructure stacks, and need to be deployed in this order
-
-```plaintext
- ┏━━━━━━━━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
- ┃ Source ┃ ┃ Build ┃ ┃ Self-Update ┃ ┃ Deploy ┃
- ┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃
- ┃ ┌────────────┐ ┃ ┃ ┌────────────┐ ┃ ┃ ┌─────────────┐ ┃ ┃ ┌─────────────┐ ┌─────────────┐ ┃
- ┃ │ GitHub ┣━╋━━╋━▶ CodeBuild ┣━╋━━╋━▶Deploy Stack ┣━╋━━╋━▶Deploy Stack ┣━▶Deploy Stack │ ┃
- ┃ │ │ ┃ ┃ │ │ ┃ ┃ │PipelineStack│ ┃ ┃ │ServiceStackA│ │ServiceStackB│ ┃
- ┃ └────────────┘ ┃ ┃ └────────────┘ ┃ ┃ └─────────────┘ ┃ ┃ └─────────────┘ └─────────────┘ ┃
- ┗━━━━━━━━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
-```
-
-### `index.ts`
-
-```ts
-import * as codebuild from '@aws-cdk/aws-codebuild';
-import * as codepipeline from '@aws-cdk/aws-codepipeline';
-import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions';
-import * as cdk from '@aws-cdk/core';
-import * as cicd from '@aws-cdk/app-delivery';
-import * as iam from '@aws-cdk/aws-iam';
-
-class MyServiceStackA extends cdk.Stack {}
-class MyServiceStackB extends cdk.Stack {}
-
-const app = new cdk.App();
-
-// We define a stack that contains the CodePipeline
-const pipelineStack = new cdk.Stack(app, 'PipelineStack');
-const pipeline = new codepipeline.Pipeline(pipelineStack, 'CodePipeline', {
- // Mutating a CodePipeline can cause the currently propagating state to be
- // "lost". Ensure we re-run the latest change through the pipeline after it's
- // been mutated so we're sure the latest state is fully deployed through.
- restartExecutionOnUpdate: true,
- /* ... */
-});
-
-// Configure the CodePipeline source - where your CDK App's source code is hosted
-const sourceOutput = new codepipeline.Artifact();
-const source = new codepipeline_actions.GitHubSourceAction({
- actionName: 'GitHub',
- output: sourceOutput,
- owner: 'myName',
- repo: 'myRepo',
- oauthToken: cdk.SecretValue.unsafePlainText('secret'),
-});
-pipeline.addStage({
- stageName: 'source',
- actions: [source],
-});
-
-const project = new codebuild.PipelineProject(pipelineStack, 'CodeBuild', {
- /**
- * Choose an environment configuration that meets your use case.
- * For NodeJS, this might be:
- *
- * environment: {
- * buildImage: codebuild.LinuxBuildImage.UBUNTU_14_04_NODEJS_10_1_0,
- * },
- */
-});
-const synthesizedApp = new codepipeline.Artifact();
-const buildAction = new codepipeline_actions.CodeBuildAction({
- actionName: 'CodeBuild',
- project,
- input: sourceOutput,
- outputs: [synthesizedApp],
-});
-pipeline.addStage({
- stageName: 'build',
- actions: [buildAction],
-});
-
-// Optionally, self-update the pipeline stack
-const selfUpdateStage = pipeline.addStage({ stageName: 'SelfUpdate' });
-selfUpdateStage.addAction(new cicd.PipelineDeployStackAction({
- stack: pipelineStack,
- input: synthesizedApp,
- adminPermissions: true,
-}));
-
-// Now add our service stacks
-const deployStage = pipeline.addStage({ stageName: 'Deploy' });
-const serviceStackA = new MyServiceStackA(app, 'ServiceStackA', { /* ... */ });
-// Add actions to deploy the stacks in the deploy stage:
-const deployServiceAAction = new cicd.PipelineDeployStackAction({
- stack: serviceStackA,
- input: synthesizedApp,
- // See the note below for details about this option.
- adminPermissions: false,
-});
-deployStage.addAction(deployServiceAAction);
-// Add the necessary permissions for you service deploy action. This role is
-// is passed to CloudFormation and needs the permissions necessary to deploy
-// stack. Alternatively you can enable [Administrator](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator) permissions above,
-// users should understand the privileged nature of this role.
-const myResourceArn = 'arn:partition:service:region:account-id:resource-id';
-deployServiceAAction.addToDeploymentRolePolicy(new iam.PolicyStatement({
- actions: ['service:SomeAction'],
- resources: [myResourceArn],
- // add more Action(s) and/or Resource(s) here, as needed
-}));
-
-const serviceStackB = new MyServiceStackB(app, 'ServiceStackB', { /* ... */ });
-deployStage.addAction(new cicd.PipelineDeployStackAction({
- stack: serviceStackB,
- input: synthesizedApp,
- createChangeSetRunOrder: 998,
- adminPermissions: true, // no need to modify the role with admin
-}));
-```
-
-### `buildspec.yml`
-
-The repository can contain a file at the root level named `buildspec.yml`, or
-you can in-line the buildspec. Note that `buildspec.yaml` is not compatible.
-
-For example, a *TypeScript* or *Javascript* CDK App can add the following `buildspec.yml`
-at the root of the repository:
-
-```yml
-version: 0.2
-phases:
- install:
- commands:
- # Installs the npm dependencies as defined by the `package.json` file
- # present in the root directory of the package
- # (`cdk init app --language=typescript` would have created one for you)
- - npm install
- build:
- commands:
- # Builds the CDK App so it can be synthesized
- - npm run build
- # Synthesizes the CDK App and puts the resulting artifacts into `dist`
- - npm run cdk synth -- -o dist
-artifacts:
- # The output artifact is all the files in the `dist` directory
- base-directory: dist
- files: '**/*'
-```
-
-The `PipelineDeployStackAction` expects it's `input` to contain the result of
-synthesizing a CDK App using the `cdk synth -o `.
-
-
diff --git a/packages/@aws-cdk/app-delivery/jest.config.js b/packages/@aws-cdk/app-delivery/jest.config.js
deleted file mode 100644
index 34818e1593f6b..0000000000000
--- a/packages/@aws-cdk/app-delivery/jest.config.js
+++ /dev/null
@@ -1,2 +0,0 @@
-const baseConfig = require('../../../tools/@aws-cdk/cdk-build-tools/config/jest.config');
-module.exports = baseConfig;
diff --git a/packages/@aws-cdk/app-delivery/lib/index.ts b/packages/@aws-cdk/app-delivery/lib/index.ts
deleted file mode 100644
index 5d0ab4f1eb92a..0000000000000
--- a/packages/@aws-cdk/app-delivery/lib/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export * from './pipeline-deploy-stack-action';
diff --git a/packages/@aws-cdk/app-delivery/lib/pipeline-deploy-stack-action.ts b/packages/@aws-cdk/app-delivery/lib/pipeline-deploy-stack-action.ts
deleted file mode 100644
index 047c006e5dff1..0000000000000
--- a/packages/@aws-cdk/app-delivery/lib/pipeline-deploy-stack-action.ts
+++ /dev/null
@@ -1,205 +0,0 @@
-import * as cfn from '@aws-cdk/aws-cloudformation';
-import * as codepipeline from '@aws-cdk/aws-codepipeline';
-import * as cpactions from '@aws-cdk/aws-codepipeline-actions';
-import * as events from '@aws-cdk/aws-events';
-import * as iam from '@aws-cdk/aws-iam';
-import * as cxschema from '@aws-cdk/cloud-assembly-schema';
-import * as cdk from '@aws-cdk/core';
-import { Construct } from 'constructs';
-
-export interface PipelineDeployStackActionProps {
- /**
- * The CDK stack to be deployed.
- */
- readonly stack: cdk.Stack;
-
- /**
- * The CodePipeline artifact that holds the synthesized app, which is the
- * contents of the ```` when running ``cdk synth -o ``.
- */
- readonly input: codepipeline.Artifact;
-
- /**
- * The name to use when creating a ChangeSet for the stack.
- *
- * @default CDK-CodePipeline-ChangeSet
- */
- readonly changeSetName?: string;
-
- /**
- * The runOrder for the CodePipeline action creating the ChangeSet.
- *
- * @default 1
- */
- readonly createChangeSetRunOrder?: number;
-
- /**
- * The name of the CodePipeline action creating the ChangeSet.
- *
- * @default 'ChangeSet'
- */
- readonly createChangeSetActionName?: string;
-
- /**
- * The runOrder for the CodePipeline action executing the ChangeSet.
