diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/EmrCreateClusterTestDefaultTestDeployAssert697DC891.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/EmrCreateClusterTestDefaultTestDeployAssert697DC891.assets.json new file mode 100644 index 0000000000000..eb3094e013ba1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/EmrCreateClusterTestDefaultTestDeployAssert697DC891.assets.json @@ -0,0 +1,19 @@ +{ + "version": "35.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "EmrCreateClusterTestDefaultTestDeployAssert697DC891.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/EmrCreateClusterTestDefaultTestDeployAssert697DC891.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/EmrCreateClusterTestDefaultTestDeployAssert697DC891.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/EmrCreateClusterTestDefaultTestDeployAssert697DC891.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/aws-cdk-emr-add-step-runtime-role.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/aws-cdk-emr-add-step-runtime-role.assets.json new file mode 100644 index 0000000000000..5ea9154dd1acb --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/aws-cdk-emr-add-step-runtime-role.assets.json @@ -0,0 +1,19 @@ +{ + "version": "35.0.0", + "files": { + "b0ad12ea0ccf78882a5f85949321e82fa339a67df23c0197b2e17d024ad472a4": { + "source": { + "path": "aws-cdk-emr-add-step-runtime-role.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "b0ad12ea0ccf78882a5f85949321e82fa339a67df23c0197b2e17d024ad472a4.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/aws-cdk-emr-add-step-runtime-role.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/aws-cdk-emr-add-step-runtime-role.template.json new file mode 100644 index 0000000000000..9033231bdb9a2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/aws-cdk-emr-add-step-runtime-role.template.json @@ -0,0 +1,860 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "Tags": [ + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1RouteTableAssociation97140677" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet2EIP3C605A87": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2NATGateway9182C01D": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet2EIP3C605A87", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + "Tags": [ + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTableAssociationDD5762D8" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "for-use-with-amazon-emr-managed-policies", + "Value": "true" + }, + { + "Key": "Name", + "Value": "aws-cdk-emr-add-step-runtime-role/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "EmrSecurityConfiguration": { + "Type": "AWS::EMR::SecurityConfiguration", + "Properties": { + "Name": "AddStepRuntimeRoleSecConfig", + "SecurityConfiguration": { + "AuthorizationConfiguration": { + "IAMConfiguration": { + "EnableApplicationScopedIAMRole": true, + "ApplicationScopedIAMRoleConfiguration": { + "PropagateSourceIdentity": true + } + }, + "LakeFormationConfiguration": { + "AuthorizedSessionTagValue": "Amazon EMR" + } + } + } + } + }, + "EmrCreateClusterServiceRole5251910D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "elasticmapreduce.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEMRServicePolicy_v2" + ] + ] + } + ] + } + }, + "EmrCreateClusterServiceRoleDefaultPolicyA8B4FA32": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "EmrCreateClusterInstanceRoleC80466F5", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "EmrCreateClusterServiceRoleDefaultPolicyA8B4FA32", + "Roles": [ + { + "Ref": "EmrCreateClusterServiceRole5251910D" + } + ] + } + }, + "EmrCreateClusterInstanceRoleC80466F5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "EmrCreateClusterInstanceProfileC1729180": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "InstanceProfileName": { + "Ref": "EmrCreateClusterInstanceRoleC80466F5" + }, + "Roles": [ + { + "Ref": "EmrCreateClusterInstanceRoleC80466F5" + } + ] + } + }, + "EmrExecutionRoleF584820F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "EmrCreateClusterInstanceRoleC80466F5", + "Arn" + ] + } + } + }, + { + "Action": "sts:SetSourceIdentity", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "EmrCreateClusterInstanceRoleC80466F5", + "Arn" + ] + } + } + }, + { + "Action": "sts:TagSession", + "Condition": { + "StringEquals": { + "aws:RequestTag/LakeFormationAuthorizedCaller": "Amazon