diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.assets.json new file mode 100644 index 0000000000000..13407803d7813 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7 Template", + "source": { + "path": "SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-d8d86b35": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/cdk.out new file mode 100644 index 0000000000000..523a9aac37cbf --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"48.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/integ.json new file mode 100644 index 0000000000000..c102641c2ff1b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "48.0.0", + "testCases": { + "SyntheticsGroupIntegTest/DefaultTest": { + "stacks": [ + "synthetics-group" + ], + "assertionStack": "SyntheticsGroupIntegTest/DefaultTest/DeployAssert", + "assertionStackName": "SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7" + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/manifest.json new file mode 100644 index 0000000000000..b1e1b821a6a25 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/manifest.json @@ -0,0 +1,740 @@ +{ + "version": "48.0.0", + "artifacts": { + "synthetics-group.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "synthetics-group.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "synthetics-group": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "synthetics-group.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ac93d05e7a9094b58e53324db52a01cc936ad384341baf280c67f2379f5c3747.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "synthetics-group.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "synthetics-group.assets" + ], + "metadata": { + "/synthetics-group/TestCanary1": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "test": "*", + "runtime": "*", + "canaryName": "*" + } + } + ], + "/synthetics-group/TestCanary1/ArtifactsBucket": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "encryption": "KMS_MANAGED", + "enforceSSL": true, + "lifecycleRules": "*" + } + } + ], + "/synthetics-group/TestCanary1/ArtifactsBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestCanary1ArtifactsBucket0D00750B" + } + ], + "/synthetics-group/TestCanary1/ArtifactsBucket/Policy": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "bucket": "*" + } + } + ], + "/synthetics-group/TestCanary1/ArtifactsBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestCanary1ArtifactsBucketPolicyAAF29438" + } + ], + "/synthetics-group/TestCanary1/ServiceRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "inlinePolicies": "*", + "managedPolicies": [] + } + } + ], + "/synthetics-group/TestCanary1/ServiceRole/ImportServiceRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/synthetics-group/TestCanary1/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestCanary1ServiceRole41E6EC53" + } + ], + "/synthetics-group/TestCanary1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestCanary193D30EFE" + } + ], + "/synthetics-group/TestCanary2": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "test": "*", + "runtime": "*", + "canaryName": "*" + } + } + ], + "/synthetics-group/TestCanary2/ArtifactsBucket": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "encryption": "KMS_MANAGED", + "enforceSSL": true, + "lifecycleRules": "*" + } + } + ], + "/synthetics-group/TestCanary2/ArtifactsBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestCanary2ArtifactsBucketCA0FD872" + } + ], + "/synthetics-group/TestCanary2/ArtifactsBucket/Policy": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "bucket": "*" + } + } + ], + "/synthetics-group/TestCanary2/ArtifactsBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestCanary2ArtifactsBucketPolicy266DB4A4" + } + ], + "/synthetics-group/TestCanary2/ServiceRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "inlinePolicies": "*", + "managedPolicies": [] + } + } + ], + "/synthetics-group/TestCanary2/ServiceRole/ImportServiceRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/synthetics-group/TestCanary2/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestCanary2ServiceRole6DE3A04D" + } + ], + "/synthetics-group/TestCanary2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestCanary247DDF172" + } + ], + "/synthetics-group/TestGroup": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/synthetics-group/TestGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestGroupAF88660E" + } + ], + "/synthetics-group/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/synthetics-group/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "synthetics-group" + }, + "SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "SyntheticsGroupIntegTestDefaultTestDeployAssertCCD825E7.assets" + ], + "metadata": { + "/SyntheticsGroupIntegTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/SyntheticsGroupIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "SyntheticsGroupIntegTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "recommendedValue": true, + "explanation": "Pass signingProfileName to CfnSigningProfile" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "recommendedValue": true, + "explanation": "Disable implicit openListener when custom security groups are provided" + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": { + "userValue": false, + "recommendedValue": false, + "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**" + }, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**" + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + } + } + } + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/synthetics-group.