Merge branch 'master' into selinux-docker-mount

aws · Sep 2, 2021 · 1341f8f · 1341f8f
2 parents 71a5ddb + 2c1eb08
commit 1341f8f
Show file tree

Hide file tree

Showing 102 changed files with 4,149 additions and 1,285 deletions.
diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml
@@ -37,7 +37,7 @@ jobs:
            {"keywords":["(@aws-cdk/aws-appintegrations)","(aws-appintegrations)","(appintegrations)"],"labels":["@aws-cdk/aws-appintegrations"],"assignees":["skinny85"]},
            {"keywords":["(@aws-cdk/aws-applicationautoscaling)","(aws-applicationautoscaling)","(applicationautoscaling)","(application autoscaling)","(application-autoscaling)"],"labels":["@aws-cdk/aws-applicationautoscaling"],"assignees":["comcalvi"]},
            {"keywords":["(@aws-cdk/aws-applicationinsights)","(aws-applicationinsights)","(applicationinsights)","(application insights)","(application-insights)"],"labels":["@aws-cdk/aws-applicationinsights"],"assignees":["njlynch"]},
-           {"keywords":["(@aws-cdk/aws-appmesh)","(aws-appmesh)","(appmesh)","(app mesh)","(app-mesh)"],"labels":["@aws-cdk/aws-appmesh"],"assignees":["skinny85"]},
+           {"keywords":["(@aws-cdk/aws-appmesh)","(aws-appmesh)","(appmesh)","(app mesh)","(app-mesh)"],"labels":["@aws-cdk/aws-appmesh"],"assignees":["Seiya6329"]},
            {"keywords":["(@aws-cdk/aws-appstream)","(aws-appstream)","(appstream)","(app stream)","(app-stream)"],"labels":["@aws-cdk/aws-appstream"],"assignees":["madeline-k"]},
            {"keywords":["(@aws-cdk/aws-appsync)","(aws-appsync)","(appsync)","(app sync)","(app-sync)"],"labels":["@aws-cdk/aws-appsync"],"assignees":["otaviomacedo"]},
            {"keywords":["(@aws-cdk/aws-athena)","(aws-athena)","(athena)"],"labels":["@aws-cdk/aws-athena"],"assignees":["BenChaimberg"]},

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,32 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.121.0](https://github.com/aws/aws-cdk/compare/v1.120.0...v1.121.0) (2021-09-01)
+
+
+### Features
+
+* **assertions:** 'not' matcher ([#16240](https://github.com/aws/aws-cdk/issues/16240)) ([b838f95](https://github.com/aws/aws-cdk/commit/b838f95f0905316fe706779381c93bedaa9ad504)), closes [#15868](https://github.com/aws/aws-cdk/issues/15868)
+* **cloudfront-origins:** add custom headers to S3Origin ([#16161](https://github.com/aws/aws-cdk/issues/16161)) ([f42b233](https://github.com/aws/aws-cdk/commit/f42b233a76ae810634fa43a25604dbc65bdd63b9)), closes [#16160](https://github.com/aws/aws-cdk/issues/16160)
+* **cfnspec:** cloudformation spec v40.1.0 ([#16254](https://github.com/aws/aws-cdk/issues/16254)) ([fe81be7](https://github.com/aws/aws-cdk/commit/fe81be78322e3f1c23d2b02e59b56faa3b06e554))
+* **cli:** support `--no-rollback` flag ([#16293](https://github.com/aws/aws-cdk/issues/16293)) ([d763d90](https://github.com/aws/aws-cdk/commit/d763d9092289d0b28b2695b8474b44ed7d0bce54)), closes [#16289](https://github.com/aws/aws-cdk/issues/16289)
+* **core:** normalize line endings in asset hash calculation ([#16276](https://github.com/aws/aws-cdk/issues/16276)) ([01bf6e2](https://github.com/aws/aws-cdk/commit/01bf6e2922994e7d41c8c6b171aa1693835f2b53))
+* **ec2:** add m6i instances ([#16081](https://github.com/aws/aws-cdk/issues/16081)) ([a42a1ea](https://github.com/aws/aws-cdk/commit/a42a1ea5a122f864936cdb0113b16fe92cc7205e))
+* **ecs:** add support for Fargate PV1.4 ephemeral storage ([#15440](https://github.com/aws/aws-cdk/issues/15440)) ([f1bf935](https://github.com/aws/aws-cdk/commit/f1bf935c47006096b33fb7bf0c847ffab9230870)), closes [#14570](https://github.com/aws/aws-cdk/issues/14570)
