chore(release): 1.97.0 (#14000)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/1.97.0/CHANGELOG.md)

CHANGELOG.md

@@ -2,6 +2,32 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.97.0](https://github.com/aws/aws-cdk/compare/v1.96.0...v1.97.0) (2021-04-06)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **elasticsearch:** `vpcOptions` was removed. Use `vpc`, `vpcSubnets` and `securityGroups` instead.
+
+### Features
+
+* **appmesh:** Implement Outlier Detection for Virtual Nodes ([#13952](https://github.com/aws/aws-cdk/issues/13952)) ([965f130](https://github.com/aws/aws-cdk/commit/965f130dbfc4e1943d384b9fbf5acdf3b547fd57))
+* **cx-api:** graduate to stable 🚀  ([#13859](https://github.com/aws/aws-cdk/issues/13859)) ([d99e13d](https://github.com/aws/aws-cdk/commit/d99e13d523ddacf9e13f6b5169d86d5a20569475))
+* **eks:** Support `secretsEncryptionKey` in FargateCluster ([#13866](https://github.com/aws/aws-cdk/issues/13866)) ([56c6f98](https://github.com/aws/aws-cdk/commit/56c6f98dbcfc98740446f699a8985d7d6b44c503))
+* **eks:** Support bootstrap.sh --dns-cluster-ip arg ([#13890](https://github.com/aws/aws-cdk/issues/13890)) ([56cd863](https://github.com/aws/aws-cdk/commit/56cd8635f77d6a5aefb32c6e1224e1f0a6ca3540))
+* **elasticsearch:** graduate to stable 🚀 ([#13900](https://github.com/aws/aws-cdk/issues/13900)) ([767cd31](https://github.com/aws/aws-cdk/commit/767cd31c2b66b48b3b8fed7cd8d408a6846cf1e1))
+* **s3-deployment:** graduate to stable 🚀 ([#13906](https://github.com/aws/aws-cdk/issues/13906)) ([567d64d](https://github.com/aws/aws-cdk/commit/567d64d70f92adbba9ff9981184d88b46fb95652))
+* **ses:** graduate to stable 🚀 ([#13913](https://github.com/aws/aws-cdk/issues/13913)) ([4f9a715](https://github.com/aws/aws-cdk/commit/4f9a7151b99e8455eeb8b0cd364dfd29624da8c5))
+* **ses-actions:** graduate to stable 🚀  ([#13864](https://github.com/aws/aws-cdk/issues/13864)) ([24f8307](https://github.com/aws/aws-cdk/commit/24f8307b7f9013c5ba909cab8c4a3a3bcdf0041c))
+
+
+### Bug Fixes
+
+* **aws-rds:** ServerlessCluster.clusterArn is not correct when clusterIdentifier includes upper cases string. ([#13710](https://github.com/aws/aws-cdk/issues/13710)) ([a8f5b6c](https://github.com/aws/aws-cdk/commit/a8f5b6c54371fe966172a9fb36135bfdc4a01b11)), closes [#12795](https://github.com/aws/aws-cdk/issues/12795)
+* **cli:** broken java init template ([#13988](https://github.com/aws/aws-cdk/issues/13988)) ([c6ca2ab](https://github.com/aws/aws-cdk/commit/c6ca2aba915ea4f89e3044b7f388acda231e295d)), closes [#13964](https://github.com/aws/aws-cdk/issues/13964)
+* **cloudfront:** Cache Policy headers enforce soft limit of 10 ([#13904](https://github.com/aws/aws-cdk/issues/13904)) ([8a66244](https://github.com/aws/aws-cdk/commit/8a6624477854af17f5ad163fac9be1fd6168cfc4)), closes [#13425](https://github.com/aws/aws-cdk/issues/13425) [#13903](https://github.com/aws/aws-cdk/issues/13903)
+* **codepipeline-actions:** EcrSourceAction triggers on a push to every tag ([#13822](https://github.com/aws/aws-cdk/issues/13822)) ([c5a2add](https://github.com/aws/aws-cdk/commit/c5a2addcd87ebb810dcac54c659fa60786f9d345)), closes [#13818](https://github.com/aws/aws-cdk/issues/13818)
+
 ## [1.96.0](https://github.com/aws/aws-cdk/compare/v1.95.2...v1.96.0) (2021-04-01)
 
