diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 90e156bcfac3d..fd13953bc012b 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.139.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.138.0-alpha.0...v2.139.0-alpha.0) (2024-04-24) + ## [2.138.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.137.0-alpha.0...v2.138.0-alpha.0) (2024-04-18) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 9b356857db6e0..75407514eb4b9 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,31 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.139.0](https://github.com/aws/aws-cdk/compare/v2.138.0...v2.139.0) (2024-04-24) + + +### Features + +* **appconfig:** constrain environments to a single deployment at a time ([#29500](https://github.com/aws/aws-cdk/issues/29500)) ([3dd834d](https://github.com/aws/aws-cdk/commit/3dd834d66a9345eaab372a9dd59e673e52c86d7e)), closes [#29345](https://github.com/aws/aws-cdk/issues/29345) +* **ecs:** support `pidMode` for `FargateTaskDefinition` ([#29670](https://github.com/aws/aws-cdk/issues/29670)) ([ed75b16](https://github.com/aws/aws-cdk/commit/ed75b160f86b266a256ed7dd347dc54a34b937d0)), closes [#29619](https://github.com/aws/aws-cdk/issues/29619) +* **ecs:** support adding docker labels after container construction ([#29734](https://github.com/aws/aws-cdk/issues/29734)) ([8e215b3](https://github.com/aws/aws-cdk/commit/8e215b3c740efa260e18dab9cd30c487c822f3ef)), closes [#29728](https://github.com/aws/aws-cdk/issues/29728) +* **efs:** replicating file systems ([#29347](https://github.com/aws/aws-cdk/issues/29347)) ([a15dc93](https://github.com/aws/aws-cdk/commit/a15dc939c8d3ba3ac0f20b4a78ec7d403cde56bd)), closes [#21455](https://github.com/aws/aws-cdk/issues/21455) +* **ses-actions:** `WorkMail` rule action ([#29854](https://github.com/aws/aws-cdk/issues/29854)) ([6fdc458](https://github.com/aws/aws-cdk/commit/6fdc4582f659549021a64a4d676fce12fc241715)) +* update L1 CloudFormation resource definitions ([#29924](https://github.com/aws/aws-cdk/issues/29924)) ([27b7a45](https://github.com/aws/aws-cdk/commit/27b7a4529bc23b068d338b937e08c92ab4a0f962)) + + +### Bug Fixes + +* **CLI:** `diff --template` crashes ([#29896](https://github.com/aws/aws-cdk/issues/29896)) ([466f170](https://github.com/aws/aws-cdk/commit/466f170af409d0c9c44f0f03a6eb5a72553db29b)), closes [#29890](https://github.com/aws/aws-cdk/issues/29890) +* **CLI:** bootstrap shows no hotswap changes when there are no changes ([#29877](https://github.com/aws/aws-cdk/issues/29877)) ([2126ee5](https://github.com/aws/aws-cdk/commit/2126ee5b1eac4bce2d085b1a9bd27a65eb33b137)), closes [#25736](https://github.com/aws/aws-cdk/issues/25736) +* **custom-resource-handler:** auto-delete-[objects|images] breaks on cloudformation rollback ([#29581](https://github.com/aws/aws-cdk/issues/29581)) ([69ea52f](https://github.com/aws/aws-cdk/commit/69ea52f6e2b82dfe65c33d119f7ab998f367c6bf)) +* **custom-resources:** cannot set logging for state machine generated in CompleteHandler ([#28706](https://github.com/aws/aws-cdk/issues/28706)) ([99041b2](https://github.com/aws/aws-cdk/commit/99041b29fa00cad6c7dbdc19685866add3e1243e)), closes [#27283](https://github.com/aws/aws-cdk/issues/27283) [#28577](https://github.com/aws/aws-cdk/issues/28577) [#28744](https://github.com/aws/aws-cdk/issues/28744) [#27310](https://github.com/aws/aws-cdk/issues/27310) [#28699](https://github.com/aws/aws-cdk/issues/28699) [#28587](https://github.com/aws/aws-cdk/issues/28587) +* **eks:** incorrect nodegroupName(under feature flag) ([#29794](https://github.com/aws/aws-cdk/issues/29794)) ([8bb8c55](https://github.com/aws/aws-cdk/commit/8bb8c5579108e8b80e465049c2a28c5c10c70b09)) +* **elasticloadbalancingv2:** crossZoneEnabled does not support false for ALB ([#29907](https://github.com/aws/aws-cdk/issues/29907)) ([f6c902e](https://github.com/aws/aws-cdk/commit/f6c902e701b3a8283a5d9a9fb136e3321d7bf61e)) +* **events-targets:** `ApiGateway` events target should accept IRestApi ([#29397](https://github.com/aws/aws-cdk/issues/29397)) ([8e1fefd](https://github.com/aws/aws-cdk/commit/8e1fefd81c6531063eba94f352a2b6d12c87810b)), closes [#16423](https://github.com/aws/aws-cdk/issues/16423) [/github.com/aws/aws-cdk/pull/16542#discussion_r713676896](https://github.com/aws//github.com/aws/aws-cdk/pull/16542/issues/discussion_r713676896) [/github.com/aws/aws-cdk/pull/16542#issuecomment-925051255](https://github.com/aws//github.com/aws/aws-cdk/pull/16542/issues/issuecomment-925051255) +* **s3-notifications:** cdk destroy deletes external/existing s3 notification events ([#29939](https://github.com/aws/aws-cdk/issues/29939)) ([7360a88](https://github.com/aws/aws-cdk/commit/7360a885e6282ad28b4ae72f9ae92a6bcda88b15)) +* **ses-actions:** permissions too wide for S3 action ([#29833](https://github.com/aws/aws-cdk/issues/29833)) ([2da544f](https://github.com/aws/aws-cdk/commit/2da544feeeda68a379f0f79f18e138b9640c1691)), closes [#29811](https://github.com/aws/aws-cdk/issues/29811) [#29823](https://github.com/aws/aws-cdk/issues/29823) [/docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html#receiving-email-permissions-s3](https://github.com/aws//docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html/issues/receiving-email-permissions-s3) + ## [2.138.0](https://github.com/aws/aws-cdk/compare/v2.137.0...v2.138.0) (2024-04-18) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js new file mode 100644 index 0000000000000..9271364bb7e49 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js @@ -0,0 +1,156 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwrQkFBK0I7QUFDL0IsMkJBQTJCO0FBRTNCLGlCQUFpQjtBQUNKLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGVBQWUsRUFBRSxzQkFBc0I7SUFDdkMsR0FBRyxFQUFFLFVBQVU7SUFDZixrQkFBa0IsRUFBRSxJQUFJO0lBQ3hCLGdCQUFnQixFQUFFLFNBQVM7Q0FDNUIsQ0FBQztBQUVGLE1BQU0sZ0NBQWdDLEdBQUcsd0RBQXdELENBQUM7QUFDbEcsTUFBTSwwQkFBMEIsR0FBRyw4REFBOEQsQ0FBQztBQVczRixLQUFLLFVBQVUsT0FBTyxDQUFDLEtBQWtELEVBQUUsT0FBMEI7SUFDMUcsTUFBTSxjQUFjLEdBQUcsRUFBRSxHQUFHLEtBQUssRUFBRSxXQUFXLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDeEQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxjQUFjLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFFM0QsdUVBQXVFO0lBQ3ZFLHVFQUF1RTtJQUN2RSxhQUFhO0lBQ2IsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsa0JBQWtCLEtBQUssZ0NBQWdDLEVBQUU7UUFDbkcsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsdURBQXVELENBQUMsQ0FBQztRQUN0RSxNQUFNLGNBQWMsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDdkMsT0FBTztLQUNSO0lBRUQsSUFBSTtRQUNGLHlFQUF5RTtRQUN6RSxpRUFBaUU7UUFDakUsd0NBQXdDO1FBQ3hDLGlFQUFpRTtRQUNqRSxNQUFNLFdBQVcsR0FBWSxPQUFPLENBQUMsZ0JBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLE9BQU8sQ0FBQztRQUN4RSxNQUFNLE1BQU0sR0FBRyxNQUFNLFdBQVcsQ0FBQyxjQUFjLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFMUQsdURBQXVEO1FBQ3ZELE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFFcEQsMkJBQTJCO1FBQzNCLE1BQU0sY0FBYyxDQUFDLFNBQVMsRUFBRSxhQUFhLENBQUMsQ0FBQztLQUNoRDtJQUFDLE9BQU8sQ0FBTSxFQUFFO1FBQ2YsTUFBTSxJQUFJLEdBQWE7WUFDckIsR0FBRyxLQUFLO1lBQ1IsTUFBTSxFQUFFLGdCQUFRLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPO1NBQzFELENBQUM7UUFFRixJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFO1lBQzVCLHlFQUF5RTtZQUN6RSxtRUFBbUU7WUFDbkUsd0VBQXdFO1lBQ3hFLHFFQUFxRTtZQUNyRSxnQ0FBZ0M7WUFDaEMsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRTtnQkFDbEMsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsNEdBQTRHLENBQUMsQ0FBQztnQkFDM0gsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGdDQUFnQyxDQUFDO2FBQzVEO2lCQUFNO2dCQUNMLGtFQUFrRTtnQkFDbEUsNkRBQTZEO2dCQUM3RCxnQkFBUSxDQUFDLEdBQUcsQ0FBQyw2REFBNkQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7YUFDcEc7U0FDRjtRQUVELG1FQUFtRTtRQUNuRSxNQUFNLGNBQWMsQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLENBQUM7S0FDdEM7QUFDSCxDQUFDO0FBbkRELDBCQW1EQztBQUVELFNBQVMsY0FBYyxDQUNyQixVQUF5RixFQUN6RixrQkFBMEMsRUFBRztJQUU3QyxzRUFBc0U7SUFDdEUsdUJBQXVCO0lBQ3ZCLE1BQU0sa0JBQWtCLEdBQUcsZUFBZSxDQUFDLGtCQUFrQixJQUFJLFVBQVUsQ0FBQyxrQkFBa0IsSUFBSSxVQUFVLENBQUMsU0FBUyxDQUFDO0lBRXZILGtFQUFrRTtJQUNsRSxJQUFJLFVBQVUsQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLGtCQUFrQixLQUFLLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRTtRQUMvRixNQUFNLElBQUksS0FBSyxDQUFDLHdEQUF3RCxVQUFVLENBQUMsa0JBQWtCLFNBQVMsZUFBZSxDQUFDLGtCQUFrQixtQkFBbUIsQ0FBQyxDQUFDO0tBQ3RLO0lBRUQsMERBQTBEO0lBQzFELE9BQU87UUFDTCxHQUFHLFVBQVU7UUFDYixHQUFHLGVBQWU7UUFDbEIsa0JBQWtCLEVBQUUsa0JBQWtCO0tBQ3ZDLENBQUM7QUFDSixDQUFDO0FBRUQsS0FBSyxVQUFVLGNBQWMsQ0FBQyxNQUE0QixFQUFFLEtBQWU7SUFDekUsTUFBTSxJQUFJLEdBQW1EO1FBQzNELE1BQU0sRUFBRSxNQUFNO1FBQ2QsTUFBTSxFQUFFLEtBQUssQ0FBQyxNQUFNLElBQUksTUFBTTtRQUM5QixPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87UUFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1FBQzFCLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSwwQkFBMEI7UUFDMUUsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtRQUMxQyxNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU07UUFDcEIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO0tBQ2pCLENBQUM7SUFFRixNQUFNLFNBQVMsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUMvQyxNQUFNLGNBQWMsR0FBRyxHQUFHLFNBQVMsQ0FBQyxRQUFRLEtBQUssU0FBUyxDQUFDLFFBQVEsSUFBSSxTQUFTLENBQUMsUUFBUSxNQUFNLENBQUM7SUFDaEcsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsbUNBQW1DLEVBQUUsY0FBYyxFQUFFLElBQUksQ0FBQyxDQUFDO0lBRXhFLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDMUMsTUFBTSxHQUFHLEdBQUc7UUFDVixRQUFRLEVBQUUsU0FBUyxDQUFDLFFBQVE7UUFDNUIsSUFBSSxFQUFFLFNBQVMsQ0FBQyxJQUFJO1FBQ3BCLE1BQU0sRUFBRSxLQUFLO1FBQ2IsT0FBTyxFQUFFO1lBQ1AsY0FBYyxFQUFFLEVBQUU7WUFDbEIsZ0JBQWdCLEVBQUUsTUFBTSxDQUFDLFVBQVUsQ0FBQyxZQUFZLEVBQUUsTUFBTSxDQUFDO1NBQzFEO0tBQ0YsQ0FBQztJQUVGLE1BQU0sWUFBWSxHQUFHO1FBQ25CLFFBQVEsRUFBRSxDQUFDO1FBQ1gsS0FBSyxFQUFFLElBQUk7S0FDWixDQUFDO0lBQ0YsTUFBTSxXQUFXLENBQUMsWUFBWSxFQUFFLGdCQUFRLENBQUMsZUFBZSxDQUFDLENBQUMsR0FBRyxFQUFFLFlBQVksQ0FBQyxDQUFDO0FBQy9FLENBQUM7QUFFRCxLQUFLLFVBQVUsc0JBQXNCLENBQUMsT0FBNkIsRUFBRSxXQUFtQjtJQUN0RixPQUFPLElBQUksT0FBTyxDQUFPLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO1FBQzNDLElBQUk7WUFDRixNQUFNLE9BQU8sR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxDQUFDLFFBQVEsRUFBRSxFQUFFO2dCQUNsRCxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQywrQ0FBK0M7Z0JBQ2xFLElBQUksQ0FBQyxRQUFRLENBQUMsVUFBVSxJQUFJLFFBQVEsQ0FBQyxVQUFVLElBQUksR0FBRyxFQUFFO29CQUN0RCxNQUFNLENBQUMsSUFBSSxLQUFLLENBQUMsK0JBQStCLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxDQUFDLENBQUM7aUJBQ3pFO3FCQUFNO29CQUNMLE9BQU8sRUFBRSxDQUFDO2lCQUNYO1lBQ0gsQ0FBQyxDQUFDLENBQUM7WUFDSCxPQUFPLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQztZQUM1QixPQUFPLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQzNCLE9BQU8sQ0FBQyxHQUFHLEVBQUUsQ0FBQztTQUNmO1FBQUMsT0FBTyxDQUFDLEVBQUU7WUFDVixNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDWDtJQUNILENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELFNBQVMsVUFBVSxDQUFDLEdBQVcsRUFBRSxHQUFHLE1BQWE7SUFDL0Msc0NBQXNDO0lBQ3RDLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEdBQUcsTUFBTSxDQUFDLENBQUM7QUFDOUIsQ0FBQztBQVNELFNBQWdCLFdBQVcsQ0FBMEIsT0FBcUIsRUFBRSxFQUE0QjtJQUN0RyxPQUFPLEtBQUssRUFBRSxHQUFHLEVBQUssRUFBRSxFQUFFO1FBQ3hCLElBQUksUUFBUSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQUM7UUFDaEMsSUFBSSxFQUFFLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQztRQUN2QixPQUFPLElBQUksRUFBRTtZQUNYLElBQUk7Z0JBQ0YsT0FBTyxNQUFNLEVBQUUsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO2FBQ3hCO1lBQUMsT0FBTyxDQUFDLEVBQUU7Z0JBQ1YsSUFBSSxRQUFRLEVBQUUsSUFBSSxDQUFDLEVBQUU7b0JBQ25CLE1BQU0sQ0FBQyxDQUFDO2lCQUNUO2dCQUNELE1BQU0sS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQzVDLEVBQUUsSUFBSSxDQUFDLENBQUM7YUFDVDtTQUNGO0lBQ0gsQ0FBQyxDQUFDO0FBQ0osQ0FBQztBQWhCRCxrQ0FnQkM7QUFFRCxLQUFLLFVBQVUsS0FBSyxDQUFDLEVBQVU7SUFDN0IsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQ2pELENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBodHRwcyBmcm9tICdodHRwcyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcblxuLy8gZm9yIHVuaXQgdGVzdHNcbmV4cG9ydCBjb25zdCBleHRlcm5hbCA9IHtcbiAgc2VuZEh0dHBSZXF1ZXN0OiBkZWZhdWx0U2VuZEh0dHBSZXF1ZXN0LFxuICBsb2c6IGRlZmF1bHRMb2csXG4gIGluY2x1ZGVTdGFja1RyYWNlczogdHJ1ZSxcbiAgdXNlckhhbmRsZXJJbmRleDogJy4vaW5kZXgnLFxufTtcblxuY29uc3QgQ1JFQVRFX0ZBSUxFRF9QSFlTSUNBTF9JRF9NQVJLRVIgPSAnQVdTQ0RLOjpDdXN0b21SZXNvdXJjZVByb3ZpZGVyRnJhbWV3b3JrOjpDUkVBVEVfRkFJTEVEJztcbmNvbnN0IE1JU1NJTkdfUEhZU0lDQUxfSURfTUFSS0VSID0gJ0FXU0NESzo6Q3VzdG9tUmVzb3VyY2VQcm92aWRlckZyYW1ld29yazo6TUlTU0lOR19QSFlTSUNBTF9JRCc7XG5cbmV4cG9ydCB0eXBlIFJlc3BvbnNlID0gQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCAmIEhhbmRsZXJSZXNwb25zZTtcbmV4cG9ydCB0eXBlIEhhbmRsZXIgPSAoZXZlbnQ6IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlRXZlbnQsIGNvbnRleHQ6IEFXU0xhbWJkYS5Db250ZXh0KSA9PiBQcm9taXNlPEhhbmRsZXJSZXNwb25zZSB8IHZvaWQ+O1xuZXhwb3J0IHR5cGUgSGFuZGxlclJlc3BvbnNlID0gdW5kZWZpbmVkIHwge1xuICBEYXRhPzogYW55O1xuICBQaHlzaWNhbFJlc291cmNlSWQ/OiBzdHJpbmc7XG4gIFJlYXNvbj86IHN0cmluZztcbiAgTm9FY2hvPzogYm9vbGVhbjtcbn07XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBoYW5kbGVyKGV2ZW50OiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50LCBjb250ZXh0OiBBV1NMYW1iZGEuQ29udGV4dCkge1xuICBjb25zdCBzYW5pdGl6ZWRFdmVudCA9IHsgLi4uZXZlbnQsIFJlc3BvbnNlVVJMOiAnLi4uJyB9O1xuICBleHRlcm5hbC5sb2coSlNPTi5zdHJpbmdpZnkoc2FuaXRpemVkRXZlbnQsIHVuZGVmaW5lZCwgMikpO1xuXG4gIC8vIGlnbm9yZSBERUxFVEUgZXZlbnQgd2hlbiB0aGUgcGh5c2ljYWwgcmVzb3VyY2UgSUQgaXMgdGhlIG1hcmtlciB0aGF0XG4gIC8vIGluZGljYXRlcyB0aGF0IHRoaXMgREVMRVRFIGlzIGEgc3Vic2VxdWVudCBERUxFVEUgdG8gYSBmYWlsZWQgQ1JFQVRFXG4gIC8vIG9wZXJhdGlvbi5cbiAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnRGVsZXRlJyAmJiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPT09IENSRUFURV9GQUlMRURfUEhZU0lDQUxfSURfTUFSS0VSKSB7XG4gICAgZXh0ZXJuYWwubG9nKCdpZ25vcmluZyBERUxFVEUgZXZlbnQgY2F1c2VkIGJ5IGEgZmFpbGVkIENSRUFURSBldmVudCcpO1xuICAgIGF3YWl0IHN1Ym1pdFJlc3BvbnNlKCdTVUNDRVNTJywgZXZlbnQpO1xuICAgIHJldHVybjtcbiAgfVxuXG4gIHRyeSB7XG4gICAgLy8gaW52b2tlIHRoZSB1c2VyIGhhbmRsZXIuIHRoaXMgaXMgaW50ZW50aW9uYWxseSBpbnNpZGUgdGhlIHRyeS1jYXRjaCB0b1xuICAgIC8vIGVuc3VyZSB0aGF0IGlmIHRoZXJlIGlzIGFuIGVycm9yIGl0J3MgcmVwb3J0ZWQgYXMgYSBmYWlsdXJlIHRvXG4gICAgLy8gY2xvdWRmb3JtYXRpb24gKG90aGVyd2lzZSBjZm4gd2FpdHMpLlxuICAgIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tcmVxdWlyZS1pbXBvcnRzXG4gICAgY29uc3QgdXNlckhhbmRsZXI6IEhhbmRsZXIgPSByZXF1aXJlKGV4dGVybmFsLnVzZXJIYW5kbGVySW5kZXgpLmhhbmRsZXI7XG4gICAgY29uc3QgcmVzdWx0ID0gYXdhaXQgdXNlckhhbmRsZXIoc2FuaXRpemVkRXZlbnQsIGNvbnRleHQpO1xuXG4gICAgLy8gdmFsaWRhdGUgdXNlciByZXNwb25zZSBhbmQgY3JlYXRlIHRoZSBjb21iaW5lZCBldmVudFxuICAgIGNvbnN0IHJlc3BvbnNlRXZlbnQgPSByZW5kZXJSZXNwb25zZShldmVudCwgcmVzdWx0KTtcblxuICAgIC8vIHN1Ym1pdCB0byBjZm4gYXMgc3VjY2Vzc1xuICAgIGF3YWl0IHN1Ym1pdFJlc3BvbnNlKCdTVUNDRVNTJywgcmVzcG9uc2VFdmVudCk7XG4gIH0gY2F0Y2ggKGU6IGFueSkge1xuICAgIGNvbnN0IHJlc3A6IFJlc3BvbnNlID0ge1xuICAgICAgLi4uZXZlbnQsXG4gICAgICBSZWFzb246IGV4dGVybmFsLmluY2x1ZGVTdGFja1RyYWNlcyA/IGUuc3RhY2sgOiBlLm1lc3NhZ2UsXG4gICAgfTtcblxuICAgIGlmICghcmVzcC5QaHlzaWNhbFJlc291cmNlSWQpIHtcbiAgICAgIC8vIHNwZWNpYWwgY2FzZTogaWYgQ1JFQVRFIGZhaWxzLCB3aGljaCB1c3VhbGx5IGltcGxpZXMsIHdlIHVzdWFsbHkgZG9uJ3RcbiAgICAgIC8vIGhhdmUgYSBwaHlzaWNhbCByZXNvdXJjZSBpZC4gaW4gdGhpcyBjYXNlLCB0aGUgc3Vic2VxdWVudCBERUxFVEVcbiAgICAgIC8vIG9wZXJhdGlvbiBkb2VzIG5vdCBoYXZlIGFueSBtZWFuaW5nLCBhbmQgd2lsbCBsaWtlbHkgZmFpbCBhcyB3ZWxsLiB0b1xuICAgICAgLy8gYWRkcmVzcyB0aGlzLCB3ZSB1c2UgYSBtYXJrZXIgc28gdGhlIHByb3ZpZGVyIGZyYW1ld29yayBjYW4gc2ltcGx5XG4gICAgICAvLyBpZ25vcmUgdGhlIHN1YnNlcXVlbnQgREVMRVRFLlxuICAgICAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnQ3JlYXRlJykge1xuICAgICAgICBleHRlcm5hbC5sb2coJ0NSRUFURSBmYWlsZWQsIHJlc3BvbmRpbmcgd2l0aCBhIG1hcmtlciBwaHlzaWNhbCByZXNvdXJjZSBpZCBzbyB0aGF0IHRoZSBzdWJzZXF1ZW50IERFTEVURSB3aWxsIGJlIGlnbm9yZWQnKTtcbiAgICAgICAgcmVzcC5QaHlzaWNhbFJlc291cmNlSWQgPSBDUkVBVEVfRkFJTEVEX1BIWVNJQ0FMX0lEX01BUktFUjtcbiAgICAgIH0gZWxzZSB7XG4gICAgICAgIC8vIG90aGVyd2lzZSwgaWYgUGh5c2ljYWxSZXNvdXJjZUlkIGlzIG5vdCBzcGVjaWZpZWQsIHNvbWV0aGluZyBpc1xuICAgICAgICAvLyB0ZXJyaWJseSB3cm9uZyBiZWNhdXNlIGFsbCBvdGhlciBldmVudHMgc2hvdWxkIGhhdmUgYW4gSUQuXG4gICAgICAgIGV4dGVybmFsLmxvZyhgRVJST1I6IE1hbGZvcm1lZCBldmVudC4gXCJQaHlzaWNhbFJlc291cmNlSWRcIiBpcyByZXF1aXJlZDogJHtKU09OLnN0cmluZ2lmeShldmVudCl9YCk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgLy8gdGhpcyBpcyBhbiBhY3R1YWwgZXJyb3IsIGZhaWwgdGhlIGFjdGl2aXR5IGFsdG9nZXRoZXIgYW5kIGV4aXN0LlxuICAgIGF3YWl0IHN1Ym1pdFJlc3BvbnNlKCdGQUlMRUQnLCByZXNwKTtcbiAgfVxufVxuXG5mdW5jdGlvbiByZW5kZXJSZXNwb25zZShcbiAgY2ZuUmVxdWVzdDogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCAmIHsgUGh5c2ljYWxSZXNvdXJjZUlkPzogc3RyaW5nIH0sXG4gIGhhbmRsZXJSZXNwb25zZTogdm9pZCB8IEhhbmRsZXJSZXNwb25zZSA9IHsgfSk6IFJlc3BvbnNlIHtcblxuICAvLyBpZiBwaHlzaWNhbCBJRCBpcyBub3QgcmV0dXJuZWQsIHdlIGhhdmUgc29tZSBkZWZhdWx0cyBmb3IgeW91IGJhc2VkXG4gIC8vIG9uIHRoZSByZXF1ZXN0IHR5cGUuXG4gIGNvbnN0IHBoeXNpY2FsUmVzb3VyY2VJZCA9IGhhbmRsZXJSZXNwb25zZS5QaHlzaWNhbFJlc291cmNlSWQgPz8gY2ZuUmVxdWVzdC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY2ZuUmVxdWVzdC5SZXF1ZXN0SWQ7XG5cbiAgLy8gaWYgd2UgYXJlIGluIERFTEVURSBhbmQgcGh5c2ljYWwgSUQgd2FzIGNoYW5nZWQsIGl0J3MgYW4gZXJyb3IuXG4gIGlmIChjZm5SZXF1ZXN0LlJlcXVlc3RUeXBlID09PSAnRGVsZXRlJyAmJiBwaHlzaWNhbFJlc291cmNlSWQgIT09IGNmblJlcXVlc3QuUGh5c2ljYWxSZXNvdXJjZUlkKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKGBERUxFVEU6IGNhbm5vdCBjaGFuZ2UgdGhlIHBoeXNpY2FsIHJlc291cmNlIElEIGZyb20gXCIke2NmblJlcXVlc3QuUGh5c2ljYWxSZXNvdXJjZUlkfVwiIHRvIFwiJHtoYW5kbGVyUmVzcG9uc2UuUGh5c2ljYWxSZXNvdXJjZUlkfVwiIGR1cmluZyBkZWxldGlvbmApO1xuICB9XG5cbiAgLy8gbWVyZ2UgcmVxdWVzdCBldmVudCBhbmQgcmVzdWx0IGV2ZW50IChyZXN1bHQgcHJldmFpbHMpLlxuICByZXR1cm4ge1xuICAgIC4uLmNmblJlcXVlc3QsXG4gICAgLi4uaGFuZGxlclJlc3BvbnNlLFxuICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogcGh5c2ljYWxSZXNvdXJjZUlkLFxuICB9O1xufVxuXG5hc3luYyBmdW5jdGlvbiBzdWJtaXRSZXNwb25zZShzdGF0dXM6ICdTVUNDRVNTJyB8ICdGQUlMRUQnLCBldmVudDogUmVzcG9uc2UpIHtcbiAgY29uc3QganNvbjogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VSZXNwb25zZSA9IHtcbiAgICBTdGF0dXM6IHN0YXR1cyxcbiAgICBSZWFzb246IGV2ZW50LlJlYXNvbiA/PyBzdGF0dXMsXG4gICAgU3RhY2tJZDogZXZlbnQuU3RhY2tJZCxcbiAgICBSZXF1ZXN0SWQ6IGV2ZW50LlJlcXVlc3RJZCxcbiAgICBQaHlzaWNhbFJlc291cmNlSWQ6IGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCB8fCBNSVNTSU5HX1BIWVNJQ0FMX0lEX01BUktFUixcbiAgICBMb2dpY2FsUmVzb3VyY2VJZDogZXZlbnQuTG9naWNhbFJlc291cmNlSWQsXG4gICAgTm9FY2hvOiBldmVudC5Ob0VjaG8sXG4gICAgRGF0YTogZXZlbnQuRGF0YSxcbiAgfTtcblxuICBjb25zdCBwYXJzZWRVcmwgPSB1cmwucGFyc2UoZXZlbnQuUmVzcG9uc2VVUkwpO1xuICBjb25zdCBsb2dnaW5nU2FmZVVybCA9IGAke3BhcnNlZFVybC5wcm90b2NvbH0vLyR7cGFyc2VkVXJsLmhvc3RuYW1lfS8ke3BhcnNlZFVybC5wYXRobmFtZX0/KioqYDtcbiAgZXh0ZXJuYWwubG9nKCdzdWJtaXQgcmVzcG9uc2UgdG8gY2xvdWRmb3JtYXRpb24nLCBsb2dnaW5nU2FmZVVybCwganNvbik7XG5cbiAgY29uc3QgcmVzcG9uc2VCb2R5ID0gSlNPTi5zdHJpbmdpZnkoanNvbik7XG4gIGNvbnN0IHJlcSA9IHtcbiAgICBob3N0bmFtZTogcGFyc2VkVXJsLmhvc3RuYW1lLFxuICAgIHBhdGg6IHBhcnNlZFVybC5wYXRoLFxuICAgIG1ldGhvZDogJ1BVVCcsXG4gICAgaGVhZGVyczoge1xuICAgICAgJ2NvbnRlbnQtdHlwZSc6ICcnLFxuICAgICAgJ2NvbnRlbnQtbGVuZ3RoJzogQnVmZmVyLmJ5dGVMZW5ndGgocmVzcG9uc2VCb2R5LCAndXRmOCcpLFxuICAgIH0sXG4gIH07XG5cbiAgY29uc3QgcmV0cnlPcHRpb25zID0ge1xuICAgIGF0dGVtcHRzOiA1LFxuICAgIHNsZWVwOiAxMDAwLFxuICB9O1xuICBhd2FpdCB3aXRoUmV0cmllcyhyZXRyeU9wdGlvbnMsIGV4dGVybmFsLnNlbmRIdHRwUmVxdWVzdCkocmVxLCByZXNwb25zZUJvZHkpO1xufVxuXG5hc3luYyBmdW5jdGlvbiBkZWZhdWx0U2VuZEh0dHBSZXF1ZXN0KG9wdGlvbnM6IGh0dHBzLlJlcXVlc3RPcHRpb25zLCByZXF1ZXN0Qm9keTogc3RyaW5nKTogUHJvbWlzZTx2b2lkPiB7XG4gIHJldHVybiBuZXcgUHJvbWlzZTx2b2lkPigocmVzb2x2ZSwgcmVqZWN0KSA9PiB7XG4gICAgdHJ5IHtcbiAgICAgIGNvbnN0IHJlcXVlc3QgPSBodHRwcy5yZXF1ZXN0KG9wdGlvbnMsIChyZXNwb25zZSkgPT4ge1xuICAgICAgICByZXNwb25zZS5yZXN1bWUoKTsgLy8gQ29uc3VtZSB0aGUgcmVzcG9uc2UgYnV0IGRvbid0IGNhcmUgYWJvdXQgaXRcbiAgICAgICAgaWYgKCFyZXNwb25zZS5zdGF0dXNDb2RlIHx8IHJlc3BvbnNlLnN0YXR1c0NvZGUgPj0gNDAwKSB7XG4gICAgICAgICAgcmVqZWN0KG5ldyBFcnJvcihgVW5zdWNjZXNzZnVsIEhUVFAgcmVzcG9uc2U6ICR7cmVzcG9uc2Uuc3RhdHVzQ29kZX1gKSk7XG4gICAgICAgIH0gZWxzZSB7XG4gICAgICAgICAgcmVzb2x2ZSgpO1xuICAgICAgICB9XG4gICAgICB9KTtcbiAgICAgIHJlcXVlc3Qub24oJ2Vycm9yJywgcmVqZWN0KTtcbiAgICAgIHJlcXVlc3Qud3JpdGUocmVxdWVzdEJvZHkpO1xuICAgICAgcmVxdWVzdC5lbmQoKTtcbiAgICB9IGNhdGNoIChlKSB7XG4gICAgICByZWplY3QoZSk7XG4gICAgfVxuICB9KTtcbn1cblxuZnVuY3Rpb24gZGVmYXVsdExvZyhmbXQ6IHN0cmluZywgLi4ucGFyYW1zOiBhbnlbXSkge1xuICAvLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgbm8tY29uc29sZVxuICBjb25zb2xlLmxvZyhmbXQsIC4uLnBhcmFtcyk7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgUmV0cnlPcHRpb25zIHtcbiAgLyoqIEhvdyBtYW55IHJldHJpZXMgKHdpbGwgYXQgbGVhc3QgdHJ5IG9uY2UpICovXG4gIHJlYWRvbmx5IGF0dGVtcHRzOiBudW1iZXI7XG4gIC8qKiBTbGVlcCBiYXNlLCBpbiBtcyAqL1xuICByZWFkb25seSBzbGVlcDogbnVtYmVyO1xufVxuXG5leHBvcnQgZnVuY3Rpb24gd2l0aFJldHJpZXM8QSBleHRlbmRzIEFycmF5PGFueT4sIEI+KG9wdGlvbnM6IFJldHJ5T3B0aW9ucywgZm46ICguLi54czogQSkgPT4gUHJvbWlzZTxCPik6ICguLi54czogQSkgPT4gUHJvbWlzZTxCPiB7XG4gIHJldHVybiBhc3luYyAoLi4ueHM6IEEpID0+IHtcbiAgICBsZXQgYXR0ZW1wdHMgPSBvcHRpb25zLmF0dGVtcHRzO1xuICAgIGxldCBtcyA9IG9wdGlvbnMuc2xlZXA7XG4gICAgd2hpbGUgKHRydWUpIHtcbiAgICAgIHRyeSB7XG4gICAgICAgIHJldHVybiBhd2FpdCBmbiguLi54cyk7XG4gICAgICB9IGNhdGNoIChlKSB7XG4gICAgICAgIGlmIChhdHRlbXB0cy0tIDw9IDApIHtcbiAgICAgICAgICB0aHJvdyBlO1xuICAgICAgICB9XG4gICAgICAgIGF3YWl0IHNsZWVwKE1hdGguZmxvb3IoTWF0aC5yYW5kb20oKSAqIG1zKSk7XG4gICAgICAgIG1zICo9IDI7XG4gICAgICB9XG4gICAgfVxuICB9O1xufVxuXG5hc3luYyBmdW5jdGlvbiBzbGVlcChtczogbnVtYmVyKTogUHJvbWlzZTx2b2lkPiB7XG4gIHJldHVybiBuZXcgUHJvbWlzZSgob2spID0+IHNldFRpbWVvdXQob2ssIG1zKSk7XG59XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json new file mode 100644 index 0000000000000..1abac9d0b3912 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.0", + "files": { + "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da": { + "source": { + "path": "asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029": { + "source": { + "path": "efsReplication.