- *
- * @default ``createChangeSetRunOrder + 1``
- */
- readonly executeChangeSetRunOrder?: number;
-
- /**
- * The name of the CodePipeline action creating the ChangeSet.
- *
- * @default 'Execute'
- */
- readonly executeChangeSetActionName?: string;
-
- /**
- * IAM role to assume when deploying changes.
- *
- * If not specified, a fresh role is created. The role is created with zero
- * permissions unless `adminPermissions` is true, in which case the role will have
- * admin permissions.
- *
- * @default A fresh role with admin or no permissions (depending on the value of `adminPermissions`).
- */
- readonly role?: iam.IRole;
-
- /**
- * Acknowledge certain changes made as part of deployment
- *
- * For stacks that contain certain resources, explicit acknowledgement that AWS CloudFormation
- * might create or update those resources. For example, you must specify AnonymousIAM if your
- * stack template contains AWS Identity and Access Management (IAM) resources. For more
- * information
- *
- * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities
- * @default [AnonymousIAM, AutoExpand], unless `adminPermissions` is true
- */
- readonly capabilities?: cfn.CloudFormationCapabilities[];
-
- /**
- * Whether to grant admin permissions to CloudFormation while deploying this template.
- *
- * Setting this to `true` affects the defaults for `role` and `capabilities`, if you
- * don't specify any alternatives.
- *
- * The default role that will be created for you will have admin (i.e., `*`)
- * permissions on all resources, and the deployment will have named IAM
- * capabilities (i.e., able to create all IAM resources).
- *
- * This is a shorthand that you can use if you fully trust the templates that
- * are deployed in this pipeline. If you want more fine-grained permissions,
- * use `addToRolePolicy` and `capabilities` to control what the CloudFormation
- * deployment is allowed to do.
- */
- readonly adminPermissions: boolean;
-}
-
-/**
- * A class to deploy a stack that is part of a CDK App, using CodePipeline.
- * This composite Action takes care of preparing and executing a CloudFormation ChangeSet.
- *
- * It currently does *not* support stacks that make use of ``Asset``s, and
- * requires the deployed stack is in the same account and region where the
- * CodePipeline is hosted.
- */
-export class PipelineDeployStackAction implements codepipeline.IAction {
- /**
- * The role used by CloudFormation for the deploy action
- */
- private _deploymentRole?: iam.IRole;
-
- private readonly stack: cdk.Stack;
- private readonly prepareChangeSetAction: cpactions.CloudFormationCreateReplaceChangeSetAction;
- private readonly executeChangeSetAction: cpactions.CloudFormationExecuteChangeSetAction;
-
- constructor(props: PipelineDeployStackActionProps) {
- this.stack = props.stack;
- const assets = this.stack.node.metadata.filter(md => md.type === cxschema.ArtifactMetadataEntryType.ASSET);
- if (assets.length > 0) {
- // FIXME: Implement the necessary actions to publish assets
- throw new Error(`Cannot deploy the stack ${this.stack.stackName} because it references ${assets.length} asset(s)`);
- }
-
- const createChangeSetRunOrder = props.createChangeSetRunOrder || 1;
- const executeChangeSetRunOrder = props.executeChangeSetRunOrder || (createChangeSetRunOrder + 1);
- if (createChangeSetRunOrder >= executeChangeSetRunOrder) {
- throw new Error(`createChangeSetRunOrder (${createChangeSetRunOrder}) must be < executeChangeSetRunOrder (${executeChangeSetRunOrder})`);
- }
-
- const changeSetName = props.changeSetName || 'CDK-CodePipeline-ChangeSet';
- const capabilities = cfnCapabilities(props.adminPermissions, props.capabilities);
- this.prepareChangeSetAction = new cpactions.CloudFormationCreateReplaceChangeSetAction({
- actionName: props.createChangeSetActionName ?? 'ChangeSet',
- changeSetName,
- runOrder: createChangeSetRunOrder,
- stackName: props.stack.stackName,
- templatePath: props.input.atPath(props.stack.templateFile),
- adminPermissions: props.adminPermissions,
- deploymentRole: props.role,
- capabilities,
- });
- this.executeChangeSetAction = new cpactions.CloudFormationExecuteChangeSetAction({
- actionName: props.executeChangeSetActionName ?? 'Execute',
- changeSetName,
- runOrder: executeChangeSetRunOrder,
- stackName: this.stack.stackName,
- });
- }
-
- public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions):
- codepipeline.ActionConfig {
- if (this.stack.environment !== cdk.Stack.of(scope).environment) {
- // FIXME: Add the necessary to extend to stacks in a different account
- throw new Error('Cross-environment deployment is not supported');
- }
-
- stage.addAction(this.prepareChangeSetAction);
- this._deploymentRole = this.prepareChangeSetAction.deploymentRole;
-
- return this.executeChangeSetAction.bind(scope, stage, options);
- }
-
- public get deploymentRole(): iam.IRole {
- if (!this._deploymentRole) {
- throw new Error('Use this action in a pipeline first before accessing \'deploymentRole\'');
- }
-
- return this._deploymentRole;
- }
-
- /**
- * Add policy statements to the role deploying the stack.
- *
- * This role is passed to CloudFormation and must have the IAM permissions
- * necessary to deploy the stack or you can grant this role `adminPermissions`
- * by using that option during creation. If you do not grant
- * `adminPermissions` you need to identify the proper statements to add to
- * this role based on the CloudFormation Resources in your stack.
- */
- public addToDeploymentRolePolicy(statement: iam.PolicyStatement) {
- this.deploymentRole.addToPolicy(statement);
- }
-
- public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule {
- return this.executeChangeSetAction.onStateChange(name, target, options);
- }
-
- public get actionProperties(): codepipeline.ActionProperties {
- return this.executeChangeSetAction.actionProperties;
- }
-}
-
-function cfnCapabilities(adminPermissions: boolean, capabilities?: cfn.CloudFormationCapabilities[]): cfn.CloudFormationCapabilities[] {
- if (adminPermissions && capabilities === undefined) {
- // admin true default capability to NamedIAM and AutoExpand
- return [cfn.CloudFormationCapabilities.NAMED_IAM, cfn.CloudFormationCapabilities.AUTO_EXPAND];
- } else if (capabilities === undefined) {
- // else capabilities are undefined set AnonymousIAM and AutoExpand
- return [cfn.CloudFormationCapabilities.ANONYMOUS_IAM, cfn.CloudFormationCapabilities.AUTO_EXPAND];
- } else {
- // else capabilities are defined use them
- return capabilities;
- }
-}
diff --git a/packages/@aws-cdk/app-delivery/package.json b/packages/@aws-cdk/app-delivery/package.json
deleted file mode 100644
index 5cafe2d64624c..0000000000000
--- a/packages/@aws-cdk/app-delivery/package.json
+++ /dev/null
@@ -1,131 +0,0 @@
-{
- "name": "@aws-cdk/app-delivery",
- "description": "Continuous Integration / Continuous Delivery for CDK Applications",
- "deprecated": "Use the @aws-cdk/pipelines module instead",
- "private": true,
- "version": "0.0.0",
- "main": "lib/index.js",
- "types": "lib/index.d.ts",
- "jsii": {
- "targets": {
- "java": {
- "maven": {
- "groupId": "software.amazon.awscdk",
- "artifactId": "cdk-app-delivery"
- },
- "package": "software.amazon.awscdk.appdelivery"
- },
- "dotnet": {
- "namespace": "Amazon.CDK.AppDelivery",
- "packageId": "Amazon.CDK.AppDelivery",
- "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/main/logo/default-256-dark.png"
- },
- "python": {
- "distName": "aws-cdk.app-delivery",
