diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md index ab7423f5cc055..2af0bbf7d96e3 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/README.md +++ b/packages/@aws-cdk/aws-ec2-alpha/README.md @@ -63,6 +63,31 @@ new SubnetV2(this, 'subnetA', { }) ``` +### Availability Zone Specification + +SubnetV2 supports two ways to specify the availability zone: + +1. **Availability Zone Name** (`availabilityZone`): Standard AZ name like 'us-east-1a' +2. **Availability Zone ID** (`availabilityZoneId`): AZ ID like 'use1-az1' for cross-account consistency + +**When to use AZ IDs**: Use `availabilityZoneId` when you need consistent placement across AWS accounts, as AZ names can map to different physical zones per account, but AZ IDs remain consistent. + +**Important**: AZ IDs are account-specific. The same AZ ID (e.g., 'use1-az1') may not exist in all accounts. + +```ts +const myVpc = new VpcV2(this, 'MyVpc', { + primaryAddressBlock: IpAddresses.ipv4('10.0.0.0/16'), +}); + +// Using AZ ID for cross-account consistency +new SubnetV2(this, 'CrossAccountSubnet', { + vpc: myVpc, + availabilityZoneId: 'use1-az1', + ipv4CidrBlock: new IpCidr('10.0.1.0/24'), + subnetType: SubnetType.PUBLIC, +}) +``` + Since `VpcV2` does not create subnets automatically, users have full control over IP addresses allocation across subnets. ## IP Addresses Management diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts index 08ac4b2f42002..16aa18b5ec13b 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts @@ -62,8 +62,21 @@ export interface SubnetV2Props { /** * Custom AZ for the subnet + * + * Either `availabilityZone` or `availabilityZoneId` must be specified, but not both. + * + * @default - No availability zone specified, must provide availabilityZoneId instead */ - readonly availabilityZone: string; + readonly availabilityZone?: string; + + /** + * The AZ ID of the subnet + * + * Either `availabilityZone` or `availabilityZoneId` must be specified, but not both. + * + * @default - No availability zone ID specified, must provide availabilityZone instead + */ + readonly availabilityZoneId?: string; /** * Custom Route for subnet @@ -270,6 +283,14 @@ export class SubnetV2 extends Resource implements ISubnetV2 { // Enhanced CDK Analytics Telemetry addConstructMetadata(this, props); + // Validate availability zone specification + if (!props.availabilityZone && !props.availabilityZoneId) { + throw new UnscopedValidationError('Either availabilityZone or availabilityZoneId must be specified'); + } + if (props.availabilityZone && props.availabilityZoneId) { + throw new UnscopedValidationError('Cannot specify both availabilityZone and availabilityZoneId. Use either availabilityZone or availabilityZoneId'); + } + const ipv4CidrBlock = props.ipv4CidrBlock.cidr; const ipv6CidrBlock = props.ipv6CidrBlock?.cidr; @@ -307,6 +328,7 @@ export class SubnetV2 extends Resource implements ISubnetV2 { cidrBlock: ipv4CidrBlock, ipv6CidrBlock: ipv6CidrBlock, availabilityZone: props.availabilityZone, + availabilityZoneId: props.availabilityZoneId, assignIpv6AddressOnCreation: props.assignIpv6AddressOnCreation, mapPublicIpOnLaunch: props.mapPublicIpOnLaunch, }); @@ -315,7 +337,7 @@ export class SubnetV2 extends Resource implements ISubnetV2 { this.ipv4CidrBlock = props.ipv4CidrBlock.cidr; this.ipv6CidrBlock = props.ipv6CidrBlock?.cidr; this.subnetId = subnet.ref; - this.availabilityZone = props.availabilityZone; + this.availabilityZone = props.availabilityZone || subnet.attrAvailabilityZone; this._networkAcl = NetworkAcl.fromNetworkAclId(this, 'Acl', subnet.attrNetworkAclAssociationId); @@ -395,6 +417,13 @@ export interface SubnetV2Attributes { */ readonly availabilityZone: string; + /** + * The AZ ID of the subnet + * + * @default - No AZ ID information + */ + readonly availabilityZoneId?: string; + /** * The IPv4 CIDR block associated with the subnet * diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/aws-cdk-subnet-v2-zone-id-test.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/aws-cdk-subnet-v2-zone-id-test.assets.json new file mode 100644 index 0000000000000..88078b2e0d3f3 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/aws-cdk-subnet-v2-zone-id-test.assets.json @@ -0,0 +1,21 @@ +{ + "version": "48.0.0", + "files": { + "81c49f5141352d02cd7690645fbc9f173dd786dafb48918f67966e28784f2d19": { + "displayName": "aws-cdk-subnet-v2-zone-id-test Template", + "source": { + "path": "aws-cdk-subnet-v2-zone-id-test.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-us-east-1-168f508c": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", + "objectKey": "81c49f5141352d02cd7690645fbc9f173dd786dafb48918f67966e28784f2d19.json", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/aws-cdk-subnet-v2-zone-id-test.