diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestDefaultTestDeployAssertB8AA280E.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestDefaultTestDeployAssertB8AA280E.assets.json new file mode 100644 index 0000000000000..5a407d062b58e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestDefaultTestDeployAssertB8AA280E.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "MyTestDefaultTestDeployAssertB8AA280E.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestDefaultTestDeployAssertB8AA280E.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestDefaultTestDeployAssertB8AA280E.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestDefaultTestDeployAssertB8AA280E.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestStack.assets.json new file mode 100644 index 0000000000000..fb427a5b9c20a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestStack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "a25a4f1a41d39c58512c39095bc8123af135549e7725115f685dd0ea3cd1b1c6": { + "source": { + "path": "MyTestStack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "a25a4f1a41d39c58512c39095bc8123af135549e7725115f685dd0ea3cd1b1c6.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestStack.template.json new file mode 100644 index 0000000000000..bb2ed1f1a2dae --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/MyTestStack.template.json @@ -0,0 +1,236 @@ +{ + "Resources": { + "DistB3B78991": { + "Type": "AWS::CloudFront::Distribution", + "Properties": { + "DistributionConfig": { + "DefaultCacheBehavior": { + "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", + "Compress": true, + "TargetOriginId": "MyTestStackDistOrigin1CBA48A7B", + "ViewerProtocolPolicy": "allow-all" + }, + "Enabled": true, + "HttpVersion": "http2", + "IPV6Enabled": true, + "Origins": [ + { + "CustomOriginConfig": { + "OriginProtocolPolicy": "https-only" + }, + "DomainName": "www.example.com", + "Id": "MyTestStackDistOrigin1CBA48A7B" + } + ] + } + } + }, + "DistMonitoringSubscriptionDD7607C2": { + "Type": "AWS::CloudFront::MonitoringSubscription", + "Properties": { + "DistributionId": { + "Ref": "DistB3B78991" + }, + "MonitoringSubscription": { + "RealtimeMetricsSubscriptionConfig": { + "RealtimeMetricsSubscriptionStatus": "Enabled" + } + } + } + }, + "Alarm1F9009D71": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanThreshold", + "Dimensions": [ + { + "Name": "DistributionId", + "Value": { + "Ref": "DistB3B78991" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "OriginLatency", + "Namespace": "AWS/CloudFront", + "Period": 300, + "Statistic": "Average", + "Threshold": 1 + } + }, + "Alarm2A7122E13": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanThreshold", + "Dimensions": [ + { + "Name": "DistributionId", + "Value": { + "Ref": "DistB3B78991" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "CacheHitRate", + "Namespace": "AWS/CloudFront", + "Period": 300, + "Statistic": "Average", + "Threshold": 1 + } + }, + "Alarm32341D8D9": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanThreshold", + "Dimensions": [ + { + "Name": "DistributionId", + "Value": { + "Ref": "DistB3B78991" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "401ErrorRate", + "Namespace": "AWS/CloudFront", + "Period": 300, + "Statistic": "Average", + "Threshold": 1 + } + }, + "Alarm4671832C8": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanThreshold", + "Dimensions": [ + { + "Name": "DistributionId", + "Value": { + "Ref": "DistB3B78991" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "403ErrorRate", + "Namespace": "AWS/CloudFront", + "Period": 300, + "Statistic": "Average", + "Threshold": 1 + } + }, + "Alarm548383B2F": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanThreshold", + "Dimensions": [ + { + "Name": "DistributionId", + "Value": { + "Ref": "DistB3B78991" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "404ErrorRate", + "Namespace": "AWS/CloudFront", + "Period": 300, + "Statistic": "Average", + "Threshold": 1 + } + }, + "Alarm65738D89F": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanThreshold", + "Dimensions": [ + { + "Name": "DistributionId", + "Value": { + "Ref": "DistB3B78991" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "502ErrorRate", + "Namespace": "AWS/CloudFront", + "Period": 300, + "Statistic": "Average", + "Threshold": 1 + } + }, + "Alarm77B1024B6": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanThreshold", + "Dimensions": [ + { + "Name": "DistributionId", + "Value": { + "Ref": "DistB3B78991" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "503ErrorRate", + "Namespace": "AWS/CloudFront", + "Period": 300, + "Statistic": "Average", + "Threshold": 1 + } + }, + "Alarm8AEE8034F": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "ComparisonOperator": "GreaterThanThreshold", + "Dimensions": [ + { + "Name": "DistributionId", + "Value": { + "Ref": "DistB3B78991" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "504ErrorRate", + "Namespace": "AWS/CloudFront", + "Period": 300, + "Statistic": "Average", + "Threshold": 1 + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/integ.json new file mode 100644 index 0000000000000..50b188c9d1840 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "MyTest/DefaultTest": { + "stacks": [ + "MyTestStack" + ], + "assertionStack": "MyTest/DefaultTest/DeployAssert", + "assertionStackName": "MyTestDefaultTestDeployAssertB8AA280E" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/manifest.json new file mode 100644 index 0000000000000..8c52583d3ef1c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/manifest.json @@ -0,0 +1,167 @@ +{ + "version": "36.0.0", + "artifacts": { + "MyTestStack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "MyTestStack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "MyTestStack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "MyTestStack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a25a4f1a41d39c58512c39095bc8123af135549e7725115f685dd0ea3cd1b1c6.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "MyTestStack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "MyTestStack.assets" + ], + "metadata": { + "/MyTestStack/Dist/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DistB3B78991" + } + ], + "/MyTestStack/Dist/MonitoringSubscription": [ + { + "type": "aws:cdk:logicalId", + "data": "DistMonitoringSubscriptionDD7607C2" + } + ], + "/MyTestStack/Alarm1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Alarm1F9009D71" + } + ], + "/MyTestStack/Alarm2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Alarm2A7122E13" + } + ], + "/MyTestStack/Alarm3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Alarm32341D8D9" + } + ], + "/MyTestStack/Alarm4/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Alarm4671832C8" + } + ], + "/MyTestStack/Alarm5/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Alarm548383B2F" + } + ], + "/MyTestStack/Alarm6/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Alarm65738D89F" + } + ], + "/MyTestStack/Alarm7/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Alarm77B1024B6" + } + ], + "/MyTestStack/Alarm8/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Alarm8AEE8034F" + } + ], + "/MyTestStack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/MyTestStack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "MyTestStack" + }, + "MyTestDefaultTestDeployAssertB8AA280E.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "MyTestDefaultTestDeployAssertB8AA280E.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "MyTestDefaultTestDeployAssertB8AA280E": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "MyTestDefaultTestDeployAssertB8AA280E.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "MyTestDefaultTestDeployAssertB8AA280E.