 

design/aws-ecs/aws-ecs-scheduled-ecs-task-construct.md

@@ -112,7 +112,7 @@ export interface ScheduledEc2TaskProps {
 The `ScheduledEc2Task` construct will use the following existing constructs:
 
 * Ec2TaskDefinition - To create a Task Definition for the container to start
-* Ec2EventRuleTarget - The target of the aws event
+* Ec2EventRuleTarget - The target of the AWS event
 * EventRule - To describe the event trigger (in this case, a scheduled run)
 
 An example use case to create a task that is scheduled to run every minute:

package.json

@@ -18,9 +18,9 @@
     "fs-extra": "^9.1.0",
     "graceful-fs": "^4.2.6",
     "jest-junit": "^12.0.0",
-    "jsii-diff": "^1.26.0",
-    "jsii-pacmak": "^1.26.0",
-    "jsii-rosetta": "^1.26.0",
+    "jsii-diff": "^1.27.0",
+    "jsii-pacmak": "^1.27.0",
+    "jsii-rosetta": "^1.27.0",
     "lerna": "^4.0.0",
     "standard-version": "^9.1.1",
     "typescript": "~3.9.9"

packages/@aws-cdk/aws-appmesh/README.md

@@ -279,6 +279,33 @@ const gateway = new appmesh.VirtualGateway(this, 'gateway', {
 });
 ```
 
+## Adding outlier detection to a Virtual Node listener
+
+The `outlierDetection` property can be added to a Virtual Node listener to add outlier detection. The 4 parameters 
+(`baseEjectionDuration`, `interval`, `maxEjectionPercent`, `maxServerErrors`) are required.
+
+```typescript
+// Cloud Map service discovery is currently required for host ejection by outlier detection
+const vpc = new ec2.Vpc(stack, 'vpc');
+const namespace = new servicediscovery.PrivateDnsNamespace(this, 'test-namespace', {
+    vpc,
+    name: 'domain.local',
+});
+const service = namespace.createService('Svc');
+
+const node = mesh.addVirtualNode('virtual-node', {
+  serviceDiscovery: appmesh.ServiceDiscovery.cloudMap({
+    service: service,
+  }),
+  outlierDetection: {
+    baseEjectionDuration: cdk.Duration.seconds(10),
+    interval: cdk.Duration.seconds(30),
+    maxEjectionPercent: 50,
+    maxServerErrors: 5,
+  },
+});
+```
+
 ## Adding a Route
 
 A `route` is associated with a virtual router, and it's used to match requests for a virtual router and distribute traffic accordingly to its associated virtual nodes.

packages/@aws-cdk/aws-appmesh/lib/shared-interfaces.ts

@@ -124,6 +124,32 @@ export interface HealthCheck {
   readonly unhealthyThreshold?: number;
 }
 
+/**
+ * Represents the outlier detection for a listener.
+ */
+export interface OutlierDetection {
+  /**
+   * The base amount of time for which a host is ejected.
+   */
+  readonly baseEjectionDuration: cdk.Duration;
+
+  /**
+   * The time interval between ejection sweep analysis.
+   */
+  readonly interval: cdk.Duration;
+
+  /**
+   * Maximum percentage of hosts in load balancing pool for upstream service that can be ejected. Will eject at
+   * least one host regardless of the value.
+   */
+  readonly maxEjectionPercent: number;
+
+  /**
+   * Number of consecutive 5xx errors required for ejection.
+   */
+  readonly maxServerErrors: number;
+}
+
 /**
  * All Properties for Envoy Access logs for mesh endpoints
  */

packages/@aws-cdk/aws-appmesh/lib/virtual-node-listener.ts

@@ -1,7 +1,7 @@
 import * as cdk from '@aws-cdk/core';
 import { CfnVirtualNode } from './appmesh.generated';
 import { validateHealthChecks } from './private/utils';
-import { HealthCheck, Protocol, HttpTimeout, GrpcTimeout, TcpTimeout } from './shared-interfaces';
+import { HealthCheck, Protocol, HttpTimeout, GrpcTimeout, TcpTimeout, OutlierDetection } from './shared-interfaces';
