Skip to content

feat: add service connect mft#4046

Merged
mergify[bot] merged 14 commits intoaws:mainlinefrom
iamhopaul123:sc-mft
Oct 12, 2022
Merged

feat: add service connect mft#4046
mergify[bot] merged 14 commits intoaws:mainlinefrom
iamhopaul123:sc-mft

Conversation

@iamhopaul123
Copy link
Copy Markdown
Contributor

@iamhopaul123 iamhopaul123 commented Sep 29, 2022

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

@iamhopaul123 iamhopaul123 requested a review from a team as a code owner September 29, 2022 17:02
@iamhopaul123 iamhopaul123 requested review from KollaAdithya and removed request for a team September 29, 2022 17:02
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Sep 29, 2022
edited
Loading

Codecov Report

Merging #4046 (3353d45) into mainline (101b95d) will increase coverage by 0.04%.
The diff coverage is 89.36%.

@@             Coverage Diff              @@
##           mainline    #4046      +/-   ##
============================================
+ Coverage     69.12%   69.17%   +0.04%     
============================================
  Files           248      248              
  Lines         35511    35598      +87     
  Branches        264      264              
============================================
+ Hits          24548    24625      +77     
- Misses         9770     9779       +9     
- Partials       1193     1194       +1
Impacted Files Coverage Δ
...rnal/pkg/deploy/cloudformation/stack/worker_svc.go 59.67% <ø> (ø)
internal/pkg/template/workload.go 42.58% <ø> (ø)
internal/pkg/manifest/validate.go 84.08% <73.07%> (-0.27%) ⬇️
internal/pkg/manifest/workload.go 82.54% <81.25%> (-0.06%) ⬇️
...nal/pkg/deploy/cloudformation/stack/backend_svc.go 88.67% <100.00%> (+0.38%) ⬆️
...rnal/pkg/deploy/cloudformation/stack/lb_web_svc.go 78.03% <100.00%> (+0.51%) ⬆️
...al/pkg/deploy/cloudformation/stack/transformers.go 77.04% <100.00%> (+0.11%) ⬆️
internal/pkg/manifest/backend_svc.go 88.67% <100.00%> (+1.44%) ⬆️
internal/pkg/manifest/lb_web_svc.go 89.09% <100.00%> (+0.20%) ⬆️
internal/pkg/manifest/transform.go 98.36% <100.00%> (+0.07%) ⬆️
... and 1 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@iamhopaul123 iamhopaul123 marked this pull request as draft September 29, 2022 18:05
@iamhopaul123 iamhopaul123 marked this pull request as ready for review September 29, 2022 19:14
efekarakus
efekarakus reviewed Sep 29, 2022
View reviewed changes
Comment thread internal/pkg/deploy/cloudformation/stack/testdata/workloads/backend/simple-params.json Outdated
Comment thread internal/pkg/deploy/cloudformation/stack/transformers.go Outdated
Comment thread internal/pkg/manifest/validate.go
Comment thread internal/pkg/manifest/workload.go Outdated
Comment thread internal/pkg/manifest/workload.go Outdated
Comment thread internal/pkg/manifest/workload.go Outdated
Comment thread internal/pkg/template/templates/workloads/partials/cf/service-base-properties.yml
Comment thread internal/pkg/template/templates/workloads/partials/cf/workload-container.yml
efekarakus
efekarakus approved these changes Sep 30, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@efekarakus efekarakus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks boss looks great, just a refactor request and then :shipit:

Feel free to remove the label once addressed

Comment thread internal/pkg/manifest/backend_svc.go
Comment on lines +109 to +113
// Try our best to enable Service Connect by default.
if s.BackendServiceConfig.ImageConfig.Port != nil ||
s.BackendServiceConfig.RoutingRule.TargetContainer != nil {
return true
}
Copy link
Copy Markdown
Contributor

@efekarakus efekarakus Sep 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I get why now you moved this method to be part of *BackendService instead of ServiceConnect because you need access to the other fields in the manifest like target container.

