feat(all): migrate to CDKv2 (#738)

* Migrates the RFDK library, examples, and integration tests to CDKv2.

BREAKING CHANGE: This change migrates the RFDK to be based on CDK v2.
All apps that use the RFDK will have to be migrated to CDKv2 as well.
To update your app, follow the CDK's migration guide at:
https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html

.gitignore

@@ -12,3 +12,6 @@ yarn-error.log
 
 #Defines license that must be present
 !license-header.js
+
+# Visual Studio Code working space
+.vscode/

examples/deadline/All-In-AWS-Infrastructure-Basic/python/cdk.json

@@ -1,18 +1,5 @@
 {
   "app": "python -m package.app",
   "context": {
-    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
-    "@aws-cdk/core:enableStackNameDuplicates": true,
-    "aws-cdk:enableDiffNoFail": true,
-    "@aws-cdk/core:stackRelativeExports": true,
-    "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true,
-    "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true,
-    "@aws-cdk/aws-kms:defaultKeyPolicies": true,
-    "@aws-cdk/aws-s3:grantWriteWithoutAcl": true,
-    "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": true,
-    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
-    "@aws-cdk/aws-efs:defaultEncryptionAtRest": true,
-    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
-    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true
   }
 }

examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/app.py

@@ -5,7 +5,7 @@
 
 import os
 
-from aws_cdk.core import (
+from aws_cdk import (
     App,
     Environment
 )

examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/config.py

@@ -46,6 +46,7 @@ def __init__(self):
         self.deadline_client_linux_ami_map: Mapping[str, str] = {'us-west-2': 'ami-04ae356533dc07fb5'}
 
         # A secret (in binary form) in SecretsManager that stores the UBL certificates in a .zip file.
+        # This must be in the format `arn:<partition>:secretsmanager:<region>:<accountId>:secret:<secretName>-<6RandomCharacters`
         self.ubl_certificate_secret_arn: str =\
             ''
 

examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/lib/compute_tier.py

@@ -8,8 +8,7 @@
     Optional
 )
 
-from aws_cdk.core import (
-    Construct,
+from aws_cdk import (
     Stack,
     StackProps
 )
@@ -35,6 +34,9 @@
     UsageBasedLicensing,
     WorkerInstanceFleet,
 )
+from constructs import (
+    Construct
+)
 
 
 from . import subnets

examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/lib/network_tier.py

@@ -1,11 +1,9 @@
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-from aws_cdk.core import (
+from aws_cdk import (
     Stack,
-    Construct
 )
-
 from aws_cdk.aws_ec2 import (
     FlowLogDestination,
     FlowLogTrafficType,
@@ -15,10 +13,12 @@
     SubnetSelection,
     SubnetType
 )
-
 from aws_cdk.aws_route53 import (
     PrivateHostedZone
 )
+from constructs import (
+    Construct
+)
 
 from . import subnets
 

examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/lib/security_tier.py

@@ -1,14 +1,16 @@
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-from aws_cdk.core import (
-    Construct,
+from aws_cdk import (
     Stack,
 )
 from aws_rfdk import (
     DistinguishedName,
     X509CertificatePem
 )
+from constructs import (
+    Construct
+)
 
 
 class SecurityTier(Stack):

examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/lib/service_tier.py

@@ -4,8 +4,7 @@
 import typing
 from dataclasses import dataclass
 
-from aws_cdk.core import (
-    Construct,
+from aws_cdk import (
     Duration,
     Stack,
     StackProps
@@ -26,7 +25,6 @@
 from aws_cdk.aws_route53 import (
     IPrivateHostedZone
 )
-
 from aws_rfdk import (
     DistinguishedName,
     MountableEfs,
@@ -47,6 +45,10 @@
     UsageBasedLicensing,
     VersionQuery,
 )
+from constructs import (
+    Construct
+)
+
 
 from . import subnets
 
@@ -222,7 +224,7 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
         if props.ubl_licenses:
             if not props.ubl_certs_secret_arn:
                 raise ValueError('UBL certificates secret ARN is required when using UBL but was not specified.')
-            ubl_cert_secret = Secret.from_secret_arn(self, 'ublcertssecret', props.ubl_certs_secret_arn)
+            ubl_cert_secret = Secret.from_secret_complete_arn(self, 'ublcertssecret', props.ubl_certs_secret_arn)
             self.ubl_licensing = UsageBasedLicensing(
                 self,
                 'UsageBasedLicensing',

examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/lib/storage_tier.py

@@ -5,8 +5,7 @@
 from dataclasses import dataclass
 from typing import Optional
 
-from aws_cdk.core import (
-    Construct,
+from aws_cdk import (
     Duration,
     RemovalPolicy,
     Size,
@@ -52,7 +51,6 @@
 from aws_cdk.aws_sns_subscriptions import (
     EmailSubscription
 )
-
 from aws_rfdk import (
     MongoDbUsers,
     MongoDbX509User,
@@ -67,10 +65,12 @@
     X509CertificatePem,
     X509CertificatePkcs12
 )
-
 from aws_rfdk.deadline import (
     DatabaseConnection
 )
+from constructs import (
+    Construct
+)
 
 from . import subnets
 
@@ -231,8 +231,7 @@ def add_low_efs_burst_credit_alarms(self, filesystem: FileSystem, email_address:
             'SNSEncryptionKey',
             description='Used to encrypt the SNS Topic for sending EFS Burst Credit alerts',
             enable_key_rotation=True,
-            removal_policy=RemovalPolicy.DESTROY,
-            trust_account_identities=True
+            removal_policy=RemovalPolicy.DESTROY
         )
         key.grant(ServicePrincipal('cloudwatch.amazonaws.com'), 'kms:Decrypt', 'kms:GenerateDataKey')
 

examples/deadline/All-In-AWS-Infrastructure-Basic/python/setup.py

@@ -17,7 +17,7 @@
     packages=setuptools.find_packages(where="package"),
 
     install_requires=[
-        "aws-cdk.core==1.160.0",
+        "aws-cdk-lib==2.33.0",
         "aws-rfdk==0.42.0"
     ],
 

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/bin/app.ts

@@ -6,7 +6,7 @@
 
 import 'source-map-support/register';
 import { config } from './config';
-import * as cdk from '@aws-cdk/core';
+import * as cdk from 'aws-cdk-lib';
 import { NetworkTier } from '../lib/network-tier';
 import {
   ServiceTier,
@@ -22,7 +22,7 @@ import {
   InstanceSize,
   InstanceType,
   MachineImage,
-} from '@aws-cdk/aws-ec2';
+} from 'aws-cdk-lib/aws-ec2';
 import { ComputeTier } from '../lib/compute-tier';
 
   // ------------------------------ //

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/bin/config.ts

@@ -49,6 +49,7 @@ class AppConfig {
 
   /**
    * (Optional) A secret (in binary form) in SecretsManager that stores the UBL certificates in a .zip file.
+   * This must be in the format `arn:<partition>:secretsmanager:<region>:<accountId>:secret:<secretName>-<6RandomCharacters`
    */
   public readonly ublCertificatesSecretArn?: string;
 

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/cdk.json

@@ -1,18 +1,5 @@
 {
   "app": "npx ts-node bin/app.ts",
   "context": {
-    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
-    "@aws-cdk/core:enableStackNameDuplicates": true,
-    "aws-cdk:enableDiffNoFail": true,
-    "@aws-cdk/core:stackRelativeExports": true,
-    "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true,
-    "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true,
-    "@aws-cdk/aws-kms:defaultKeyPolicies": true,
-    "@aws-cdk/aws-s3:grantWriteWithoutAcl": true,
-    "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": true,
-    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
-    "@aws-cdk/aws-efs:defaultEncryptionAtRest": true,
-    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
-    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true
   }
 }