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/synthetics-group.assets.json new file mode 100644 index 0000000000000..3019985b29aec --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/synthetics-group.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "ac93d05e7a9094b58e53324db52a01cc936ad384341baf280c67f2379f5c3747": { + "displayName": "synthetics-group Template", + "source": { + "path": "synthetics-group.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-30425ea1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "ac93d05e7a9094b58e53324db52a01cc936ad384341baf280c67f2379f5c3747.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/synthetics-group.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/synthetics-group.template.json new file mode 100644 index 0000000000000..45c3c5691a987 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/synthetics-group.template.json @@ -0,0 +1,480 @@ +{ + "Resources": { + "TestCanary1ArtifactsBucket0D00750B": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "aws:kms" + } + } + ] + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "TestCanary1ArtifactsBucketPolicyAAF29438": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "TestCanary1ArtifactsBucket0D00750B" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "TestCanary1ArtifactsBucket0D00750B", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "TestCanary1ArtifactsBucket0D00750B", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "TestCanary1ServiceRole41E6EC53": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:ListAllMyBuckets", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetBucketLocation", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TestCanary1ArtifactsBucket0D00750B", + "Arn" + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "TestCanary1ArtifactsBucket0D00750B", + "Arn" + ] + }, + "/*" + ] + ] + } + }, + { + "Action": "cloudwatch:PutMetricData", + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "CloudWatchSynthetics" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/cwsyn-*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "canaryPolicy" + } + ] + } + }, + "TestCanary193D30EFE": { + "Type": "AWS::Synthetics::Canary", + "Properties": { + "ArtifactS3Location": { + "Fn::Join": [ + "", + [ + "s3://", + { + "Ref": "TestCanary1ArtifactsBucket0D00750B" + } + ] + ] + }, + "Code": { + "Handler": "index.handler", + "Script": "\n const synthetics = require('Synthetics');\n const log = require('SyntheticsLogger');\n \n const basicCustomEntryPoint = async function () {\n log.info('Starting basic canary test');\n return await synthetics.executeStep('checkHomepage', async function () {\n const page = await synthetics.getPage();\n const response = await page.goto('https://example.com', { waitUntil: 'domcontentloaded', timeout: 30000 });\n await synthetics.takeScreenshot('homepage', 'loaded');\n if (response.status() !== 200) {\n throw 'Failed to load page!';\n }\n });\n };\n \n exports.handler = async () => {\n return await synthetics.executeStep('basicCustomEntryPoint', basicCustomEntryPoint);\n };\n " + }, + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "TestCanary1ServiceRole41E6EC53", + "Arn" + ] + }, + "Name": "test-canary-1-for-group", + "RuntimeVersion": "syn-nodejs-puppeteer-6.2", + "Schedule": { + "DurationInSeconds": "0", + "Expression": "rate(5 minutes)" + }, + "StartCanaryAfterCreation": true + } + }, + "TestCanary2ArtifactsBucketCA0FD872": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "aws:kms" + } + } + ] + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "TestCanary2ArtifactsBucketPolicy266DB4A4": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "TestCanary2ArtifactsBucketCA0FD872" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "TestCanary2ArtifactsBucketCA0FD872", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "TestCanary2ArtifactsBucketCA0FD872", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "TestCanary2ServiceRole6DE3A04D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:ListAllMyBuckets", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetBucketLocation", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TestCanary2ArtifactsBucketCA0FD872", + "Arn" + ] + } + }, + { + "Action": "s3:PutObject", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "TestCanary2ArtifactsBucketCA0FD872", + "Arn" + ] + }, + "/*" + ] + ] + } + }, + { + "Action": "cloudwatch:PutMetricData", + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "CloudWatchSynthetics" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/cwsyn-*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "canaryPolicy" + } + ] + } + }, + "TestCanary247DDF172": { + "Type": "AWS::Synthetics::Canary", + "Properties": { + "ArtifactS3Location": { + "Fn::Join": [ + "", + [ + "s3://", + { + "Ref": "TestCanary2ArtifactsBucketCA0FD872" + } + ] + ] + }, + "Code": { + "Handler": "index.handler", + "Script": "\n const synthetics = require('Synthetics');\n const log = require('SyntheticsLogger');\n \n const basicCustomEntryPoint = async function () {\n log.info('Starting second canary test');\n return await synthetics.executeStep('checkAPI', async function () {\n const page = await synthetics.getPage();\n const response = await page.goto('https://httpbin.org/get', { waitUntil: 'domcontentloaded', timeout: 30000 });\n await synthetics.takeScreenshot('api', 'loaded');\n if (response.status() !