+* **ecs-patterns:** add capacity provider strategies to queue processing service pattern ([#15684](https://github.com/aws/aws-cdk/issues/15684)) ([f40e8d6](https://github.com/aws/aws-cdk/commit/f40e8d6a502dd42e0a52d81f72abecaa2cdd920a)), closes [#14781](https://github.com/aws/aws-cdk/issues/14781)
+* **ecs-patterns:** Allow configuration of SSL policy for listeners created by ECS patterns ([#15210](https://github.com/aws/aws-cdk/issues/15210)) ([2c3d21e](https://github.com/aws/aws-cdk/commit/2c3d21e2f1117a54510ba92748588ee95ab3631c)), closes [#11841](https://github.com/aws/aws-cdk/issues/11841) [#8816](https://github.com/aws/aws-cdk/issues/8816)
+* **route53resolver:** DNS Firewall ([#15031](https://github.com/aws/aws-cdk/issues/15031)) ([ffdcd94](https://github.com/aws/aws-cdk/commit/ffdcd94405c160763e396a191d5af793ac8db998))
+* **stepfunctions-tasks:** support allocation strategies in EMR CreateCluster ([#16296](https://github.com/aws/aws-cdk/issues/16296)) ([5a5da57](https://github.com/aws/aws-cdk/commit/5a5da573149d45bf6e29bf7155715fa926804871)), closes [#16252](https://github.com/aws/aws-cdk/issues/16252)
+* **synthetics:** add Python runtime and latest Nodejs runtime ([#16069](https://github.com/aws/aws-cdk/issues/16069)) ([de218ba](https://github.com/aws/aws-cdk/commit/de218ba3a294b5b98f93fc75a04ce42294e95008)), closes [#15138](https://github.com/aws/aws-cdk/issues/15138) [#16177](https://github.com/aws/aws-cdk/issues/16177)
+
+
+### Bug Fixes
+
+* **apigatewayv2:** api mapping key with two hyphens is disallowed ([#16204](https://github.com/aws/aws-cdk/issues/16204)) ([0889564](https://github.com/aws/aws-cdk/commit/0889564a0c1b04d33909dd3fdb42147f23d67cbd)), closes [#15948](https://github.com/aws/aws-cdk/issues/15948)
+* **rds:** `fromDatabaseInstanceAttributes()` incorrectly stringifies ports with tokens ([#16286](https://github.com/aws/aws-cdk/issues/16286)) ([41b831a](https://github.com/aws/aws-cdk/commit/41b831a6698ee6c7a3c8968bff8273a0c7f35448)), closes [#11813](https://github.com/aws/aws-cdk/issues/11813)
+* **core:** inconsistent analytics string across operating systems ([#16300](https://github.com/aws/aws-cdk/issues/16300)) ([ff6082c](https://github.com/aws/aws-cdk/commit/ff6082caf7e534989fb8ee6b4c63c0c02e9a5ec0)), closes [#15322](https://github.com/aws/aws-cdk/issues/15322)
+* **elasticloadbalancingv2:** target group health check does not validate interval versus timeout ([#16107](https://github.com/aws/aws-cdk/issues/16107)) ([a85ad39](https://github.com/aws/aws-cdk/commit/a85ad392459c815d5c8e645dd3e8240d059024e6)), closes [#3703](https://github.com/aws/aws-cdk/issues/3703)
+
 ## [1.120.0](https://github.com/aws/aws-cdk/compare/v1.119.0...v1.120.0) (2021-08-26)
 
 

diff --git a/package.json b/package.json
@@ -20,10 +20,10 @@
     "fs-extra": "^9.1.0",
     "graceful-fs": "^4.2.6",
     "jest-junit": "^12.2.0",
-    "jsii-diff": "^1.31.0",
-    "jsii-pacmak": "^1.31.0",
-    "jsii-reflect": "^1.31.0",
-    "jsii-rosetta": "^1.31.0",
+    "jsii-diff": "^1.34.0",
+    "jsii-pacmak": "^1.34.0",
+    "jsii-reflect": "^1.34.0",
+    "jsii-rosetta": "^1.34.0",
     "lerna": "^4.0.0",
     "patch-package": "^6.4.7",
     "standard-version": "^9.3.1",

diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/README.md b/packages/@aws-cdk-containers/ecs-service-extensions/README.md
@@ -19,6 +19,7 @@ The `Service` construct provided by this module can be extended with optional `S
 - [AWS AppMesh](https://aws.amazon.com/app-mesh/) for adding your application to a service mesh