 import { TlsCertificate, TlsCertificateConfig } from './tls-certificate';
 
 // keep this import separate from other imports to reduce chance for merge conflicts with v2-main
@@ -42,6 +42,13 @@ interface VirtualNodeListenerCommonOptions {
    * @default - none
    */
   readonly tlsCertificate?: TlsCertificate;
+
+  /**
+   * Represents the configuration for enabling outlier detection
+   *
+   * @default - none
+   */
+  readonly outlierDetection?: OutlierDetection;
 }
 
 /**
@@ -88,28 +95,28 @@ export abstract class VirtualNodeListener {
    * Returns an HTTP Listener for a VirtualNode
    */
   public static http(props: HttpVirtualNodeListenerOptions = {}): VirtualNodeListener {
-    return new VirtualNodeListenerImpl(Protocol.HTTP, props.healthCheck, props.timeout, props.port, props.tlsCertificate);
+    return new VirtualNodeListenerImpl(Protocol.HTTP, props.healthCheck, props.timeout, props.port, props.tlsCertificate, props.outlierDetection);
   }
 
   /**
    * Returns an HTTP2 Listener for a VirtualNode
    */
   public static http2(props: HttpVirtualNodeListenerOptions = {}): VirtualNodeListener {
-    return new VirtualNodeListenerImpl(Protocol.HTTP2, props.healthCheck, props.timeout, props.port, props.tlsCertificate);
+    return new VirtualNodeListenerImpl(Protocol.HTTP2, props.healthCheck, props.timeout, props.port, props.tlsCertificate, props.outlierDetection);
   }
 
   /**
    * Returns an GRPC Listener for a VirtualNode
    */
   public static grpc(props: GrpcVirtualNodeListenerOptions = {}): VirtualNodeListener {
-    return new VirtualNodeListenerImpl(Protocol.GRPC, props.healthCheck, props.timeout, props.port, props.tlsCertificate);
+    return new VirtualNodeListenerImpl(Protocol.GRPC, props.healthCheck, props.timeout, props.port, props.tlsCertificate, props.outlierDetection);
   }
 
   /**
    * Returns an TCP Listener for a VirtualNode
    */
   public static tcp(props: TcpVirtualNodeListenerOptions = {}): VirtualNodeListener {
-    return new VirtualNodeListenerImpl(Protocol.TCP, props.healthCheck, props.timeout, props.port, props.tlsCertificate);
+    return new VirtualNodeListenerImpl(Protocol.TCP, props.healthCheck, props.timeout, props.port, props.tlsCertificate, props.outlierDetection);
   }
 
   /**
@@ -124,7 +131,8 @@ class VirtualNodeListenerImpl extends VirtualNodeListener {
     private readonly healthCheck: HealthCheck | undefined,
     private readonly timeout: HttpTimeout | undefined,
     private readonly port: number = 8080,
-    private readonly tlsCertificate: TlsCertificate | undefined) { super(); }
+    private readonly tlsCertificate: TlsCertificate | undefined,
+    private readonly outlierDetection: OutlierDetection | undefined) { super(); }
 
   public bind(scope: Construct): VirtualNodeListenerConfig {
     const tlsConfig = this.tlsCertificate?.bind(scope);
@@ -137,6 +145,7 @@ class VirtualNodeListenerImpl extends VirtualNodeListener {
         healthCheck: this.healthCheck ? this.renderHealthCheck(this.healthCheck) : undefined,
         timeout: this.timeout ? this.renderTimeout(this.timeout) : undefined,
         tls: tlsConfig ? this.renderTls(tlsConfig) : undefined,
+        outlierDetection: this.outlierDetection ? this.renderOutlierDetection(this.outlierDetection) : undefined,
       },
     };
   }
@@ -191,5 +200,20 @@ class VirtualNodeListenerImpl extends VirtualNodeListener {
       },
     });
   }
+
+  private renderOutlierDetection(outlierDetection: OutlierDetection): CfnVirtualNode.OutlierDetectionProperty {
