chore(release): 1.131.0 #17381
Merged
chore(release): 1.131.0 #17381
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…d aws-cloudtrail to @comcalvi
CloudFormation now supports [Cloudwatch logs Resource policies](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-resourcepolicy.html) This PR adds L2 support for it. And now its possible to grant access to service principals as follows. Previously this was throwing an error - see #5343 ```ts const eventsTargetLogs = new logs.LogGroup(this, 'EventsTargetLogGroup'); eventsTargetLogs.grantWrite(new iam.ServicePrincipal('events.amazonaws.com')).assertSuccess(); ``` In future, following custom resource implementation of `LogGroupResourcePolicy` could be replaced. https://github.com/aws/aws-cdk/blob/83b8df8c390a27e10bf362f49babfb24ee425506/packages/@aws-cdk/aws-elasticsearch/lib/log-group-resource-policy.ts#L25 https://github.com/aws/aws-cdk/blob/a872e672f8990fc3879413e5d797533d3916e1fd/packages/@aws-cdk/aws-events-targets/lib/log-group-resource-policy.ts#L26 https://github.com/aws/aws-cdk/blob/a872e672f8990fc3879413e5d797533d3916e1fd/packages/@aws-cdk/aws-events-targets/lib/log-group-resource-policy.ts#L26 closes #5343 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…7225) I'm trying to implement aws-iot L2 Constructs. This PR is one of steps after following PR: - #16681 (comment) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…rivate Certificate Authority (#16315) Support requesting private certificates issued by Private Certificate Authority. Similar to the existing construct named `Certificate`, a new construct `PrivateCertificate` was introduced. There are two main differences between them. `PrivateCertificate` has an additional property `certificateAuthority` to specify the Private certificate authority (CA) that will be used to issue the certificate. The validation options are removed because no validation is necessary for private certificates. Closes #10076. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…l ver 8.0.26 (#17247) Add new RDS versions: **AuroraPostgresEngineVersion 13.4, 12.8, 11.13, and 10.18** Announcement: https://aws.amazon.com/about-aws/whats-new/2021/10/amazon-aurora-postgresql-supports-releases/ s3Export and s3Import are supported, see `aws rds describe-db-engine-versions --region us-east-1 --engine aurora-postgresql --engine-version xxx`. **MysqlEngineVersion 8.0.26** Announcement: https://aws.amazon.com/about-aws/whats-new/2021/10/amazon-rds-mysql-version-8-0-26-global-transaction-identifiers-gitds-delayed-replication/ ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
New C6I instances just got released: https://aws.amazon.com/blogs/aws/new-amazon-ec2-c6i-instances-powered-by-the-latest-generation-intel-xeon-scalable-processors/ Docs have already been updated: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2-instance-instancetype <img width="1078" alt="Screen Shot 2021-10-29 at 3 11 00 PM" src="https://user-images.githubusercontent.com/31543/139502936-a34cd4f0-0d8e-4f2e-a178-078aab7d00c4.png"> ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This is a continuation (and the final piece!) of aws/jsii#3085 and #17120. Changes cdk-build to use the fixed deprecated list, rather than stripping all deprecated elements. This will enable us to deprecate new elements going forward without stripping them from v2 and breaking customers. closes #16566 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Currently, PR's are auto approved if they either: 1. Contain the `pr/auto-approve` label. 2. Created by `dependabot` 3. Created by `aws-cdk-automation` This is somewhat convoluted, and complicates the responsibility of the `auto-approve` workflow. In addition, this makes it impossible to formulate a single GitHub query to lookup all automated PR's that we expect to be approved and merged without human intervention. This PR switches to a simpler mechanism, by which the `auto-approve` workflow will **only** approve PR's that contain the appropriate label, forcing all PR creators to add the label if they wish to be auto-approved. This means we can now use a simple `label:pr/auto-approve` query to find all those automated PR's. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