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "MyTestDefaultTestDeployAssertB8AA280E.assets" + ], + "metadata": { + "/MyTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/MyTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "MyTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/tree.json new file mode 100644 index 0000000000000..61703754ffd8c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.js.snapshot/tree.json @@ -0,0 +1,478 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "MyTestStack": { + "id": "MyTestStack", + "path": "MyTestStack", + "children": { + "Dist": { + "id": "Dist", + "path": "MyTestStack/Dist", + "children": { + "Origin1": { + "id": "Origin1", + "path": "MyTestStack/Dist/Origin1", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "MyTestStack/Dist/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudFront::Distribution", + "aws:cdk:cloudformation:props": { + "distributionConfig": { + "enabled": true, + "origins": [ + { + "domainName": "www.example.com", + "id": "MyTestStackDistOrigin1CBA48A7B", + "customOriginConfig": { + "originProtocolPolicy": "https-only" + } + } + ], + "defaultCacheBehavior": { + "pathPattern": "*", + "targetOriginId": "MyTestStackDistOrigin1CBA48A7B", + "cachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", + "compress": true, + "viewerProtocolPolicy": "allow-all" + }, + "httpVersion": "http2", + "ipv6Enabled": true + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudfront.CfnDistribution", + "version": "0.0.0" + } + }, + "MonitoringSubscription": { + "id": "MonitoringSubscription", + "path": "MyTestStack/Dist/MonitoringSubscription", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudFront::MonitoringSubscription", + "aws:cdk:cloudformation:props": { + "distributionId": { + "Ref": "DistB3B78991" + }, + "monitoringSubscription": { + "realtimeMetricsSubscriptionConfig": { + "realtimeMetricsSubscriptionStatus": "Enabled" + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudfront.CfnMonitoringSubscription", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudfront.Distribution", + "version": "0.0.0" + } + }, + "Alarm1": { + "id": "Alarm1", + "path": "MyTestStack/Alarm1", + "children": { + "Resource": { + "id": "Resource", + "path": "MyTestStack/Alarm1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanThreshold", + "dimensions": [ + { + "name": "DistributionId", + "value": { + "Ref": "DistB3B78991" + } + } + ], + "evaluationPeriods": 1, + "metricName": "OriginLatency", + "namespace": "AWS/CloudFront", + "period": 300, + "statistic": "Average", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "Alarm2": { + "id": "Alarm2", + "path": "MyTestStack/Alarm2", + "children": { + "Resource": { + "id": "Resource", + "path": "MyTestStack/Alarm2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanThreshold", + "dimensions": [ + { + "name": "DistributionId", + "value": { + "Ref": "DistB3B78991" + } + } + ], + "evaluationPeriods": 1, + "metricName": "CacheHitRate", + "namespace": "AWS/CloudFront", + "period": 300, + "statistic": "Average", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "Alarm3": { + "id": "Alarm3", + "path": "MyTestStack/Alarm3", + "children": { + "Resource": { + "id": "Resource", + "path": "MyTestStack/Alarm3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanThreshold", + "dimensions": [ + { + "name": "DistributionId", + "value": { + "Ref": "DistB3B78991" + } + } + ], + "evaluationPeriods": 1, + "metricName": "401ErrorRate", + "namespace": "AWS/CloudFront", + "period": 300, + "statistic": "Average", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "Alarm4": { + "id": "Alarm4", + "path": "MyTestStack/Alarm4", + "children": { + "Resource": { + "id": "Resource", + "path": "MyTestStack/Alarm4/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanThreshold", + "dimensions": [ + { + "name": "DistributionId", + "value": { + "Ref": "DistB3B78991" + } + } + ], + "evaluationPeriods": 1, + "metricName": "403ErrorRate", + "namespace": "AWS/CloudFront", + "period": 300, + "statistic": "Average", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "Alarm5": { + "id": "Alarm5", + "path": "MyTestStack/Alarm5", + "children": { + "Resource": { + "id": "Resource", + "path": "MyTestStack/Alarm5/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanThreshold", + "dimensions": [ + { + "name": "DistributionId", + "value": { + "Ref": "DistB3B78991" + } + } + ], + "evaluationPeriods": 1, + "metricName": "404ErrorRate", + "namespace": "AWS/CloudFront", + "period": 300, + "statistic": "Average", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "Alarm6": { + "id": "Alarm6", + "path": "MyTestStack/Alarm6", + "children": { + "Resource": { + "id": "Resource", + "path": "MyTestStack/Alarm6/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanThreshold", + "dimensions": [ + { + "name": "DistributionId", + "value": { + "Ref": "DistB3B78991" + } + } + ], + "evaluationPeriods": 1, + "metricName": "502ErrorRate", + "namespace": "AWS/CloudFront", + "period": 300, + "statistic": "Average", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "Alarm7": { + "id": "Alarm7", + "path": "MyTestStack/Alarm7", + "children": { + "Resource": { + "id": "Resource", + "path": "MyTestStack/Alarm7/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanThreshold", + "dimensions": [ + { + "name": "DistributionId", + "value": { + "Ref": "DistB3B78991" + } + } + ], + "evaluationPeriods": 1, + "metricName": "503ErrorRate", + "namespace": "AWS/CloudFront", + "period": 300, + "statistic": "Average", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "Alarm8": { + "id": "Alarm8", + "path": "MyTestStack/Alarm8", + "children": { + "Resource": { + "id": "Resource", + "path": "MyTestStack/Alarm8/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "comparisonOperator": "GreaterThanThreshold", + "dimensions": [ + { + "name": "DistributionId", + "value": { + "Ref": "DistB3B78991" + } + } + ], + "evaluationPeriods": 1, + "metricName": "504ErrorRate", + "namespace": "AWS/CloudFront", + "period": 300, + "statistic": "Average", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "MyTestStack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "MyTestStack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "MyTest": { + "id": "MyTest", + "path": "MyTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "MyTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "MyTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "MyTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "MyTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "MyTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.ts new file mode 100644 index 0000000000000..0bbe24007c94d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-additional-metrics.ts @@ -0,0 +1,44 @@ +import * as cdk from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import { TestOrigin } from './test-origin'; +import * as cloudfront from 'aws-cdk-lib/aws-cloudfront'; +import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +class DistributionMetricsTestStack extends cdk.Stack { + constructor(scope: Construct, id: string, props?: cdk.StackProps) { + super(scope, id, props); + + // CloudFront distribution setup + const distribution = new cloudfront.Distribution(this, 'Dist', { + defaultBehavior: { origin: new TestOrigin('www.example.com') }, + publishAdditionalMetrics: true, + }); + + // Utility function to create alarms + const createAlarm = (alarmName: string, metric: cloudwatch.Metric) => { + return new cloudwatch.Alarm(this, alarmName, { + evaluationPeriods: 1, + threshold: 1, + comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD, + metric: metric, + }); + }; + + createAlarm('Alarm1', distribution.metricOriginLatency()); + createAlarm('Alarm2', distribution.metricCacheHitRate()); + createAlarm('Alarm3', distribution.metric401ErrorRate()); + createAlarm('Alarm4', distribution.metric403ErrorRate()); + createAlarm('Alarm5', distribution.metric404ErrorRate()); + createAlarm('Alarm6', distribution.metric502ErrorRate()); + createAlarm('Alarm7', distribution.metric503ErrorRate()); + createAlarm('Alarm8', distribution.metric504ErrorRate()); + } +} + +const app = new cdk.App(); +const stack = new DistributionMetricsTestStack(app, 'MyTestStack'); + +new IntegTest(app, 'MyTest', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json index be93d83fbc681..87aa673a6026d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json @@ -1,7 +1,7 @@ { - "version": "35.0.0", + "version": "36.0.0", "files": { - "938b3109faa6eac41e1d4a7b5d76197a74908e45302636596d841968426d6321": { + "994f5c55a476da40df81f2f7a742118ee54549be6e75cfa22d25171f36360de6": { "source": { "path": "aws-cdk-rds-proxy.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "938b3109faa6eac41e1d4a7b5d76197a74908e45302636596d841968426d6321.json", + "objectKey": "994f5c55a476da40df81f2f7a742118ee54549be6e75cfa22d25171f36360de6.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json index 21aa37f0796d9..3fb1ddf7e4fdf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json @@ -391,6 +391,116 @@ } } }, + "SecretEncryptionKey40C82244": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": "kms:Decrypt", + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, "dbInstanceSubnetGroupD062EC9E": { "Type": "AWS::RDS::DBSubnetGroup", "Properties": { @@ -471,6 +581,12 @@ "GenerateStringKey": "password", "PasswordLength": 30, "SecretStringTemplate": "{\"username\":\"master\"}" + }, + "KmsKeyId": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] } }, "UpdateReplacePolicy": "Delete", @@ -567,6 +683,16 @@ "Resource": { "Ref": "dbInstanceSecretAttachment88CFBDAE" } + }, + { + "Action": "kms:Decrypt", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] + } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out index c5cb2e5de6344..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"35.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json index c1fc7e45b88a1..a2b39265333af 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json @@ -1,5 +1,5 @@ { - "version": "35.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json index 45dc395b13d22..5edeed336de2c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "35.0.0", + "version": "36.0.0", "testCases": { "database-proxy-integ-test/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json index 579b5da69d673..c829d0d008eac 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "35.0.0", + "version": "36.0.0", "artifacts": { "aws-cdk-rds-proxy.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/938b3109faa6eac41e1d4a7b5d76197a74908e45302636596d841968426d6321.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/994f5c55a476da40df81f2f7a742118ee54549be6e75cfa22d25171f36360de6.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -172,6 +172,12 @@ "data": "vpcVPCGW7984C166" } ], + "/aws-cdk-rds-proxy/SecretEncryptionKey/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "SecretEncryptionKey40C82244" + } + ], "/aws-cdk-rds-proxy/dbInstance/SubnetGroup/Default": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json index d9e55b3be753c..a7918f614ed2d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json @@ -651,6 +651,132 @@ "version": "0.0.0" } }, + "SecretEncryptionKey": { + "id": "SecretEncryptionKey", + "path": "aws-cdk-rds-proxy/SecretEncryptionKey", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/SecretEncryptionKey/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": "kms:Decrypt", + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, "dbInstance": { "id": "dbInstance", "path": "aws-cdk-rds-proxy/dbInstance", @@ -786,6 +912,12 @@ "secretStringTemplate": "{\"username\":\"master\"}", "generateStringKey": "password", "excludeCharacters": "\"@/\\" + }, + "kmsKeyId": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] } } }, @@ -952,6 +1084,16 @@ "Resource": { "Ref": "dbInstanceSecretAttachment88CFBDAE" } + }, + { + "Action": "kms:Decrypt", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] + } } ], "Version": "2012-10-17" @@ -1024,6 +1166,7 @@ "auth": [ { "authScheme": "SECRETS", + "clientPasswordAuthType": "POSTGRES_SCRAM_SHA_256", "iamAuth": "DISABLED", "secretArn": { "Ref": "dbInstanceSecretAttachment88CFBDAE" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts index f293338ee941e..2af1af8022492 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts @@ -2,12 +2,14 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2'; import * as cdk from 'aws-cdk-lib'; import { RemovalPolicy } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as kms from 'aws-cdk-lib/aws-kms'; import * as rds from 'aws-cdk-lib/aws-rds'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-cdk-rds-proxy'); const vpc = new ec2.Vpc(stack, 'vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); +const kmsKey = new kms.Key(stack, 'SecretEncryptionKey'); const dbInstance = new rds.DatabaseInstance(stack, 'dbInstance', { engine: rds.DatabaseInstanceEngine.postgres({ @@ -15,6 +17,7 @@ const dbInstance = new rds.DatabaseInstance(stack, 'dbInstance', { }), instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM), credentials: rds.Credentials.fromUsername('master', { + encryptionKey: kmsKey, excludeCharacters: '"@/\\', }), vpc, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/aws-cdk-s3-access-logs.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/aws-cdk-s3-access-logs.assets.json index 9c6efb372abf0..710c7bc9c332b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/aws-cdk-s3-access-logs.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/aws-cdk-s3-access-logs.assets.json @@ -1,7 +1,7 @@ { - "version": "30.1.0", + "version": "36.0.0", "files": { - "f58a2b25314952a1a5a6b42c6b9092caf2710430af09ba4f5d807e60f2fd3542": { + "680224db1786deb417c994d38f450f115dd410266ba1ffc919b54991e5a73e4a": { "source": { "path": "aws-cdk-s3-access-logs.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f58a2b25314952a1a5a6b42c6b9092caf2710430af09ba4f5d807e60f2fd3542.json", + "objectKey": "680224db1786deb417c994d38f450f115dd410266ba1ffc919b54991e5a73e4a.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/aws-cdk-s3-access-logs.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/aws-cdk-s3-access-logs.template.json index 532e9c171c422..35aad51534a6e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/aws-cdk-s3-access-logs.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/aws-cdk-s3-access-logs.template.json @@ -48,6 +48,150 @@ ] ] } + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "MyBucket26E0C3623", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyAccessLogsBucketF7FE6635", + "Arn" + ] + }, + "/example2*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "MyBucket3CC4F8735", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyAccessLogsBucketF7FE6635", + "Arn" + ] + }, + "/example3*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "MyBucket43E0A113B", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyAccessLogsBucketF7FE6635", + "Arn" + ] + }, + "/example4*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "MyBucket53983D51A", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyAccessLogsBucketF7FE6635", + "Arn" + ] + }, + "/example5*" + ] + ] + } } ], "Version": "2012-10-17" @@ -66,6 +210,74 @@ }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" + }, + "MyBucket26E0C3623": { + "Type": "AWS::S3::Bucket", + "Properties": { + "LoggingConfiguration": { + "DestinationBucketName": { + "Ref": "MyAccessLogsBucketF7FE6635" + }, + "LogFilePrefix": "example2", + "TargetObjectKeyFormat": { + "SimplePrefix": {} + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MyBucket3CC4F8735": { + "Type": "AWS::S3::Bucket", + "Properties": { + "LoggingConfiguration": { + "DestinationBucketName": { + "Ref": "MyAccessLogsBucketF7FE6635" + }, + "LogFilePrefix": "example3", + "TargetObjectKeyFormat": { + "PartitionedPrefix": { + "PartitionDateSource": "EventTime" + } + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MyBucket43E0A113B": { + "Type": "AWS::S3::Bucket", + "Properties": { + "LoggingConfiguration": { + "DestinationBucketName": { + "Ref": "MyAccessLogsBucketF7FE6635" + }, + "LogFilePrefix": "example4", + "TargetObjectKeyFormat": { + "PartitionedPrefix": { + "PartitionDateSource": "DeliveryTime" + } + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MyBucket53983D51A": { + "Type": "AWS::S3::Bucket", + "Properties": { + "LoggingConfiguration": { + "DestinationBucketName": { + "Ref": "MyAccessLogsBucketF7FE6635" + }, + "LogFilePrefix": "example5", + "TargetObjectKeyFormat": { + "PartitionedPrefix": {} + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Parameters": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/cdk.out index b72fef144f05c..