What do you think of changing the method name to be more generic, for example:

// IsDiscoverable returns true if the service publishes a port that can be reached by other services in the VPC.
func (svc *BackendService) IsDiscoverable() bool {
   // This logic.
}

func (svc *LoadBalancedWebService) IsDiscoverable() bool {
   // returns true if service connect is enabled.
}

// IsDiscoverable is  false for workers as queue processing services don't accept network traffic.
func (svc *WorkerService) IsDiscoverable() bool { return false }

// IsDiscoverable is false as ephemeral tasks cannot be reached consistently.
func (job *ScheduledJob) IsDiscoverable() bool { return false }

Copy link
Copy Markdown
Contributor Author

@iamhopaul123 iamhopaul123 Oct 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm ServiceConnectEnabled might still be better since it isn't really whether the service is discoverable within the VPC because they could use SD.

Copy link
Copy Markdown
Contributor

@efekarakus efekarakus Oct 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I see what you mean, perhaps you're right and right now it's not worthwhile to introduce more abstraction.
So let's keep it as is 👍 , nit: maybe just rename to IsServiceConnectEnabled?

Comment thread internal/pkg/manifest/lb_web_svc.go Outdated
@efekarakus efekarakus added the do-not-merge Pull requests that mergify shouldn't merge until the requester allows it. label Sep 30, 2022
@iamhopaul123 iamhopaul123 removed the do-not-merge Pull requests that mergify shouldn't merge until the requester allows it. label Oct 4, 2022
dannyrandall
dannyrandall reviewed Oct 4, 2022
View reviewed changes
Comment thread internal/pkg/deploy/cloudformation/stack/backend_svc.go
Comment thread internal/pkg/deploy/cloudformation/stack/testdata/workloads/svc-nlb-manifest.yml
Comment thread internal/pkg/deploy/cloudformation/stack/worker_svc.go Outdated
Comment thread internal/pkg/manifest/backend_svc.go
Comment thread internal/pkg/manifest/validate.go Outdated
Comment thread internal/pkg/manifest/validate_test.go
Comment thread internal/pkg/template/templates/workloads/partials/cf/workload-container.yml
efekarakus
efekarakus reviewed Oct 4, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@efekarakus efekarakus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We talked offline but for visibility: we need to add a feature flag here otherwise it'll start deploying all new services with the updated template

Lou1415926
Lou1415926 reviewed Oct 4, 2022
View reviewed changes
Comment thread ...nal/pkg/deploy/cloudformation/stack/testdata/workloads/backend/https-path-alias-manifest.yml
Comment on lines +13 to +15
network:
connect: false

Copy link
Copy Markdown
Contributor

@Lou1415926 Lou1415926 Oct 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we not want to keep some integration test for when service connect is enabled (i.e. it's not opted out)? Or are we looking to add those integration test in the future?

Copy link
Copy Markdown
Contributor Author

@iamhopaul123 iamhopaul123 Oct 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we have all three cases...connect false, connect true and no config.

Comment thread internal/pkg/manifest/workload.go Outdated
Comment thread internal/pkg/manifest/workload.go
Comment thread internal/pkg/template/templates/workloads/partials/cf/sidecars.yml
Comment thread internal/pkg/template/templates/workloads/partials/cf/workload-container.yml
@efekarakus efekarakus added the do-not-merge Pull requests that mergify shouldn't merge until the requester allows it. label Oct 6, 2022
@efekarakus
Copy link
Copy Markdown
Contributor

efekarakus commented Oct 6, 2022

Adding the label for "feat:" PRs until we release a patch release for v1.22.1

@iamhopaul123 iamhopaul123 removed the do-not-merge Pull requests that mergify shouldn't merge until the requester allows it. label Oct 12, 2022
@mergify mergify Bot merged commit 0d0436a into aws:mainline Oct 12, 2022
iamhopaul123 added a commit that referenced this pull request Oct 13, 2022
@iamhopaul123 @dannyrandall
@dependabot @huanjani @paragbhingre
chore: merge mainline to service connect (#4082)
a9848a4 
* fix: allow cdn certificate import without http cert import (#4061)

Also fixes a bug where CDN fails to create if there are any internal ALB services deployed.
Also fixes a bug where on `svc/env package` we don't escape param values

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* e2e(apprunner): reduce size of dependencies (#4066)

- upgrade to go 1.19
- use stdlib http router
- migrate to aws sdk v2 to reduce dependency size
- use distroless container

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* chore: Bump github.com/aws/aws-sdk-go from 1.44.109 to 1.44.114 (#4074)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.109 to 1.44.114.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's releases</a>.</em></p>
<blockquote>
<h1>Release v1.44.114 (2022-10-07)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/codeguru-reviewer</code>: Updates service documentation</li>
<li><code>service/elasticloadbalancingv2</code>: Updates service documentation</li>
<li><code>service/greengrassv2</code>: Updates service API and documentation</li>
<li><code>service/quicksight</code>: Updates service API and documentation
<ul>
<li>Amazon QuickSight now supports SecretsManager Secret ARN in place of CredentialPair for DataSource creation and update. This release also has some minor documentation updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup</li>
</ul>
</li>
</ul>
<h1>Release v1.44.113 (2022-10-06)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/resiliencehub</code>: Updates service documentation</li>
</ul>
<h1>Release v1.44.112 (2022-10-05)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/glue</code>: Updates service API and documentation
<ul>
<li>This SDK release adds support to sync glue jobs with source control provider. Additionally, a new parameter called SourceControlDetails will be added to Job model.</li>
</ul>
</li>
<li><code>service/network-firewall</code>: Updates service API and documentation</li>
<li><code>service/outposts</code>: Updates service API and documentation</li>
</ul>
<h1>Release v1.44.111 (2022-10-04)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/connect</code>: Updates service API</li>
<li><code>service/connectcases</code>: Adds new service</li>
<li><code>service/ec2</code>: Updates service API and documentation
<ul>
<li>Added EnableNetworkAddressUsageMetrics flag for ModifyVpcAttribute, DescribeVpcAttribute APIs.</li>
</ul>
</li>
<li><code>service/ecs</code>: Updates service documentation
<ul>
<li>Documentation updates to address various Amazon ECS tickets.</li>
</ul>
</li>
<li><code>service/s3control</code>: Updates service API
<ul>
<li>S3 Object Lambda adds support to allow customers to intercept HeadObject and ListObjects requests and introduce their own compute. These requests were previously proxied to S3.</li>
</ul>
</li>
<li><code>service/workmail</code>: Updates service API, documentation, and paginators
<ul>
<li>This release adds support for impersonation roles in Amazon WorkMail.</li>
</ul>
</li>
</ul>
<h1>Release v1.44.110 (2022-10-03)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/accessanalyzer</code>: Updates service API and documentation</li>
<li><code>service/ec2</code>: Updates service API and documentation
<ul>
<li>Adding an imdsSupport attribute to EC2 AMIs</li>
</ul>
</li>
<li><code>service/snowball</code>: Updates service API, documentation, and paginators
<ul>
<li>Adds support for V3_5C. This is a refreshed AWS Snowball Edge Compute Optimized device type with 28TB SSD, 104 vCPU and 416GB memory (customer usable).</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/aws/aws-sdk-go/commit/2cfe73b2a438dfb09cf5aa8c12ca58731d14d1c5"><code>2cfe73b</code></a> Release v1.44.114 (2022-10-07) (<a href="https://github-redirect.dependabot.com/aws/aws-sdk-go/issues/4580">#4580</a>)</li>
<li><a href="https://github.com/aws/aws-sdk-go/commit/e2962f353f41fe98b19be1b4b61e06fbe7c71a64"><code>e2962f3</code></a> Release v1.44.113 (2022-10-06) (<a href="https://github-redirect.dependabot.com/aws/aws-sdk-go/issues/4579">#4579</a>)</li>
<li><a href="https://github.com/aws/aws-sdk-go/commit/1f5f2949f12197660df17792df205a8b90f5c910"><code>1f5f294</code></a> Release v1.44.112 (2022-10-05) (<a href="https://github-redirect.dependabot.com/aws/aws-sdk-go/issues/4578">#4578</a>)</li>
<li><a href="https://github.com/aws/aws-sdk-go/commit/2389894af92747d3ccd38b691ab977789ad489b1"><code>2389894</code></a> Release v1.44.111 (2022-10-04) (<a href="https://github-redirect.dependabot.com/aws/aws-sdk-go/issues/4576">#4576</a>)</li>
<li><a href="https://github.com/aws/aws-sdk-go/commit/0f8d80ad965ca2342a74a32cf5302fd992e11ab5"><code>0f8d80a</code></a> Release v1.44.110 (2022-10-03) (<a href="https://github-redirect.dependabot.com/aws/aws-sdk-go/issues/4575">#4575</a>)</li>
<li>See full diff in <a href="https://github.com/aws/aws-sdk-go/compare/v1.44.109...v1.44.114">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go&package-manager=go_modules&previous-version=1.44.109&new-version=1.44.114)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

* chore: bump env template patch version (#4076)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* chore: validate permissions boundary policy name so as to fail faster if invalid (#4035)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* fix(FIFO): worker service manifest with fifo subscriptions (#4056)

This PR fix the following scenario for FIFO SNS and SQS.
Initiate a new worker service and select FIFO topic for the subscriptions from the listed items and manifest gets populated with for example - 
```
subscribe:
  topics:
    - name: orders.fifo
      service: api
```
Whereas in this scenario manifest should be - 
```
subscribe:
  topics:
    - name: orders
      service: api
  queue:
    fifo: true
```



By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* chore: always expect target container/port params in backend svc (#4078)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* docs: correct cdn.terminate_tls field (#4081)

Resolves part of #4080

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* feat: add service connect mft (#4046)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* chore: Bump github.com/onsi/gomega from 1.20.2 to 1.21.1 (#4073)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.20.2 to 1.21.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/onsi/gomega/releases">github.com/onsi/gomega's releases</a>.</em></p>
<blockquote>
<h2>v1.21.1</h2>
<h3>Features</h3>
<ul>
<li>Eventually and Consistently that are passed a SpecContext can provide reports when an interrupt occurs [0d063c9]</li>
</ul>
<h2>v1.21.0</h2>
<h2>1.21.0</h2>
<h3>Features</h3>
<ul>
<li>Eventually and Consistently can take a context.Context [65c01bc]
This enables integration with Ginkgo 2.3.0's interruptible nodes and node timeouts.</li>
<li>Introduces Eventually.Within.ProbeEvery with tests and documentation (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/591">#591</a>) [f633800]</li>
<li>New BeKeyOf matcher with documentation and unit tests (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/590">#590</a>) [fb586b3]</li>
</ul>
<h2>Fixes</h2>
<ul>
<li>Cover the entire gmeasure suite with leak detection [8c54344]</li>
<li>Fix gmeasure leak [119d4ce]</li>
<li>Ignore new Ginkgo ProgressSignal goroutine in gleak [ba548e2]</li>
</ul>
<h2>Maintenance</h2>
<ul>
<li>Fixes crashes on newer Ruby 3 installations by upgrading github-pages gem dependency (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/596">#596</a>) [12469a0]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/onsi/gomega/blob/master/CHANGELOG.md">github.com/onsi/gomega's changelog</a>.</em></p>
<blockquote>
<h2>v1.21.1</h2>
<h3>Features</h3>
<ul>
<li>Eventually and Consistently that are passed a SpecContext can provide reports when an interrupt occurs [0d063c9]</li>
</ul>
<h2>1.21.0</h2>
<h3>Features</h3>
<ul>
<li>Eventually and Consistently can take a context.Context [65c01bc]
This enables integration with Ginkgo 2.3.0's interruptible nodes and node timeouts.</li>
<li>Introduces Eventually.Within.ProbeEvery with tests and documentation (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/591">#591</a>) [f633800]</li>
<li>New BeKeyOf matcher with documentation and unit tests (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/590">#590</a>) [fb586b3]</li>
</ul>
<h2>Fixes</h2>
<ul>
<li>Cover the entire gmeasure suite with leak detection [8c54344]</li>
<li>Fix gmeasure leak [119d4ce]</li>
<li>Ignore new Ginkgo ProgressSignal goroutine in gleak [ba548e2]</li>
</ul>
<h2>Maintenance</h2>
<ul>
<li>Fixes crashes on newer Ruby 3 installations by upgrading github-pages gem dependency (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/596">#596</a>) [12469a0]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/onsi/gomega/commit/2e349791b418de459ab3ac4b8e01cd544ae75de0"><code>2e34979</code></a> v1.21.1</li>
<li><a href="https://github.com/onsi/gomega/commit/0d063c92419a649ab0af4ea734d511470702877d"><code>0d063c9</code></a> Eventually and Consistently that are passed a SpecContext can provide reports...</li>
<li><a href="https://github.com/onsi/gomega/commit/2ba576317ed0113fdc54f501e3d6c51ce1eec916"><code>2ba5763</code></a> v1.21.0</li>
<li><a href="https://github.com/onsi/gomega/commit/65c01bc09daf4de0dc1033aad4d503e12af10e9b"><code>65c01bc</code></a> Eventually and Consistently can take a context.Context</li>
<li><a href="https://github.com/onsi/gomega/commit/12469a020bc6d62ae3b34b009cf6d8a8f16bbbaf"><code>12469a0</code></a> fixes crashes on newer Ruby 3 installations by upgrading github-pages gem dep...</li>
<li><a href="https://github.com/onsi/gomega/commit/b8636ade4f58fa61c5c59e0fab994ed84794113a"><code>b8636ad</code></a> documentation updates for BeKeyOf and well-known non-leaky goroutines (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/592">#592</a>)</li>
<li><a href="https://github.com/onsi/gomega/commit/f633800f4d63d0c0023bace4f955c4a2869d362b"><code>f633800</code></a> introduces Eventually.Within.ProbeEvery with tests and documentation (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/591">#591</a>)</li>
<li><a href="https://github.com/onsi/gomega/commit/fb586b3c862c647bdea6ca5fe5d7f60038015699"><code>fb586b3</code></a> new BeKeyOf matcher with documentation and unit tests (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/590">#590</a>)</li>
<li><a href="https://github.com/onsi/gomega/commit/647a36bc43f8c5ff3338789410456670b30177ba"><code>647a36b</code></a> welp; remove local Ginkgo replace directive in go.mod</li>
<li><a href="https://github.com/onsi/gomega/commit/8c54344b7bc6a1091fe7f1b674ae1cb9cccc850a"><code>8c54344</code></a> cover the entire gmeasure suite with leak detection</li>
<li>Additional commits viewable in <a href="https://github.com/onsi/gomega/compare/v1.20.2...v1.21.1">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/onsi/gomega&package-manager=go_modules&previous-version=1.20.2&new-version=1.21.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Co-authored-by: danny randall <10566468+dannyrandall@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Janice Huang <60631893+huanjani@users.noreply.github.com>
Co-authored-by: Parag Sanjay Bhingre <pbhingre@amazon.com>
iamhopaul123 added a commit that referenced this pull request Oct 19, 2022
@iamhopaul123 @dannyrandall
@dependabot @huanjani @paragbhingre @KollaAdithya @genbit
Merge mainline (#4098)
9512c82 
* fix: allow cdn certificate import without http cert import (#4061)

Also fixes a bug where CDN fails to create if there are any internal ALB services deployed.
Also fixes a bug where on `svc/env package` we don't escape param values

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* e2e(apprunner): reduce size of dependencies (#4066)

- upgrade to go 1.19
- use stdlib http router
- migrate to aws sdk v2 to reduce dependency size
- use distroless container

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* chore: Bump github.com/aws/aws-sdk-go from 1.44.109 to 1.44.114 (#4074)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.109 to 1.44.114.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's releases</a>.</em></p>
<blockquote>
<h1>Release v1.44.114 (2022-10-07)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/codeguru-reviewer</code>: Updates service documentation</li>
<li><code>service/elasticloadbalancingv2</code>: Updates service documentation</li>
<li><code>service/greengrassv2</code>: Updates service API and documentation</li>
<li><code>service/quicksight</code>: Updates service API and documentation
<ul>
<li>Amazon QuickSight now supports SecretsManager Secret ARN in place of CredentialPair for DataSource creation and update. This release also has some minor documentation updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup</li>
</ul>
</li>
</ul>
<h1>Release v1.44.113 (2022-10-06)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/resiliencehub</code>: Updates service documentation</li>
</ul>
<h1>Release v1.44.112 (2022-10-05)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/glue</code>: Updates service API and documentation
<ul>
<li>This SDK release adds support to sync glue jobs with source control provider. Additionally, a new parameter called SourceControlDetails will be added to Job model.</li>
</ul>
</li>
<li><code>service/network-firewall</code>: Updates service API and documentation</li>
<li><code>service/outposts</code>: Updates service API and documentation</li>
</ul>
<h1>Release v1.44.111 (2022-10-04)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/connect</code>: Updates service API</li>
<li><code>service/connectcases</code>: Adds new service</li>
<li><code>service/ec2</code>: Updates service API and documentation
<ul>
<li>Added EnableNetworkAddressUsageMetrics flag for ModifyVpcAttribute, DescribeVpcAttribute APIs.</li>
</ul>
</li>
<li><code>service/ecs</code>: Updates service documentation
<ul>
<li>Documentation updates to address various Amazon ECS tickets.</li>
</ul>
</li>
<li><code>service/s3control</code>: Updates service API
<ul>
<li>S3 Object Lambda adds support to allow customers to intercept HeadObject and ListObjects requests and introduce their own compute. These requests were previously proxied to S3.</li>
</ul>
</li>
<li><code>service/workmail</code>: Updates service API, documentation, and paginators
<ul>
<li>This release adds support for impersonation roles in Amazon WorkMail.</li>
</ul>
</li>
</ul>
<h1>Release v1.44.110 (2022-10-03)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/accessanalyzer</code>: Updates service API and documentation</li>
<li><code>service/ec2</code>: Updates service API and documentation
<ul>
<li>Adding an imdsSupport attribute to EC2 AMIs</li>
</ul>
</li>
<li><code>service/snowball</code>: Updates service API, documentation, and paginators
<ul>
<li>Adds support for V3_5C. This is a refreshed AWS Snowball Edge Compute Optimized device type with 28TB SSD, 104 vCPU and 416GB memory (customer usable).</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/aws/aws-sdk-go/commit/2cfe73b2a438dfb09cf5aa8c12ca58731d14d1c5"><code>2cfe73b</code></a> Release v1.44.114 (2022-10-07) (<a href="https://github-redirect.dependabot.com/aws/aws-sdk-go/issues/4580">#4580</a>)</li>
<li><a href="https://github.com/aws/aws-sdk-go/commit/e2962f353f41fe98b19be1b4b61e06fbe7c71a64"><code>e2962f3</code></a> Release v1.44.113 (2022-10-06) (<a href="https://github-redirect.dependabot.com/aws/aws-sdk-go/issues/4579">#4579</a>)</li>
<li><a href="https://github.com/aws/aws-sdk-go/commit/1f5f2949f12197660df17792df205a8b90f5c910"><code>1f5f294</code></a> Release v1.44.112 (2022-10-05) (<a href="https://github-redirect.dependabot.com/aws/aws-sdk-go/issues/4578">#4578</a>)</li>
<li><a href="https://github.com/aws/aws-sdk-go/commit/2389894af92747d3ccd38b691ab977789ad489b1"><code>2389894</code></a> Release v1.44.111 (2022-10-04) (<a href="https://github-redirect.dependabot.com/aws/aws-sdk-go/issues/4576">#4576</a>)</li>
<li><a href="https://github.com/aws/aws-sdk-go/commit/0f8d80ad965ca2342a74a32cf5302fd992e11ab5"><code>0f8d80a</code></a> Release v1.44.110 (2022-10-03) (<a href="https://github-redirect.dependabot.com/aws/aws-sdk-go/issues/4575">#4575</a>)</li>
<li>See full diff in <a href="https://github.com/aws/aws-sdk-go/compare/v1.44.109...v1.44.114">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go&package-manager=go_modules&previous-version=1.44.109&new-version=1.44.114)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

