pr #1
Merged
pr #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#11979) Ensure `DatabaseInstance.fromDatabaseInstanceAttributes` is included in docs by moving it from the abstract `DatabaseInstanceBase` to the concrete `DatabaseInstance` class. Thx @skinny85 for the suggestion in #11817. Fixes #11817 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Expose [`logLevel`](https://esbuild.github.io/api/#log-level) and [`keepNames`](https://esbuild.github.io/api/#keep-names). Closes #12046 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
#11988) This was originally a miss from a community contributed PR. `apiEndpoint` is a CloudFormation attribute and should be elevated into the `IHttpApi` interface. BREAKING CHANGE: `HttpApi.fromApiId()` has been replaced with `HttpApi.fromHttpApiAttributes()`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Attaching the EKS managed cluster security group to self managed nodes to allow free traffic flow between managed and self-managed nodes. Closes #10884 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…placement of deprecated class (#12081) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
It seems it is possible to hit a condition where `aws eks update-kubeconfig` command may indefinitely hang: never returns until lambda is killed by timeout. Add debug print so that it is possible to easier localize the issue. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add support to http/http2/grpc/tpc route timeouts. Reference links for [HttpTimeout](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-route-httptimeout.html), [GrpcTimeout](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-route-grpctimeout.html), and [TcpTimeout](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-route-tcptimeout.html). (Http2 uses the HttpTimeout object). closes #11643 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…akerCreateTransformJob (#11892) Noticed support for [ModelClientConfig](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTransformJob.html#sagemaker-CreateTransformJob-request-ModelClientConfig) was missing from this particular type of job, so attempted to add it. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…() (#12091) Reverts #11979 This commit broke java compilation of the module: ```console #STDOUT> [ERROR] COMPILATION ERROR : #STDOUT> [INFO] ------------------------------------------------------------- #STDOUT> [ERROR] /tmp/npm-packP61iji/monocdk/src/main/java/software/amazon/awscdk/services/rds/DatabaseInstance.java:[38,5] method does not override or implement a method from a supertype ``` Basically the `fromDatabaseInstanceAttributes` function now exists both in `DatabaseInstanceBase` and `DatabaseInstance`, and for some reason the one in the child is annotated with an `@Override`, despite being a static function. (see more details below). Since this module is stable, I don't want to simply move the function, but I do want to bring our pipeline back to life quickly, so this seems like an ok compromise for now. ----------------- What happens is that the generated java code for some reason adds an `@Override` annotation to the function signature of the concrete class, as if its overriding the function in the base class, even though these are static methods. ```java @javax.annotation.Generated(value = "jsii-pacmak/1.15.0 (build 585166b)", date = "2020-12-15T17:40:10.678Z") @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable) @software.amazon.jsii.Jsii(module = software.amazon.awscdk.services.rds.$Module.class, fqn = "@aws-cdk/aws-rds.DatabaseInstance") public class DatabaseInstance extends software.amazon.awscdk.services.rds.DatabaseInstanceBase implements software.amazon.awscdk.services.rds.IDatabaseInstance { protected DatabaseInstance(final software.amazon.jsii.JsiiObjectRef objRef) { super(objRef); } protected DatabaseInstance(final software.amazon.jsii.JsiiObject.InitializationMode initializationMode) { super(initializationMode); } /** * @param scope This parameter is required. * @param id This parameter is required. * @param props This parameter is required. */ @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable) public DatabaseInstance(final @org.jetbrains.annotations.NotNull software.constructs.Construct scope, final @org.jetbrains.annotations.NotNull java.lang.String id, final @org.jetbrains.annotations.NotNull software.amazon.awscdk.services.rds.DatabaseInstanceProps props) { super(software.amazon.jsii.JsiiObject.InitializationMode.JSII); software.amazon.jsii.JsiiEngine.getInstance().createNewObject(this, new Object[] { java.util.Objects.requireNonNull(scope, "scope is required"), java.util.Objects.requireNonNull(id, "id is required"), java.util.Objects.requireNonNull(props, "props is required") }); } /** * Import an existing database instance. * <p> * @param scope This parameter is required. * @param id This parameter is required. * @param attrs This parameter is required. */ @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable) @OverRide public static @org.jetbrains.annotations.NotNull software.amazon.awscdk.services.rds.IDatabaseInstance fromDatabaseInstanceAttributes(final @org.jetbrains.annotations.NotNull software.constructs.Construct scope, final @org.jetbrains.annotations.NotNull java.lang.String id, final @org.jetbrains.annotations.NotNull software.amazon.awscdk.services.rds.DatabaseInstanceAttributes attrs) { return software.amazon.jsii.JsiiObject.jsiiStaticCall(software.amazon.awscdk.services.rds.DatabaseInstance.class, "fromDatabaseInstanceAttributes", software.amazon.jsii.NativeType.forClass(software.amazon.awscdk.services.rds.IDatabaseInstance.class), new Object[] { java.util.Objects.requireNonNull(scope, "scope is required"), java.util.Objects.requireNonNull(id, "id is required"), java.util.Objects.requireNonNull(attrs, "attrs is required") }); } ``` JSII assembly also shows: ```json "name": "fromDatabaseInstanceAttributes", "overrides": "@aws-cdk/aws-rds.DatabaseInstanceBase", "parameters": [ { "name": "scope", "type": { "fqn": "constructs.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "attrs", "type": { "fqn": "@aws-cdk/aws-rds.DatabaseInstanceAttributes" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-rds.IDatabaseInstance" } }, "static": true ``` This feels like a JSII bug, it shouldn't be marking this method as an override in the assembly, and regardless, it should not generate java code that has an `@Override` annotation on a static function, better to validate and throw beforehand. I guess this is related to Typescript quirks with inheritance of static members? cc @RomainMuller @skinny85
Updating module assignment to remove most ownership from shivlaks@.