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json new file mode 100644 index 0000000000000..36a35b7baa356 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json @@ -0,0 +1,795 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcIsolatedSubnet1SubnetE48C5737": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet1RouteTable4771E3E5": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet1RouteTableAssociationD300FCBB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" + }, + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "VpcIsolatedSubnet2Subnet16364B91": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet2RouteTable1D30AF7D": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" + }, + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "Key961B73FD": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "oneZoneReplicationFileSystem0A6BB0D2": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "ReplicationConfiguration": { + "Destinations": [ + { + "AvailabilityZoneName": "us-east-1a", + "KmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "Region": "us-east-1" + } + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "destinationFileSystem0FAD62DA": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemProtection": { + "ReplicationOverwriteProtection": "DISABLED" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/destinationFileSystem" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "destinationFileSystemEfsSecurityGroupB67C2699": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/destinationFileSystem" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "existFileSystemReplication3C6768D0": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/existFileSystemReplication" + } + ], + "ReplicationConfiguration": { + "Destinations": [ + { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "Region": { + "Ref": "AWS::Region" + } + } + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "existFileSystemReplicationEfsSecurityGroup516080B0": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/existFileSystemReplication" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json new file mode 100644 index 0000000000000..9f023624023ad --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json new file mode 100644 index 0000000000000..3baa48f7b8fa2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "efsReplicationIntegTest/DefaultTest": { + "stacks": [ + "efsReplication" + ], + "assertionStack": "efsReplicationIntegTest/DefaultTest/DeployAssert", + "assertionStackName": "efsReplicationIntegTestDefaultTestDeployAssert2C078280" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json new file mode 100644 index 0000000000000..644b0f1650db6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json @@ -0,0 +1,305 @@ +{ + "version": "36.0.0", + "artifacts": { + "efsReplication.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "efsReplication.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "efsReplication": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "efsReplication.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "efsReplication.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "efsReplication.assets" + ], + "metadata": { + "/efsReplication/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/efsReplication/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/efsReplication/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/efsReplication/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/efsReplication/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/efsReplication/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/efsReplication/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/efsReplication/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/efsReplication/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1SubnetE48C5737" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1RouteTable4771E3E5" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1RouteTableAssociationD300FCBB" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2Subnet16364B91" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2RouteTable1D30AF7D" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA" + } + ], + "/efsReplication/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/efsReplication/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE" + } + ], + "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/efsReplication/Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Key961B73FD" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystem0A6BB0D2" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8" + } + ], + "/efsReplication/destinationFileSystem/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystem0FAD62DA" + } + ], + "/efsReplication/destinationFileSystem/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsSecurityGroupB67C2699" + } + ], + "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3" + } + ], + "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46" + } + ], + "/efsReplication/existFileSystemReplication/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplication3C6768D0" + } + ], + "/efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsSecurityGroup516080B0" + } + ], + "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF" + } + ], + "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C" + } + ], + "/efsReplication/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/efsReplication/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "efsReplication" + }, + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "efsReplicationIntegTestDefaultTestDeployAssert2C078280": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" + ], + "metadata": { + "/efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "efsReplicationIntegTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json new file mode 100644 index 0000000000000..03e953816327e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json @@ -0,0 +1,1172 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "efsReplication": { + "id": "efsReplication", + "path": "efsReplication", + "children": { + "Vpc": { + "id": "Vpc", + "path": "efsReplication/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "efsReplication/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "efsReplication/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "efsReplication/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "efsReplication/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "IsolatedSubnet1": { + "id": "IsolatedSubnet1", + "path": "efsReplication/Vpc/IsolatedSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/IsolatedSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Isolated" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Isolated" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/IsolatedSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" + }, + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IsolatedSubnet2": { + "id": "IsolatedSubnet2", + "path": "efsReplication/Vpc/IsolatedSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/IsolatedSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Isolated" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Isolated" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/IsolatedSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" + }, + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "efsReplication/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "efsReplication/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "Key": { + "id": "Key", + "path": "efsReplication/Key", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "oneZoneReplicationFileSystem": { + "id": "oneZoneReplicationFileSystem", + "path": "efsReplication/oneZoneReplicationFileSystem", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/oneZoneReplicationFileSystem/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "replicationConfiguration": { + "destinations": [ + { + "kmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "region": "us-east-1", + "availabilityZoneName": "us-east-1a" + } + ] + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/oneZoneReplicationFileSystem" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "destinationFileSystem": { + "id": "destinationFileSystem", + "path": "efsReplication/destinationFileSystem", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/destinationFileSystem/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "fileSystemProtection": { + "replicationOverwriteProtection": "DISABLED" + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/destinationFileSystem" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/destinationFileSystem/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/destinationFileSystem" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "existFileSystemReplication": { + "id": "existFileSystemReplication", + "path": "efsReplication/existFileSystemReplication", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/existFileSystemReplication/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "replicationConfiguration": { + "destinations": [ + { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "region": { + "Ref": "AWS::Region" + } + } + ] + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/existFileSystemReplication" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/existFileSystemReplication" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "efsReplication/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "efsReplication/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "efsReplicationIntegTest": { + "id": "efsReplicationIntegTest", + "path": "efsReplicationIntegTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "efsReplicationIntegTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "efsReplicationIntegTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts new file mode 100644 index 0000000000000..9afaa24da6b30 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts @@ -0,0 +1,38 @@ +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as cdk from 'aws-cdk-lib'; +import * as efs from 'aws-cdk-lib/aws-efs'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import * as integ from '@aws-cdk/integ-tests-alpha'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'efsReplication'); + +const vpc = new ec2.Vpc(stack, 'Vpc', { + natGateways: 0, +}); + +const kmsKey = new kms.Key(stack, 'Key', { + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +new efs.FileSystem(stack, 'oneZoneReplicationFileSystem', { + vpc, + removalPolicy: cdk.RemovalPolicy.DESTROY, + replicationConfiguration: efs.ReplicationConfiguration.oneZoneFileSystem('us-east-1', 'us-east-1a', kmsKey), +}); + +const destination = new efs.FileSystem(stack, 'destinationFileSystem', { + vpc, + removalPolicy: cdk.RemovalPolicy.DESTROY, + replicationOverwriteProtection: efs.ReplicationOverwriteProtection.DISABLED, +}); + +new efs.FileSystem(stack, 'existFileSystemReplication', { + vpc, + removalPolicy: cdk.RemovalPolicy.DESTROY, + replicationConfiguration: efs.ReplicationConfiguration.existingFileSystem(destination), +}); + +new integ.IntegTest(app, 'efsReplicationIntegTest', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/TestStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/TestStack.assets.json new file mode 100644 index 0000000000000..47259228e9f83 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/TestStack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "f837a0f3219d71ea4c1ebf1c3f9a95829e51186d2a0601bbbc2e60e416e811ee": { + "source": { + "path": "TestStack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "f837a0f3219d71ea4c1ebf1c3f9a95829e51186d2a0601bbbc2e60e416e811ee.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/TestStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/TestStack.template.json new file mode 100644 index 0000000000000..8b8a55b07b5fd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/TestStack.template.json @@ -0,0 +1,75 @@ +{ + "Resources": { + "keyFEDD6EC0": { + "Type": "AWS::KMS::Key", + "Properties": { + "EnableKeyRotation": true, + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "RotationPeriodInDays": 180 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/integ.json new file mode 100644 index 0000000000000..b8926f3a28036 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "kms-key-rotation/DefaultTest": { + "stacks": [ + "TestStack" + ], + "assertionStack": "kms-key-rotation/DefaultTest/DeployAssert", + "assertionStackName": "kmskeyrotationDefaultTestDeployAssert801AD589" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/kmskeyrotationDefaultTestDeployAssert801AD589.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/kmskeyrotationDefaultTestDeployAssert801AD589.assets.json new file mode 100644 index 0000000000000..57371b3bde5a0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/kmskeyrotationDefaultTestDeployAssert801AD589.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "kmskeyrotationDefaultTestDeployAssert801AD589.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/kmskeyrotationDefaultTestDeployAssert801AD589.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/kmskeyrotationDefaultTestDeployAssert801AD589.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/kmskeyrotationDefaultTestDeployAssert801AD589.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/manifest.json new file mode 100644 index 0000000000000..5df0c543da274 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/manifest.json @@ -0,0 +1,113 @@ +{ + "version": "36.0.0", + "artifacts": { + "TestStack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "TestStack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "TestStack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "TestStack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f837a0f3219d71ea4c1ebf1c3f9a95829e51186d2a0601bbbc2e60e416e811ee.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "TestStack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "TestStack.assets" + ], + "metadata": { + "/TestStack/key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "keyFEDD6EC0" + } + ], + "/TestStack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/TestStack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "TestStack" + }, + "kmskeyrotationDefaultTestDeployAssert801AD589.