chore(release): 1.41.0 (#8125)

see CHANGELOG

CHANGELOG.md

@@ -2,6 +2,24 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.41.0](https://github.com/aws/aws-cdk/compare/v1.40.0...v1.41.0) (2020-05-21)
+
+
+### Features
+
+* **cloudtrail:** create cloudwatch event without needing to create a Trail ([#8076](https://github.com/aws/aws-cdk/issues/8076)) ([0567a23](https://github.com/aws/aws-cdk/commit/0567a2360ac713e3171c9a82767611174dadb6c6)), closes [#6716](https://github.com/aws/aws-cdk/issues/6716)
+* **cognito:** user pool - case sensitivity for sign in ([460394f](https://github.com/aws/aws-cdk/commit/460394f3dc4737cee80504d6c8ef106ecc3b67d5)), closes [#7988](https://github.com/aws/aws-cdk/issues/7988) [#7235](https://github.com/aws/aws-cdk/issues/7235)
+* **core:** CfnJson enables intrinsics in hash keys ([#8099](https://github.com/aws/aws-cdk/issues/8099)) ([195cd40](https://github.com/aws/aws-cdk/commit/195cd405d9f0869875de2ec78661aee3af2c7c7d)), closes [#8084](https://github.com/aws/aws-cdk/issues/8084)
+* **secretsmanager:** adds grantWrite to Secret ([#7858](https://github.com/aws/aws-cdk/issues/7858)) ([3fed84b](https://github.com/aws/aws-cdk/commit/3fed84ba9eec3f53c662966e366aa629209b7bf5))
+* **sns:** add support for subscription DLQ in SNS ([383cdb8](https://github.com/aws/aws-cdk/commit/383cdb86effeafdf5d0767ed379b16b3d78a933b))
+* **stepfunctions:** new service integration classes for Lambda, SNS, and SQS ([#7946](https://github.com/aws/aws-cdk/issues/7946)) ([c038848](https://github.com/aws/aws-cdk/commit/c0388483524832ca7863de4ee9c472b8ab39de8e)), closes [#6715](https://github.com/aws/aws-cdk/issues/6715) [#6489](https://github.com/aws/aws-cdk/issues/6489)
+
+
+### Bug Fixes
+
+* **apigateway:** contextAccountId in AccessLogField incorrectly resolves to requestId ([7b89e80](https://github.com/aws/aws-cdk/commit/7b89e805c716fa73d41cc97fcb728634e7a59136)), closes [#7952](https://github.com/aws/aws-cdk/issues/7952) [#7951](https://github.com/aws/aws-cdk/issues/7951)
+* **autoscaling:** add noDevice as a volume type ([#7253](https://github.com/aws/aws-cdk/issues/7253)) ([751958b](https://github.com/aws/aws-cdk/commit/751958b69225fdfc52622781c618f5a77f881fb6)), closes [#7242](https://github.com/aws/aws-cdk/issues/7242)
+
 ## [1.40.0](https://github.com/aws/aws-cdk/compare/v1.39.0...v1.40.0) (2020-05-20)
 
 

README.md

@@ -7,6 +7,7 @@
 [![PyPI version](https://badge.fury.io/py/aws-cdk.core.svg)](https://badge.fury.io/py/aws-cdk.core)
 [![NuGet version](https://badge.fury.io/nu/Amazon.CDK.svg)](https://badge.fury.io/nu/Amazon.CDK)
 [![Maven Central](https://maven-badges.herokuapp.com/maven-central/software.amazon.awscdk/core/badge.svg)](https://maven-badges.herokuapp.com/maven-central/software.amazon.awscdk/core)
+[![Mergify](https://img.shields.io/endpoint.svg?url=https://gh.mergify.io/badges/aws/aws-cdk&style=flat)](https://mergify.io)
 
 The **AWS Cloud Development Kit (AWS CDK)** is an open-source software development
 framework to define cloud infrastructure in code and provision it through AWS CloudFormation.

lerna.json

@@ -10,5 +10,5 @@
     "tools/*"
   ],
   "rejectCycles": "true",
-  "version": "1.40.0"
+  "version": "1.41.0"
 }

packages/@aws-cdk/aws-apigateway/lib/access-log.ts

@@ -46,7 +46,7 @@ export class AccessLogField {
    * The API owner's AWS account ID.
    */
   public static contextAccountId() {
-    return '$context.requestId';
+    return '$context.identity.accountId';
   }
 
   /**

packages/@aws-cdk/aws-apigateway/test/test.access-log.ts

@@ -38,12 +38,13 @@ export = {
       requestId: apigateway.AccessLogField.contextRequestId(),
       sourceIp: apigateway.AccessLogField.contextIdentitySourceIp(),
       method: apigateway.AccessLogField.contextHttpMethod(),
+      accountId: apigateway.AccessLogField.contextAccountId(),
       userContext: {
         sub: apigateway.AccessLogField.contextAuthorizerClaims('sub'),
         email: apigateway.AccessLogField.contextAuthorizerClaims('email'),
       },
     }));
-    test.deepEqual(testFormat.toString(), '{"requestId":"$context.requestId","sourceIp":"$context.identity.sourceIp","method":"$context.httpMethod","userContext":{"sub":"$context.authorizer.claims.sub","email":"$context.authorizer.claims.email"}}');
+    test.deepEqual(testFormat.toString(), '{"requestId":"$context.requestId","sourceIp":"$context.identity.sourceIp","method":"$context.httpMethod","accountId":"$context.identity.accountId","userContext":{"sub":"$context.authorizer.claims.sub","email":"$context.authorizer.claims.email"}}');
 
     test.done();
   },

packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts

@@ -14,7 +14,7 @@ import { BasicLifecycleHookProps, LifecycleHook } from './lifecycle-hook';
 import { BasicScheduledActionProps, ScheduledAction } from './scheduled-action';
 import { BasicStepScalingPolicyProps, StepScalingPolicy } from './step-scaling-policy';
 import { BaseTargetTrackingProps, PredefinedMetric, TargetTrackingScalingPolicy } from './target-tracking-scaling-policy';
-import { BlockDevice, EbsDeviceVolumeType } from './volume';
+import { BlockDevice, BlockDeviceVolume, EbsDeviceVolumeType } from './volume';
 
 /**
  * Name tag constant
@@ -474,11 +474,7 @@ export class AutoScalingGroup extends AutoScalingGroupBase implements
       associatePublicIpAddress: props.associatePublicIpAddress,
       spotPrice: props.spotPrice,
       blockDeviceMappings: (props.blockDevices !== undefined ?
-        synthesizeBlockDeviceMappings(this, props.blockDevices).map<CfnLaunchConfiguration.BlockDeviceMappingProperty>(
-          ({ deviceName, ebs, virtualName, noDevice }) => ({
-            deviceName, ebs, virtualName, noDevice: noDevice ? true : undefined,
-          }),
-        ) : undefined),
+        synthesizeBlockDeviceMappings(this, props.blockDevices) : undefined),
     });
 
     launchConfig.node.addDependency(this.role);
@@ -973,6 +969,13 @@ function synthesizeBlockDeviceMappings(construct: Construct, blockDevices: Block
   return blockDevices.map<CfnLaunchConfiguration.BlockDeviceMappingProperty>(({ deviceName, volume, mappingEnabled }) => {
     const { virtualName, ebsDevice: ebs } = volume;
 
+    if (volume === BlockDeviceVolume._NO_DEVICE || mappingEnabled === false) {
+      return {
+        deviceName,
+        noDevice: true,
+      };
+    }
+
     if (ebs) {
       const { iops, volumeType } = ebs;
 
@@ -987,7 +990,6 @@ function synthesizeBlockDeviceMappings(construct: Construct, blockDevices: Block
 
     return {
       deviceName, ebs, virtualName,
-      noDevice: mappingEnabled === false ? true : undefined,
     };
   });
 }

packages/@aws-cdk/aws-autoscaling/lib/volume.ts

@@ -29,6 +29,8 @@ export interface BlockDevice {
    * Amazon EC2 Auto Scaling launches a replacement instance if the instance fails the health check.
    *
    * @default true - device mapping is left untouched
+   * @deprecated use `BlockDeviceVolume.noDevice()` as the volume to supress a mapping.
+   *
    */
   readonly mappingEnabled?: boolean;
 }
@@ -112,6 +114,11 @@ export interface EbsDeviceProps extends EbsDeviceSnapshotOptions {
  * Describes a block device mapping for an EC2 instance or Auto Scaling group.
  */
 export class BlockDeviceVolume {
+  /**
+   * @internal
+   */
+  public static _NO_DEVICE = new BlockDeviceVolume();
+
   /**
    * Creates a new Elastic Block Storage device
    *
@@ -146,6 +153,13 @@ export class BlockDeviceVolume {
     return new this(undefined, `ephemeral${volumeIndex}`);
   }
 
+  /**
+   * Supresses a volume mapping
+   */
+  public static noDevice() {
+    return this._NO_DEVICE;
+  }
+
   /**
    * @param ebsDevice EBS device info
    * @param virtualName Virtual device name

packages/@aws-cdk/aws-autoscaling/test/test.auto-scaling-group.ts

@@ -714,7 +714,6 @@ export = {
         }),
       }, {
         deviceName: 'ebs-snapshot',
-        mappingEnabled: false,
         volume: autoscaling.BlockDeviceVolume.ebsFromSnapshot('snapshot-id', {
           volumeSize: 500,
           deleteOnTermination: false,
@@ -723,6 +722,13 @@ export = {
       }, {
         deviceName: 'ephemeral',
         volume: autoscaling.BlockDeviceVolume.ephemeral(0),
+      }, {
+        deviceName: 'disabled',
+        volume: autoscaling.BlockDeviceVolume.ephemeral(1),
+        mappingEnabled: false,
+      }, {
+        deviceName: 'none',
+        volume: autoscaling.BlockDeviceVolume.noDevice(),
       }],
     });
 
@@ -748,13 +754,21 @@ export = {
             VolumeSize: 500,
             VolumeType: 'sc1',
           },
-          NoDevice: true,
+          NoDevice: ABSENT,
         },
         {
           DeviceName: 'ephemeral',
           VirtualName: 'ephemeral0',
           NoDevice: ABSENT,
         },
+        {
+          DeviceName: 'disabled',
+          NoDevice: true,
+        },
+        {
+          DeviceName: 'none',
+          NoDevice: true,
+        },
       ],
     }));
 

packages/@aws-cdk/aws-cloudfront/package.json

@@ -64,7 +64,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "@types/nodeunit": "^0.0.31",
-    "aws-sdk": "^2.679.0",
+    "aws-sdk": "^2.681.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-cloudtrail/README.md

@@ -92,4 +92,33 @@ trail.addLambdaEventSelector(["arn:aws:lambda"]);
 
 // Add an event selector to log data events for the provided Lambda functions.
 trail.addLambdaEventSelector([lambdaFunction.functionArn]);
-```
+```
+
+Using the `Trail.onEvent()` API, an EventBridge rule can be created that gets triggered for
+every event logged in CloudTrail.
+To only use the events that are of interest, either from a particular service, specific account or
+time range, they can be filtered down using the APIs available in `aws-events`. The following code
+filters events for S3 from a specific AWS account and triggers a lambda function. See [Events delivered via
+CloudTrail](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/EventTypes.html#events-for-services-not-listed)
+to learn more about the event structure for events from CloudTrail.
+
+```ts
+import * as cloudtrail from '@aws-cdk/aws-cloudtrail';
+import * as eventTargets from '@aws-cdk/aws-events-targets';
+import * as lambda from '@aws-cdk/aws-lambda';
+
+const myFunctionHandler = new lambda.Function(this, 'MyFunction', {
+  code: lambda.Code.fromAsset('resource/myfunction');
+  runtime: lambda.Runtime.NODEJS_12_X,
+  handler: 'index.handler',
+});
+
+const eventRule = Trail.onEvent(this, 'MyCloudWatchEvent', {
+  target: new eventTargets.LambdaFunction(myFunctionHandler),
+});
+
+eventRule.addEventPattern({
+  account: '123456789012',
+  source: 'aws.s3',
+});
+```

packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts

@@ -140,6 +140,23 @@ export enum ReadWriteType {
  */
 export class Trail extends Resource {
 
+  /**
+   * Create an event rule for when an event is recorded by any Trail in the account.
+   *
+   * Note that the event doesn't necessarily have to come from this Trail, it can
+   * be captured from any one.
+   *
+   * Be sure to filter the event further down using an event pattern.
+   */
+  public static onEvent(scope: Construct, id: string, options: events.OnEventOptions = {}): events.Rule {
+    const rule = new events.Rule(scope, id, options);
+    rule.addTarget(options.target);
+    rule.addEventPattern({
+      detailType: ['AWS API Call via CloudTrail'],
+    });
+    return rule;
+  }
+
   /**
    * ARN of the CloudTrail trail
    * i.e. arn:aws:cloudtrail:us-east-2:123456789012:trail/myCloudTrail
@@ -313,14 +330,11 @@ export class Trail extends Resource {
    * be captured from any one.
    *
    * Be sure to filter the event further down using an event pattern.
+   *
+   * @deprecated - use Trail.onEvent()
    */
   public onCloudTrailEvent(id: string, options: events.OnEventOptions = {}): events.Rule {
-    const rule = new events.Rule(this, id, options);
-    rule.addTarget(options.target);
-    rule.addEventPattern({
-      detailType: ['AWS API Call via CloudTrail'],
-    });
-    return rule;
+    return Trail.onEvent(this, id, options);
   }
 }
 

packages/@aws-cdk/aws-cloudtrail/package.json

@@ -64,7 +64,7 @@
   "license": "Apache-2.0",
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
-    "aws-sdk": "^2.679.0",
+    "aws-sdk": "^2.681.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",
@@ -93,6 +93,11 @@
     "@aws-cdk/core": "0.0.0",
     "constructs": "^3.0.2"
   },
+  "awslint": {
+    "exclude": [
+      "events-method-signature:@aws-cdk/aws-cloudtrail.Trail.onEvent"
+    ]
+  },
   "engines": {
     "node": ">= 10.13.0 <13 || >=13.7.0"
   },

packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts

@@ -323,4 +323,37 @@ describe('cloudtrail', () => {
       });
     });
   });
+
+  describe('onEvent', () => {
+    test('add an event rule', () => {
+      // GIVEN
+      const stack = getTestStack();
+
+      // WHEN
+      Trail.onEvent(stack, 'DoEvents', {
+        target: {
+          bind: () => ({
+            id: '',
+            arn: 'arn',
+          }),
+        },
+      });
+
+      // THEN
+      expect(stack).toHaveResource('AWS::Events::Rule', {
+        EventPattern: {
+          'detail-type': [
+            'AWS API Call via CloudTrail',
+          ],
+        },
+        State: 'ENABLED',
+        Targets: [
+          {
+            Arn: 'arn',
+            Id: 'Target0',
+          },
+        ],
+      });
+    });
+  });
 });

packages/@aws-cdk/aws-codebuild/package.json

@@ -70,7 +70,7 @@
     "@aws-cdk/aws-sns": "0.0.0",
     "@aws-cdk/aws-sqs": "0.0.0",
     "@types/nodeunit": "^0.0.31",
-    "aws-sdk": "^2.679.0",
+    "aws-sdk": "^2.681.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-codecommit/package.json

@@ -70,7 +70,7 @@
     "@aws-cdk/assert": "0.0.0",
     "@aws-cdk/aws-sns": "0.0.0",
     "@types/nodeunit": "^0.0.31",
-    "aws-sdk": "^2.679.0",
+    "aws-sdk": "^2.681.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-cognito/README.md

@@ -148,6 +148,9 @@ new UserPool(this, 'myuserpool', {
 });
 ```
 
+A user pool can optionally ignore case when evaluating sign-ins. When `signInCaseSensitive` is false, Cognito will not
+check the capitalization of the alias when signing in. Default is true.
+
 ### Attributes
 
 Attributes represent the various properties of each user that's collected and stored in the user pool. Cognito

packages/@aws-cdk/aws-cognito/lib/user-pool.ts

@@ -500,6 +500,13 @@ export interface UserPoolProps {
    * @default - No Lambda triggers.
    */
   readonly lambdaTriggers?: UserPoolTriggers;
+
+  /**
+   * Whether sign-in aliases should be evaluated with case sensitivity.
+   * For example, when this option is set to false, users will be able to sign in using either `MyUsername` or `myusername`.
+   * @default true
+   */
+  readonly signInCaseSensitive?: boolean;
 }
 
 /**
@@ -637,6 +644,9 @@ export class UserPool extends Resource implements IUserPool {
         from: props.emailSettings?.from,
         replyToEmailAddress: props.emailSettings?.replyTo,
       }),
+      usernameConfiguration: undefinedIfNoKeys({
+        caseSensitive: props.signInCaseSensitive,
+      }),
     });
 
     this.userPoolId = userPool.ref;