Merge branch 'master' into cr-role-arn

aws · Dec 14, 2020 · 8b253e6 · 8b253e6
2 parents 4ed9555 + 9417b02
commit 8b253e6
Show file tree

Hide file tree

Showing 183 changed files with 30,554 additions and 1,915 deletions.
diff --git a/.mergify.yml b/.mergify.yml
@@ -19,7 +19,6 @@ pull_request_rules:
         commit_message: title+body
     conditions:
       - base!=release
-      - -base~=^v2
       - -title~=(WIP|wip)
       - -label~=(blocked|do-not-merge|no-squash|two-approvers)
       - -merged
@@ -34,15 +33,14 @@ pull_request_rules:
   - name: automatic merge (2+ approvers)
     actions:
       comment:
-        message: Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)).
+        message: Thank you for contributing! Your pull request will be automatically updated and merged (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)).
       merge:
         strict: smart
         method: squash
         strict_method: merge
         commit_message: title+body
     conditions:
       - base!=release
-      - -base~=^v2
       - -title~=(WIP|wip)
       - label~=two-approvers
       - -label~=(blocked|do-not-merge|no-squash)
@@ -58,15 +56,14 @@ pull_request_rules:
   - name: automatic merge (no-squash)
     actions:
       comment:
-        message: Thank you for contributing! Your pull request will be updated from master and then merged automatically without squashing (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)).
+        message: Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)).
       merge:
         strict: smart
         # Merge instead of squash
         method: merge
         strict_method: merge
         commit_message: title+body
     conditions:
-      - -base~=^v2
       - -title~=(WIP|wip)
       - -label~=(blocked|do-not-merge)
       # Only if no-squash is set
@@ -121,22 +118,4 @@ pull_request_rules:
       - "#approved-reviews-by>=1"
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
-      - status-success=validate-pr
-  - name: automatic merge of v2 forward merges
-    actions:
-      comment:
-        message: Forward merge successful!
-      merge:
-        method: merge
-        strict: smart+fasttrack
-        strict_method: merge
-        commit_message: title+body
-    conditions:
-      - base=v2-main
-      - label~=forward-merge
-      - -label~=(blocked|do-not-merge)
-      - -merged
-      - -closed
-      - author~=aws-cdk-automation
-      - "#approved-reviews-by>=1"
-      - status-success~=AWS CodeBuild us-east-1
+      - status-success=validate-pr
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,49 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.78.0](https://github.com/aws/aws-cdk/compare/v1.77.0...v1.78.0) (2020-12-11)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **cloudfront-origins:** Default minimum origin SSL protocol for `HttpOrigin` and `LoadBalancerOrigin` changed from SSLv3 to TLSv1.2.
+* **apigatewayv2:** `domainName` property under `DomainName` has been
+renamed to `name`.
+* **appmesh:** the properties `dnsHostName` and `awsCloudMap` of `VirtualNodeProps` have been replaced with the property `serviceDiscovery`
+* **kms:** change the default value of trustAccountIdentities to true,
+which will result in the key getting the KMS-recommended default key
+policy. This is enabled through the '@aws-cdk/aws-kms:defaultKeyPolicies'
+feature flag.
+
+### Features
+
+* **appmesh:** add ClientPolicy to VirtualNode, VirtualGateway and VirtualService ([#11563](https://github.com/aws/aws-cdk/issues/11563)) ([bfee58c](https://github.com/aws/aws-cdk/commit/bfee58c702c31fb8e89cf99c8b6fb944ef6a96a4))
+* **appmesh:** change Virtual Node service discovery to a union-like class ([#11926](https://github.com/aws/aws-cdk/issues/11926)) ([f75c264](https://github.com/aws/aws-cdk/commit/f75c264df04f7250a4ec4692b6e8a7105d62e535))
+* **appsync:** support appsync functions for pipelineConfig ([#10111](https://github.com/aws/aws-cdk/issues/10111)) ([cb703c7](https://github.com/aws/aws-cdk/commit/cb703c7a7efaeb5d64d4dc73f5f6c3680928dd40)), closes [#9092](https://github.com/aws/aws-cdk/issues/9092)
+* **batch:** Log configuration for job definitions ([#11771](https://github.com/aws/aws-cdk/issues/11771)) ([84c959c](https://github.com/aws/aws-cdk/commit/84c959c1734f308e8c53c7f7e6ca9e6a4f129e7e)), closes [#11218](https://github.com/aws/aws-cdk/issues/11218)
+* **cloudfront:** responseHttpStatus defaults to httpStatus in errorResponses ([#11879](https://github.com/aws/aws-cdk/issues/11879)) ([c6052ae](https://github.com/aws/aws-cdk/commit/c6052aead191fca8d384be8377fd4d3990b3ba03))
+* **cloudfront:** the Distribution construct is now Generally Available (stable) ([#11919](https://github.com/aws/aws-cdk/issues/11919)) ([442bf7e](https://github.com/aws/aws-cdk/commit/442bf7e097768646f8c8a7502762a8455f87e371))