 - [Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html), for exposing your service to the public
 - [AWS FireLens](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html), for filtering and routing application logs
+- Queue to allow your service to consume messages from an SQS Queue which is populated by one or more SNS Topics that it is subscribed to
 - [Community Extensions](#community-extensions), providing support for advanced use cases
 
 The `ServiceExtension` class is an abstract class which you can also implement in
@@ -321,6 +322,40 @@ const environment = Environment.fromEnvironmentAttributes(stack, 'Environment',
 
 ```
 
+## Queue Extension
+
+This service extension creates a default SQS Queue `eventsQueue` for the service (if not provided) and accepts a list of `ISubscribable` objects that the `eventsQueue` can subscribe to. The service extension creates the subscriptions and sets up permissions for the service to consume messages from the SQS Queue.
+
+### Setting up SNS Topic Subscriptions for SQS Queues
+
+You can use this extension to set up SNS Topic subscriptions for the `eventsQueue`. To do this, create a new object of type `TopicSubscription` for every SNS Topic you want the `eventsQueue` to subscribe to and provide it as input to the service extension.
+
+```ts
+const myServiceDescription = nameDescription.add(new QueueExtension({
+  // Provide list of topic subscriptions that you want the `eventsQueue` to subscribe to
+  subscriptions: [new TopicSubscription({
+    topic: new sns.Topic(stack, 'my-topic'),
+  }],
+}));
+
+// To access the `eventsQueue` for the service, use the `eventsQueue` getter for the extension
+const myQueueExtension = myServiceDescription.extensions.queue as QueueExtension;
+const myEventsQueue = myQueueExtension.eventsQueue;
+```
+
+For setting up a topic-specific queue subscription, you can provide a custom queue in the `TopicSubscription` object along with the SNS Topic. The extension will set up a topic subscription for the provided queue instead of the default `eventsQueue` of the service.
+
+```ts
+nameDescription.add(new QueueExtension({
+  queue: myEventsQueue,
+  subscriptions: [new TopicSubscription({
+    topic: new sns.Topic(stack, 'my-topic'),
+    // `myTopicQueue` will subscribe to the `my-topic` instead of `eventsQueue`
+    queue: myTopicQueue,
+  }],
+}));
+```
+
 ## Community Extensions
 
 We encourage the development of Community Service Extensions that support

diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/index.ts b/packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/index.ts
@@ -6,3 +6,4 @@ export * from './cloudwatch-agent';
 export * from './scale-on-cpu-utilization';
 export * from './xray';
 export * from './assign-public-ip';
+export * from './queue';
diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/queue.ts b/packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/queue.ts
@@ -0,0 +1,212 @@
+import * as ecs from '@aws-cdk/aws-ecs';
+import * as sns from '@aws-cdk/aws-sns';
+import * as subscription from '@aws-cdk/aws-sns-subscriptions';
+import * as sqs from '@aws-cdk/aws-sqs';
+import * as cdk from '@aws-cdk/core';
+import { Service } from '../service';
+import { Container } from './container';
+import { ContainerMutatingHook, ServiceExtension } from './extension-interfaces';
+
+// Keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from '@aws-cdk/core';
+
+/**
+ * An interface that will be implemented by all the resources that can be subscribed to.
