From 228c86532118b143e365b2268d06ee3a36fcf3a7 Mon Sep 17 00:00:00 2001 From: Yurui Zhang Date: Mon, 31 Oct 2022 01:00:00 -0400 Subject: [PATCH] feat(synthetics): aws synthetics runtime version syn-nodejs-puppeteer-3.8 (#22707) adds new nodejs-puppeteer-runtime 3.8 support for aws-synthetics ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-synthetics/README.md | 10 +- .../@aws-cdk/aws-synthetics/lib/runtime.ts | 17 + .../canary-one.assets.json | 4 +- .../canary-one.template.json | 197 ++++++++++++ .../test/canary.integ.snapshot/manifest.json | 26 +- .../test/canary.integ.snapshot/tree.json | 293 ++++++++++++++++++ .../aws-synthetics/test/integ.canary.ts | 9 + 7 files changed, 548 insertions(+), 8 deletions(-) diff --git a/packages/@aws-cdk/aws-synthetics/README.md b/packages/@aws-cdk/aws-synthetics/README.md index 0f68a385d998c..09c771a1e5215 100644 --- a/packages/@aws-cdk/aws-synthetics/README.md +++ b/packages/@aws-cdk/aws-synthetics/README.md @@ -42,7 +42,7 @@ const canary = new synthetics.Canary(this, 'MyCanary', { code: synthetics.Code.fromAsset(path.join(__dirname, 'canary')), handler: 'index.handler', }), - runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_7, + runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_8, environmentVariables: { stage: 'prod', }, @@ -129,7 +129,7 @@ new synthetics.Canary(this, 'Inline Canary', { code: synthetics.Code.fromInline('/* Synthetics handler code */'), handler: 'index.handler', // must be 'index.handler' }), - runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_7, + runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_8, }); // To supply the code from your local filesystem: @@ -138,7 +138,7 @@ new synthetics.Canary(this, 'Asset Canary', { code: synthetics.Code.fromAsset(path.join(__dirname, 'canary')), handler: 'index.handler', // must end with '.handler' }), - runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_7, + runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_8, }); // To supply the code from a S3 bucket: @@ -149,7 +149,7 @@ new synthetics.Canary(this, 'Bucket Canary', { code: synthetics.Code.fromBucket(bucket, 'canary.zip'), handler: 'index.handler', // must end with '.handler' }), - runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_7, + runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_8, }); ``` @@ -188,7 +188,7 @@ new synthetics.Canary(this, 'Vpc Canary', { code: synthetics.Code.fromAsset(path.join(__dirname, 'canary')), handler: 'index.handler', }), - runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_7, + runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_8, vpc, }); ``` diff --git a/packages/@aws-cdk/aws-synthetics/lib/runtime.ts b/packages/@aws-cdk/aws-synthetics/lib/runtime.ts index f6eefc5e8ddde..5e37368d2f80c 100644 --- a/packages/@aws-cdk/aws-synthetics/lib/runtime.ts +++ b/packages/@aws-cdk/aws-synthetics/lib/runtime.ts @@ -150,10 +150,27 @@ export class Runtime { * - Puppeteer-core version 10.1.0 * - Chromium version 92.0.4512 * + * New Features: + * - **Logging enhancement**: The canary will upload logs to Amazon S3 even if it times out or crashes. + * - **Lambda layer size reduced**: The size of the Lambda layer used for canaries is reduced by 34%. + * * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-3.7 */ public static readonly SYNTHETICS_NODEJS_PUPPETEER_3_7 = new Runtime('syn-nodejs-puppeteer-3.7', RuntimeFamily.NODEJS); + /** + * `syn-nodejs-puppeteer-3.8` includes the following: + * - Lambda runtime Node.js 14.x + * - Puppeteer-core version 10.1.0 + * - Chromium version 92.0.4512 + * + * New Features: + * - **Profile cleanup**: Chromium profiles are now cleaned up after each canary run. + * + * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-3.8 + */ + public static readonly SYNTHETICS_NODEJS_PUPPETEER_3_8 = new Runtime('syn-nodejs-puppeteer-3.8', RuntimeFamily.NODEJS); + /** * `syn-python-selenium-1.0` includes the following: * - Lambda runtime Python 3.8 diff --git a/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/canary-one.assets.json b/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/canary-one.assets.json index ca535da2aecc1..63cb882a1205c 100644 --- a/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/canary-one.assets.json +++ b/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/canary-one.assets.json @@ -27,7 +27,7 @@ } } }, - "38dcc41263b1a009e2d7560d81dee9041f4f7941b66cd73b63df402a6fe3c22d": { + "32cb6cc1550e67ae5e77eb85a64192d2aa44c328b778079b139e3965fb042575": { "source": { "path": "canary-one.