EMR" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "EmrCreateClusterInstanceRoleC80466F5", + "Arn" + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "StateMachineRoleB840431D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "StateMachineRoleDefaultPolicyDF1E6607": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "elasticmapreduce:AddTags", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:RunJobFlow", + "elasticmapreduce:TerminateJobFlows" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "EmrCreateClusterInstanceRoleC80466F5", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "EmrCreateClusterServiceRole5251910D", + "Arn" + ] + } + ] + }, + { + "Action": [ + "elasticmapreduce:AddJobFlowSteps", + "elasticmapreduce:AddTags", + "elasticmapreduce:CancelSteps", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeStep", + "elasticmapreduce:TerminateJobFlows" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticmapreduce:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster/*" + ] + ] + } + }, + { + "Action": [ + "events:DescribeRule", + "events:PutRule", + "events:PutTargets" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventForEMRAddJobFlowStepsRule" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventForEMRRunJobFlowRule" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventForEMRTerminateJobFlowsRule" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "StateMachineRoleDefaultPolicyDF1E6607", + "Roles": [ + { + "Ref": "StateMachineRoleB840431D" + } + ] + } + }, + "StateMachine2E01A3A5": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"EmrCreateCluster\",\"States\":{\"EmrCreateCluster\":{\"Next\":\"EmrAddStep\",\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::elasticmapreduce:createCluster.sync\",\"Parameters\":{\"Instances\":{\"Ec2SubnetId\":\"", + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "\",\"InstanceFleets\":[{\"InstanceFleetType\":\"MASTER\",\"InstanceTypeConfigs\":[{\"InstanceType\":\"m5.xlarge\"}],\"TargetOnDemandCapacity\":1}],\"KeepJobFlowAliveWhenNoSteps\":true},\"JobFlowRole\":\"", + { + "Ref": "EmrCreateClusterInstanceRoleC80466F5" + }, + "\",\"Name\":\"Cluster\",\"ServiceRole\":\"", + { + "Ref": "EmrCreateClusterServiceRole5251910D" + }, + "\",\"Applications\":[{\"Name\":\"Spark\"}],\"ReleaseLabel\":\"emr-6.13.0\",\"SecurityConfiguration\":\"AddStepRuntimeRoleSecConfig\",\"Tags\":[{\"Key\":\"Key\",\"Value\":\"Value\"},{\"Key\":\"for-use-with-amazon-emr-managed-policies\",\"Value\":\"true\"}],\"VisibleToAllUsers\":true}},\"EmrAddStep\":{\"Next\":\"EmrTerminateCluster\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::elasticmapreduce:addStep.sync\",\"Parameters\":{\"ClusterId.$\":\"$.Cluster.Id\",\"ExecutionRoleArn\":\"", + { + "Fn::GetAtt": [ + "EmrExecutionRoleF584820F", + "Arn" + ] + }, + "\",\"Step\":{\"Name\":\"AddStepRuntimeRoleIntTest\",\"ActionOnFailure\":\"TERMINATE_CLUSTER\",\"HadoopJarStep\":{\"Jar\":\"command-runner.jar\",\"Args\":[\"spark-example\",\"SparkPi\",\"1\"]}}}},\"EmrTerminateCluster\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::elasticmapreduce:terminateCluster.sync\",\"Parameters\":{\"ClusterId.$\":\"$.Cluster.Id\"}}}}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRoleB840431D", + "Arn" + ] + } + }, + "DependsOn": [ + "StateMachineRoleDefaultPolicyDF1E6607", + "StateMachineRoleB840431D" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c5cb2e5de6344 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"35.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/integ.json new file mode 100644 index 0000000000000..9de79234d84a2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "35.0.0", + "testCases": { + "EmrCreateClusterTest/DefaultTest": { + "stacks": [ + "aws-cdk-emr-add-step-runtime-role" + ], + "assertionStack": "EmrCreateClusterTest/DefaultTest/DeployAssert", + "assertionStackName": "EmrCreateClusterTestDefaultTestDeployAssert697DC891" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/manifest.json new file mode 100644 index 0000000000000..b55cd0bf9239a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/manifest.json @@ -0,0 +1,299 @@ +{ + "version": "35.0.0", + "artifacts": { + "aws-cdk-emr-add-step-runtime-role.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-emr-add-step-runtime-role.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-emr-add-step-runtime-role": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-emr-add-step-runtime-role.