+ */
+export interface ISubscribable {
+  /**
+   * All classes implementing this interface must also implement the `subscribe()` method
+   */
+  subscribe(extension: QueueExtension): sqs.IQueue;
+}
+
+/**
+ * The settings for the Queue extension.
+ */
+export interface QueueExtensionProps {
+  /**
+   * The list of subscriptions for this service.
+   *
+   * @default none
+   */
+  readonly subscriptions?: ISubscribable[];
+
+  /**
+   * The user-provided default queue for this service.
+   *
+   * @default If the `eventsQueue` is not provided, a default SQS Queue is created for the service.
+   */
+  readonly eventsQueue?: sqs.IQueue;
+}
+
+/**
+ * The topic-specific settings for creating the queue subscriptions.
+ */
+export interface TopicSubscriptionProps {
+  /**
+   * The SNS Topic to subscribe to.
+   */
+  readonly topic: sns.ITopic;
+
+  /**
+   * The user-provided queue to subscribe to the given topic.
+   * If the `queue` is not provided, the default `eventsQueue` will subscribe to the given topic.
+   *
+   * @default none
+   */
+  readonly queue?: sqs.IQueue;
+}
+
+/**
+ * The `TopicSubscription` class represents an SNS Topic resource that can be subscribed to by the service queues.
+ */
+export class TopicSubscription implements ISubscribable {
+  public readonly topic: sns.ITopic;
+
+  public readonly queue?: sqs.IQueue;
+
+  constructor(props: TopicSubscriptionProps) {
+    this.topic = props.topic;
+    this.queue = props.queue;
+  }
+
+  /**
+   * This method sets up SNS Topic subscriptions for the SQS queue provided by the user. If a `queue` is not provided,
+   * the default `eventsQueue` subscribes to the given topic.
+   *
+   * @param extension `QueueExtension` added to the service
+   * @returns the queue subscribed to the given topic
+   */
+  public subscribe(extension: QueueExtension) : sqs.IQueue {
+    let queue = extension.eventsQueue;
+    if (this.queue) {
+      queue = this.queue;
+    }
+    this.topic.addSubscription(new subscription.SqsSubscription(queue));
+    return queue;
+  }
+}
+
+/**
+ * Settings for the hook which mutates the application container
+ * to add the events queue URI to its environment.
+ */
+interface ContainerMutatingProps {
+  /**
+   * The events queue name and URI to be added to the container environment.
+   */
+  readonly environment: { [key: string]: string };
+}
+
+/**
+ * This hook modifies the application container's environment to
+ * add the queue URL for the events queue of the service.
+ */
+class QueueExtensionMutatingHook extends ContainerMutatingHook {
+  private environment: { [key: string]: string };
+
+  constructor(props: ContainerMutatingProps) {
+    super();
+    this.environment = props.environment;
+  }
+
+  public mutateContainerDefinition(props: ecs.ContainerDefinitionOptions): ecs.ContainerDefinitionOptions {
+    return {
+      ...props,
+
+      environment: { ...(props.environment || {}), ...this.environment },
+    } as ecs.ContainerDefinitionOptions;
+  }
+}
+
+/**
+ * This extension creates a default `eventsQueue` for the service (if not provided) and accepts a list of objects of
+ * type `ISubscribable` that the `eventsQueue` subscribes to. It creates the subscriptions and sets up permissions
+ * for the service to consume messages from the SQS Queues.
+ *
+ * The default queue for this service can be accessed using the getter `<extension>.eventsQueue`.
