chore(release): 2.78.0 (#25419)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.78.0/CHANGELOG.md)
aws · May 3, 2023 · 8e95c37 · 8e95c37
2 parents 06a0b19 + baf14fb
commit 8e95c37
Show file tree

Hide file tree

Showing 698 changed files with 16,603 additions and 3,941 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-FROM jsii/superchain:1-buster-slim
+FROM jsii/superchain:1-buster-slim-node18
 
 USER root
 

diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md
@@ -2,6 +2,8 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.78.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.77.0-alpha.0...v2.78.0-alpha.0) (2023-05-03)
+
 ## [2.77.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.76.0-alpha.0...v2.77.0-alpha.0) (2023-04-26)
 
 ## [2.76.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.76.0-alpha.0...v2.76.1-alpha.0) (2023-04-21)

diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md
@@ -2,6 +2,34 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.78.0](https://github.com/aws/aws-cdk/compare/v2.77.0...v2.78.0) (2023-05-03)
+
+
+### Features
+
+* **appsync:** L2 construct for EventBridge DataSource. ([#25369](https://github.com/aws/aws-cdk/issues/25369)) ([a0ad49d](https://github.com/aws/aws-cdk/commit/a0ad49df7b2536d800b4890ae0116e6ce26e6c55)), closes [#24809](https://github.com/aws/aws-cdk/issues/24809)
+* **cfnspec:** cloudformation spec v120.0.0 ([#25354](https://github.com/aws/aws-cdk/issues/25354)) ([9096602](https://github.com/aws/aws-cdk/commit/9096602385ef9ed84b27b54aab7b0b5a448706ce))
+* **codebuild:** add support for `aws/codebuild/amazonlinux2-aarch64-standard:3.0` ([#25351](https://github.com/aws/aws-cdk/issues/25351)) ([0d187c1](https://github.com/aws/aws-cdk/commit/0d187c1ef337d5a46c47c018dc85e43de897f095)), closes [#25334](https://github.com/aws/aws-cdk/issues/25334)
+* **ec2:** Prefixlist Constructs ([#25252](https://github.com/aws/aws-cdk/issues/25252)) ([b2dfac0](https://github.com/aws/aws-cdk/commit/b2dfac09ebbd1302ec0236e4710ca9fef6b34274)), closes [#24714](https://github.com/aws/aws-cdk/issues/24714)
+* **ec2:** restrict access to default security group (under feature flag) ([#25297](https://github.com/aws/aws-cdk/issues/25297)) ([d8272ef](https://github.com/aws/aws-cdk/commit/d8272ef30d64777f54a7a283caf49b1dc67be927)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-2](https://github.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html/issues/ec2-2) [#19394](https://github.com/aws/aws-cdk/issues/19394)
+* **events:** Validate events rule name ([#25366](https://github.com/aws/aws-cdk/issues/25366)) ([5bdb012](https://github.com/aws/aws-cdk/commit/5bdb0128e8181cd3a33a118a1f121f67b0f78b20)), closes [#25352](https://github.com/aws/aws-cdk/issues/25352)
+* **rds:** add missing PerformanceInsightRetention options ([#25347](https://github.com/aws/aws-cdk/issues/25347)) ([1dbae20](https://github.com/aws/aws-cdk/commit/1dbae20bdc633ce580cab8f758a43bfba763c4f6))
+
+
+### Bug Fixes
+
+* **api-gateway:** add validation to `variables` property on `Stage` resource ([#25267](https://github.com/aws/aws-cdk/issues/25267)) ([04427e3](https://github.com/aws/aws-cdk/commit/04427e37b8da8c6cc9d360edd66093c2a63e19fe)), closes [#3635](https://github.com/aws/aws-cdk/issues/3635)
+* **apigateway:** cannot use requestValidatorOptions multiple times (under feature flag) ([#25324](https://github.com/aws/aws-cdk/issues/25324)) ([2a49fd1](https://github.com/aws/aws-cdk/commit/2a49fd1703c4eda9497cc5d5061372a1466d1ab0)), closes [#7613](https://github.com/aws/aws-cdk/issues/7613)
+* **batch:** `ManagedEc2EcsComputeEnvironment` instance role missing managed policy ([#25279](https://github.com/aws/aws-cdk/issues/25279)) ([c81d115](https://github.com/aws/aws-cdk/commit/c81d115955dbb27ce873ed7c9d71cc0dc8eacf99)), closes [#25256](https://github.com/aws/aws-cdk/issues/25256)
+* **batch:** JobQueue uses wrong id for underlying CfnJobQueue ([#25269](https://github.com/aws/aws-cdk/issues/25269)) ([4cbb790](https://github.com/aws/aws-cdk/commit/4cbb7905d0419eb763e25b1d6de574b35ab60bc9)), closes [#25248](https://github.com/aws/aws-cdk/issues/25248)
+* **core:** output folder checksum is computed unnecessarily ([#25392](https://github.com/aws/aws-cdk/issues/25392)) ([f2294ba](https://github.com/aws/aws-cdk/commit/f2294ba5d17b31895267a672dcc7ec457cc779c7))
+* **ecs:** Allow scheduling DAEMON services even if no EC2 capacity attached to cluster ([#25306](https://github.com/aws/aws-cdk/issues/25306)) ([#25328](https://github.com/aws/aws-cdk/issues/25328)) ([96bb8ce](https://github.com/aws/aws-cdk/commit/96bb8ce6b3a45daf47d4d4dbf91fd6b69988bb7b))
+* **elasticloadbalancingv2:** the bucket policy for ELB access logging is too permissive ([#25345](https://github.com/aws/aws-cdk/issues/25345)) ([748e685](https://github.com/aws/aws-cdk/commit/748e6859ccab999e66768d40d34fef93884453ea)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-6](https://github.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html/issues/s3-6)
+* **iam:** Role.fromRoleName fails on AWS created roles ([#25389](https://github.com/aws/aws-cdk/issues/25389)) ([4c9ce9b](https://github.com/aws/aws-cdk/commit/4c9ce9b6aa88306feeac6ffb71c1342d8acf4349))
+* **integ-tests:** allow multiple AwsApiCalls with the same action and different parameters ([#25241](https://github.com/aws/aws-cdk/issues/25241)) ([75967e1](https://github.com/aws/aws-cdk/commit/75967e17b8ce3a9d1e0068a3aa210abb247191e6)), closes [#25014](https://github.com/aws/aws-cdk/issues/25014)
+* **s3-deployment:** doesn't work in ADC regions ([#25363](https://github.com/aws/aws-cdk/issues/25363)) ([432af34](https://github.com/aws/aws-cdk/commit/432af347772fb3bf0f51aae07f4deb0aeec55d81))
+* dns-validated-cert cr doesn't use node16 ([#25348](https://github.com/aws/aws-cdk/issues/25348)) ([ad71026](https://github.com/aws/aws-cdk/commit/ad7102683be92ab8d5ab985d34b2203921ab061b)), closes [#25335](https://github.com/aws/aws-cdk/issues/25335)
+
 ## [2.77.0](https://github.com/aws/aws-cdk/compare/v2.76.0...v2.77.0) (2023-04-26)
 
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -51,7 +51,7 @@ let us know if it's not up-to-date (even better, submit a PR with your  correcti
 
 The following steps describe how to set up the AWS CDK repository on your local machine.
 The alternative is to use [Gitpod](https://www.gitpod.io/), a Cloud IDE for your development.
-See [Gitpod section](#gitpod-alternative) on how to set up the CDK repo on Gitpod.
+See [Gitpod section](#gitpod) on how to set up the CDK repo on Gitpod.
 
 ### Setup
 
@@ -92,7 +92,7 @@ CDK can be found at the location `packages/aws-cdk-lib/aws-iam`.
 The repo also contains the `tools/` directory that holds custom build tooling (modeled as private npm packages)
 specific to the CDK.
 
-### Build
+### Building aws-cdk-lib
 
 The full build of all of the packages within the repository can take a few minutes, about 20  when all tests are run.
 Most contributions only require working on a single package, usually `aws-cdk-lib`. To build this package for the first
@@ -162,7 +162,7 @@ Please follow the [setup instructions](https://code.visualstudio.com/docs/remote
 
 With VS Code setup, you will be prompted to open the `aws-cdk` repo in a Dev Container, or you can choos "Dev Containers: Reopen in Container" from the VS Code command palette.
 
-### Gitpod (Alternative)
+### Gitpod
 
 You may also set up your local development environment using [Gitpod](http://gitpod.io) -
 a service that allows you to spin up an in-browser Visual Studio Code-compatible editor,
@@ -177,7 +177,22 @@ You can now work on your CDK repository, as described in the [Getting Started](#
 Gitpod is free for 50 hours per month - make sure to stop your workspace when you're done
 (you can always resume it later, and it won't need to run the build again).
 
-For Gitpod users only! The best way to supply CDK with your AWS credentials is to add them as
+For Gitpod users only! The best way to authenticate AWS in Gitpod is to use AWS IAM Identity Center(successor to AWS Single Sign-On). [Install AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#getting-started-install-instructions) and configure it as follows:
+
+```shell
+# make sure AWS CLI v2 is in your $PATH
+$ aws --version
+# configure the AWS profile with SSO
+$ aws configure sso
+# login and authenticate
+$ aws sso login
+# verify your current identity
+$ aws sts get-caller-identity
+```
+
+Check out [this document](https://docs.aws.amazon.com/cli/latest/userguide/sso-configure-profile-token.html) for the details.
+
+Alternatively, supply CDK with your AWS credentials as
 [persisting environment variables](https://www.gitpod.io/docs/environment-variables).
 Adding them works as follows via terminal:
 
@@ -188,6 +203,26 @@ eval $(gp env -e AWS_DEFAULT_REGION=ZZZZZZZZ)
 eval $(gp env -e)
 ```
 
+### Amazon CodeCatalyst Dev Environments
+
+Dev Environments are cloud-based development environments. 
+[Amazon CodeCatalyst](https://aws.amazon.com/codecatalyst/) allows you to checkout your linked Github
+repositories in your Dev Environments with your favorite local IDEs such as VSCode or JetBrains.
+
+Build up `aws-cdk-lib` as well as `framework-integ` when you enter your Dev Env:
+
+```shell
+$ yarn install
+$ NODE_OPTIONS=--max-old-space-size=8192 npx lerna run build --scope=aws-cdk-lib --scope=@aws-cdk-testing/framework-integ
+```
+
+You may [configure your Dev Env](https://docs.aws.amazon.com/codecatalyst/latest/userguide/devenvironment-devfile.html) with the `devfile.yaml` to further customize your Dev Env for CDK development.
+
+Read the links below for more details: 
+- [Dev Environments in CodeCatalyst](https://docs.aws.amazon.com/codecatalyst/latest/userguide/devenvironment.html)
+- [Using GitHub repositories in CodeCatalyst](https://docs.aws.amazon.com/codecatalyst/latest/userguide/extensions-github.html)
+- [Setting up to use the AWS CLI with CodeCatalyst](https://docs.aws.amazon.com/codecatalyst/latest/userguide/set-up-cli.html)
+
 ## Pull Requests
 
 Below is a flow chart that describes how your PR may be treated by repository maintainers:
@@ -279,6 +314,14 @@ Integration tests perform a few functions in the CDK code base -
 3. (Optionally) Acts as a way to validate that constructs set up the CloudFormation resources as expected. A successful
    CloudFormation deployment does not mean that the resources are set up correctly.
 
+**Build framework-integ**
+
+You need to build the `framework-integ` before running the `yarn integ`
+
+```console
+$ npx lerna run build --scope=@aws-cdk-testing/framework-integ
+```
+
 **When are integration tests required?**
 
 The following list contains common scenarios where we _know_ that integration tests are required.
@@ -308,7 +351,7 @@ Examples:
 * [integ.destinations.ts](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-lambda-destinations/test/integ.destinations.ts#L7)
 * [integ.put-events.ts](https://github.com/aws/aws-cdk/blob/main/packages/%40aws-cdk/aws-stepfunctions-tasks/test/eventbridge/integ.put-events.ts)
 
-**What do do if you cannot run integration tests**
+**What if you cannot run integration tests**
 
 If you are working on a PR that requires an update to an integration test and you are unable
 to run the `cdk-integ` tool to perform a real deployment, please call this out on the pull request
@@ -332,6 +375,110 @@ $ cd packages/aws-cdk
 $ yarn watch & # runs in the background
 ```
 
+#### Verify your fix by deployment
+
+If your PR updates a specific library, you might want to write a simple CDK application and make sure it synthesizes and
+deploys correctly. For example, if you modify files under `packages/aws-cdk-lib/aws-eks`, you can write a simple CDK app in typescript to verify its behavior:
+
+
+```console
+$ cd packages/@aws-cdk-testing/framework-integ/test/aws-eks/test
+```
+
+Create a `sample.ts` like this:
+
+```ts
+import {
+  App, Stack,
+  aws_eks as eks,
+  aws_ec2 as ec2,
+} from 'aws-cdk-lib';
+import { getClusterVersionConfig } from './integ-tests-kubernetes-version';
+
+const app = new App();
+const env = { region: process.env.CDK_DEFAULT_REGION, account: process.env.CDK_DEFAULT_ACCOUNT };
+const stack = new Stack(app, 'my-test-stack', { env });
+
+const cluster = new eks.Cluster(stack, 'Cluster', {
+  vpc,
+  ...getClusterVersionConfig(stack),
+  defaultCapacity: 0,
+});
+```
+
+Run `yarn watch` or `npx tsc --watch` in a separate terminal to compile `sample.ts` to `sample.js`:
+
+```console
+$ cd packages/@aws-cdk-testing/framework-integ
+$ yarn watch
+or
+$ npx tsc --watch
+```
+
+Make sure you have configured [AWS CLI with AWS Authentication](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html#getting_started_auth) as we will deploy it in our AWS account.
+
+Deploy the sample app:
+
+```console
+$ cd packages/@aws-cdk-testing/framework-integ
+$ npx cdk -a test/aws-eks/test/sample.js diff
+$ npx cdk -a test/aws-eks/test/sample.js deploy
+```
+
+This allows you to iterate your development and ensure a minimal sample app would successfully deploy as you expect.
+You have the freedom to interact with it just as a common CDK app such as viewing differences with `npx cdk diff`
+or pass context variables with `npx cdk deploy -c`. You can rapidly iterate your testing with repeated deployments 
+by importing existing resource such as existing VPC. This can save a lot of time and help you focus on the core changes.
+
+```ts
+const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { isDefault: true });
+```
+
+As this is for testing only, do not commit `sample.ts` and `sample.js` to your PR branch.
+
+Alternatively, you can write this test as a new integration test like `integ.my-test.ts` and deploy it
+using `yarn integ --no-clean`. This may be useful when you need to publish a new 
+integration test:
+
+```console
+$ cd packages/@aws-cdk-testing/framework-integ
+$ yarn integ test/aws-eks/test/integ.my-test.js --no-clean --update-on-failed
+```
+
+After verifying your work with a simple deployment as above, you need to ensure your change can pass all existing
+unit tests and integ tests and fix them if necessary.
+
+Run all the unit tests for a specific module(e.g. aws-eks):
+
+```console
+$ cd packages/aws-cdk-lib
+$ yarn test aws-eks
+```
+
+Or run a specific unit test
+
+```console
+$ cd packages/aws-cdk-lib
+$ npx jest aws-eks/test/name.test.js
+```
+
+Run all integ tests for a specific module(e.g. aws-eks):
+
+```console
+$ cd packages/@aws-cdk-testing/framework-integ
+$ yarn integ --directory test/aws-eks/test
+```
+
+Or run a specific integ test:
+
+```console
+$ yarn integ test/aws-eks/test/integ.name.js
+```
+
+See the [integration test guide](./INTEGRATION_TESTS.md) for a more complete guide on running
+CDK integration tests.
+
+
 ### Step 4: Pull Request
 
 * Create a commit with your changes and push them to a

diff --git a/buildspec-pr.yaml b/buildspec-pr.yaml
@@ -2,6 +2,10 @@ version: 0.2
 
 # This buildspec is intended to be used by GitHub PR builds.
 
+env:
+  variables:
+    PR_BUILD: true
+
 phases:
   install:
     commands:

diff --git a/lerna.json b/lerna.json
@@ -3,7 +3,6 @@
   "useWorkspaces": true,
   "packages": [
     "packages/aws-cdk-lib",
-    "packages/cdk-cli-wrapper",
     "packages/cdk-assets",
     "packages/aws-cdk",
     "packages/cdk",

diff --git a/pack.sh b/pack.sh
@@ -38,16 +38,24 @@ function lerna_scopes() {
 
 scripts/run-rosetta.sh --infuse --pkgs-from $TMPDIR/jsii.txt
 
+# Execute any pre-package steps for the jsii modules here:
+echo "Running aws-cdk-lib pre-package"
+npx lerna run --scope aws-cdk-lib package -- --pre-only
+
 # Jsii packaging (all at once using jsii-pacmak)
 echo "Packaging jsii modules" >&2
 $PACMAK \
   --verbose \
   $(cat $TMPDIR/jsii.txt)
 
+# Execute any post-package steps for the jsii modules here:
+echo "Running aws-cdk-lib post-package"
+npx lerna run --scope aws-cdk-lib package -- --post-only
+
 # Non-jsii packaging, which means running 'package' in every individual
 # module
 echo "Packaging non-jsii modules" >&2
-lerna run $(lerna_scopes $(cat $TMPDIR/nonjsii.txt)) --sort --concurrency=1 --stream package
+npx lerna run $(lerna_scopes $(cat $TMPDIR/nonjsii.txt)) --sort --concurrency=1 --stream package
 
 # Finally rsync all 'dist' directories together into a global 'dist' directory
 for dir in $(find packages -name dist | grep -v node_modules | grep -v run-wrappers); do

diff --git a/package.json b/package.json
@@ -15,6 +15,8 @@
     "build-all": "tsc -b"
   },
   "devDependencies": {
+    "@nrwl/cli": "^15.9.1",
+    "@nrwl/workspace": "^15.9.1",
     "@types/node": "18.11.19",
     "@types/prettier": "2.6.0",
     "@yarnpkg/lockfile": "^1.1.0",
@@ -28,12 +30,10 @@
     "jsii-reflect": "1.78.1",
     "jsii-rosetta": "~5.0.7",
     "lerna": "^6.6.1",
+    "nx": "^15.9.1",
     "patch-package": "^6.5.1",
     "semver": "^6.3.0",
     "standard-version": "^9.5.0",
-    "@nrwl/cli": "^15.9.1",
-    "@nrwl/workspace": "^15.9.1",
-    "nx": "^15.9.1",
     "typescript": "~4.9.5"
   },
   "resolutions": {
@@ -69,7 +69,6 @@
   "workspaces": {
     "packages": [
       "packages/aws-cdk-lib",
-      "packages/cdk-cli-wrapper",
       "packages/aws-cdk",
       "packages/cdk",
       "packages/cdk-assets",

diff --git a/...s/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi.vpc-endpoint.ts b/...s/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.restapi.vpc-endpoint.ts
@@ -13,7 +13,7 @@ class Test extends cdk.Stack {
   constructor(scope: cdk.App, id: string) {
     super(scope, id);
 
-    const vpc = new ec2.Vpc(this, 'MyVpc', {});
+    const vpc = new ec2.Vpc(this, 'MyVpc', { restrictDefaultSecurityGroup: false });
 
     const vpcEndpoint = vpc.addInterfaceEndpoint('MyVpcEndpoint', {
       service: ec2.InterfaceVpcEndpointAwsService.APIGATEWAY,

diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appmesh/test/integ.mesh.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-appmesh/test/integ.mesh.ts
@@ -8,6 +8,7 @@ export const app = new cdk.App();
 const stack = new cdk.Stack(app, 'mesh-stack', {});
 
 const vpc = new ec2.Vpc(stack, 'vpc', {
+  restrictDefaultSecurityGroup: false,
   natGateways: 1,
 });
 

diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/appsync.eventbridge.graphql b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/appsync.eventbridge.graphql
@@ -0,0 +1,28 @@
+schema {
+    query: Query
+    mutation: Mutation
+}
+
+type Query {
+    event(id:ID!): Event
+}
+
+type Mutation {
+    emitEvent(id: ID!, name: String): PutEventsResult!
+}
+
+type Event {
+    id: ID!
+    name: String!
+}
+
+type Entry {
+    ErrorCode: String
+    ErrorMessage: String
+    EventId: String
+}
+
+type PutEventsResult {
+    Entries: [Entry!]
+    FailedEntry: Int
+}