closes #16402 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…semblies (#17263) Since #14379, `cdk ls` has outputted friendlier stack names for nested assemblies (e.g., with pipelines). However, `cdk ls --long` still outputs the less-friendly stack IDs. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…d tokens as duplicates (#17221) fixes #17201 The issue is when the same security group uses these functions, so I added a private counter to `SecurityGroupBase`. However, to modify this private counter, `determineRuleScope` and `renderPeer` need to be member functions. These originally weren't member functions for a reason, and that's because `SecurityGroup` also uses these functions. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ode (#17144) Add ability to define a product version entirely within CDK as opposed to referencing templates or local assets. The service catalog `ProductStack` is similar to `NestedStacks` that do not deploy themselves but rather are referenced by the parent stacks. The resources defined in your product are added to the product stack like any other cdk app. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* Co-authored-by: Dillon Ponzo <dponzo18@gmail.com>
I'm trying to implement aws-iot L2 Constructs. This PR is one of steps after following PR: - #16681 (comment) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The integ tests try to be clever to save time, and rebootstrap an account and region pair only if the bootstrap stack does not exist yet. This is not good enough if the **version** of the bootstrap stack changes though (no rebootstrapping will happen), and the following error will occur: ``` ❌ cdktest-0n94n0po827f-test-2 failed: Error: cdktest-0n94n0po827f-test-2: This CDK deployment requires bootstrap stack version '6', found '4'. Please run 'cdk bootstrap'. ``` Instead, always bootstrap every account/region pair at least once per run. It will take some time, but in most cases we'll be able to short-circuit the CFN deployment, so it will take ~2s instead of ~20 per case. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Looks like lambda stopped supporting node 10 for new functions: ```console The runtime parameter of nodejs10.x is no longer supported for creating or updating AWS Lambda functions. We recommend you use the new runtime (nodejs14.x) while creating or updating functions ``` Switch to 12. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
If the regression tests are running in straight up integ test mode, and not regression mode, they don't run with a `FRAMEWORK_VERSION` set. The end result is that they install the version `*` of every library, which always resolves to the v1 version. If we're running in straight-up integ test mode, copy the framework version from the CLI. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Follow up on #17282 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This is a follow-up to #17277: we switched to *always* bootstrapping the environment using the default settings, to automatically upgrade whenever an upgrade was available. However, if we run the integ test using a v1 CLI, the default bootstrap stack will be the legacy bootstrap, and we would actually be trying to *downgrade* it. Instead, always use the modern bootstrap stack. Since legacy apps can be deployed to the modern bootstrap stack, this is not an issue, and if a test actually needs the legacy stack to test something, it will explicitly try to create a fresh legacy bootstrap stack. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The JSON is currently breaking GitHub actions.  ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
Expose FargateCluster's defaultProfile. Fixes #16149 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
`jsii-rosetta infuse` will modify all the assemblies in-place to add examples to types that don't have examples yet. This feature depends on jsii 1.41, and should not be merged before jsii has been upgraded to that version (either by #17187 or by #17190). Depends-On: #17190 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…17308) Follow up fix for #17276 ```console export CANDIDATE_VERSION=1.131.0-rc.0 -- 690 | + CANDIDATE_VERSION=1.131.0-rc.0 691 | /codebuild/output/src644443490/src/package/test/integ/run-against-dist: line 29: FRAMEWORK_VERSION: unbound variable 692 | ++ run_traps ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…-cdk version (#17285) If an environment variable, `$RELEASE_TAG` is defined, it will be appended to the end of the `npm install aws-cdk@` command. This will allow us to run canaries that test against v2 by specifying `RELEASE_TAG=next` in the environment variables. If `$RELEASE_TAG` is not defined, `npm install aws-cdk@latest` will be used. This PR also includes a comment in `release-notes.ts` that the v2 publishing verification canary is dependent on the format of the release notes. part of #16593, see https://github.com/cdklabs/cdk-ops/pull/1769 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The rendering of `additionalInputs` was using a bashism that is not supported by CodeBuild by default. Turn ``` [[ ! -d "directory" ]] ``` into ``` [ ! -d "directory" ] ``` Fixes #17224 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Follow up on #17337 to fix regression suites. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