== 200) {\n throw 'Failed to load API!';\n }\n });\n };\n \n exports.handler = async () => {\n return await synthetics.executeStep('basicCustomEntryPoint', basicCustomEntryPoint);\n };\n " + }, + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "TestCanary2ServiceRole6DE3A04D", + "Arn" + ] + }, + "Name": "test-canary-2-for-group", + "RuntimeVersion": "syn-nodejs-puppeteer-6.2", + "Schedule": { + "DurationInSeconds": "0", + "Expression": "rate(5 minutes)" + }, + "StartCanaryAfterCreation": true + } + }, + "TestGroupAF88660E": { + "Type": "AWS::Synthetics::Group", + "Properties": { + "Name": "test-canary-group", + "ResourceArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":synthetics:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":canary:", + { + "Ref": "TestCanary193D30EFE" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":synthetics:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":canary:", + { + "Ref": "TestCanary247DDF172" + } + ] + ] + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/tree.json new file mode 100644 index 0000000000000..6611a435d943a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.js.snapshot/tree.json @@ -0,0 +1 @@ +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"synthetics-group":{"id":"synthetics-group","path":"synthetics-group","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"TestCanary1":{"id":"TestCanary1","path":"synthetics-group/TestCanary1","constructInfo":{"fqn":"aws-cdk-lib.aws_synthetics.Canary","version":"0.0.0","metadata":[{"test":"*","runtime":"*","canaryName":"*"}]},"children":{"ArtifactsBucket":{"id":"ArtifactsBucket","path":"synthetics-group/TestCanary1/ArtifactsBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"0.0.0","metadata":[{"encryption":"KMS_MANAGED","enforceSSL":true,"lifecycleRules":"*"}]},"children":{"Resource":{"id":"Resource","path":"synthetics-group/TestCanary1/ArtifactsBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms"}}]}}}},"Policy":{"id":"Policy","path":"synthetics-group/TestCanary1/ArtifactsBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"0.0.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"synthetics-group/TestCanary1/ArtifactsBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"TestCanary1ArtifactsBucket0D00750B"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["TestCanary1ArtifactsBucket0D00750B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["TestCanary1ArtifactsBucket0D00750B","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}}}},"ServiceRole":{"id":"ServiceRole","path":"synthetics-group/TestCanary1/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*","managedPolicies":[]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"synthetics-group/TestCanary1/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"synthetics-group/TestCanary1/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"canaryPolicy","policyDocument":{"Statement":[{"Action":"s3:ListAllMyBuckets","Effect":"Allow","Resource":"*"},{"Action":"s3:GetBucketLocation","Effect":"Allow","Resource":{"Fn::GetAtt":["TestCanary1ArtifactsBucket0D00750B","Arn"]}},{"Action":"s3:PutObject","Effect":"Allow","Resource":{"Fn::Join":["",[{"Fn::GetAtt":["TestCanary1ArtifactsBucket0D00750B","Arn"]},"/*"]]}},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"CloudWatchSynthetics"}},"Effect":"Allow","Resource":"*"},{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/cwsyn-*"]]}}],"Version":"2012-10-17"}}]}}}}},"Resource":{"id":"Resource","path":"synthetics-group/TestCanary1/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_synthetics.CfnCanary","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Synthetics::Canary","aws:cdk:cloudformation:props":{"artifactS3Location":{"Fn::Join":["",["s3://",{"Ref":"TestCanary1ArtifactsBucket0D00750B"}]]},"code":{"handler":"index.handler","script":"\n const synthetics = require('Synthetics');\n const log = require('SyntheticsLogger');\n \n const basicCustomEntryPoint = async function () {\n log.info('Starting basic canary test');\n return await synthetics.executeStep('checkHomepage', async function () {\n const page = await synthetics.getPage();\n const response = await page.goto('https://example.com', { waitUntil: 'domcontentloaded', timeout: 30000 });\n await synthetics.takeScreenshot('homepage', 'loaded');\n if (response.status() !== 200) {\n throw 'Failed to load page!';\n }\n });\n };\n \n exports.handler = async () => {\n return await synthetics.executeStep('basicCustomEntryPoint', basicCustomEntryPoint);\n };\n "},"executionRoleArn":{"Fn::GetAtt":["TestCanary1ServiceRole41E6EC53","Arn"]},"name":"test-canary-1-for-group","runtimeVersion":"syn-nodejs-puppeteer-6.2","schedule":{"durationInSeconds":"0","expression":"rate(5 minutes)"},"startCanaryAfterCreation":true}}}}},"TestCanary2":{"id":"TestCanary2","path":"synthetics-group/TestCanary2","constructInfo":{"fqn":"aws-cdk-lib.aws_synthetics.Canary","version":"0.0.0","metadata":[{"test":"*","runtime":"*","canaryName":"*"}]},"children":{"ArtifactsBucket":{"id":"ArtifactsBucket","path":"synthetics-group/TestCanary2/ArtifactsBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"0.0.0","metadata":[{"encryption":"KMS_MANAGED","enforceSSL":true,"lifecycleRules":"*"}]},"children":{"Resource":{"id":"Resource","path":"synthetics-group/TestCanary2/ArtifactsBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms"}}]}}}},"Policy":{"id":"Policy","path":"synthetics-group/TestCanary2/ArtifactsBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"0.0.