chore(region-info): register me-central-1 (#23210)

New Regions now use a service principal for elasticloadbalancing logdelivery. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Construct Runtime Dependencies: * [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Dec 5, 2022 · 16d9387 · 16d9387
1 parent 1dd6930
commit 16d9387
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 13 deletions.
diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts
@@ -251,18 +251,8 @@ export abstract class BaseLoadBalancer extends Resource {
     this.setAttribute('access_logs.s3.bucket', bucket.bucketName.toString());
     this.setAttribute('access_logs.s3.prefix', prefix);
 
-    const region = Stack.of(this).region;
-    if (Token.isUnresolved(region)) {
-      throw new Error('Region is required to enable ELBv2 access logging');
-    }
-
-    const account = RegionInfo.get(region).elbv2Account;
-    if (!account) {
-      throw new Error(`Cannot enable access logging; don't know ELBv2 account for region ${region}`);
-    }
-
     const logsDeliveryServicePrincipal = new ServicePrincipal('delivery.logs.amazonaws.com');
-    bucket.grantPut(new iam.AccountPrincipal(account), `${(prefix ? prefix + '/' : '')}AWSLogs/${Stack.of(this).account}/*`);
+    bucket.grantPut(this.resourcePolicyPrincipal(), `${(prefix ? prefix + '/' : '')}AWSLogs/${Stack.of(this).account}/*`);
     bucket.addToResourcePolicy(
       new PolicyStatement({
         actions: ['s3:PutObject'],
@@ -303,6 +293,22 @@ export abstract class BaseLoadBalancer extends Resource {
     this.setAttribute(key, undefined);
   }
 
+  protected resourcePolicyPrincipal(): iam.IPrincipal {
+    const region = Stack.of(this).region;
+    if (Token.isUnresolved(region)) {
+      throw new Error('Region is required to enable ELBv2 access logging');
+    }
+
+    const account = RegionInfo.get(region).elbv2Account;
+    if (!account) {
+      // New Regions use a service principal
+      // https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy
+      return new iam.ServicePrincipal('logdelivery.elasticloadbalancing.amazonaws.com');
+    }
+
+    return new iam.AccountPrincipal(account);
+  }
+
   protected validateLoadBalancer(): string[] {
     const ret = new Array<string>();
 

diff --git a/packages/@aws-cdk/region-info/build-tools/fact-tables.ts b/packages/@aws-cdk/region-info/build-tools/fact-tables.ts
@@ -25,6 +25,7 @@ export const AWS_CDK_METADATA = new Set([
   'eu-north-1',
   'eu-south-1',
   'me-south-1',
+  // 'me-central-1',
   'sa-east-1',
 ]);
 
@@ -52,6 +53,7 @@ export const ROUTE_53_BUCKET_WEBSITE_ZONE_IDS: { [region: string]: string } = {
   'eu-west-2': 'Z3GKZC51ZF0DB4',
   'eu-west-3': 'Z3R1K369G5AVDG',
   'me-south-1': 'Z1MPMWCPA7YB62',
+  'me-central-1': 'Z06143092I8HRXZRUZROF',
   'sa-east-1': 'Z7KQH4QJS55SO',
   'us-east-1': 'Z3AQBSTGFYJSTF',
   'us-east-2': 'Z2O1EMRO9K5GLX',
@@ -104,6 +106,7 @@ export const PARTITION_MAP: { [region: string]: Region } = {
 
 // https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions
 // https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy
+// Any not listed regions use the service principal "logdelivery.elasticloadbalancing.amazonaws.com"
 export const ELBV2_ACCOUNTS: { [region: string]: string } = {
   'af-south-1': '098369216593',
   'ap-east-1': '754344448648',

diff --git a/packages/@aws-cdk/region-info/lib/aws-entities.ts b/packages/@aws-cdk/region-info/lib/aws-entities.ts
@@ -70,7 +70,7 @@ export const AWS_REGIONS = AWS_REGIONS_AND_RULES
   .sort() as readonly string[];
 
 /**
- * Possibly non-exaustive list of all service names, used to locate service principals.
+ * Possibly non-exhaustive list of all service names, used to locate service principals.
  *
  * Not in the list ==> default service principal mappings.
  */

diff --git a/packages/@aws-cdk/region-info/lib/region-info.ts b/packages/@aws-cdk/region-info/lib/region-info.ts
@@ -131,7 +131,6 @@ export class RegionInfo {
 
   /**
    * The account ID for ELBv2 in this region
-   *
    */
   public get elbv2Account(): string | undefined {
     return Fact.find(this.name, FactName.ELBV2_ACCOUNT);