Implemented support for audit logs like other logs (application, slow search and slow index) are implemented. Audit logs can only be enabled when fine grained access control is enabled and ES version >= 6.7 [see here](https://aws.amazon.com/about-aws/whats-new/2020/09/elasticsearch-audit-logs-now-available-on-amazon-elasticsearch-service/). The check for fine grained access control enabled is implemented. Version check is implicitly implemented since fine grained access control cannot be enabled < 6.7. Closes #12105 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
https://aws.amazon.com/premiumsupport/knowledge-center/vpc-private-dns-name-endpoint-service/ https://docs.aws.amazon.com/vpc/latest/userguide/verify-domains.html AWS added the ability to specify a custom DNS name for an endpoint service earlier this year. It makes it so your clients don't have to create aliases for an InterfaceVpcEndpoint when they connect to your service. This reduces undifferentiated lifting done by clients. This PR creates a construct that will set up the custom DNS. ```ts stack = new Stack(); vpc = new Vpc(stack, 'VPC'); nlb = new NetworkLoadBalancer(stack, 'NLB', { vpc, }); vpces = new VpcEndpointService(stack, 'VPCES', { vpcEndpointServiceLoadBalancers: [nlb], }); // You must use a public hosted zone so domain ownership can be verified zone = new PublicHostedZone(stack, 'PHZ', { zoneName: 'aws-cdk.dev', }); new VpcEndpointServiceDomainName(stack, 'EndpointDomain', { endpointService: vpces, domainName: 'my-stuff.aws-cdk.dev', publicZone: zone, }); ``` Original design ticket: #10580 *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In cdkv2, the package `aws-cdk-lib` has changed its dependency model to move to use peerDependencies + devDependencies, instead of regular dependencies. As part of this, the `constructs` package is now a peer dependency. jsii-diff requires this package to also be installed to load the jsii assembly. Change the check-api-compatibility.sh to use npm7 which installs all declared peer dependencies as part of `npm install`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ild (#12123) 1. Normally the build API automatically discovers tsconfig.json files and reads their contents during a build. However, we can also configure a custom tsconfig.json file to use instead for advanced use cases. 2. Added option to generate meta-file. 3. Added option to add comments in the bundled files Closes [12122](#12122) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Allow all our lambda handlers to be provisioned inside the cluster VPC. The `KubectlProvider` handlers were already placed inside the VPC is they could have, the missing was to include the `ClusterHandler`. This is now possible via the `placeClusterHandlerInVpc` (names are welcome) property. Default value remains `false` because if the VPC happens to be isolated (i.e no outbound internet access) this would break the deployment. (See #12171) Closes #9509 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Stack trace captured was intended to be disabled by default in #11170. However, due to a logic error that didn't actually happen. This change *actually* disables stack trace capture. The intent of the original change was to capture *Token* stack traces if and only if `CDK_DEBUG=true` was set. *Metadata* and *Construct* stack traces are managed in the `constructs` library, no longer in CDK. BREAKING CHANGE: Creation stack traces for `Lazy` values are no longer captured by default in order to speed up tests. Run with `CDK_DEBUG=true` (or `cdk --debug`) to capture stack traces. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…12186) Currently the `semantic.yaml` file is not respected. This is crucial escpacilly so that `titleOnly: true` will be respected, and single commit PR will not be blocked ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes #12072 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…12159) We previously had validation inside the Table construct that would prevent creating global replicas when billing mode was `PROVISIONED`. However, it turns out that was too restrictive, and it's actually possible to use the `PROVISIONED` mode, but only if the Table has write auto-scaling enabled with a scaling policy. Fixes #11346 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Removing `LegacyCluster` and the `kubectlEnabled` property. Closes #11929 BREAKING CHANGE: `LegacyCluster` was removed since it existed only for a transition period to allow gradual migration to the current cluster class. - eks: `kubectlEnabled` property was removed, all clusters now support `kubectl`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…riables (#12121) When creating a CodeBuild Project that uses environment variables from SecretsManager, the Project fails execution with: ``` AccessDeniedException: User: arn:aws:sts::828671620168:assumed-role/role is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-secret-GXyUCE ``` The solution is to automatically grant the Project's Role permissions to read all Secrets whose names were provided as environment variables. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Closes #11763 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR adds the `CapacityType` support and allows users to create Spot managed node groups for Amazon EKS. 1. The `CapacityType` attribute is supported by cloudformation but not yet documented. We tentatively use addPropertyOverride() to enable it. 2. `instanceType` will be deprecated and we introduced the new `instanceTypes` 3. `instanceTypes` with different CPU architectures will throw an error. 4. `amiType` is still optional, however, when specified, incorrect `amiType` will throw the error. 5. According to the [document](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes), we are allowed to specify instance type(s) in either `instanceTypes` property or launch template but not both. As we can't check the content of the launch template passed in, we allow `instanceTypes` and launch template both specified and encourage to use `instanceTypes` when possible. ## Sample ```ts cluster.addNodegroupCapacity('extra-ng-spot', { instanceTypes: [ new ec2.InstanceType('c5.large'), new ec2.InstanceType('c5a.large'), new ec2.InstanceType('c5d.large'), ], minSize: 3, capacityType: eks.CapacityType.SPOT, }); ``` Closes #11827 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