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"30.1.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/cdkintegs3accesslogsDefaultTestDeployAssert37A16466.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/cdkintegs3accesslogsDefaultTestDeployAssert37A16466.assets.json index 44d48a4bd52ea..2af6ed5d8020a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/cdkintegs3accesslogsDefaultTestDeployAssert37A16466.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/cdkintegs3accesslogsDefaultTestDeployAssert37A16466.assets.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/integ.json index db07e940c872b..77b2ab1a83688 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "36.0.0", "testCases": { "cdk-integ-s3-access-logs/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/manifest.json index f8bde1cb1a252..52a79daade82a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "36.0.0", "artifacts": { "aws-cdk-s3-access-logs.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-cdk-s3-access-logs.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f58a2b25314952a1a5a6b42c6b9092caf2710430af09ba4f5d807e60f2fd3542.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/680224db1786deb417c994d38f450f115dd410266ba1ffc919b54991e5a73e4a.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -51,6 +52,30 @@ "data": "MyBucketF68F3FF0" } ], + "/aws-cdk-s3-access-logs/MyBucket2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyBucket26E0C3623" + } + ], + "/aws-cdk-s3-access-logs/MyBucket3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyBucket3CC4F8735" + } + ], + "/aws-cdk-s3-access-logs/MyBucket4/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyBucket43E0A113B" + } + ], + "/aws-cdk-s3-access-logs/MyBucket5/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyBucket53983D51A" + } + ], "/aws-cdk-s3-access-logs/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -79,6 +104,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "cdkintegs3accesslogsDefaultTestDeployAssert37A16466.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/tree.json index dc67221905049..2368702adab26 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.js.snapshot/tree.json @@ -20,7 +20,7 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "0.0.0" } }, @@ -74,6 +74,150 @@ ] ] } + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "MyBucket26E0C3623", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyAccessLogsBucketF7FE6635", + "Arn" + ] + }, + "/example2*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "MyBucket3CC4F8735", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyAccessLogsBucketF7FE6635", + "Arn" + ] + }, + "/example3*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "MyBucket43E0A113B", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyAccessLogsBucketF7FE6635", + "Arn" + ] + }, + "/example4*" + ] + ] + } + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "MyBucket53983D51A", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyAccessLogsBucketF7FE6635", + "Arn" + ] + }, + "/example5*" + ] + ] + } } ], "Version": "2012-10-17" @@ -81,19 +225,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucketPolicy", + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.BucketPolicy", + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", + "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "0.0.0" } }, @@ -116,13 +260,145 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "MyBucket2": { + "id": "MyBucket2", + "path": "aws-cdk-s3-access-logs/MyBucket2", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-access-logs/MyBucket2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "loggingConfiguration": { + "destinationBucketName": { + "Ref": "MyAccessLogsBucketF7FE6635" + }, + "logFilePrefix": "example2", + "targetObjectKeyFormat": { + "simplePrefix": {} + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "MyBucket3": { + "id": "MyBucket3", + "path": "aws-cdk-s3-access-logs/MyBucket3", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-access-logs/MyBucket3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "loggingConfiguration": { + "destinationBucketName": { + "Ref": "MyAccessLogsBucketF7FE6635" + }, + "logFilePrefix": "example3", + "targetObjectKeyFormat": { + "partitionedPrefix": { + "partitionDateSource": "EventTime" + } + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "MyBucket4": { + "id": "MyBucket4", + "path": "aws-cdk-s3-access-logs/MyBucket4", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-access-logs/MyBucket4/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "loggingConfiguration": { + "destinationBucketName": { + "Ref": "MyAccessLogsBucketF7FE6635" + }, + "logFilePrefix": "example4", + "targetObjectKeyFormat": { + "partitionedPrefix": { + "partitionDateSource": "DeliveryTime" + } + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "MyBucket5": { + "id": "MyBucket5", + "path": "aws-cdk-s3-access-logs/MyBucket5", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-access-logs/MyBucket5/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "loggingConfiguration": { + "destinationBucketName": { + "Ref": "MyAccessLogsBucketF7FE6635" + }, + "logFilePrefix": "example5", + "targetObjectKeyFormat": { + "partitionedPrefix": {} + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", + "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "0.0.0" } }, @@ -130,7 +406,7 @@ "id": "BootstrapVersion", "path": "aws-cdk-s3-access-logs/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -138,13 +414,13 @@ "id": "CheckBootstrapVersion", "path": "aws-cdk-s3-access-logs/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } }, @@ -161,7 +437,7 @@ "path": "cdk-integ-s3-access-logs/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.252" + "version": "10.3.0" } }, "DeployAssert": { @@ -172,7 +448,7 @@ "id": "BootstrapVersion", "path": "cdk-integ-s3-access-logs/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -180,25 +456,25 @@ "id": "CheckBootstrapVersion", "path": "cdk-integ-s3-access-logs/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTest", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", "version": "0.0.0" } }, @@ -207,12 +483,12 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.252" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.App", + "fqn": "aws-cdk-lib.App", "version": "0.0.0" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.ts index 105eac7716fc0..6aca1b8ac4f66 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.server-access-logs.ts @@ -17,6 +17,34 @@ new s3.Bucket(stack, 'MyBucket', { removalPolicy: cdk.RemovalPolicy.DESTROY, }); +new s3.Bucket(stack, 'MyBucket2', { + serverAccessLogsBucket: accessLogBucket, + serverAccessLogsPrefix: 'example2', + targetObjectKeyFormat: s3.TargetObjectKeyFormat.simplePrefix(), + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +new s3.Bucket(stack, 'MyBucket3', { + serverAccessLogsBucket: accessLogBucket, + serverAccessLogsPrefix: 'example3', + targetObjectKeyFormat: s3.TargetObjectKeyFormat.partitionedPrefix(s3.PartitionDateSource.EVENT_TIME), + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +new s3.Bucket(stack, 'MyBucket4', { + serverAccessLogsBucket: accessLogBucket, + serverAccessLogsPrefix: 'example4', + targetObjectKeyFormat: s3.TargetObjectKeyFormat.partitionedPrefix(s3.PartitionDateSource.DELIVERY_TIME), + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +new s3.Bucket(stack, 'MyBucket5', { + serverAccessLogsBucket: accessLogBucket, + serverAccessLogsPrefix: 'example5', + targetObjectKeyFormat: s3.TargetObjectKeyFormat.partitionedPrefix(), + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + new IntegTest(app, 'cdk-integ-s3-access-logs', { testCases: [stack], -}); \ No newline at end of file +}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/aws-cdk-sns-lambda.