* chore: bump env template patch version (#4076)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* chore: validate permissions boundary policy name so as to fail faster if invalid (#4035)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* fix(FIFO): worker service manifest with fifo subscriptions (#4056)

This PR fix the following scenario for FIFO SNS and SQS.
Initiate a new worker service and select FIFO topic for the subscriptions from the listed items and manifest gets populated with for example - 
```
subscribe:
  topics:
    - name: orders.fifo
      service: api
```
Whereas in this scenario manifest should be - 
```
subscribe:
  topics:
    - name: orders
      service: api
  queue:
    fifo: true
```



By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* chore: always expect target container/port params in backend svc (#4078)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* docs: correct cdn.terminate_tls field (#4081)

Resolves part of #4080

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* feat: add service connect mft (#4046)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* chore: Bump github.com/onsi/gomega from 1.20.2 to 1.21.1 (#4073)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.20.2 to 1.21.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/onsi/gomega/releases">github.com/onsi/gomega's releases</a>.</em></p>
<blockquote>
<h2>v1.21.1</h2>
<h3>Features</h3>
<ul>
<li>Eventually and Consistently that are passed a SpecContext can provide reports when an interrupt occurs [0d063c9]</li>
</ul>
<h2>v1.21.0</h2>
<h2>1.21.0</h2>
<h3>Features</h3>
<ul>
<li>Eventually and Consistently can take a context.Context [65c01bc]
This enables integration with Ginkgo 2.3.0's interruptible nodes and node timeouts.</li>
<li>Introduces Eventually.Within.ProbeEvery with tests and documentation (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/591">#591</a>) [f633800]</li>
<li>New BeKeyOf matcher with documentation and unit tests (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/590">#590</a>) [fb586b3]</li>
</ul>
<h2>Fixes</h2>
<ul>
<li>Cover the entire gmeasure suite with leak detection [8c54344]</li>
<li>Fix gmeasure leak [119d4ce]</li>
<li>Ignore new Ginkgo ProgressSignal goroutine in gleak [ba548e2]</li>
</ul>
<h2>Maintenance</h2>
<ul>
<li>Fixes crashes on newer Ruby 3 installations by upgrading github-pages gem dependency (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/596">#596</a>) [12469a0]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/onsi/gomega/blob/master/CHANGELOG.md">github.com/onsi/gomega's changelog</a>.</em></p>
<blockquote>
<h2>v1.21.1</h2>
<h3>Features</h3>
<ul>
<li>Eventually and Consistently that are passed a SpecContext can provide reports when an interrupt occurs [0d063c9]</li>
</ul>
<h2>1.21.0</h2>
<h3>Features</h3>
<ul>
<li>Eventually and Consistently can take a context.Context [65c01bc]
This enables integration with Ginkgo 2.3.0's interruptible nodes and node timeouts.</li>
<li>Introduces Eventually.Within.ProbeEvery with tests and documentation (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/591">#591</a>) [f633800]</li>
<li>New BeKeyOf matcher with documentation and unit tests (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/590">#590</a>) [fb586b3]</li>
</ul>
<h2>Fixes</h2>
<ul>
<li>Cover the entire gmeasure suite with leak detection [8c54344]</li>
<li>Fix gmeasure leak [119d4ce]</li>
<li>Ignore new Ginkgo ProgressSignal goroutine in gleak [ba548e2]</li>
</ul>
<h2>Maintenance</h2>
<ul>
<li>Fixes crashes on newer Ruby 3 installations by upgrading github-pages gem dependency (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/596">#596</a>) [12469a0]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/onsi/gomega/commit/2e349791b418de459ab3ac4b8e01cd544ae75de0"><code>2e34979</code></a> v1.21.1</li>
<li><a href="https://github.com/onsi/gomega/commit/0d063c92419a649ab0af4ea734d511470702877d"><code>0d063c9</code></a> Eventually and Consistently that are passed a SpecContext can provide reports...</li>
<li><a href="https://github.com/onsi/gomega/commit/2ba576317ed0113fdc54f501e3d6c51ce1eec916"><code>2ba5763</code></a> v1.21.0</li>
<li><a href="https://github.com/onsi/gomega/commit/65c01bc09daf4de0dc1033aad4d503e12af10e9b"><code>65c01bc</code></a> Eventually and Consistently can take a context.Context</li>
<li><a href="https://github.com/onsi/gomega/commit/12469a020bc6d62ae3b34b009cf6d8a8f16bbbaf"><code>12469a0</code></a> fixes crashes on newer Ruby 3 installations by upgrading github-pages gem dep...</li>
<li><a href="https://github.com/onsi/gomega/commit/b8636ade4f58fa61c5c59e0fab994ed84794113a"><code>b8636ad</code></a> documentation updates for BeKeyOf and well-known non-leaky goroutines (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/592">#592</a>)</li>
<li><a href="https://github.com/onsi/gomega/commit/f633800f4d63d0c0023bace4f955c4a2869d362b"><code>f633800</code></a> introduces Eventually.Within.ProbeEvery with tests and documentation (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/591">#591</a>)</li>
<li><a href="https://github.com/onsi/gomega/commit/fb586b3c862c647bdea6ca5fe5d7f60038015699"><code>fb586b3</code></a> new BeKeyOf matcher with documentation and unit tests (<a href="https://github-redirect.dependabot.com/onsi/gomega/issues/590">#590</a>)</li>
<li><a href="https://github.com/onsi/gomega/commit/647a36bc43f8c5ff3338789410456670b30177ba"><code>647a36b</code></a> welp; remove local Ginkgo replace directive in go.mod</li>
<li><a href="https://github.com/onsi/gomega/commit/8c54344b7bc6a1091fe7f1b674ae1cb9cccc850a"><code>8c54344</code></a> cover the entire gmeasure suite with leak detection</li>
<li>Additional commits viewable in <a href="https://github.com/onsi/gomega/compare/v1.20.2...v1.21.1">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/onsi/gomega&package-manager=go_modules&previous-version=1.20.2&new-version=1.21.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