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b0ad12ea0ccf78882a5f85949321e82fa339a67df23c0197b2e17d024ad472a4.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-emr-add-step-runtime-role.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-emr-add-step-runtime-role.assets" + ], + "metadata": { + "/aws-cdk-emr-add-step-runtime-role/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1EIPD7E02669" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1NATGateway4D7517AA" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2EIP3C605A87" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2NATGateway9182C01D" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1Subnet536B997A" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableB2C5B500" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableAssociation70C59FA6" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1DefaultRouteBE02A9ED" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableA678073B" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2DefaultRoute060D2087" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/aws-cdk-emr-add-step-runtime-role/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/aws-cdk-emr-add-step-runtime-role/EmrSecurityConfiguration": [ + { + "type": "aws:cdk:logicalId", + "data": "EmrSecurityConfiguration" + } + ], + "/aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EmrCreateClusterServiceRole5251910D" + } + ], + "/aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EmrCreateClusterServiceRoleDefaultPolicyA8B4FA32" + } + ], + "/aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/InstanceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EmrCreateClusterInstanceRoleC80466F5" + } + ], + "/aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "EmrCreateClusterInstanceProfileC1729180" + } + ], + "/aws-cdk-emr-add-step-runtime-role/EmrExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EmrExecutionRoleF584820F" + } + ], + "/aws-cdk-emr-add-step-runtime-role/StateMachine/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "StateMachineRoleB840431D" + } + ], + "/aws-cdk-emr-add-step-runtime-role/StateMachine/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "StateMachineRoleDefaultPolicyDF1E6607" + } + ], + "/aws-cdk-emr-add-step-runtime-role/StateMachine/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "StateMachine2E01A3A5" + } + ], + "/aws-cdk-emr-add-step-runtime-role/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-emr-add-step-runtime-role/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-emr-add-step-runtime-role" + }, + "EmrCreateClusterTestDefaultTestDeployAssert697DC891.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "EmrCreateClusterTestDefaultTestDeployAssert697DC891.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "EmrCreateClusterTestDefaultTestDeployAssert697DC891": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "EmrCreateClusterTestDefaultTestDeployAssert697DC891.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "EmrCreateClusterTestDefaultTestDeployAssert697DC891.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "EmrCreateClusterTestDefaultTestDeployAssert697DC891.assets" + ], + "metadata": { + "/EmrCreateClusterTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/EmrCreateClusterTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "EmrCreateClusterTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/tree.json new file mode 100644 index 0000000000000..13071594c3743 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.js.snapshot/tree.json @@ -0,0 +1,1369 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-emr-add-step-runtime-role": { + "id": "aws-cdk-emr-add-step-runtime-role", + "path": "aws-cdk-emr-add-step-runtime-role", + "children": { + "Vpc": { + "id": "Vpc", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "tags": [ + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet2EIP3C605A87", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + "tags": [ + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet2NATGateway9182C01D" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "for-use-with-amazon-emr-managed-policies", + "value": "true" + }, + { + "key": "Name", + "value": "aws-cdk-emr-add-step-runtime-role/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "aws-cdk-emr-add-step-runtime-role/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "EmrSecurityConfiguration": { + "id": "EmrSecurityConfiguration", + "path": "aws-cdk-emr-add-step-runtime-role/EmrSecurityConfiguration", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EMR::SecurityConfiguration", + "aws:cdk:cloudformation:props": { + "name": "AddStepRuntimeRoleSecConfig", + "securityConfiguration": { + "AuthorizationConfiguration": { + "IAMConfiguration": { + "EnableApplicationScopedIAMRole": true, + "ApplicationScopedIAMRoleConfiguration": { + "PropagateSourceIdentity": true + } + }, + "LakeFormationConfiguration": { + "AuthorizedSessionTagValue": "Amazon EMR" + } + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_emr.CfnSecurityConfiguration", + "version": "0.0.0" + } + }, + "EmrCreateCluster": { + "id": "EmrCreateCluster", + "path": "aws-cdk-emr-add-step-runtime-role/EmrCreateCluster", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "elasticmapreduce.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonEMRServicePolicy_v2" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "EmrCreateClusterInstanceRoleC80466F5", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "EmrCreateClusterServiceRoleDefaultPolicyA8B4FA32", + "roles": [ + { + "Ref": "EmrCreateClusterServiceRole5251910D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceRole": { + "id": "InstanceRole", + "path": "aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/InstanceRole", + "children": { + "ImportInstanceRole": { + "id": "ImportInstanceRole", + "path": "aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/InstanceRole/ImportInstanceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/InstanceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "aws-cdk-emr-add-step-runtime-role/EmrCreateCluster/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "instanceProfileName": { + "Ref": "EmrCreateClusterInstanceRoleC80466F5" + }, + "roles": [ + { + "Ref": "EmrCreateClusterInstanceRoleC80466F5" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.TaskStateBase", + "version": "0.0.0" + } + }, + "EmrExecutionRole": { + "id": "EmrExecutionRole", + "path": "aws-cdk-emr-add-step-runtime-role/EmrExecutionRole", + "children": { + "ImportEmrExecutionRole": { + "id": "ImportEmrExecutionRole", + "path": "aws-cdk-emr-add-step-runtime-role/EmrExecutionRole/ImportEmrExecutionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-emr-add-step-runtime-role/EmrExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "EmrCreateClusterInstanceRoleC80466F5", + "Arn" + ] + } + } + }, + { + "Action": "sts:SetSourceIdentity", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "EmrCreateClusterInstanceRoleC80466F5", + "Arn" + ] + } + } + }, + { + "Action": "sts:TagSession", + "Condition": { + "StringEquals": { + "aws:RequestTag/LakeFormationAuthorizedCaller": "Amazon EMR" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "EmrCreateClusterInstanceRoleC80466F5", + "Arn" + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "EmrAddStep": { + "id": "EmrAddStep", + "path": "aws-cdk-emr-add-step-runtime-role/EmrAddStep", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.TaskStateBase", + "version": "0.0.0" + } + }, + "EmrTerminateCluster": { + "id": "EmrTerminateCluster", + "path": "aws-cdk-emr-add-step-runtime-role/EmrTerminateCluster", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EmrTerminateCluster", + "version": "0.0.0" + } + }, + "StateMachine": { + "id": "StateMachine", + "path": "aws-cdk-emr-add-step-runtime-role/StateMachine", + "children": { + "Role": { + "id": "Role", + "path": "aws-cdk-emr-add-step-runtime-role/StateMachine/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-cdk-emr-add-step-runtime-role/StateMachine/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-emr-add-step-runtime-role/StateMachine/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-emr-add-step-runtime-role/StateMachine/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-emr-add-step-runtime-role/StateMachine/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "elasticmapreduce:AddTags", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:RunJobFlow", + "elasticmapreduce:TerminateJobFlows" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "EmrCreateClusterInstanceRoleC80466F5", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "EmrCreateClusterServiceRole5251910D", + "Arn" + ] + } + ] + }, + { + "Action": [ + "elasticmapreduce:AddJobFlowSteps", + "elasticmapreduce:AddTags", + "elasticmapreduce:CancelSteps", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeStep", + "elasticmapreduce:TerminateJobFlows" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticmapreduce:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster/*" + ] + ] + } + }, + { + "Action": [ + "events:DescribeRule", + "events:PutRule", + "events:PutTargets" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventForEMRAddJobFlowStepsRule" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventForEMRRunJobFlowRule" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventForEMRTerminateJobFlowsRule" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "StateMachineRoleDefaultPolicyDF1E6607", + "roles": [ + { + "Ref": "StateMachineRoleB840431D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-emr-add-step-runtime-role/StateMachine/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::StepFunctions::StateMachine", + "aws:cdk:cloudformation:props": { + "definitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"EmrCreateCluster\",\"States\":{\"EmrCreateCluster\":{\"Next\":\"EmrAddStep\",\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::elasticmapreduce:createCluster.sync\",\"Parameters\":{\"Instances\":{\"Ec2SubnetId\":\"", + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "\",\"InstanceFleets\":[{\"InstanceFleetType\":\"MASTER\",\"InstanceTypeConfigs\":[{\"InstanceType\":\"m5.xlarge\"}],\"TargetOnDemandCapacity\":1}],\"KeepJobFlowAliveWhenNoSteps\":true},\"JobFlowRole\":\"", + { + "Ref": "EmrCreateClusterInstanceRoleC80466F5" + }, + "\",\"Name\":\"Cluster\",\"ServiceRole\":\"", + { + "Ref": "EmrCreateClusterServiceRole5251910D" + }, + "\",\"Applications\":[{\"Name\":\"Spark\"}],\"ReleaseLabel\":\"emr-6.13.0\",\"SecurityConfiguration\":\"AddStepRuntimeRoleSecConfig\",\"Tags\":[{\"Key\":\"Key\",\"Value\":\"Value\"},{\"Key\":\"for-use-with-amazon-emr-managed-policies\",\"Value\":\"true\"}],\"VisibleToAllUsers\":true}},\"EmrAddStep\":{\"Next\":\"EmrTerminateCluster\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::elasticmapreduce:addStep.sync\",\"Parameters\":{\"ClusterId.$\":\"$.Cluster.Id\",\"ExecutionRoleArn\":\"", + { + "Fn::GetAtt": [ + "EmrExecutionRoleF584820F", + "Arn" + ] + }, + "\",\"Step\":{\"Name\":\"AddStepRuntimeRoleIntTest\",\"ActionOnFailure\":\"TERMINATE_CLUSTER\",\"HadoopJarStep\":{\"Jar\":\"command-runner.jar\",\"Args\":[\"spark-example\",\"SparkPi\",\"1\"]}}}},\"EmrTerminateCluster\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::elasticmapreduce:terminateCluster.sync\",\"Parameters\":{\"ClusterId.$\":\"$.Cluster.Id\"}}}}" + ] + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "StateMachineRoleB840431D", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.CfnStateMachine", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.StateMachine", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-emr-add-step-runtime-role/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-emr-add-step-runtime-role/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "EmrCreateClusterTest": { + "id": "EmrCreateClusterTest", + "path": "EmrCreateClusterTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "EmrCreateClusterTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "EmrCreateClusterTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "EmrCreateClusterTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "EmrCreateClusterTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "EmrCreateClusterTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.ts new file mode 100644 index 0000000000000..ef9ce254fc70a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emr/integ.emr-create-cluster-add-step-runtime-role.ts @@ -0,0 +1,133 @@ +import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as emr from 'aws-cdk-lib/aws-emr'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks'; +import { App, Stack, Tags } from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +/* + * Create a state machine with an EMR cluster and add a step that uses a runtime role. + * + * Stack verification steps: + * The generated State Machine can be executed from the CLI (or Step Functions console) + * and runs with an execution status of `Succeeded`. + * + * -- aws stepfunctions start-execution --state-machine-arn provides execution arn + * -- aws stepfunctions describe-execution --execution-arn returns a status of `Succeeded` + */ + +const app = new App(); +const stack = new Stack(app, 'aws-cdk-emr-add-step-runtime-role'); + +const vpc = new