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/aws-cdk-subnet-v2-zone-id-test.template.json new file mode 100644 index 0000000000000..ebc07a67c322d --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/aws-cdk-subnet-v2-zone-id-test.template.json @@ -0,0 +1,405 @@ +{ + "Resources": { + "ZoneIdTestVpc3230D79C": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.3.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-subnet-v2-zone-id-test/ZoneIdTestVpc" + } + ] + } + }, + "SubnetWithHardcodedZoneIdSubnet3FA53E1C": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZoneId": "use1-az4", + "CidrBlock": "10.3.0.0/24", + "Tags": [ + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "SubnetWithHardcodedZoneIdRouteTableF1967017": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "DefaultCDKRouteTable" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "SubnetWithHardcodedZoneIdRouteTableAssociation038A3E3E": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "SubnetWithHardcodedZoneIdRouteTableF1967017", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "SubnetWithHardcodedZoneIdSubnet3FA53E1C" + } + } + }, + "SubnetWithMappedZoneIdSubnet065F00FB": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZoneId": { + "Fn::FindInMap": [ + "AZIdMapping", + { + "Ref": "AWS::Region" + }, + "az2" + ] + }, + "CidrBlock": "10.3.1.0/24", + "Tags": [ + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "SubnetWithMappedZoneIdRouteTable23FF0FA3": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "DefaultCDKRouteTable" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "SubnetWithMappedZoneIdRouteTableAssociationEB66B699": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "SubnetWithMappedZoneIdRouteTable23FF0FA3", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "SubnetWithMappedZoneIdSubnet065F00FB" + } + } + }, + "SubnetWithContextZoneIdSubnet6EB340EC": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZoneId": { + "Fn::FindInMap": [ + "AZIdMapping", + { + "Ref": "AWS::Region" + }, + "az3" + ] + }, + "CidrBlock": "10.3.2.0/24", + "Tags": [ + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "SubnetWithContextZoneIdRouteTableFE55A260": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "DefaultCDKRouteTable" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "SubnetWithContextZoneIdRouteTableAssociation1B1D1405": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "SubnetWithContextZoneIdRouteTableFE55A260", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "SubnetWithContextZoneIdSubnet6EB340EC" + } + } + }, + "MultiZoneSubnet1Subnet84620AF3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZoneId": { + "Fn::FindInMap": [ + "AZIdMapping", + { + "Ref": "AWS::Region" + }, + "az1" + ] + }, + "CidrBlock": "10.3.10.0/24", + "Tags": [ + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "MultiZoneSubnet1RouteTable748A78C8": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "DefaultCDKRouteTable" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "MultiZoneSubnet1RouteTableAssociation9FD3D76D": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "MultiZoneSubnet1RouteTable748A78C8", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "MultiZoneSubnet1Subnet84620AF3" + } + } + }, + "MultiZoneSubnet2Subnet7069D8FA": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZoneId": { + "Fn::FindInMap": [ + "AZIdMapping", + { + "Ref": "AWS::Region" + }, + "az2" + ] + }, + "CidrBlock": "10.3.11.0/24", + "Tags": [ + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "MultiZoneSubnet2RouteTable73005963": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "DefaultCDKRouteTable" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "MultiZoneSubnet2RouteTableAssociationD104A03D": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "MultiZoneSubnet2RouteTable73005963", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "MultiZoneSubnet2Subnet7069D8FA" + } + } + }, + "MultiZoneSubnet3Subnet8A3BFB58": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZoneId": { + "Fn::FindInMap": [ + "AZIdMapping", + { + "Ref": "AWS::Region" + }, + "az3" + ] + }, + "CidrBlock": "10.3.12.0/24", + "Tags": [ + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "MultiZoneSubnet3RouteTable5C1A17E6": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "DefaultCDKRouteTable" + } + ], + "VpcId": { + "Fn::GetAtt": [ + "ZoneIdTestVpc3230D79C", + "VpcId" + ] + } + } + }, + "MultiZoneSubnet3RouteTableAssociation1679C5C7": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "MultiZoneSubnet3RouteTable5C1A17E6", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "MultiZoneSubnet3Subnet8A3BFB58" + } + } + } + }, + "Mappings": { + "AZIdMapping": { + "us-east-1": { + "az1": "use1-az4", + "az2": "use1-az6", + "az3": "use1-az1", + "az4": "use1-az2", + "az5": "use1-az3", + "az6": "use1-az5" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/cdk.out new file mode 100644 index 0000000000000..523a9aac37cbf --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"48.