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/aws-cdk-sns-lambda.assets.json index 332534b7ffa25..acc1b5ecd0363 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/aws-cdk-sns-lambda.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/aws-cdk-sns-lambda.assets.json @@ -1,7 +1,7 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { - "84decb7b7b95d94a486822637e6a08fe80a790b29dabe379981a00db167cbb19": { + "369a260069af1392144b0da8ddcee39bd20a7475ff7d6edb4def34bdf5bbb3e3": { "source": { "path": "aws-cdk-sns-lambda.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "84decb7b7b95d94a486822637e6a08fe80a790b29dabe379981a00db167cbb19.json", + "objectKey": "369a260069af1392144b0da8ddcee39bd20a7475ff7d6edb4def34bdf5bbb3e3.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/aws-cdk-sns-lambda.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/aws-cdk-sns-lambda.template.json index 09d741583f852..f93ff86cb27ed 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/aws-cdk-sns-lambda.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/aws-cdk-sns-lambda.template.json @@ -215,6 +215,12 @@ }, { "prefix": "ye" + }, + { + "suffix": "ue" + }, + { + "suffix": "ow" } ], "size": [ @@ -326,6 +332,12 @@ }, { "prefix": "ye" + }, + { + "suffix": "ue" + }, + { + "suffix": "ow" } ] } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/cdk.out index 2313ab5436501..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"34.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/integ.json index a3a067f056f7d..e2eb612daba55 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "testCases": { "integ.sns-lambda": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/manifest.json index 31054ad438fca..23bb591eec4cc 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "artifacts": { "aws-cdk-sns-lambda.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-cdk-sns-lambda.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/84decb7b7b95d94a486822637e6a08fe80a790b29dabe379981a00db167cbb19.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/369a260069af1392144b0da8ddcee39bd20a7475ff7d6edb4def34bdf5bbb3e3.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/tree.json index 86180d2f54ebe..1d30a4bd7072e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/tree.json @@ -20,14 +20,14 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sns.CfnTopic", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sns.Topic", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Echo": { @@ -42,8 +42,8 @@ "id": "ImportServiceRole", "path": "aws-cdk-sns-lambda/Echo/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -81,14 +81,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -111,8 +111,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "AllowInvoke:awscdksnslambdaMyTopic6C62AB90": { @@ -135,8 +135,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "MyTopic": { @@ -170,20 +170,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sns.CfnSubscription", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sns.Subscription", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DeadLetterQueue": { @@ -198,8 +198,8 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sqs.CfnQueue", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Policy": { @@ -245,20 +245,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sqs.CfnQueuePolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sqs.QueuePolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sqs.Queue", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Filtered": { @@ -273,8 +273,8 @@ "id": "ImportServiceRole", "path": "aws-cdk-sns-lambda/Filtered/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -312,14 +312,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -342,8 +342,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "AllowInvoke:awscdksnslambdaMyTopic6C62AB90": { @@ -366,8 +366,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "MyTopic": { @@ -394,6 +394,12 @@ }, { "prefix": "ye" + }, + { + "suffix": "ue" + }, + { + "suffix": "ow" } ], "size": [ @@ -422,20 +428,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sns.CfnSubscription", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sns.Subscription", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "FilteredMessageBody": { @@ -450,8 +456,8 @@ "id": "ImportServiceRole", "path": "aws-cdk-sns-lambda/FilteredMessageBody/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -489,14 +495,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -519,8 +525,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "AllowInvoke:awscdksnslambdaMyTopic6C62AB90": { @@ -543,8 +549,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "MyTopic": { @@ -572,6 +578,12 @@ }, { "prefix": "ye" + }, + { + "suffix": "ue" + }, + { + "suffix": "ow" } ] } @@ -584,42 +596,42 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sns.CfnSubscription", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sns.Subscription", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-sns-lambda/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-cdk-sns-lambda/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Tree": { @@ -627,13 +639,13 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.ts index 0ecee019467de..6fb8c935f755f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.ts @@ -32,6 +32,7 @@ class SnsToLambda extends cdk.Stack { color: sns.SubscriptionFilter.stringFilter({ allowlist: ['red'], matchPrefixes: ['bl', 'ye'], + matchSuffixes: ['ue', 'ow'], }), size: sns.SubscriptionFilter.stringFilter({ denylist: ['small', 'medium'], @@ -54,6 +55,7 @@ class SnsToLambda extends cdk.Stack { color: sns.FilterOrPolicy.filter(sns.SubscriptionFilter.stringFilter({ allowlist: ['red'], matchPrefixes: ['bl', 'ye'], + matchSuffixes: ['ue', 'ow'], })), }), }, diff --git a/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py b/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py index 3a5656f46db91..94694e4eb6251 100644 --- a/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py +++ b/packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/kubectl-handler/helm/__init__.py @@ -93,7 +93,7 @@ def helm_handler(event, context): helm('upgrade', release, chart, repository, values_file, namespace, version, wait, timeout, create_namespace) elif request_type == "Delete": try: - helm('uninstall', release, namespace=namespace, timeout=timeout) + helm('uninstall', release, namespace=namespace, wait=wait, timeout=timeout) except Exception as e: logger.info("delete error: %s" % e) diff --git a/packages/aws-cdk-lib/aws-cloudfront/README.md b/packages/aws-cdk-lib/aws-cloudfront/README.md index 6c9aa2d3a461c..79a055ba89a75 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/README.md +++ b/packages/aws-cdk-lib/aws-cloudfront/README.md @@ -597,6 +597,31 @@ new cloudfront.Distribution(this, 'myDist', { }); ``` +### Additional CloudFront distribution metrics + +You can enable [additional CloudFront distribution metrics](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/viewing-cloudfront-metrics.html#monitoring-console.distributions-additional), which include the following metrics: + +- 4xx and 5xx error rates: View 4xx and 5xx error rates by the specific HTTP status code, as a percentage of total requests. +- Origin latency: See the total time spent from when