ec2.Vpc(stack, 'Vpc', { restrictDefaultSecurityGroup: false }); +// https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html#manually-tagged-resources +Tags.of(vpc).add('for-use-with-amazon-emr-managed-policies', 'true'); + +const cfnSecurityConfiguration = new emr.CfnSecurityConfiguration(stack, 'EmrSecurityConfiguration', { + name: 'AddStepRuntimeRoleSecConfig', + securityConfiguration: JSON.parse(` + { + "AuthorizationConfiguration": { + "IAMConfiguration": { + "EnableApplicationScopedIAMRole": true, + "ApplicationScopedIAMRoleConfiguration": + { + "PropagateSourceIdentity": true + } + }, + "LakeFormationConfiguration": { + "AuthorizedSessionTagValue": "Amazon EMR" + } + } + }`), +}); + +const createClusterStep = new tasks.EmrCreateCluster(stack, 'EmrCreateCluster', { + instances: { + instanceFleets: [ + { + instanceFleetType: tasks.EmrCreateCluster.InstanceRoleType.MASTER, + instanceTypeConfigs: [ + { + instanceType: 'm5.xlarge', + }, + ], + targetOnDemandCapacity: 1, + }, + ], + ec2SubnetId: vpc.publicSubnets[0].subnetId, + }, + name: 'Cluster', + releaseLabel: 'emr-6.13.0', + integrationPattern: sfn.IntegrationPattern.RUN_JOB, + tags: { + 'Key': 'Value', + 'for-use-with-amazon-emr-managed-policies': 'true', + }, + securityConfiguration: cfnSecurityConfiguration.name, + applications: [ + { + name: 'Spark', + }, + ], +}); + +const executionRole = new iam.Role(stack, 'EmrExecutionRole', { + assumedBy: new iam.ArnPrincipal(createClusterStep.clusterRole.roleArn), +}); + +executionRole.assumeRolePolicy?.addStatements( + new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + principals: [ + createClusterStep.clusterRole, + ], + actions: [ + 'sts:SetSourceIdentity', + ], + }), + new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + principals: [ + createClusterStep.clusterRole, + ], + actions: [ + 'sts:TagSession', + ], + conditions: { + StringEquals: { + 'aws:RequestTag/LakeFormationAuthorizedCaller': 'Amazon EMR', + }, + }, + }), +); + +const addStepStep = new tasks.EmrAddStep(stack, 'EmrAddStep', { + resultPath: sfn.JsonPath.DISCARD, // pass cluster id to terminate step + clusterId: sfn.JsonPath.stringAt('$.Cluster.Id'), + name: 'AddStepRuntimeRoleIntTest', + jar: 'command-runner.jar', + args: [ + 'spark-example', + 'SparkPi', + '1', + ], + executionRoleArn: executionRole.roleArn, + actionOnFailure: tasks.ActionOnFailure.TERMINATE_CLUSTER, +}); + +const terminationStep = new tasks.EmrTerminateCluster(stack, 'EmrTerminateCluster', { + clusterId: sfn.JsonPath.stringAt('$.Cluster.Id'), + integrationPattern: sfn.IntegrationPattern.RUN_JOB, +}); + +const definition = createClusterStep.next(addStepStep).next(terminationStep); + +new sfn.StateMachine(stack, 'StateMachine', { + definition, +}); + +new IntegTest(app, 'EmrCreateClusterTest', { + testCases: [stack], +}); diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md index 8f32286484f39..79dd04ba3315f 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md @@ -660,6 +660,78 @@ new tasks.EmrAddStep(this, 'Task', { }); ``` +To specify a custom runtime role use the `executionRoleArn` property. + +**Note:** The EMR cluster must be created with a security configuration and the runtime role must have a specific trust policy. +See this [blog post](https://aws.amazon.com/blogs/big-data/introducing-runtime-roles-for-amazon-emr-steps-use-iam-roles-and-aws-lake-formation-for-access-control-with-amazon-emr/) for more details. + +```ts +import * as emr from 'aws-cdk-lib/aws-emr'; + +const cfnSecurityConfiguration = new emr.CfnSecurityConfiguration(this, 'EmrSecurityConfiguration', { + name: 'AddStepRuntimeRoleSecConfig', + securityConfiguration: JSON.parse(` + { + "AuthorizationConfiguration": { + "IAMConfiguration": { + "EnableApplicationScopedIAMRole": true, + "ApplicationScopedIAMRoleConfiguration": + { + "PropagateSourceIdentity": true + } + }, + "LakeFormationConfiguration": { + "AuthorizedSessionTagValue": "Amazon EMR" + } + } + }`), +}); + +const task = new tasks.EmrCreateCluster(this, 'Create Cluster', { + instances: {}, + name: sfn.TaskInput.fromJsonPathAt('$.ClusterName').value, + securityConfiguration: cfnSecurityConfiguration.name, +}); + +const executionRole = new iam.Role(this, 'Role', { + assumedBy: new iam.ArnPrincipal(task.clusterRole.roleArn), +}); + +executionRole.assumeRolePolicy?.addStatements( + new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + principals: [ + task.clusterRole, + ], + actions: [ + 'sts:SetSourceIdentity', + ], + }), + new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + principals: [ + task.clusterRole, + ], + actions: [ + 'sts:TagSession', + ], + conditions: { + StringEquals: { + 'aws:RequestTag/LakeFormationAuthorizedCaller': 'Amazon EMR', + }, + }, + }), +); + +new tasks.EmrAddStep(this, 'Task', { + clusterId: 'ClusterId', + executionRoleArn: executionRole.roleArn, + name: 'StepName', + jar: 'Jar', + actionOnFailure: tasks.ActionOnFailure.CONTINUE, +}); +``` + ### Cancel Step Cancels a pending step in a running cluster. diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/emr/emr-add-step.