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "38dcc41263b1a009e2d7560d81dee9041f4f7941b66cd73b63df402a6fe3c22d.json", + "objectKey": "32cb6cc1550e67ae5e77eb85a64192d2aa44c328b778079b139e3965fb042575.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/canary-one.template.json b/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/canary-one.template.json index c4a1a1232eeb4..04fff7008b44f 100644 --- a/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/canary-one.template.json +++ b/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/canary-one.template.json @@ -925,6 +925,203 @@ "StartCanaryAfterCreation": true } }, + "MyCanaryRuntime38ArtifactsBucket66BD74F0": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "aws:kms" + } + } + ] + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "MyCanaryRuntime38ArtifactsBucketPolicy9D7ABC32": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "MyCanaryRuntime38ArtifactsBucket66BD74F0" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "MyCanaryRuntime38ArtifactsBucket66BD74F0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyCanaryRuntime38ArtifactsBucket66BD74F0", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "MyCanaryRuntime38ServiceRole9FE5290C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:ListAllMyBuckets", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetBucketLocation", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MyCanaryRuntime38ArtifactsBucket66BD74F0", + "Arn" + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyCanaryRuntime38ArtifactsBucket66BD74F0", + "Arn" + ] + }, + "/*" + ] + ] + } + }, + { + "Action": "cloudwatch:PutMetricData", + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "CloudWatchSynthetics" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/cwsyn-*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "canaryPolicy" + } + ] + } + }, + "MyCanaryRuntime388C091D7C": { + "Type": "AWS::Synthetics::Canary", + "Properties": { + "ArtifactS3Location": { + "Fn::Join": [ + "", + [ + "s3://", + { + "Ref": "MyCanaryRuntime38ArtifactsBucket66BD74F0" + } + ] + ] + }, + "Code": { + "Handler": "canary.handler", + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "b1b777dcb79a2fa2790059927207d10bf5f4747d6dd1516e2780726d9d6fa820.zip" + }, + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "MyCanaryRuntime38ServiceRole9FE5290C", + "Arn" + ] + }, + "Name": "assetcanary-five", + "RuntimeVersion": "syn-nodejs-puppeteer-3.8", + "Schedule": { + "DurationInSeconds": "0", + "Expression": "rate(5 minutes)" + }, + "StartCanaryAfterCreation": true + } + }, "MyPythonCanaryArtifactsBucket7AE88133": { "Type": "AWS::S3::Bucket", "Properties": { diff --git a/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/manifest.json index 346dbfd1f3265..1046b3ff32e7a 100644 --- a/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/manifest.json @@ -23,7 +23,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/38dcc41263b1a009e2d7560d81dee9041f4f7941b66cd73b63df402a6fe3c22d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/32cb6cc1550e67ae5e77eb85a64192d2aa44c328b778079b139e3965fb042575.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -153,6 +153,30 @@ "data": "MyCanaryFour15095F40" } ], + "/canary-one/MyCanaryRuntime38/ArtifactsBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyCanaryRuntime38ArtifactsBucket66BD74F0" + } + ], + "/canary-one/MyCanaryRuntime38/ArtifactsBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyCanaryRuntime38ArtifactsBucketPolicy9D7ABC32" + } + ], + "/canary-one/MyCanaryRuntime38/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyCanaryRuntime38ServiceRole9FE5290C" + } + ], + "/canary-one/MyCanaryRuntime38/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyCanaryRuntime388C091D7C" + } + ], "/canary-one/MyPythonCanary/ArtifactsBucket/Resource": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/tree.json b/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/tree.json index 688b06c0583c7..cb9fa9d58d965 100644 --- a/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-synthetics/test/canary.integ.snapshot/tree.json @@ -1378,6 +1378,299 @@ "version": "0.0.0" } }, + "MyCanaryRuntime38": { + "id": "MyCanaryRuntime38", + "path": "canary-one/MyCanaryRuntime38", + "children": { + "ArtifactsBucket": { + "id": "ArtifactsBucket", + "path": "canary-one/MyCanaryRuntime38/ArtifactsBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "canary-one/MyCanaryRuntime38/ArtifactsBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "aws:kms" + } + } + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "canary-one/MyCanaryRuntime38/ArtifactsBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "canary-one/MyCanaryRuntime38/ArtifactsBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "MyCanaryRuntime38ArtifactsBucket66BD74F0" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "MyCanaryRuntime38ArtifactsBucket66BD74F0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyCanaryRuntime38ArtifactsBucket66BD74F0", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.Bucket", + "version": "0.0.0" + } + }, + "ServiceRole": { + "id": "ServiceRole", + "path": "canary-one/MyCanaryRuntime38/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "canary-one/MyCanaryRuntime38/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "policies": [ + { + "policyName": "canaryPolicy", + "policyDocument": { + "Statement": [ + { + "Action": "s3:ListAllMyBuckets", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetBucketLocation", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MyCanaryRuntime38ArtifactsBucket66BD74F0", + "Arn" + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyCanaryRuntime38ArtifactsBucket66BD74F0", + "Arn" + ] + }, + "/*" + ] + ] + } + }, + { + "Action": "cloudwatch:PutMetricData", + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "CloudWatchSynthetics" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/cwsyn-*" + ] + ] + } + } + ], + "Version": "2012-10-17" + } + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "canary-one/MyCanaryRuntime38/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "canary-one/MyCanaryRuntime38/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "canary-one/MyCanaryRuntime38/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "canary-one/MyCanaryRuntime38/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Synthetics::Canary", + "aws:cdk:cloudformation:props": { + "artifactS3Location": { + "Fn::Join": [ + "", + [ + "s3://", + { + "Ref": "MyCanaryRuntime38ArtifactsBucket66BD74F0" + } + ] + ] + }, + "code": { + "handler": "canary.handler", + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "b1b777dcb79a2fa2790059927207d10bf5f4747d6dd1516e2780726d9d6fa820.zip" + }, + "executionRoleArn": { + "Fn::GetAtt": [ + "MyCanaryRuntime38ServiceRole9FE5290C", + "Arn" + ] + }, + "name": "assetcanary-five", + "runtimeVersion": "syn-nodejs-puppeteer-3.8", + "schedule": { + "durationInSeconds": "0", + "expression": "rate(5 minutes)" + }, + "startCanaryAfterCreation": true + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-synthetics.CfnCanary", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-synthetics.Canary", + "version": "0.0.0" + } + }, "MyPythonCanary": { "id": "MyPythonCanary", "path": "canary-one/MyPythonCanary", diff --git a/packages/@aws-cdk/aws-synthetics/test/integ.canary.ts b/packages/@aws-cdk/aws-synthetics/test/integ.canary.ts index c4dde679acde3..bd5963acf77e6 100644 --- a/packages/@aws-cdk/aws-synthetics/test/integ.canary.ts +++ b/packages/@aws-cdk/aws-synthetics/test/integ.canary.ts @@ -70,6 +70,15 @@ new synthetics.Canary(stack, 'MyCanaryFour', { runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_7, }); +new synthetics.Canary(stack, 'MyCanaryRuntime38', { + canaryName: 'assetcanary-five', + test: synthetics.Test.custom({ + handler: 'canary.handler', + code: synthetics.Code.fromAsset(path.join(__dirname, 'canary.zip')), + }), + runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_8, +}); + new synthetics.Canary(stack, 'MyPythonCanary', { canaryName: 'py-canary-integ', test: synthetics.Test.custom({