CloudFront receives a request to when it provides a response to the network (not the viewer), for responses that are served from the origin, not the CloudFront cache. +- Cache hit rate: View cache hits as a percentage of total cacheable requests, excluding errors. + +```ts +const dist = new cloudfront.Distribution(this, 'myDist', { + defaultBehavior: { origin: new origins.HttpOrigin('www.example.com') }, + publishAdditionalMetrics: true, +}); + +// Retrieving additional distribution metrics +const latencyMetric = dist.metricOriginLatency(); +const cacheHitRateMetric = dist.metricCacheHitRate(); +const http401ErrorRateMetric = dist.metric401ErrorRate(); +const http403ErrorRateMetric = dist.metric403ErrorRate(); +const http404ErrorRateMetric = dist.metric404ErrorRate(); +const http502ErrorRateMetric = dist.metric502ErrorRate(); +const http503ErrorRateMetric = dist.metric503ErrorRate(); +const http504ErrorRateMetric = dist.metric504ErrorRate(); +``` + ### HTTP Versions You can configure CloudFront to use a particular version of the HTTP protocol. By default, diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts index bc0e8d58c8d96..ce4d64d02ef24 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts @@ -1,6 +1,6 @@ import { Construct } from 'constructs'; import { ICachePolicy } from './cache-policy'; -import { CfnDistribution } from './cloudfront.generated'; +import { CfnDistribution, CfnMonitoringSubscription } from './cloudfront.generated'; import { FunctionAssociation } from './function'; import { GeoRestriction } from './geo-restriction'; import { IKeyGroup } from './key-group'; @@ -11,6 +11,7 @@ import { formatDistributionArn } from './private/utils'; import { IRealtimeLogConfig } from './realtime-log-config'; import { IResponseHeadersPolicy } from './response-headers-policy'; import * as acm from '../../aws-certificatemanager'; +import * as cloudwatch from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; import * as lambda from '../../aws-lambda'; import * as s3 from '../../aws-s3'; @@ -255,6 +256,15 @@ export interface DistributionProps { * @default SSLMethod.SNI */ readonly sslSupportMethod?: SSLMethod; + + /** + * Whether to enable additional CloudWatch metrics. + * + * @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/viewing-cloudfront-metrics.html + * + * @default false + */ + readonly publishAdditionalMetrics?: boolean; } /** @@ -298,6 +308,7 @@ export class Distribution extends Resource implements IDistribution { private readonly errorResponses: ErrorResponse[]; private readonly certificate?: acm.ICertificate; + private readonly publishAdditionalMetrics?: boolean; constructor(scope: Construct, id: string, props: DistributionProps) { super(scope, id); @@ -323,6 +334,7 @@ export class Distribution extends Resource implements IDistribution { this.certificate = props.certificate; this.errorResponses = props.errorResponses ?? []; + this.publishAdditionalMetrics = props.publishAdditionalMetrics; // Comments have an undocumented limit of 128 characters const trimmedComment = @@ -355,6 +367,146 @@ export class Distribution extends Resource implements IDistribution { this.domainName = distribution.attrDomainName; this.distributionDomainName = distribution.attrDomainName; this.distributionId = distribution.ref; + + if (props.publishAdditionalMetrics) { + new CfnMonitoringSubscription(this, 'MonitoringSubscription', { + distributionId: this.distributionId, + monitoringSubscription: { + realtimeMetricsSubscriptionConfig: { + realtimeMetricsSubscriptionStatus: 'Enabled', + }, + }, + }); + } + } + + /** + * Return the given named metric for this Distribution + */ + public metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric { + return new cloudwatch.Metric({ + namespace: 'AWS/CloudFront', + metricName, + dimensionsMap: { DistributionId: this.distributionId }, + ...props, + }); + } + + /** + * Metric for the total time spent from when CloudFront receives a request to when it starts providing a response to the network (not the viewer), + * for requests that are served from the origin, not the CloudFront cache. + * + * This is also known as first byte latency, or time-to-first-byte. + * + * To obtain this metric, you need to set `publishAdditionalMetrics` to `true`. + * + * @default - average over 5 minutes + */ + public metricOriginLatency(props?: cloudwatch.MetricOptions): cloudwatch.Metric { + if (this.publishAdditionalMetrics !== true) { + throw new Error('Origin latency metric is only available if \'publishAdditionalMetrics\' is set \'true\''); + } + return this.metric('OriginLatency', props); + } + + /** + * Metric for the percentage of all cacheable requests for which CloudFront served the content from its cache. + * + * HTTP POST and PUT requests, and errors, are not considered cacheable requests. + * + * To obtain this metric, you need to set `publishAdditionalMetrics` to `true`. + * + * @default - average over 5 minutes + */ + public metricCacheHitRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric { + if (this.publishAdditionalMetrics !== true) { + throw new Error('Cache hit rate metric is only available if \'publishAdditionalMetrics\' is set \'true\''); + } + return this.metric('CacheHitRate', props); + } + + /** + * Metric for the percentage of all viewer requests for which the response's HTTP status code is 401. + * + * To obtain this metric, you need to set `publishAdditionalMetrics` to `true`. + * + * @default - average over 5 minutes + */ + public metric401ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric { + if (this.publishAdditionalMetrics !== true) { + throw new Error('401 error rate metric is only available if \'publishAdditionalMetrics\' is set \'true\''); + } + return this.metric('401ErrorRate', props); + } + + /** + * Metric for the percentage of all viewer requests for which the response's HTTP status code is 403. + * + * To obtain this metric, you need to set `publishAdditionalMetrics` to `true`. + * + * @default - average over 5 minutes + */ + public metric403ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric { + if (this.publishAdditionalMetrics !== true) { + throw new Error('403 error rate metric is only available if \'publishAdditionalMetrics\' is set \'true\''); + } + return this.metric('403ErrorRate', props); + } + + /** + * Metric for the percentage of all viewer requests for which the response's HTTP status code is 404. + * + * To obtain this metric, you need to set `publishAdditionalMetrics` to `true`. + * + * @default - average over 5 minutes + */ + public metric404ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric { + if (this.publishAdditionalMetrics !== true) { + throw new Error('404 error rate metric is only available if \'publishAdditionalMetrics\' is set \'true\''); + } + return this.metric('404ErrorRate', props); + } + + /** + * Metric for the percentage of all viewer requests for which the response's HTTP status code is 502. + * + * To obtain this metric, you need to set `publishAdditionalMetrics` to `true`. + * + * @default - average over 5 minutes + */ + public metric502ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric { + if (this.publishAdditionalMetrics !== true) { + throw new Error('502 error rate metric is only available if \'publishAdditionalMetrics\' is set \'true\''); + } + return this.metric('502ErrorRate', props); + } + + /** + * Metric for the percentage of all viewer requests for which the response's HTTP status code is 503. + * + * To obtain this metric, you need to set `publishAdditionalMetrics` to `true`. + * + * @default - average over 5 minutes + */ + public metric503ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric { + if (this.publishAdditionalMetrics !