* feat: Show permissions boundary policy name in app show (#4071)

This PR resolves #4064


By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* feat: Set ReadonlyRootFilesystem to true by default in manifest (#4062)

This PR resolves #4010


By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* chore: add description for creating Elastic IPs (#4084)

This resolves #4070 by adding entry for the creation of the elastic IPs in the progress tracker and showing failure early if there is any. 


By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

* chore: update recommended actions for missing credentials (#4089)

This removes link to AWS Go SDK and uses only link to AWS Copilot docs





By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

Co-authored-by: danny randall <10566468+dannyrandall@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Janice Huang <60631893+huanjani@users.noreply.github.com>
Co-authored-by: Parag Sanjay Bhingre <pbhingre@amazon.com>
Co-authored-by: KollaAdithya <71282729+KollaAdithya@users.noreply.github.com>
Co-authored-by: genbit <sergey@genbit.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KollaAdithya KollaAdithya Awaiting requested review from KollaAdithya KollaAdithya was automatically assigned from aws/aws-ecs-bdx

@huanjani huanjani Awaiting requested review from huanjani

3 more reviewers

@efekarakus efekarakus efekarakus approved these changes

@Lou1415926 Lou1415926 Lou1415926 left review comments

@dannyrandall dannyrandall dannyrandall approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@iamhopaul123 @codecov-commenter @efekarakus @dannyrandall @Lou1415926 @amazon-ecs-cli-v2-pr-manager