From e047bd80ab08f49a22408eb8c5401f4306747eff Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Mon, 20 Sep 2021 10:55:00 +0100 Subject: [PATCH 1/6] feat(cfnspec): cloudformation spec v41.2.0 (#16550) Co-authored-by: AWS CDK Team --- packages/@aws-cdk/aws-aps/.eslintrc.js | 3 + packages/@aws-cdk/aws-aps/.gitignore | 19 + packages/@aws-cdk/aws-aps/.npmignore | 29 + packages/@aws-cdk/aws-aps/LICENSE | 201 ++++++ packages/@aws-cdk/aws-aps/NOTICE | 2 + packages/@aws-cdk/aws-aps/README.md | 20 + packages/@aws-cdk/aws-aps/jest.config.js | 2 + packages/@aws-cdk/aws-aps/lib/index.ts | 2 + packages/@aws-cdk/aws-aps/package.json | 103 +++ packages/@aws-cdk/aws-aps/test/aps.test.ts | 6 + packages/@aws-cdk/aws-healthlake/.eslintrc.js | 3 + packages/@aws-cdk/aws-healthlake/.gitignore | 19 + packages/@aws-cdk/aws-healthlake/.npmignore | 29 + packages/@aws-cdk/aws-healthlake/LICENSE | 201 ++++++ packages/@aws-cdk/aws-healthlake/NOTICE | 2 + packages/@aws-cdk/aws-healthlake/README.md | 20 + .../@aws-cdk/aws-healthlake/jest.config.js | 2 + packages/@aws-cdk/aws-healthlake/lib/index.ts | 2 + packages/@aws-cdk/aws-healthlake/package.json | 103 +++ .../aws-healthlake/test/healthlake.test.ts | 6 + packages/@aws-cdk/cfnspec/CHANGELOG.md | 34 + packages/@aws-cdk/cfnspec/cfn.version | 2 +- ...0_CloudFormationResourceSpecification.json | 592 +++++++++++++++++- .../cloudformation-include/package.json | 4 + packages/aws-cdk-lib/package.json | 2 + packages/decdk/package.json | 2 + packages/monocdk/package.json | 2 + 27 files changed, 1407 insertions(+), 5 deletions(-) create mode 100644 packages/@aws-cdk/aws-aps/.eslintrc.js create mode 100644 packages/@aws-cdk/aws-aps/.gitignore create mode 100644 packages/@aws-cdk/aws-aps/.npmignore create mode 100644 packages/@aws-cdk/aws-aps/LICENSE create mode 100644 packages/@aws-cdk/aws-aps/NOTICE create mode 100644 packages/@aws-cdk/aws-aps/README.md create mode 100644 packages/@aws-cdk/aws-aps/jest.config.js create mode 100644 packages/@aws-cdk/aws-aps/lib/index.ts create mode 100644 packages/@aws-cdk/aws-aps/package.json create mode 100644 packages/@aws-cdk/aws-aps/test/aps.test.ts create mode 100644 packages/@aws-cdk/aws-healthlake/.eslintrc.js create mode 100644 packages/@aws-cdk/aws-healthlake/.gitignore create mode 100644 packages/@aws-cdk/aws-healthlake/.npmignore create mode 100644 packages/@aws-cdk/aws-healthlake/LICENSE create mode 100644 packages/@aws-cdk/aws-healthlake/NOTICE create mode 100644 packages/@aws-cdk/aws-healthlake/README.md create mode 100644 packages/@aws-cdk/aws-healthlake/jest.config.js create mode 100644 packages/@aws-cdk/aws-healthlake/lib/index.ts create mode 100644 packages/@aws-cdk/aws-healthlake/package.json create mode 100644 packages/@aws-cdk/aws-healthlake/test/healthlake.test.ts diff --git a/packages/@aws-cdk/aws-aps/.eslintrc.js b/packages/@aws-cdk/aws-aps/.eslintrc.js new file mode 100644 index 0000000000000..61dd8dd001f63 --- /dev/null +++ b/packages/@aws-cdk/aws-aps/.eslintrc.js @@ -0,0 +1,3 @@ +const baseConfig = require('cdk-build-tools/config/eslintrc'); +baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; +module.exports = baseConfig; diff --git a/packages/@aws-cdk/aws-aps/.gitignore b/packages/@aws-cdk/aws-aps/.gitignore new file mode 100644 index 0000000000000..62ebc95d75ce6 --- /dev/null +++ b/packages/@aws-cdk/aws-aps/.gitignore @@ -0,0 +1,19 @@ +*.js +*.js.map +*.d.ts +tsconfig.json +node_modules +*.generated.ts +dist +.jsii + +.LAST_BUILD +.nyc_output +coverage +.nycrc +.LAST_PACKAGE +*.snk +nyc.config.js +!.eslintrc.js +!jest.config.js +junit.xml diff --git a/packages/@aws-cdk/aws-aps/.npmignore b/packages/@aws-cdk/aws-aps/.npmignore new file mode 100644 index 0000000000000..f931fede67c44 --- /dev/null +++ b/packages/@aws-cdk/aws-aps/.npmignore @@ -0,0 +1,29 @@ +# Don't include original .ts files when doing `npm pack` +*.ts +!*.d.ts +coverage +.nyc_output +*.tgz + +dist +.LAST_PACKAGE +.LAST_BUILD +!*.js + +# Include .jsii +!.jsii + +*.snk + +*.tsbuildinfo + +tsconfig.json + +.eslintrc.js +jest.config.js + +# exclude cdk artifacts +**/cdk.out +junit.xml +test/ +!*.lit.ts diff --git a/packages/@aws-cdk/aws-aps/LICENSE b/packages/@aws-cdk/aws-aps/LICENSE new file mode 100644 index 0000000000000..28e4bdcec77ec --- /dev/null +++ b/packages/@aws-cdk/aws-aps/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packages/@aws-cdk/aws-aps/NOTICE b/packages/@aws-cdk/aws-aps/NOTICE new file mode 100644 index 0000000000000..5fc3826926b5b --- /dev/null +++ b/packages/@aws-cdk/aws-aps/NOTICE @@ -0,0 +1,2 @@ +AWS Cloud Development Kit (AWS CDK) +Copyright 2018-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/packages/@aws-cdk/aws-aps/README.md b/packages/@aws-cdk/aws-aps/README.md new file mode 100644 index 0000000000000..013603efa8143 --- /dev/null +++ b/packages/@aws-cdk/aws-aps/README.md @@ -0,0 +1,20 @@ +# AWS::APS Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts +import aps = require('@aws-cdk/aws-aps'); +``` diff --git a/packages/@aws-cdk/aws-aps/jest.config.js b/packages/@aws-cdk/aws-aps/jest.config.js new file mode 100644 index 0000000000000..54e28beb9798b --- /dev/null +++ b/packages/@aws-cdk/aws-aps/jest.config.js @@ -0,0 +1,2 @@ +const baseConfig = require('cdk-build-tools/config/jest.config'); +module.exports = baseConfig; diff --git a/packages/@aws-cdk/aws-aps/lib/index.ts b/packages/@aws-cdk/aws-aps/lib/index.ts new file mode 100644 index 0000000000000..76aef1a74fda7 --- /dev/null +++ b/packages/@aws-cdk/aws-aps/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::APS CloudFormation Resources: +export * from './aps.generated'; diff --git a/packages/@aws-cdk/aws-aps/package.json b/packages/@aws-cdk/aws-aps/package.json new file mode 100644 index 0000000000000..7300436384ab6 --- /dev/null +++ b/packages/@aws-cdk/aws-aps/package.json @@ -0,0 +1,103 @@ +{ + "name": "@aws-cdk/aws-aps", + "version": "0.0.0", + "description": "The CDK Construct Library for AWS::APS", + "main": "lib/index.js", + "types": "lib/index.d.ts", + "jsii": { + "outdir": "dist", + "projectReferences": true, + "targets": { + "dotnet": { + "namespace": "Amazon.CDK.AWS.APS", + "packageId": "Amazon.CDK.AWS.APS", + "signAssembly": true, + "assemblyOriginatorKeyFile": "../../key.snk", + "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png" + }, + "java": { + "package": "software.amazon.awscdk.services.aps", + "maven": { + "groupId": "software.amazon.awscdk", + "artifactId": "aps" + } + }, + "python": { + "classifiers": [ + "Framework :: AWS CDK", + "Framework :: AWS CDK :: 1" + ], + "distName": "aws-cdk.aws-aps", + "module": "aws_cdk.aws_aps" + } + } + }, + "repository": { + "type": "git", + "url": "https://github.com/aws/aws-cdk.git", + "directory": "packages/@aws-cdk/aws-aps" + }, + "homepage": "https://github.com/aws/aws-cdk", + "scripts": { + "build": "cdk-build", + "watch": "cdk-watch", + "lint": "cdk-lint", + "test": "cdk-test", + "integ": "cdk-integ", + "pkglint": "pkglint -f", + "package": "cdk-package", + "awslint": "cdk-awslint", + "cfn2ts": "cfn2ts", + "build+test": "yarn build && yarn test", + "build+test+package": "yarn build+test && yarn package", + "compat": "cdk-compat", + "gen": "cfn2ts", + "rosetta:extract": "yarn --silent jsii-rosetta extract", + "build+extract": "yarn build && yarn rosetta:extract", + "build+test+extract": "yarn build+test && yarn rosetta:extract" + }, + "cdk-build": { + "cloudformation": "AWS::APS", + "jest": true, + "env": { + "AWSLINT_BASE_CONSTRUCT": "true" + } + }, + "keywords": [ + "aws", + "cdk", + "constructs", + "AWS::APS", + "aws-aps" + ], + "author": { + "name": "Amazon Web Services", + "url": "https://aws.amazon.com", + "organization": true + }, + "license": "Apache-2.0", + "devDependencies": { + "@types/jest": "^26.0.22", + "@aws-cdk/assertions": "0.0.0", + "cdk-build-tools": "0.0.0", + "cfn2ts": "0.0.0", + "pkglint": "0.0.0" + }, + "dependencies": { + "@aws-cdk/core": "0.0.0" + }, + "peerDependencies": { + "@aws-cdk/core": "0.0.0" + }, + "engines": { + "node": ">= 10.13.0 <13 || >=13.7.0" + }, + "stability": "experimental", + "maturity": "cfn-only", + "awscdkio": { + "announce": false + }, + "publishConfig": { + "tag": "latest" + } +} diff --git a/packages/@aws-cdk/aws-aps/test/aps.test.ts b/packages/@aws-cdk/aws-aps/test/aps.test.ts new file mode 100644 index 0000000000000..465c7bdea0693 --- /dev/null +++ b/packages/@aws-cdk/aws-aps/test/aps.test.ts @@ -0,0 +1,6 @@ +import '@aws-cdk/assertions'; +import {} from '../lib'; + +test('No tests are specified for this package', () => { + expect(true).toBe(true); +}); diff --git a/packages/@aws-cdk/aws-healthlake/.eslintrc.js b/packages/@aws-cdk/aws-healthlake/.eslintrc.js new file mode 100644 index 0000000000000..61dd8dd001f63 --- /dev/null +++ b/packages/@aws-cdk/aws-healthlake/.eslintrc.js @@ -0,0 +1,3 @@ +const baseConfig = require('cdk-build-tools/config/eslintrc'); +baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; +module.exports = baseConfig; diff --git a/packages/@aws-cdk/aws-healthlake/.gitignore b/packages/@aws-cdk/aws-healthlake/.gitignore new file mode 100644 index 0000000000000..62ebc95d75ce6 --- /dev/null +++ b/packages/@aws-cdk/aws-healthlake/.gitignore @@ -0,0 +1,19 @@ +*.js +*.js.map +*.d.ts +tsconfig.json +node_modules +*.generated.ts +dist +.jsii + +.LAST_BUILD +.nyc_output +coverage +.nycrc +.LAST_PACKAGE +*.snk +nyc.config.js +!.eslintrc.js +!jest.config.js +junit.xml diff --git a/packages/@aws-cdk/aws-healthlake/.npmignore b/packages/@aws-cdk/aws-healthlake/.npmignore new file mode 100644 index 0000000000000..f931fede67c44 --- /dev/null +++ b/packages/@aws-cdk/aws-healthlake/.npmignore @@ -0,0 +1,29 @@ +# Don't include original .ts files when doing `npm pack` +*.ts +!*.d.ts +coverage +.nyc_output +*.tgz + +dist +.LAST_PACKAGE +.LAST_BUILD +!*.js + +# Include .jsii +!.jsii + +*.snk + +*.tsbuildinfo + +tsconfig.json + +.eslintrc.js +jest.config.js + +# exclude cdk artifacts +**/cdk.out +junit.xml +test/ +!*.lit.ts diff --git a/packages/@aws-cdk/aws-healthlake/LICENSE b/packages/@aws-cdk/aws-healthlake/LICENSE new file mode 100644 index 0000000000000..28e4bdcec77ec --- /dev/null +++ b/packages/@aws-cdk/aws-healthlake/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packages/@aws-cdk/aws-healthlake/NOTICE b/packages/@aws-cdk/aws-healthlake/NOTICE new file mode 100644 index 0000000000000..5fc3826926b5b --- /dev/null +++ b/packages/@aws-cdk/aws-healthlake/NOTICE @@ -0,0 +1,2 @@ +AWS Cloud Development Kit (AWS CDK) +Copyright 2018-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/packages/@aws-cdk/aws-healthlake/README.md b/packages/@aws-cdk/aws-healthlake/README.md new file mode 100644 index 0000000000000..81c90c8d4d295 --- /dev/null +++ b/packages/@aws-cdk/aws-healthlake/README.md @@ -0,0 +1,20 @@ +# AWS::HealthLake Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts +import healthlake = require('@aws-cdk/aws-healthlake'); +``` diff --git a/packages/@aws-cdk/aws-healthlake/jest.config.js b/packages/@aws-cdk/aws-healthlake/jest.config.js new file mode 100644 index 0000000000000..54e28beb9798b --- /dev/null +++ b/packages/@aws-cdk/aws-healthlake/jest.config.js @@ -0,0 +1,2 @@ +const baseConfig = require('cdk-build-tools/config/jest.config'); +module.exports = baseConfig; diff --git a/packages/@aws-cdk/aws-healthlake/lib/index.ts b/packages/@aws-cdk/aws-healthlake/lib/index.ts new file mode 100644 index 0000000000000..e7cf024404869 --- /dev/null +++ b/packages/@aws-cdk/aws-healthlake/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::HealthLake CloudFormation Resources: +export * from './healthlake.generated'; diff --git a/packages/@aws-cdk/aws-healthlake/package.json b/packages/@aws-cdk/aws-healthlake/package.json new file mode 100644 index 0000000000000..c9e23a6b293b6 --- /dev/null +++ b/packages/@aws-cdk/aws-healthlake/package.json @@ -0,0 +1,103 @@ +{ + "name": "@aws-cdk/aws-healthlake", + "version": "0.0.0", + "description": "The CDK Construct Library for AWS::HealthLake", + "main": "lib/index.js", + "types": "lib/index.d.ts", + "jsii": { + "outdir": "dist", + "projectReferences": true, + "targets": { + "dotnet": { + "namespace": "Amazon.CDK.AWS.HealthLake", + "packageId": "Amazon.CDK.AWS.HealthLake", + "signAssembly": true, + "assemblyOriginatorKeyFile": "../../key.snk", + "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png" + }, + "java": { + "package": "software.amazon.awscdk.services.healthlake", + "maven": { + "groupId": "software.amazon.awscdk", + "artifactId": "healthlake" + } + }, + "python": { + "classifiers": [ + "Framework :: AWS CDK", + "Framework :: AWS CDK :: 1" + ], + "distName": "aws-cdk.aws-healthlake", + "module": "aws_cdk.aws_healthlake" + } + } + }, + "repository": { + "type": "git", + "url": "https://github.com/aws/aws-cdk.git", + "directory": "packages/@aws-cdk/aws-healthlake" + }, + "homepage": "https://github.com/aws/aws-cdk", + "scripts": { + "build": "cdk-build", + "watch": "cdk-watch", + "lint": "cdk-lint", + "test": "cdk-test", + "integ": "cdk-integ", + "pkglint": "pkglint -f", + "package": "cdk-package", + "awslint": "cdk-awslint", + "cfn2ts": "cfn2ts", + "build+test": "yarn build && yarn test", + "build+test+package": "yarn build+test && yarn package", + "compat": "cdk-compat", + "gen": "cfn2ts", + "rosetta:extract": "yarn --silent jsii-rosetta extract", + "build+extract": "yarn build && yarn rosetta:extract", + "build+test+extract": "yarn build+test && yarn rosetta:extract" + }, + "cdk-build": { + "cloudformation": "AWS::HealthLake", + "jest": true, + "env": { + "AWSLINT_BASE_CONSTRUCT": "true" + } + }, + "keywords": [ + "aws", + "cdk", + "constructs", + "AWS::HealthLake", + "aws-healthlake" + ], + "author": { + "name": "Amazon Web Services", + "url": "https://aws.amazon.com", + "organization": true + }, + "license": "Apache-2.0", + "devDependencies": { + "@types/jest": "^26.0.22", + "@aws-cdk/assertions": "0.0.0", + "cdk-build-tools": "0.0.0", + "cfn2ts": "0.0.0", + "pkglint": "0.0.0" + }, + "dependencies": { + "@aws-cdk/core": "0.0.0" + }, + "peerDependencies": { + "@aws-cdk/core": "0.0.0" + }, + "engines": { + "node": ">= 10.13.0 <13 || >=13.7.0" + }, + "stability": "experimental", + "maturity": "cfn-only", + "awscdkio": { + "announce": false + }, + "publishConfig": { + "tag": "latest" + } +} diff --git a/packages/@aws-cdk/aws-healthlake/test/healthlake.test.ts b/packages/@aws-cdk/aws-healthlake/test/healthlake.test.ts new file mode 100644 index 0000000000000..465c7bdea0693 --- /dev/null +++ b/packages/@aws-cdk/aws-healthlake/test/healthlake.test.ts @@ -0,0 +1,6 @@ +import '@aws-cdk/assertions'; +import {} from '../lib'; + +test('No tests are specified for this package', () => { + expect(true).toBe(true); +}); diff --git a/packages/@aws-cdk/cfnspec/CHANGELOG.md b/packages/@aws-cdk/cfnspec/CHANGELOG.md index 36ec7ae147be5..b95283e3d0114 100644 --- a/packages/@aws-cdk/cfnspec/CHANGELOG.md +++ b/packages/@aws-cdk/cfnspec/CHANGELOG.md @@ -1,3 +1,37 @@ +# CloudFormation Resource Specification v41.2.0 + +## New Resource Types + +* AWS::ACMPCA::Permission +* AWS::APS::Workspace +* AWS::HealthLake::FHIRDatastore +* AWS::OpenSearchService::Domain + +## Attribute Changes + +* AWS::EFS::MountTarget Id (__added__) + +## Property Changes + +* AWS::EMR::Studio IdpAuthUrl (__added__) +* AWS::EMR::Studio IdpRelayStateParameterName (__added__) +* AWS::EMR::Studio UserRole.Required (__changed__) + * Old: true + * New: false +* AWS::RoboMaker::SimulationApplication Environment (__added__) +* AWS::RoboMaker::SimulationApplication RenderingEngine.Required (__changed__) + * Old: true + * New: false +* AWS::RoboMaker::SimulationApplication Sources.Required (__changed__) + * Old: true + * New: false +* AWS::SQS::Queue RedriveAllowPolicy (__added__) + +## Property Type Changes + +* AWS::S3::Bucket.MetricsConfiguration AccessPointArn (__added__) + + # CloudFormation Resource Specification v41.1.0 ## New Resource Types diff --git a/packages/@aws-cdk/cfnspec/cfn.version b/packages/@aws-cdk/cfnspec/cfn.version index 9472133111e1b..6b3b6773a39be 100644 --- a/packages/@aws-cdk/cfnspec/cfn.version +++ b/packages/@aws-cdk/cfnspec/cfn.version @@ -1 +1 @@ -41.1.0 +41.2.0 diff --git a/packages/@aws-cdk/cfnspec/spec-source/000_CloudFormationResourceSpecification.json b/packages/@aws-cdk/cfnspec/spec-source/000_CloudFormationResourceSpecification.json index 489c73cf6aaea..af011f312a399 