== true) { + throw new Error('503 error rate metric is only available if \'publishAdditionalMetrics\' is set \'true\''); + } + return this.metric('503ErrorRate', props); + } + + /** + * Metric for the percentage of all viewer requests for which the response's HTTP status code is 504. + * + * To obtain this metric, you need to set `publishAdditionalMetrics` to `true`. + * + * @default - average over 5 minutes + */ + public metric504ErrorRate(props?: cloudwatch.MetricOptions): cloudwatch.Metric { + if (this.publishAdditionalMetrics !== true) { + throw new Error('504 error rate metric is only available if \'publishAdditionalMetrics\' is set \'true\''); + } + return this.metric('504ErrorRate', props); } /** diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts index bedd391865792..8efb67d82ccc8 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts @@ -1,6 +1,7 @@ import { defaultOrigin, defaultOriginGroup } from './test-origin'; import { Match, Template } from '../../assertions'; import * as acm from '../../aws-certificatemanager'; +import * as cloudwatch from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; import * as kinesis from '../../aws-kinesis'; import * as lambda from '../../aws-lambda'; @@ -1241,3 +1242,85 @@ test('render distribution behavior with realtime log config - multiple behaviors }, })); }); + +test('with publish additional metrics', () => { + const origin = defaultOrigin(); + new Distribution(stack, 'MyDist', { + defaultBehavior: { origin }, + publishAdditionalMetrics: true, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CloudFront::Distribution', { + DistributionConfig: { + DefaultCacheBehavior: { + CachePolicyId: '658327ea-f89d-4fab-a63d-7e88639e58f6', + Compress: true, + TargetOriginId: 'StackMyDistOrigin1D6D5E535', + ViewerProtocolPolicy: 'allow-all', + }, + Enabled: true, + HttpVersion: 'http2', + IPV6Enabled: true, + Origins: [{ + DomainName: 'www.example.com', + Id: 'StackMyDistOrigin1D6D5E535', + CustomOriginConfig: { + OriginProtocolPolicy: 'https-only', + }, + }], + }, + }); + Template.fromStack(stack).hasResourceProperties('AWS::CloudFront::MonitoringSubscription', { + DistributionId: { + Ref: 'MyDistDB88FD9A', + }, + MonitoringSubscription: { + RealtimeMetricsSubscriptionConfig: { + RealtimeMetricsSubscriptionStatus: 'Enabled', + }, + }, + }); +}); + +describe('Distribution metrics tests', () => { + const metrics = [ + { name: 'OriginLatency', method: 'metricOriginLatency', additionalMetricsRequired: true, errorMetricName: 'Origin latency' }, + { name: 'CacheHitRate', method: 'metricCacheHitRate', additionalMetricsRequired: true, errorMetricName: 'Cache hit rate' }, + ...['401', '403', '404', '502', '503', '504'].map(errorCode => ({ + name: `${errorCode}ErrorRate`, + method: `metric${errorCode}ErrorRate`, + additionalMetricsRequired: true, + errorMetricName: `${errorCode} error rate`, + })), + ]; + + test.each(metrics)('get %s metric', (metric) => { + const origin = defaultOrigin(); + const dist = new Distribution(stack, 'MyDist', { + defaultBehavior: { origin }, + publishAdditionalMetrics: metric.additionalMetricsRequired, + }); + + const metricObj = dist[metric.method](); + + expect(metricObj).toEqual(new cloudwatch.Metric({ + namespace: 'AWS/CloudFront', + metricName: metric.name, + dimensions: { DistributionId: dist.distributionId }, + statistic: 'Average', + period: Duration.minutes(5), + })); + }); + + test.each(metrics)('throw error when trying to get %s metric without publishing additional metrics', (metric) => { + const origin = defaultOrigin(); + const dist = new Distribution(stack, 'MyDist', { + defaultBehavior: { origin }, + publishAdditionalMetrics: false, + }); + + expect(() => { + dist[metric.method](); + }).toThrow(new RegExp(`${metric.errorMetricName} metric is only available if 'publishAdditionalMetrics' is set 'true'`)); + }); +}); diff --git a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts index 1e66307be4406..bbcbfe851f5cc 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts @@ -457,6 +457,9 @@ export class DatabaseProxy extends DatabaseProxyBase for (const secret of props.secrets) { secret.grantRead(role); + if (secret.encryptionKey) { + secret.encryptionKey.grantDecrypt(role); + } } const securityGroups = props.securityGroups ?? [ diff --git a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts index 6546164210972..39d372533a51a 100644 --- a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts @@ -1,6 +1,7 @@ import { Match, Template } from '../../assertions'; import * as ec2 from '../../aws-ec2'; import { AccountPrincipal, Role } from '../../aws-iam'; +import { Key } from '../../aws-kms'; import * as secretsmanager from '../../aws-secretsmanager'; import * as cdk from '../../core'; import * as cxapi from '../../cx-api'; @@ -371,6 +372,51 @@ describe('proxy', () => { }).toThrow(/When the Proxy contains multiple Secrets, you must pass a dbUser explicitly to grantConnect/); }); + test('new Proxy with kms encrypted Secrets has permissions to kms:Decrypt that secret using its key', () => { + // GIVEN + const cluster = new rds.DatabaseCluster(stack, 'Database', { + engine: rds.DatabaseClusterEngine.AURORA, + instanceProps: { vpc }, + }); + + const kmsKey = new Key(stack, 'Key'); + + const kmsEncryptedSecret = new secretsmanager.Secret(stack, 'Secret', { encryptionKey: kmsKey }); + + // WHEN + new rds.DatabaseProxy(stack, 'Proxy', { + proxyTarget: rds.ProxyTarget.fromCluster(cluster), + vpc, + secrets: [kmsEncryptedSecret], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'], + Effect: 'Allow', + Resource: { + Ref: 'SecretA720EF05', + }, + }, + { + Action: 'kms:Decrypt', + Effect: 'Allow', + Resource: { + 'Fn::GetAtt': [ + 'Key961B73FD', + 'Arn', + ], + }, + }, + ], + }, + Roles: [{ Ref: 'ProxyIAMRole2FE8AB0F' }], + }); + }); + test('DBProxyTargetGroup should have dependency on the proxy targets', () => { // GIVEN const cluster = new rds.DatabaseCluster(stack, 'cluster', { diff --git a/packages/aws-cdk-lib/aws-s3/README.md b/packages/aws-cdk-lib/aws-s3/README.md index 5be9a411c8860..247dadc0b1373 100644 --- a/packages/aws-cdk-lib/aws-s3/README.md +++ b/packages/aws-cdk-lib/aws-s3/README.md @@ -402,6 +402,42 @@ const bucket = new s3.Bucket(this, 'MyBucket', { }); ``` +You have two options for the log object key format. +`Non-date-based partitioning` is the default log object key format and appears as follows: + +```txt +[DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +``` + +```ts +const accessLogsBucket = new s3.Bucket(this, 'AccessLogsBucket'); + +const bucket = new s3.Bucket(this, 'MyBucket', { + serverAccessLogsBucket: accessLogsBucket, + serverAccessLogsPrefix: 'logs', + // You can use a simple prefix with `TargetObjectKeyFormat.simplePrefix()`, but it is the same even if you do not specify `targetObjectKeyFormat` property. + targetObjectKeyFormat: s3.TargetObjectKeyFormat.simplePrefix(), +}); +``` + +Another option is `Date-based partitioning`. +If you choose this format, you can select either the event time or the delivery time of the log file as the date source used in the log format. +This format appears as follows: + +```txt +[DestinationPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +``` + +```ts +const accessLogsBucket = new s3.Bucket(this, 'AccessLogsBucket'); + +const bucket = new s3.Bucket(this, 'MyBucket', { + serverAccessLogsBucket: accessLogsBucket, + serverAccessLogsPrefix: 'logs', + targetObjectKeyFormat: s3.TargetObjectKeyFormat.partitionedPrefix(s3.PartitionDateSource.EVENT_TIME), +}); +``` + ### Allowing access log delivery using a Bucket Policy (recommended) When possible, it is recommended to use a bucket policy to grant access instead of diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts index 79e3fabddcbe8..91dd452c71d4d 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts @@ -1336,6 +1336,68 @@ export interface IntelligentTieringConfiguration { readonly deepArchiveAccessTierTime?: Duration; } +/** + * The date source for the partitioned prefix. + */ +export enum PartitionDateSource { + /** + * The year, month, and day will be based on the timestamp of the S3 