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "kmskeyrotationDefaultTestDeployAssert801AD589.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "kmskeyrotationDefaultTestDeployAssert801AD589": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "kmskeyrotationDefaultTestDeployAssert801AD589.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "kmskeyrotationDefaultTestDeployAssert801AD589.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "kmskeyrotationDefaultTestDeployAssert801AD589.assets" + ], + "metadata": { + "/kms-key-rotation/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/kms-key-rotation/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "kms-key-rotation/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/tree.json new file mode 100644 index 0000000000000..19125cabaced8 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.js.snapshot/tree.json @@ -0,0 +1,154 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "TestStack": { + "id": "TestStack", + "path": "TestStack", + "children": { + "key": { + "id": "key", + "path": "TestStack/key", + "children": { + "Resource": { + "id": "Resource", + "path": "TestStack/key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "enableKeyRotation": true, + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "rotationPeriodInDays": 180 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "TestStack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "TestStack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "kms-key-rotation": { + "id": "kms-key-rotation", + "path": "kms-key-rotation", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "kms-key-rotation/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "kms-key-rotation/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "kms-key-rotation/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "kms-key-rotation/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "kms-key-rotation/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.ts new file mode 100644 index 0000000000000..c7f4472b19af6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-rotation.ts @@ -0,0 +1,20 @@ +import { App, Duration, Stack } from 'aws-cdk-lib'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +class TestStack extends Stack { + constructor(scope: App) { + super(scope, 'TestStack'); + new kms.Key(this, 'key', { + enableKeyRotation: true, + rotationPeriod: Duration.days(180), + }); + } +} + +const app = new App(); +const stack = new TestStack(app); + +new IntegTest(app, 'kms-key-rotation', { + testCases: [stack], +}); diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index ff45e5c05bd8a..9bf804c804648 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -76,6 +76,41 @@ This is to prevent deployment failures due to cross-AZ configurations. ⚠️ When `oneZone` is enabled, `vpcSubnets` cannot be specified. +### Replicating file systems + +You can create a replica of your EFS file system in the AWS Region of your preference. + +```ts +declare const vpc: ec2.Vpc; + +// auto generate a regional replication destination file system +new efs.FileSystem(this, 'RegionalReplicationFileSystem', { + vpc, + replicationConfiguration: efs.ReplicationConfiguration.regionalFileSystem('us-west-2'), +}); + +// auto generate a one zone replication destination file system +new efs.FileSystem(this, 'OneZoneReplicationFileSystem', { + vpc, + replicationConfiguration: efs.ReplicationConfiguration.oneZoneFileSystem('us-east-1', 'us-east-1a'), +}); + +const destinationFileSystem = new efs.FileSystem(this, 'DestinationFileSystem', { + vpc, + // set as the read-only file system for use as a replication destination + replicationOverwriteProtection: efs.ReplicationOverwriteProtection.DISABLED, +}); +// specify the replication destination file system +new efs.FileSystem(this, 'ReplicationFileSystem', { + vpc, + replicationConfiguration: efs.ReplicationConfiguration.existingFileSystem(destinationFileSystem), +}); +``` + +**Note**: EFS now supports only one replication destination and thus allows specifying just one `replicationConfiguration` for each file system. + +> Visit [Replicating file systems](https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html) for more details. + ### IAM to control file system data access You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access. diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index f5720923acc22..c83560cc431b3 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -324,6 +324,13 @@ export interface FileSystemProps { * @default ReplicationOverwriteProtection.ENABLED */ readonly replicationOverwriteProtection?: ReplicationOverwriteProtection; + + /** + * Replication configuration for the file system. + * + * @default - no replication + */ + readonly replicationConfiguration?: ReplicationConfiguration; } /** @@ -350,6 +357,188 @@ export interface FileSystemAttributes { readonly fileSystemArn?: string; } +/** + * Properties for the ReplicationConfiguration. + */ +export interface ReplicationConfigurationProps { + /** + * The existing destination file system for the replication. + * + * @default - None + */ + readonly destinationFileSystem?: IFileSystem; + + /** + * AWS KMS key used to protect the encrypted file system. + * + * @default - use service-managed KMS key for Amazon EFS + */ + readonly kmsKey?: kms.IKey; + + /** + * The AWS Region in which the destination file system is located. + * + * @default - the region of the stack + */ + readonly region?: string; + + /** + * The availability zone name of the destination file system. + * One zone file system is used as the destination file system when this property is set. + * + * @default - no availability zone is set + */ + readonly availabilityZone?: string; +} + +/** + * Properties for configuring ReplicationConfiguration to replicate + * to a new One Zone file system. + */ +export interface OneZoneFileSystemProps { + /** + * AWS KMS key used to protect the encrypted file system. + * + * @default - use service-managed KMS key for Amazon EFS + */ + readonly kmsKey?: kms.IKey; + + /** + * The AWS Region in which the destination file system is located. + */ + readonly region: string; + + /** + * The availability zone name of the destination file system. + * One zone file system is used as the destination file system when this property is set. + */ + readonly availabilityZone: string; +} + +/** + * Properties for configuring ReplicationConfiguration to replicate + * to a new Regional file system. + */ +export interface RegionalFileSystemProps { + /** + * AWS KMS key used to protect the encrypted file system. + * + * @default - use service-managed KMS key for Amazon EFS + */ + readonly kmsKey?: kms.IKey; + + /** + * The AWS Region in which the destination file system is located. + * + * @default - the region of the stack + */ + readonly region?: string; +} + +/** + * Properties for configuring ReplicationConfiguration to replicate + * to an existing file system. + */ +export interface ExistingFileSystemProps { + /** + * The existing destination file system for the replication. + */ + readonly