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/000_CloudFormationResourceSpecification.json +++ b/packages/@aws-cdk/cfnspec/spec-source/000_CloudFormationResourceSpecification.json @@ -32275,6 +32275,45 @@ } } }, + "AWS::HealthLake::FHIRDatastore.KmsEncryptionConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-healthlake-fhirdatastore-kmsencryptionconfig.html", + "Properties": { + "CmkType": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-healthlake-fhirdatastore-kmsencryptionconfig.html#cfn-healthlake-fhirdatastore-kmsencryptionconfig-cmktype", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + }, + "KmsKeyId": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-healthlake-fhirdatastore-kmsencryptionconfig.html#cfn-healthlake-fhirdatastore-kmsencryptionconfig-kmskeyid", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + } + } + }, + "AWS::HealthLake::FHIRDatastore.PreloadDataConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-healthlake-fhirdatastore-preloaddataconfig.html", + "Properties": { + "PreloadDataType": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-healthlake-fhirdatastore-preloaddataconfig.html#cfn-healthlake-fhirdatastore-preloaddataconfig-preloaddatatype", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + } + } + }, + "AWS::HealthLake::FHIRDatastore.SseConfiguration": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-healthlake-fhirdatastore-sseconfiguration.html", + "Properties": { + "KmsEncryptionConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-healthlake-fhirdatastore-sseconfiguration.html#cfn-healthlake-fhirdatastore-sseconfiguration-kmsencryptionconfig", + "Required": true, + "Type": "KmsEncryptionConfig", + "UpdateType": "Immutable" + } + } + }, "AWS::IAM::Group.Policy": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html", "Properties": { @@ -49109,6 +49148,298 @@ } } }, + "AWS::OpenSearchService::Domain.AdvancedSecurityOptionsInput": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html", + "Properties": { + "Enabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-enabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Immutable" + }, + "InternalUserDatabaseEnabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-internaluserdatabaseenabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Immutable" + }, + "MasterUserOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-masteruseroptions", + "Required": false, + "Type": "MasterUserOptions", + "UpdateType": "Immutable" + } + } + }, + "AWS::OpenSearchService::Domain.ClusterConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html", + "Properties": { + "DedicatedMasterCount": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-dedicatedmastercount", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "DedicatedMasterEnabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-dedicatedmasterenabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "DedicatedMasterType": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-dedicatedmastertype", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "InstanceCount": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-instancecount", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "InstanceType": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-instancetype", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "WarmCount": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-warmcount", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "WarmEnabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-warmenabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "WarmType": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-warmtype", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "ZoneAwarenessConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-zoneawarenessconfig", + "Required": false, + "Type": "ZoneAwarenessConfig", + "UpdateType": "Mutable" + }, + "ZoneAwarenessEnabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-zoneawarenessenabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + } + } + }, + "AWS::OpenSearchService::Domain.CognitoOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html", + "Properties": { + "Enabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-enabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "IdentityPoolId": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-identitypoolid", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "RoleArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-rolearn", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "UserPoolId": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-userpoolid", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + } + } + }, + "AWS::OpenSearchService::Domain.DomainEndpointOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html", + "Properties": { + "CustomEndpoint": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-customendpoint", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "CustomEndpointCertificateArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-customendpointcertificatearn", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "CustomEndpointEnabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-customendpointenabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "EnforceHTTPS": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-enforcehttps", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "TLSSecurityPolicy": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-tlssecuritypolicy", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + } + } + }, + "AWS::OpenSearchService::Domain.EBSOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html", + "Properties": { + "EBSEnabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-ebsenabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "Iops": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-iops", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "VolumeSize": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-volumesize", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + }, + "VolumeType": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-volumetype", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + } + } + }, + "AWS::OpenSearchService::Domain.EncryptionAtRestOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html", + "Properties": { + "Enabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html#cfn-opensearchservice-domain-encryptionatrestoptions-enabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + }, + "KmsKeyId": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html#cfn-opensearchservice-domain-encryptionatrestoptions-kmskeyid", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + } + } + }, + "AWS::OpenSearchService::Domain.LogPublishingOption": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-logpublishingoption.html", + "Properties": { + "CloudWatchLogsLogGroupArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-logpublishingoption.html#cfn-opensearchservice-domain-logpublishingoption-cloudwatchlogsloggrouparn", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "Enabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-logpublishingoption.html#cfn-opensearchservice-domain-logpublishingoption-enabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + } + } + }, + "AWS::OpenSearchService::Domain.MasterUserOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html", + "Properties": { + "MasterUserARN": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html#cfn-opensearchservice-domain-masteruseroptions-masteruserarn", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + }, + "MasterUserName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html#cfn-opensearchservice-domain-masteruseroptions-masterusername", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + }, + "MasterUserPassword": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html#cfn-opensearchservice-domain-masteruseroptions-masteruserpassword", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + } + } + }, + "AWS::OpenSearchService::Domain.NodeToNodeEncryptionOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html", + "Properties": { + "Enabled": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html#cfn-opensearchservice-domain-nodetonodeencryptionoptions-enabled", + "PrimitiveType": "Boolean", + "Required": false, + "UpdateType": "Mutable" + } + } + }, + "AWS::OpenSearchService::Domain.SnapshotOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-snapshotoptions.html", + "Properties": { + "AutomatedSnapshotStartHour": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-snapshotoptions.html#cfn-opensearchservice-domain-snapshotoptions-automatedsnapshotstarthour", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + } + } + }, + "AWS::OpenSearchService::Domain.VPCOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-vpcoptions.html", + "Properties": { + "SecurityGroupIds": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-vpcoptions.html#cfn-opensearchservice-domain-vpcoptions-securitygroupids", + "DuplicatesAllowed": false, + "PrimitiveItemType": "String", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + }, + "SubnetIds": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-vpcoptions.html#cfn-opensearchservice-domain-vpcoptions-subnetids", + "DuplicatesAllowed": false, + "PrimitiveItemType": "String", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + } + } + }, + "AWS::OpenSearchService::Domain.ZoneAwarenessConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-zoneawarenessconfig.html", + "Properties": { + "AvailabilityZoneCount": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-zoneawarenessconfig.html#cfn-opensearchservice-domain-zoneawarenessconfig-availabilityzonecount", + "PrimitiveType": "Integer", + "Required": false, + "UpdateType": "Mutable" + } + } + }, "AWS::OpsWorks::App.DataSource": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opsworks-app-datasource.html", "Properties": { @@ -54254,6 +54585,12 @@ "AWS::S3::Bucket.MetricsConfiguration": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html", "Properties": { + "AccessPointArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html#cfn-s3-bucket-metricsconfiguration-accesspointarn", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, "Id": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html#cfn-s3-bucket-metricsconfiguration-id", "PrimitiveType": "String", @@ -62203,7 +62540,7 @@ } } }, - "ResourceSpecificationVersion": "41.1.0", + "ResourceSpecificationVersion": "41.2.0", "ResourceTypes": { "AWS::ACMPCA::Certificate": { "Attributes": { @@ -62356,6 +62693,66 @@ } } }, + "AWS::ACMPCA::Permission": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-permission.html", + "Properties": { + "Actions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-permission.html#cfn-acmpca-permission-actions", + "PrimitiveItemType": "String", + "Required": true, + "Type": "List", + "UpdateType": "Immutable" + }, + "CertificateAuthorityArn": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-permission.html#cfn-acmpca-permission-certificateauthorityarn", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + }, + "Principal": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-permission.html#cfn-acmpca-permission-principal", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + }, + "SourceAccount": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-permission.html#cfn-acmpca-permission-sourceaccount", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + } + } + }, + "AWS::APS::Workspace": { + "Attributes": { + "Arn": { + "PrimitiveType": "String" + }, + "PrometheusEndpoint": { + "PrimitiveType": "String" + }, + "WorkspaceId": { + "PrimitiveType": "String" + } + }, + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aps-workspace.html", + "Properties": { + "Alias": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aps-workspace.html#cfn-aps-workspace-alias", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "Tags": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aps-workspace.html#cfn-aps-workspace-tags", + "DuplicatesAllowed": false, + "ItemType": "Tag", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + } + } + }, "AWS::AccessAnalyzer::Analyzer": { "Attributes": { "Arn": { @@ -77408,6 +77805,9 @@ }, "AWS::EFS::MountTarget": { "Attributes": { + "Id": { + "PrimitiveType": "String" + }, "IpAddress": { "PrimitiveType": "String" } @@ -78081,6 +78481,18 @@ "Required": true, "UpdateType": "Immutable" }, + "IdpAuthUrl": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-studio.html#cfn-emr-studio-idpauthurl", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "IdpRelayStateParameterName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-studio.html#cfn-emr-studio-idprelaystateparametername", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, "Name": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-studio.html#cfn-emr-studio-name", "PrimitiveType": "String", @@ -78111,7 +78523,7 @@ "UserRole": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-emr-studio.html#cfn-emr-studio-userrole", "PrimitiveType": "String", - "Required": true, + "Required": false, "UpdateType": "Immutable" }, "VpcId": { @@ -82888,6 +83300,56 @@ } } }, + "AWS::HealthLake::FHIRDatastore": { + "Attributes": { + "DatastoreArn": { + "PrimitiveType": "String" + }, + "DatastoreEndpoint": { + "PrimitiveType": "String" + }, + "DatastoreId": { + "PrimitiveType": "String" + }, + "DatastoreStatus": { + "PrimitiveType": "String" + } + }, + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-healthlake-fhirdatastore.html", + "Properties": { + "DatastoreName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-healthlake-fhirdatastore.html#cfn-healthlake-fhirdatastore-datastorename", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + }, + "DatastoreTypeVersion": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-healthlake-fhirdatastore.html#cfn-healthlake-fhirdatastore-datastoretypeversion", + "PrimitiveType": "String", + "Required": true, + "UpdateType": "Immutable" + }, + "PreloadDataConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-healthlake-fhirdatastore.html#cfn-healthlake-fhirdatastore-preloaddataconfig", + "Required": false, + "Type": "PreloadDataConfig", + "UpdateType": "Immutable" + }, + "SseConfiguration": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-healthlake-fhirdatastore.html#cfn-healthlake-fhirdatastore-sseconfiguration", + "Required": false, + "Type": "SseConfiguration", + "UpdateType": "Immutable" + }, + "Tags": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-healthlake-fhirdatastore.html#cfn-healthlake-fhirdatastore-tags", + "ItemType": "Tag", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + } + } + }, "AWS::IAM::AccessKey": { "Attributes": { "SecretAccessKey": { @@ -90403,6 +90865,116 @@ } } }, + "AWS::OpenSearchService::Domain": { + "Attributes": { + "Arn": { + "PrimitiveType": "String" + }, + "DomainEndpoint": { + "PrimitiveType": "String" + }, + "Id": { + "PrimitiveType": "String" + } + }, + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html", + "Properties": { + "AccessPolicies": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-accesspolicies", + "PrimitiveType": "Json", + "Required": false, + "UpdateType": "Mutable" + }, + "AdvancedOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-advancedoptions", + "PrimitiveItemType": "String", + "Required": false, + "Type": "Map", + "UpdateType": "Mutable" + }, + "AdvancedSecurityOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-advancedsecurityoptions", + "Required": false, + "Type": "AdvancedSecurityOptionsInput", + "UpdateType": "Immutable" + }, + "ClusterConfig": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-clusterconfig", + "Required": false, + "Type": "ClusterConfig", + "UpdateType": "Mutable" + }, + "CognitoOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-cognitooptions", + "Required": false, + "Type": "CognitoOptions", + "UpdateType": "Mutable" + }, + "DomainEndpointOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-domainendpointoptions", + "Required": false, + "Type": "DomainEndpointOptions", + "UpdateType": "Mutable" + }, + "DomainName": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-domainname", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Immutable" + }, + "EBSOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-ebsoptions", + "Required": false, + "Type": "EBSOptions", + "UpdateType": "Mutable" + }, + "EncryptionAtRestOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-encryptionatrestoptions", + "Required": false, + "Type": "EncryptionAtRestOptions", + "UpdateType": "Mutable" + }, + "EngineVersion": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-engineversion", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, + "LogPublishingOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-logpublishingoptions", + "ItemType": "LogPublishingOption", + "Required": false, + "Type": "Map", + "UpdateType": "Mutable" + }, + "NodeToNodeEncryptionOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-nodetonodeencryptionoptions", + "Required": false, + "Type": "NodeToNodeEncryptionOptions", + "UpdateType": "Mutable" + }, + "SnapshotOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-snapshotoptions", + "Required": false, + "Type": "SnapshotOptions", + "UpdateType": "Mutable" + }, + "Tags": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-tags", + "DuplicatesAllowed": false, + "ItemType": "Tag", + "Required": false, + "Type": "List", + "UpdateType": "Mutable" + }, + "VPCOptions": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-vpcoptions", + "Required": false, + "Type": "VPCOptions", + "UpdateType": "Mutable" + } + } + }, "AWS::OpsWorks::App": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opsworks-app.html", "Properties": { @@ -94380,6 +94952,12 @@ "Required": false, "UpdateType": "Mutable" }, + "Environment": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-robomaker-simulationapplication.html#cfn-robomaker-simulationapplication-environment", + "PrimitiveType": "String", + "Required": false, + "UpdateType": "Mutable" + }, "Name": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-robomaker-simulationapplication.html#cfn-robomaker-simulationapplication-name", "PrimitiveType": "String", @@ -94388,7 +94966,7 @@ }, "RenderingEngine": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-robomaker-simulationapplication.html#cfn-robomaker-simulationapplication-renderingengine", - "Required": true, + "Required": false, "Type": "RenderingEngine", "UpdateType": "Mutable" }, @@ -94407,7 +94985,7 @@ "Sources": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-robomaker-simulationapplication.html#cfn-robomaker-simulationapplication-sources", "ItemType": "SourceConfig", - "Required": true, + "Required": false, "Type": "List", "UpdateType": "Mutable" }, @@ -96211,6 +96789,12 @@ "Required": false, "UpdateType": "Mutable" }, + "RedriveAllowPolicy": { + "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-queues.html#aws-sqs-queue-redriveallowpolicy", + "PrimitiveType": "Json", + "Required": false, + "UpdateType": "Mutable" + }, "RedrivePolicy": { "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-queues.html#aws-sqs-queue-redrive", "PrimitiveType": "Json", diff --git a/packages/@aws-cdk/cloudformation-include/package.json b/packages/@aws-cdk/cloudformation-include/package.json index b911414e71473..58d67a7fe230e 100644 --- a/packages/@aws-cdk/cloudformation-include/package.json +++ b/packages/@aws-cdk/cloudformation-include/package.json @@ -83,6 +83,7 @@ "@aws-cdk/aws-apprunner": "0.0.0", "@aws-cdk/aws-appstream": "0.0.0", "@aws-cdk/aws-appsync": "0.0.0", + "@aws-cdk/aws-aps": "0.0.0", "@aws-cdk/aws-athena": "0.0.0", "@aws-cdk/aws-auditmanager": "0.0.0", "@aws-cdk/aws-autoscaling": "0.0.0", @@ -150,6 +151,7 @@ "@aws-cdk/aws-greengrassv2": "0.0.0", "@aws-cdk/aws-groundstation": "0.0.0", "@aws-cdk/aws-guardduty": "0.0.0", + "@aws-cdk/aws-healthlake": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-imagebuilder": "0.0.0", "@aws-cdk/aws-inspector": "0.0.0", @@ -254,6 +256,7 @@ "@aws-cdk/aws-apprunner": "0.0.0", "@aws-cdk/aws-appstream": "0.0.0", "@aws-cdk/aws-appsync": "0.0.0", + "@aws-cdk/aws-aps": "0.0.0", "@aws-cdk/aws-athena": "0.0.0", "@aws-cdk/aws-auditmanager": "0.0.0", "@aws-cdk/aws-autoscaling": "0.0.0", @@ -321,6 +324,7 @@ "@aws-cdk/aws-greengrassv2": "0.0.0", "@aws-cdk/aws-groundstation": "0.0.0", "@aws-cdk/aws-guardduty": "0.0.0", + "@aws-cdk/aws-healthlake": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-imagebuilder": "0.0.0", "@aws-cdk/aws-inspector": "0.0.0", diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index c4d46c68219d6..bf12c5b3f0d6c 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -141,6 +141,7 @@ "@aws-cdk/aws-apprunner": "0.0.0", "@aws-cdk/aws-appstream": "0.0.0", "@aws-cdk/aws-appsync": "0.0.0", + "@aws-cdk/aws-aps": "0.0.0", "@aws-cdk/aws-athena": "0.0.0", "@aws-cdk/aws-auditmanager": "0.0.0", "@aws-cdk/aws-autoscaling": "0.0.0", @@ -221,6 +222,7 @@ "@aws-cdk/aws-greengrassv2": "0.0.0", "@aws-cdk/aws-groundstation": "0.0.0", "@aws-cdk/aws-guardduty": "0.0.0", + "@aws-cdk/aws-healthlake": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-imagebuilder": "0.0.0", "@aws-cdk/aws-inspector": "0.0.0", diff --git a/packages/decdk/package.json b/packages/decdk/package.json index 9ccdc3dd7c754..f4e7070d8d0b7 100644 --- a/packages/decdk/package.json +++ b/packages/decdk/package.json @@ -49,6 +49,7 @@ "@aws-cdk/aws-apprunner": "0.0.0", "@aws-cdk/aws-appstream": "0.0.0", "@aws-cdk/aws-appsync": "0.0.0", + "@aws-cdk/aws-aps": "0.0.0", "@aws-cdk/aws-athena": "0.0.0", "@aws-cdk/aws-auditmanager": "0.0.0", "@aws-cdk/aws-autoscaling": "0.0.0", @@ -128,6 +129,7 @@ "@aws-cdk/aws-greengrassv2": "0.0.0", "@aws-cdk/aws-groundstation": "0.0.0", "@aws-cdk/aws-guardduty": "0.0.0", + "@aws-cdk/aws-healthlake": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-imagebuilder": "0.0.0", "@aws-cdk/aws-inspector": "0.0.0", diff --git a/packages/monocdk/package.json b/packages/monocdk/package.json index 99e49a69bf99a..a535a372ca2aa 100644 --- a/packages/monocdk/package.json +++ b/packages/monocdk/package.json @@ -142,6 +142,7 @@ "@aws-cdk/aws-apprunner": "0.0.0", "@aws-cdk/aws-appstream": "0.0.0", "@aws-cdk/aws-appsync": "0.0.0", + "@aws-cdk/aws-aps": "0.0.0", "@aws-cdk/aws-athena": "0.0.0", "@aws-cdk/aws-auditmanager": "0.0.0", "@aws-cdk/aws-autoscaling": "0.0.0", @@ -222,6 +223,7 @@ "@aws-cdk/aws-greengrassv2": "0.0.0", "@aws-cdk/aws-groundstation": "0.0.0", "@aws-cdk/aws-guardduty": "0.0.0", + "@aws-cdk/aws-healthlake": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-imagebuilder": "0.0.0", "@aws-cdk/aws-inspector": "0.0.0", From 68fb63e3e0fedd42e9a546efffc613b8e6faf944 Mon Sep 17 00:00:00 2001 From: Taehyun Kim Date: Tue, 21 Sep 2021 00:55:13 +0900 Subject: [PATCH 2/6] chore(rds): add Aurora MySQL engine 2.10.0 (#16548) https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.2100.html ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-rds/lib/cluster-engine.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts b/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts index 6bbb94261cec8..606fddd75edbf 100644 --- a/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts +++ b/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts @@ -334,6 +334,8 @@ export class AuroraMysqlEngineVersion { public static readonly VER_2_09_1 = AuroraMysqlEngineVersion.builtIn_5_7('2.09.1'); /** Version "5.7.mysql_aurora.2.09.2". */ public static readonly VER_2_09_2 = AuroraMysqlEngineVersion.builtIn_5_7('2.09.2'); + /** Version "5.7.mysql_aurora.2.10.0". */ + public static readonly VER_2_10_0 = AuroraMysqlEngineVersion.builtIn_5_7('2.10.0'); /** * Create a new AuroraMysqlEngineVersion with an arbitrary version. From 1e9d8be0a81e1f875bf8b31c701e1069bb98728e Mon Sep 17 00:00:00 2001 From: Jonathan Goldwasser Date: Mon, 20 Sep 2021 20:59:50 +0200 Subject: [PATCH 3/6] feat(rds): region replication for generated secrets (#16497) Add a `replicaRegions` option to `fromGeneratedSecret()` both in `Credentials` and `SnapshotCredentials`. Closes #16480 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-rds/README.md | 17 +++++++++ .../@aws-cdk/aws-rds/lib/database-secret.ts | 8 +++++ packages/@aws-cdk/aws-rds/lib/instance.ts | 1 + packages/@aws-cdk/aws-rds/lib/private/util.ts | 1 + packages/@aws-cdk/aws-rds/lib/props.ts | 28 +++++++++++++++ .../@aws-cdk/aws-rds/test/cluster.test.ts | 24 +++++++++++++ .../@aws-cdk/aws-rds/test/instance.test.ts | 35 +++++++++++++++++++ 7 files changed, 114 insertions(+) diff --git a/packages/@aws-cdk/aws-rds/README.md b/packages/@aws-cdk/aws-rds/README.md index 054a660f3529e..cad785735dfb6 100644 --- a/packages/@aws-cdk/aws-rds/README.md +++ b/packages/@aws-cdk/aws-rds/README.md @@ -200,6 +200,23 @@ new rds.DatabaseInstance(this, 'InstanceWithSecretLogin', { }); ``` +Secrets generated by `fromGeneratedSecret()` can be customized: + +```ts +const myKey = kms.Key(this, 'MyKey'); + +new rds.DatabaseInstance(this, 'InstanceWithCustomizedSecret', { + engine, + vpc, + credentials: rds.Credentials.fromGeneratedSecret('postgres', { + secretName: 'my-cool-name', + encryptionKey: myKey, + excludeCharacters: ['!