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/lib/compute-tier.ts

@@ -8,8 +8,8 @@ import {
   IMachineImage,
   IVpc,
   Port,
-} from '@aws-cdk/aws-ec2';
-import * as cdk from '@aws-cdk/core';
+} from 'aws-cdk-lib/aws-ec2';
+import * as cdk from 'aws-cdk-lib';
 import {
   IHost,
   InstanceUserDataProvider,
@@ -24,7 +24,8 @@ import {
   IHealthMonitor,
   SessionManagerHelper,
 } from 'aws-rfdk';
-import { Asset } from '@aws-cdk/aws-s3-assets';
+import { Asset } from 'aws-cdk-lib/aws-s3-assets';
+import { Construct } from 'constructs';
 import * as path from 'path'
 
 import { Subnets } from './subnets';
@@ -83,7 +84,7 @@ class UserDataProvider extends InstanceUserDataProvider {
     host.userData.addCommands('echo postWorkerLaunch');
     if (host.node.scope != undefined) {
       const testScript = new Asset(
-        host.node.scope as cdk.Construct,
+        host.node.scope as Construct,
         'SampleAsset',
         {path: path.join(__dirname, '..', '..', 'scripts', 'configure_worker.sh')},
       );
@@ -120,7 +121,7 @@ export class ComputeTier extends cdk.Stack {
    * @param id The ID of this construct.
    * @param props The properties of this construct.
    */
-  constructor(scope: cdk.Construct, id: string, props: ComputeTierProps) {
+  constructor(scope: Construct, id: string, props: ComputeTierProps) {
     super(scope, id, props);
 
     this.healthMonitor = new HealthMonitor(this, 'HealthMonitor', {

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/lib/network-tier.ts

@@ -14,11 +14,12 @@ import {
   SubnetSelection,
   SubnetType,
   Vpc,
-} from '@aws-cdk/aws-ec2';
+} from 'aws-cdk-lib/aws-ec2';
 import {
   PrivateHostedZone,
-} from '@aws-cdk/aws-route53';
-import * as cdk from '@aws-cdk/core';
+} from 'aws-cdk-lib/aws-route53';
+import * as cdk from 'aws-cdk-lib';
+import { Construct } from 'constructs';
 
 import { Subnets } from './subnets';
 
@@ -67,7 +68,7 @@ export class NetworkTier extends cdk.Stack {
    * @param id The ID of this construct.
    * @param props The stack properties.
    */
-  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
+  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
     super(scope, id, props);
 
     this.vpc = new Vpc(this, 'Vpc', {

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/lib/security-tier.ts

@@ -3,10 +3,11 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import * as cdk from '@aws-cdk/core';
+import * as cdk from 'aws-cdk-lib';
 import {
   X509CertificatePem,
 } from 'aws-rfdk';
+import { Construct } from 'constructs';
 
 /**
  * The security tier of the render farm. This stack contains resources used to
@@ -24,7 +25,7 @@ export class SecurityTier extends cdk.Stack {
    * @param id The ID of this construct.
    * @param props The properties for the security tier.
    */
-  constructor(scope: cdk.Construct, id: string, props: cdk.StackProps) {
+  constructor(scope: Construct, id: string, props: cdk.StackProps) {
     super(scope, id, props);
 
     this.rootCa = new X509CertificatePem(this, 'RootCA', {

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/lib/service-tier.ts

@@ -7,14 +7,14 @@ import {
   BastionHostLinux,
   BlockDeviceVolume,
   IVpc,
-} from '@aws-cdk/aws-ec2';
+} from 'aws-cdk-lib/aws-ec2';
 import {
   ApplicationProtocol,
-} from '@aws-cdk/aws-elasticloadbalancingv2';
+} from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 import {
   IPrivateHostedZone,
-} from '@aws-cdk/aws-route53';
-import * as cdk from '@aws-cdk/core';
+} from 'aws-cdk-lib/aws-route53';
+import * as cdk from 'aws-cdk-lib';
 import {
   MountableEfs,
   X509CertificatePem,
@@ -31,8 +31,9 @@ import {
 } from 'aws-rfdk/deadline';
 import {
   Secret,
-} from '@aws-cdk/aws-secretsmanager';
+} from 'aws-cdk-lib/aws-secretsmanager';
 import { SessionManagerHelper } from 'aws-rfdk/lib/core';
+import { Construct } from 'constructs';
 
 import { Subnets } from './subnets';
 
@@ -130,7 +131,7 @@ export class ServiceTier extends cdk.Stack {
    * @param id The ID of this construct.
    * @param props The properties for this construct.
    */
-  constructor(scope: cdk.Construct, id: string, props: ServiceTierProps) {
+  constructor(scope: Construct, id: string, props: ServiceTierProps) {
     super(scope, id, props);
 
     // Bastion instance for convenience (e.g. SSH into RenderQueue and WorkerFleet instances).