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/emr/emr-add-step.ts index b7373d0b95d9b..4be2b7bbd9c3f 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/emr/emr-add-step.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/emr/emr-add-step.ts @@ -89,6 +89,15 @@ export interface EmrAddStepProps extends sfn.TaskStateBaseProps { * @default - No properties */ readonly properties?: { [key: string]: string }; + + /** + * The Amazon Resource Name (ARN) of the runtime role for a step on the cluster. + * + * @see https://docs.aws.amazon.com/emr/latest/APIReference/API_AddJobFlowSteps.html#API_AddJobFlowSteps_RequestSyntax + * + * @default - Uses EC2 instance profile role + */ + readonly executionRoleArn?: string; } /** @@ -128,6 +137,7 @@ export class EmrAddStep extends sfn.TaskStateBase { Resource: integrationResourceArn('elasticmapreduce', 'addStep', this.integrationPattern), Parameters: sfn.FieldUtils.renderObject({ ClusterId: this.props.clusterId, + ExecutionRoleArn: this.props.executionRoleArn, Step: { Name: this.props.name, ActionOnFailure: this.actionOnFailure.valueOf(), diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emr/emr-add-step.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emr/emr-add-step.test.ts index 5e3e2b8674bb7..0b8e81daa4828 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emr/emr-add-step.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emr/emr-add-step.test.ts @@ -1,4 +1,5 @@ import { Template } from '../../../assertions'; +import * as iam from '../../../aws-iam'; import * as sfn from '../../../aws-stepfunctions'; import * as cdk from '../../../core'; import * as tasks from '../../lib'; @@ -49,6 +50,59 @@ test('Add Step with static ClusterId and Step configuration', () => { }); }); +test('Add Step with execution role ARN', () => { + const executionRole = new iam.Role(stack, 'Role', { + roleName: 'EmrStepExecutionRole', + // The actual trust policy required is more complicated. + // See https://aws.amazon.com/blogs/big-data/introducing-runtime-roles-for-amazon-emr-steps-use-iam-roles-and-aws-lake-formation-for-access-control-with-amazon-emr/ + assumedBy: new iam.ServicePrincipal('elasticmapreduce.amazonaws.com'), + }); + + // WHEN + const task = new tasks.EmrAddStep(stack, 'Task', { + clusterId: 'ClusterId', + name: 'StepName', + jar: 'Jar', + actionOnFailure: tasks.ActionOnFailure.CONTINUE, + integrationPattern: sfn.IntegrationPattern.RUN_JOB, + executionRoleArn: executionRole.roleArn, + }); + + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':states:::elasticmapreduce:addStep.sync', + ], + ], + }, + End: true, + Parameters: { + ClusterId: 'ClusterId', + ExecutionRoleArn: { + 'Fn::GetAtt': [ + 'Role1ABCC5F0', + 'Arn', + ], + }, + Step: { + Name: 'StepName', + ActionOnFailure: 'CONTINUE', + HadoopJarStep: { + Jar: 'Jar', + }, + }, + }, + }); +}); + test('Terminate cluster with ClusterId from payload and static Step configuration', () => { // WHEN const task = new tasks.EmrAddStep(stack, 'Task', { diff --git a/packages/aws-cdk-lib/awslint.json b/packages/aws-cdk-lib/awslint.json index 93e13f1dc2642..6d19ae862876e 100644 --- a/packages/aws-cdk-lib/awslint.json +++ b/packages/aws-cdk-lib/awslint.json @@ -58,6 +58,7 @@ "construct-ctor-props-optional:aws-cdk-lib.aws_stepfunctions.StateMachine", "props-no-arn-refs:aws-cdk-lib.aws_stepfunctions_tasks.BatchSubmitJobProps.jobDefinitionArn", "props-no-arn-refs:aws-cdk-lib.aws_stepfunctions_tasks.BatchSubmitJobProps.jobQueueArn", + "props-no-arn-refs:aws-cdk-lib.aws_stepfunctions_tasks.EmrAddStepProps.executionRoleArn", "props-no-cfn-types:aws-cdk-lib.cloudformation_include.CfnIncludeProps.loadNestedStacks", "construct-ctor-props-optional:aws-cdk-lib.custom_resources.AwsCustomResource", "props-physical-name:aws-cdk-lib.CustomResourceProps",