+* **cloudfront-origins:** ability to specify minimum origin SSL protocol ([#11997](https://github.com/aws/aws-cdk/issues/11997)) ([a0aa61d](https://github.com/aws/aws-cdk/commit/a0aa61d5bc1134accef7bab2707edb497fce2c57)), closes [#11994](https://github.com/aws/aws-cdk/issues/11994)
+* **cloudfront-origins:** CloudFront Origins is now Generally Available ([#12011](https://github.com/aws/aws-cdk/issues/12011)) ([daace16](https://github.com/aws/aws-cdk/commit/daace1684638b8fb8b89b60bf39b24c65a769d64)), closes [#11919](https://github.com/aws/aws-cdk/issues/11919)
+* **codeguruprofiler:** the CodeGuru Profiler Construct Library is now Generally Available (stable) ([#11924](https://github.com/aws/aws-cdk/issues/11924)) ([cbe7a10](https://github.com/aws/aws-cdk/commit/cbe7a10053ce0e4e766f360cf8792f0b46c565f0))
+* **ecs:** introduce a new Image type, TagParameterContainerImage, to be used in CodePipeline ([#11795](https://github.com/aws/aws-cdk/issues/11795)) ([4182c40](https://github.com/aws/aws-cdk/commit/4182c40a237efa9f663e46263b8d9424104f5363)), closes [#1237](https://github.com/aws/aws-cdk/issues/1237) [#7746](https://github.com/aws/aws-cdk/issues/7746)
+* **eks:** kubernetes resource pruning ([#11932](https://github.com/aws/aws-cdk/issues/11932)) ([1fdd549](https://github.com/aws/aws-cdk/commit/1fdd549af6372a7b639e9db5435f755e5a2515ad)), closes [#10495](https://github.com/aws/aws-cdk/issues/10495)
+* **kms:** change default key policy to align with KMS best practices (under feature flag) ([#11918](https://github.com/aws/aws-cdk/issues/11918)) ([ff695da](https://github.com/aws/aws-cdk/commit/ff695daee41b22bfaeef148dd0faa8e451bfd9af)), closes [#5575](https://github.com/aws/aws-cdk/issues/5575) [#8977](https://github.com/aws/aws-cdk/issues/8977) [#10575](https://github.com/aws/aws-cdk/issues/10575) [#11309](https://github.com/aws/aws-cdk/issues/11309)
+* **s3:** add support to set bucket OwnershipControls ([#11834](https://github.com/aws/aws-cdk/issues/11834)) ([0d289cc](https://github.com/aws/aws-cdk/commit/0d289cc5e0f87c416c8490c514a158fa162ee8b9)), closes [#11591](https://github.com/aws/aws-cdk/issues/11591)
+
+
+### Bug Fixes
+
+* **apigateway:** base path url cannot contain upper case characters ([#11799](https://github.com/aws/aws-cdk/issues/11799)) ([8069a7e](https://github.com/aws/aws-cdk/commit/8069a7e85c7c1652848624ba1b8085c89d3b1db2))
+* **cfn-include:** cfn-include fails in monocdk ([#11595](https://github.com/aws/aws-cdk/issues/11595)) ([45e43f2](https://github.com/aws/aws-cdk/commit/45e43f28f5d175bba654ee44d683aa3fc1854f9a)), closes [#11342](https://github.com/aws/aws-cdk/issues/11342)
+* **cli:** cross-account deployment no longer works ([#11966](https://github.com/aws/aws-cdk/issues/11966)) ([6fb3448](https://github.com/aws/aws-cdk/commit/6fb34483432b5cdcc485bbf6bfdb7bbb74f4b895)), closes [#11350](https://github.com/aws/aws-cdk/issues/11350) [#11792](https://github.com/aws/aws-cdk/issues/11792) [#11792](https://github.com/aws/aws-cdk/issues/11792)
+* **codebuild:** incorrect SSM Parameter ARN in Project's IAM permissions ([#11917](https://github.com/aws/aws-cdk/issues/11917)) ([7a09c18](https://github.com/aws/aws-cdk/commit/7a09c185f03a22c78f83536da07535227b301a1b)), closes [#9980](https://github.com/aws/aws-cdk/issues/9980)
+* **core:** autogenerated exports do not account for stack name length ([#11909](https://github.com/aws/aws-cdk/issues/11909)) ([0df79a2](https://github.com/aws/aws-cdk/commit/0df79a278755ced9c60b78c5cdea69111cd8d8b3)), closes [#9733](https://github.com/aws/aws-cdk/issues/9733)
+* **ecs:** cannot disable container insights of an ECS cluster ([#9151](https://github.com/aws/aws-cdk/issues/9151)) ([e328f22](https://github.com/aws/aws-cdk/commit/e328f22e7daa5fb5ea3de9fb26828314131e8a57)), closes [#9149](https://github.com/aws/aws-cdk/issues/9149)
+* **eks:** kubectl provider out-of-memory for large manifests/charts (now 1GiB) ([#11957](https://github.com/aws/aws-cdk/issues/11957)) ([2ec2948](https://github.com/aws/aws-cdk/commit/2ec294803427675b0ba594e929f32aca1ffdb075)), closes [#11787](https://github.com/aws/aws-cdk/issues/11787)
+* **synthetics:** `metricFailed` uses `Average` instead of `Sum` by default ([#11941](https://github.com/aws/aws-cdk/issues/11941)) ([3530e8c](https://github.com/aws/aws-cdk/commit/3530e8c758df3ea2fb26d654109e17a75f157b37))
+* **apigatewayv2:** rename 'domainName' to 'name' in the DomainName construct ([#11989](https://github.com/aws/aws-cdk/issues/11989)) ([1be831a](https://github.com/aws/aws-cdk/commit/1be831abc873c60df16c769ccf5e21fb9b1733c0))
+
 ## [1.77.0](https://github.com/aws/aws-cdk/compare/v1.76.0...v1.77.0) (2020-12-07)
 