feat(ecs-patterns): add containerName to QueueProcessingEc2Service
feat(ecs): deployment circuit breaker support This PR allows you to enable the `deployment circuit breaker` support for Amazon ECS. Depends on - [ ] cfnspec v22 #12170 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Even though we can't actually suggest any particular policy to use other than `AdministratorAccess`, we've been requested to make it very clear that developers shouldn't be using `AdministratorAccess` without thinking (after an engagement in which an organization's CCoE was displeased with individual developer teams copy/pasting example bootstrapping commands from our developer guides). Add a note to tell developers to check with their organization's CCoE before using `AdministratorAccess`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Reason: GHSA-5fw9-fq32-wv5p ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…2213) In #11444, we added the option of setting the logging configuration of the Project. Unfortuantely, the Project's Role was not given permissions to write into that destination, which means executing the Project's build would fail. Fixes #12179 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The EKS module uses the AWS CLI, `kubectl` and `helm` in order to interact with the Kubernetes cluster. These tools were consumed from a SAR app maintained by @pahud as an AWS Sample (see [repo](https://github.com/aws-samples/aws-lambda-layer-kubectl)). This dependency on sample code introduces an operational and maintenance risk and as part of productizing the EKS module, we need to break it. The dependency on SAR is not required, and adds a few unnecessary layers (a nested stack, SAR regional availability, etc). To that end, this change bundles the AWS CLI and the Kubernetes tools (`kubectl` and `helm`) into the AWS CDK. These layers are maintained in two new CDK modules called `@aws-cdk/lambda-layer-awscli` and `@aws-cdk/lambda-layer-kubectl` respectively. These are normal CDK modules that export a `lambda.LayerVersion` resource that can be mounted to any AWS Lambda function. Since the s3-deployment module also needs the AWS CLI (and bundles it), we now reuse the AWS CLI layer in there as well. Module sizes: - lambda-layer-awscli: 10MiB - lambda-layer-kubectl: 24MiB This change increases the total module size of the MonoCDK by 24MiB (10MiB are reused with s3-deployment which was already bundled). In the future we are planning to remove these bundles from the library and publish them externally so they can be consumed at deploy-time but this is out of scope for this PR (see aws/aws-cdk-rfcs#39). Resolves #11874 BREAKING CHANGE: the `@aws-cdk/eks.KubectlLayer` layer class has been moved to `@aws-cdk/lambda-layer-kubectl.KubectlLayer`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The change in #12129 accidentally deleted the unit tests for the s3-deployment lambda function. This change restores them. Since tests are written in python, run them inside a docker image derived from public.ecr.aws/lambda/python. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This adds a `startBatchBuild` option to the code build source, to trigger a batch build. The cloudformation property isn't in the official docs yet but is mentioned [here](aws-cloudformation/cloudformation-coverage-roadmap#621 (comment)). Closes #11663
…ables (#12150) If you use a Secret in an environment variable of the default type `BuildEnvironmentVariableType.PLAINTEXT`, it will be visible in plain text in the AWS Console. Add validation that checks for this common mistake, along with a flag that allows you to opt out of it. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
closes #12202 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…the image from public ECR (#12141) close #12134 update `aws-node-termination-handler` version to `0.13.2` ```ts this._spotInterruptHandler = this.addHelmChart('spot-interrupt-handler', { chart: 'aws-node-termination-handler', version: '0.13.2', repository: 'https://aws.github.io/eks-charts', namespace: 'kube-system', values: { 'nodeSelector.lifecycle': LifecycleLabel.SPOT, }, }); ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Use the custom resource provider from core to delete objects in the bucket. A bucket policy gives the correct permissions to the provider's Lambda function role. Credits to @Chriscbr for starting the work on this. Closes #3297 Closes #9751 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…2239) See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeelasticsearchdomain Closes [#12210](#12210) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…#12070) Bundling sets the working directory to `cdk.AssetStaging.BUNDLING_INPUT_DIR` but we want to force `npx` to always use the globally installed `esbuild` and not a version available in the mounted volume. Closes #12007 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license