&*^#@()'], + replicaRegions: [{ region: 'eu-west-1' }, { region: 'eu-west-2' }], + }), +}); +``` + ## Connecting To control who can access the cluster or instance, use the `.connections` attribute. RDS databases have diff --git a/packages/@aws-cdk/aws-rds/lib/database-secret.ts b/packages/@aws-cdk/aws-rds/lib/database-secret.ts index 0a0537b23a63e..25b691c92f86b 100644 --- a/packages/@aws-cdk/aws-rds/lib/database-secret.ts +++ b/packages/@aws-cdk/aws-rds/lib/database-secret.ts @@ -53,6 +53,13 @@ export interface DatabaseSecretProps { * @default false */ readonly replaceOnPasswordCriteriaChanges?: boolean; + + /** + * A list of regions where to replicate this secret. + * + * @default - Secret is not replicated + */ + readonly replicaRegions?: secretsmanager.ReplicaRegion[]; } /** @@ -77,6 +84,7 @@ export class DatabaseSecret extends secretsmanager.Secret { generateStringKey: 'password', excludeCharacters, }, + replicaRegions: props.replicaRegions, }); if (props.replaceOnPasswordCriteriaChanges) { diff --git a/packages/@aws-cdk/aws-rds/lib/instance.ts b/packages/@aws-cdk/aws-rds/lib/instance.ts index 6ea2418ee1a97..8d285b7375006 100644 --- a/packages/@aws-cdk/aws-rds/lib/instance.ts +++ b/packages/@aws-cdk/aws-rds/lib/instance.ts @@ -1065,6 +1065,7 @@ export class DatabaseInstanceFromSnapshot extends DatabaseInstanceSource impleme encryptionKey: credentials.encryptionKey, excludeCharacters: credentials.excludeCharacters, replaceOnPasswordCriteriaChanges: credentials.replaceOnPasswordCriteriaChanges, + replicaRegions: credentials.replicaRegions, }); } diff --git a/packages/@aws-cdk/aws-rds/lib/private/util.ts b/packages/@aws-cdk/aws-rds/lib/private/util.ts index df9ace2dbd3bc..c142a903bad7a 100644 --- a/packages/@aws-cdk/aws-rds/lib/private/util.ts +++ b/packages/@aws-cdk/aws-rds/lib/private/util.ts @@ -100,6 +100,7 @@ export function renderCredentials(scope: Construct, engine: IEngine, credentials // if username must be referenced as a string we can safely replace the // secret when customization options are changed without risking a replacement replaceOnPasswordCriteriaChanges: credentials?.usernameAsString, + replicaRegions: renderedCredentials.replicaRegions, }), // pass username if it must be referenced as a string credentials?.usernameAsString ? renderedCredentials.username : undefined, diff --git a/packages/@aws-cdk/aws-rds/lib/props.ts b/packages/@aws-cdk/aws-rds/lib/props.ts index c57e8ccee8fd6..e9ed3c126cd65 100644 --- a/packages/@aws-cdk/aws-rds/lib/props.ts +++ b/packages/@aws-cdk/aws-rds/lib/props.ts @@ -147,6 +147,13 @@ export interface CredentialsBaseOptions { * @default - the DatabaseSecret default exclude character set (" %+~`#$&*()|[]{}:;<>?!'/@\"\\") */ readonly excludeCharacters?: string; + + /** + * A list of regions where to replicate this secret. + * + * @default - Secret is not replicated + */ + readonly replicaRegions?: secretsmanager.ReplicaRegion[]; } /** @@ -285,6 +292,13 @@ export abstract class Credentials { * @default - the DatabaseSecret default exclude character set (" %+~`#$&*()|[]{}:;<>?!'/@\"\\") */ public abstract readonly excludeCharacters?: string; + + /** + * A list of regions where to replicate the generated secret. + * + * @default - Secret is not replicated + */ + public abstract readonly replicaRegions?: secretsmanager.ReplicaRegion[]; } /** @@ -304,6 +318,13 @@ export interface SnapshotCredentialsFromGeneratedPasswordOptions { * @default - the DatabaseSecret default exclude character set (" %+~`#$&*()|[]{}:;<>?!'/@\"\\") */ readonly excludeCharacters?: string; + + /** + * A list of regions where to replicate this secret. + * + * @default - Secret is not replicated + */ + readonly replicaRegions?: secretsmanager.ReplicaRegion[]; } /** @@ -420,6 +441,13 @@ export abstract class SnapshotCredentials { * @default - the DatabaseSecret default exclude character set (" %+~`#$&*()|[]{}:;<>?!'/@\"\\") */ public abstract readonly excludeCharacters?: string; + + /** + * A list of regions where to replicate the generated secret. + * + * @default - Secret is not replicated + */ + public abstract readonly replicaRegions?: secretsmanager.ReplicaRegion[]; } /** diff --git a/packages/@aws-cdk/aws-rds/test/cluster.test.ts b/packages/@aws-cdk/aws-rds/test/cluster.test.ts index 4e9de20a9fa5d..ed3ec587d7c86 100644 --- a/packages/@aws-cdk/aws-rds/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-rds/test/cluster.test.ts @@ -1784,8 +1784,32 @@ describe('cluster', () => { ], }, }); + }); + test('fromGeneratedSecret with replica regions', () => { + // GIVEN + const stack = testStack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + // WHEN + new DatabaseCluster(stack, 'Database', { + engine: DatabaseClusterEngine.aurora({ version: AuroraEngineVersion.VER_1_22_2 }), + credentials: Credentials.fromGeneratedSecret('admin', { + replicaRegions: [{ region: 'eu-west-1' }], + }), + instanceProps: { + vpc, + }, + }); + + // THEN + expect(stack).toHaveResource('AWS::SecretsManager::Secret', { + ReplicaRegions: [ + { + Region: 'eu-west-1', + }, + ], + }); }); test('can set custom name to database secret by fromSecret', () => { diff --git a/packages/@aws-cdk/aws-rds/test/instance.test.ts b/packages/@aws-cdk/aws-rds/test/instance.test.ts index f0591eb2469d1..7cabc2258dc6b 100644 --- a/packages/@aws-cdk/aws-rds/test/instance.test.ts +++ b/packages/@aws-cdk/aws-rds/test/instance.test.ts @@ -348,8 +348,25 @@ describe('instance', () => { 'Fn::Join': ['', ['{{resolve:secretsmanager:', { Ref: 'InstanceSecretB6DFA6BE8ee0a797cad8a68dbeb85f8698cdb5bb' }, ':SecretString:password::}}']], }, }); + }); + test('fromGeneratedSecret with replica regions', () => { + new rds.DatabaseInstanceFromSnapshot(stack, 'Instance', { + snapshotIdentifier: 'my-snapshot', + engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_19 }), + vpc, + credentials: rds.SnapshotCredentials.fromGeneratedSecret('admin', { + replicaRegions: [{ region: 'eu-west-1' }], + }), + }); + expect(stack).toHaveResource('AWS::SecretsManager::Secret', { + ReplicaRegions: [ + { + Region: 'eu-west-1', + }, + ], + }); }); test('throws if generating a new password without a username', () => { @@ -1227,8 +1244,26 @@ describe('instance', () => { ], }, }); + }); + test('fromGeneratedSecret with replica regions', () => { + // WHEN + new rds.DatabaseInstance(stack, 'Database', { + engine: rds.DatabaseInstanceEngine.postgres({ version: rds.PostgresEngineVersion.VER_12_3 }), + vpc, + credentials: rds.Credentials.fromGeneratedSecret('postgres', { + replicaRegions: [{ region: 'eu-west-1' }], + }), + }); + // THEN + expect(stack).toHaveResource('AWS::SecretsManager::Secret', { + ReplicaRegions: [ + { + Region: 'eu-west-1', + }, + ], + }); }); test('fromPassword', () => { From 2a629dd7a86cc36c3a503bfc5957880c9edd4d49 Mon Sep 17 00:00:00 2001 From: ppuritscher <78862895+ppuritscher@users.noreply.github.com> Date: Mon, 20 Sep 2021 21:50:22 +0200 Subject: [PATCH 4/6] feat(pipeline): allow enabling KMS key rotation for cross-region Stacks (#16468) As suggested by @skinny85 I created an updated PR as successor of #14381 How does it work for v2. Do I need to create another PR for `v2-main`? ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...g.cfn-template-from-repo.lit.expected.json | 2 +- ...yed-through-codepipeline.lit.expected.json | 2 +- .../test/integ.lambda-pipeline.expected.json | 2 +- .../integ.pipeline-alexa-deploy.expected.json | 2 +- .../test/integ.pipeline-cfn.expected.json | 2 +- ...g.pipeline-code-commit-build.expected.json | 2 +- .../integ.pipeline-code-commit.expected.json | 2 +- .../test/integ.pipeline-events.expected.json | 2 +- ...integ.pipeline-stepfunctions.expected.json | 2 +- packages/@aws-cdk/aws-codepipeline/README.md | 11 +++++ .../@aws-cdk/aws-codepipeline/lib/pipeline.ts | 26 +++++++++-- .../lib/private/cross-region-support-stack.ts | 16 +++++++ .../aws-codepipeline/test/pipeline.test.ts | 35 +++++++++++++++ .../@aws-cdk/pipelines/lib/legacy/pipeline.ts | 17 +++++++ .../codepipeline-existing.test.ts | 45 +++++++++++++++++++ 15 files changed, 155 insertions(+), 13 deletions(-) create mode 100644 packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-existing.test.ts diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.expected.json index 2ce8cf8f817bf..6d5734f005c70 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.expected.json @@ -792,4 +792,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.expected.json index 3605965c27ac5..b15857e14cbcd 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.expected.json @@ -1622,4 +1622,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json index 8f55220a1be97..b925c611a0591 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json @@ -788,4 +788,4 @@ ] } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json index 74f20ae6271dc..db1378dc62f7c 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json @@ -393,4 +393,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json index 52df200d381a2..47d57c1301cb4 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json @@ -731,4 +731,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.expected.json index 6292ae43e5811..500a552492eab 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.expected.json @@ -815,4 +815,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit.expected.json index fe71ea09ade8d..5bd2974d1ceb8 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit.expected.json @@ -545,4 +545,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-events.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-events.expected.json index 7506be08efa70..e50f2326bfa19 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-events.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-events.expected.json @@ -842,4 +842,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.expected.json index 142c2c1d92e45..03e04ca5348b1 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.expected.json @@ -540,4 +540,4 @@ "DeletionPolicy": "Retain" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline/README.md b/packages/@aws-cdk/aws-codepipeline/README.md index f3f61014cdaa4..23f86b9293e92 100644 --- a/packages/@aws-cdk/aws-codepipeline/README.md +++ b/packages/@aws-cdk/aws-codepipeline/README.md @@ -45,6 +45,17 @@ const pipeline = new codepipeline.Pipeline(this, 'MyFirstPipeline', { }); ``` +If you want to enable key rotation for the generated KMS keys, +you can configure it by passing `enableKeyRotation: true` when creating the pipeline. +Note that key rotation will incur an additional cost of **$1/month**. + +```ts +const pipeline = new codepipeline.Pipeline(this, 'MyFirstPipeline', { + // ... + enableKeyRotation: true, +}); +``` + ## Stages You can provide Stages when creating the Pipeline: diff --git a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts index 65b7e84abbf61..f453b0c5748ae 100644 --- a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts +++ b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts @@ -111,7 +111,7 @@ export interface PipelineProps { readonly stages?: StageProps[]; /** - * Create KMS keys for cross-account deployments + * Create KMS keys for cross-account deployments. * * This controls whether the pipeline is enabled for cross-account deployments. * @@ -126,6 +126,16 @@ export interface PipelineProps { * @default true */ readonly crossAccountKeys?: boolean; + + /** + * Enable KMS key rotation for the generated KMS keys. + * + * By default KMS key rotation is disabled, but will add an additional $1/month + * for each year the key exists when enabled. + * + * @default - false (key rotation is disabled) + */ + readonly enableKeyRotation?: boolean; } abstract class PipelineBase extends Resource implements IPipeline { @@ -317,6 +327,7 @@ export class Pipeline extends PipelineBase { private readonly _crossRegionSupport: { [region: string]: CrossRegionSupport } = {}; private readonly _crossAccountSupport: { [account: string]: Stack } = {}; private readonly crossAccountKeys: boolean; + private readonly enableKeyRotation?: boolean; constructor(scope: Construct, id: string, props: PipelineProps = {}) { super(scope, id, { @@ -330,9 +341,14 @@ export class Pipeline extends PipelineBase { throw new Error('Only one of artifactBucket and crossRegionReplicationBuckets can be specified!'); } - // @deprecated(v2): switch to default false this.crossAccountKeys = props.crossAccountKeys ?? true; + this.enableKeyRotation = props.enableKeyRotation; + + // Cross account keys must be set for key rotation to be enabled + if (this.enableKeyRotation && !this.crossAccountKeys) { + throw new Error("Setting 'enableKeyRotation' to true also requires 'crossAccountKeys' to be enabled"); + } // If a bucket has been provided, use it - otherwise, create a bucket. let propsBucket = this.getArtifactBucketFromProps(props); @@ -345,6 +361,7 @@ export class Pipeline extends PipelineBase { // remove the key - there is a grace period of a few days before it's gone for good, // that should be enough for any emergency access to the bucket artifacts removalPolicy: RemovalPolicy.DESTROY, + enableKeyRotation: this.enableKeyRotation, }); // add an alias to make finding the key in the console easier new kms.Alias(this, 'ArtifactsBucketEncryptionKeyAlias', { @@ -573,8 +590,7 @@ export class Pipeline extends PipelineBase { return crossRegionSupport; } - private createSupportResourcesForRegion(otherStack: Stack | undefined, actionRegion: string): - CrossRegionSupport { + private createSupportResourcesForRegion(otherStack: Stack | undefined, actionRegion: string): CrossRegionSupport { // if we have a stack from the resource passed - use that! if (otherStack) { // check if the stack doesn't have this magic construct already @@ -583,6 +599,7 @@ export class Pipeline extends PipelineBase { if (!crossRegionSupportConstruct) { crossRegionSupportConstruct = new CrossRegionSupportConstruct(otherStack, id, { createKmsKey: this.crossAccountKeys, + enableKeyRotation: this.enableKeyRotation, }); } @@ -609,6 +626,7 @@ export class Pipeline extends PipelineBase { account: pipelineAccount, synthesizer: this.getCrossRegionSupportSynthesizer(), createKmsKey: this.crossAccountKeys, + enableKeyRotation: this.enableKeyRotation, }); } diff --git a/packages/@aws-cdk/aws-codepipeline/lib/private/cross-region-support-stack.ts b/packages/@aws-cdk/aws-codepipeline/lib/private/cross-region-support-stack.ts index e52e6c7f68a40..8072bf422dbc4 100644 --- a/packages/@aws-cdk/aws-codepipeline/lib/private/cross-region-support-stack.ts +++ b/packages/@aws-cdk/aws-codepipeline/lib/private/cross-region-support-stack.ts @@ -44,6 +44,13 @@ export interface CrossRegionSupportConstructProps { * @default true */ readonly createKmsKey?: boolean; + + /** + * Enables KMS key rotation for cross-account keys. + * + * @default - false (key rotation is disabled) + */ + readonly enableKeyRotation?: boolean; } export class CrossRegionSupportConstruct extends Construct { @@ -58,6 +65,7 @@ export class CrossRegionSupportConstruct extends Construct { if (createKmsKey) { const encryptionKey = new kms.Key(this, 'CrossRegionCodePipelineReplicationBucketEncryptionKey', { removalPolicy: cdk.RemovalPolicy.DESTROY, + enableKeyRotation: props.enableKeyRotation, }); encryptionAlias = new AliasWithShorterGeneratedName(this, 'CrossRegionCodePipelineReplicationBucketEncryptionAlias', { targetKey: encryptionKey, @@ -106,6 +114,13 @@ export interface CrossRegionSupportStackProps { * @default true */ readonly createKmsKey?: boolean; + + /** + * Enables KMS key rotation for cross-account keys. + * + * @default - false (key rotation is disabled) + */ + readonly enableKeyRotation?: boolean; } /** @@ -130,6 +145,7 @@ export class CrossRegionSupportStack