destinationFileSystem: IFileSystem; +} + +/** + * EFS Replication Configuration + */ +export abstract class ReplicationConfiguration { + /** + * Specify the existing destination file system for the replication. + * + * @param destinationFileSystem The existing destination file system for the replication + */ + public static existingFileSystem(destinationFileSystem: IFileSystem): ReplicationConfiguration { + return new ExistingFileSystem({ destinationFileSystem }); + } + + /** + * Create a new regional destination file system for the replication. + * + * @param region The AWS Region in which the destination file system is located. Default is the region of the stack. + * @param kmsKey AWS KMS key used to protect the encrypted file system. Default is service-managed KMS key for Amazon EFS. + */ + public static regionalFileSystem(region?: string, kmsKey?: kms.IKey): ReplicationConfiguration { + return new RegionalFileSystem({ region, kmsKey }); + } + + /** + * Create a new one zone destination file system for the replication. + * + * @param region The AWS Region in which the specified availability zone belongs to. + * @param availabilityZone The availability zone name of the destination file system. + * @param kmsKey AWS KMS key used to protect the encrypted file system. Default is service-managed KMS key for Amazon EFS. + */ + public static oneZoneFileSystem(region: string, availabilityZone: string, kmsKey?: kms.IKey): ReplicationConfiguration { + return new OneZoneFileSystem({ region, availabilityZone, kmsKey }); + } + + /** + * The existing destination file system for the replication. + */ + public readonly destinationFileSystem?: IFileSystem; + + /** + * AWS KMS key used to protect the encrypted file system. + */ + public readonly kmsKey?: kms.IKey; + + /** + * The AWS Region in which the destination file system is located. + */ + public readonly region?: string; + + /** + * The availability zone name of the destination file system. + * One zone file system is used as the destination file system when this property is set. + */ + public readonly availabilityZone?: string; + + constructor(options: ReplicationConfigurationProps) { + this.destinationFileSystem = options.destinationFileSystem; + this.kmsKey = options.kmsKey; + this.region = options.region; + this.availabilityZone = options.availabilityZone; + } +} + +/** + * Represents an existing file system used as the destination file system + * for ReplicationConfiguration. + */ +class ExistingFileSystem extends ReplicationConfiguration { + constructor(props: ExistingFileSystemProps) { + super(props); + } +} + +/** + * Represents a new Regional file system used as the + * destination file system for ReplicationConfiguration. + */ +class RegionalFileSystem extends ReplicationConfiguration { + constructor(props: RegionalFileSystemProps) { + super(props); + } +} + +/** + * Represents a new One Zone file system used as the + * destination file system for ReplicationConfiguration. + */ +class OneZoneFileSystem extends ReplicationConfiguration { + constructor(props: OneZoneFileSystemProps) { + super(props); + } +} + enum ClientAction { MOUNT = 'elasticfilesystem:ClientMount', WRITE = 'elasticfilesystem:ClientWrite', @@ -553,6 +742,11 @@ export class FileSystem extends FileSystemBase { if (props.throughputMode === ThroughputMode.ELASTIC && props.performanceMode === PerformanceMode.MAX_IO) { throw new Error('ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO'); } + + if (props.replicationConfiguration && props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { + throw new Error('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); + } + // we explictly use 'undefined' to represent 'false' to maintain backwards compatibility since // its considered an actual change in CloudFormations eyes, even though they have the same meaning. const encrypted = props.encrypted ?? (FeatureFlags.of(this).isEnabled( @@ -579,6 +773,19 @@ export class FileSystem extends FileSystemBase { replicationOverwriteProtection: props.replicationOverwriteProtection, } : undefined; + const replicationConfiguration = props.replicationConfiguration ? { + destinations: [ + { + fileSystemId: props.replicationConfiguration.destinationFileSystem?.fileSystemId, + kmsKeyId: props.replicationConfiguration.kmsKey?.keyArn, + region: props.replicationConfiguration.destinationFileSystem ? + props.replicationConfiguration.destinationFileSystem.env.region : + (props.replicationConfiguration.region ?? Stack.of(this).region), + availabilityZoneName: props.replicationConfiguration.availabilityZone, + }, + ], + } : undefined; + this._resource = new CfnFileSystem(this, 'Resource', { encrypted: encrypted, kmsKeyId: props.kmsKey?.keyArn, @@ -611,6 +818,7 @@ export class FileSystem extends FileSystemBase { }), fileSystemProtection, availabilityZoneName: props.oneZone ? oneZoneAzName : undefined, + replicationConfiguration, }); this._resource.applyRemovalPolicy(props.removalPolicy); diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index 06ac74fba89d2..a162d95fc0801 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -5,6 +5,7 @@ import * as kms from '../../aws-kms'; import { App, RemovalPolicy, Size, Stack, Tags } from '../../core'; import * as cxapi from '../../cx-api'; import { FileSystem, LifecyclePolicy, PerformanceMode, ThroughputMode, OutOfInfrequentAccessPolicy, ReplicationOverwriteProtection } from '../lib'; +import { ReplicationConfiguration } from '../lib/efs-file-system'; let stack = new Stack(); let vpc = new ec2.Vpc(stack, 'VPC'); @@ -958,3 +959,90 @@ test.each([ }, }); }); + +describe('replication configuration', () => { + test('regional file system', () => { + // WHEN + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: ReplicationConfiguration.regionalFileSystem('ap-northeast-1'), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EFS::FileSystem', { + ReplicationConfiguration: { + Destinations: [ + { + Region: 'ap-northeast-1', + }, + ], + }, + }); + }); + + test('specify destination file system', () => { + // WHEN + const destination = new FileSystem(stack, 'DestinationFileSystem', { + vpc, + replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, + }); + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: ReplicationConfiguration.existingFileSystem(destination), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EFS::FileSystem', { + ReplicationConfiguration: { + Destinations: [ + { + FileSystemId: { + Ref: 'DestinationFileSystem12545967', + }, + }, + ], + }, + }); + }); + + test('one zone file system', () => { + // WHEN + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: ReplicationConfiguration.oneZoneFileSystem( + 'us-east-1', + 'us-east-1a', + new kms.Key(stack, 'customKey'), + ), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EFS::FileSystem', { + ReplicationConfiguration: { + Destinations: [ + { + Region: 'us-east-1', + AvailabilityZoneName: 'us-east-1a', + KmsKeyId: { + 'Fn::GetAtt': [ + 'customKeyFEB2B57F', + 'Arn', + ], + }, + }, + ], + }, + }); + }); + + test('throw error for read-only file system', () => { + // THEN + expect(() => { + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: ReplicationConfiguration.regionalFileSystem('ap-northeast-1'), + replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, + }); + }).toThrow('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); + }); +}); diff --git a/packages/aws-cdk-lib/aws-kms/README.md b/packages/aws-cdk-lib/aws-kms/README.md index a039288e468eb..5bf8c6366087d 100644 --- a/packages/aws-cdk-lib/aws-kms/README.md +++ b/packages/aws-cdk-lib/aws-kms/README.md @@ -6,6 +6,7 @@ Define a KMS key: ```ts new kms.Key(this, 'MyKey', { enableKeyRotation: true, + rotationPeriod: Duration.days(180), // Default is 365 days }); ``` diff --git a/packages/aws-cdk-lib/aws-kms/lib/key.ts b/packages/aws-cdk-lib/aws-kms/lib/key.ts index ba5d33c2988e9..fec01eaade57d 100644 --- a/packages/aws-cdk-lib/aws-kms/lib/key.ts +++ b/packages/aws-cdk-lib/aws-kms/lib/key.ts @@ -434,6 +434,13 @@ export interface KeyProps { */ readonly enableKeyRotation?: boolean; + /** + * The period between each automatic rotation. + * + * @default - set by CFN to 365 days. + */ + readonly rotationPeriod?: Duration; + /** * Indicates whether the key is available for use. * @@ -674,6 +681,7 @@ export class Key extends KeyBase { public readonly keyId: string; protected readonly policy?: iam.PolicyDocument; protected readonly trustAccountIdentities: boolean; + private readonly enableKeyRotation?: boolean; constructor(scope: Construct, id: string, props: KeyProps = {}) { super(scope, id); @@ -722,6 +730,21 @@ export class Key extends KeyBase { throw new Error('key rotation cannot be enabled on asymmetric keys'); } + this.enableKeyRotation = props.enableKeyRotation; + + if (props.rotationPeriod) { + if (props.enableKeyRotation === false) { + throw new Error('\'rotationPeriod\' cannot be specified when \'enableKeyRotation\' is disabled'); + } + if (props.rotationPeriod.toDays() < 90 || props.rotationPeriod.toDays() > 2560) { + throw new Error(`'rotationPeriod' value must between 90 and 2650 days. Received: ${props.rotationPeriod.toDays()}`); + } + // If rotationPeriod is specified, enableKeyRotation is set to true by default + if (props.enableKeyRotation === undefined) { + this.enableKeyRotation = true; + } + } + const defaultKeyPoliciesFeatureEnabled = FeatureFlags.of(this).isEnabled(cxapi.KMS_DEFAULT_KEY_POLICIES); this.policy = props.policy ?? new iam.PolicyDocument(); @@ -754,7 +777,8 @@ export class Key extends KeyBase { const resource = new CfnKey(this, 'Resource', { description: props.description, - enableKeyRotation: props.enableKeyRotation, + enableKeyRotation: this.enableKeyRotation, + rotationPeriodInDays: props.rotationPeriod?.toDays(), enabled: props.enabled, keySpec: props.keySpec, keyUsage: props.keyUsage, diff --git a/packages/aws-cdk-lib/aws-kms/test/key.test.ts b/packages/aws-cdk-lib/aws-kms/test/key.test.ts index 3493c31dff3ac..298a82730dc45 100644 --- a/packages/aws-cdk-lib/aws-kms/test/key.test.ts +++ b/packages/aws-cdk-lib/aws-kms/test/key.test.ts @@ -491,6 +491,7 @@ test('key with some options', () => { enableKeyRotation: true, enabled: false, pendingWindow: cdk.Duration.days(7), + rotationPeriod: cdk.Duration.days(180), }); cdk.Tags.of(key).add('tag1', 'value1'); @@ -501,6 +502,7 @@ test('key with some options', () => { Enabled: false, EnableKeyRotation: true, PendingWindowInDays: 7, + RotationPeriodInDays: 180, Tags: [ { Key: 'tag1', @@ -518,12 +520,30 @@ test('key with some options', () => { }); }); +test('set rotationPeriod without enabling enableKeyRotation', () => { + const stack = new cdk.Stack(); + new kms.Key(stack, 'MyKey', { + rotationPeriod: cdk.Duration.days(180), + }); + + Template.fromStack(stack).hasResourceProperties('AWS::KMS::Key', { + EnableKeyRotation: true, + RotationPeriodInDays: 180, + }); +}); + test('setting pendingWindow value to not in allowed range will throw', () => { const stack = new cdk.Stack(); expect(() => new kms.Key(stack, 'MyKey', { enableKeyRotation: true, pendingWindow: cdk.Duration.days(6) })) .toThrow('\'pendingWindow\' value must between 7 and 30 days. Received: 6'); }); +test.each([89, 2561])('throw if rotationPeriod is not in allowed range', (period) => { + const stack = new cdk.Stack(); + expect(() => new kms.Key(stack, 'MyKey', { enableKeyRotation: true, rotationPeriod: cdk.Duration.days(period) })) + .toThrow(`'rotationPeriod' value must between 90 and 2650 days. Received: ${period}`); +}); + describeDeprecated('trustAccountIdentities is deprecated', () => { test('setting trustAccountIdentities to false will throw (when the defaultKeyPolicies feature flag is enabled)', () => { const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index 54d245483776a..4eb649762d4ba 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -67,9 +67,7 @@ Flags come in three types: | [@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse](#aws-cdkaws-codepipelinecrossaccountkeysdefaultvaluetofalse) | Enables Pipeline to set the default value for crossAccountKeys to false. | 2.127.0 | (default) | | [@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2](#aws-cdkaws-codepipelinedefaultpipelinetypetov2) | Enables Pipeline to set the default pipeline type to V2. | 2.133.0 | (default) | | [@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope](#aws-cdkaws-kmsreducecrossaccountregionpolicyscope) | When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only. | 2.134.0 | (fix) | -| [@aws-cdk/aws-eks:nodegroupNameAttribute](#aws-cdkaws-eksnodegroupnameattribute) | When enabled, nodegroupName attribute of the managed EKS NodeGroup will not have the cluster name prefix. | 2.138.0 | (fix) | - - +| [@aws-cdk/aws-eks:nodegroupNameAttribute](#aws-cdkaws-eksnodegroupnameattribute) | When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix. | 2.139.0 | (fix) | @@ -1268,17 +1266,19 @@ When this feature flag is enabled and calling KMS key grant method, the created | (not in v1) | | | | 2.134.0 | `false` | `true` | + ### @aws-cdk/aws-eks:nodegroupNameAttribute -*When enabled, nodegroupName attribute of the managed EKS nodegroup will not have the cluster name prefix.* (fix) +*When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix.* (fix) -When this feature flag is enabled, the nodegroupName attribute will be exactly the name of the nodegroup without any prefix. +When this feature flag is enabled, the nodegroupName attribute will be exactly the name of the nodegroup without +any prefix. | Since | Default | Recommended | | ----- | ----- | ----- | | (not in v1) | | | -| 2.138.0 | `false` | `true` | +| 2.139.0 | `false` | `true` | diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index ba52813ceb600..10d48e80147af 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -1044,7 +1044,7 @@ export const FLAGS: Record = { When this feature flag is enabled, the nodegroupName attribute will be exactly the name of the nodegroup without any prefix. `, - introducedIn: { v2: 'V2NEXT' }, + introducedIn: { v2: '2.139.0' }, recommendedValue: true, }, }; diff --git a/version.v2.json b/version.v2.json index 144e6968616d3..1d8a8f9f6a616 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.138.0", - "alphaVersion": "2.138.0-alpha.0" + "version": "2.139.0", + "alphaVersion": "2.139.0-alpha.0" } \ No newline at end of file