 

diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/appmesh.ts b/packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/appmesh.ts
@@ -279,7 +279,11 @@ export class AppMeshExtension extends ServiceExtension {
     this.virtualNode = new appmesh.VirtualNode(this.scope, `${this.parentService.id}-virtual-node`, {
       mesh: this.mesh,
       virtualNodeName: this.parentService.id,
-      cloudMapService: service.cloudMapService,
+      serviceDiscovery: service.cloudMapService
+        ? appmesh.ServiceDiscovery.cloudMap({
+          service: service.cloudMapService,
+        })
+        : undefined,
       listeners: [addListener(this.protocol, containerextension.trafficPort)],
     });
 

diff --git a/packages/@aws-cdk/aws-apigateway/lib/base-path-mapping.ts b/packages/@aws-cdk/aws-apigateway/lib/base-path-mapping.ts
@@ -48,7 +48,7 @@ export class BasePathMapping extends Resource {
     super(scope, id);
 
     if (props.basePath && !Token.isUnresolved(props.basePath)) {
-      if (!props.basePath.match(/^[a-z0-9$_.+!*'()-]+$/)) {
+      if (!props.basePath.match(/^[a-zA-Z0-9$_.+!*'()-]+$/)) {
         throw new Error(`A base path may only contain letters, numbers, and one of "$-_.+!*'()", received: ${props.basePath}`);
       }
     }

diff --git a/packages/@aws-cdk/aws-apigateway/lib/resource.ts b/packages/@aws-cdk/aws-apigateway/lib/resource.ts
@@ -37,7 +37,7 @@ export interface IResource extends IResourceBase {
   readonly resourceId: string;
 
   /**
-   * The full path of this resuorce.
+   * The full path of this resource.
    */
   readonly path: string;
 

diff --git a/packages/@aws-cdk/aws-apigateway/lib/restapi.ts b/packages/@aws-cdk/aws-apigateway/lib/restapi.ts
@@ -5,6 +5,7 @@ import { CfnOutput, IResource as IResourceBase, Resource, Stack } from '@aws-cdk
 import { Construct } from 'constructs';
 import { ApiDefinition } from './api-definition';
 import { ApiKey, ApiKeyOptions, IApiKey } from './api-key';
+import { ApiGatewayMetrics } from './apigateway-canned-metrics.generated';
 import { CfnAccount, CfnRestApi } from './apigateway.generated';
 import { CorsOptions } from './cors';
 import { Deployment } from './deployment';
@@ -397,74 +398,77 @@ export abstract class RestApiBase extends Resource implements IRestApi {
       metricName,
       dimensions: { ApiName: this.restApiName },
       ...props,
-    });
+    }).attachTo(this);
   }
 
   /**
    * Metric for the number of client-side errors captured in a given period.
    *
-   * @default - sum over 5 minutes
+   * Default: sum over 5 minutes
    */
   public metricClientError(props?: cloudwatch.MetricOptions): cloudwatch.Metric {
-    return this.metric('4XXError', { statistic: 'Sum', ...props });
+    return this.cannedMetric(ApiGatewayMetrics._4XxErrorSum, props);
   }
 
   /**
    * Metric for the number of server-side errors captured in a given period.
    *
-   * @default - sum over 5 minutes
+   * Default: sum over 5 minutes
    */
   public metricServerError(props?: cloudwatch.MetricOptions): cloudwatch.Metric {
-    return this.metric('5XXError', { statistic: 'Sum', ...props });
+    return this.cannedMetric(ApiGatewayMetrics._5XxErrorSum, props);
   }
 
   /**
    * Metric for the number of requests served from the API cache in a given period.
    *
-   * @default - sum over 5 minutes
+   * Default: sum over 5 minutes
    */
   public metricCacheHitCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric {
-    return this.metric('CacheHitCount', { statistic: 'Sum', ...props });
+    return this.cannedMetric(ApiGatewayMetrics.cacheHitCountSum, props);
   }
 
   /**
    * Metric for the number of requests served from the backend in a given period,
    * when API caching is enabled.
    *
-   * @default - sum over 5 minutes
+   * Default: sum over 5 minutes
    */
   public metricCacheMissCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric {
-    return this.metric('CacheMissCount', { statistic: 'Sum', ...props });
+    return this.cannedMetric(ApiGatewayMetrics.cacheMissCountSum, props);
   }
 
   /**
    * Metric for the total number API requests in a given period.
    *
-   * @default - SampleCount over 5 minutes
+   * Default: samplecount over 5 minutes
    */
   public metricCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric {
-    return this.metric('Count', { statistic: 'SampleCount', ...props });
+    return this.cannedMetric(ApiGatewayMetrics.countSum, {
+      statistic: 'SampleCount',
+      ...props,
+    });
   }
 
   /**
    * Metric for the time between when API Gateway relays a request to the backend
    * and when it receives a response from the backend.
    *
-   * @default - no statistic
+   * Default: average over 5 minutes.
    */
   public metricIntegrationLatency(props?: cloudwatch.MetricOptions): cloudwatch.Metric {
-    return this.metric('IntegrationLatency', props);
+    return this.cannedMetric(ApiGatewayMetrics.integrationLatencyAverage, props);
   }
 
   /**
    * The time between when API Gateway receives a request from a client
    * and when it returns a response to the client.
    * The latency includes the integration latency and other API Gateway overhead.
    *
-   * @default - no statistic
+   * Default: average over 5 minutes.
    */
   public metricLatency(props?: cloudwatch.MetricOptions): cloudwatch.Metric {
-    return this.metric('Latency', props);
+    return this.cannedMetric(ApiGatewayMetrics.latencyAverage, props);
   }
 