- "module": "aws_cdk.app_delivery",
- "classifiers": [
- "Framework :: AWS CDK",
- "Framework :: AWS CDK :: 2"
- ]
- }
- },
- "outdir": "dist",
- "projectReferences": true,
- "metadata": {
- "jsii": {
- "rosetta": {
- "strict": true
- }
- }
- }
- },
- "scripts": {
- "build": "cdk-build",
- "package": "cdk-package",
- "pkglint": "pkglint -f",
- "test": "cdk-test",
- "watch": "cdk-watch",
- "lint": "cdk-lint",
- "integ": "integ-runner",
- "awslint": "cdk-awslint",
- "build+test+package": "yarn build+test && yarn package",
- "build+test": "yarn build && yarn test",
- "compat": "cdk-compat",
- "rosetta:extract": "yarn --silent jsii-rosetta extract",
- "build+extract": "yarn build && yarn rosetta:extract",
- "build+test+extract": "yarn build+test && yarn rosetta:extract"
- },
- "dependencies": {
- "@aws-cdk/aws-cloudformation": "0.0.0",
- "@aws-cdk/aws-codebuild": "0.0.0",
- "@aws-cdk/aws-codepipeline": "0.0.0",
- "@aws-cdk/aws-codepipeline-actions": "0.0.0",
- "@aws-cdk/aws-events": "0.0.0",
- "@aws-cdk/aws-iam": "0.0.0",
- "@aws-cdk/cloud-assembly-schema": "0.0.0",
- "@aws-cdk/core": "0.0.0",
- "@aws-cdk/cx-api": "0.0.0",
- "constructs": "^10.0.0"
- },
- "devDependencies": {
- "@aws-cdk/assertions": "0.0.0",
- "@aws-cdk/aws-s3": "0.0.0",
- "@aws-cdk/cdk-build-tools": "0.0.0",
- "@aws-cdk/integ-runner": "0.0.0",
- "@aws-cdk/pkglint": "0.0.0",
- "@types/jest": "^27.5.2",
- "fast-check": "^2.25.0",
- "jest": "^27.5.1"
- },
- "repository": {
- "type": "git",
- "url": "https://github.com/aws/aws-cdk.git",
- "directory": "packages/@aws-cdk/app-delivery"
- },
- "homepage": "https://github.com/aws/aws-cdk",
- "license": "Apache-2.0",
- "author": {
- "name": "Amazon Web Services",
- "url": "https://aws.amazon.com",
- "organization": true
- },
- "keywords": [
- "aws",
- "cdk"
- ],
- "peerDependencies": {
- "@aws-cdk/aws-cloudformation": "0.0.0",
- "@aws-cdk/aws-codebuild": "0.0.0",
- "@aws-cdk/aws-codepipeline": "0.0.0",
- "@aws-cdk/aws-codepipeline-actions": "0.0.0",
- "@aws-cdk/aws-events": "0.0.0",
- "@aws-cdk/aws-iam": "0.0.0",
- "@aws-cdk/cloud-assembly-schema": "0.0.0",
- "@aws-cdk/core": "0.0.0",
- "@aws-cdk/cx-api": "0.0.0",
- "constructs": "^10.0.0"
- },
- "engines": {
- "node": ">= 14.15.0"
- },
- "stability": "deprecated",
- "maturity": "deprecated",
- "nyc": {
- "statements": 75
- },
- "awslint": {
- "exclude": [
- "docs-public-apis:@aws-cdk/app-delivery.PipelineDeployStackAction.actionProperties",
- "docs-public-apis:@aws-cdk/app-delivery.PipelineDeployStackAction.deploymentRole",
- "docs-public-apis:@aws-cdk/app-delivery.PipelineDeployStackAction.bind",
- "docs-public-apis:@aws-cdk/app-delivery.PipelineDeployStackAction.onStateChange",
- "docs-public-apis:@aws-cdk/app-delivery.PipelineDeployStackActionProps"
- ]
- },
- "awscdkio": {
- "announce": false
- },
- "publishConfig": {
- "tag": "next"
- }
-}
diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.assets.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.assets.json
deleted file mode 100644
index 4f1eaebedd538..0000000000000
--- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.assets.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
- "version": "20.0.0",
- "files": {
- "4844d07f1e19de1a0f6926b94b9bc19bf4e39bbb14b8511dee5d345f776182c7": {
- "source": {
- "path": "CICD.template.json",
- "packaging": "file"
- },
- "destinations": {
- "current_account-current_region": {
- "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "4844d07f1e19de1a0f6926b94b9bc19bf4e39bbb14b8511dee5d345f776182c7.json",
- "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
- }
- }
- }
- },
- "dockerImages": {}
-}
\ No newline at end of file
diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.template.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.template.json
deleted file mode 100644
index 5386674ce824b..0000000000000
--- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.template.json
+++ /dev/null
@@ -1,506 +0,0 @@
-{
- "Resources": {
- "ArtifactBucket7410C9EF": {
- "Type": "AWS::S3::Bucket",
- "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
- },
- "CodePipelineRoleB3A660B4": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "Service": "codepipeline.amazonaws.com"
- }
- }
- ],
- "Version": "2012-10-17"
- }
- }
- },
- "CodePipelineRoleDefaultPolicy8D520A8D": {
- "Type": "AWS::IAM::Policy",
- "Properties": {
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:Abort*",
- "s3:DeleteObject*",
- "s3:GetBucket*",
- "s3:GetObject*",
- "s3:List*",
- "s3:PutObject",
- "s3:PutObjectLegalHold",
- "s3:PutObjectRetention",
- "s3:PutObjectTagging",
- "s3:PutObjectVersionTagging"
- ],
- "Effect": "Allow",
- "Resource": [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- "/*"
- ]
- ]
- }
- ]
- },
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Resource": [
- {
- "Fn::GetAtt": [
- "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A",
- "Arn"
- ]
- },
- {
- "Fn::GetAtt": [
- "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49",
- "Arn"
- ]
- }
- ]
- }
- ],
- "Version": "2012-10-17"
- },
- "PolicyName": "CodePipelineRoleDefaultPolicy8D520A8D",
- "Roles": [
- {
- "Ref": "CodePipelineRoleB3A660B4"
- }
- ]
- }
- },
- "CodePipelineB74E5936": {
- "Type": "AWS::CodePipeline::Pipeline",
- "Properties": {
- "RoleArn": {
- "Fn::GetAtt": [
- "CodePipelineRoleB3A660B4",
- "Arn"
- ]
- },
- "Stages": [
- {
- "Actions": [
- {
- "ActionTypeId": {
- "Category": "Source",
- "Owner": "ThirdParty",
- "Provider": "GitHub",
- "Version": "1"
- },
- "Configuration": {
- "Owner": "awslabs",
- "Repo": "aws-cdk",
- "Branch": "master",
- "OAuthToken": "DummyToken",
- "PollForSourceChanges": true
- },
- "Name": "GitHub",
- "OutputArtifacts": [
- {
- "Name": "Artifact_CICDGitHubF8BA7ADD"
- }
- ],
- "RunOrder": 1
- }
- ],
- "Name": "Source"
- },
- {
- "Actions": [
- {
- "ActionTypeId": {
- "Category": "Deploy",
- "Owner": "AWS",
- "Provider": "CloudFormation",
- "Version": "1"
- },
- "Configuration": {
- "StackName": "CICD",
- "RoleArn": {
- "Fn::GetAtt": [
- "CodePipelineDeployChangeSetRoleF9F2B343",
- "Arn"
- ]
- },
- "ActionMode": "CHANGE_SET_REPLACE",
- "ChangeSetName": "CICD-ChangeSet",
- "TemplatePath": "Artifact_CICDGitHubF8BA7ADD::CICD.template.json"
- },
- "InputArtifacts": [
- {
- "Name": "Artifact_CICDGitHubF8BA7ADD"
- }
- ],
- "Name": "ChangeSet",
- "RoleArn": {
- "Fn::GetAtt": [
- "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A",
- "Arn"
- ]
- },
- "RunOrder": 10
- },
- {
- "ActionTypeId": {
- "Category": "Deploy",
- "Owner": "AWS",
- "Provider": "CloudFormation",
- "Version": "1"
- },
- "Configuration": {
- "StackName": "CICD",
- "ActionMode": "CHANGE_SET_EXECUTE",
- "ChangeSetName": "CICD-ChangeSet"
- },
- "Name": "Execute",
- "RoleArn": {
- "Fn::GetAtt": [
- "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49",
- "Arn"
- ]
- },
- "RunOrder": 999
- }
- ],
- "Name": "Deploy"
- }
- ],
- "ArtifactStore": {
- "Location": {
- "Ref": "ArtifactBucket7410C9EF"
- },
- "Type": "S3"
- }
- },
- "DependsOn": [
- "CodePipelineRoleDefaultPolicy8D520A8D",
- "CodePipelineRoleB3A660B4"
- ]
- },
- "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "AWS": {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
- },
- ":iam::",
- {
- "Ref": "AWS::AccountId"
- },
- ":root"
- ]
- ]
- }
- }
- }
- ],
- "Version": "2012-10-17"
- }
- }
- },
- "CodePipelineDeployExecuteCodePipelineActionRoleDefaultPolicy2B66E78C": {
- "Type": "AWS::IAM::Policy",
- "Properties": {
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "cloudformation:DescribeChangeSet",
- "cloudformation:DescribeStacks",
- "cloudformation:ExecuteChangeSet"
- ],
- "Condition": {
- "StringEqualsIfExists": {
- "cloudformation:ChangeSetName": "CICD-ChangeSet"
- }
- },
- "Effect": "Allow",
- "Resource": {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
- },
- ":cloudformation:",
- {
- "Ref": "AWS::Region"
- },
- ":",
- {
- "Ref": "AWS::AccountId"
- },
- ":stack/CICD/*"
- ]
- ]
- }
- }
- ],
- "Version": "2012-10-17"
- },
- "PolicyName": "CodePipelineDeployExecuteCodePipelineActionRoleDefaultPolicy2B66E78C",
- "Roles": [
- {
- "Ref": "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49"
- }
- ]
- }
- },
- "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "AWS": {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
- },
- ":iam::",
- {
- "Ref": "AWS::AccountId"
- },
- ":root"
- ]
- ]
- }
- }
- }
- ],
- "Version": "2012-10-17"
- }
- }
- },
- "CodePipelineDeployChangeSetCodePipelineActionRoleDefaultPolicy87FA0C1E": {
- "Type": "AWS::IAM::Policy",
- "Properties": {
- "PolicyDocument": {
- "Statement": [
- {
- "Action": "iam:PassRole",
- "Effect": "Allow",
- "Resource": {
- "Fn::GetAtt": [
- "CodePipelineDeployChangeSetRoleF9F2B343",
- "Arn"
- ]
- }
- },
- {
- "Action": [
- "s3:GetBucket*",
- "s3:GetObject*",
- "s3:List*"
- ],
- "Effect": "Allow",
- "Resource": [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- "/*"
- ]
- ]
- }
- ]
- },
- {
- "Action": [
- "cloudformation:CreateChangeSet",
- "cloudformation:DeleteChangeSet",
- "cloudformation:DescribeChangeSet",
- "cloudformation:DescribeStacks"
- ],
- "Condition": {
- "StringEqualsIfExists": {
- "cloudformation:ChangeSetName": "CICD-ChangeSet"
- }
- },
- "Effect": "Allow",
- "Resource": {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
- },
- ":cloudformation:",
- {
- "Ref": "AWS::Region"
- },
- ":",
- {
- "Ref": "AWS::AccountId"
- },
- ":stack/CICD/*"
- ]
- ]
- }
- }
- ],
- "Version": "2012-10-17"
- },
- "PolicyName": "CodePipelineDeployChangeSetCodePipelineActionRoleDefaultPolicy87FA0C1E",
- "Roles": [
- {
- "Ref": "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A"
- }
- ]
- }
- },
- "CodePipelineDeployChangeSetRoleF9F2B343": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "Service": "cloudformation.amazonaws.com"
- }
- }
- ],
- "Version": "2012-10-17"
- }
- }
- },
- "CodePipelineDeployChangeSetRoleDefaultPolicy289820BE": {
- "Type": "AWS::IAM::Policy",
- "Properties": {
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:GetBucket*",
- "s3:GetObject*",
- "s3:List*"
- ],
- "Effect": "Allow",
- "Resource": [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- "/*"
- ]
- ]
- }
- ]
- }
- ],
- "Version": "2012-10-17"
- },
- "PolicyName": "CodePipelineDeployChangeSetRoleDefaultPolicy289820BE",
- "Roles": [
- {
- "Ref": "CodePipelineDeployChangeSetRoleF9F2B343"
- }
- ]
- }
- }
- },
- "Parameters": {
- "BootstrapVersion": {
- "Type": "AWS::SSM::Parameter::Value",
- "Default": "/cdk-bootstrap/hnb659fds/version",
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
- }
- },
- "Rules": {
- "CheckBootstrapVersion": {
- "Assertions": [
- {
- "Assert": {
- "Fn::Not": [
- {
- "Fn::Contains": [
- [
- "1",
- "2",
- "3",
- "4",
- "5"
- ],
- {
- "Ref": "BootstrapVersion"
- }
- ]
- }
- ]
- },
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
- }
- ]
- }
- }
-}
\ No newline at end of file
diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/cdk.out b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/cdk.out
deleted file mode 100644
index 588d7b269d34f..0000000000000
--- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/cdk.out
+++ /dev/null
@@ -1 +0,0 @@
-{"version":"20.0.0"}
\ No newline at end of file
diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/integ.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/integ.json
deleted file mode 100644
index 0d70306fbd254..0000000000000
--- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/integ.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
- "version": "20.0.0",
- "testCases": {
- "integ.cicd": {
- "stacks": [
- "CICD"
- ],
- "diffAssets": false,
- "stackUpdateWorkflow": true
- }
- },
- "synthContext": {},
- "enableLookups": false
-}
\ No newline at end of file
diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/manifest.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/manifest.json
deleted file mode 100644
index 79550f2289dd9..0000000000000
--- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/manifest.json
+++ /dev/null
@@ -1,118 +0,0 @@
-{
- "version": "20.0.0",
- "artifacts": {
- "Tree": {
- "type": "cdk:tree",
- "properties": {
- "file": "tree.json"
- }
- },
- "CICD.assets": {
- "type": "cdk:asset-manifest",
- "properties": {
- "file": "CICD.assets.json",
- "requiresBootstrapStackVersion": 6,
- "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
- }
- },
- "CICD": {
- "type": "aws:cloudformation:stack",
- "environment": "aws://unknown-account/unknown-region",
- "properties": {
- "templateFile": "CICD.template.json",
- "validateOnSynth": false,
- "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
- "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
- "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/4844d07f1e19de1a0f6926b94b9bc19bf4e39bbb14b8511dee5d345f776182c7.json",
- "requiresBootstrapStackVersion": 6,
- "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
- "additionalDependencies": [
- "CICD.assets"
- ],
- "lookupRole": {
- "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
- "requiresBootstrapStackVersion": 8,
- "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
- }
- },
- "dependencies": [
- "CICD.assets"
- ],
- "metadata": {
- "/CICD/ArtifactBucket/Resource": [
- {
- "type": "aws:cdk:logicalId",
- "data": "ArtifactBucket7410C9EF"
- }
- ],
- "/CICD/CodePipeline/Role/Resource": [
- {
- "type": "aws:cdk:logicalId",
- "data": "CodePipelineRoleB3A660B4"
- }
- ],
- "/CICD/CodePipeline/Role/DefaultPolicy/Resource": [
- {
- "type": "aws:cdk:logicalId",
- "data": "CodePipelineRoleDefaultPolicy8D520A8D"
- }
- ],
- "/CICD/CodePipeline/Resource": [
- {
- "type": "aws:cdk:logicalId",
- "data": "CodePipelineB74E5936"
- }
- ],
- "/CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/Resource": [
- {
- "type": "aws:cdk:logicalId",
- "data": "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49"
- }
- ],
- "/CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/DefaultPolicy/Resource": [
- {
- "type": "aws:cdk:logicalId",
- "data": "CodePipelineDeployExecuteCodePipelineActionRoleDefaultPolicy2B66E78C"
- }
- ],
- "/CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/Resource": [
- {
- "type": "aws:cdk:logicalId",
- "data": "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A"
- }
- ],
- "/CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/DefaultPolicy/Resource": [
- {
- "type": "aws:cdk:logicalId",
- "data": "CodePipelineDeployChangeSetCodePipelineActionRoleDefaultPolicy87FA0C1E"
- }
- ],
- "/CICD/CodePipeline/Deploy/ChangeSet/Role/Resource": [
- {
- "type": "aws:cdk:logicalId",
- "data": "CodePipelineDeployChangeSetRoleF9F2B343"
- }
- ],
- "/CICD/CodePipeline/Deploy/ChangeSet/Role/DefaultPolicy/Resource": [
- {
- "type": "aws:cdk:logicalId",
- "data": "CodePipelineDeployChangeSetRoleDefaultPolicy289820BE"
- }
- ],
- "/CICD/BootstrapVersion": [
- {
- "type": "aws:cdk:logicalId",
- "data": "BootstrapVersion"
- }
- ],
- "/CICD/CheckBootstrapVersion": [