#16917) when the same trigger is added twice to the Cognito userpool, ```ts const fn = lambda.Function.fromFunctionArn(stack, 'Trigger', 'arn:aws:lambda:us-east-1:123456789012:function:CognitoFunction') const userpool = new cognito.UserPool(stack, 'Userpool', { lambdaTriggers: { customMessage: fn } }) userpool.addTrigger(cognito.UserPoolOperation.CUSTOM_MESSAGE, fn) ``` throws error message: `Error: A trigger for the operation [object Object] already exists.` This PR fixes it as: ` Error: A trigger for the operation customMessage already exists.` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR improves the error message when a lambda-nodejs function fails to bundle. I'm working on moving a client's repository from a "makeshift monorepo" to a real `yarn`/`lerna` driven monorepo. They make heavy use of `NodejsFunction`, so I'm moving them to the newer [reference project architecture](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-lambda-nodejs-readme.html#reference-project-architecture) with a single lockfile at the root of the repository. While working through this issue, I kept running into this error message: ``` > yarn cdk diff Bundling asset SomeLambdaHandler/SomeSubLambda/Lambda/Code/Stage... Usage Error: Couldn't find a script named "esbuild". $ yarn run [--inspect] [--inspect-brk] <scriptName> ... Failed to bundle asset SomeLambdaHandler/SomeSubLambda/Lambda/Code/Stage, bundle output is located at /Users/blimmer/code/client/project/packages/some-workspace/cdk.out/bundling-temp-2f3ffba54d828547eb851ebe672a601943e153ec31fdc5e45f8e80ed976da6d3-error: Error: bash exited with status 1 Subprocess exited with error 1 ``` This was confusing to me because I have `esbuild` installed in both sub-packages that require it. The error message just tells me that `bash` failed to run, which isn't very helpful. However, when I set an interactive breakpoint, I got a lot more information about the failure. By digging into these arguments https://github.com/aws/aws-cdk/blob/507769aa034ba3d8daa497953be629408072baed/packages/%40aws-cdk/aws-lambda-nodejs/lib/util.ts#L56-L57 I can actually see what's being run and which directory it's run in. | argument | contents | comments | | -------- | -------- | -------- | | `cmd` | `bash` | this doesn't really tell me anything about what's happening | | `args` | [ `-c`, `"yarn run esbuild --bundle \"/Users/blimmer/code/client/project/packages/some-workspace/lib/some-sub-lambda/lambda/index.ts\" --target=node14 --platform=node --outfile=\"/Users/blimmer/code/client/project/packages/some-workspace/cdk.out/bundling-temp-2f3ffba54d828547eb851ebe672a601943e153ec31fdc5e45f8e80ed976da6d3/index.js\" --external:aws-sdk"` ] | the second argument of this array actually represents the command being run - this is way more useful than just `bash` | | `options` | `{ ...lotsOfOtherStuff, cwd: '/Users/blimmer/code/client/project' }` | `cwd` was actually crucial for me to fix this problem. because I see this is running in the root of the monorepo, it shows that I need to install `esbuild` there, instead of in the workspaces. | ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add the `--no-immutable` flag when running `yarn`. Closes #17082 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Avail ourselves of the new build cache feature in cdklabs/cdk-ops#1776. Adds two new things: **A persistently cached directory** The directory `$HOME/.s3buildcache` will be stored and restored in the S3 bucket, if configured. The build can assume that files it puts in there will be availble on the next build (and on the corresponding PR build). **Cache rosetta tablet** If there is a file in the persistent cache directory for Rosetta, pass it to `jsii-rosetta` as an input. Afterwards, store whatever tablet the build produced back into the cache directory. The latter will only impact the persistent cache if done on a build that is actually configured to store the cache back, which is only the main pipeline build. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The test was still using the old `lambci` image and this makes the integ test fail apparently. **This currently blocks the build of the repo**. Adapted Dockerfile now that go is not installed in `/go` anymore. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Included in this PR: - chore(ssm): make examples compile - chore(synthetics): make examples compile ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…et rotation (#17363) Add options to configure vpc subnet placement and Secrets Manager API endpoint for the rotation Lambda function. This is required in some VPC configurations where the database is placed in subnets without internet connectivity. Closes #17265 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
There are two problems.