+ */
+export class QueueExtension extends ServiceExtension {
+  private _eventsQueue!: sqs.IQueue;
+
+  private subscriptionQueues = new Set<sqs.IQueue>();
+
+  private environment: { [key: string]: string } = {};
+
+  private props?: QueueExtensionProps;
+
+  constructor(props?: QueueExtensionProps) {
+    super('queue');
+
+    this.props = props;
+  }
+
+  /**
+   * This hook creates (if required) and sets the default queue `eventsQueue`. It also sets up the subscriptions for
+   * the provided `ISubscribable` objects.
+   *
+   * @param service The parent service which this extension has been added to
+   * @param scope The scope that this extension should create resources in
+   */
+  public prehook(service: Service, scope: Construct) {
+    this.parentService = service;
+    this.scope = scope;
+
+    let eventsQueue = this.props?.eventsQueue;
+    if (!eventsQueue) {
+      const deadLetterQueue = new sqs.Queue(this.scope, 'EventsDeadLetterQueue', {
+        retentionPeriod: cdk.Duration.days(14),
+      });
+
+      eventsQueue = new sqs.Queue(this.scope, 'EventsQueue', {
+        deadLetterQueue: {
+          queue: deadLetterQueue,
+          maxReceiveCount: 3,
+        },
+      });
+    }
+    this._eventsQueue = eventsQueue;
+
+    this.environment[`${this.parentService.id.toUpperCase()}_QUEUE_URI`] = this._eventsQueue.queueUrl;
+
+    if (this.props?.subscriptions) {
+      for (const subs of this.props.subscriptions) {
+        const subsQueue = subs.subscribe(this);
+        this.subscriptionQueues.add(subsQueue);
+      }
+    }
+  }
+
+  /**
+   * Add hooks to the main application extension so that it is modified to
+   * add the events queue URL to the container environment.
+   */
+  public addHooks() {
+    const container = this.parentService.serviceDescription.get('service-container') as Container;
+
+    if (!container) {
+      throw new Error('Queue Extension requires an application extension');
+    }
+
+    container.addContainerMutatingHook(new QueueExtensionMutatingHook({
+      environment: this.environment,
+    }));
+  }
+
+  /**
+   * After the task definition has been created, this hook grants SQS permissions to the task role.
+   *
+   * @param taskDefinition The created task definition
+   */
+  public useTaskDefinition(taskDefinition: ecs.TaskDefinition) {
+    this._eventsQueue.grantConsumeMessages(taskDefinition.taskRole);
+    for (const queue of this.subscriptionQueues) {
+      queue.grantConsumeMessages(taskDefinition.taskRole);
+    }
+  }
+
+  public get eventsQueue() : sqs.IQueue {
+    return this._eventsQueue;
+  }
+}
diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/package.json b/packages/@aws-cdk-containers/ecs-service-extensions/package.json
@@ -64,6 +64,8 @@
     "@aws-cdk/aws-route53": "0.0.0",
     "@aws-cdk/aws-route53-targets": "0.0.0",
     "@aws-cdk/aws-servicediscovery": "0.0.0",
+    "@aws-cdk/aws-sns": "0.0.0",
+    "@aws-cdk/aws-sns-subscriptions": "0.0.0",
     "@aws-cdk/aws-sqs": "0.0.0",
     "@aws-cdk/core": "0.0.0",
     "@aws-cdk/custom-resources": "0.0.0",
@@ -89,6 +91,8 @@
     "@aws-cdk/aws-route53": "0.0.0",
     "@aws-cdk/aws-route53-targets": "0.0.0",
     "@aws-cdk/aws-servicediscovery": "0.0.0",
+    "@aws-cdk/aws-sns": "0.0.0",
+    "@aws-cdk/aws-sns-subscriptions": "0.0.0",
     "@aws-cdk/aws-sqs": "0.0.0",
     "@aws-cdk/core": "0.0.0",
     "@aws-cdk/custom-resources": "0.0.0",