- {
- "type": "aws:cdk:logicalId",
- "data": "CheckBootstrapVersion"
- }
- ]
- },
- "displayName": "CICD"
- }
- }
-}
\ No newline at end of file
diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/tree.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/tree.json
deleted file mode 100644
index 050d661c67e70..0000000000000
--- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/tree.json
+++ /dev/null
@@ -1,738 +0,0 @@
-{
- "version": "tree-0.1",
- "tree": {
- "id": "App",
- "path": "",
- "children": {
- "Tree": {
- "id": "Tree",
- "path": "Tree",
- "constructInfo": {
- "fqn": "constructs.Construct",
- "version": "10.1.85"
- }
- },
- "CICD": {
- "id": "CICD",
- "path": "CICD",
- "children": {
- "ArtifactBucket": {
- "id": "ArtifactBucket",
- "path": "CICD/ArtifactBucket",
- "children": {
- "Resource": {
- "id": "Resource",
- "path": "CICD/ArtifactBucket/Resource",
- "attributes": {
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
- "aws:cdk:cloudformation:props": {}
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-s3.CfnBucket",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-s3.Bucket",
- "version": "0.0.0"
- }
- },
- "CodePipeline": {
- "id": "CodePipeline",
- "path": "CICD/CodePipeline",
- "children": {
- "Role": {
- "id": "Role",
- "path": "CICD/CodePipeline/Role",
- "children": {
- "Resource": {
- "id": "Resource",
- "path": "CICD/CodePipeline/Role/Resource",
- "attributes": {
- "aws:cdk:cloudformation:type": "AWS::IAM::Role",
- "aws:cdk:cloudformation:props": {
- "assumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "Service": "codepipeline.amazonaws.com"
- }
- }
- ],
- "Version": "2012-10-17"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.CfnRole",
- "version": "0.0.0"
- }
- },
- "DefaultPolicy": {
- "id": "DefaultPolicy",
- "path": "CICD/CodePipeline/Role/DefaultPolicy",
- "children": {
- "Resource": {
- "id": "Resource",
- "path": "CICD/CodePipeline/Role/DefaultPolicy/Resource",
- "attributes": {
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
- "aws:cdk:cloudformation:props": {
- "policyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:Abort*",
- "s3:DeleteObject*",
- "s3:GetBucket*",
- "s3:GetObject*",
- "s3:List*",
- "s3:PutObject",
- "s3:PutObjectLegalHold",
- "s3:PutObjectRetention",
- "s3:PutObjectTagging",
- "s3:PutObjectVersionTagging"
- ],
- "Effect": "Allow",
- "Resource": [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- "/*"
- ]
- ]
- }
- ]
- },
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Resource": [
- {
- "Fn::GetAtt": [
- "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A",
- "Arn"
- ]
- },
- {
- "Fn::GetAtt": [
- "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49",
- "Arn"
- ]
- }
- ]
- }
- ],
- "Version": "2012-10-17"
- },
- "policyName": "CodePipelineRoleDefaultPolicy8D520A8D",
- "roles": [
- {
- "Ref": "CodePipelineRoleB3A660B4"
- }
- ]
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.CfnPolicy",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.Policy",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.Role",
- "version": "0.0.0"
- }
- },
- "Resource": {
- "id": "Resource",
- "path": "CICD/CodePipeline/Resource",
- "attributes": {
- "aws:cdk:cloudformation:type": "AWS::CodePipeline::Pipeline",
- "aws:cdk:cloudformation:props": {
- "roleArn": {
- "Fn::GetAtt": [
- "CodePipelineRoleB3A660B4",
- "Arn"
- ]
- },
- "stages": [
- {
- "name": "Source",
- "actions": [
- {
- "name": "GitHub",
- "outputArtifacts": [
- {
- "name": "Artifact_CICDGitHubF8BA7ADD"
- }
- ],
- "actionTypeId": {
- "category": "Source",
- "version": "1",
- "owner": "ThirdParty",
- "provider": "GitHub"
- },
- "configuration": {
- "Owner": "awslabs",
- "Repo": "aws-cdk",
- "Branch": "master",
- "OAuthToken": "DummyToken",
- "PollForSourceChanges": true
- },
- "runOrder": 1
- }
- ]
- },
- {
- "name": "Deploy",
- "actions": [
- {
- "name": "ChangeSet",
- "inputArtifacts": [
- {
- "name": "Artifact_CICDGitHubF8BA7ADD"
- }
- ],
- "actionTypeId": {
- "category": "Deploy",
- "version": "1",
- "owner": "AWS",
- "provider": "CloudFormation"
- },
- "configuration": {
- "StackName": "CICD",
- "RoleArn": {
- "Fn::GetAtt": [
- "CodePipelineDeployChangeSetRoleF9F2B343",
- "Arn"
- ]
- },
- "ActionMode": "CHANGE_SET_REPLACE",
- "ChangeSetName": "CICD-ChangeSet",
- "TemplatePath": "Artifact_CICDGitHubF8BA7ADD::CICD.template.json"
- },
- "runOrder": 10,
- "roleArn": {
- "Fn::GetAtt": [
- "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A",
- "Arn"
- ]
- }
- },
- {
- "name": "Execute",
- "actionTypeId": {
- "category": "Deploy",
- "version": "1",
- "owner": "AWS",
- "provider": "CloudFormation"
- },
- "configuration": {
- "StackName": "CICD",
- "ActionMode": "CHANGE_SET_EXECUTE",
- "ChangeSetName": "CICD-ChangeSet"
- },
- "runOrder": 999,
- "roleArn": {
- "Fn::GetAtt": [
- "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49",
- "Arn"
- ]
- }
- }
- ]
- }
- ],
- "artifactStore": {
- "type": "S3",
- "location": {
- "Ref": "ArtifactBucket7410C9EF"
- }
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-codepipeline.CfnPipeline",
- "version": "0.0.0"
- }
- },
- "Source": {
- "id": "Source",
- "path": "CICD/CodePipeline/Source",
- "children": {
- "GitHub": {
- "id": "GitHub",
- "path": "CICD/CodePipeline/Source/GitHub",
- "constructInfo": {
- "fqn": "constructs.Construct",
- "version": "10.1.85"
- }
- }
- },
- "constructInfo": {
- "fqn": "constructs.Construct",
- "version": "10.1.85"
- }
- },
- "Deploy": {
- "id": "Deploy",
- "path": "CICD/CodePipeline/Deploy",
- "children": {
- "Execute": {
- "id": "Execute",
- "path": "CICD/CodePipeline/Deploy/Execute",
- "children": {
- "CodePipelineActionRole": {
- "id": "CodePipelineActionRole",
- "path": "CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole",
- "children": {
- "Resource": {
- "id": "Resource",
- "path": "CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/Resource",
- "attributes": {
- "aws:cdk:cloudformation:type": "AWS::IAM::Role",
- "aws:cdk:cloudformation:props": {
- "assumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "AWS": {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
- },
- ":iam::",
- {
- "Ref": "AWS::AccountId"
- },
- ":root"
- ]
- ]
- }
- }
- }
- ],
- "Version": "2012-10-17"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.CfnRole",
- "version": "0.0.0"
- }
- },
- "8389e75f-0810-4838-bf64-d6f85a95cf83": {
- "id": "8389e75f-0810-4838-bf64-d6f85a95cf83",
- "path": "CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/8389e75f-0810-4838-bf64-d6f85a95cf83",
- "constructInfo": {
- "fqn": "constructs.Construct",
- "version": "10.1.85"
- }
- },
- "DefaultPolicy": {
- "id": "DefaultPolicy",
- "path": "CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/DefaultPolicy",
- "children": {
- "Resource": {
- "id": "Resource",
- "path": "CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/DefaultPolicy/Resource",
- "attributes": {
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
- "aws:cdk:cloudformation:props": {
- "policyDocument": {
- "Statement": [
- {
- "Action": [
- "cloudformation:DescribeChangeSet",
- "cloudformation:DescribeStacks",
- "cloudformation:ExecuteChangeSet"
- ],
- "Condition": {
- "StringEqualsIfExists": {
- "cloudformation:ChangeSetName": "CICD-ChangeSet"
- }
- },
- "Effect": "Allow",
- "Resource": {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
- },
- ":cloudformation:",
- {
- "Ref": "AWS::Region"
- },
- ":",
- {
- "Ref": "AWS::AccountId"