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/integ.json new file mode 100644 index 0000000000000..ee0fd3938e46d --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "48.0.0", + "testCases": { + "subnet-v2-zone-id-integ-test/DefaultTest": { + "stacks": [ + "aws-cdk-subnet-v2-zone-id-test" + ], + "assertionStack": "subnet-v2-zone-id-integ-test/DefaultTest/DeployAssert", + "assertionStackName": "subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE" + } + }, + "minimumCliVersion": "2.1023.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/manifest.json new file mode 100644 index 0000000000000..1cbc49e3c764d --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/manifest.json @@ -0,0 +1,780 @@ +{ + "version": "48.0.0", + "artifacts": { + "aws-cdk-subnet-v2-zone-id-test.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-subnet-v2-zone-id-test.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-subnet-v2-zone-id-test": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/us-east-1", + "properties": { + "templateFile": "aws-cdk-subnet-v2-zone-id-test.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/81c49f5141352d02cd7690645fbc9f173dd786dafb48918f67966e28784f2d19.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-subnet-v2-zone-id-test.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-us-east-1", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-subnet-v2-zone-id-test.assets" + ], + "metadata": { + "/aws-cdk-subnet-v2-zone-id-test/ZoneIdTestVpc": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/ZoneIdTestVpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ZoneIdTestVpc3230D79C" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/AZIdMapping": [ + { + "type": "aws:cdk:logicalId", + "data": "AZIdMapping" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "SubnetWithHardcodedZoneIdSubnet3FA53E1C" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId/RouteTable": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId/RouteTable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "SubnetWithHardcodedZoneIdRouteTableF1967017" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "SubnetWithHardcodedZoneIdRouteTableAssociation038A3E3E" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "SubnetWithMappedZoneIdSubnet065F00FB" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId/RouteTable": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId/RouteTable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "SubnetWithMappedZoneIdRouteTable23FF0FA3" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "SubnetWithMappedZoneIdRouteTableAssociationEB66B699" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "SubnetWithContextZoneIdSubnet6EB340EC" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId/RouteTable": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId/RouteTable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "SubnetWithContextZoneIdRouteTableFE55A260" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "SubnetWithContextZoneIdRouteTableAssociation1B1D1405" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "MultiZoneSubnet1Subnet84620AF3" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1/RouteTable": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1/RouteTable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "MultiZoneSubnet1RouteTable748A78C8" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "MultiZoneSubnet1RouteTableAssociation9FD3D76D" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "MultiZoneSubnet2Subnet7069D8FA" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2/RouteTable": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2/RouteTable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "MultiZoneSubnet2RouteTable73005963" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "MultiZoneSubnet2RouteTableAssociationD104A03D" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "MultiZoneSubnet3Subnet8A3BFB58" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3/RouteTable": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3/RouteTable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "MultiZoneSubnet3RouteTable5C1A17E6" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "MultiZoneSubnet3RouteTableAssociation1679C5C7" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-subnet-v2-zone-id-test/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-subnet-v2-zone-id-test" + }, + "subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.assets" + ], + "metadata": { + "/subnet-v2-zone-id-integ-test/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/subnet-v2-zone-id-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "subnet-v2-zone-id-integ-test/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "recommendedValue": true, + "explanation": "Pass signingProfileName to CfnSigningProfile" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": { + "userValue": false, + "recommendedValue": false, + "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**" + }, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**" + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + } + } + } + } + }, + "minimumCliVersion": "2.1023.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.assets.json new file mode 100644 index 0000000000000..53733556b9b35 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE Template", + "source": { + "path": "subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-d8d86b35": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/subnetv2zoneidintegtestDefaultTestDeployAssert47A3FECE.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/tree.json new file mode 100644 index 0000000000000..3f559613e0d7b --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.js.snapshot/tree.json @@ -0,0 +1 @@ +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-subnet-v2-zone-id-test":{"id":"aws-cdk-subnet-v2-zone-id-test","path":"aws-cdk-subnet-v2-zone-id-test","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"ZoneIdTestVpc":{"id":"ZoneIdTestVpc","path":"aws-cdk-subnet-v2-zone-id-test/ZoneIdTestVpc","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.VpcV2","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-subnet-v2-zone-id-test/ZoneIdTestVpc/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnVPC","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::VPC","aws:cdk:cloudformation:props":{"cidrBlock":"10.3.0.0/16","enableDnsHostnames":true,"enableDnsSupport":true,"instanceTenancy":"default","tags":[{"key":"Name","value":"aws-cdk-subnet-v2-zone-id-test/ZoneIdTestVpc"}]}}}}},"AZIdMapping":{"id":"AZIdMapping","path":"aws-cdk-subnet-v2-zone-id-test/AZIdMapping","constructInfo":{"fqn":"aws-cdk-lib.CfnMapping","version":"0.0.0"}},"SubnetWithHardcodedZoneId":{"id":"SubnetWithHardcodedZoneId","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.SubnetV2","version":"0.0.0","metadata":["*"]},"children":{"Subnet":{"id":"Subnet","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZoneId":"use1-az4","cidrBlock":"10.3.0.0/24","tags":[{"key":"aws-cdk:subnet-type","value":"Isolated"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}},"Acl":{"id":"Acl","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId/RouteTable","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.RouteTable","version":"0.0.0","metadata":["*"]},"children":{"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId/RouteTable/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"DefaultCDKRouteTable"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithHardcodedZoneId/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Fn::GetAtt":["SubnetWithHardcodedZoneIdRouteTableF1967017","RouteTableId"]},"subnetId":{"Ref":"SubnetWithHardcodedZoneIdSubnet3FA53E1C"}}}}}},"SubnetWithMappedZoneId":{"id":"SubnetWithMappedZoneId","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.SubnetV2","version":"0.0.0","metadata":["*"]},"children":{"Subnet":{"id":"Subnet","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZoneId":{"Fn::FindInMap":["AZIdMapping",{"Ref":"AWS::Region"},"az2"]},"cidrBlock":"10.3.1.0/24","tags":[{"key":"aws-cdk:subnet-type","value":"Private"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}},"Acl":{"id":"Acl","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId/RouteTable","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.RouteTable","version":"0.0.0","metadata":["*"]},"children":{"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId/RouteTable/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"DefaultCDKRouteTable"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithMappedZoneId/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Fn::GetAtt":["SubnetWithMappedZoneIdRouteTable23FF0FA3","RouteTableId"]},"subnetId":{"Ref":"SubnetWithMappedZoneIdSubnet065F00FB"}}}}}},"SubnetWithContextZoneId":{"id":"SubnetWithContextZoneId","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.SubnetV2","version":"0.0.0","metadata":["*"]},"children":{"Subnet":{"id":"Subnet","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZoneId":{"Fn::FindInMap":["AZIdMapping",{"Ref":"AWS::Region"},"az3"]},"cidrBlock":"10.3.2.0/24","tags":[{"key":"aws-cdk:subnet-type","value":"Public"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}},"Acl":{"id":"Acl","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId/RouteTable","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.RouteTable","version":"0.0.0","metadata":["*"]},"children":{"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId/RouteTable/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"DefaultCDKRouteTable"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"aws-cdk-subnet-v2-zone-id-test/SubnetWithContextZoneId/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Fn::GetAtt":["SubnetWithContextZoneIdRouteTableFE55A260","RouteTableId"]},"subnetId":{"Ref":"SubnetWithContextZoneIdSubnet6EB340EC"}}}}}},"MultiZoneSubnet1":{"id":"MultiZoneSubnet1","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.SubnetV2","version":"0.0.0","metadata":["*"]},"children":{"Subnet":{"id":"Subnet","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZoneId":{"Fn::FindInMap":["AZIdMapping",{"Ref":"AWS::Region"},"az1"]},"cidrBlock":"10.3.10.0/24","tags":[{"key":"aws-cdk:subnet-type","value":"Isolated"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}},"Acl":{"id":"Acl","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1/RouteTable","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.RouteTable","version":"0.0.0","metadata":["*"]},"children":{"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1/RouteTable/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"DefaultCDKRouteTable"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet1/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Fn::GetAtt":["MultiZoneSubnet1RouteTable748A78C8","RouteTableId"]},"subnetId":{"Ref":"MultiZoneSubnet1Subnet84620AF3"}}}}}},"MultiZoneSubnet2":{"id":"MultiZoneSubnet2","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.SubnetV2","version":"0.0.0","metadata":["*"]},"children":{"Subnet":{"id":"Subnet","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZoneId":{"Fn::FindInMap":["AZIdMapping",{"Ref":"AWS::Region"},"az2"]},"cidrBlock":"10.3.11.0/24","tags":[{"key":"aws-cdk:subnet-type","value":"Isolated"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}},"Acl":{"id":"Acl","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2/RouteTable","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.RouteTable","version":"0.0.0","metadata":["*"]},"children":{"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2/RouteTable/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"DefaultCDKRouteTable"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet2/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Fn::GetAtt":["MultiZoneSubnet2RouteTable73005963","RouteTableId"]},"subnetId":{"Ref":"MultiZoneSubnet2Subnet7069D8FA"}}}}}},"MultiZoneSubnet3":{"id":"MultiZoneSubnet3","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.SubnetV2","version":"0.0.0","metadata":["*"]},"children":{"Subnet":{"id":"Subnet","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZoneId":{"Fn::FindInMap":["AZIdMapping",{"Ref":"AWS::Region"},"az3"]},"cidrBlock":"10.3.12.0/24","tags":[{"key":"aws-cdk:subnet-type","value":"Isolated"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}},"Acl":{"id":"Acl","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3/RouteTable","constructInfo":{"fqn":"@aws-cdk/aws-ec2-alpha.RouteTable","version":"0.0.0","metadata":["*"]},"children":{"RouteTable":{"id":"RouteTable","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3/RouteTable/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"DefaultCDKRouteTable"}],"vpcId":{"Fn::GetAtt":["ZoneIdTestVpc3230D79C","VpcId"]}}}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"aws-cdk-subnet-v2-zone-id-test/MultiZoneSubnet3/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Fn::GetAtt":["MultiZoneSubnet3RouteTable5C1A17E6","RouteTableId"]},"subnetId":{"Ref":"MultiZoneSubnet3Subnet8A3BFB58"}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-subnet-v2-zone-id-test/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-subnet-v2-zone-id-test/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"subnet-v2-zone-id-integ-test":{"id":"subnet-v2-zone-id-integ-test","path":"subnet-v2-zone-id-integ-test","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"subnet-v2-zone-id-integ-test/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"subnet-v2-zone-id-integ-test/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"subnet-v2-zone-id-integ-test/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"subnet-v2-zone-id-integ-test/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"subnet-v2-zone-id-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.ts new file mode 100644 index 0000000000000..d0857553c51e8 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2-zoneId.ts @@ -0,0 +1,130 @@ +/* + * Integration test focused on SubnetV2 availabilityZoneId functionality. + * + * This test validates that SubnetV2 can be created using availabilityZoneId + * instead of availabilityZone, which is useful for cross-account scenarios + * where AZ names may differ but AZ IDs remain consistent. + * + * REGION RESTRICTION: This test is restricted to us-east-1 because: + * 1. The AZ ID mapping is hardcoded for us-east-1 (use1-az1, use1-az2, etc.) + * 2. Different regions have different AZ ID prefixes (e.g., usw2-az1 for us-west-2) + * 3. Each region has a different number of availability zones + * 4. To support other regions, we'd need region-specific mappings + */ + +import * as vpc_v2 from '../lib/vpc-v2'; +import { IpCidr, SubnetV2 } from '../lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import { SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { Token } from 'aws-cdk-lib'; + +const app = new cdk.App(); + +const supportedRegions = ['us-east-1']; +// Since the AZ IDs are hard-coded for us-east-1 in the mapping below, +// we need to restrict this test to that specific region. +const stack = new cdk.Stack(app, 'aws-cdk-subnet-v2-zone-id-test', { + env: { region: 'us-east-1' }, +}); + +if (process.env.CDK_INTEG_ACCOUNT !== '12345678') { + // only validate if we are about to actually deploy. + // TODO: better way to determine this, right now the 'CDK_INTEG_ACCOUNT' seems like the only way. + if (Token.isUnresolved(stack.region)) { + throw new Error(`region (${stack.region}) cannot be a token and must be configured to one of: ${supportedRegions}`); + } + if (!supportedRegions.includes(stack.region)) { + throw new Error(`region (${stack.region}) must be configured to one of: ${supportedRegions}`); + } +} + +// Create VPC for testing with a unique CIDR to avoid conflicts +const vpc = new vpc_v2.VpcV2(stack, 'ZoneIdTestVpc', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.3.0.0/16'), + enableDnsHostnames: true, + enableDnsSupport: true, +}); + +/** + * AZ ID mapping for us-east-1 region + * + * IMPORTANT: AZ IDs are account-specific! The mapping below may not match + * your AWS account. AZ IDs like 'use1-az1' are randomized per account to + * distribute load across AWS infrastructure. + * + * Use AWS CLI to generate the correct mapping for your account: + * + * ```bash + * aws ec2 describe-availability-zones --region us-east-1 \ + * --output json | \ + * jq -r '.AvailabilityZones | sort_by(.ZoneId) | + * to_entries | + * map(" az\(.key + 1): '\''\(.value.ZoneId)'\''") | + * ["{"] + . + ["}"] | + * join(",\n")' + * ``` + */ +const azIdMapping = new cdk.CfnMapping(stack, 'AZIdMapping', { + mapping: { + 'us-east-1': { + az1: 'use1-az4', + az2: 'use1-az6', + az3: 'use1-az1', + az4: 'use1-az2', + az5: 'use1-az3', + az6: 'use1-az5', + }, + }, +}); + +/** + * Test 1: Subnet with hardcoded AZ ID + */ +new SubnetV2(stack, 'SubnetWithHardcodedZoneId', { + vpc, + availabilityZoneId: 'use1-az4', + ipv4CidrBlock: new IpCidr('10.3.0.0/24'), + subnetType: SubnetType.PRIVATE_ISOLATED, +}); + +/** + * Test 2: Subnet with AZ ID from mapping + */ +new SubnetV2(stack, 'SubnetWithMappedZoneId', { + vpc, + availabilityZoneId: azIdMapping.findInMap(cdk.Aws.REGION, 'az2'), + ipv4CidrBlock: new IpCidr('10.3.1.0/24'), + subnetType: SubnetType.PRIVATE_WITH_EGRESS, +}); + +/** + * Test 3: Subnet with context-based AZ ID (allows override via context) + */ +const contextAzId = stack.node.tryGetContext('availabilityZoneId') || + azIdMapping.findInMap(cdk.Aws.REGION, 'az3'); + +new SubnetV2(stack, 'SubnetWithContextZoneId', { + vpc, + availabilityZoneId: contextAzId, + ipv4CidrBlock: new IpCidr('10.3.2.0/24'), + subnetType: SubnetType.PUBLIC, +}); + +/** + * Test 4: Multiple subnets across different AZ IDs + */ +const azIds = ['az1', 'az2', 'az3']; +azIds.forEach((azKey, index) => { + new SubnetV2(stack, `MultiZoneSubnet${index + 1}`, { + vpc, + availabilityZoneId: azIdMapping.findInMap(cdk.Aws.REGION, azKey), + ipv4CidrBlock: new IpCidr(`10.3.${10 + index}.0/24`), + subnetType: SubnetType.PRIVATE_ISOLATED, + }); +}); + +new IntegTest(app, 'subnet-v2-zone-id-integ-test', { + testCases: [stack], +}); + diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts index 6df34522437a0..86166f99fc6c2 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts @@ -196,12 +196,12 @@ describe('Subnet V2 with custom IP and routing', () => { TestIpamPublicPool0588A338B: { Type: 'AWS::EC2::IPAMPool', Properties: - { - AddressFamily: 'ipv6', - IpamScopeId: { - 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PublicDefaultScopeId'], - }, - }, + { + AddressFamily: 'ipv6', + IpamScopeId: { + 'Fn::GetAtt': ['TestIpamDBF92BA8', 'PublicDefaultScopeId'], + }, + }, }, TestVPCD26570D8: { Type: 'AWS::EC2::VPC' }, TestVPCipv6IpamFF061725: { Type: 'AWS::EC2::VPCCidrBlock' }, @@ -399,4 +399,160 @@ describe('Subnet V2 with custom IP and routing', () => { RouteTableId: { 'Fn::GetAtt': ['TestSubnetRouteTable5AF4379E', 'RouteTableId'] }, }); }); + + test('should create a subnet with availabilityZoneId', () => { + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + }); + + new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: testVpc, + availabilityZoneId: 'use1-az1', + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EC2::Subnet', { + CidrBlock: '10.1.0.0/24', + AvailabilityZoneId: 'use1-az1', + VpcId: { + 'Fn::GetAtt': [ + 'TestVPCD26570D8', + 'VpcId', + ], + }, + }); + }); + + test('should throw error when both availabilityZone and availabilityZoneId are provided', () => { + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + }); + + expect(() => new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: testVpc, + availabilityZone: 'us-east-1a', + availabilityZoneId: 'use1-az1', + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + })).toThrow('Cannot specify both availabilityZone and availabilityZoneId. Use either availabilityZone or availabilityZoneId'); + }); + + test('should throw error when neither availabilityZone nor availabilityZoneId are provided', () => { + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + }); + + expect(() => new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: testVpc, + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + })).toThrow('Either availabilityZone or availabilityZoneId must be specified'); + }); + + test('should create subnet with availabilityZoneId and IPv6', () => { + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + secondaryAddressBlocks: [vpc.IpAddresses.amazonProvidedIpv6({ + cidrBlockName: 'AmazonIpv6', + })], + }); + + new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: testVpc, + availabilityZoneId: 'use1-az1', + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + ipv6CidrBlock: new subnet.IpCidr('2001:db8:1::/64'), + subnetType: SubnetType.PUBLIC, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EC2::Subnet', { + CidrBlock: '10.1.0.0/24', + AvailabilityZoneId: 'use1-az1', + Ipv6CidrBlock: '2001:db8:1::/64', + VpcId: { + 'Fn::GetAtt': [ + 'TestVPCD26570D8', + 'VpcId', + ], + }, + }); + }); + + test('should not set AvailabilityZone property when using availabilityZoneId', () => { + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + }); + + new subnet.SubnetV2(stack, 'TestSubnet', { + vpc: testVpc, + availabilityZoneId: 'use1-az1', + ipv4CidrBlock: new subnet.IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PUBLIC, + }); + + const template = Template.fromStack(stack); + const subnetResource = template.findResources('AWS::EC2::Subnet'); + const subnetProps = Object.values(subnetResource)[0].Properties; + + expect(subnetProps.AvailabilityZoneId).toBe('use1-az1'); + expect(subnetProps.AvailabilityZone).toBeUndefined(); + }); + + test('should handle different availabilityZoneId formats', () => { + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + }); + + // Test with different region AZ ID formats + const testCases = [ + { id: 'use1-az1', region: 'us-east-1' }, + { id: 'usw2-az1', region: 'us-west-2' }, + { id: 'euw1-az1', region: 'eu-west-1' }, + ]; + + // Create all subnets first + testCases.forEach((testCase, index) => { + new subnet.SubnetV2(stack, `TestSubnet${index}`, { + vpc: testVpc, + availabilityZoneId: testCase.id, + ipv4CidrBlock: new subnet.IpCidr(`10.1.${index}.0/24`), + subnetType: SubnetType.PUBLIC, + }); + }); + + // Then verify all subnets in a single template synthesis + const template = Template.fromStack(stack); + testCases.forEach((testCase, index) => { + template.hasResourceProperties('AWS::EC2::Subnet', { + AvailabilityZoneId: testCase.id, + CidrBlock: `10.1.${index}.0/24`, + }); + }); + }); + + test('should create multiple subnets with different availabilityZoneIds', () => { + const testVpc = new vpc.VpcV2(stack, 'TestVPC', { + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), + }); + + const azIds = ['use1-az1', 'use1-az2', 'use1-az3']; + + azIds.forEach((azId, index) => { + new subnet.SubnetV2(stack, `MultiAzSubnet${index}`, { + vpc: testVpc, + availabilityZoneId: azId, + ipv4CidrBlock: new subnet.IpCidr(`10.1.${index}.0/24`), + subnetType: SubnetType.PRIVATE_ISOLATED, + }); + }); + + // Verify all subnets were created with correct AZ IDs + azIds.forEach((azId, index) => { + Template.fromStack(stack).hasResourceProperties('AWS::EC2::Subnet', { + AvailabilityZoneId: azId, + CidrBlock: `10.1.${index}.0/24`, + }); + }); + }); });