+    return {
+      baseEjectionDuration: {
+        unit: 'ms',
+        value: outlierDetection.baseEjectionDuration.toMilliseconds(),
+      },
+      interval: {
+        unit: 'ms',
+        value: outlierDetection.interval.toMilliseconds(),
+      },
+      maxEjectionPercent: outlierDetection.maxEjectionPercent,
+      maxServerErrors: outlierDetection.maxServerErrors,
+    };
+  }
 }
 

packages/@aws-cdk/aws-appmesh/test/test.virtual-node.ts

@@ -257,6 +257,61 @@ export = {
       },
     },
 
+    'when a listener is added with outlier detection with user defined props': {
+      'should add a listener  outlier detection to the resource'(test: Test) {
+        // GIVEN
+        const stack = new cdk.Stack();
+
+        // WHEN
+        const mesh = new appmesh.Mesh(stack, 'mesh', {
+          meshName: 'test-mesh',
+        });
+
+        const node = new appmesh.VirtualNode(stack, 'test-node', {
+          mesh,
+          serviceDiscovery: appmesh.ServiceDiscovery.dns('test'),
+        });
+
+        node.addListener(appmesh.VirtualNodeListener.tcp({
+          port: 80,
+          outlierDetection: {
+            baseEjectionDuration: cdk.Duration.seconds(10),
+            interval: cdk.Duration.seconds(30),
+            maxEjectionPercent: 50,
+            maxServerErrors: 5,
+          },
+        }));
+
+        // THEN
+        expect(stack).to(haveResourceLike('AWS::AppMesh::VirtualNode', {
+          Spec: {
+            Listeners: [
+              {
+                OutlierDetection: {
+                  BaseEjectionDuration: {
+                    Unit: 'ms',
+                    Value: 10000,
+                  },
+                  Interval: {
+                    Unit: 'ms',
+                    Value: 30000,
+                  },
+                  MaxEjectionPercent: 50,
+                  MaxServerErrors: 5,
+                },
+                PortMapping: {
+                  Port: 80,
+                  Protocol: 'tcp',
+                },
+              },
+            ],
+          },
+        }));
+
+        test.done();
+      },
+    },
+
     'when a default backend is added': {
       'should add a backend default to the resource'(test: Test) {
         // GIVEN

packages/@aws-cdk/aws-backup/README.md

@@ -5,17 +5,7 @@
 
 ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)
 
-> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use.
->
-> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib
-
-![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge)
-
-> The APIs of higher level constructs in this module are experimental and under active development.
-> They are subject to non-backward compatible changes or removal in any future version. These are
-> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be
-> announced in the release notes. This means that while you may use them, you may need to update
-> your source code when upgrading to a newer version of this package.
+![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge)
 
 ---
 

packages/@aws-cdk/aws-backup/package.json

@@ -111,8 +111,8 @@
       "resource-attribute:@aws-cdk/aws-backup.BackupSelection.backupSelectionId"
     ]
   },
-  "stability": "experimental",
-  "maturity": "experimental",
+  "stability": "stable",
+  "maturity": "stable",
   "awscdkio": {
     "announce": false
   },

packages/@aws-cdk/aws-cloudfront/lib/cache-policy.ts

@@ -231,9 +231,6 @@ export class CacheHeaderBehavior {
     if (headers.length === 0) {
       throw new Error('At least one header to allow must be provided');
     }
-    if (headers.length > 10) {
-      throw new Error(`Maximum allowed headers in Cache Policy is 10; got ${headers.length}.`);
-    }
     return new CacheHeaderBehavior('whitelist', headers);
   }
 

packages/@aws-cdk/aws-cloudfront/test/cache-policy.test.ts

@@ -96,17 +96,6 @@ describe('CachePolicy', () => {
     expect(() => new CachePolicy(stack, 'CachePolicy6', { cachePolicyName: 'My_Policy' })).not.toThrow();
   });
 
-  test('throws if more than 10 CacheHeaderBehavior headers are being passed', () => {
-    const errorMessage = /Maximum allowed headers in Cache Policy is 10; got (.*?)/;
-    expect(() => new CachePolicy(stack, 'CachePolicy1', {
-      headerBehavior: CacheHeaderBehavior.allowList('Lorem', 'ipsum', 'dolor', 'sit', 'amet', 'consectetur', 'adipiscing', 'elit', 'sed', 'do', 'eiusmod'),
-    })).toThrow(errorMessage);
-
-    expect(() => new CachePolicy(stack, 'CachePolicy2', {
-      headerBehavior: CacheHeaderBehavior.allowList('Lorem', 'ipsum', 'dolor', 'sit', 'amet', 'consectetur', 'adipiscing', 'elit', 'sed', 'do'),
-    })).not.toThrow();
-  });
-
   test('does not throw if cachePolicyName is a token', () => {
     expect(() => new CachePolicy(stack, 'CachePolicy', {
       cachePolicyName: Aws.STACK_NAME,

packages/@aws-cdk/aws-codepipeline-actions/lib/ecr/source-action.ts

@@ -95,7 +95,7 @@ export class EcrSourceAction extends Action {
 
     this.props.repository.onCloudTrailImagePushed(Names.nodeUniqueId(stage.pipeline.node) + 'SourceEventRule', {
       target: new targets.CodePipeline(stage.pipeline),
-      imageTag: this.props.imageTag,
+      imageTag: this.props.imageTag ?? 'latest',
     });
 
     // the Action Role also needs to write to the Pipeline's bucket

packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecr-source.expected.json

@@ -348,8 +348,8 @@
     },
     "MyEcrRepo767466D0": {
       "Type": "AWS::ECR::Repository",
-      "UpdateReplacePolicy": "Retain",
-      "DeletionPolicy": "Retain"
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete"
     },
     "MyEcrRepoawscdkcodepipelineecrsourceMyPipeline63CF3194SourceEventRule911FDB6D": {
       "Type": "AWS::Events::Rule",
@@ -367,6 +367,9 @@
                 {
                   "Ref": "MyEcrRepo767466D0"
                 }
+              ],
+              "imageTag": [
+                "latest"
               ]
             },
             "eventName": [
@@ -412,4 +415,4 @@
       }
     }
   }
-}
+}

packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecr-source.ts

@@ -15,7 +15,9 @@ const pipeline = new codepipeline.Pipeline(stack, 'MyPipeline', {
   artifactBucket: bucket,
 });
 
-const repository = new ecr.Repository(stack, 'MyEcrRepo');
+const repository = new ecr.Repository(stack, 'MyEcrRepo', {
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
+});
 const sourceStage = pipeline.addStage({ stageName: 'Source' });
 sourceStage.addAction(new cpactions.EcrSourceAction({
   actionName: 'ECR_Source',

packages/@aws-cdk/aws-ecs/lib/container-definition.ts

@@ -351,7 +351,7 @@ export class ContainerDefinition extends CoreConstruct {
    * stopped. If the essential parameter of a container is marked as false, then its
    * failure does not affect the rest of the containers in a task.
    *
-   * If this parameter isomitted, a container is assumed to be essential.
+   * If this parameter is omitted, a container is assumed to be essential.
    */
   public readonly essential: boolean;