event in the file that's been delivered. + */ + EVENT_TIME = 'EventTime', + + /** + * The year, month, and day will be based on the time when the log file was delivered to S3. + */ + DELIVERY_TIME = 'DeliveryTime', +} + +/** + * The key format for the log object. + */ +export abstract class TargetObjectKeyFormat { + /** + * Use partitioned prefix for log objects. + * If you do not specify the dateSource argument, the default is EventTime. + * + * The partitioned prefix format as follow: + * [DestinationPrefix][SourceAccountId]/​[SourceRegion]/​[SourceBucket]/​[YYYY]/​[MM]/​[DD]/​[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] + */ + public static partitionedPrefix(dateSource?: PartitionDateSource): TargetObjectKeyFormat { + return new class extends TargetObjectKeyFormat { + public _render(): CfnBucket.LoggingConfigurationProperty['targetObjectKeyFormat'] { + return { + partitionedPrefix: { + partitionDateSource: dateSource, + }, + }; + } + }(); + } + + /** + * Use the simple prefix for log objects. + * + * The simple prefix format as follow: + * [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] + */ + public static simplePrefix(): TargetObjectKeyFormat { + return new class extends TargetObjectKeyFormat { + public _render(): CfnBucket.LoggingConfigurationProperty['targetObjectKeyFormat'] { + return { + simplePrefix: {}, + }; + } + }(); + } + + /** + * Render the log object key format. + * + * @internal + */ + public abstract _render(): CfnBucket.LoggingConfigurationProperty['targetObjectKeyFormat']; +} + export interface BucketProps { /** * The kind of server-side encryption to apply to this bucket. @@ -1544,6 +1606,13 @@ export interface BucketProps { */ readonly serverAccessLogsPrefix?: string; + /** + * Optional key format for log objects. + * + * @default - the default key format is: [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] + */ + readonly targetObjectKeyFormat?: TargetObjectKeyFormat; + /** * The inventory configuration of the bucket. * @@ -2213,6 +2282,7 @@ export class Bucket extends BucketBase { return { destinationBucketName: props.serverAccessLogsBucket?.bucketName, logFilePrefix: props.serverAccessLogsPrefix, + targetObjectKeyFormat: props.targetObjectKeyFormat?._render(), }; } diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index 14f076c419852..956f66e7d12e6 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -2858,6 +2858,7 @@ describe('bucket', () => { DestinationBucketName: { Ref: 'AccessLogs8B620ECA', }, + TargetObjectKeyFormat: Match.absent(), }, }); }); @@ -2880,6 +2881,7 @@ describe('bucket', () => { Ref: 'AccessLogs8B620ECA', }, LogFilePrefix: 'hello', + TargetObjectKeyFormat: Match.absent(), }, }); }); @@ -2896,6 +2898,76 @@ describe('bucket', () => { Template.fromStack(stack).hasResourceProperties('AWS::S3::Bucket', { LoggingConfiguration: { LogFilePrefix: 'hello', + TargetObjectKeyFormat: Match.absent(), + }, + }); + }); + + test('Use simple prefix for log objects', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const accessLogBucket = new s3.Bucket(stack, 'AccessLogs'); + new s3.Bucket(stack, 'MyBucket', { + serverAccessLogsBucket: accessLogBucket, + targetObjectKeyFormat: s3.TargetObjectKeyFormat.simplePrefix(), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::S3::Bucket', { + LoggingConfiguration: { + DestinationBucketName: { + Ref: 'AccessLogs8B620ECA', + }, + TargetObjectKeyFormat: { + SimplePrefix: {}, + PartitionedPrefix: Match.absent(), + }, + }, + }); + }); + + test('Use partitioned prefix for log objects', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const accessLogBucket = new s3.Bucket(stack, 'AccessLogs'); + new s3.Bucket(stack, 'MyBucket', { + serverAccessLogsBucket: accessLogBucket, + targetObjectKeyFormat: s3.TargetObjectKeyFormat.partitionedPrefix(s3.PartitionDateSource.EVENT_TIME), + }); + new s3.Bucket(stack, 'MyBucket2', { + serverAccessLogsBucket: accessLogBucket, + targetObjectKeyFormat: s3.TargetObjectKeyFormat.partitionedPrefix(s3.PartitionDateSource.DELIVERY_TIME), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::S3::Bucket', { + LoggingConfiguration: { + DestinationBucketName: { + Ref: 'AccessLogs8B620ECA', + }, + TargetObjectKeyFormat: { + SimplePrefix: Match.absent(), + PartitionedPrefix: { + PartitionDateSource: 'EventTime', + }, + }, + }, + }); + Template.fromStack(stack).hasResourceProperties('AWS::S3::Bucket', { + LoggingConfiguration: { + DestinationBucketName: { + Ref: 'AccessLogs8B620ECA', + }, + TargetObjectKeyFormat: { + SimplePrefix: Match.absent(), + PartitionedPrefix: { + PartitionDateSource: 'DeliveryTime', + }, + }, }, }); }); diff --git a/packages/aws-cdk-lib/aws-sns-subscriptions/test/subs.test.ts b/packages/aws-cdk-lib/aws-sns-subscriptions/test/subs.test.ts index d4d6998fb6fcf..aa70888651178 100644 --- a/packages/aws-cdk-lib/aws-sns-subscriptions/test/subs.test.ts +++ b/packages/aws-cdk-lib/aws-sns-subscriptions/test/subs.test.ts @@ -1924,6 +1924,7 @@ test('with filter policy', () => { color: sns.SubscriptionFilter.stringFilter({ allowlist: ['red'], matchPrefixes: ['bl', 'ye'], + matchSuffixes: ['ue', 'ow'], }), size: sns.SubscriptionFilter.stringFilter({ denylist: ['small', 'medium'], @@ -1944,6 +1945,12 @@ test('with filter policy', () => { { 'prefix': 'ye', }, + { + 'suffix': 'ue', + }, + { + 'suffix': 'ow', + }, ], 'size': [ { @@ -1980,6 +1987,7 @@ test('with filter policy scope MessageBody', () => { background: sns.FilterOrPolicy.filter(sns.SubscriptionFilter.stringFilter({ allowlist: ['red'], matchPrefixes: ['bl', 'ye'], + matchSuffixes: ['ue', 'ow'], })), }), size: sns.FilterOrPolicy.filter(sns.SubscriptionFilter.stringFilter({ @@ -1999,6 +2007,12 @@ test('with filter policy scope MessageBody', () => { { 'prefix': 'ye', }, + { + 'suffix': 'ue', + }, + { + 'suffix': 'ow', + }, ], }, 'size': [ diff --git a/packages/aws-cdk-lib/aws-sns/README.md b/packages/aws-cdk-lib/aws-sns/README.md index dfde7e3312cba..656c743fdb864 100644 --- a/packages/aws-cdk-lib/aws-sns/README.md +++ b/packages/aws-cdk-lib/aws-sns/README.md @@ -70,6 +70,7 @@ myTopic.addSubscription(new subscriptions.LambdaSubscription(fn, { color: sns.SubscriptionFilter.stringFilter({ allowlist: ['red', 'orange'], matchPrefixes: ['bl'], + matchSuffixes: ['ue'], }), size: sns.SubscriptionFilter.stringFilter({ denylist: ['small', 'medium'], diff --git a/packages/aws-cdk-lib/aws-sns/lib/subscription-filter.ts b/packages/aws-cdk-lib/aws-sns/lib/subscription-filter.ts index 69be08bb1db26..fce85aa23fc32 100644 --- a/packages/aws-cdk-lib/aws-sns/lib/subscription-filter.ts +++ b/packages/aws-cdk-lib/aws-sns/lib/subscription-filter.ts @@ -35,6 +35,13 @@ export interface StringConditions { * @default - None */ readonly matchPrefixes?: string[]; + + /** + * Matches values that end with the specified suffixes. + * + * @default - None + */ + readonly matchSuffixes?: string[]; } /** @@ -144,6 +151,10 @@ export class SubscriptionFilter { conditions.push(...stringConditions.matchPrefixes.map(p => ({ prefix: p }))); } + if (stringConditions.matchSuffixes) { + conditions.push(...stringConditions.matchSuffixes.map(s => ({ suffix: s }))); + } + return new SubscriptionFilter(conditions); } diff --git a/packages/aws-cdk-lib/aws-sns/test/subscription.test.ts b/packages/aws-cdk-lib/aws-sns/test/subscription.test.ts index 6723a7fef79ea..193f530b27704 100644 --- a/packages/aws-cdk-lib/aws-sns/test/subscription.test.ts +++ b/packages/aws-cdk-lib/aws-sns/test/subscription.test.ts @@ -113,6 +113,7 @@ describe('Subscription', () => { allowlist: ['red', 'green'], denylist: ['white', 'orange'], matchPrefixes: ['bl', 'ye'], + matchSuffixes: ['ue', 'ow'], }), price: sns.SubscriptionFilter.numericFilter({ allowlist: [100, 200], @@ -137,6 +138,8 @@ describe('Subscription', () => { { 'anything-but': ['white', 'orange'] }, { prefix: 'bl' }, { prefix: 'ye' }, + { suffix: 'ue' }, + { suffix: 'ow' }, ], price: [ { numeric: ['=', 100] },