Merge branch 'master' into iotevents-dm-other-properties

CHANGELOG.md

@@ -2,6 +2,46 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https:/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.141.0](https:/aws/aws-cdk/compare/v1.140.0...v1.141.0) (2022-01-27)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **servicecatalog:** `TagOptions` now have `scope` and `props` argument in constructor, and data is now passed via a `allowedValueForTags` field in props
+
+### Features
+
+* **assertions:** support assertions on stack messages ([#18521](https:/aws/aws-cdk/issues/18521)) ([cb86e30](https:/aws/aws-cdk/commit/cb86e30391aefdda13e6b0d4b3be2fedf76477c8)), closes [#18347](https:/aws/aws-cdk/issues/18347)
+* **assertions:** support for conditions ([#18577](https:/aws/aws-cdk/issues/18577)) ([55ff1b2](https:/aws/aws-cdk/commit/55ff1b2e69f1b42bbbecd9dc95e17f2ffc35f94e)), closes [#18560](https:/aws/aws-cdk/issues/18560)
+* **aws-ecs-patterns:** adding support for custom HealthCheck while creating QueueProcessingFargateService ([#18219](https:/aws/aws-cdk/issues/18219)) ([0ca81a1](https:/aws/aws-cdk/commit/0ca81a118d3d54b87d2d05a53fb72e4efe03b591)), closes [#15636](https:/aws/aws-cdk/issues/15636)
+* **certificatemanager:** DnsValidatedCertificate DNS record cleanup ([#18311](https:/aws/aws-cdk/issues/18311)) ([36d356d](https:/aws/aws-cdk/commit/36d356d0b3e422f7451f4b0dd2f971aa0378210e)), closes [#3333](https:/aws/aws-cdk/issues/3333) [#7063](https:/aws/aws-cdk/issues/7063)
+* **cfnspec:** cloudformation spec v53.1.0 ([#18588](https:/aws/aws-cdk/issues/18588)) ([a283a48](https:/aws/aws-cdk/commit/a283a482dead64e94383ba21cc7908f10c4459a2))
+* **cfnspec:** cloudformation spec v53.1.0 ([#18658](https:/aws/aws-cdk/issues/18658)) ([2eda19e](https:/aws/aws-cdk/commit/2eda19e510374426190531810cff518d582644ad))
+* **ec2:** session timeout and login banner for client vpn endpoint ([#18590](https:/aws/aws-cdk/issues/18590)) ([7294118](https:/aws/aws-cdk/commit/72941180a7188e5560a58f1509554ef038544ec4))
+* **ecs:** add `BaseService.fromServiceArnWithCluster()` for use in CodePipeline ([#18530](https:/aws/aws-cdk/issues/18530)) ([3d192a9](https:/aws/aws-cdk/commit/3d192a9a832857cb246d719a68b4b8f40d807fed))
+* **iotevents:** add DetectorModel L2 Construct ([#18049](https:/aws/aws-cdk/issues/18049)) ([d0960f1](https:/aws/aws-cdk/commit/d0960f181e5f66daa1eb53be2190b7e62bd66030)), closes [#17711](https:/aws/aws-cdk/issues/17711) [#17711](https:/aws/aws-cdk/issues/17711)
+* **lambda-nodejs:** Allow setting mainFields for esbuild ([#18569](https:/aws/aws-cdk/issues/18569)) ([0e78aeb](https:/aws/aws-cdk/commit/0e78aeb9ad62226e67f72f23c0008ba749b3a73b))
+* **s3:** custom role for the bucket notifications handler ([#17794](https:/aws/aws-cdk/issues/17794)) ([43f232d](https:/aws/aws-cdk/commit/43f232ddc0a18e9a2fada2fbead758ab3538adc2)), closes [#9918](https:/aws/aws-cdk/issues/9918) [#13241](https:/aws/aws-cdk/issues/13241)
+* **servicecatalog:** Create TagOptions Construct ([#18314](https:/aws/aws-cdk/issues/18314)) ([903c4b6](https:/aws/aws-cdk/commit/903c4b6e4adf676fae42265a048dddd0e1386542)), closes [#17753](https:/aws/aws-cdk/issues/17753)
+
+
+### Bug Fixes
+
+* **apigatewayv2:** websocket api: allow all methods in grant manage connections ([#18544](https:/aws/aws-cdk/issues/18544)) ([41c8a3f](https:/aws/aws-cdk/commit/41c8a3fa6b50a94affb65286d862056050d02e84)), closes [#18410](https:/aws/aws-cdk/issues/18410)
+* **aws-apigateway:** cross region authorizer ref ([#18444](https:/aws/aws-cdk/issues/18444)) ([0e0a092](https:/aws/aws-cdk/commit/0e0a0922ba1d538abdfeb61a260c262109115038))
+* **cli:** hotswap should wait for lambda's `updateFunctionCode` to complete ([#18536](https:/aws/aws-cdk/issues/18536)) ([0e08eeb](https:/aws/aws-cdk/commit/0e08eebd2f13ab0da6cac7b91288845cad530192)), closes [#18386](https:/aws/aws-cdk/issues/18386) [#18386](https:/aws/aws-cdk/issues/18386)
+* **ecs:** only works in 'aws' partition ([#18496](https:/aws/aws-cdk/issues/18496)) ([525ac07](https:/aws/aws-cdk/commit/525ac07369e33e2f36b7a0eea7913e43649484db)), closes [#18429](https:/aws/aws-cdk/issues/18429)
+* **ecs-patterns:** Fix Network Load Balancer Port assignments in ECS Patterns ([#18157](https:/aws/aws-cdk/issues/18157)) ([1393729](https:/aws/aws-cdk/commit/13937299596d0b858d56e9116bf7a7dbe039d4b4)), closes [#18073](https:/aws/aws-cdk/issues/18073)
+* **elasticloadbalancingv2:** ApplicationLoadBalancer.logAccessLogs does not grant all necessary permissions ([#18558](https:/aws/aws-cdk/issues/18558)) ([bde1795](https:/aws/aws-cdk/commit/bde17950293309b7449fc412301634770b47111f)), closes [#18367](https:/aws/aws-cdk/issues/18367)
+* **pipelines:** CodeBuild projects are hard to tell apart ([#18492](https:/aws/aws-cdk/issues/18492)) ([f6dab8d](https:/aws/aws-cdk/commit/f6dab8d8c5aa4cf56d6846e2d13c1d5641136f72))
+* **region-info:** incorrect codedeploy service principals ([#18505](https:/aws/aws-cdk/issues/18505)) ([16db963](https:/aws/aws-cdk/commit/16db9639e86f1fd6f26a1054f4d6df24801d0f05))
+* **route53:** add RoutingControlArn to HealthCheck patch ([#18645](https:/aws/aws-cdk/issues/18645)) ([c58e8bb](https:/aws/aws-cdk/commit/c58e8bbbcb0a66c37b65cddc1da8d19dfbf26b4f)), closes [#18570](https:/aws/aws-cdk/issues/18570)
+* **s3:** add missing safe actions to `grantWrite`, `grantReadWrite` and `grantPut` methods ([#18494](https:/aws/aws-cdk/issues/18494)) ([940d043](https:/aws/aws-cdk/commit/940d0439cd347f06d755f3e3dd0582470749f710)), closes [#13616](https:/aws/aws-cdk/issues/13616)
+* **secretsmanager:** SecretRotation for secret imported by name has incorrect permissions ([#18567](https:/aws/aws-cdk/issues/18567)) ([9ed263c](https:/aws/aws-cdk/commit/9ed263cde0b41959ff267720c0978bfe7449337a)), closes [#18424](https:/aws/aws-cdk/issues/18424)
+* **stepfunctions:** task token integration cannot be used with API Gateway ([#18595](https:/aws/aws-cdk/issues/18595)) ([678eede](https:/aws/aws-cdk/commit/678eeded5d5631dbacff43ead697ecbd3bd4b27d)), closes [#14184](https:/aws/aws-cdk/issues/14184) [#14181](https:/aws/aws-cdk/issues/14181)
+* **stepfunctions-tasks:** cluster creation fails with unresolved release labels ([#18288](https:/aws/aws-cdk/issues/18288)) ([9940952](https:/aws/aws-cdk/commit/9940952d67bdf07f3d737dc88676dc7f7c435a12))
+* **synthetics:** correct getbucketlocation policy ([#13573](https:/aws/aws-cdk/issues/13573)) ([e743525](https:/aws/aws-cdk/commit/e743525b6379371110d737bb360f637c41d30ca1)), closes [#13572](https:/aws/aws-cdk/issues/13572)
+
 ## [1.140.0](https:/aws/aws-cdk/compare/v1.139.0...v1.140.0) (2022-01-20)
 
 

packages/@aws-cdk/alexa-ask/package.json

@@ -28,7 +28,14 @@
  ]
  }
  },
- "projectReferences": true
+ "projectReferences": true,
+ "metadata": {
+ "jsii": {
+ "rosetta": {
+ "strict": true
+ }
+ }
+ }
  },
  "repository": {
  "type": "git",

packages/@aws-cdk/app-delivery/README.md

@@ -59,6 +59,10 @@ import * as codepipeline from '@aws-cdk/aws-codepipeline';
 import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions';
 import * as cdk from '@aws-cdk/core';
 import * as cicd from '@aws-cdk/app-delivery';
+import * as iam from '@aws-cdk/aws-iam';
+
+class MyServiceStackA extends cdk.Stack {}
+class MyServiceStackB extends cdk.Stack {}
 
 const app = new cdk.App();
 
@@ -77,7 +81,9 @@ const sourceOutput = new codepipeline.Artifact();
 const source = new codepipeline_actions.GitHubSourceAction({
  actionName: 'GitHub',
  output: sourceOutput,
- /* ... */
+ owner: 'myName',
+ repo: 'myRepo',
+ oauthToken: cdk.SecretValue.plainText('secret'),
 });
 pipeline.addStage({
  stageName: 'source',
@@ -129,10 +135,11 @@ deployStage.addAction(deployServiceAAction);
 // is passed to CloudFormation and needs the permissions necessary to deploy
 // stack. Alternatively you can enable [Administrator](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator) permissions above,
 // users should understand the privileged nature of this role.
-deployServiceAAction.addToRolePolicy(new iam.PolicyStatement({
- actions: ['service:SomeAction'],
- resources: [myResource.myResourceArn],
- // add more Action(s) and/or Resource(s) here, as needed
+const myResourceArn = 'arn:partition:service:region:account-id:resource-id';
+deployServiceAAction.addToDeploymentRolePolicy(new iam.PolicyStatement({
+ actions: ['service:SomeAction'],
+ resources: [myResourceArn],
+ // add more Action(s) and/or Resource(s) here, as needed
 }));
 
 const serviceStackB = new MyServiceStackB(app, 'ServiceStackB', { /* ... */ });

packages/@aws-cdk/app-delivery/package.json

@@ -29,7 +29,14 @@
  }
  },
  "outdir": "dist",
- "projectReferences": true
+ "projectReferences": true,
+ "metadata": {
+ "jsii": {
+ "rosetta": {
+ "strict": true
+ }
+ }
+ }
  },
  "scripts": {
  "build": "cdk-build",

packages/@aws-cdk/assets/package.json

@@ -28,7 +28,14 @@
  ]
  }
  },
- "projectReferences": true
+ "projectReferences": true,
+ "metadata": {
+ "jsii": {
+ "rosetta": {
+ "strict": true
+ }
+ }
+ }
  },
  "repository": {
  "type": "git",

packages/@aws-cdk/aws-accessanalyzer/package.json

@@ -28,7 +28,14 @@
  ]
  }
  },
- "projectReferences": true
+ "projectReferences": true,
+ "metadata": {
+ "jsii": {
+ "rosetta": {
+ "strict": true
+ }
+ }
+ }
  },
  "repository": {
  "type": "git",

packages/@aws-cdk/aws-amazonmq/package.json

@@ -28,7 +28,14 @@
  ]
  }
  },
- "projectReferences": true
+ "projectReferences": true,
+ "metadata": {
+ "jsii": {
+ "rosetta": {
+ "strict": true
+ }
+ }
+ }
  },
  "repository": {
  "type": "git",

packages/@aws-cdk/aws-amplify/README.md

@@ -29,37 +29,36 @@ To set up an Amplify Console app, define an `App`:
 
 ```ts
 import * as codebuild from '@aws-cdk/aws-codebuild';
-import * as amplify from '@aws-cdk/aws-amplify';
-import * as cdk from '@aws-cdk/core';
 
 const amplifyApp = new amplify.App(this, 'MyApp', {
  sourceCodeProvider: new amplify.GitHubSourceCodeProvider({
  owner: '<user>',
  repository: '<repo>',
- oauthToken: cdk.SecretValue.secretsManager('my-github-token')
+ oauthToken: SecretValue.secretsManager('my-github-token'),
  }),
- buildSpec: codebuild.BuildSpec.fromObjectToYaml({ // Alternatively add a `amplify.yml` to the repo
+ buildSpec: codebuild.BuildSpec.fromObjectToYaml({
+ // Alternatively add a `amplify.yml` to the repo
  version: '1.0',
  frontend: {
  phases: {
  preBuild: {
  commands: [
- 'yarn'
- ]
+ 'yarn',
+ ],
  },
  build: {
  commands: [
- 'yarn build'
- ]
- }
+ 'yarn build',
+ ],
+ },
  },
  artifacts: {
  baseDirectory: 'public',
  files:
- - '**/*'
- }
- }
- })
+ - '**/*',
+ },
+ },
+ }),
 });
 ```
 
@@ -70,20 +69,22 @@ const amplifyApp = new amplify.App(this, 'MyApp', {
  sourceCodeProvider: new amplify.GitLabSourceCodeProvider({
  owner: '<user>',
  repository: '<repo>',
- oauthToken: cdk.SecretValue.secretsManager('my-gitlab-token')
- })
+ oauthToken: SecretValue.secretsManager('my-gitlab-token'),
+ }),
 });
 ```
 
 To connect your `App` to CodeCommit, use the `CodeCommitSourceCodeProvider`:
 
 ```ts
+import * as codecommit from '@aws-cdk/aws-codecommit';
+
 const repository = new codecommit.Repository(this, 'Repo', {
- repositoryName: 'my-repo'
+ repositoryName: 'my-repo',
 });
 
 const amplifyApp = new amplify.App(this, 'App', {
- sourceCodeProvider: new amplify.CodeCommitSourceCodeProvider({ repository })
+ sourceCodeProvider: new amplify.CodeCommitSourceCodeProvider({ repository }),
 });
 ```
 
@@ -93,6 +94,8 @@ to pull the CodeCommit repository.
 Add branches:
 
 ```ts
+declare const amplifyApp: amplify.App;
+
 const master = amplifyApp.addBranch('master'); // `id` will be used as repo branch name
 const dev = amplifyApp.addBranch('dev');
 dev.addEnvironment('STAGE', 'dev');
@@ -103,10 +106,11 @@ Auto build and pull request preview are enabled by default.
 Add custom rules for redirection:
 
 ```ts
+declare const amplifyApp: amplify.App;
 amplifyApp.addCustomRule({
  source: '/docs/specific-filename.html',
  target: '/documents/different-filename.html',
- status: amplify.RedirectStatus.TEMPORARY_REDIRECT
+ status: amplify.RedirectStatus.TEMPORARY_REDIRECT,
 });
 ```
 
@@ -117,12 +121,18 @@ file extensions: css, gif, ico, jpg, js, png, txt, svg, woff,
 ttf, map, json, webmanifest.
 
 ```ts
+declare const mySinglePageApp: amplify.App;
+
 mySinglePageApp.addCustomRule(amplify.CustomRule.SINGLE_PAGE_APPLICATION_REDIRECT);
 ```
 
 Add a domain and map sub domains to branches:
 
 ```ts
+declare const amplifyApp: amplify.App;
+declare const master: amplify.Branch;
+declare const dev: amplify.Branch;
+
 const domain = amplifyApp.addDomain('example.com', {
  enableAutoSubdomain: true, // in case subdomains should be auto registered for branches
  autoSubdomainCreationPatterns: ['*', 'pr*'], // regex for branches that should auto register subdomains
@@ -140,27 +150,34 @@ Use `BasicAuth.fromCredentials` when referencing an existing secret:
 
 ```ts
 const amplifyApp = new amplify.App(this, 'MyApp', {
- repository: 'https:/<user>/<repo>',
- oauthToken: cdk.SecretValue.secretsManager('my-github-token'),
- basicAuth: amplify.BasicAuth.fromCredentials('username', cdk.SecretValue.secretsManager('my-github-token'))
+ sourceCodeProvider: new amplify.GitHubSourceCodeProvider({
+ owner: '<user>',
+ repository: '<repo>',
+ oauthToken: SecretValue.secretsManager('my-github-token'),
+ }),
+ basicAuth: amplify.BasicAuth.fromCredentials('username', SecretValue.secretsManager('my-github-token')),
 });
 ```
 
 Use `BasicAuth.fromGeneratedPassword` to generate a password in Secrets Manager:
 
 ```ts
 const amplifyApp = new amplify.App(this, 'MyApp', {
- repository: 'https:/<user>/<repo>',
- oauthToken: cdk.SecretValue.secretsManager('my-github-token'),
- basicAuth: amplify.BasicAuth.fromGeneratedPassword('username')
+ sourceCodeProvider: new amplify.GitHubSourceCodeProvider({
+ owner: '<user>',
+ repository: '<repo>',
+ oauthToken: SecretValue.secretsManager('my-github-token'),
+ }),
+ basicAuth: amplify.BasicAuth.fromGeneratedPassword('username'),
 });
 ```
 
 Basic auth can be added to specific branches:
 
 ```ts
-app.addBranch('feature/next', {
- basicAuth: amplify.BasicAuth.fromGeneratedPassword('username')
+declare const amplifyApp: amplify.App;
+amplifyApp.addBranch('feature/next', {
+ basicAuth: amplify.BasicAuth.fromGeneratedPassword('username'),
 });
 ```
 
@@ -171,11 +188,14 @@ of branches:
 
 ```ts
 const amplifyApp = new amplify.App(this, 'MyApp', {
- repository: 'https:/<user>/<repo>',
- oauthToken: cdk.SecretValue.secretsManager('my-github-token'),
+ sourceCodeProvider: new amplify.GitHubSourceCodeProvider({
+ owner: '<user>',
+ repository: '<repo>',
+ oauthToken: SecretValue.secretsManager('my-github-token'),
+ }),
  autoBranchCreation: { // Automatically connect branches that match a pattern set
- patterns: ['feature/*', 'test/*']
- }
+ patterns: ['feature/*', 'test/*'],
+ },
  autoBranchDeletion: true, // Automatically disconnect a branch when you delete a branch from your repository
 });
 ```
@@ -185,11 +205,11 @@ const amplifyApp = new amplify.App(this, 'MyApp', {
 Use the `customResponseHeaders` prop to configure custom response headers for an Amplify app:
 
 ```ts
-const amplifyApp = new amplify.App(stack, 'App', {
+const amplifyApp = new amplify.App(this, 'App', {
  sourceCodeProvider: new amplify.GitHubSourceCodeProvider({
  owner: '<user>',
  repository: '<repo>',
- oauthToken: cdk.SecretValue.secretsManager('my-github-token')
+ oauthToken: SecretValue.secretsManager('my-github-token'),
  }),
  customResponseHeaders: [
  {
@@ -214,7 +234,9 @@ const amplifyApp = new amplify.App(stack, 'App', {
 `sourceCodeProvider` is optional; when this is not specified the Amplify app can be deployed to using `.zip` packages. The `asset` property can be used to deploy S3 assets to Amplify as part of the CDK:
 
 ```ts
-const asset = new assets.Asset(this, "SampleAsset", {});
-const amplifyApp = new amplify.App(this, 'MyApp', {});
+import * as assets from '@aws-cdk/aws-s3-assets';
+
+declare const asset: assets.Asset;
+declare const amplifyApp: amplify.App;
 const branch = amplifyApp.addBranch("dev", { asset: asset });
 ```

packages/@aws-cdk/aws-amplify/lib/app.ts

@@ -28,7 +28,7 @@ export interface SourceCodeProviderConfig {
  /**
  * The repository for the application. Must use the `HTTPS` protocol.
  *
- * @example https:/aws/aws-cdk
+ * For example, `https:/aws/aws-cdk`.
  */
  readonly repository: string;
 

packages/@aws-cdk/aws-amplify/package.json

@@ -28,7 +28,14 @@
  ]
  }
  },
- "projectReferences": true
+ "projectReferences": true,
+ "metadata": {
+ "jsii": {
+ "rosetta": {
+ "strict": true
+ }
+ }
+ }
  },
  "repository": {
  "type": "git",