extends cdk.Stack { const crossRegionSupportConstruct = new CrossRegionSupportConstruct(this, 'Default', { createKmsKey: props.createKmsKey, + enableKeyRotation: props.enableKeyRotation, }); this.replicationBucket = crossRegionSupportConstruct.replicationBucket; } diff --git a/packages/@aws-cdk/aws-codepipeline/test/pipeline.test.ts b/packages/@aws-cdk/aws-codepipeline/test/pipeline.test.ts index 5a45459030ee7..d25f89ad915a0 100644 --- a/packages/@aws-cdk/aws-codepipeline/test/pipeline.test.ts +++ b/packages/@aws-cdk/aws-codepipeline/test/pipeline.test.ts @@ -389,6 +389,41 @@ describe('', () => { }); + + test('does not allow enabling key rotation if cross account keys have been disabled', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'PipelineStack'); + + expect(() => { + new codepipeline.Pipeline(stack, 'Pipeline', { + crossAccountKeys: false, + enableKeyRotation: true, + }); + }).toThrow("Setting 'enableKeyRotation' to true also requires 'crossAccountKeys' to be enabled"); + }); + + test("enabling key rotation sets 'EnableKeyRotation' to 'true' in the main generated KMS key", () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'PipelineStack'); + const sourceOutput = new codepipeline.Artifact(); + new codepipeline.Pipeline(stack, 'Pipeline', { + enableKeyRotation: true, + stages: [ + { + stageName: 'Source', + actions: [new FakeSourceAction({ actionName: 'Source', output: sourceOutput })], + }, + { + stageName: 'Build', + actions: [new FakeBuildAction({ actionName: 'Build', input: sourceOutput })], + }, + ], + }); + + expect(stack).toHaveResourceLike('AWS::KMS::Key', { + 'EnableKeyRotation': true, + }); + }); }); }); }); diff --git a/packages/@aws-cdk/pipelines/lib/legacy/pipeline.ts b/packages/@aws-cdk/pipelines/lib/legacy/pipeline.ts index b8d7769ad3fc0..60f158f298fce 100644 --- a/packages/@aws-cdk/pipelines/lib/legacy/pipeline.ts +++ b/packages/@aws-cdk/pipelines/lib/legacy/pipeline.ts @@ -87,6 +87,19 @@ export interface CdkPipelineProps { readonly crossAccountKeys?: boolean; // @deprecated(v2): switch to default false + + /** + * Enables KMS key rotation for cross-account keys. + * + * Cannot be set if `crossAccountKeys` was set to `false`. + * + * Key rotation costs $1/month when enabled. + * + * @default - false (key rotation is disabled) + */ + readonly enableKeyRotation?: boolean; + + /** * CDK CLI version to use in pipeline * @@ -221,12 +234,16 @@ export class CdkPipeline extends CoreConstruct { if (props.crossAccountKeys !== undefined) { throw new Error('Cannot set \'crossAccountKeys\' if an existing CodePipeline is given using \'codePipeline\''); } + if (props.enableKeyRotation !== undefined) { + throw new Error('Cannot set \'enableKeyRotation\' if an existing CodePipeline is given using \'codePipeline\''); + } this._pipeline = props.codePipeline; } else { this._pipeline = new codepipeline.Pipeline(this, 'Pipeline', { pipelineName: props.pipelineName, crossAccountKeys: props.crossAccountKeys, + enableKeyRotation: props.enableKeyRotation, restartExecutionOnUpdate: true, }); } diff --git a/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-existing.test.ts b/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-existing.test.ts new file mode 100644 index 0000000000000..09de231c8332c --- /dev/null +++ b/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-existing.test.ts @@ -0,0 +1,45 @@ +import * as codePipeline from '@aws-cdk/aws-codepipeline'; +import * as cdk from '@aws-cdk/core'; +import * as cdkp from '../../lib'; + +test('Does not allow setting a pipelineName if an existing CodePipeline is given', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'PipelineStack'); + const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); + + expect(() => { + new cdkp.CdkPipeline(stack, 'CDKPipeline', { + pipelineName: 'CustomPipelineName', + codePipeline: existingCodePipeline, + cloudAssemblyArtifact: new codePipeline.Artifact(), + }); + }).toThrow("Cannot set 'pipelineName' if an existing CodePipeline is given using 'codePipeline'"); +}); + +test('Does not allow enabling crossAccountKeys if an existing CodePipeline is given', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'PipelineStack'); + const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); + + expect(() => { + new cdkp.CdkPipeline(stack, 'CDKPipeline', { + crossAccountKeys: true, + codePipeline: existingCodePipeline, + cloudAssemblyArtifact: new codePipeline.Artifact(), + }); + }).toThrow("Cannot set 'crossAccountKeys' if an existing CodePipeline is given using 'codePipeline'"); +}); + +test('Does not allow enabling key rotation if an existing CodePipeline is given', () => { + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'PipelineStack'); + const existingCodePipeline = new codePipeline.Pipeline(stack, 'CustomCodePipeline'); + + expect(() => { + new cdkp.CdkPipeline(stack, 'CDKPipeline', { + enableKeyRotation: true, + codePipeline: existingCodePipeline, + cloudAssemblyArtifact: new codePipeline.Artifact(), + }); + }).toThrow("Cannot set 'enableKeyRotation' if an existing CodePipeline is given using 'codePipeline'"); +}); \ No newline at end of file From ca29584a396568cceb79e07b002757ca7073492f Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 21 Sep 2021 03:10:14 +0200 Subject: [PATCH 5/6] docs(pipelines): fix small issues in README (#16526) Fixes #16512 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/pipelines/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/pipelines/README.md b/packages/@aws-cdk/pipelines/README.md index 1e0df7a4b2c2a..3013140344bef 100644 --- a/packages/@aws-cdk/pipelines/README.md +++ b/packages/@aws-cdk/pipelines/README.md @@ -1231,8 +1231,8 @@ A hypothetical recovery workflow would look something like this: ```sh $ env CDK_NEW_BOOTSTRAP=1 npx cdk bootstrap \ - --qualifier randchars1234 - --toolkit-stack-name CDKToolkitTemp + --qualifier random1234 \ + --toolkit-stack-name CDKToolkitTemp \ aws://111111111111/us-east-1 ``` From e6a104c96620ad9bc0079570f186f573be39fa8e Mon Sep 17 00:00:00 2001 From: Sathyajith Bhat Date: Tue, 21 Sep 2021 05:00:10 +0300 Subject: [PATCH 6/6] docs(aws-ecr-assets): correct reference from AWS ECR to Amazon ECR (#16560) an inconsistency I noticed in the assets package that ECR is referred to as AWS ECR, while the ECR package refers to ECR as Amazon ECR (and as does the product page). a minor README update ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-ecr-assets/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-ecr-assets/README.md b/packages/@aws-cdk/aws-ecr-assets/README.md index f5993097418ac..8221fe8091d14 100644 --- a/packages/@aws-cdk/aws-ecr-assets/README.md +++ b/packages/@aws-cdk/aws-ecr-assets/README.md @@ -14,8 +14,8 @@ This module allows bundling Docker images as assets. ## Images from Dockerfile Images are built from a local Docker context directory (with a `Dockerfile`), -uploaded to ECR by the CDK toolkit and/or your app's CI-CD pipeline, and can be -naturally referenced in your CDK app. +uploaded to Amazon Elastic Container Registry (ECR) by the CDK toolkit +and/or your app's CI/CD pipeline, and can be naturally referenced in your CDK app. ```ts import { DockerImageAsset } from '@aws-cdk/aws-ecr-assets'; @@ -28,7 +28,7 @@ const asset = new DockerImageAsset(this, 'MyBuildImage', { The directory `my-image` must include a `Dockerfile`. This will instruct the toolkit to build a Docker image from `my-image`, push it -to an AWS ECR repository and wire the name of the repository as CloudFormation +to an Amazon ECR repository and wire the name of the repository as CloudFormation parameters to your stack. By default, all files in the given directory will be copied into the docker @@ -85,7 +85,7 @@ const asset = new TarballImageAsset(this, 'MyBuildImage', { ``` This will instruct the toolkit to add the tarball as a file asset. During deployment it will load the container image -from `local-image.tar`, push it to an AWS ECR repository and wire the name of the repository as CloudFormation parameters +from `local-image.tar`, push it to an Amazon ECR repository and wire the name of the repository as CloudFormation parameters to your stack. ## Publishing images to ECR repositories