- },
- ":stack/CICD/*"
- ]
- ]
- }
- }
- ],
- "Version": "2012-10-17"
- },
- "policyName": "CodePipelineDeployExecuteCodePipelineActionRoleDefaultPolicy2B66E78C",
- "roles": [
- {
- "Ref": "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49"
- }
- ]
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.CfnPolicy",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.Policy",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.Role",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "constructs.Construct",
- "version": "10.1.85"
- }
- },
- "ChangeSet": {
- "id": "ChangeSet",
- "path": "CICD/CodePipeline/Deploy/ChangeSet",
- "children": {
- "CodePipelineActionRole": {
- "id": "CodePipelineActionRole",
- "path": "CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole",
- "children": {
- "Resource": {
- "id": "Resource",
- "path": "CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/Resource",
- "attributes": {
- "aws:cdk:cloudformation:type": "AWS::IAM::Role",
- "aws:cdk:cloudformation:props": {
- "assumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "AWS": {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
- },
- ":iam::",
- {
- "Ref": "AWS::AccountId"
- },
- ":root"
- ]
- ]
- }
- }
- }
- ],
- "Version": "2012-10-17"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.CfnRole",
- "version": "0.0.0"
- }
- },
- "8389e75f-0810-4838-bf64-d6f85a95cf83": {
- "id": "8389e75f-0810-4838-bf64-d6f85a95cf83",
- "path": "CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/8389e75f-0810-4838-bf64-d6f85a95cf83",
- "constructInfo": {
- "fqn": "constructs.Construct",
- "version": "10.1.85"
- }
- },
- "DefaultPolicy": {
- "id": "DefaultPolicy",
- "path": "CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/DefaultPolicy",
- "children": {
- "Resource": {
- "id": "Resource",
- "path": "CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/DefaultPolicy/Resource",
- "attributes": {
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
- "aws:cdk:cloudformation:props": {
- "policyDocument": {
- "Statement": [
- {
- "Action": "iam:PassRole",
- "Effect": "Allow",
- "Resource": {
- "Fn::GetAtt": [
- "CodePipelineDeployChangeSetRoleF9F2B343",
- "Arn"
- ]
- }
- },
- {
- "Action": [
- "s3:GetBucket*",
- "s3:GetObject*",
- "s3:List*"
- ],
- "Effect": "Allow",
- "Resource": [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- "/*"
- ]
- ]
- }
- ]
- },
- {
- "Action": [
- "cloudformation:CreateChangeSet",
- "cloudformation:DeleteChangeSet",
- "cloudformation:DescribeChangeSet",
- "cloudformation:DescribeStacks"
- ],
- "Condition": {
- "StringEqualsIfExists": {
- "cloudformation:ChangeSetName": "CICD-ChangeSet"
- }
- },
- "Effect": "Allow",
- "Resource": {
- "Fn::Join": [
- "",
- [
- "arn:",
- {
- "Ref": "AWS::Partition"
- },
- ":cloudformation:",
- {
- "Ref": "AWS::Region"
- },
- ":",
- {
- "Ref": "AWS::AccountId"
- },
- ":stack/CICD/*"
- ]
- ]
- }
- }
- ],
- "Version": "2012-10-17"
- },
- "policyName": "CodePipelineDeployChangeSetCodePipelineActionRoleDefaultPolicy87FA0C1E",
- "roles": [
- {
- "Ref": "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A"
- }
- ]
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.CfnPolicy",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.Policy",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.Role",
- "version": "0.0.0"
- }
- },
- "Role": {
- "id": "Role",
- "path": "CICD/CodePipeline/Deploy/ChangeSet/Role",
- "children": {
- "Resource": {
- "id": "Resource",
- "path": "CICD/CodePipeline/Deploy/ChangeSet/Role/Resource",
- "attributes": {
- "aws:cdk:cloudformation:type": "AWS::IAM::Role",
- "aws:cdk:cloudformation:props": {
- "assumeRolePolicyDocument": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Effect": "Allow",
- "Principal": {
- "Service": "cloudformation.amazonaws.com"
- }
- }
- ],
- "Version": "2012-10-17"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.CfnRole",
- "version": "0.0.0"
- }
- },
- "DefaultPolicy": {
- "id": "DefaultPolicy",
- "path": "CICD/CodePipeline/Deploy/ChangeSet/Role/DefaultPolicy",
- "children": {
- "Resource": {
- "id": "Resource",
- "path": "CICD/CodePipeline/Deploy/ChangeSet/Role/DefaultPolicy/Resource",
- "attributes": {
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
- "aws:cdk:cloudformation:props": {
- "policyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:GetBucket*",
- "s3:GetObject*",
- "s3:List*"
- ],
- "Effect": "Allow",
- "Resource": [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- {
- "Fn::GetAtt": [
- "ArtifactBucket7410C9EF",
- "Arn"
- ]
- },
- "/*"
- ]
- ]
- }
- ]
- }
- ],
- "Version": "2012-10-17"
- },
- "policyName": "CodePipelineDeployChangeSetRoleDefaultPolicy289820BE",
- "roles": [
- {
- "Ref": "CodePipelineDeployChangeSetRoleF9F2B343"
- }
- ]
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.CfnPolicy",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.Policy",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-iam.Role",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "constructs.Construct",
- "version": "10.1.85"
- }
- }
- },
- "constructInfo": {
- "fqn": "constructs.Construct",
- "version": "10.1.85"
- }
- }
- },
- "constructInfo": {
- "fqn": "@aws-cdk/aws-codepipeline.Pipeline",
- "version": "0.0.0"
- }
- }
- },
- "constructInfo": {
- "fqn": "constructs.Construct",
- "version": "10.1.85"
- }
- }
- },
- "constructInfo": {
- "fqn": "constructs.Construct",
- "version": "10.1.85"
- }
- }
-}
\ No newline at end of file
diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.ts b/packages/@aws-cdk/app-delivery/test/integ.cicd.ts
deleted file mode 100644
index d0f148bb82dd8..0000000000000
--- a/packages/@aws-cdk/app-delivery/test/integ.cicd.ts
+++ /dev/null
@@ -1,40 +0,0 @@
-import * as cfn from '@aws-cdk/aws-cloudformation';
-import * as codepipeline from '@aws-cdk/aws-codepipeline';
-import * as cpactions from '@aws-cdk/aws-codepipeline-actions';
-import * as s3 from '@aws-cdk/aws-s3';
-import * as cdk from '@aws-cdk/core';
-import * as cicd from '../lib';
-
-const app = new cdk.App();
-
-const stack = new cdk.Stack(app, 'CICD');
-const pipeline = new codepipeline.Pipeline(stack, 'CodePipeline', {
- artifactBucket: new s3.Bucket(stack, 'ArtifactBucket', {
- removalPolicy: cdk.RemovalPolicy.DESTROY,
- }),
-});
-const sourceOutput = new codepipeline.Artifact('Artifact_CICDGitHubF8BA7ADD');
-const source = new cpactions.GitHubSourceAction({
- actionName: 'GitHub',
- owner: 'awslabs',
- repo: 'aws-cdk',
- oauthToken: cdk.SecretValue.unsafePlainText('DummyToken'),
- trigger: cpactions.GitHubTrigger.POLL,
- output: sourceOutput,
-});
-pipeline.addStage({
- stageName: 'Source',
- actions: [source],
-});
-const stage = pipeline.addStage({ stageName: 'Deploy' });
-stage.addAction(new cicd.PipelineDeployStackAction({
- stack,
- changeSetName: 'CICD-ChangeSet',
- createChangeSetRunOrder: 10,
- executeChangeSetRunOrder: 999,
- input: sourceOutput,
- adminPermissions: false,
- capabilities: [cfn.CloudFormationCapabilities.NONE],
-}));
-
-app.synth();
diff --git a/packages/@aws-cdk/app-delivery/test/pipeline-deploy-stack-action.test.ts b/packages/@aws-cdk/app-delivery/test/pipeline-deploy-stack-action.test.ts
deleted file mode 100644
index ccd9c230fe284..0000000000000
--- a/packages/@aws-cdk/app-delivery/test/pipeline-deploy-stack-action.test.ts
+++ /dev/null
@@ -1,503 +0,0 @@
-import { Match, Matcher, Template } from '@aws-cdk/assertions';
-import * as cfn from '@aws-cdk/aws-cloudformation';