### Python
The `app` template doesn't define any tests (it does, but they are commented out), this makes `pytest` fail during our integ tests:
```console
============================= test session starts ==============================
970 | platform linux -- Python 3.7.3, pytest-6.2.5, py-1.11.0, pluggy-1.0.0
971 | rootdir: /tmp/cdk-init-test
972 | collected 0 items
973 |
974 | ============================ no tests ran in 0.01s =============================
975 | + run_traps
976 | + for cmd in "${TRAPS[@]}"
977 | + echo 'cleanup: kill 121'
978 | cleanup: kill 121
979 | + eval 'kill 121'
980 | ++ kill 121
981 | + for cmd in "${TRAPS[@]}"
982 | + echo 'cleanup: clean_up_nuget_config'
983 | cleanup: clean_up_nuget_config
984 | + eval clean_up_nuget_config
985 | ++ clean_up_nuget_config
986 | ++ log 'Restoring NuGet configuration'
987 | ++ echo '\| Restoring NuGet configuration'
988 | \| Restoring NuGet configuration
989 | ++ '[' -f /root/.nuget/NuGet/NuGet.Config.bak ']'
990 | ++ log '-> Removing /root/.nuget/NuGet/NuGet.Config'
991 | ++ echo '\| -> Removing /root/.nuget/NuGet/NuGet.Config'
992 | \| -> Removing /root/.nuget/NuGet/NuGet.Config
993 | ++ rm -f /root/.nuget/NuGet/NuGet.Config
994 |
995 | [Container] 2021/11/05 05:05:43 Command did not exit successfully /bin/bash /tmp/scriptdir/cdk/init-templates/dispatch.sh exit status 5
996 | [Container] 2021/11/05 05:05:43 Phase complete: BUILD State: FAILED
997 | [Container] 2021/11/05 05:05:43 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: /bin/bash /tmp/scriptdir/cdk/init-templates/dispatch.sh. Reason: exit status 5
998 | [Container] 2021/11/05 05:05:43 Entering phase POST_BUILD
999 | [Container] 2021/11/05 05:05:43 Phase complete: POST_BUILD State: SUCCEEDED
1000 | [Container] 2021/11/05 05:05:43 Phase context status code: Message:
1001
<br class="Apple-interchange-newline">
```
Solution is to uncomment the test method signature and making it an empty test, just like we do with typescript.
### Java
`Map.of` doesn't exist in Java 8 and we are getting complication errors during `mvn package`:
```console
[INFO] -------------------------------------------------------------
--
1018 | [ERROR] COMPILATION ERROR :
1019 | [INFO] -------------------------------------------------------------
1020 | [ERROR] /tmp/cdk-init-test/src/test/java/com/myorg/CdkInitTestStackTest.java:[21,62] cannot find symbol
1021 | symbol: method of(java.lang.String,int)
1022 | location: interface java.util.Map
1023 | [INFO] 1 error
```
Solution is to replace `Map.of` with `new HashMap` that is supported everywhere.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…tensions (#17101) ---- This PR adds `desiredCount`, `targetCpuUtilization` and `targetMemoryUtilization` to the service construct. It also adds `requestsPerTarget` to the `HttpLoadBalancerExtension` props to allow adding target tracking policy based on the ALB request count. It will be followed by another PR to configure queue auto scaling for the SQS Queues in the `QueueExtension`. *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
pr/auto-approve
|
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
It was never visible to customers
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG