diff --git a/.github/workflows/codecov-upload.yml b/.github/workflows/codecov-upload.yml index b593fb952321a..af529b0b52ba1 100644 --- a/.github/workflows/codecov-upload.yml +++ b/.github/workflows/codecov-upload.yml @@ -32,7 +32,7 @@ jobs: run-id: ${{ github.event.workflow_run.id }} - name: Upload to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v6 with: files: ./packages/aws-cdk-lib/core/coverage/cobertura-coverage.xml fail_ci_if_error: true diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml index b5ab4f7e5d6e7..29231abc22c02 100644 --- a/.github/workflows/issue-label-assign.yml +++ b/.github/workflows/issue-label-assign.yml @@ -287,7 +287,7 @@ env: {"area":"@aws-cdk/aws-location-alpha", "keywords":["aws-location", "aws-location-alpha"],"labels":["@aws-cdk/aws-location-alpha"]}, {"area":"@aws-cdk/cli-lib-alpha", "keywords":["cli-lib", "cli-lib-alpha"],"labels":["@aws-cdk/cli-lib-alpha"]}, {"area":"@aws-cdk/aws-applicationsignals-alpha", "keywords":["aws-applicationsignals", "aws-applicationsignals-alpha"],"labels":["@aws-cdk/aws-applicationsignals-alpha"]}, - {"area":"@aws-cdk/aws-s3tables-alpha", "keywords":["aws-s3tables", "aws-s3tables-alpha"],"labels":["@aws-cdk/aws-s3tables-alpha"]}, + {"area":"@aws-cdk/aws-s3tables-alpha", "keywords":["aws-s3tables", "aws-s3tables-alpha", "s3tables", "s3table"],"labels":["@aws-cdk/aws-s3tables-alpha"]}, {"area":"@aws-cdk/aws-pipes-enrichments-alpha", "keywords":["aws-pipes-enrichments", "aws-pipes-enrichments-alpha"],"labels":["@aws-cdk/aws-pipes-enrichments-alpha"]}, {"area":"@aws-cdk/aws-pipes-sources-alpha", "keywords":["aws-pipes-sources", "aws-pipes-sources-alpha"],"labels":["@aws-cdk/aws-pipes-sources-alpha"]}, {"area":"@aws-cdk/aws-pipes-targets-alpha", "keywords":["aws-pipes-targets", "aws-pipes-targets-alpha"],"labels":["@aws-cdk/aws-pipes-targets-alpha"]}, diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index f3bb02466250a..5fe473554a274 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.246.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.245.0-alpha.0...v2.246.0-alpha.0) (2026-03-31) + ## [2.245.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.244.0-alpha.0...v2.245.0-alpha.0) (2026-03-27) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 6d69239490f7f..84f177c00011d 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,25 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.246.0](https://github.com/aws/aws-cdk/compare/v2.245.0...v2.246.0) (2026-03-31) + + +### Features + +* **bedrock:** add MiniMax and GLM foundation model identifiers ([#37348](https://github.com/aws/aws-cdk/issues/37348)) ([2015344](https://github.com/aws/aws-cdk/commit/201534444ac183959119c1849f34931fa8f3d18d)), closes [#37347](https://github.com/aws/aws-cdk/issues/37347) + + +### Bug Fixes + +* **dynamodb:** throw error when grantee is an unsupported ServicePrincipal ([#37335](https://github.com/aws/aws-cdk/issues/37335)) ([d12754f](https://github.com/aws/aws-cdk/commit/d12754fdeda48181b235cbf563358ffeaa1e4c2f)), closes [#35817](https://github.com/aws/aws-cdk/issues/35817) [/github.com/aws/aws-cdk/issues/37273#issuecomment-4099645443](https://github.com/aws//github.com/aws/aws-cdk/issues/37273/issues/issuecomment-4099645443) +* **lambda-nodejs:** use powershell for spawn steps on Windows ([#37412](https://github.com/aws/aws-cdk/issues/37412)) ([a92105c](https://github.com/aws/aws-cdk/commit/a92105c64c4ff30bd85f506ef4f7dec39a923871)), closes [#37387](https://github.com/aws/aws-cdk/issues/37387) +* **core:** noisy property deprecation warnings ([#37415](https://github.com/aws/aws-cdk/pull/37415)) ([4fd0002](https://github.com/aws/aws-cdk/commit/4fd000271d26a3dd9f1617800d07e02b40af7db1)), closes [#37407](https://github.com/aws/aws-cdk/issues/37407) + + +### Reverts + +* **core:** add source tracing for L1 construct property mutations ([#37415](https://github.com/aws/aws-cdk/issues/37415)) ([4fd0002](https://github.com/aws/aws-cdk/commit/4fd000271d26a3dd9f1617800d07e02b40af7db1)), closes [aws/aws-cdk#37285](https://github.com/aws/aws-cdk/issues/37285) + ## [2.245.0](https://github.com/aws/aws-cdk/compare/v2.244.0...v2.245.0) (2026-03-27) diff --git a/docs/DESIGN_GUIDELINES.md b/docs/DESIGN_GUIDELINES.md index b17db6b52e935..1ca4b88a8fb49 100644 --- a/docs/DESIGN_GUIDELINES.md +++ b/docs/DESIGN_GUIDELINES.md @@ -39,7 +39,7 @@ experience across the entire AWS surface area. - [Prefer Additions](#prefer-additions) - [Dropped Mutations](#dropped-mutations) - [Factories](#factories) - - [Imports](#imports) + - [Referenced Resources](#referenced-resources) - [“from” Methods](#from-methods) - [From-attributes](#from-attributes) - [Roles](#roles) @@ -1271,10 +1271,15 @@ export interface ILogGroup { } ``` -### Imports +### Referenced resources + +> "Referenced resources" were formerly called "imported resources", but that may lead to confusion +> because there is also a feature called "cdk import" that actually brings unowned +> resources under CloudFormation's control. Therefore the current preferred terminology +> here has changed to "referencing" instead. Construct classes should expose a set of static factory methods with a -“**from**” prefix that will allow users to import *unowned* constructs into +“**from**” prefix that will allow users to reference *unowned* constructs into their app. The signature of all “from” methods should adhere to the following rules @@ -1282,14 +1287,14 @@ _[awslint:from-signature]_: * First argument must be **scope** of type **Construct**. * Second argument is a **string**. This string will be used to determine the - ID of the new construct. If the import method uses some value that is + ID of the new construct. If the referencing method uses some value that is promised to be unique within the stack scope (such as ARN, export name), this value can be reused as the construct ID. * Returns an object that implements the construct interface (**IFoo**). #### “from” Methods -Resource constructs should export static “from” methods for importing unowned +Resource constructs should export static “from” methods for referencing unowned resources given one or more of its physical attributes such as ARN, name, etc. All constructs should have at least one `fromXxx` method _[awslint:from-method]_: @@ -1307,7 +1312,7 @@ static fromFooName(scope: Construct, id: string, bucketName: string): IFoo; can use **Stack.parseArn** to achieve this purpose. If a resource has an ARN attribute, it should implement at least a **fromFooArn** -import method [_awslint:from-arn_]. +referencing method [_awslint:from-arn_]. To implement **fromAttribute** methods, use the abstract base class construct as follows: @@ -1333,7 +1338,7 @@ If a resource has more than a single attribute (“ARN” and “name” are usu considered a single attribute since it's usually possible to convert one to the other), then the resource should provide a static **fromAttributes** method to allow users to explicitly supply values to all resource attributes when they -import an external (unowned) resource [_awslint:from-attributes_]. +reference an external (unowned) resource [_awslint:from-attributes_]. ```ts static fromFooAttributes(scope: Construct, id: string, attrs: FooAttributes): IFoo; @@ -1348,29 +1353,33 @@ the user. Constructs that represent such resources should conform to the following guidelines. -An optional prop called **role** of type **iam.IRole** should be exposed to allow +An optional prop called **role** of type **iam.IRoleRef** should be exposed to allow users to "bring their own role", and use either an owned or unowned role _[awslint:role-config-prop]_. +If the construct is going to grant permissions to the role, which is usually the case, +the type should include **iam.IGrantable**, in a type intersection as follows: + ```ts interface FooProps { /** * The role to associate with foo. + * * @default - a role will be automatically created */ - role?: iam.IRole; + role?: iam.IRoleRef & iam.IGrantable; } ``` -The construct interface should expose a **role** property, and extends +The construct interface should expose a **role** property, and extend **iam.IGrantable** _[awslint:role-property]_: ```ts interface IFoo extends iam.IGrantable { /** - * The role associated with foo. If foo is imported, no role will be available. + * The role associated with foo. If foo is an unowned resource, no role will be available. */ - readonly role?: iam.IRole; + readonly role?: iam.IRoleRef; } ``` @@ -1392,7 +1401,7 @@ this resource should have the specified permission. Implementing **IGrantable** brings an implementation burden of **grantPrincipal: IPrincipal**. This property must be set to the **role** if available, or to a -new **iam.ImportedResourcePrincipal** if the resource is imported and the role +new **iam.ImportedResourcePrincipal** if the resource is referenced and the role is not available. ### Resource Policies @@ -1513,7 +1522,7 @@ To enable grant methods to work with L1 constructs, the CDK uses factory interfaces called [Traits](#traits) that wrap L1 resources into objects exposing higher-level interfaces: -- `IResourcePolicyFactory` wraps an L1 into an object implementing `IResourceWithPolicyV2`, enabling resource policy +- `IResourcePolicyFactory` wraps an L1 into an object implementing `IResourceWithPolicyV2`, enabling resource policy manipulation. - `IEncryptedResourceFactory` wraps an L1 into an object implementing `IEncryptedResource`, enabling KMS key grants. @@ -1542,7 +1551,7 @@ class MyFactory implements IResourcePolicyFactory { } } -// After this, every time the Grants class encounters a CfnResource of type 'AWS::Some::Type', +// After this, every time the Grants class encounters a CfnResource of type 'AWS::Some::Type', // it will be able to use MyFactory to attempt to add statements to its resource policy. ResourceWithPolicies.register(scope, 'AWS::Some::Type', new MyFactory()); ``` @@ -1580,8 +1589,8 @@ where: * `Topic` - the class to generate grants for. This will lead to a class named TopicGrants. * `isEncrypted` - indicates whether the resource is encrypted with a KMS key. When true, the `actions()` method will have an `options` parameter of type `EncryptedPermissionOptions` that allows users to specify additional KMS permissions -to be granted on the key. If left undefined, but at least one grant method includes `keyActions`, the CDK will assume -that the resource is encrypted and the same behavior will apply. Note that if `isEncrypted` is explicitly set to false, +to be granted on the key. If left undefined, but at least one grant method includes `keyActions`, the CDK will assume +that the resource is encrypted and the same behavior will apply. Note that if `isEncrypted` is explicitly set to false, it is an error to specify `keyActions` in any of the grants. * `hasResourcePolicy` - indicates whether the resource supports a resource policy. When true, all auto-generated methods in the Grants class will attempt to add statements to the resource policy when applicable. When false, the methods will only modify the principal's policy. * `publish` - the name of a grant. @@ -1592,13 +1601,13 @@ it is an error to specify `keyActions` in any of the grants. Code generated from the `grants.json` file will have a very basic logic: it will try to add the given statement to the principal's policy. If `hasResourcePolicy` is true, it will also attempt to add the statement to the resource policy. -This will only work if the resource implements the `iam.IResourceWithPolicyV2` interface or -- in case of L1s -- if +This will only work if the resource implements the `iam.IResourceWithPolicyV2` interface or -- in case of L1s -- if there is a `IResourcePolicyFactory` registered for its type (see previous section). If `keyActions` are specified in the -JSON file, it will also attempt to grant the specified permissions on the associated KMS key, if the resource implements +JSON file, it will also attempt to grant the specified permissions on the associated KMS key, if the resource implements the `iam.IEncryptedResource` interface (or, similarly to resource policies, if there is a `IEncryptedResourceFactory` registered for it). -If your permission use case requires additional logic, such as combining multiple `Grant` instances or handling +If your permission use case requires additional logic, such as combining multiple `Grant` instances or handling additional parameters, you will need to implement the Grants class manually. Historically, grant methods were implemented directly on the resource construct interface (e.g. diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/cdk.out new file mode 100644 index 0000000000000..b6f533e0999e9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"52.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grant-service-principal-test-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grant-service-principal-test-stack.assets.json new file mode 100644 index 0000000000000..e2ae21ce6aae8 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grant-service-principal-test-stack.assets.json @@ -0,0 +1,20 @@ +{ + "version": "52.0.0", + "files": { + "311c7f5f7b4db1d5c6c1090019b6a5a71f092034924d987ffe13641a93df572b": { + "displayName": "grant-service-principal-test-stack Template", + "source": { + "path": "grant-service-principal-test-stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-63818e53": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "311c7f5f7b4db1d5c6c1090019b6a5a71f092034924d987ffe13641a93df572b.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grant-service-principal-test-stack.metadata.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grant-service-principal-test-stack.metadata.json new file mode 100644 index 0000000000000..ecb613d38e7be --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grant-service-principal-test-stack.metadata.json @@ -0,0 +1,62 @@ +{ + "/grant-service-principal-test-stack/Table": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "partitionKey": { + "name": "*", + "type": "S" + }, + "removalPolicy": "destroy" + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToResourcePolicy": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToResourcePolicy": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToResourcePolicy": [ + {} + ] + } + } + ], + "/grant-service-principal-test-stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/grant-service-principal-test-stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ], + "/grant-service-principal-test-stack/Table/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TableCD117FA1" + } + ], + "/grant-service-principal-test-stack/Table/ScalingRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grant-service-principal-test-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grant-service-principal-test-stack.template.json new file mode 100644 index 0000000000000..69483fbfed5c7 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grant-service-principal-test-stack.template.json @@ -0,0 +1,91 @@ +{ + "Resources": { + "TableCD117FA1": { + "Type": "AWS::DynamoDB::Table", + "Properties": { + "AttributeDefinitions": [ + { + "AttributeName": "id", + "AttributeType": "S" + } + ], + "KeySchema": [ + { + "AttributeName": "id", + "KeyType": "HASH" + } + ], + "ProvisionedThroughput": { + "ReadCapacityUnits": 5, + "WriteCapacityUnits": 5 + }, + "ResourcePolicy": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:UpdateItem" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "glue.amazonaws.com", + "redshift.amazonaws.com", + "replication.dynamodb.amazonaws.com" + ] + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.assets.json new file mode 100644 index 0000000000000..7bcaa28e0be02 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.assets.json @@ -0,0 +1,20 @@ +{ + "version": "52.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E Template", + "source": { + "path": "grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-d8d86b35": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.metadata.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.metadata.json new file mode 100644 index 0000000000000..369c75158de1d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.metadata.json @@ -0,0 +1,14 @@ +{ + "/grant-service-principal-integ-test/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/grant-service-principal-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/integ.json new file mode 100644 index 0000000000000..0e458e251f2c4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "52.0.0", + "testCases": { + "grant-service-principal-integ-test/DefaultTest": { + "stacks": [ + "grant-service-principal-test-stack" + ], + "assertionStack": "grant-service-principal-integ-test/DefaultTest/DeployAssert", + "assertionStackName": "grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E" + } + }, + "minimumCliVersion": "2.1107.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/manifest.json new file mode 100644 index 0000000000000..c477ffeb05c5d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/manifest.json @@ -0,0 +1,589 @@ +{ + "version": "52.0.0", + "artifacts": { + "grant-service-principal-test-stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "grant-service-principal-test-stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "grant-service-principal-test-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "grant-service-principal-test-stack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/311c7f5f7b4db1d5c6c1090019b6a5a71f092034924d987ffe13641a93df572b.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "grant-service-principal-test-stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "grant-service-principal-test-stack.assets" + ], + "additionalMetadataFile": "grant-service-principal-test-stack.metadata.json", + "displayName": "grant-service-principal-test-stack" + }, + "grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.assets" + ], + "additionalMetadataFile": "grantserviceprincipalintegtestDefaultTestDeployAssert56CD1E2E.metadata.json", + "displayName": "grant-service-principal-integ-test/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "userValue": true, + "recommendedValue": true, + "explanation": "Pass signingProfileName to CfnSigningProfile" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "userValue": true, + "recommendedValue": true, + "explanation": "Disable implicit openListener when custom security groups are provided" + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-eks:useNativeOidcProvider": { + "recommendedValue": true, + "explanation": "When enabled, EKS V2 clusters will use the native OIDC provider resource AWS::IAM::OIDCProvider instead of creating the OIDCProvider with a custom resource (iam.OpenIDConnectProvider)." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + }, + "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, Network Load Balancer will be created with a security group by default." + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" + }, + "@aws-cdk/aws-route53-patterns:useDistribution": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the `Distribution` resource instead of `CloudFrontWebDistribution`" + }, + "@aws-cdk/aws-elasticloadbalancingv2:usePostQuantumTlsPolicy": { + "recommendedValue": true, + "explanation": "When enabled, HTTPS/TLS listeners use post-quantum TLS policy by default" + }, + "@aws-cdk/core:automaticL1Traits": { + "recommendedValue": true, + "explanation": "Automatically use the default L1 traits for L1 constructs`", + "unconfiguredBehavesLike": { + "v2": true + } + } + } + } + } + }, + "minimumCliVersion": "2.1106.1" +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/tree.json new file mode 100644 index 0000000000000..e5eae8a9cf39d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.js.snapshot/tree.json @@ -0,0 +1 @@ +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"grant-service-principal-test-stack":{"id":"grant-service-principal-test-stack","path":"grant-service-principal-test-stack","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"Table":{"id":"Table","path":"grant-service-principal-test-stack/Table","constructInfo":{"fqn":"aws-cdk-lib.aws_dynamodb.Table","version":"0.0.0"},"children":{"Resource":{"id":"Resource","path":"grant-service-principal-test-stack/Table/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_dynamodb.CfnTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::DynamoDB::Table","aws:cdk:cloudformation:props":{"attributeDefinitions":[{"attributeName":"id","attributeType":"S"}],"keySchema":[{"attributeName":"id","keyType":"HASH"}],"provisionedThroughput":{"readCapacityUnits":5,"writeCapacityUnits":5},"resourcePolicy":{"policyDocument":{"Statement":[{"Action":["dynamodb:BatchGetItem","dynamodb:BatchWriteItem","dynamodb:ConditionCheckItem","dynamodb:DeleteItem","dynamodb:DescribeTable","dynamodb:GetItem","dynamodb:PutItem","dynamodb:Query","dynamodb:Scan","dynamodb:UpdateItem"],"Effect":"Allow","Principal":{"Service":["glue.amazonaws.com","redshift.amazonaws.com","replication.dynamodb.amazonaws.com"]},"Resource":"*"}],"Version":"2012-10-17"}}}}},"ScalingRole":{"id":"ScalingRole","path":"grant-service-principal-test-stack/Table/ScalingRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0"}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"grant-service-principal-test-stack/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"grant-service-principal-test-stack/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"grant-service-principal-integ-test":{"id":"grant-service-principal-integ-test","path":"grant-service-principal-integ-test","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"grant-service-principal-integ-test/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"grant-service-principal-integ-test/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}},"DeployAssert":{"id":"DeployAssert","path":"grant-service-principal-integ-test/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"grant-service-principal-integ-test/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"grant-service-principal-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.ts new file mode 100644 index 0000000000000..7b0e2d609ce12 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.dynamodb.grant-service-principal.ts @@ -0,0 +1,30 @@ +/** + * Integration test for DynamoDB grant methods with allowlisted service principals. + * + * Validates that the three known-valid service principals can be granted + * access to DynamoDB tables via grant* methods without error, and that + * the resulting resource policies are correctly synthesized. + * + * @see https://github.com/aws/aws-cdk/issues/37273 + */ + +import { App, RemovalPolicy, Stack } from 'aws-cdk-lib'; +import * as dynamodb from 'aws-cdk-lib/aws-dynamodb'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new App(); +const stack = new Stack(app, 'grant-service-principal-test-stack'); + +const table = new dynamodb.Table(stack, 'Table', { + partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING }, + removalPolicy: RemovalPolicy.DESTROY, +}); + +table.grantReadWriteData(new iam.ServicePrincipal('redshift.amazonaws.com')); +table.grantReadWriteData(new iam.ServicePrincipal('replication.dynamodb.amazonaws.com')); +table.grantReadWriteData(new iam.ServicePrincipal('glue.amazonaws.com')); + +new IntegTest(app, 'grant-service-principal-integ-test', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target-assets/package-lock.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target-assets/package-lock.json index 1c49c6f817350..23b36e196d6c1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target-assets/package-lock.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target-assets/package-lock.json @@ -554,9 +554,10 @@ } }, "node_modules/path-to-regexp": { - "version": "0.1.12", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", - "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==" + "version": "0.1.13", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz", + "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==", + "license": "MIT" }, "node_modules/proxy-addr": { "version": "2.0.7", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target.js.snapshot/asset.fdbbabeab76a41188fbdf182a8c09848a1ea72525524d7bc2c373c6e1eb2c1c4.elastic-beanstalk-environment-target-assets/package-lock.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target.js.snapshot/asset.fdbbabeab76a41188fbdf182a8c09848a1ea72525524d7bc2c373c6e1eb2c1c4.elastic-beanstalk-environment-target-assets/package-lock.json index 1c49c6f817350..23b36e196d6c1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target.js.snapshot/asset.fdbbabeab76a41188fbdf182a8c09848a1ea72525524d7bc2c373c6e1eb2c1c4.elastic-beanstalk-environment-target-assets/package-lock.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target.js.snapshot/asset.fdbbabeab76a41188fbdf182a8c09848a1ea72525524d7bc2c373c6e1eb2c1c4.elastic-beanstalk-environment-target-assets/package-lock.json @@ -554,9 +554,10 @@ } }, "node_modules/path-to-regexp": { - "version": "0.1.12", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", - "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==" + "version": "0.1.13", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz", + "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==", + "license": "MIT" }, "node_modules/proxy-addr": { "version": "2.0.7", diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/staging-stack.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/staging-stack.ts index ecd32587d6edc..23bbd96a6cc37 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/staging-stack.ts +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/staging-stack.ts @@ -82,7 +82,7 @@ export interface IStagingResourcesFactory { /** * Return an object that will manage staging resources for the given stack * - * This is called whenever the the `AppStagingSynthesizer` binds to a specific + * This is called whenever the `AppStagingSynthesizer` binds to a specific * stack, and allows selecting where the staging resources go. * * This method can choose to either create a new construct (perhaps a stack) diff --git a/packages/@aws-cdk/aws-bedrock-alpha/bedrock/inference-profiles/application-inference-profile.ts b/packages/@aws-cdk/aws-bedrock-alpha/bedrock/inference-profiles/application-inference-profile.ts index 0f5706db1a30a..5b0e12c36d210 100644 --- a/packages/@aws-cdk/aws-bedrock-alpha/bedrock/inference-profiles/application-inference-profile.ts +++ b/packages/@aws-cdk/aws-bedrock-alpha/bedrock/inference-profiles/application-inference-profile.ts @@ -23,7 +23,7 @@ export interface ApplicationInferenceProfileProps { * - Maximum length: 64 characters * - Pattern: `^([0-9a-zA-Z:.][ _-]?)+$` * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-bedrock-applicationinferenceprofile.html#cfn-bedrock-applicationinferenceprofile-inferenceprofilename + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-bedrock-applicationinferenceprofile.html#cfn-bedrock-applicationinferenceprofile-inferenceprofilename */ readonly applicationInferenceProfileName: string; @@ -34,7 +34,7 @@ export interface ApplicationInferenceProfileProps { * - Maximum length: 200 characters when provided * - Pattern: `^([0-9a-zA-Z:.][ _-]?)+$` * @default - No description is provided - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-bedrock-applicationinferenceprofile.html#cfn-bedrock-applicationinferenceprofile-description + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-bedrock-applicationinferenceprofile.html#cfn-bedrock-applicationinferenceprofile-description */ readonly description?: string; diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md index ab7423f5cc055..71bc4b49dd590 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/README.md +++ b/packages/@aws-cdk/aws-ec2-alpha/README.md @@ -584,7 +584,7 @@ You can import an existing VPC and its subnets using the `VpcV2.fromVpcV2Attribu To import an existing VPC, use the `VpcV2.fromVpcV2Attributes()` method. You'll need to provide the VPC ID, primary CIDR block, and information about the subnets. You can import secondary address as well created through IPAM, BYOIP(IPv4) or enabled through Amazon Provided IPv6. You must provide VPC Id and its primary CIDR block for importing it. -If you wish to add a new subnet to imported VPC, new subnet's IP range(IPv4) will be validated against provided secondary and primary address block to confirm that it is within the the range of VPC. +If you wish to add a new subnet to imported VPC, new subnet's IP range(IPv4) will be validated against provided secondary and primary address block to confirm that it is within the range of VPC. Here's an example of importing a VPC with only the required parameters diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts index b142d321cd5b4..bf6e7f99264bf 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts @@ -60,7 +60,7 @@ export interface IpamProps { * The operating Regions for an IPAM. * Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs * For more information about operating Regions, see [Create an IPAM](https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html) in the *Amazon VPC IPAM User Guide* . - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html#cfn-ec2-ipam-operatingregions + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html#cfn-ec2-ipam-operatingregions * * @default - Stack.region if defined in the stack */ @@ -113,7 +113,7 @@ export interface PoolOptions { * Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. * You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. * Note that once you choose a Locale for a pool, you cannot modify it. If you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error. - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-locale + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-locale * * @default - Current operating region of IPAM */ @@ -133,7 +133,7 @@ export interface PoolOptions { * * "ec2", for example, allows users to use space for Elastic IP addresses and VPCs. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-awsservice + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html#cfn-ec2-ipampool-awsservice * * @default - required in case of an IPv6, throws an error if not provided. */ diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/util.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/util.ts index 6be6353e57ecc..d120a0a1930aa 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/util.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/util.ts @@ -439,7 +439,6 @@ export class CidrBlockIpv6 { const blocks = this.parseBigIntParts(ipv6Address); let ipv6Number = BigInt(0); for (const block of blocks) { - /* tslint:disable:no-bitwise */ ipv6Number = (ipv6Number << BigInt(16)) + block; } return ipv6Number; diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts index b2c33706a94dd..70737facdc9e0 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts @@ -114,7 +114,7 @@ export interface InternetGatewayOptions{ export interface VPNGatewayV2Options { /** * The type of VPN connection the virtual private gateway supports. - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html#cfn-ec2-vpngateway-type + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html#cfn-ec2-vpngateway-type */ readonly type: VpnConnectionType; @@ -135,7 +135,7 @@ export interface VPNGatewayV2Options { /** * Subnets where the route propagation should be added. * - * @default - no propogation for routes + * @default - no propagation for routes */ readonly vpnRoutePropagation?: SubnetSelection[]; } @@ -203,10 +203,10 @@ export interface IVpcV2 extends IVpc { addInternetGateway(options?: InternetGatewayOptions): InternetGateway; /** - * Adds VPN Gateway to VPC and set route propogation. + * Adds VPN Gateway to VPC and set route propagation. * For more information, see the {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpngateway.html}. * - * @default - no route propogation + * @default - no route propagation */ enableVpnGatewayV2(options: VPNGatewayV2Options): VPNGatewayV2; diff --git a/packages/@aws-cdk/aws-gamelift-alpha/lib/fleet-base.ts b/packages/@aws-cdk/aws-gamelift-alpha/lib/fleet-base.ts index 96a4e4271eb82..4f191d14f5255 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/lib/fleet-base.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/lib/fleet-base.ts @@ -308,7 +308,7 @@ export interface FleetProps { * The GameLift-supported Amazon EC2 instance type to use for all fleet instances. * Instance type determines the computing resources that will be used to host your game servers, including CPU, memory, storage, and networking capacity. * - * @see http://aws.amazon.com/ec2/instance-types/ for detailed descriptions of Amazon EC2 instance types. + * @see https://aws.amazon.com/ec2/instance-types/ for detailed descriptions of Amazon EC2 instance types. */ readonly instanceType: ec2.InstanceType; diff --git a/packages/@aws-cdk/aws-pipes-alpha/lib/enrichment.ts b/packages/@aws-cdk/aws-pipes-alpha/lib/enrichment.ts index 10f2843af6961..29f908f06119e 100644 --- a/packages/@aws-cdk/aws-pipes-alpha/lib/enrichment.ts +++ b/packages/@aws-cdk/aws-pipes-alpha/lib/enrichment.ts @@ -5,7 +5,7 @@ import type { IPipe } from '.'; /** * The parameters required to set up enrichment on your pipe. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipeenrichmentparameters.html + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipeenrichmentparameters.html */ export interface EnrichmentParametersConfig { diff --git a/packages/@aws-cdk/aws-pipes-alpha/lib/logs.ts b/packages/@aws-cdk/aws-pipes-alpha/lib/logs.ts index b02b23e2fdfb5..78657c843aff2 100644 --- a/packages/@aws-cdk/aws-pipes-alpha/lib/logs.ts +++ b/packages/@aws-cdk/aws-pipes-alpha/lib/logs.ts @@ -104,7 +104,7 @@ export interface LogDestinationParameters { /** * The logging configuration settings for the pipe. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipelogconfiguration.html#cfn-pipes-pipe-pipelogconfiguration-cloudwatchlogslogdestination + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipelogconfiguration.html#cfn-pipes-pipe-pipelogconfiguration-cloudwatchlogslogdestination * * @default - none */ @@ -113,7 +113,7 @@ export interface LogDestinationParameters { /** * The Amazon Data Firehose logging configuration settings for the pipe. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipelogconfiguration.html#cfn-pipes-pipe-pipelogconfiguration-firehoselogdestination + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipelogconfiguration.html#cfn-pipes-pipe-pipelogconfiguration-firehoselogdestination * * @default - none */ @@ -122,7 +122,7 @@ export interface LogDestinationParameters { /** * The Amazon S3 logging configuration settings for the pipe. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipelogconfiguration.html#cfn-pipes-pipe-pipelogconfiguration-s3logdestination + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipelogconfiguration.html#cfn-pipes-pipe-pipelogconfiguration-s3logdestination * * @default - none */ diff --git a/packages/@aws-cdk/aws-pipes-alpha/lib/pipe.ts b/packages/@aws-cdk/aws-pipes-alpha/lib/pipe.ts index 6fe5739cefa82..23624abcccbf3 100644 --- a/packages/@aws-cdk/aws-pipes-alpha/lib/pipe.ts +++ b/packages/@aws-cdk/aws-pipes-alpha/lib/pipe.ts @@ -97,7 +97,7 @@ export interface PipeProps { /** * Name of the pipe in the AWS console * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-pipes-pipe.html#cfn-pipes-pipe-name + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-pipes-pipe.html#cfn-pipes-pipe-name * * @default - automatically generated name */ @@ -138,7 +138,7 @@ export interface PipeProps { * * For more information, see [Including execution data in logs](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-logs.html#eb-pipes-logs-execution-data) and the [message schema](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-logs-schema.html) in the *Amazon EventBridge User Guide* . * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipelogconfiguration.html#cfn-pipes-pipe-pipelogconfiguration-includeexecutiondata + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipelogconfiguration.html#cfn-pipes-pipe-pipelogconfiguration-includeexecutiondata * @default - none */ readonly logIncludeExecutionData?: IncludeExecutionData[]; @@ -146,7 +146,7 @@ export interface PipeProps { /** * A description of the pipe displayed in the AWS console * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-pipes-pipe.html#cfn-pipes-pipe-description + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-pipes-pipe.html#cfn-pipes-pipe-description * * @default - no description */ @@ -164,7 +164,7 @@ export interface PipeProps { /** * The list of key-value pairs to associate with the pipe. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-pipes-pipe.html#cfn-pipes-pipe-tags + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-pipes-pipe.html#cfn-pipes-pipe-tags * * @default - no tags */ diff --git a/packages/@aws-cdk/aws-pipes-sources-alpha/lib/sqs.ts b/packages/@aws-cdk/aws-pipes-sources-alpha/lib/sqs.ts index f3fc920b7a850..3a4e5c5d884fc 100644 --- a/packages/@aws-cdk/aws-pipes-sources-alpha/lib/sqs.ts +++ b/packages/@aws-cdk/aws-pipes-sources-alpha/lib/sqs.ts @@ -10,7 +10,7 @@ export interface SqsSourceParameters { /** * The maximum number of records to include in each batch. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipesourcesqsqueueparameters.html#cfn-pipes-pipe-pipesourcesqsqueueparameters-batchsize + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipesourcesqsqueueparameters.html#cfn-pipes-pipe-pipesourcesqsqueueparameters-batchsize * @default 10 */ readonly batchSize?: number; @@ -18,7 +18,7 @@ export interface SqsSourceParameters { /** * The maximum length of a time to wait for events. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipesourcesqsqueueparameters.html#cfn-pipes-pipe-pipesourcesqsqueueparameters-maximumbatchingwindowinseconds + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipesourcesqsqueueparameters.html#cfn-pipes-pipe-pipesourcesqsqueueparameters-maximumbatchingwindowinseconds * @default 1 */ readonly maximumBatchingWindow?: Duration; diff --git a/packages/@aws-cdk/aws-pipes-targets-alpha/lib/sqs.ts b/packages/@aws-cdk/aws-pipes-targets-alpha/lib/sqs.ts index f5eed1502de06..dc42fc8f0d530 100644 --- a/packages/@aws-cdk/aws-pipes-targets-alpha/lib/sqs.ts +++ b/packages/@aws-cdk/aws-pipes-targets-alpha/lib/sqs.ts @@ -19,7 +19,7 @@ export interface SqsTargetParameters { * * The token used for deduplication of sent messages. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipetargetsqsqueueparameters.html#cfn-pipes-pipe-pipetargetsqsqueueparameters-messagededuplicationid + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipetargetsqsqueueparameters.html#cfn-pipes-pipe-pipetargetsqsqueueparameters-messagededuplicationid * @default - none */ readonly messageDeduplicationId?: string; @@ -27,7 +27,7 @@ export interface SqsTargetParameters { /** * The FIFO message group ID to use as the target. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipetargetsqsqueueparameters.html#cfn-pipes-pipe-pipetargetsqsqueueparameters-messagegroupid + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipetargetsqsqueueparameters.html#cfn-pipes-pipe-pipetargetsqsqueueparameters-messagegroupid * @default - none */ readonly messageGroupId?: string; diff --git a/packages/@aws-cdk/aws-pipes-targets-alpha/lib/stepfunctions.ts b/packages/@aws-cdk/aws-pipes-targets-alpha/lib/stepfunctions.ts index 372d1c4498b02..6c75eba727e1a 100644 --- a/packages/@aws-cdk/aws-pipes-targets-alpha/lib/stepfunctions.ts +++ b/packages/@aws-cdk/aws-pipes-targets-alpha/lib/stepfunctions.ts @@ -18,7 +18,7 @@ export interface SfnStateMachineParameters { /** * Specify whether to invoke the State Machine synchronously (`REQUEST_RESPONSE`) or asynchronously (`FIRE_AND_FORGET`). * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipetargetsqsqueueparameters.html#cfn-pipes-pipe-pipetargetsqsqueueparameters-messagededuplicationid + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipetargetsqsqueueparameters.html#cfn-pipes-pipe-pipetargetsqsqueueparameters-messagededuplicationid * @default StateMachineInvocationType.FIRE_AND_FORGET */ readonly invocationType?: StateMachineInvocationType; diff --git a/packages/@aws-cdk/aws-s3tables-alpha/lib/table.ts b/packages/@aws-cdk/aws-s3tables-alpha/lib/table.ts index c68259a957037..5a6665e8caeb0 100644 --- a/packages/@aws-cdk/aws-s3tables-alpha/lib/table.ts +++ b/packages/@aws-cdk/aws-s3tables-alpha/lib/table.ts @@ -508,13 +508,13 @@ export interface TablePropertyEntry { /** * Contains details about the metadata for an Iceberg table. - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3tables-table-icebergmetadata.html + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3tables-table-icebergmetadata.html */ export interface IcebergMetadataProperty { /** * Contains details about the schema for an Iceberg table. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3tables-table-icebergmetadata.html#cfn-s3tables-table-icebergmetadata-icebergschema + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3tables-table-icebergmetadata.html#cfn-s3tables-table-icebergmetadata-icebergschema */ readonly icebergSchema: IcebergSchemaProperty; diff --git a/packages/@aws-cdk/custom-resource-handlers/lib/aws-route53/cross-account-zone-delegation-handler/index.ts b/packages/@aws-cdk/custom-resource-handlers/lib/aws-route53/cross-account-zone-delegation-handler/index.ts index 81d330f640ff1..ba4e8ec9980af 100644 --- a/packages/@aws-cdk/custom-resource-handlers/lib/aws-route53/cross-account-zone-delegation-handler/index.ts +++ b/packages/@aws-cdk/custom-resource-handlers/lib/aws-route53/cross-account-zone-delegation-handler/index.ts @@ -106,7 +106,7 @@ async function getHostedZoneIdByName(name: string, route53: Route53): Promise arg, true if the key attribute k is greater than the the Query argument + * Condition k > arg, true if the key attribute k is greater than the Query argument */ public static gt(keyName: string, arg: string): KeyCondition { return new KeyCondition(new BinaryCondition(keyName, '>', arg)); diff --git a/packages/aws-cdk-lib/aws-appsync/lib/schema.ts b/packages/aws-cdk-lib/aws-appsync/lib/schema.ts index c051386bf73d7..f9e010de4bca5 100644 --- a/packages/aws-cdk-lib/aws-appsync/lib/schema.ts +++ b/packages/aws-cdk-lib/aws-appsync/lib/schema.ts @@ -65,7 +65,7 @@ export class SchemaFile implements ISchema { /** * Generate a Schema from file * - * @returns `SchemaAsset` with immutable schema defintion + * @returns `SchemaAsset` with immutable schema definition * @param filePath the file path of the schema file */ public static fromAsset(filePath: string): SchemaFile { diff --git a/packages/aws-cdk-lib/aws-batch/lib/scheduling-policy.ts b/packages/aws-cdk-lib/aws-batch/lib/scheduling-policy.ts index 3d51802cc77f6..07ce460a05e06 100644 --- a/packages/aws-cdk-lib/aws-batch/lib/scheduling-policy.ts +++ b/packages/aws-cdk-lib/aws-batch/lib/scheduling-policy.ts @@ -205,7 +205,7 @@ export class FairshareSchedulingPolicy extends SchedulingPolicyBase implements I public static readonly PROPERTY_INJECTION_ID: string = 'aws-cdk-lib.aws-batch.FairshareSchedulingPolicy'; /** - * Reference an exisiting Scheduling Policy by its ARN + * Reference an existing Scheduling Policy by its ARN */ public static fromFairshareSchedulingPolicyArn(scope: Construct, id: string, fairshareSchedulingPolicyArn: string): IFairshareSchedulingPolicy { const stack = Stack.of(scope); diff --git a/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts b/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts index 4e1429861d523..42c35df4ac644 100644 --- a/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts +++ b/packages/aws-cdk-lib/aws-bedrock/lib/foundation-model.ts @@ -428,6 +428,15 @@ export class FoundationModelIdentifier { /** Base model "meta.llama4-scout-17b-instruct-v1:0". */ public static readonly META_LLAMA_4_SCOUT_17B_INSTRUCT_V1_0 = new FoundationModelIdentifier('meta.llama4-scout-17b-instruct-v1:0'); + /** Base model "minimax.minimax-m2". */ + public static readonly MINIMAX_MINIMAX_M2 = new FoundationModelIdentifier('minimax.minimax-m2'); + + /** Base model "minimax.minimax-m2.1". */ + public static readonly MINIMAX_MINIMAX_M2_1 = new FoundationModelIdentifier('minimax.minimax-m2.1'); + + /** Base model "minimax.minimax-m2.5". */ + public static readonly MINIMAX_MINIMAX_M2_5 = new FoundationModelIdentifier('minimax.minimax-m2.5'); + /** Base model "mistral.mistral-7b-instruct-v0:2". */ public static readonly MISTRAL_MISTRAL_7B_INSTRUCT_V0_2 = new FoundationModelIdentifier('mistral.mistral-7b-instruct-v0:2'); @@ -515,6 +524,15 @@ export class FoundationModelIdentifier { /** Basic model "twelvelabs.marengo-embed-3-0-v1:0" */ public static readonly TWELVELABS_MARENGO_EMBED_3_0_V1_0 = new FoundationModelIdentifier('twelvelabs.marengo-embed-3-0-v1:0'); + /** Base model "zai.glm-4.7". */ + public static readonly ZAI_GLM_4_7 = new FoundationModelIdentifier('zai.glm-4.7'); + + /** Base model "zai.glm-4.7-flash". */ + public static readonly ZAI_GLM_4_7_FLASH = new FoundationModelIdentifier('zai.glm-4.7-flash'); + + /** Base model "zai.glm-5". */ + public static readonly ZAI_GLM_5 = new FoundationModelIdentifier('zai.glm-5'); + /** * Constructor for foundation model identifier * @param modelId the model identifier diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lib/dns-validated-certificate.ts b/packages/aws-cdk-lib/aws-certificatemanager/lib/dns-validated-certificate.ts index 530eacebcfa06..73a854f57713d 100644 --- a/packages/aws-cdk-lib/aws-certificatemanager/lib/dns-validated-certificate.ts +++ b/packages/aws-cdk-lib/aws-certificatemanager/lib/dns-validated-certificate.ts @@ -157,7 +157,7 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi Region: props.region, Route53Endpoint: props.route53Endpoint, RemovalPolicy: cdk.Lazy.any({ produce: () => this._removalPolicy }), - // Custom resources properties are always converted to strings; might as well be explict here. + // Custom resources properties are always converted to strings; might as well be explicit here. CleanupRecords: props.cleanupRoute53Records ? 'true' : undefined, Tags: cdk.Lazy.list({ produce: () => this.tags.renderTags() }), }, diff --git a/packages/aws-cdk-lib/aws-chatbot/README.md b/packages/aws-cdk-lib/aws-chatbot/README.md index 3a0e05ffb138f..98ef6e3c2cf44 100644 --- a/packages/aws-cdk-lib/aws-chatbot/README.md +++ b/packages/aws-cdk-lib/aws-chatbot/README.md @@ -33,7 +33,7 @@ Slack channel configuration automatically create a log group with the name `/aws log data set to never expire. The `logRetention` property can be used to set a different expiration period. A log group will be created if not already exists. -If the log group already exists, it's expiration will be configured to the value specified in this construct (never expire, by default). +If the log group already exists, its expiration will be configured to the value specified in this construct (never expire, by default). By default, CDK uses the AWS SDK retry options when interacting with the log group. The `logRetentionRetryOptions` property allows you to customize the maximum number of retries and base backoff duration. diff --git a/packages/aws-cdk-lib/aws-cloudtrail/lib/cloudtrail.ts b/packages/aws-cdk-lib/aws-cloudtrail/lib/cloudtrail.ts index b04438467f84c..46e0708650383 100644 --- a/packages/aws-cdk-lib/aws-cloudtrail/lib/cloudtrail.ts +++ b/packages/aws-cdk-lib/aws-cloudtrail/lib/cloudtrail.ts @@ -120,7 +120,7 @@ export interface TrailProps { /** The Amazon S3 bucket * - * @default - if not supplied a bucket will be created with all the correct permisions + * @default - if not supplied a bucket will be created with all the correct permissions */ readonly bucket?: s3.IBucket; diff --git a/packages/aws-cdk-lib/aws-cloudwatch/README.md b/packages/aws-cdk-lib/aws-cloudwatch/README.md index 5902054ccd3bc..d514327adf8a2 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/README.md +++ b/packages/aws-cdk-lib/aws-cloudwatch/README.md @@ -959,7 +959,7 @@ You can add a widget after object instantiation with the method ### Interval duration for dashboard Interval duration for metrics in dashboard. You can specify `defaultInterval` with -the relative time(eg. 7 days) as `Duration.days(7)`. +the relative time (e.g. 7 days) as `Duration.days(7)`. ```ts import * as cw from 'aws-cdk-lib/aws-cloudwatch'; diff --git a/packages/aws-cdk-lib/aws-cloudwatch/lib/dashboard.ts b/packages/aws-cdk-lib/aws-cloudwatch/lib/dashboard.ts index 549ba3d363614..023de193c0302 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/lib/dashboard.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch/lib/dashboard.ts @@ -39,7 +39,7 @@ export interface DashboardProps { /** * Interval duration for metrics. - * You can specify defaultInterval with the relative time(eg. cdk.Duration.days(7)). + * You can specify defaultInterval with the relative time (e.g. cdk.Duration.days(7)). * * Both properties `defaultInterval` and `start` cannot be set at once. * diff --git a/packages/aws-cdk-lib/aws-codebuild/lib/file-location.ts b/packages/aws-cdk-lib/aws-codebuild/lib/file-location.ts index 7540e5212a484..abf2cc1890061 100644 --- a/packages/aws-cdk-lib/aws-codebuild/lib/file-location.ts +++ b/packages/aws-cdk-lib/aws-codebuild/lib/file-location.ts @@ -8,7 +8,7 @@ import type { IProject } from './project'; export interface FileSystemConfig { /** * File system location wrapper property. - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-projectfilesystemlocation.html + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-projectfilesystemlocation.html */ readonly location: CfnProject.ProjectFileSystemLocationProperty; } diff --git a/packages/aws-cdk-lib/aws-codebuild/lib/source.ts b/packages/aws-cdk-lib/aws-codebuild/lib/source.ts index d4ac5578de5bf..095eb7fad299d 100644 --- a/packages/aws-cdk-lib/aws-codebuild/lib/source.ts +++ b/packages/aws-cdk-lib/aws-codebuild/lib/source.ts @@ -23,7 +23,7 @@ export interface SourceConfig { /** * `AWS::CodeBuild::Project.SourceVersion` - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codebuild-project.html#cfn-codebuild-project-sourceversion + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codebuild-project.html#cfn-codebuild-project-sourceversion * @default the latest version */ readonly sourceVersion?: string; diff --git a/packages/aws-cdk-lib/aws-codecommit/lib/repository.ts b/packages/aws-cdk-lib/aws-codecommit/lib/repository.ts index 037e45adf29ad..e26714055b120 100644 --- a/packages/aws-cdk-lib/aws-codecommit/lib/repository.ts +++ b/packages/aws-cdk-lib/aws-codecommit/lib/repository.ts @@ -137,7 +137,7 @@ export interface IRepository extends IResource, notifications.INotificationRuleS * events specified by you are emitted. Similar to `onEvent` API. * * You can also use the methods to define rules for the specific event emitted. - * eg: `notifyOnPullRequstCreated`. + * e.g. `notifyOnPullRequestCreated`. * * @returns CodeStar Notifications rule associated with this repository. */ diff --git a/packages/aws-cdk-lib/aws-cognito-identitypool/README.md b/packages/aws-cdk-lib/aws-cognito-identitypool/README.md index d9ba9a7fbd3ba..080e14b3d6992 100644 --- a/packages/aws-cdk-lib/aws-cognito-identitypool/README.md +++ b/packages/aws-cdk-lib/aws-cognito-identitypool/README.md @@ -3,7 +3,7 @@ [Amazon Cognito Identity Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) enable you to grant your users access to other AWS services. Identity Pools are one of the two main components of [Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html), which provides authentication, authorization, and -user management for your web and mobile apps. Your users can sign in through a a trusted identity provider, like a user +user management for your web and mobile apps. Your users can sign in through a trusted identity provider, like a user pool or a SAML 2.0 service, as well as with third party providers such as Facebook, Amazon, Google or Apple. The other main component in Amazon Cognito is [user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html). User Pools are user directories that provide sign-up and @@ -187,7 +187,7 @@ Pools, OpenIdConnect, or SAML. Only one provider per external service can be att [OpenID Connect](https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html) is an open standard for authentication that is supported by a number of login providers. Amazon Cognito supports linking of identities with -OpenID Connect providers that are configured through [AWS Identity and Access Management](http://aws.amazon.com/iam/). +OpenID Connect providers that are configured through [AWS Identity and Access Management](https://aws.amazon.com/iam/). An identity provider that supports [Security Assertion Markup Language 2.0 (SAML 2.0)](https://docs.aws.amazon.com/cognito/latest/developerguide/saml-identity-provider.html) can be used to provide a simple onboarding flow for users. The SAML-supporting identity provider specifies the IAM roles that can be assumed by users diff --git a/packages/aws-cdk-lib/aws-cognito/README.md b/packages/aws-cdk-lib/aws-cognito/README.md index 8e59b0639cc2d..cf6c4a9af4578 100644 --- a/packages/aws-cdk-lib/aws-cognito/README.md +++ b/packages/aws-cdk-lib/aws-cognito/README.md @@ -823,7 +823,7 @@ about the [OAuth 2.0 authorization framework](https://tools.ietf.org/html/rfc674 implementation of OAuth2.0](https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/). -The following code configures an app client with the authorization code grant flow and registers the the app's welcome +The following code configures an app client with the authorization code grant flow and registers the app's welcome page as a callback (or redirect) URL. It also configures the access token scope to 'openid'. All of these concepts can be found in the [OAuth 2.0 RFC](https://tools.ietf.org/html/rfc6749). diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/private/principal-utils.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/private/principal-utils.ts new file mode 100644 index 0000000000000..0e4120e6d1f6f --- /dev/null +++ b/packages/aws-cdk-lib/aws-dynamodb/lib/private/principal-utils.ts @@ -0,0 +1,54 @@ +import { ServicePrincipal } from '../../../aws-iam'; +import type { IPrincipal } from '../../../aws-iam'; + +/** + * Service principals known to be valid grantees for DynamoDB resource policies. + * + * @see https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/RedshiftforDynamoDB-zero-etl.html + * @see https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables_MA_security.html + * @see https://docs.aws.amazon.com/glue/latest/dg/zero-etl-sources.html#zero-etl-config-source-dynamodb + */ +const KNOWN_DYNAMODB_SERVICE_PRINCIPALS = new Set([ + 'redshift.amazonaws.com', + 'replication.dynamodb.amazonaws.com', + 'glue.amazonaws.com', +]); + +/** + * Returns true if the principal resolves to a Service principal in the policy document. + * Checks the policyFragment output to handle wrapped principals + * (e.g. PrincipalWithConditions, SessionTagsPrincipal). + */ +export function isServicePrincipal(principal: IPrincipal): boolean { + const principalJson = principal.policyFragment.principalJson; + return 'Service' in principalJson; +} + +/** + * Returns true if the principal is a service principal whose service name + * is NOT in the known-valid allowlist for DynamoDB resource policies. + */ +export function isUnsupportedServicePrincipal(principal: IPrincipal): boolean { + if (!isServicePrincipal(principal)) { + return false; + } + const serviceName = extractServiceName(principal); + return serviceName === undefined || !KNOWN_DYNAMODB_SERVICE_PRINCIPALS.has(serviceName); +} + +/** + * Extracts the service name from a principal that may be a ServicePrincipal + * or a wrapper around one (e.g. PrincipalWithConditions). + */ +function extractServiceName(principal: IPrincipal): string | undefined { + if (principal instanceof ServicePrincipal) { + return principal.service; + } + // Walk through wrapper principals (PrincipalWithConditions, SessionTagsPrincipal, etc.) + // that extend PrincipalAdapter and store the inner principal in `wrapped`. + const inner = (principal as any).wrapped; + if (inner != null) { + return extractServiceName(inner); + } + return undefined; +} diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/table-grants.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/table-grants.ts index 2b45fc69d684d..d6d475a683ab4 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/lib/table-grants.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/lib/table-grants.ts @@ -2,6 +2,7 @@ import type { ITableRef } from './dynamodb.generated'; import * as perms from './perms'; import * as iam from '../../aws-iam'; import { ArnFormat, Lazy, Stack, ValidationError } from '../../core'; +import { isUnsupportedServicePrincipal } from './private/principal-utils'; /** * Construction properties for TableGrants @@ -108,6 +109,16 @@ export class TableGrants { * @param actions The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...) */ public actions(grantee: iam.IGrantable, ...actions: string[]): iam.Grant { + if (isUnsupportedServicePrincipal(grantee.grantPrincipal)) { + throw new ValidationError( + '@aws-cdk/aws-dynamodb:servicePrincipalGrantNotSupported', + 'DynamoDB grant* methods do not support ServicePrincipal grantees. ' + + 'Use table.addToResourcePolicy() for an explicit service-specific table policy ' + + 'with required service principal, actions, and conditions', + this.table, + ); + } + return this.policyResource ? iam.Grant.addToPrincipalOrResource({ grantee, actions, diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2-base.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2-base.ts index 8fbd7b3433186..3eb9cd95286ea 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2-base.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2-base.ts @@ -9,6 +9,7 @@ import type { AddToResourcePolicyResult, GrantOnKeyResult, IGrantable, IResource import { Grant } from '../../aws-iam'; import type { IKey } from '../../aws-kms'; import { Resource, ValidationError } from '../../core'; +import { isUnsupportedServicePrincipal } from './private/principal-utils'; import type { TableReference } from '../../interfaces/generated/aws-dynamodb-interfaces.generated'; /** @@ -101,6 +102,15 @@ export abstract class TableBaseV2 extends Resource implements ITableV2, IResourc * @param actions the set of actions to allow (i.e., 'dynamodb:PutItem', 'dynamodb:GetItem', etc.) */ public grant(grantee: IGrantable, ...actions: string[]): Grant { + if (isUnsupportedServicePrincipal(grantee.grantPrincipal)) { + throw new ValidationError( + '@aws-cdk/aws-dynamodb:servicePrincipalGrantNotSupported', + 'DynamoDB grant* methods do not support ServicePrincipal grantees. ' + + 'Use table.addToResourcePolicy() for an explicit service-specific table policy ' + + 'with required service principal, actions, and conditions', + this, + ); + } const resourceArns = [this.tableArn]; this.hasIndex && resourceArns.push(`${this.tableArn}/index/*`); return Grant.addToPrincipalOrResource({ @@ -490,6 +500,16 @@ export abstract class TableBaseV2 extends Resource implements ITableV2, IResourc tablePrinicipalExclusiveActions?: string[]; streamActions?: string[]; }) { + if (isUnsupportedServicePrincipal(grantee.grantPrincipal)) { + throw new ValidationError( + '@aws-cdk/aws-dynamodb:servicePrincipalGrantNotSupported', + 'DynamoDB grant* methods do not support ServicePrincipal grantees. ' + + 'Use table.addToResourcePolicy() for an explicit service-specific table policy ' + + 'with required service principal, actions, and conditions', + this, + ); + } + if (options.keyActions && this.encryptionKey) { this.encryptionKey.grant(grantee, ...options.keyActions); } diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts index dd7b561564f48..d6b0f96dfd136 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts @@ -116,7 +116,7 @@ export interface CsvOptions { * List of the headers used to specify a common header for all source CSV files being imported. * * **NOTE**: If this field is specified then the first line of each CSV file is treated as data instead of the header. - * If this field is not specified the the first line of each CSV file is treated as the header. + * If this field is not specified the first line of each CSV file is treated as the header. * * @default - the first line of the CSV file is treated as the header */ @@ -324,7 +324,7 @@ export interface TableOptions extends SchemaOptions { /** * Specify values to pre-warm you DynamoDB Table * Warm Throughput feature is not available for Global Table replicas using the `Table` construct. To enable Warm Throughput, use the `TableV2` construct instead. - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#cfn-dynamodb-table-warmthroughput + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#cfn-dynamodb-table-warmthroughput * @default - warm throughput is not configured */ readonly warmThroughput?: WarmThroughput; diff --git a/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts b/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts index 90adcc07a0033..a26120bf789b3 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/test/dynamodb.test.ts @@ -2464,6 +2464,70 @@ describe('grants', () => { testGrant(['*'], (p, t) => t.grantFullAccess(p)); }); + test('grant* with ServicePrincipal throws error', () => { + // GIVEN + const stack = new Stack(); + const table = new Table(stack, 'Table', { + partitionKey: { name: 'id', type: AttributeType.STRING }, + }); + + // THEN + expect(() => table.grantReadWriteData(new iam.ServicePrincipal('bedrock.amazonaws.com'))) + .toThrow(/DynamoDB grant\* methods do not support ServicePrincipal grantees/); + }); + + test('grant* with wrapped ServicePrincipal (withConditions) throws error', () => { + // GIVEN + const stack = new Stack(); + const table = new Table(stack, 'Table', { + partitionKey: { name: 'id', type: AttributeType.STRING }, + }); + + // WHEN + const principal = new iam.ServicePrincipal('bedrock.amazonaws.com').withConditions({ + StringEquals: { 'aws:SourceAccount': '123456789012' }, + }); + + // THEN + expect(() => table.grantReadData(principal)) + .toThrow(/DynamoDB grant\* methods do not support ServicePrincipal grantees/); + }); + + test.each([ + 'redshift.amazonaws.com', + 'replication.dynamodb.amazonaws.com', + 'glue.amazonaws.com', + ])('grant* with allowlisted ServicePrincipal %s succeeds', (serviceName) => { + // GIVEN + const stack = new Stack(); + const table = new Table(stack, 'Table', { + partitionKey: { name: 'id', type: AttributeType.STRING }, + }); + + // WHEN + const grant = table.grantReadWriteData(new iam.ServicePrincipal(serviceName)); + + // THEN + expect(grant.success).toBe(true); + }); + + test('grant* with wrapped allowlisted ServicePrincipal succeeds', () => { + // GIVEN + const stack = new Stack(); + const table = new Table(stack, 'Table', { + partitionKey: { name: 'id', type: AttributeType.STRING }, + }); + + // WHEN + const principal = new iam.ServicePrincipal('redshift.amazonaws.com').withConditions({ + StringEquals: { 'aws:SourceAccount': '123456789012' }, + }); + const grant = table.grantReadWriteData(principal); + + // THEN + expect(grant.success).toBe(true); + }); + testDeprecated('"Table.grantListStreams" allows principal to list all streams', () => { // GIVEN const stack = new Stack(); @@ -5296,7 +5360,7 @@ test('Throws when more than four multi-attribute sort keys are specified', () => }); describe('L1 table grants', () => { - test('grant read permission to service principal (L1)', () => { + test('grant read permission to service principal (L1) throws error', () => { const stack = new Stack(); const table = new CfnTable(stack, 'Table', { keySchema: [{ attributeName: 'id', keyType: 'HASH' }], @@ -5304,20 +5368,8 @@ describe('L1 table grants', () => { }); const principal = new iam.ServicePrincipal('lambda.amazonaws.com'); - TableGrants.fromTable(table).readData(principal); - - Template.fromStack(stack).hasResourceProperties('AWS::DynamoDB::Table', { - ResourcePolicy: { - PolicyDocument: { - Statement: Match.arrayWith([{ - Action: ['dynamodb:BatchGetItem', 'dynamodb:Query', 'dynamodb:GetItem', 'dynamodb:Scan', 'dynamodb:ConditionCheckItem', 'dynamodb:DescribeTable'], - Effect: 'Allow', - Principal: { Service: 'lambda.amazonaws.com' }, - Resource: '*', - }]), - }, - }, - }); + expect(() => TableGrants.fromTable(table).readData(principal)) + .toThrow(/DynamoDB grant\* methods do not support ServicePrincipal grantees/); }); }); diff --git a/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts b/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts index 874ced80199aa..502b74fca8637 100644 --- a/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts +++ b/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts @@ -1310,6 +1310,82 @@ describe('grants', () => { ]), }); }); + + test('grant* with ServicePrincipal throws error', () => { + // GIVEN + const stack = new Stack(); + const table = new TableV2(stack, 'Table', { + partitionKey: { name: 'id', type: AttributeType.STRING }, + }); + + // THEN + expect(() => table.grantReadWriteData(new iam.ServicePrincipal('bedrock.amazonaws.com'))) + .toThrow(/DynamoDB grant\* methods do not support ServicePrincipal grantees/); + }); + + test('grant with ServicePrincipal throws error', () => { + // GIVEN + const stack = new Stack(); + const table = new TableV2(stack, 'Table', { + partitionKey: { name: 'id', type: AttributeType.STRING }, + }); + + // THEN + expect(() => table.grant(new iam.ServicePrincipal('bedrock.amazonaws.com'), 'dynamodb:GetItem')) + .toThrow(/DynamoDB grant\* methods do not support ServicePrincipal grantees/); + }); + + test('grant* with wrapped ServicePrincipal (withConditions) throws error', () => { + // GIVEN + const stack = new Stack(); + const table = new TableV2(stack, 'Table', { + partitionKey: { name: 'id', type: AttributeType.STRING }, + }); + + // WHEN + const principal = new iam.ServicePrincipal('bedrock.amazonaws.com').withConditions({ + StringEquals: { 'aws:SourceAccount': '123456789012' }, + }); + + // THEN + expect(() => table.grantReadData(principal)) + .toThrow(/DynamoDB grant\* methods do not support ServicePrincipal grantees/); + }); + + test.each([ + 'redshift.amazonaws.com', + 'replication.dynamodb.amazonaws.com', + 'glue.amazonaws.com', + ])('grant* with allowlisted ServicePrincipal %s succeeds', (serviceName) => { + // GIVEN + const stack = new Stack(); + const table = new TableV2(stack, 'Table', { + partitionKey: { name: 'id', type: AttributeType.STRING }, + }); + + // WHEN + const grant = table.grantReadWriteData(new iam.ServicePrincipal(serviceName)); + + // THEN + expect(grant.success).toBe(true); + }); + + test('grant* with wrapped allowlisted ServicePrincipal succeeds', () => { + // GIVEN + const stack = new Stack(); + const table = new TableV2(stack, 'Table', { + partitionKey: { name: 'id', type: AttributeType.STRING }, + }); + + // WHEN + const principal = new iam.ServicePrincipal('redshift.amazonaws.com').withConditions({ + StringEquals: { 'aws:SourceAccount': '123456789012' }, + }); + const grant = table.grantReadWriteData(principal); + + // THEN + expect(grant.success).toBe(true); + }); }); describe('replica tables', () => { diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md index 277eba28dbe1d..082431c32d149 100644 --- a/packages/aws-cdk-lib/aws-ec2/README.md +++ b/packages/aws-cdk-lib/aws-ec2/README.md @@ -415,7 +415,7 @@ const vpc = new ec2.Vpc(this, 'TheVPC', { // group of the same type. name: 'Ingress', - // 'cidrMask' specifies the IP addresses in the range of of individual + // 'cidrMask' specifies the IP addresses in the range of individual // subnets in the group. Each of the subnets in this group will contain // `2^(32 address bits - 24 subnet bits) - 2 reserved addresses = 254` // usable IP addresses. @@ -619,7 +619,7 @@ instance around: ### Importing an existing VPC If your VPC is created outside your CDK app, you can use `Vpc.fromLookup()`. -The CDK CLI will search for the specified VPC in the the stack's region and +The CDK CLI will search for the specified VPC in the stack's region and account, and import the subnet configuration. Looking up can be done by VPC ID, but more flexibly by searching for a specific tag on the VPC. @@ -2638,7 +2638,7 @@ Please note this feature does not support Launch Configurations. ## Detailed Monitoring -The following demonstrates how to enable [Detailed Monitoring](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html) for an EC2 instance. Keep in mind that Detailed Monitoring results in [additional charges](http://aws.amazon.com/cloudwatch/pricing/). +The following demonstrates how to enable [Detailed Monitoring](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html) for an EC2 instance. Keep in mind that Detailed Monitoring results in [additional charges](https://aws.amazon.com/cloudwatch/pricing/). ```ts declare const vpc: ec2.Vpc; diff --git a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts index 3a044ecd7e06b..55a64e1ca51b7 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts @@ -431,7 +431,7 @@ export interface InstanceProps { * Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance * by running the shutdown command from the instance. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-instance.html#cfn-ec2-instance-disableapitermination + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-instance.html#cfn-ec2-instance-disableapitermination * * @default false */ diff --git a/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts b/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts index 1d35f3c7118fb..d23cb1fc1aff7 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/launch-template.ts @@ -234,7 +234,7 @@ export interface LaunchTemplateProps { * * The version description must be maximum 255 characters long. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-versiondescription + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-versiondescription * * @default - No description */ diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts index ba2b9986a1e61..191d38d1801d2 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts @@ -2491,7 +2491,7 @@ export class PublicSubnet extends Subnet implements IPublicSubnet { /** * Creates a new managed NAT gateway attached to this public subnet. * Also adds the EIP for the managed NAT. - * @returns A ref to the the NAT Gateway ID + * @returns A ref to the NAT Gateway ID */ @MethodMetadata() public addNatGateway(eipAllocationId?: string) { @@ -2770,7 +2770,6 @@ class ImportedSubnet extends Resource implements ISubnet, IPublicSubnet, IPrivat public get ipv4CidrBlock(): string { if (!this._ipv4CidrBlock) { - // tslint:disable-next-line: max-line-length throw new ValidationError('CannotReferenceImportedSubnetS', 'You cannot reference an imported Subnet\'s IPv4 CIDR if it was not supplied. Add the ipv4CidrBlock when importing using Subnet.fromSubnetAttributes()', this); } return this._ipv4CidrBlock; diff --git a/packages/aws-cdk-lib/aws-ecr-assets/lib/tarball-asset.ts b/packages/aws-cdk-lib/aws-ecr-assets/lib/tarball-asset.ts index 1e0560a267f79..ae25673f5253b 100644 --- a/packages/aws-cdk-lib/aws-ecr-assets/lib/tarball-asset.ts +++ b/packages/aws-cdk-lib/aws-ecr-assets/lib/tarball-asset.ts @@ -20,7 +20,7 @@ export interface TarballImageAssetProps { /** * Absolute path to the tarball. * - * It is recommended to to use the script running directory (e.g. `__dirname` + * It is recommended to use the script running directory (e.g. `__dirname` * in Node.js projects or dirname of `__file__` in Python) if your tarball * is located as a resource inside your project. */ diff --git a/packages/aws-cdk-lib/aws-ecr/README.md b/packages/aws-cdk-lib/aws-ecr/README.md index b7bde96f75881..ac47aa7b7ae73 100644 --- a/packages/aws-cdk-lib/aws-ecr/README.md +++ b/packages/aws-cdk-lib/aws-ecr/README.md @@ -39,7 +39,7 @@ repository.onImageScanCompleted('ImageScanComplete') Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. -More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). +More information can be found at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). A Docker authorization token can be obtained using the `GetAuthorizationToken` ECR API. The following code snippets grants an IAM user access to call this API. diff --git a/packages/aws-cdk-lib/aws-ecs/lib/base/service-managed-volume.ts b/packages/aws-cdk-lib/aws-ecs/lib/base/service-managed-volume.ts index 596900e25dce3..7a522157f3413 100644 --- a/packages/aws-cdk-lib/aws-ecs/lib/base/service-managed-volume.ts +++ b/packages/aws-cdk-lib/aws-ecs/lib/base/service-managed-volume.ts @@ -207,7 +207,7 @@ export interface ContainerMountPoint extends BaseMountPoint { */ export class ServiceManagedVolume extends Construct { /** - * Name of the volume, referenced by taskdefintion and mount point. + * Name of the volume, referenced by task definition and mount point. */ public readonly name: string; diff --git a/packages/aws-cdk-lib/aws-ecs/lib/cluster.ts b/packages/aws-cdk-lib/aws-ecs/lib/cluster.ts index 67af06989e710..dedda33830641 100644 --- a/packages/aws-cdk-lib/aws-ecs/lib/cluster.ts +++ b/packages/aws-cdk-lib/aws-ecs/lib/cluster.ts @@ -799,7 +799,6 @@ export class Cluster extends Resource implements ICluster { // set the cluster name environment variable autoScalingGroup.addUserData(`[Environment]::SetEnvironmentVariable("ECS_CLUSTER", "${this.clusterName}", "Machine")`); autoScalingGroup.addUserData('[Environment]::SetEnvironmentVariable("ECS_ENABLE_AWSLOGS_EXECUTIONROLE_OVERRIDE", "true", "Machine")'); - // tslint:disable-next-line: max-line-length autoScalingGroup.addUserData('[Environment]::SetEnvironmentVariable("ECS_AVAILABLE_LOGGING_DRIVERS", \'["json-file","awslogs"]\', "Machine")'); // enable instance draining diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index c3582e9798c77..c8f9390f0745d 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -17,7 +17,7 @@ import type { FileSystemReference, IFileSystemRef } from '../../interfaces/gener * EFS Lifecycle Policy, if a file is not accessed for given days, it will move to EFS Infrequent Access * or Archive storage. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-elasticfilesystem-filesystem-lifecyclepolicies + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-elasticfilesystem-filesystem-lifecyclepolicies */ export enum LifecyclePolicy { diff --git a/packages/aws-cdk-lib/aws-eks-v2/README.md b/packages/aws-cdk-lib/aws-eks-v2/README.md index 9384bbef5b787..33a3c0d450826 100644 --- a/packages/aws-cdk-lib/aws-eks-v2/README.md +++ b/packages/aws-cdk-lib/aws-eks-v2/README.md @@ -478,7 +478,7 @@ aws-load-balancer-controller-76bd6c7586-fqxph 1/1 Running 0 109 ... ``` -Every Kubernetes manifest that utilizes the ALB Controller is effectively dependant on the controller. +Every Kubernetes manifest that utilizes the ALB Controller is effectively dependent on the controller. If the controller is deleted before the manifest, it might result in dangling ELB/ALB resources. Currently, the EKS construct library does not detect such dependencies, and they should be done explicitly. @@ -557,7 +557,7 @@ If you want to use an existing kubectl provider function, for example with tight ```ts const handlerRole = iam.Role.fromRoleArn(this, 'HandlerRole', 'arn:aws:iam::123456789012:role/lambda-role'); -// get the serivceToken from the custom resource provider +// get the serviceToken from the custom resource provider const functionArn = lambda.Function.fromFunctionName(this, 'ProviderOnEventFunc', 'ProviderframeworkonEvent-XXX').functionArn; const kubectlProvider = eks.KubectlProvider.fromKubectlProviderAttributes(this, 'KubectlProvider', { serviceToken: functionArn, diff --git a/packages/aws-cdk-lib/aws-eks-v2/lib/cluster.ts b/packages/aws-cdk-lib/aws-eks-v2/lib/cluster.ts index 7cc5da3429897..d0d2abc893f0a 100644 --- a/packages/aws-cdk-lib/aws-eks-v2/lib/cluster.ts +++ b/packages/aws-cdk-lib/aws-eks-v2/lib/cluster.ts @@ -498,7 +498,7 @@ export class EndpointAccess { * The cluster endpoint is accessible from outside of your VPC. * Worker node traffic will leave your VPC to connect to the endpoint. * - * By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the `PUBLIC.onlyFrom` method. + * By default, the endpoint is exposed to all addresses. You can optionally limit the CIDR blocks that can access the public endpoint using the `PUBLIC.onlyFrom` method. * If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you * specify include the addresses that worker nodes and Fargate pods (if you use them) * access the public endpoint from. @@ -517,7 +517,7 @@ export class EndpointAccess { * The cluster endpoint is accessible from outside of your VPC. * Worker node traffic to the endpoint will stay within your VPC. * - * By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the `PUBLIC_AND_PRIVATE.onlyFrom` method. + * By default, the endpoint is exposed to all addresses. You can optionally limit the CIDR blocks that can access the public endpoint using the `PUBLIC_AND_PRIVATE.onlyFrom` method. * If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you * specify include the addresses that worker nodes and Fargate pods (if you use them) * access the public endpoint from. diff --git a/packages/aws-cdk-lib/aws-eks/README.md b/packages/aws-cdk-lib/aws-eks/README.md index 16165a1faa706..2d351cff98755 100644 --- a/packages/aws-cdk-lib/aws-eks/README.md +++ b/packages/aws-cdk-lib/aws-eks/README.md @@ -760,7 +760,7 @@ aws-load-balancer-controller-76bd6c7586-fqxph 1/1 Running 0 109 ... ``` -Every Kubernetes manifest that utilizes the ALB Controller is effectively dependant on the controller. +Every Kubernetes manifest that utilizes the ALB Controller is effectively dependent on the controller. If the controller is deleted before the manifest, it might result in dangling ELB/ALB resources. Currently, the EKS construct library does not detect such dependencies, and they should be done explicitly. diff --git a/packages/aws-cdk-lib/aws-eks/lib/cluster.ts b/packages/aws-cdk-lib/aws-eks/lib/cluster.ts index b40878d123678..6aca64445a0fa 100644 --- a/packages/aws-cdk-lib/aws-eks/lib/cluster.ts +++ b/packages/aws-cdk-lib/aws-eks/lib/cluster.ts @@ -779,7 +779,7 @@ export class EndpointAccess { * The cluster endpoint is accessible from outside of your VPC. * Worker node traffic will leave your VPC to connect to the endpoint. * - * By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the `PUBLIC.onlyFrom` method. + * By default, the endpoint is exposed to all addresses. You can optionally limit the CIDR blocks that can access the public endpoint using the `PUBLIC.onlyFrom` method. * If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you * specify include the addresses that worker nodes and Fargate pods (if you use them) * access the public endpoint from. @@ -798,7 +798,7 @@ export class EndpointAccess { * The cluster endpoint is accessible from outside of your VPC. * Worker node traffic to the endpoint will stay within your VPC. * - * By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the `PUBLIC_AND_PRIVATE.onlyFrom` method. + * By default, the endpoint is exposed to all addresses. You can optionally limit the CIDR blocks that can access the public endpoint using the `PUBLIC_AND_PRIVATE.onlyFrom` method. * If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you * specify include the addresses that worker nodes and Fargate pods (if you use them) * access the public endpoint from. @@ -2672,7 +2672,7 @@ export interface RemoteNodeNetwork { /** * Specifies the list of remote node CIDRs. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotenodenetwork.html#cfn-eks-cluster-remotenodenetwork-cidrs + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotenodenetwork.html#cfn-eks-cluster-remotenodenetwork-cidrs */ readonly cidrs: string[]; } @@ -2684,7 +2684,7 @@ export interface RemotePodNetwork { /** * Specifies the list of remote pod CIDRs. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotepodnetwork.html#cfn-eks-cluster-remotepodnetwork-cidrs + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotepodnetwork.html#cfn-eks-cluster-remotepodnetwork-cidrs */ readonly cidrs: string[]; } diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancing/lib/load-balancer.ts b/packages/aws-cdk-lib/aws-elasticloadbalancing/lib/load-balancer.ts index 1234052f83af7..3dd95d037a274 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancing/lib/load-balancer.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancing/lib/load-balancer.ts @@ -244,7 +244,7 @@ export enum LoadBalancingProtocol { /** * A load balancer with a single listener * - * Routes to a fleet of of instances in a VPC. + * Routes to a fleet of instances in a VPC. */ @propertyInjectable export class LoadBalancer extends Resource implements ILoadBalancer, IConnectable { diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/conditions.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/conditions.ts index ec9b13c2e56b5..6c60501c7c3e3 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/conditions.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/conditions.ts @@ -120,7 +120,7 @@ class HttpHeaderListenerCondition extends ListenerCondition { } /** - * HTTP reqeust method config of the listener rule condition + * HTTP request method config of the listener rule condition */ class HttpRequestMethodListenerCondition extends ListenerCondition { constructor(public readonly values: string[]) { diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts b/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts index cf1b1502285a8..8df58417b5c42 100644 --- a/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts +++ b/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts @@ -54,7 +54,7 @@ export abstract class LogGroupTargetInput { } /** - * Pass a JSON object to the the log group event target + * Pass a JSON object to the log group event target * * May contain strings returned by `EventField.from()` to substitute in parts of the * matched event. diff --git a/packages/aws-cdk-lib/aws-events/README.md b/packages/aws-cdk-lib/aws-events/README.md index d37c0a0f41ad1..70b7e5481c0fe 100644 --- a/packages/aws-cdk-lib/aws-events/README.md +++ b/packages/aws-cdk-lib/aws-events/README.md @@ -366,7 +366,7 @@ For more information, see [KMS key options for event bus encryption](https://doc ## Configuring logging -To configure logging for an Event Bus, leverage the LogConfig property. It allows different level of logging (NONE, INFO, TRACE, ERROR) and wether to include details or not. +To configure logging for an Event Bus, leverage the LogConfig property. It allows different level of logging (NONE, INFO, TRACE, ERROR) and whether to include details or not. ```ts import { EventBus, IncludeDetail, Level } from 'aws-cdk-lib/aws-events'; diff --git a/packages/aws-cdk-lib/aws-events/lib/connection.ts b/packages/aws-cdk-lib/aws-events/lib/connection.ts index 155e825f9aa5a..f7d2519e5f82d 100644 --- a/packages/aws-cdk-lib/aws-events/lib/connection.ts +++ b/packages/aws-cdk-lib/aws-events/lib/connection.ts @@ -225,7 +225,7 @@ export abstract class HttpParameter { } /** - * Render the paramter value + * Render the parameter value * * @internal */ diff --git a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts index 544e25b71f55c..d8a1c153fb871 100644 --- a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts +++ b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts @@ -160,7 +160,7 @@ export interface EventBusProps { * * The description can be up to 512 characters long. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbus.html#cfn-events-eventbus-description + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbus.html#cfn-events-eventbus-description * * @default - no description */ diff --git a/packages/aws-cdk-lib/aws-events/lib/event-pattern.ts b/packages/aws-cdk-lib/aws-events/lib/event-pattern.ts index e10dcb62f0fb2..a8fcaa55c8c4c 100644 --- a/packages/aws-cdk-lib/aws-events/lib/event-pattern.ts +++ b/packages/aws-cdk-lib/aws-events/lib/event-pattern.ts @@ -356,7 +356,7 @@ export interface EventPattern { * AWS Service Namespaces. For example, the source value for Amazon * CloudFront is aws.cloudfront. * - * @see http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces + * @see https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces * @default - No filtering on source */ readonly source?: string[]; diff --git a/packages/aws-cdk-lib/aws-fsx/lib/lustre-file-system.ts b/packages/aws-cdk-lib/aws-fsx/lib/lustre-file-system.ts index 5252f7e377b9d..65ebe3f8fcb74 100644 --- a/packages/aws-cdk-lib/aws-fsx/lib/lustre-file-system.ts +++ b/packages/aws-cdk-lib/aws-fsx/lib/lustre-file-system.ts @@ -151,7 +151,7 @@ export interface LustreConfiguration { * * > This parameter is not supported for Lustre file systems using the `Persistent_2` deployment type. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-lustreconfiguration.html#cfn-fsx-filesystem-lustreconfiguration-autoimportpolicy + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-lustreconfiguration.html#cfn-fsx-filesystem-lustreconfiguration-autoimportpolicy * @default - no import policy */ readonly autoImportPolicy?: LustreAutoImportPolicy; @@ -160,7 +160,7 @@ export interface LustreConfiguration { * Sets the data compression configuration for the file system. * For more information, see [Lustre data compression](https://docs.aws.amazon.com/fsx/latest/LustreGuide/data-compression.html) in the *Amazon FSx for Lustre User Guide* . * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-lustreconfiguration.html#cfn-fsx-filesystem-lustreconfiguration-datacompressiontype + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-lustreconfiguration.html#cfn-fsx-filesystem-lustreconfiguration-datacompressiontype * @default - no compression */ diff --git a/packages/aws-cdk-lib/aws-iam/lib/group.ts b/packages/aws-cdk-lib/aws-iam/lib/group.ts index 0d8e56e6230ec..2aa9a12866ef1 100644 --- a/packages/aws-cdk-lib/aws-iam/lib/group.ts +++ b/packages/aws-cdk-lib/aws-iam/lib/group.ts @@ -65,7 +65,7 @@ export interface GroupProps { /** * The path to the group. For more information about paths, see [IAM - * Identifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html) + * Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html) * in the IAM User Guide. * * @default / diff --git a/packages/aws-cdk-lib/aws-iam/lib/policy.ts b/packages/aws-cdk-lib/aws-iam/lib/policy.ts index 5bb912a0a9428..10af278aa87e8 100644 --- a/packages/aws-cdk-lib/aws-iam/lib/policy.ts +++ b/packages/aws-cdk-lib/aws-iam/lib/policy.ts @@ -104,7 +104,7 @@ export interface PolicyProps { /** * The AWS::IAM::Policy resource associates an [inline](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#inline) * IAM policy with IAM users, roles, or groups. For more information about IAM policies, see - * [Overview of IAM Policies](http://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html) + * [Overview of IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html) * in the IAM User Guide guide. */ @propertyInjectable diff --git a/packages/aws-cdk-lib/aws-kinesisfirehose/lib/processor.ts b/packages/aws-cdk-lib/aws-kinesisfirehose/lib/processor.ts index dd4e4df59724a..c961a40c6d4b1 100644 --- a/packages/aws-cdk-lib/aws-kinesisfirehose/lib/processor.ts +++ b/packages/aws-cdk-lib/aws-kinesisfirehose/lib/processor.ts @@ -32,7 +32,7 @@ export interface DataProcessorProps { /** * The key-value pair that identifies the underlying processor resource. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-processorparameter.html + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-processorparameter.html */ export interface DataProcessorIdentifier { /** diff --git a/packages/aws-cdk-lib/aws-kinesisfirehose/lib/record-format/schema.ts b/packages/aws-cdk-lib/aws-kinesisfirehose/lib/record-format/schema.ts index 22abf90863521..43edc55daee90 100644 --- a/packages/aws-cdk-lib/aws-kinesisfirehose/lib/record-format/schema.ts +++ b/packages/aws-cdk-lib/aws-kinesisfirehose/lib/record-format/schema.ts @@ -25,7 +25,7 @@ export interface SchemaConfigurationFromCfnTableProps { * * if set to `LATEST`, Firehose uses the most recent table version. This means that any updates to the table are automatically picked up. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-schemaconfiguration.html#cfn-kinesisfirehose-deliverystream-schemaconfiguration-versionid + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-schemaconfiguration.html#cfn-kinesisfirehose-deliverystream-schemaconfiguration-versionid * @default `LATEST` */ readonly versionId?: string; @@ -41,7 +41,7 @@ export interface SchemaConfigurationFromCfnTableProps { /** * Represents a schema configuration for Firehose S3 data record format conversion. * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-dataformatconversionconfiguration.html#cfn-kinesisfirehose-deliverystream-dataformatconversionconfiguration-schemaconfiguration + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-dataformatconversionconfiguration.html#cfn-kinesisfirehose-deliverystream-dataformatconversionconfiguration-schemaconfiguration */ export class SchemaConfiguration { /** diff --git a/packages/aws-cdk-lib/aws-kinesisfirehose/lib/s3-bucket.ts b/packages/aws-cdk-lib/aws-kinesisfirehose/lib/s3-bucket.ts index 1617f22973387..69bdbb0acaf5f 100644 --- a/packages/aws-cdk-lib/aws-kinesisfirehose/lib/s3-bucket.ts +++ b/packages/aws-cdk-lib/aws-kinesisfirehose/lib/s3-bucket.ts @@ -34,7 +34,7 @@ export interface S3BucketProps extends CommonDestinationS3Props, CommonDestinati /** * The input format, output format, and schema config for converting data from the JSON format to the Parquet or ORC format before writing to Amazon S3. - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-extendeds3destinationconfiguration.html#cfn-kinesisfirehose-deliverystream-extendeds3destinationconfiguration-dataformatconversionconfiguration + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-extendeds3destinationconfiguration.html#cfn-kinesisfirehose-deliverystream-extendeds3destinationconfiguration-dataformatconversionconfiguration * * @default - no data format conversion is done */ diff --git a/packages/aws-cdk-lib/aws-lambda-nodejs/lib/bundling.ts b/packages/aws-cdk-lib/aws-lambda-nodejs/lib/bundling.ts index 3e746af8a120f..088a348808ada 100644 --- a/packages/aws-cdk-lib/aws-lambda-nodejs/lib/bundling.ts +++ b/packages/aws-cdk-lib/aws-lambda-nodejs/lib/bundling.ts @@ -365,10 +365,20 @@ export class Bundling implements cdk.BundlingOptions { } break; case 'spawn': - exec(step.command[0], step.command.slice(1), { - ...execOptions, - cwd: step.cwd ?? cwd, - }); + // On Windows with Node 22+, spawnSync fails with EINVAL when invoking + // .cmd shims (e.g. npx.cmd) directly. Route through powershell instead. + // See https://github.com/aws/aws-cdk/issues/37387 + if (osPlatform === 'win32') { + exec('powershell.exe', ['-NoProfile', '-Command', `& ${step.command.map(powershellEscape).join(' ')}`], { + ...execOptions, + cwd: step.cwd ?? cwd, + }); + } else { + exec(step.command[0], step.command.slice(1), { + ...execOptions, + cwd: step.cwd ?? cwd, + }); + } break; case 'callback': try { @@ -576,6 +586,10 @@ function posixShellEscape(arg: string): string { return "'" + arg.replace(/'/g, "'\\''") + "'"; } +function powershellEscape(arg: string): string { + return "'" + arg.replace(/'/g, "''") + "'"; +} + /** * Chain commands */ diff --git a/packages/aws-cdk-lib/aws-lambda-nodejs/test/bundling.test.ts b/packages/aws-cdk-lib/aws-lambda-nodejs/test/bundling.test.ts index 4354ee62e525a..b508945aab131 100644 --- a/packages/aws-cdk-lib/aws-lambda-nodejs/test/bundling.test.ts +++ b/packages/aws-cdk-lib/aws-lambda-nodejs/test/bundling.test.ts @@ -1499,6 +1499,81 @@ test('Local bundling with shell metacharacters in externalModules does not cause spawnSyncMock.mockRestore(); }); +test('Local bundling on Windows uses powershell for spawn steps', () => { + const osPlatformMock = jest.spyOn(os, 'platform').mockReturnValue('win32'); + const spawnSyncMock = jest.spyOn(child_process, 'spawnSync').mockReturnValue(spawnSyncMockReturnValue); + + const bundler = new Bundling(stack, { + entry, + projectRoot, + depsLockFilePath, + runtime: STANDARD_RUNTIME, + architecture: Architecture.X86_64, + }); + + bundler.local?.tryBundle('/outdir', { image: STANDARD_RUNTIME.bundlingDockerImage }); + + // Esbuild is invoked via powershell with single-quoted args + expect(spawnSyncMock).toHaveBeenCalledWith( + 'powershell.exe', + ['-NoProfile', '-Command', expect.stringContaining('--bundle')], + expect.objectContaining({ cwd: '/project' }), + ); + + // Args are single-quoted (posixShellEscape) + const psCall = spawnSyncMock.mock.calls.find(c => c[0] === 'powershell.exe' && (c[1] as string[])[2]?.includes('--bundle')); + expect(psCall).toBeDefined(); + const cmdString = (psCall![1] as string[])[2]; + expect(cmdString).toContain("'--bundle'"); + expect(cmdString).toContain("'--platform=node'"); + + spawnSyncMock.mockRestore(); + osPlatformMock.mockRestore(); +}); + +test('Local bundling on Windows uses cmd for shell steps', () => { + const osPlatformMock = jest.spyOn(os, 'platform').mockReturnValue('win32'); + const spawnSyncMock = jest.spyOn(child_process, 'spawnSync').mockReturnValue(spawnSyncMockReturnValue); + + const bundler = new Bundling(stack, { + entry, + projectRoot, + depsLockFilePath, + runtime: STANDARD_RUNTIME, + architecture: Architecture.X86_64, + commandHooks: { + beforeBundling(_inputDir: string, _outputDir: string): string[] { + return ['echo hello']; + }, + afterBundling(): string[] { + return []; + }, + beforeInstall(): string[] { + return []; + }, + }, + }); + + bundler.local?.tryBundle('/outdir', { image: STANDARD_RUNTIME.bundlingDockerImage }); + + // Shell hooks still use cmd on Windows + expect(spawnSyncMock).toHaveBeenCalledWith( + 'cmd', + ['/c', 'echo hello'], + expect.objectContaining({ windowsVerbatimArguments: true }), + ); + + // But esbuild spawn step uses powershell + expect(spawnSyncMock).toHaveBeenCalledWith( + 'powershell.exe', + ['-NoProfile', '-Command', expect.stringContaining('--bundle')], + expect.anything(), + ); + + spawnSyncMock.mockRestore(); + osPlatformMock.mockRestore(); +}); + test('Local bundling with pnpm uses fs for workspace yaml and cleanup', () => { const spawnSyncMock = jest.spyOn(child_process, 'spawnSync').mockReturnValue(spawnSyncMockReturnValue); const writeFileSyncMock = jest.spyOn(fs, 'writeFileSync').mockReturnValue(); diff --git a/packages/aws-cdk-lib/aws-lambda/lib/schema-registry.ts b/packages/aws-cdk-lib/aws-lambda/lib/schema-registry.ts index a0597d439b9b7..dc6c56911ea67 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/schema-registry.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/schema-registry.ts @@ -2,16 +2,16 @@ import type { IEventSourceMapping } from './event-source-mapping'; import type { IFunction } from './function-base'; /** - * The format target function should recieve record in. + * The format target function should receive record in. */ export class EventRecordFormat { /** - * The target function will recieve records as json objects. + * The target function will receive records as json objects. */ public static readonly JSON = new EventRecordFormat('JSON'); /** - * The target function will recieve records in same format as the schema source. + * The target function will receive records in same format as the schema source. */ public static readonly SOURCE = new EventRecordFormat('SOURCE'); diff --git a/packages/aws-cdk-lib/aws-rds/README.md b/packages/aws-cdk-lib/aws-rds/README.md index 72ef87feb72f3..fbca8a67803a6 100644 --- a/packages/aws-cdk-lib/aws-rds/README.md +++ b/packages/aws-cdk-lib/aws-rds/README.md @@ -367,7 +367,7 @@ There are a couple of high level differences: With a provisioned writer and serverless v2 readers, some of the serverless readers will need to be configured to scale with the writer so they can act as failover targets. You will need to determine the correct capacity based on the -provisioned instance type and it's utilization. +provisioned instance type and its utilization. As an example, if the CPU utilization for a db.r6g.4xlarge (128 GB) instance stays at 10% most times, then the minimum ACUs may be set at 6.5 ACUs diff --git a/packages/aws-cdk-lib/aws-route53-targets/README.md b/packages/aws-cdk-lib/aws-route53-targets/README.md index 66e184b46e517..34ff494b296e1 100644 --- a/packages/aws-cdk-lib/aws-route53-targets/README.md +++ b/packages/aws-cdk-lib/aws-route53-targets/README.md @@ -222,7 +222,7 @@ new route53.ARecord(this, 'AliasRecord', { }); ``` -If Elastic Beanstalk environment URL is not avaiable at synth time, you can specify Hosted Zone ID of the target +If Elastic Beanstalk environment URL is not available at synth time, you can specify Hosted Zone ID of the target ```ts import { RegionInfo } from 'aws-cdk-lib/region-info'; diff --git a/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts b/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts index d0a51c0914717..10c197f2d4deb 100644 --- a/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts +++ b/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts @@ -118,7 +118,7 @@ export interface BucketDeploymentProps { readonly distributionPaths?: string[]; /** - * In case of using a cloudfront distribtuion, if this property is set to false then the custom resource + * In case of using a cloudfront distribution, if this property is set to false then the custom resource * will not wait and verify for Cloudfront invalidation to complete. This may speed up deployment and avoid * intermittent Cloudfront issues. However, this is risky and not recommended as cache invalidation * can silently fail. diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket-grants.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket-grants.ts index d144e6c250225..3dd198593b840 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket-grants.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket-grants.ts @@ -39,7 +39,7 @@ export class BucketGrants { } /** - * Grant read permissions for this bucket and it's contents to an IAM + * Grant read permissions for this bucket and its contents to an IAM * principal (Role/Group/User). * * If encryption is used, permission to use the key to decrypt the contents @@ -53,7 +53,7 @@ export class BucketGrants { } /** - * Grant write permissions for this bucket and it's contents to an IAM + * Grant write permissions for this bucket and its contents to an IAM * principal (Role/Group/User). * * If encryption is used, permission to use the key to decrypt the contents @@ -164,7 +164,7 @@ export class BucketGrants { } /** - * Grant read and write permissions for this bucket and it's contents to an IAM + * Grant read and write permissions for this bucket and its contents to an IAM * principal (Role/Group/User). * * If encryption is used, permission to use the key to decrypt the contents diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts index 15d8e50467ce7..19401dd833878 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts @@ -186,7 +186,7 @@ export interface IBucket extends IResource, IBucketRef { arnForObjects(keyPattern: string): string; /** - * Grant read permissions for this bucket and it's contents to an IAM + * Grant read permissions for this bucket and its contents to an IAM * principal (Role/Group/User). * * If encryption is used, permission to use the key to decrypt the contents @@ -249,7 +249,7 @@ export interface IBucket extends IResource, IBucketRef { grantDelete(identity: iam.IGrantable, objectsKeyPattern?: any): iam.Grant; /** - * Grants read/write permissions for this bucket and it's contents to an IAM + * Grants read/write permissions for this bucket and its contents to an IAM * principal (Role/Group/User). * * If an encryption key is used, permission to use the key for @@ -857,7 +857,7 @@ export abstract class BucketBase extends Resource implements IBucket, IEncrypted } /** - * Grant read permissions for this bucket and it's contents to an IAM + * Grant read permissions for this bucket and its contents to an IAM * principal (Role/Group/User). * * If encryption is used, permission to use the key to decrypt the contents diff --git a/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts b/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts index fbf67843ed11e..60a6c2657b433 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts @@ -85,7 +85,7 @@ export class BucketNotifications extends Construct { resource.node.addDependency(...targetProps.dependencies); } - // based on the target type, add the the correct configurations array + // based on the target type, add the correct configurations array switch (targetProps.type) { case BucketNotificationDestinationType.LAMBDA: this.lambdaNotifications.push({ ...commonConfig, LambdaFunctionArn: targetProps.arn }); diff --git a/packages/aws-cdk-lib/aws-servicecatalog/lib/constraints.ts b/packages/aws-cdk-lib/aws-servicecatalog/lib/constraints.ts index f2839bd65914a..9bcba9a61a66c 100644 --- a/packages/aws-cdk-lib/aws-servicecatalog/lib/constraints.ts +++ b/packages/aws-cdk-lib/aws-servicecatalog/lib/constraints.ts @@ -47,7 +47,7 @@ export interface StackSetsConstraintOptions extends CommonConstraintOptions { readonly executionRoleName: string; /** - * Wether to allow end users to create, update, and delete stacks. + * Whether to allow end users to create, update, and delete stacks. * * @default false */ diff --git a/packages/aws-cdk-lib/aws-ses/lib/receipt-rule-action.ts b/packages/aws-cdk-lib/aws-ses/lib/receipt-rule-action.ts index 5d98039475923..dc003ceaab271 100644 --- a/packages/aws-cdk-lib/aws-ses/lib/receipt-rule-action.ts +++ b/packages/aws-cdk-lib/aws-ses/lib/receipt-rule-action.ts @@ -18,13 +18,13 @@ export interface AddHeaderActionConfig { /** * The name of the header that you want to add to the incoming message * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-addheaderaction.html#cfn-ses-receiptrule-addheaderaction-headername + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-addheaderaction.html#cfn-ses-receiptrule-addheaderaction-headername */ readonly headerName: string; /** * The content that you want to include in the header. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-addheaderaction.html#cfn-ses-receiptrule-addheaderaction-headervalue + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-addheaderaction.html#cfn-ses-receiptrule-addheaderaction-headervalue */ readonly headerValue: string; } @@ -36,26 +36,26 @@ export interface BounceActionConfig { /** * Human-readable text to include in the bounce message. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-bounceaction.html#cfn-ses-receiptrule-bounceaction-message + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-bounceaction.html#cfn-ses-receiptrule-bounceaction-message */ readonly message: string; /** * The email address of the sender of the bounced email. * This is the address that the bounce message is sent from. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-bounceaction.html#cfn-ses-receiptrule-bounceaction-sender + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-bounceaction.html#cfn-ses-receiptrule-bounceaction-sender */ readonly sender: string; /** * The SMTP reply code, as defined by RFC 5321 * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-bounceaction.html#cfn-ses-receiptrule-bounceaction-smtpreplycode + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-bounceaction.html#cfn-ses-receiptrule-bounceaction-smtpreplycode */ readonly smtpReplyCode: string; /** * The SMTP enhanced status code, as defined by RFC 3463 * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-bounceaction.html#cfn-ses-receiptrule-bounceaction-statuscode + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-bounceaction.html#cfn-ses-receiptrule-bounceaction-statuscode * * @default - No status code. */ @@ -64,7 +64,7 @@ export interface BounceActionConfig { * The Amazon Resource Name (ARN) of the Amazon SNS topic to * notify when the bounce action is taken. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-bounceaction.html#cfn-ses-receiptrule-bounceaction-topicarn + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-bounceaction.html#cfn-ses-receiptrule-bounceaction-topicarn * * @default - No notification is sent to SNS. */ @@ -78,13 +78,13 @@ export interface LambdaActionConfig { /** * The Amazon Resource Name (ARN) of the AWS Lambda function. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-lambdaaction.html#cfn-ses-receiptrule-lambdaaction-functionarn + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-lambdaaction.html#cfn-ses-receiptrule-lambdaaction-functionarn */ readonly functionArn: string; /** * The invocation type of the AWS Lambda function * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-lambdaaction.html#cfn-ses-receiptrule-lambdaaction-invocationtype + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-lambdaaction.html#cfn-ses-receiptrule-lambdaaction-invocationtype * * @default 'Event' */ @@ -93,7 +93,7 @@ export interface LambdaActionConfig { * The Amazon Resource Name (ARN) of the Amazon SNS topic to * notify when the Lambda action is executed. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-lambdaaction.html#cfn-ses-receiptrule-lambdaaction-topicarn + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-lambdaaction.html#cfn-ses-receiptrule-lambdaaction-topicarn * * @default - No notification is sent to SNS. */ @@ -107,14 +107,14 @@ export interface S3ActionConfig { /** * The name of the Amazon S3 bucket that you want to send incoming mail to. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-s3action.html#cfn-ses-receiptrule-s3action-bucketname + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-s3action.html#cfn-ses-receiptrule-s3action-bucketname */ readonly bucketName: string; /** * The customer master key that Amazon SES should use to encrypt your emails before saving * them to the Amazon S3 bucket. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-s3action.html#cfn-ses-receiptrule-s3action-kmskeyarn + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-s3action.html#cfn-ses-receiptrule-s3action-kmskeyarn * * @default - Emails are not encrypted. */ @@ -122,7 +122,7 @@ export interface S3ActionConfig { /** * The key prefix of the Amazon S3 bucket. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-s3action.html#cfn-ses-receiptrule-s3action-objectkeyprefix + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-s3action.html#cfn-ses-receiptrule-s3action-objectkeyprefix * * @default - No prefix. */ @@ -130,7 +130,7 @@ export interface S3ActionConfig { /** * The ARN of the Amazon SNS topic to notify when the message is saved to the Amazon S3 bucket. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-s3action.html#cfn-ses-receiptrule-s3action-topicarn + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-s3action.html#cfn-ses-receiptrule-s3action-topicarn * * @default - No notification is sent to SNS. */ @@ -144,7 +144,7 @@ export interface SNSActionConfig { /** * The encoding to use for the email within the Amazon SNS notification. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-snsaction.html#cfn-ses-receiptrule-snsaction-encoding + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-snsaction.html#cfn-ses-receiptrule-snsaction-encoding * * @default 'UTF-8' */ @@ -152,7 +152,7 @@ export interface SNSActionConfig { /** * The Amazon Resource Name (ARN) of the Amazon SNS topic to notify. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-snsaction.html#cfn-ses-receiptrule-snsaction-topicarn + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-snsaction.html#cfn-ses-receiptrule-snsaction-topicarn * * @default - No notification is sent to SNS. */ @@ -166,13 +166,13 @@ export interface StopActionConfig { /** * The scope of the StopAction. The only acceptable value is RuleSet. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-stopaction.html#cfn-ses-receiptrule-stopaction-scope + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-stopaction.html#cfn-ses-receiptrule-stopaction-scope */ readonly scope: string; /** * The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the stop action is taken. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-stopaction.html#cfn-ses-receiptrule-stopaction-topicarn + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-stopaction.html#cfn-ses-receiptrule-stopaction-topicarn * * @default - No notification is sent to SNS. */ @@ -186,13 +186,13 @@ export interface WorkmailActionConfig { /** * The Amazon Resource Name (ARN) of the Amazon WorkMail organization. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-workmailaction.html#cfn-ses-receiptrule-workmailaction-organizationarn + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-workmailaction.html#cfn-ses-receiptrule-workmailaction-organizationarn */ readonly organizationArn: string; /** * The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the WorkMail action is called. * - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-workmailaction.html#cfn-ses-receiptrule-workmailaction-topicarn + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-workmailaction.html#cfn-ses-receiptrule-workmailaction-topicarn * * @default - No notification is sent to SNS. */ diff --git a/packages/aws-cdk-lib/aws-sns/test/sns.test.ts b/packages/aws-cdk-lib/aws-sns/test/sns.test.ts index 7fda1181b72b9..3af8faced4b78 100644 --- a/packages/aws-cdk-lib/aws-sns/test/sns.test.ts +++ b/packages/aws-cdk-lib/aws-sns/test/sns.test.ts @@ -1,14 +1,10 @@ -import * as fs from 'node:fs'; -import * as path from 'node:path'; import { Template } from '../../assertions'; -import { AssertionError } from '../../assertions/lib/private/error'; import * as notifications from '../../aws-codestarnotifications'; import * as iam from '../../aws-iam'; import { ServicePrincipal } from '../../aws-iam'; import * as kms from '../../aws-kms'; import { CfnKey } from '../../aws-kms'; import * as cdk from '../../core'; -import { Stage } from '../../core'; import * as sns from '../lib'; import { TopicGrants } from '../lib'; @@ -1086,67 +1082,4 @@ describe('Topic', () => { ).toThrow('`fifoThroughputScope` can only be set for FIFO SNS topics.'); }); }); - - /* - This is a representative test suite for source tracing. - What we are asserting here about CfnTopic applies to all L1 constructs. - */ - describe('Source tracing', () => { - test('Metadata contains propertyAssignment and stack trace with CDK_DEBUG=1', () => { - try { - process.env.CDK_DEBUG = '1'; - const stack = new cdk.Stack(); - - const topic = new sns.CfnTopic(stack, 'MyTopic', { - topicName: 'topicName', - }); - - topic.displayName = 'something'; - const lineWherePropertyWasSet = getLineNumber() - 1; // the one before this one - - const asm = synth(stack); - const metadata = JSON.parse(fs.readFileSync(path.join(asm.directory, 'Default.metadata.json'), 'utf8')); - const propertyAssignmentEntry = metadata['/Default/MyTopic'].find((e: any) => e.type === 'aws:cdk:propertyAssignment'); - - expect(propertyAssignmentEntry).toBeDefined(); - expect(propertyAssignmentEntry.data.propertyName).toEqual('DisplayName'); - expect(propertyAssignmentEntry.data.stackTrace.some( - (t: string) => t.includes(`${__filename}:${lineWherePropertyWasSet}`)), - ).toBe(true); - } finally { - delete process.env.CDK_DEBUG; - } - }); - - test('Metadata does not contain propertyAssignment by default', () => { - const stack = new cdk.Stack(); - - const topic = new sns.CfnTopic(stack, 'MyTopic', { - topicName: 'topicName', - }); - - topic.displayName = 'something'; - - const asm = synth(stack); - const metadata = JSON.parse(fs.readFileSync(path.join(asm.directory, 'Default.metadata.json'), 'utf8')); - const propertyAssignmentEntry = metadata['/Default/MyTopic'].find((e: any) => e.type === 'aws:cdk:propertyAssignment'); - - expect(propertyAssignmentEntry).toBeUndefined(); - }); - }); }); - -function synth(stack: cdk.Stack) { - const stage = Stage.of(stack); - if (!Stage.isStage(stage)) { - throw new AssertionError('unexpected: all stacks must be part of a Stage or an App'); - } - - return stage.synth(); -} - -function getLineNumber(): number { - const err = new Error(); - const line = err.stack?.split('\n')[2]?.match(/:(\d+):\d+\)?$/)?.[1]; - return Number(line); -} diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md index 3fc1bff386120..b2a2375af6ce0 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md @@ -1759,7 +1759,7 @@ Step Functions supports [AWS MediaConvert](https://docs.aws.amazon.com/step-func ### CreateJob The [CreateJob](https://docs.aws.amazon.com/mediaconvert/latest/apireference/jobs.html#jobspost) API creates a new transcoding job. -For information about jobs and job settings, see the User Guide at http://docs.aws.amazon.com/mediaconvert/latest/ug/what-is.html +For information about jobs and job settings, see the User Guide at https://docs.aws.amazon.com/mediaconvert/latest/ug/what-is.html You can call the `CreateJob` API from a `Task` state. Optionally you can specify the `integrationPattern`. diff --git a/packages/aws-cdk-lib/aws-stepfunctions/README.md b/packages/aws-cdk-lib/aws-stepfunctions/README.md index ad7de37da8740..ce28a2e46c49b 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/README.md +++ b/packages/aws-cdk-lib/aws-stepfunctions/README.md @@ -582,7 +582,7 @@ hits a particular time. The time to wait may be taken from the execution's JSON state. ```ts -// Wait until it's the time mentioned in the the state object's "triggerTime" +// Wait until it's the time mentioned in the state object's "triggerTime" // field. const wait = new sfn.Wait(this, 'Wait For Trigger Time', { time: sfn.WaitTime.timestampPath('$.triggerTime'), diff --git a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enumlikes.json b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enumlikes.json index 1dd3f10b70598..72e0aa204578b 100644 --- a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enumlikes.json +++ b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums/module-enumlikes.json @@ -799,6 +799,9 @@ "META_LLAMA_3_3_70B_INSTRUCT_V1", "META_LLAMA_4_MAVERICK_17B_INSTRUCT_V1_0", "META_LLAMA_4_SCOUT_17B_INSTRUCT_V1_0", + "MINIMAX_MINIMAX_M2", + "MINIMAX_MINIMAX_M2_1", + "MINIMAX_MINIMAX_M2_5", "MISTRAL_MISTRAL_7B_INSTRUCT_V0_2", "MISTRAL_MIXTRAL_8X7B_INSTRUCT_V0_1", "MISTRAL_LARGE_V0_1", @@ -823,7 +826,10 @@ "WRITER_PALMYRA_X5_V1_0", "TWELVELABS_MARENGO_EMBED_2_7_V1_0", "TWELVELABS_PEGASUS_1_2_V1_0", - "TWELVELABS_MARENGO_EMBED_3_0_V1_0" + "TWELVELABS_MARENGO_EMBED_3_0_V1_0", + "ZAI_GLM_4_7", + "ZAI_GLM_4_7_FLASH", + "ZAI_GLM_5" ] }, "aws-cdk/packages/aws-cdk-lib/aws-certificatemanager/lib/certificate.ts": { diff --git a/packages/aws-cdk-lib/core/lib/cfn-fn.ts b/packages/aws-cdk-lib/core/lib/cfn-fn.ts index 69a45c1e37f3a..5c6b7715edcf1 100644 --- a/packages/aws-cdk-lib/core/lib/cfn-fn.ts +++ b/packages/aws-cdk-lib/core/lib/cfn-fn.ts @@ -10,7 +10,7 @@ import { Token } from './token'; /** * CloudFormation intrinsic functions. - * http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html + * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html */ export class Fn { /** @@ -232,7 +232,7 @@ export class Fn { /** * The intrinsic function ``Fn::FindInMap`` returns the value corresponding to * keys in a two-level map that is declared in the Mappings section. - * Warning: do not use with lazy mappings as this function will not guarentee a lazy mapping to render in the template. + * Warning: do not use with lazy mappings as this function will not guarantee a lazy mapping to render in the template. * Prefer to use `CfnMapping.findInMap` in general. * @returns a token represented as a string */ diff --git a/packages/aws-cdk-lib/core/lib/cfn-tag.ts b/packages/aws-cdk-lib/core/lib/cfn-tag.ts index 5e3f2446018a5..2bdc9942edb0c 100644 --- a/packages/aws-cdk-lib/core/lib/cfn-tag.ts +++ b/packages/aws-cdk-lib/core/lib/cfn-tag.ts @@ -1,14 +1,14 @@ /** - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html */ export interface CfnTag { /** - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html#cfn-resource-tags-key + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html#cfn-resource-tags-key */ readonly key: string; /** - * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html#cfn-resource-tags-value + * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html#cfn-resource-tags-value */ readonly value: string; } diff --git a/packages/aws-cdk-lib/core/lib/duration.ts b/packages/aws-cdk-lib/core/lib/duration.ts index e57049d04873a..70a5eaefafb16 100644 --- a/packages/aws-cdk-lib/core/lib/duration.ts +++ b/packages/aws-cdk-lib/core/lib/duration.ts @@ -232,7 +232,7 @@ export class Duration { /** * Returns a string representation of this `Duration` * - * This is is never the right function to use when you want to use the `Duration` + * This is never the right function to use when you want to use the `Duration` * object in a template. Use `toSeconds()`, `toMinutes()`, `toDays()`, etc. instead. */ public toString(): string { diff --git a/packages/aws-cdk-lib/core/lib/private/asset-staging.ts b/packages/aws-cdk-lib/core/lib/private/asset-staging.ts index 9a79ffdbfaec5..c87086647684e 100644 --- a/packages/aws-cdk-lib/core/lib/private/asset-staging.ts +++ b/packages/aws-cdk-lib/core/lib/private/asset-staging.ts @@ -159,7 +159,7 @@ export class AssetBundlingVolumeCopy extends AssetBundlingBase { } /** - * copy files from the the output volume to the host where this is executed + * copy files from the output volume to the host where this is executed * @param outputPath - path to folder where files should be copied to - without trailing slash */ private copyOutputTo(outputPath: string) { diff --git a/packages/aws-cdk-lib/core/lib/stack-trace.ts b/packages/aws-cdk-lib/core/lib/stack-trace.ts index 34465562ba04f..965a2bf84722d 100644 --- a/packages/aws-cdk-lib/core/lib/stack-trace.ts +++ b/packages/aws-cdk-lib/core/lib/stack-trace.ts @@ -1,4 +1,3 @@ -import type { Node } from 'constructs'; import { debugModeEnabled } from './debug'; /** @@ -191,25 +190,3 @@ interface CallSite { fileName: string; sourceLocation: string; } - -/** - * Records a metadata entry on a construct node to trace a property assignment. - * - * When debug mode is enabled (via the `CDK_DEBUG` environment variable), - * this attaches `aws:cdk:propertyAssignment` metadata to the given node, - * including a stack trace pointing back to the caller. This is useful for - * diagnosing where a particular property value was set during synthesis. - * - * This is a no-op when debug mode is not enabled. - * - * @param node the construct node to attach the metadata to. - * @param propertyName the name of the property being assigned. - */ -export function traceProperty(node: Node, propertyName: string) { - if (debugModeEnabled()) { - node.addMetadata('aws:cdk:propertyAssignment', { - propertyName, - stackTrace: captureStackTrace(traceProperty), - }); - } -} diff --git a/packages/aws-cdk-lib/core/lib/stack.ts b/packages/aws-cdk-lib/core/lib/stack.ts index 61f861c2ff82d..3a2e6a7822e7e 100644 --- a/packages/aws-cdk-lib/core/lib/stack.ts +++ b/packages/aws-cdk-lib/core/lib/stack.ts @@ -775,7 +775,7 @@ export class Stack extends Construct implements ITaggable { } /** - * Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent. + * Indicates if this is a nested stack, in which case `parentStack` will include a reference to its parent. */ public get nested(): boolean { return this.nestedStackResource !== undefined; diff --git a/packages/aws-cdk-lib/core/lib/stage.ts b/packages/aws-cdk-lib/core/lib/stage.ts index 3a20c13d1c3d2..d56bb1c302e42 100644 --- a/packages/aws-cdk-lib/core/lib/stage.ts +++ b/packages/aws-cdk-lib/core/lib/stage.ts @@ -113,7 +113,7 @@ export interface StageProps { * application. * * You can then instantiate your subclass multiple times to model multiple - * copies of your application which should be be deployed to different + * copies of your application which should be deployed to different * environments. */ export class Stage extends Construct { diff --git a/packages/aws-cdk-lib/custom-resources/README.md b/packages/aws-cdk-lib/custom-resources/README.md index b913e4a58ad34..d3b37ae8c9ccb 100644 --- a/packages/aws-cdk-lib/custom-resources/README.md +++ b/packages/aws-cdk-lib/custom-resources/README.md @@ -184,7 +184,7 @@ CloudFormation. The input event to `isComplete` includes all request fields, combined with all fields returned from `onEvent`. If `PhysicalResourceId` has not been explicitly -returned from `onEvent`, it's value will be calculated based on the heuristics +returned from `onEvent`, its value will be calculated based on the heuristics described above. The return value must be a JSON object with the following fields: @@ -273,7 +273,7 @@ resource operation fails even though the operation technically succeeded (i.e. isComplete throws an error). When AWS CloudFormation receives a "FAILED" response, it will attempt to roll -back the stack to it's last state. This has different meanings for different +back the stack to its last state. This has different meanings for different lifecycle events: * If a `Create` event fails, the resource provider framework will automatically diff --git a/packages/aws-cdk-lib/cx-api/README.md b/packages/aws-cdk-lib/cx-api/README.md index 17b79aa738c4b..38f7485ee7896 100644 --- a/packages/aws-cdk-lib/cx-api/README.md +++ b/packages/aws-cdk-lib/cx-api/README.md @@ -208,9 +208,9 @@ _cdk.json_ * `@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion` -Enable this feature flag to automatically use the latest available NodeJS version in the aws-lambda-nodejse.Function construct. +Enable this feature flag to automatically use the latest available NodeJS version in the aws-lambda-nodejs.Function construct. -This allows creation of new functions using a version that will automatically stay up to date without breaking bundling of existing functions that externalize packages included in their environemnt such as `aws-sdk`. +This allows creation of new functions using a version that will automatically stay up to date without breaking bundling of existing functions that externalize packages included in their environment such as `aws-sdk`. Functions defined previously will continue to function correctly as long as they pass an explicit runtime version, or do not exclude packages during bundling. @@ -555,7 +555,7 @@ When this feature flag is enabled, the default behaviour of OIDC Provider's cust default to reject unauthorized connections when downloading CA Certificates. When this feature flag is disabled, the behaviour will be the same as current and will allow downloading -thumbprints from unsecure connnections. +thumbprints from insecure connections. _cdk.json_ diff --git a/packages/aws-cdk-lib/cx-api/lib/cxapi.ts b/packages/aws-cdk-lib/cx-api/lib/cxapi.ts index 63c986f6a2d6e..289b3101d9592 100644 --- a/packages/aws-cdk-lib/cx-api/lib/cxapi.ts +++ b/packages/aws-cdk-lib/cx-api/lib/cxapi.ts @@ -22,7 +22,7 @@ export const DEFAULT_REGION_ENV = 'CDK_DEFAULT_REGION'; /** * Version of Cloud Assembly expected by CDK Toolkit. * - * Despite it's name, this value applies to all version of the CDK Toolkit, not just the CLI. + * Despite its name, this value applies to all version of the CDK Toolkit, not just the CLI. * * CLI started emitting this at 1.10.1 */ diff --git a/packages/aws-cdk-lib/triggers/lib/trigger.ts b/packages/aws-cdk-lib/triggers/lib/trigger.ts index 39c3aa07b5050..c8144b0186c1f 100644 --- a/packages/aws-cdk-lib/triggers/lib/trigger.ts +++ b/packages/aws-cdk-lib/triggers/lib/trigger.ts @@ -44,7 +44,7 @@ export interface TriggerOptions { * Adds this trigger as a dependency on other constructs. This means that this * trigger will get executed *before* the given construct(s). * - * You can also use `trigger.executeBefore()` to add additional dependants. + * You can also use `trigger.executeBefore()` to add additional dependents. * * @default [] */ diff --git a/tools/@aws-cdk/spec2cdk/lib/cdk/cdk.ts b/tools/@aws-cdk/spec2cdk/lib/cdk/cdk.ts index 044b6d637df17..6342428976a08 100644 --- a/tools/@aws-cdk/spec2cdk/lib/cdk/cdk.ts +++ b/tools/@aws-cdk/spec2cdk/lib/cdk/cdk.ts @@ -36,7 +36,6 @@ export class CdkCore extends ExternalModule { public readonly unionMapper = makeCallableExpr(this, 'unionMapper'); public readonly requireProperty = makeCallableExpr(this, 'requireProperty'); public readonly isResolvableObject = makeCallableExpr(this, 'isResolvableObject'); - public readonly traceProperty = makeCallableExpr(this, 'traceProperty'); public readonly mapArrayInPlace = makeCallableExpr(this, 'mapArrayInPlace'); public readonly ValidationResult = $T(Type.fromName(this, 'ValidationResult')); diff --git a/tools/@aws-cdk/spec2cdk/lib/cdk/resource-class.ts b/tools/@aws-cdk/spec2cdk/lib/cdk/resource-class.ts index decf3419419c9..ac0edb2fec6f2 100644 --- a/tools/@aws-cdk/spec2cdk/lib/cdk/resource-class.ts +++ b/tools/@aws-cdk/spec2cdk/lib/cdk/resource-class.ts @@ -217,31 +217,7 @@ export class ResourceClass extends ClassType implements Referenceable { } for (const prop of this.decider.classProperties) { - const spec = prop.propertySpec; - if (spec.immutable) { - this.addProperty(spec); - } else { - // For mutable properties, generate getter and setter - const backingFieldName = `_${spec.name}`; - this.addProperty({ - name: backingFieldName, - type: spec.type, - optional: spec.optional, - visibility: MemberVisibility.Private, - docs: spec.docs, - }); - this.addProperty({ - name: spec.name, - type: spec.type, - optional: spec.optional, - docs: spec.docs, - getterBody: Block.with(stmt.ret($this[backingFieldName])), - setterBody: (value: Expression) => Block.with( - CDK_CORE.traceProperty($this.node, expr.lit(prop.cfnName)), - stmt.assign($this[backingFieldName], value), - ), - }); - } + this.addProperty(prop.propertySpec); } // Copy properties onto class and props type @@ -769,8 +745,8 @@ export class ResourceClass extends ClassType implements Referenceable { init.addBody( // Props - ...this.decider.classProperties.map(({ propertySpec: { name, immutable }, initializer }) => - stmt.assign($this[immutable ? name : `_${name}`], initializer(props)), + ...this.decider.classProperties.map(({ propertySpec: { name }, initializer }) => + stmt.assign($this[name], initializer(props)), ), ); diff --git a/tools/@aws-cdk/spec2cdk/lib/cdk/resource-decider.ts b/tools/@aws-cdk/spec2cdk/lib/cdk/resource-decider.ts index 1b53c644aea26..eb9c5c08a5873 100644 --- a/tools/@aws-cdk/spec2cdk/lib/cdk/resource-decider.ts +++ b/tools/@aws-cdk/spec2cdk/lib/cdk/resource-decider.ts @@ -104,7 +104,6 @@ export class ResourceDecider { immutable: false, docs: this.defaultClassPropDocs(cfnName, prop), }, - cfnName, initializer: resolverResult.resolver, cfnValueToRender: { [resolverResult.name]: $this[resolverResult.name] }, }); @@ -167,7 +166,6 @@ export class ResourceDecider { summary: 'Tag Manager which manages the tags for this resource', }, }, - cfnName, initializer: (props: Expression) => new CDK_CORE.TagManager( this.tagManagerVariant(variant), @@ -186,7 +184,6 @@ export class ResourceDecider { optional: true, // Tags are never required docs: this.defaultClassPropDocs(cfnName, prop), }, - cfnName, initializer: (props: Expression) => $E(props)[originalName], cfnValueToRender: {}, // Gets rendered as part of the TagManager above }, @@ -224,7 +221,6 @@ export class ResourceDecider { summary: 'Tag Manager which manages the tags for this resource', }, }, - cfnName, initializer: (_: Expression) => new CDK_CORE.TagManager( this.tagManagerVariant(variant), @@ -243,7 +239,6 @@ export class ResourceDecider { optional: true, // Tags are never required docs: this.defaultClassPropDocs(cfnName, prop), }, - cfnName, initializer: (props: Expression) => $E(props)[originalName], cfnValueToRender: {}, // Gets rendered as part of the TagManager above }, @@ -369,9 +364,6 @@ export interface PropsProperty { export interface ClassProperty { readonly propertySpec: PropertySpec; - /** The original CloudFormation property name */ - readonly cfnName: string; - /** Given the name of the props value, produce the member value */ readonly initializer: (props: Expression) => Expression; diff --git a/tools/@aws-cdk/spec2cdk/test/__snapshots__/cfn-prop-mixins.test.ts.snap b/tools/@aws-cdk/spec2cdk/test/__snapshots__/cfn-prop-mixins.test.ts.snap index 72bfd7d306dbc..2e34c93f404a7 100644 --- a/tools/@aws-cdk/spec2cdk/test/__snapshots__/cfn-prop-mixins.test.ts.snap +++ b/tools/@aws-cdk/spec2cdk/test/__snapshots__/cfn-prop-mixins.test.ts.snap @@ -1,4 +1,4 @@ -// Jest Snapshot v1, https://jestjs.io/docs/snapshot-testing +// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`L1 property mixin for a standard-issue resource 1`] = ` "/* eslint-disable prettier/prettier, @stylistic/max-len */ diff --git a/tools/@aws-cdk/spec2cdk/test/__snapshots__/fake-services.test.ts.snap b/tools/@aws-cdk/spec2cdk/test/__snapshots__/fake-services.test.ts.snap index 26fb654c3bb6d..013a199352085 100644 --- a/tools/@aws-cdk/spec2cdk/test/__snapshots__/fake-services.test.ts.snap +++ b/tools/@aws-cdk/spec2cdk/test/__snapshots__/fake-services.test.ts.snap @@ -1,4 +1,4 @@ -// Jest Snapshot v1, https://jestjs.io/docs/snapshot-testing +// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`can codegen deprecated service 1`] = ` "/* eslint-disable prettier/prettier, @stylistic/max-len */ @@ -54,7 +54,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR /** * The identifier of the resource. */ - private _id?: string; + public id?: string; /** * Create a new \`AWS::Some::Resource\`. @@ -69,7 +69,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR properties: props }); - this._id = props.id; + this.id = props.id; } public get resourceRef(): ResourceReference { @@ -78,20 +78,6 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR }; } - /** - * The identifier of the resource. - */ - public get id(): string | undefined { - return this._id; - } - /** - * The identifier of the resource. - */ - public set id(value: string | undefined) { - cdk.traceProperty(this.node, "Id"); - this._id = value; - } - protected get cfnProperties(): Record { return { id: this.id diff --git a/tools/@aws-cdk/spec2cdk/test/__snapshots__/relationships.test.ts.snap b/tools/@aws-cdk/spec2cdk/test/__snapshots__/relationships.test.ts.snap index 10e2436c7b560..c5c1eab1a2fda 100644 --- a/tools/@aws-cdk/spec2cdk/test/__snapshots__/relationships.test.ts.snap +++ b/tools/@aws-cdk/spec2cdk/test/__snapshots__/relationships.test.ts.snap @@ -1,4 +1,4 @@ -// Jest Snapshot v1, https://jestjs.io/docs/snapshot-testing +// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`resource with array of nested properties with relationship 1`] = ` "/* eslint-disable prettier/prettier, @stylistic/max-len */ @@ -192,7 +192,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR return (cdk.CfnResource.isCfnResource(x) && (x.cfnResourceType === CfnResource.CFN_RESOURCE_TYPE_NAME)); } - private _permissions?: Array | cdk.IResolvable; + public permissions?: Array | cdk.IResolvable; /** * Create a new \`AWS::IAM::Resource\`. @@ -207,21 +207,13 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR properties: props }); - this._permissions = props.permissions; + this.permissions = props.permissions; } public get resourceRef(): ResourceReference { return {}; } - public get permissions(): Array | cdk.IResolvable | undefined { - return this._permissions; - } - public set permissions(value: Array | cdk.IResolvable | undefined) { - cdk.traceProperty(this.node, "Permissions"); - this._permissions = value; - } - protected get cfnProperties(): Record { return { permissions: this.permissions @@ -693,7 +685,7 @@ export class CfnPolicy extends cdk.CfnResource implements cdk.IInspectable, IPol return (cdk.CfnResource.isCfnResource(x) && (x.cfnResourceType === CfnPolicy.CFN_RESOURCE_TYPE_NAME)); } - private _principalArn?: string; + public principalArn?: string; /** * Create a new \`AWS::IAM::Policy\`. @@ -708,21 +700,13 @@ export class CfnPolicy extends cdk.CfnResource implements cdk.IInspectable, IPol properties: props }); - this._principalArn = cdk.getRefProperty((props.principalArn as iamRefs.IRoleRef)?.roleRef, 'roleArn') ?? cdk.getRefProperty((props.principalArn as iamRefs.IUserRef)?.userRef, 'userArn') ?? cdk.ensureStringOrUndefined(props.principalArn, "principalArn", "iam.IRoleRef | iam.IUserRef | string"); + this.principalArn = cdk.getRefProperty((props.principalArn as iamRefs.IRoleRef)?.roleRef, 'roleArn') ?? cdk.getRefProperty((props.principalArn as iamRefs.IUserRef)?.userRef, 'userArn') ?? cdk.ensureStringOrUndefined(props.principalArn, "principalArn", "iam.IRoleRef | iam.IUserRef | string"); } public get policyRef(): PolicyReference { return {}; } - public get principalArn(): string | undefined { - return this._principalArn; - } - public set principalArn(value: string | undefined) { - cdk.traceProperty(this.node, "PrincipalArn"); - this._principalArn = value; - } - protected get cfnProperties(): Record { return { principalArn: this.principalArn @@ -996,7 +980,7 @@ export class CfnTask extends cdk.CfnResource implements cdk.IInspectable, ITaskR return (cdk.CfnResource.isCfnResource(x) && (x.cfnResourceType === CfnTask.CFN_RESOURCE_TYPE_NAME)); } - private _executionConfig?: CfnTask.ExecutionConfigProperty | cdk.IResolvable; + public executionConfig?: CfnTask.ExecutionConfigProperty | cdk.IResolvable; /** * Create a new \`AWS::IAM::Task\`. @@ -1011,21 +995,13 @@ export class CfnTask extends cdk.CfnResource implements cdk.IInspectable, ITaskR properties: props }); - this._executionConfig = props.executionConfig; + this.executionConfig = props.executionConfig; } public get taskRef(): TaskReference { return {}; } - public get executionConfig(): CfnTask.ExecutionConfigProperty | cdk.IResolvable | undefined { - return this._executionConfig; - } - public set executionConfig(value: CfnTask.ExecutionConfigProperty | cdk.IResolvable | undefined) { - cdk.traceProperty(this.node, "ExecutionConfig"); - this._executionConfig = value; - } - protected get cfnProperties(): Record { return { executionConfig: this.executionConfig @@ -1354,7 +1330,7 @@ export class CfnJob extends cdk.CfnResource implements cdk.IInspectable, IJobRef return (cdk.CfnResource.isCfnResource(x) && (x.cfnResourceType === CfnJob.CFN_RESOURCE_TYPE_NAME)); } - private _config?: cdk.IResolvable | CfnJob.OldConfigProperty; + public config?: cdk.IResolvable | CfnJob.OldConfigProperty; /** * Create a new \`AWS::IAM::Job\`. @@ -1369,21 +1345,13 @@ export class CfnJob extends cdk.CfnResource implements cdk.IInspectable, IJobRef properties: props }); - this._config = props.config; + this.config = props.config; } public get jobRef(): JobReference { return {}; } - public get config(): cdk.IResolvable | CfnJob.OldConfigProperty | undefined { - return this._config; - } - public set config(value: cdk.IResolvable | CfnJob.OldConfigProperty | undefined) { - cdk.traceProperty(this.node, "Config"); - this._config = value; - } - protected get cfnProperties(): Record { return { config: this.config @@ -1775,7 +1743,7 @@ export class CfnFunction extends cdk.CfnResource implements cdk.IInspectable, IF return (cdk.CfnResource.isCfnResource(x) && (x.cfnResourceType === CfnFunction.CFN_RESOURCE_TYPE_NAME)); } - private _roleArn?: string; + public roleArn?: string; /** * Create a new \`AWS::IAM::Function\`. @@ -1790,21 +1758,13 @@ export class CfnFunction extends cdk.CfnResource implements cdk.IInspectable, IF properties: props }); - this._roleArn = cdk.getRefProperty((props.roleArn as iamRefs.IRoleRef)?.roleRef, 'roleArn') ?? cdk.ensureStringOrUndefined(props.roleArn, "roleArn", "iam.IRoleRef | string"); + this.roleArn = cdk.getRefProperty((props.roleArn as iamRefs.IRoleRef)?.roleRef, 'roleArn') ?? cdk.ensureStringOrUndefined(props.roleArn, "roleArn", "iam.IRoleRef | string"); } public get functionRef(): FunctionReference { return {}; } - public get roleArn(): string | undefined { - return this._roleArn; - } - public set roleArn(value: string | undefined) { - cdk.traceProperty(this.node, "RoleArn"); - this._roleArn = value; - } - protected get cfnProperties(): Record { return { roleArn: this.roleArn diff --git a/tools/@aws-cdk/spec2cdk/test/__snapshots__/resources.test.ts.snap b/tools/@aws-cdk/spec2cdk/test/__snapshots__/resources.test.ts.snap index 065b51307ec33..4542534ffd3da 100644 --- a/tools/@aws-cdk/spec2cdk/test/__snapshots__/resources.test.ts.snap +++ b/tools/@aws-cdk/spec2cdk/test/__snapshots__/resources.test.ts.snap @@ -1,4 +1,4 @@ -// Jest Snapshot v1, https://jestjs.io/docs/snapshot-testing +// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`can generate interface types into a separate module 1`] = ` "/* eslint-disable prettier/prettier, @stylistic/max-len */ @@ -84,7 +84,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR /** * The identifier of the resource. */ - private _id?: string; + public id?: string; /** * Create a new \`AWS::Some::Resource\`. @@ -99,7 +99,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR properties: props }); - this._id = props.id; + this.id = props.id; } public get resourceRef(): ResourceReference { @@ -108,20 +108,6 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR }; } - /** - * The identifier of the resource. - */ - public get id(): string | undefined { - return this._id; - } - /** - * The identifier of the resource. - */ - public set id(value: string | undefined) { - cdk.traceProperty(this.node, "Id"); - this._id = value; - } - protected get cfnProperties(): Record { return { id: this.id @@ -256,7 +242,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR /** * The identifier of the resource. */ - private _id?: string; + public id?: string; /** * Create a new \`AWS::Some::Resource\`. @@ -271,7 +257,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR properties: props }); - this._id = props.id; + this.id = props.id; } public get resourceRef(): ResourceReference { @@ -280,20 +266,6 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR }; } - /** - * The identifier of the resource. - */ - public get id(): string | undefined { - return this._id; - } - /** - * The identifier of the resource. - */ - public set id(value: string | undefined) { - cdk.traceProperty(this.node, "Id"); - this._id = value; - } - protected get cfnProperties(): Record { return { id: this.id @@ -906,7 +878,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR /** * The arn for the resource. */ - private _arn?: string; + public arn?: string; /** * Create a new \`AWS::Some::Resource\`. @@ -921,7 +893,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR properties: props }); - this._arn = props.arn; + this.arn = props.arn; } public get resourceRef(): ResourceReference { @@ -930,20 +902,6 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR }; } - /** - * The arn for the resource. - */ - public get arn(): string | undefined { - return this._arn; - } - /** - * The arn for the resource. - */ - public set arn(value: string | undefined) { - cdk.traceProperty(this.node, "Arn"); - this._arn = value; - } - /** * The identifier of the resource * @@ -1434,7 +1392,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR /** * The identifier of the resource. */ - private _id?: string; + public id?: string; /** * Create a new \`AWS::Some::Resource\`. @@ -1449,7 +1407,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR properties: props }); - this._id = props.id; + this.id = props.id; } public get resourceRef(): ResourceReference { @@ -1458,20 +1416,6 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR }; } - /** - * The identifier of the resource. - */ - public get id(): string | undefined { - return this._id; - } - /** - * The identifier of the resource. - */ - public set id(value: string | undefined) { - cdk.traceProperty(this.node, "Id"); - this._id = value; - } - protected get cfnProperties(): Record { return { id: this.id @@ -1606,12 +1550,12 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR /** * Another identifier of the resource. */ - private _anotherId?: string; + public anotherId?: string; /** * The identifier of the resource. */ - private _id?: string; + public id?: string; /** * Create a new \`AWS::Some::Resource\`. @@ -1626,8 +1570,8 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR properties: props }); - this._anotherId = props.anotherId; - this._id = props.id; + this.anotherId = props.anotherId; + this.id = props.id; } public get resourceRef(): ResourceReference { @@ -1637,34 +1581,6 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR }; } - /** - * Another identifier of the resource. - */ - public get anotherId(): string | undefined { - return this._anotherId; - } - /** - * Another identifier of the resource. - */ - public set anotherId(value: string | undefined) { - cdk.traceProperty(this.node, "AnotherId"); - this._anotherId = value; - } - - /** - * The identifier of the resource. - */ - public get id(): string | undefined { - return this._id; - } - /** - * The identifier of the resource. - */ - public set id(value: string | undefined) { - cdk.traceProperty(this.node, "Id"); - this._id = value; - } - protected get cfnProperties(): Record { return { anotherId: this.anotherId, @@ -1810,7 +1726,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR /** * The identifier of the resource. */ - private _id?: string; + public id?: string; /** * Create a new \`AWS::Some::Resource\`. @@ -1825,7 +1741,7 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR properties: props }); - this._id = props.id; + this.id = props.id; } public get resourceRef(): ResourceReference { @@ -1834,20 +1750,6 @@ export class CfnResource extends cdk.CfnResource implements cdk.IInspectable, IR }; } - /** - * The identifier of the resource. - */ - public get id(): string | undefined { - return this._id; - } - /** - * The identifier of the resource. - */ - public set id(value: string | undefined) { - cdk.traceProperty(this.node, "Id"); - this._id = value; - } - protected get cfnProperties(): Record { return { id: this.id diff --git a/tools/@aws-cdk/spec2cdk/test/relationships.test.ts b/tools/@aws-cdk/spec2cdk/test/relationships.test.ts index e3a5ce90e7525..675fe5e17f573 100644 --- a/tools/@aws-cdk/spec2cdk/test/relationships.test.ts +++ b/tools/@aws-cdk/spec2cdk/test/relationships.test.ts @@ -322,6 +322,6 @@ test('relationship have arns appear first in the constructor chain', () => { const rendered = renderer.render(module); - const chain = 'this._roleArn = cdk.getRefProperty((props.roleArn as iamRefs.IRoleRef)?.roleRef, \'roleArn\') ?? cdk.getRefProperty((props.roleArn as iamRefs.IRoleRef)?.roleRef, \'roleName\') ?? cdk.getRefProperty((props.roleArn as iamRefs.IRoleRef)?.roleRef, \'otherPrimaryId\') ?? cdk.ensureStringOrUndefined(props.roleArn, "roleArn", "iam.IRoleRef | string")'; + const chain = 'this.roleArn = cdk.getRefProperty((props.roleArn as iamRefs.IRoleRef)?.roleRef, \'roleArn\') ?? cdk.getRefProperty((props.roleArn as iamRefs.IRoleRef)?.roleRef, \'roleName\') ?? cdk.getRefProperty((props.roleArn as iamRefs.IRoleRef)?.roleRef, \'otherPrimaryId\') ?? cdk.ensureStringOrUndefined(props.roleArn, "roleArn", "iam.IRoleRef | string")'; expect(rendered).toContain(chain); }); diff --git a/tools/@aws-cdk/spec2cdk/test/resources.test.ts b/tools/@aws-cdk/spec2cdk/test/resources.test.ts index 2e179f0fd41ed..269322c2b1867 100644 --- a/tools/@aws-cdk/spec2cdk/test/resources.test.ts +++ b/tools/@aws-cdk/spec2cdk/test/resources.test.ts @@ -443,43 +443,6 @@ test('CFN reference identifier of same length as CC-API identifier aliases field ); }); -describe('Source tracing', () => { - test('generates setter for each property, with a call to traceProperty', () => { - givenResource({ - ...BASE_RESOURCE, - attributes: { - Arn: { - type: { type: 'string' }, - documentation: 'The ARN of this resource', - }, - }, - primaryIdentifier: ['Id'], - cfnRefIdentifier: ['Arn'], - properties: { - Id: { - type: { type: 'string' }, - }, - Foo: { - type: { type: 'string' }, - }, - }, - }); - - // THEN - const rendered = renderResource(); - - expect(rendered.resources).toContainCode(`public set id(value: string | undefined) { - cdk.traceProperty(this.node, "Id"); - this._id = value; - }`); - - expect(rendered.resources).toContainCode(`public set foo(value: string | undefined) { - cdk.traceProperty(this.node, "Foo"); - this._foo = value; - }`); - }); -}); - function givenResource(res: Plain) { db.link('hasResource', service, db.allocate('resource', res)); } diff --git a/version.v2.json b/version.v2.json index e01d50825c369..32106024a5945 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.245.0", - "alphaVersion": "2.245.0-alpha.0" + "version": "2.246.0", + "alphaVersion": "2.246.0-alpha.0" } \ No newline at end of file