From 7ee729df76ed5e3c2b614131c4d9db505f5e0d13 Mon Sep 17 00:00:00 2001 From: Paul Sun Date: Thu, 10 Oct 2024 17:13:07 -0700 Subject: [PATCH 01/11] feat(kinesisfirehose-alpha): refactor sourceStream property to support multiple types of sources --- .../aws-kinesisfirehose-alpha/README.md | 10 +- .../lib/delivery-stream.ts | 23 ++- .../aws-kinesisfirehose-alpha/lib/index.ts | 1 + .../aws-kinesisfirehose-alpha/lib/source.ts | 140 ++++++++++++++++++ .../test/delivery-stream.test.ts | 11 +- .../integ.delivery-stream.source-stream.ts | 3 +- 6 files changed, 163 insertions(+), 25 deletions(-) create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md index c299eb018e3fb..b0d4234365786 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md @@ -54,23 +54,21 @@ The above example defines the following resources: ## Sources -There are two main methods of sourcing input data: Kinesis Data Streams and via a "direct -put". +A Kinesis Data Firehose delivery stream can accept data from three main sources: Kinesis Data Streams, Managed Streaming for Apache Kafka (MSK), or via a "direct put" (API calls). See: [Sending Data to a Delivery Stream](https://docs.aws.amazon.com/firehose/latest/dev/basic-write.html) in the *Kinesis Data Firehose Developer Guide*. ### Kinesis Data Stream -A delivery stream can read directly from a Kinesis data stream as a consumer of the data -stream. Configure this behaviour by providing a data stream in the `sourceStream` -property when constructing a delivery stream: +To use a Kinesis Data Stream as the source of a Kinesis Firehose delivery stream: ```ts declare const destination: firehose.IDestination; const sourceStream = new kinesis.Stream(this, 'Source Stream'); + new firehose.DeliveryStream(this, 'Delivery Stream', { - sourceStream: sourceStream, + source: new source.KinesisStreamSource(sourceStream), destination: destination, }); ``` diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts index 737ba07d80574..e00fd1f25b72f 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts @@ -1,7 +1,6 @@ import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch'; import * as ec2 from 'aws-cdk-lib/aws-ec2'; import * as iam from 'aws-cdk-lib/aws-iam'; -import * as kinesis from 'aws-cdk-lib/aws-kinesis'; import * as kms from 'aws-cdk-lib/aws-kms'; import * as cdk from 'aws-cdk-lib/core'; import { RegionInfo } from 'aws-cdk-lib/region-info'; @@ -10,6 +9,7 @@ import { IDestination } from './destination'; import { FirehoseMetrics } from 'aws-cdk-lib/aws-kinesisfirehose/lib/kinesisfirehose-canned-metrics.generated'; import { CfnDeliveryStream } from 'aws-cdk-lib/aws-kinesisfirehose'; import { StreamEncryption } from './encryption'; +import { ISource } from './source'; const PUT_RECORD_ACTIONS = [ 'firehose:PutRecord', @@ -201,7 +201,7 @@ export interface DeliveryStreamProps { * * @default - data must be written to the delivery stream via a direct put. */ - readonly sourceStream?: kinesis.IStream; + readonly source?: ISource; /** * The IAM role associated with this delivery stream. @@ -322,14 +322,14 @@ export class DeliveryStream extends DeliveryStreamBase { this._role = props.role; - if (props.encryption?.encryptionKey || props.sourceStream) { + if (props.encryption?.encryptionKey || props.source) { this._role = this._role ?? new iam.Role(this, 'Service Role', { assumedBy: new iam.ServicePrincipal('firehose.amazonaws.com'), }); } if ( - props.sourceStream && + props.source && (props.encryption?.type === StreamEncryptionType.AWS_OWNED || props.encryption?.type === StreamEncryptionType.CUSTOMER_MANAGED) ) { throw new Error('Requested server-side encryption but delivery stream source is a Kinesis data stream. Specify server-side encryption on the data stream instead.'); @@ -353,27 +353,24 @@ export class DeliveryStream extends DeliveryStreamBase { encryptionKey?.grantEncryptDecrypt(this._role); } - let sourceStreamConfig = undefined; let readStreamGrant = undefined; - if (this._role && props.sourceStream) { - sourceStreamConfig = { - kinesisStreamArn: props.sourceStream.streamArn, - roleArn: this._role.roleArn, - }; - readStreamGrant = props.sourceStream.grantRead(this._role); + if (this._role && props.source) { + readStreamGrant = props.source.grantRead(this._role); } const destinationConfig = props.destination.bind(this, {}); + const sourceConfig = props.source?._bind(this, this._role?.roleArn); const resource = new CfnDeliveryStream(this, 'Resource', { deliveryStreamEncryptionConfigurationInput: encryptionConfig, deliveryStreamName: props.deliveryStreamName, - deliveryStreamType: props.sourceStream ? 'KinesisStreamAsSource' : 'DirectPut', - kinesisStreamSourceConfiguration: sourceStreamConfig, + deliveryStreamType: props.source ? 'KinesisStreamAsSource' : 'DirectPut', + ...sourceConfig, ...destinationConfig, }); destinationConfig.dependables?.forEach(dependable => resource.node.addDependency(dependable)); + if (readStreamGrant) { resource.node.addDependency(readStreamGrant); } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/index.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/index.ts index 96394049bc2db..a949de22b1b40 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/index.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/index.ts @@ -3,5 +3,6 @@ export * from './destination'; export * from './encryption'; export * from './lambda-function-processor'; export * from './processor'; +export * from './source'; // AWS::KinesisFirehose CloudFormation Resources: diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts new file mode 100644 index 0000000000000..f67ff14fb9b7c --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts @@ -0,0 +1,140 @@ +import { Construct } from 'constructs'; +import { CfnDeliveryStream } from 'aws-cdk-lib/aws-kinesisfirehose'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as kinesis from 'aws-cdk-lib/aws-kinesis'; + +/** + * A Kinesis Data Firehose delivery stream source configuration. + * + * @internal + */ +export interface SourceConfig { + /** + * Configuration for using a Kinesis Data Stream as a source for the delivery stream. + * + * This will be returned by the _bind method depending on what type of Source class is specified. + * + * @default - Kinesis Data Stream Source configuration property is not provided. + */ + readonly kinesisStreamSourceConfiguration?: CfnDeliveryStream.KinesisStreamSourceConfigurationProperty; + + /** + * Configuration for using an MSK (Managed Streaming for Kafka) cluster as a source for the delivery stream. + * + * This will be returned by the _bind method depending on what type of Source class is specified. + * + * @default - MSK Source configuration property is not provided. + */ + readonly mskSourceConfiguration?: CfnDeliveryStream.MSKSourceConfigurationProperty; +} + +/** + * An interface for defining a source that can be used in a Kinesis Data Firehose delivery stream. + * Implementers will provide the necessary configurations for the delivery stream. + */ +export interface ISource { + /** + * Binds this source to the Kinesis Data Firehose delivery stream. + * + * Implementers should use this method to bind resources to the stack and initialize values using the provided stream. + * + * @internal + */ + _bind(scope: Construct, roleArn?: string): SourceConfig; + + /** + * Grant read permissions for this source resource and its contents to an IAM + * principal (the delivery stream). + * + * If an encryption key is used, permission to ues the key to decrypt the + * contents of the stream will also be granted. + */ + grantRead(grantee: iam.IGrantable): iam.Grant; +} + +/** + * A Kinesis Data Firehose delivery stream source. + */ +export class KinesisStreamSource implements ISource { + + /** + * Creates a new KinesisStreamSource. + */ + constructor(private readonly stream: kinesis.IStream) {} + grantRead(grantee: iam.IGrantable): iam.Grant { + return this.stream.grantRead(grantee); + } + + /** + * Binds the Kinesis stream as a source for the Kinesis Data Firehose delivery stream. + * + * @returns The configuration needed to use this Kinesis stream as the delivery stream source. + * @internal + */ + _bind(_scope: Construct, roleArn: string): SourceConfig { + return { + kinesisStreamSourceConfiguration: { + kinesisStreamArn: this.stream.streamArn, + roleArn: roleArn, + }, + }; + } +} + +// /** +// * A Kinesis Data Firehose delivery stream source using Amazon MSK (Managed Streaming for Kafka). +// */ +// export class MSKSource implements ISource { + +// /** +// * Creates a new MSKSource. +// */ +// constructor( +// private readonly mskCluster: msk.Cluster, +// private readonly topicName: string, +// private readonly authenticationConfiguration: CfnDeliveryStream.AuthenticationConfigurationProperty, +// private readonly readFromTimestamp?: string, +// ) { +// if (!Token.isUnresolved(this.mskCluster.clusterArn)) { +// const arnPattern = /^arn:.*/; + +// if (!arnPattern.test(this.mskCluster.clusterArn)) { +// throw new Error(`Invalid ARN: "${this.mskCluster.clusterArn}". An ARN must start with 'arn:' and follow the format 'arn:partition:service:region:account-id:resource'.`); +// } +// if (this.mskCluster.clusterArn.length > 512) { +// throw new Error('MSKClusterArn must be at most 512 characters long'); +// } +// } + +// // Pattern: [a-zA-Z0-9\._\-]+ (alphanumeric characters, dots, underscores, and hyphens) +// if (!Token.isUnresolved(this.topicName)) { +// const pattern = /^[a-zA-Z0-9._-]+$/; + +// if (!pattern.test(topicName)) { +// throw new Error(`Invalid topicName: "${topicName}". The input must only contain alphanumeric characters, dots (.), underscores (_), or hyphens (-).`); +// } +// if (this.topicName.length < 1 || this.topicName.length > 255) { +// throw new Error('TopicName must be between 1 and 255 characters long'); +// } +// } +// } +// grantRead(grantee: iam.IGrantable): iam.Grant { +// throw new Error('Method not implemented.'); +// } +// /** +// * Binds the MSK cluster as a source for the Kinesis Data Firehose delivery stream. +// * +// * @returns The configuration needed to use this MSK cluster as the delivery stream source. +// * @internal +// */ +// _bind(_scope: Construct): SourceConfig { +// return { +// mskSourceConfigurationProperty: { +// mskClusterArn: this.mskCluster.clusterArn, +// topicName: this.topicName, +// authenticationConfiguration: this.authenticationConfiguration, +// readFromTimestamp: this.readFromTimestamp, +// }, +// }; +// } +// } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts index c9365eb2ee35e..8a253966b3158 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts @@ -10,6 +10,7 @@ import * as cdk from 'aws-cdk-lib'; import { Construct, Node } from 'constructs'; import * as firehose from '../lib'; import { StreamEncryption } from '../lib'; +import * as source from '../lib/source'; describe('delivery stream', () => { let stack: cdk.Stack; @@ -134,7 +135,7 @@ describe('delivery stream', () => { new firehose.DeliveryStream(stack, 'Delivery Stream', { destination: mockS3Destination, - sourceStream: sourceStream, + source: new source.KinesisStreamSource(sourceStream), }); Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { @@ -180,7 +181,7 @@ describe('delivery stream', () => { new firehose.DeliveryStream(stack, 'Delivery Stream', { destination: mockS3Destination, - sourceStream: sourceStream, + source: new source.KinesisStreamSource(sourceStream), role: deliveryStreamRole, }); @@ -318,17 +319,17 @@ describe('delivery stream', () => { expect(() => new firehose.DeliveryStream(stack, 'Delivery Stream 1', { destination: mockS3Destination, encryption: firehose.StreamEncryption.awsOwnedKey(), - sourceStream, + source: new source.KinesisStreamSource(sourceStream), })).toThrowError('Requested server-side encryption but delivery stream source is a Kinesis data stream. Specify server-side encryption on the data stream instead.'); expect(() => new firehose.DeliveryStream(stack, 'Delivery Stream 2', { destination: mockS3Destination, encryption: firehose.StreamEncryption.customerManagedKey(), - sourceStream, + source: new source.KinesisStreamSource(sourceStream), })).toThrowError('Requested server-side encryption but delivery stream source is a Kinesis data stream. Specify server-side encryption on the data stream instead.'); expect(() => new firehose.DeliveryStream(stack, 'Delivery Stream 3', { destination: mockS3Destination, encryption: StreamEncryption.customerManagedKey(new kms.Key(stack, 'Key')), - sourceStream, + source: new source.KinesisStreamSource(sourceStream), })).toThrowError('Requested server-side encryption but delivery stream source is a Kinesis data stream. Specify server-side encryption on the data stream instead.'); }); diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts index facfd13a184d1..3d2441f2f018a 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts @@ -5,6 +5,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3'; import * as cdk from 'aws-cdk-lib'; import * as constructs from 'constructs'; import * as firehose from '../lib'; +import * as source from '../lib/source'; const app = new cdk.App(); @@ -35,7 +36,7 @@ const sourceStream = new kinesis.Stream(stack, 'Source Stream'); new firehose.DeliveryStream(stack, 'Delivery Stream', { destination: mockS3Destination, - sourceStream, + source: new source.KinesisStreamSource(sourceStream), }); new firehose.DeliveryStream(stack, 'Delivery Stream No Source Or Encryption Key', { From 0bb980f47d0a6de5f6e8df49ff8778391e34a844 Mon Sep 17 00:00:00 2001 From: Paul Sun Date: Tue, 15 Oct 2024 09:43:37 -0700 Subject: [PATCH 02/11] lint fix --- packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts index f67ff14fb9b7c..fd06651efe79e 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts @@ -11,7 +11,7 @@ import * as kinesis from 'aws-cdk-lib/aws-kinesis'; export interface SourceConfig { /** * Configuration for using a Kinesis Data Stream as a source for the delivery stream. - * + * * This will be returned by the _bind method depending on what type of Source class is specified. * * @default - Kinesis Data Stream Source configuration property is not provided. @@ -20,7 +20,7 @@ export interface SourceConfig { /** * Configuration for using an MSK (Managed Streaming for Kafka) cluster as a source for the delivery stream. - * + * * This will be returned by the _bind method depending on what type of Source class is specified. * * @default - MSK Source configuration property is not provided. @@ -67,7 +67,7 @@ export class KinesisStreamSource implements ISource { /** * Binds the Kinesis stream as a source for the Kinesis Data Firehose delivery stream. - * + * * @returns The configuration needed to use this Kinesis stream as the delivery stream source. * @internal */ From a09b6e5966f3dacc221a49ee3909f6f46599d09a Mon Sep 17 00:00:00 2001 From: Paul Sun Date: Tue, 15 Oct 2024 09:46:12 -0700 Subject: [PATCH 03/11] docstring updates --- .../aws-kinesisfirehose-alpha/lib/source.ts | 63 +------------------ 1 file changed, 1 insertion(+), 62 deletions(-) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts index fd06651efe79e..211728c822226 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts @@ -30,14 +30,11 @@ export interface SourceConfig { /** * An interface for defining a source that can be used in a Kinesis Data Firehose delivery stream. - * Implementers will provide the necessary configurations for the delivery stream. */ export interface ISource { /** * Binds this source to the Kinesis Data Firehose delivery stream. - * - * Implementers should use this method to bind resources to the stack and initialize values using the provided stream. - * + * * @internal */ _bind(scope: Construct, roleArn?: string): SourceConfig; @@ -80,61 +77,3 @@ export class KinesisStreamSource implements ISource { }; } } - -// /** -// * A Kinesis Data Firehose delivery stream source using Amazon MSK (Managed Streaming for Kafka). -// */ -// export class MSKSource implements ISource { - -// /** -// * Creates a new MSKSource. -// */ -// constructor( -// private readonly mskCluster: msk.Cluster, -// private readonly topicName: string, -// private readonly authenticationConfiguration: CfnDeliveryStream.AuthenticationConfigurationProperty, -// private readonly readFromTimestamp?: string, -// ) { -// if (!Token.isUnresolved(this.mskCluster.clusterArn)) { -// const arnPattern = /^arn:.*/; - -// if (!arnPattern.test(this.mskCluster.clusterArn)) { -// throw new Error(`Invalid ARN: "${this.mskCluster.clusterArn}". An ARN must start with 'arn:' and follow the format 'arn:partition:service:region:account-id:resource'.`); -// } -// if (this.mskCluster.clusterArn.length > 512) { -// throw new Error('MSKClusterArn must be at most 512 characters long'); -// } -// } - -// // Pattern: [a-zA-Z0-9\._\-]+ (alphanumeric characters, dots, underscores, and hyphens) -// if (!Token.isUnresolved(this.topicName)) { -// const pattern = /^[a-zA-Z0-9._-]+$/; - -// if (!pattern.test(topicName)) { -// throw new Error(`Invalid topicName: "${topicName}". The input must only contain alphanumeric characters, dots (.), underscores (_), or hyphens (-).`); -// } -// if (this.topicName.length < 1 || this.topicName.length > 255) { -// throw new Error('TopicName must be between 1 and 255 characters long'); -// } -// } -// } -// grantRead(grantee: iam.IGrantable): iam.Grant { -// throw new Error('Method not implemented.'); -// } -// /** -// * Binds the MSK cluster as a source for the Kinesis Data Firehose delivery stream. -// * -// * @returns The configuration needed to use this MSK cluster as the delivery stream source. -// * @internal -// */ -// _bind(_scope: Construct): SourceConfig { -// return { -// mskSourceConfigurationProperty: { -// mskClusterArn: this.mskCluster.clusterArn, -// topicName: this.topicName, -// authenticationConfiguration: this.authenticationConfiguration, -// readFromTimestamp: this.readFromTimestamp, -// }, -// }; -// } -// } From e24a680908a77f0b0ef9fdf550c70065d9c5c1cf Mon Sep 17 00:00:00 2001 From: Paul Sun Date: Tue, 15 Oct 2024 15:21:27 -0700 Subject: [PATCH 04/11] fix readme import --- packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md | 2 +- packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/index.ts | 2 +- packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md index b0d4234365786..1610f32f8bab6 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md @@ -68,7 +68,7 @@ declare const destination: firehose.IDestination; const sourceStream = new kinesis.Stream(this, 'Source Stream'); new firehose.DeliveryStream(this, 'Delivery Stream', { - source: new source.KinesisStreamSource(sourceStream), + source: new firehose.KinesisStreamSource(sourceStream), destination: destination, }); ``` diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/index.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/index.ts index a949de22b1b40..b08a358594aca 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/index.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/index.ts @@ -1,8 +1,8 @@ export * from './delivery-stream'; +export * from './source'; export * from './destination'; export * from './encryption'; export * from './lambda-function-processor'; export * from './processor'; -export * from './source'; // AWS::KinesisFirehose CloudFormation Resources: diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts index 211728c822226..92ee467370ee9 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts @@ -34,7 +34,7 @@ export interface SourceConfig { export interface ISource { /** * Binds this source to the Kinesis Data Firehose delivery stream. - * + * * @internal */ _bind(scope: Construct, roleArn?: string): SourceConfig; From e98ee64631623f423d2ba41d4c81be969bf6088c Mon Sep 17 00:00:00 2001 From: Paul Sun Date: Wed, 16 Oct 2024 11:07:54 -0700 Subject: [PATCH 05/11] readme update --- packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md index 1610f32f8bab6..a7a07b2168a58 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md @@ -61,7 +61,9 @@ in the *Kinesis Data Firehose Developer Guide*. ### Kinesis Data Stream -To use a Kinesis Data Stream as the source of a Kinesis Firehose delivery stream: +A delivery stream can read directly from a Kinesis data stream as a consumer of the data +stream. Configure this behaviour by providing a data stream in the `sourceStream` +property when constructing a delivery stream: ```ts declare const destination: firehose.IDestination; From 40303e5845645f40beebe517a9f7b242d8fe8e59 Mon Sep 17 00:00:00 2001 From: Paul Sun Date: Wed, 16 Oct 2024 11:09:42 -0700 Subject: [PATCH 06/11] anotha one --- packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md index a7a07b2168a58..06ab9ba08f989 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md @@ -62,8 +62,8 @@ in the *Kinesis Data Firehose Developer Guide*. ### Kinesis Data Stream A delivery stream can read directly from a Kinesis data stream as a consumer of the data -stream. Configure this behaviour by providing a data stream in the `sourceStream` -property when constructing a delivery stream: +stream. Configure this behaviour by passing in a data stream in the `source` +property via the `KinesisStreamSource` class when constructing a delivery stream: ```ts declare const destination: firehose.IDestination; From 2ed50d1f31c98e18d877f8b93b3d98b75e85fefd Mon Sep 17 00:00:00 2001 From: paulhcsun <47882901+paulhcsun@users.noreply.github.com> Date: Wed, 16 Oct 2024 11:51:13 -0700 Subject: [PATCH 07/11] Update packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts Co-authored-by: Leonardo Gama <51037424+Leo10Gama@users.noreply.github.com> --- packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts index 92ee467370ee9..93d24923cf328 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts @@ -43,7 +43,7 @@ export interface ISource { * Grant read permissions for this source resource and its contents to an IAM * principal (the delivery stream). * - * If an encryption key is used, permission to ues the key to decrypt the + * If an encryption key is used, permission to use the key to decrypt the * contents of the stream will also be granted. */ grantRead(grantee: iam.IGrantable): iam.Grant; From 2751435a4b44c5c54604747c39c05abc390917bc Mon Sep 17 00:00:00 2001 From: paulhcsun <47882901+paulhcsun@users.noreply.github.com> Date: Wed, 16 Oct 2024 11:52:34 -0700 Subject: [PATCH 08/11] Update packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts Co-authored-by: Leonardo Gama <51037424+Leo10Gama@users.noreply.github.com> --- packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts index 93d24923cf328..0720e1fa8a7db 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts @@ -58,6 +58,7 @@ export class KinesisStreamSource implements ISource { * Creates a new KinesisStreamSource. */ constructor(private readonly stream: kinesis.IStream) {} + grantRead(grantee: iam.IGrantable): iam.Grant { return this.stream.grantRead(grantee); } From 2c1f3ec305cb1770de696e658aebcfeaf395aef4 Mon Sep 17 00:00:00 2001 From: Paul Sun Date: Wed, 16 Oct 2024 12:02:11 -0700 Subject: [PATCH 09/11] remove export on SourceConfig --- packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts index 0720e1fa8a7db..69014e41464ff 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts @@ -5,10 +5,8 @@ import * as kinesis from 'aws-cdk-lib/aws-kinesis'; /** * A Kinesis Data Firehose delivery stream source configuration. - * - * @internal */ -export interface SourceConfig { +interface SourceConfig { /** * Configuration for using a Kinesis Data Stream as a source for the delivery stream. * From b7d2cb1bcd36c6d04401e643ad43d8e955426346 Mon Sep 17 00:00:00 2001 From: Paul Sun Date: Wed, 16 Oct 2024 13:23:33 -0700 Subject: [PATCH 10/11] readme change --- packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md | 2 +- packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md index 06ab9ba08f989..b3b8da711a33d 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md @@ -444,7 +444,7 @@ necessary permissions for Kinesis Data Firehose to access the resources referenc delivery stream. One service role is created for the delivery stream that allows Kinesis Data Firehose to read from a Kinesis data stream (if one is configured as the delivery stream source) and for server-side encryption. Note that if the DeliveryStream is created -without specifying `sourceStream` or `encryptionKey`, this role is not created as it is not needed. +without specifying a Kinesis Stream as the`source` or `encryptionKey`, this role is not created as it is not needed. Another service role is created for each destination, which gives Kinesis Data Firehose write access to the destination resource, as well as the ability to invoke data transformers and diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts index 69014e41464ff..ad0009a123654 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/source.ts @@ -56,7 +56,7 @@ export class KinesisStreamSource implements ISource { * Creates a new KinesisStreamSource. */ constructor(private readonly stream: kinesis.IStream) {} - + grantRead(grantee: iam.IGrantable): iam.Grant { return this.stream.grantRead(grantee); } From 9e0d276739dfe721e0f1d8bd8acfc6c698faf838 Mon Sep 17 00:00:00 2001 From: Paul Sun Date: Wed, 16 Oct 2024 13:28:45 -0700 Subject: [PATCH 11/11] readme update --- packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md index b3b8da711a33d..279b43b2cb7cc 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md @@ -444,7 +444,7 @@ necessary permissions for Kinesis Data Firehose to access the resources referenc delivery stream. One service role is created for the delivery stream that allows Kinesis Data Firehose to read from a Kinesis data stream (if one is configured as the delivery stream source) and for server-side encryption. Note that if the DeliveryStream is created -without specifying a Kinesis Stream as the`source` or `encryptionKey`, this role is not created as it is not needed. +without specifying a `source` or `encryptionKey`, this role is not created as it is not needed. Another service role is created for each destination, which gives Kinesis Data Firehose write access to the destination resource, as well as the ability to invoke data transformers and