Merge branch 'main' into main

aws · Nov 4, 2022 · c41bf24 · c41bf24
2 parents 558092e + bf165a1
commit c41bf24
Show file tree

Hide file tree

Showing 126 changed files with 2,477 additions and 1,460 deletions.
diff --git a/packages/@aws-cdk/aws-autoscaling/lib/scheduled-action.ts b/packages/@aws-cdk/aws-autoscaling/lib/scheduled-action.ts
@@ -90,6 +90,13 @@ export interface ScheduledActionProps extends BasicScheduledActionProps {
  * Define a scheduled scaling action
  */
 export class ScheduledAction extends Resource {
+  /**
+   * The name of the scheduled action.
+   *
+   * @attribute
+   */
+  public readonly scheduledActionName: string;
+
   constructor(scope: Construct, id: string, props: ScheduledActionProps) {
     super(scope, id);
 
@@ -100,7 +107,7 @@ export class ScheduledAction extends Resource {
     // add a warning on synth when minute is not defined in a cron schedule
     props.schedule._bind(this);
 
-    new CfnScheduledAction(this, 'Resource', {
+    const resource = new CfnScheduledAction(this, 'Resource', {
       autoScalingGroupName: props.autoScalingGroup.autoScalingGroupName,
       startTime: formatISO(props.startTime),
       endTime: formatISO(props.endTime),
@@ -110,6 +117,8 @@ export class ScheduledAction extends Resource {
       recurrence: props.schedule.expressionString,
       timeZone: props.timeZone,
     });
+
+    this.scheduledActionName = resource.attrScheduledActionName;
   }
 }
 

diff --git a/packages/@aws-cdk/aws-autoscaling/test/scheduled-action.test.ts b/packages/@aws-cdk/aws-autoscaling/test/scheduled-action.test.ts
@@ -154,6 +154,20 @@ describeDeprecated('scheduled action', () => {
     const annotations = Annotations.fromStack(stack).findWarning('*', Match.anyValue());
     expect(annotations.length).toBe(0);
   });
+
+  test('ScheduledActions have a name', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const asg = makeAutoScalingGroup(stack);
+
+    const action = asg.scaleOnSchedule('ScaleOutAtMiddaySeoul', {
+      schedule: autoscaling.Schedule.cron({ hour: '12', minute: '0' }),
+      minCapacity: 12,
+      timeZone: 'Asia/Seoul',
+    });
+
+    expect(action.scheduledActionName).toBeDefined();
+  });
 });
 
 function makeAutoScalingGroup(scope: constructs.Construct) {

diff --git a/packages/@aws-cdk/aws-codebuild/README.md b/packages/@aws-cdk/aws-codebuild/README.md
@@ -386,6 +386,50 @@ new codebuild.Project(this, 'Project', {
 })
 ```
 
+## Debugging builds interactively using SSM Session Manager
+
+Integration with SSM Session Manager makes it possible to add breakpoints to your
+build commands, pause the build there and log into the container to interactively
+debug the environment.
+
+To do so, you need to:
+
+* Create the build with `ssmSessionPermissions: true`.
+* Use a build image with SSM agent installed and configured (default CodeBuild images come with the image preinstalled).
+* Start the build with [debugSessionEnabled](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_StartBuild.html#CodeBuild-StartBuild-request-debugSessionEnabled) set to true.
+
+If these conditions are met, execution of the command `codebuild-breakpoint`
+will suspend your build and allow you to attach a Session Manager session from
+the CodeBuild console.
+
+For more information, see [View a running build in Session
+Manager](https://docs.aws.amazon.com/codebuild/latest/userguide/session-manager.html)
+in the CodeBuild documentation.
+
+Example:
+
+```ts
+new codebuild.Project(this, 'Project', {
+  environment: {
+    buildImage: codebuild.LinuxBuildImage.STANDARD_6_0,
+  },
+  ssmSessionPermissions: true,
+  buildSpec: codebuild.BuildSpec.fromObject({
+    version: '0.2',
+    phases: {
+      build: {
+        commands: [
+          // Pause the build container if possible
+          'codebuild-breakpoint',
+          // Regular build in a script in the repository
+          './my-build.sh',
+        ],
+      },
+    },
+  }),
+})
+```
+
 ## Credentials
 
 CodeBuild allows you to store credentials used when communicating with various sources,

diff --git a/packages/@aws-cdk/aws-codebuild/lib/project.ts b/packages/@aws-cdk/aws-codebuild/lib/project.ts
@@ -692,6 +692,26 @@ export interface CommonProjectProps {
    * @default - no explicit limit is set
    */
   readonly concurrentBuildLimit?: number
+
+  /**
+   * Add the permissions necessary for debugging builds with SSM Session Manager
+   *
+   * If the following prerequisites have been met:
+   *
+   * - The necessary permissions have been added by setting this flag to true.
+   * - The build image has the SSM agent installed (true for default CodeBuild images).
+   * - The build is started with [debugSessionEnabled](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_StartBuild.html#CodeBuild-StartBuild-request-debugSessionEnabled) set to true.
+   *
+   * Then the build container can be paused and inspected using Session Manager
+   * by invoking the `codebuild-breakpoint` command somewhere during the build.
+   *
+   * `codebuild-breakpoint` commands will be ignored if the build is not started
+   * with `debugSessionEnabled=true`.
+   *
+   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/session-manager.html
+   * @default false
+   */
+  readonly ssmSessionPermissions?: boolean;
 }
 
 export interface ProjectProps extends CommonProjectProps {
@@ -1129,6 +1149,27 @@ export class Project extends ProjectBase {
       }));
     }
 
+    // https://docs.aws.amazon.com/codebuild/latest/userguide/session-manager.html
+    if (props.ssmSessionPermissions) {
+      this.addToRolePolicy(new iam.PolicyStatement({
+        actions: [
+          // For the SSM channel
+          'ssmmessages:CreateControlChannel',
+          'ssmmessages:CreateDataChannel',
+          'ssmmessages:OpenControlChannel',
+          'ssmmessages:OpenDataChannel',
+          // In case the SSM session is set up to log commands to CloudWatch
+          'logs:DescribeLogGroups',
+          'logs:CreateLogStream',
+          'logs:PutLogEvents',
+          // In case the SSM session is set up to log commands to S3.
+          's3:GetEncryptionConfiguration',
+          's3:PutObject',
+        ],
+        resources: ['*'],
+      }));
+    }
+
     if (props.encryptionKey) {
       this.encryptionKey = props.encryptionKey;
     }

diff --git a/...breakpoint.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.assets.json b/...breakpoint.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "21.0.0",
+  "files": {
+    "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
+      "source": {
+        "path": "ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}
diff --git a/...eakpoint.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json b/...eakpoint.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json
@@ -0,0 +1,36 @@
+{
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}
diff --git a/packages/@aws-cdk/aws-codebuild/test/breakpoint.integ.snapshot/assertion-results.json b/packages/@aws-cdk/aws-codebuild/test/breakpoint.integ.snapshot/assertion-results.json
@@ -0,0 +1 @@
+{}
diff --git a/...cdk/aws-codebuild/test/breakpoint.integ.snapshot/aws-cdk-codebuild-breakpoint.assets.json b/...cdk/aws-codebuild/test/breakpoint.integ.snapshot/aws-cdk-codebuild-breakpoint.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "21.0.0",
+  "files": {
+    "38d79637293a2170812ef1108634858c002345d4d5803191fa1d821a30b29d37": {
+      "source": {
+        "path": "aws-cdk-codebuild-breakpoint.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "38d79637293a2170812ef1108634858c002345d4d5803191fa1d821a30b29d37.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}