   /**
@@ -544,6 +548,13 @@ export abstract class RestApiBase extends Resource implements IRestApi {
     }
     return undefined;
   }
+
+  private cannedMetric(fn: (dims: { ApiName: string }) => cloudwatch.MetricProps, props?: cloudwatch.MetricOptions) {
+    return new cloudwatch.Metric({
+      ...fn({ ApiName: this.restApiName }),
+      ...props,
+    }).attachTo(this);
+  }
 }
 
 /**

diff --git a/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.test.ts b/packages/@aws-cdk/aws-apigateway/test/base-path-mapping.test.ts
@@ -0,0 +1,107 @@
+import '@aws-cdk/assert/jest';
+import * as acm from '@aws-cdk/aws-certificatemanager';
+import * as cdk from '@aws-cdk/core';
+import * as apigw from '../lib';
+
+describe('BasePathMapping', () => {
+  test('default setup', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigw.RestApi(stack, 'MyApi');
+    api.root.addMethod('GET'); // api must have atleast one method.
+    const domain = new apigw.DomainName(stack, 'MyDomain', {
+      domainName: 'example.com',
+      certificate: acm.Certificate.fromCertificateArn(stack, 'cert', 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d'),
+      endpointType: apigw.EndpointType.REGIONAL,
+    });
+
+    // WHEN
+    new apigw.BasePathMapping(stack, 'MyBasePath', {
+      restApi: api,
+      domainName: domain,
+    });
+
+    // THEN
+    expect(stack).toHaveResource('AWS::ApiGateway::BasePathMapping', {
+      DomainName: { Ref: 'MyDomainE4943FBC' },
+      RestApiId: { Ref: 'MyApi49610EDF' },
+    });
+  });
+
+  test('specify basePath property', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigw.RestApi(stack, 'MyApi');
+    api.root.addMethod('GET'); // api must have atleast one method.
+    const domain = new apigw.DomainName(stack, 'MyDomain', {
+      domainName: 'example.com',
+      certificate: acm.Certificate.fromCertificateArn(stack, 'cert', 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d'),
+      endpointType: apigw.EndpointType.REGIONAL,
+    });
+
+    // WHEN
+    new apigw.BasePathMapping(stack, 'MyBasePath', {
+      restApi: api,
+      domainName: domain,
+      basePath: 'My_B45E-P4th',
+    });
+
+    // THEN
+    expect(stack).toHaveResourceLike('AWS::ApiGateway::BasePathMapping', {
+      BasePath: 'My_B45E-P4th',
+    });
+  });
+
+  test('throw error for invalid basePath property', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigw.RestApi(stack, 'MyApi');
+    api.root.addMethod('GET'); // api must have atleast one method.
+    const domain = new apigw.DomainName(stack, 'MyDomain', {
+      domainName: 'example.com',
+      certificate: acm.Certificate.fromCertificateArn(stack, 'cert', 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d'),
+      endpointType: apigw.EndpointType.REGIONAL,
+    });
+
+    // WHEN
+    const invalidBasePath = '/invalid-/base-path';
+
+    // THEN
+    expect(() => {
+      new apigw.BasePathMapping(stack, 'MyBasePath', {
+        restApi: api,
+        domainName: domain,
+        basePath: invalidBasePath,
+      });
+    }).toThrowError(/base path may only contain/);
+  });
+
+  test('specify stage property', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigw.RestApi(stack, 'MyApi');
+    api.root.addMethod('GET'); // api must have atleast one method.
+    const domain = new apigw.DomainName(stack, 'MyDomain', {
+      domainName: 'example.com',
+      certificate: acm.Certificate.fromCertificateArn(stack, 'cert', 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d'),
+      endpointType: apigw.EndpointType.REGIONAL,
+    });
+    const stage = new apigw.Stage(stack, 'MyStage', {
+      deployment: new apigw.Deployment(stack, 'MyDeplouyment', {
+        api,
+      }),
+    });
+
+    // WHEN
+    new apigw.BasePathMapping(stack, 'MyBasePathMapping', {
+      restApi: api,
+      domainName: domain,
+      stage,
+    });
+
+    // THEN
+    expect(stack).toHaveResourceLike('AWS::ApiGateway::BasePathMapping', {
+      Stage: { Ref: 'MyStage572B0482' },
+    });
+  });
+});