-import * as codebuild from '@aws-cdk/aws-codebuild';
-import * as codepipeline from '@aws-cdk/aws-codepipeline';
-import * as cpactions from '@aws-cdk/aws-codepipeline-actions';
-import * as events from '@aws-cdk/aws-events';
-import * as iam from '@aws-cdk/aws-iam';
-import * as s3 from '@aws-cdk/aws-s3';
-import { describeDeprecated } from '@aws-cdk/cdk-build-tools';
-import * as cxschema from '@aws-cdk/cloud-assembly-schema';
-import * as cdk from '@aws-cdk/core';
-import * as constructs from 'constructs';
-import * as fc from 'fast-check';
-import { PipelineDeployStackAction } from '../lib/pipeline-deploy-stack-action';
-
-interface SelfUpdatingPipeline {
- synthesizedApp: codepipeline.Artifact;
- pipeline: codepipeline.Pipeline;
-}
-const accountId = fc.array(fc.integer(0, 9), 12, 12).map(arr => arr.join());
-
-describeDeprecated('pipeline deploy stack action', () => {
- test('rejects cross-environment deployment', () => {
- fc.assert(
- fc.property(
- accountId, accountId,
- (pipelineAccount, stackAccount) => {
- fc.pre(pipelineAccount !== stackAccount);
- expect(() => {
- const app = new cdk.App();
- const stack = new cdk.Stack(app, 'Test', { env: { account: pipelineAccount } });
- const pipeline = new codepipeline.Pipeline(stack, 'Pipeline');
- const fakeAction = new FakeAction('Fake');
- pipeline.addStage({
- stageName: 'FakeStage',
- actions: [fakeAction],
- });
-
- const deployStage = pipeline.addStage({ stageName: 'DeployStage' });
- deployStage.addAction(new PipelineDeployStackAction({
- changeSetName: 'ChangeSet',
- input: fakeAction.outputArtifact,
- stack: new cdk.Stack(app, 'DeployedStack', { env: { account: stackAccount } }),
- adminPermissions: false,
- }));
- }).toThrow('Cross-environment deployment is not supported');
- },
- ),
- );
-
- });
-
- test('rejects createRunOrder >= executeRunOrder', () => {
- fc.assert(
- fc.property(
- fc.integer(1, 999), fc.integer(1, 999),
- (createRunOrder, executeRunOrder) => {
- fc.pre(createRunOrder >= executeRunOrder);
- expect(() => {
- const app = new cdk.App();
- const stack = new cdk.Stack(app, 'Test');
- const pipeline = new codepipeline.Pipeline(stack, 'Pipeline');
- const fakeAction = new FakeAction('Fake');
- pipeline.addStage({
- stageName: 'FakeStage',
- actions: [fakeAction],
- });
- const deployStage = pipeline.addStage({ stageName: 'DeployStage' });
- deployStage.addAction(new PipelineDeployStackAction({
- changeSetName: 'ChangeSet',
- createChangeSetRunOrder: createRunOrder,
- executeChangeSetRunOrder: executeRunOrder,
- input: fakeAction.outputArtifact,
- stack: new cdk.Stack(app, 'DeployedStack'),
- adminPermissions: false,
- }));
- }).toThrow(/createChangeSetRunOrder .* must be < executeChangeSetRunOrder/);
- },
- ),
- );
-
- });
- test('users can supply CloudFormation capabilities', () => {
- const pipelineStack = getTestStack();
- const stackWithNoCapability = new cdk.Stack(undefined, 'NoCapStack',
- { env: { account: '123456789012', region: 'us-east-1' } });
-
- const stackWithAnonymousCapability = new cdk.Stack(undefined, 'AnonymousIAM',
- { env: { account: '123456789012', region: 'us-east-1' } });
-
- const stackWithAutoExpandCapability = new cdk.Stack(undefined, 'AutoExpand',
- { env: { account: '123456789012', region: 'us-east-1' } });
-
- const stackWithAnonymousAndAutoExpandCapability = new cdk.Stack(undefined, 'AnonymousIAMAndAutoExpand',
- { env: { account: '123456789012', region: 'us-east-1' } });
-
- const selfUpdatingStack = createSelfUpdatingStack(pipelineStack);
-
- const pipeline = selfUpdatingStack.pipeline;
-
- const selfUpdateStage1 = pipeline.addStage({ stageName: 'SelfUpdate1' });
- const selfUpdateStage2 = pipeline.addStage({ stageName: 'SelfUpdate2' });
- const selfUpdateStage3 = pipeline.addStage({ stageName: 'SelfUpdate3' });
- const selfUpdateStage4 = pipeline.addStage({ stageName: 'SelfUpdate4' });
- const selfUpdateStage5 = pipeline.addStage({ stageName: 'SelfUpdate5' });
-
- selfUpdateStage1.addAction(new PipelineDeployStackAction({
- stack: pipelineStack,
- input: selfUpdatingStack.synthesizedApp,
- capabilities: [cfn.CloudFormationCapabilities.NAMED_IAM],
- adminPermissions: false,
- }));
- selfUpdateStage2.addAction(new PipelineDeployStackAction({
- stack: stackWithNoCapability,
- input: selfUpdatingStack.synthesizedApp,
- capabilities: [cfn.CloudFormationCapabilities.NONE],
- adminPermissions: false,
- }));
- selfUpdateStage3.addAction(new PipelineDeployStackAction({
- stack: stackWithAnonymousCapability,
- input: selfUpdatingStack.synthesizedApp,
- capabilities: [cfn.CloudFormationCapabilities.ANONYMOUS_IAM],
- adminPermissions: false,
- }));
- selfUpdateStage4.addAction(new PipelineDeployStackAction({
- stack: stackWithAutoExpandCapability,
- input: selfUpdatingStack.synthesizedApp,
- capabilities: [cfn.CloudFormationCapabilities.AUTO_EXPAND],
- adminPermissions: false,
- }));
- selfUpdateStage5.addAction(new PipelineDeployStackAction({
- stack: stackWithAnonymousAndAutoExpandCapability,
- input: selfUpdatingStack.synthesizedApp,
- capabilities: [cfn.CloudFormationCapabilities.ANONYMOUS_IAM, cfn.CloudFormationCapabilities.AUTO_EXPAND],
- adminPermissions: false,
- }));
-
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({
- StackName: 'TestStack',
- ActionMode: 'CHANGE_SET_REPLACE',
- Capabilities: 'CAPABILITY_NAMED_IAM',
- }));
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({
- StackName: 'AnonymousIAM',
- ActionMode: 'CHANGE_SET_REPLACE',
- Capabilities: 'CAPABILITY_IAM',
- }));
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', Match.not(hasPipelineActionConfiguration({
- StackName: 'NoCapStack',
- ActionMode: 'CHANGE_SET_REPLACE',
- Capabilities: 'CAPABILITY_NAMED_IAM',
- })));
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', Match.not(hasPipelineActionConfiguration({
- StackName: 'NoCapStack',
- ActionMode: 'CHANGE_SET_REPLACE',
- Capabilities: 'CAPABILITY_IAM',
- })));
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({
- StackName: 'NoCapStack',
- ActionMode: 'CHANGE_SET_REPLACE',
- }));
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({
- StackName: 'AutoExpand',
- ActionMode: 'CHANGE_SET_REPLACE',
- Capabilities: 'CAPABILITY_AUTO_EXPAND',
- }));
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({
- StackName: 'AnonymousIAMAndAutoExpand',
- ActionMode: 'CHANGE_SET_REPLACE',
- Capabilities: 'CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND',
- }));
- });
-
- test('users can use admin permissions', () => {
- const pipelineStack = getTestStack();
- const selfUpdatingStack = createSelfUpdatingStack(pipelineStack);
-
- const pipeline = selfUpdatingStack.pipeline;
- const selfUpdateStage = pipeline.addStage({ stageName: 'SelfUpdate' });
- selfUpdateStage.addAction(new PipelineDeployStackAction({
- stack: pipelineStack,
- input: selfUpdatingStack.synthesizedApp,
- adminPermissions: true,
- }));
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', {
- PolicyDocument: {
- Version: '2012-10-17',
- Statement: [
- {
- Action: [
- 's3:GetObject*',
- 's3:GetBucket*',
- 's3:List*',
- ],
- Effect: 'Allow',
- Resource: [
- {
- 'Fn::GetAtt': [
- 'CodePipelineArtifactsBucketF1E925CF',
- 'Arn',
- ],
- },
- {
- 'Fn::Join': [
- '',
- [
- {
- 'Fn::GetAtt': [
- 'CodePipelineArtifactsBucketF1E925CF',
- 'Arn',
- ],
- },
- '/*',
- ],
- ],
- },
- ],
- },
- {
- Action: [
- 'kms:Decrypt',
- 'kms:DescribeKey',
- ],
- Effect: 'Allow',
- Resource: {
- 'Fn::GetAtt': [
- 'CodePipelineArtifactsBucketEncryptionKey85407CB4',
- 'Arn',
- ],
- },
- },
- {
- Action: '*',
- Effect: 'Allow',
- Resource: '*',
- },
- ],
- },
- });
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({
- StackName: 'TestStack',
- ActionMode: 'CHANGE_SET_REPLACE',
- Capabilities: 'CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND',
- }));
- });
-
- test('users can supply a role for deploy action', () => {
- const pipelineStack = getTestStack();
- const selfUpdatingStack = createSelfUpdatingStack(pipelineStack);
-
- const role = new iam.Role(pipelineStack, 'MyRole', {
- assumedBy: new iam.ServicePrincipal('cloudformation.amazonaws.com'),
- });
- const pipeline = selfUpdatingStack.pipeline;
- const selfUpdateStage = pipeline.addStage({ stageName: 'SelfUpdate' });
- const deployAction = new PipelineDeployStackAction({
- stack: pipelineStack,
- input: selfUpdatingStack.synthesizedApp,
- adminPermissions: false,
- role,
- });
- selfUpdateStage.addAction(deployAction);
- expect(deployAction.deploymentRole).toEqual(role);
-
- });
- test('users can specify IAM permissions for the deploy action', () => {
- // GIVEN //
- const pipelineStack = getTestStack();
-
- // the fake stack to deploy
- const emptyStack = getTestStack();
-
- const selfUpdatingStack = createSelfUpdatingStack(pipelineStack);
- const pipeline = selfUpdatingStack.pipeline;
-
- // WHEN //
- // this our app/service/infra to deploy
- const deployStage = pipeline.addStage({ stageName: 'Deploy' });
- const deployAction = new PipelineDeployStackAction({
- stack: emptyStack,
- input: selfUpdatingStack.synthesizedApp,
- adminPermissions: false,
- });
- deployStage.addAction(deployAction);
- // we might need to add permissions
- deployAction.addToDeploymentRolePolicy(new iam.PolicyStatement({
- actions: [
- 'ec2:AuthorizeSecurityGroupEgress',
- 'ec2:AuthorizeSecurityGroupIngress',
- 'ec2:DeleteSecurityGroup',
- 'ec2:DescribeSecurityGroups',
- 'ec2:CreateSecurityGroup',
- 'ec2:RevokeSecurityGroupEgress',
- 'ec2:RevokeSecurityGroupIngress',
- ],
- resources: ['*'],
- }));
-
- // THEN //
- Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', {
- PolicyDocument: {
- Version: '2012-10-17',
- Statement: [
- {
- Action: [
- 's3:GetObject*',
- 's3:GetBucket*',
- 's3:List*',
- ],
- Effect: 'Allow',
- Resource: [
- {
- 'Fn::GetAtt': [
- 'CodePipelineArtifactsBucketF1E925CF',
- 'Arn',
- ],
- },
- {
- 'Fn::Join': [
- '',
- [
- {
- 'Fn::GetAtt': [
- 'CodePipelineArtifactsBucketF1E925CF',
- 'Arn',
- ],
- },
- '/*',
- ],
- ],
- },
- ],
- },
- {
- Action: [
- 'kms:Decrypt',
- 'kms:DescribeKey',
- ],
- Effect: 'Allow',
- Resource: {
- 'Fn::GetAtt': [
- 'CodePipelineArtifactsBucketEncryptionKey85407CB4',
- 'Arn',
- ],
- },
- },
- {
- Action: [
- 'ec2:AuthorizeSecurityGroupEgress',
- 'ec2:AuthorizeSecurityGroupIngress',
- 'ec2:DeleteSecurityGroup',
- 'ec2:DescribeSecurityGroups',
- 'ec2:CreateSecurityGroup',
- 'ec2:RevokeSecurityGroupEgress',
- 'ec2:RevokeSecurityGroupIngress',
- ],
- Effect: 'Allow',
- Resource: '*',
- },
- ],
- },
- Roles: [
- {
- Ref: 'CodePipelineDeployChangeSetRoleF9F2B343',
- },
- ],
- });
-
- });
- test('rejects stacks with assets', () => {
- fc.assert(
- fc.property(
- fc.integer(1, 5),
- (assetCount) => {
- const app = new cdk.App();
-
- const deployedStack = new cdk.Stack(app, 'DeployedStack');
- for (let i = 0; i < assetCount; i++) {
- deployedStack.node.addMetadata(cxschema.ArtifactMetadataEntryType.ASSET, {});
- }
-
- expect(() => {
- new PipelineDeployStackAction({
- changeSetName: 'ChangeSet',
- input: new codepipeline.Artifact(),
- stack: deployedStack,
- adminPermissions: false,
- });
- }).toThrow(/Cannot deploy the stack DeployedStack because it references/);
- },
- ),
- );
- });
-
- test('allows overriding the ChangeSet and Execute action names', () => {
- const stack = getTestStack();
- const selfUpdatingPipeline = createSelfUpdatingStack(stack);
- selfUpdatingPipeline.pipeline.addStage({
- stageName: 'Deploy',
- actions: [
- new PipelineDeployStackAction({
- input: selfUpdatingPipeline.synthesizedApp,
- adminPermissions: true,
- stack,
- createChangeSetActionName: 'Prepare',
- executeChangeSetActionName: 'Deploy',
- }),
- ],
- });
-
- Template.fromStack(stack).hasResourceProperties('AWS::CodePipeline::Pipeline', {
- Stages: Match.arrayWith([
- Match.objectLike({
- Name: 'Deploy',
- Actions: Match.arrayWith([
- Match.objectLike({
- Name: 'Prepare',
- }),
- Match.objectLike({
- Name: 'Deploy',
- }),
- ]),
- }),
- ]),
- });
- });
-});
-
-class FakeAction implements codepipeline.IAction {
- public readonly actionProperties: codepipeline.ActionProperties;
- public readonly outputArtifact: codepipeline.Artifact;
-
- constructor(actionName: string) {
- this.actionProperties = {
- actionName,
- artifactBounds: { minInputs: 0, maxInputs: 5, minOutputs: 0, maxOutputs: 5 },
- category: codepipeline.ActionCategory.TEST,
- provider: 'Test',
- };
- this.outputArtifact = new codepipeline.Artifact('OutputArtifact');
- }
-
- public bind(_scope: constructs.Construct, _stage: codepipeline.IStage, _options: codepipeline.ActionBindOptions):
- codepipeline.ActionConfig {
- return {};
- }
-
- public onStateChange(_name: string, _target?: events.IRuleTarget, _options?: events.RuleProps): events.Rule {
- throw new Error('onStateChange() is not available on FakeAction');
- }
-}
-
-function getTestStack(): cdk.Stack {
- return new cdk.Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'us-east-1' } });
-}
-
-function createSelfUpdatingStack(pipelineStack: cdk.Stack): SelfUpdatingPipeline {
- const pipeline = new codepipeline.Pipeline(pipelineStack, 'CodePipeline', {
- restartExecutionOnUpdate: true,
- });
-
- // simple source
- const bucket = s3.Bucket.fromBucketArn(pipeline, 'PatternBucket', 'arn:aws:s3:::totally-fake-bucket');
- const sourceOutput = new codepipeline.Artifact('SourceOutput');
- const sourceAction = new cpactions.S3SourceAction({
- actionName: 'S3Source',
- bucket,
- bucketKey: 'the-great-key',
- output: sourceOutput,
- });
- pipeline.addStage({
- stageName: 'source',
- actions: [sourceAction],
- });
-
- const project = new codebuild.PipelineProject(pipelineStack, 'CodeBuild');
- const buildOutput = new codepipeline.Artifact('BuildOutput');
- const buildAction = new cpactions.CodeBuildAction({
- actionName: 'CodeBuild',
- project,
- input: sourceOutput,
- outputs: [buildOutput],
- });
- pipeline.addStage({
- stageName: 'build',
- actions: [buildAction],
- });
- return { synthesizedApp: buildOutput, pipeline };
-}
-
-function hasPipelineActionConfiguration(expectedActionConfiguration: any): Matcher {
- return Match.objectLike({
- Stages: Match.arrayWith([
- Match.objectLike({
- Actions: Match.arrayWith([
- Match.objectLike({
- Configuration: expectedActionConfiguration,
- }),
- ]),
- }),
- ]),
- });
-}
\ No newline at end of file
diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json
index d03670b41c4d6..1e5ce8b89ec67 100644
--- a/packages/aws-cdk-lib/package.json
+++ b/packages/aws-cdk-lib/package.json
@@ -120,7 +120,6 @@
},
"devDependencies": {
"@aws-cdk/alexa-ask": "0.0.0",
- "@aws-cdk/app-delivery": "0.0.0",
"@aws-cdk/assertions": "0.0.0",
"@aws-cdk/assets": "0.0.0",
"@aws-cdk/aws-accessanalyzer": "0.0.0",
diff --git a/tests.txt b/tests.txt
index 7dd61ead63eca..a926eafe89f4c 100644
--- a/tests.txt
+++ b/tests.txt
@@ -1,4 +1,3 @@
-app-delivery/test/integ.cicd.js
aws-amplify/test/integ.app-asset-deployment.js
aws-amplify/test/integ.app-codecommit.js
aws-amplify/test/integ.app.js