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"synthetics-group/TestCanary2/ArtifactsBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"TestCanary2ArtifactsBucketCA0FD872"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["TestCanary2ArtifactsBucketCA0FD872","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["TestCanary2ArtifactsBucketCA0FD872","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}}}},"ServiceRole":{"id":"ServiceRole","path":"synthetics-group/TestCanary2/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*","managedPolicies":[]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"synthetics-group/TestCanary2/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"synthetics-group/TestCanary2/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"canaryPolicy","policyDocument":{"Statement":[{"Action":"s3:ListAllMyBuckets","Effect":"Allow","Resource":"*"},{"Action":"s3:GetBucketLocation","Effect":"Allow","Resource":{"Fn::GetAtt":["TestCanary2ArtifactsBucketCA0FD872","Arn"]}},{"Action":"s3:PutObject","Effect":"Allow","Resource":{"Fn::Join":["",[{"Fn::GetAtt":["TestCanary2ArtifactsBucketCA0FD872","Arn"]},"/*"]]}},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"CloudWatchSynthetics"}},"Effect":"Allow","Resource":"*"},{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/cwsyn-*"]]}}],"Version":"2012-10-17"}}]}}}}},"Resource":{"id":"Resource","path":"synthetics-group/TestCanary2/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_synthetics.CfnCanary","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Synthetics::Canary","aws:cdk:cloudformation:props":{"artifactS3Location":{"Fn::Join":["",["s3://",{"Ref":"TestCanary2ArtifactsBucketCA0FD872"}]]},"code":{"handler":"index.handler","script":"\n const synthetics = require('Synthetics');\n const log = require('SyntheticsLogger');\n \n const basicCustomEntryPoint = async function () {\n log.info('Starting second canary test');\n return await synthetics.executeStep('checkAPI', async function () {\n const page = await synthetics.getPage();\n const response = await page.goto('https://httpbin.org/get', { waitUntil: 'domcontentloaded', timeout: 30000 });\n await synthetics.takeScreenshot('api', 'loaded');\n if (response.status() !== 200) {\n throw 'Failed to load API!';\n }\n });\n };\n \n exports.handler = async () => {\n return await synthetics.executeStep('basicCustomEntryPoint', basicCustomEntryPoint);\n };\n "},"executionRoleArn":{"Fn::GetAtt":["TestCanary2ServiceRole6DE3A04D","Arn"]},"name":"test-canary-2-for-group","runtimeVersion":"syn-nodejs-puppeteer-6.2","schedule":{"durationInSeconds":"0","expression":"rate(5 minutes)"},"startCanaryAfterCreation":true}}}}},"TestGroup":{"id":"TestGroup","path":"synthetics-group/TestGroup","constructInfo":{"fqn":"aws-cdk-lib.aws_synthetics.Group","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"synthetics-group/TestGroup/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_synthetics.CfnGroup","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Synthetics::Group","aws:cdk:cloudformation:props":{"name":"test-canary-group","resourceArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":synthetics:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":canary:",{"Ref":"TestCanary193D30EFE"}]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":synthetics:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":canary:",{"Ref":"TestCanary247DDF172"}]]}]}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"synthetics-group/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"synthetics-group/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"SyntheticsGroupIntegTest":{"id":"SyntheticsGroupIntegTest","path":"SyntheticsGroupIntegTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"SyntheticsGroupIntegTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"SyntheticsGroupIntegTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"SyntheticsGroupIntegTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"SyntheticsGroupIntegTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"SyntheticsGroupIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.ts new file mode 100644 index 0000000000000..e1cb89d1ad90a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.group.ts @@ -0,0 +1,73 @@ +/// !cdk-integ synthetics-group + +import * as cdk from 'aws-cdk-lib/core'; +import { Canary, Code, Group, Runtime, Test } from 'aws-cdk-lib/aws-synthetics'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'synthetics-group'); + +const canary1 = new Canary(stack, 'TestCanary1', { + test: Test.custom({ + code: Code.fromInline(` + const synthetics = require('Synthetics'); + const log = require('SyntheticsLogger'); + + const basicCustomEntryPoint = async function () { + log.info('Starting basic canary test'); + return await synthetics.executeStep('checkHomepage', async function () { + const page = await synthetics.getPage(); + const response = await page.goto('https://example.com', { waitUntil: 'domcontentloaded', timeout: 30000 }); + await synthetics.takeScreenshot('homepage', 'loaded'); + if (response.status() !== 200) { + throw 'Failed to load page!'; + } + }); + }; + + exports.handler = async () => { + return await synthetics.executeStep('basicCustomEntryPoint', basicCustomEntryPoint); + }; + `), + handler: 'index.handler', + }), + runtime: Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2, + canaryName: 'test-canary-1-for-group', +}); + +const canary2 = new Canary(stack, 'TestCanary2', { + test: Test.custom({ + code: Code.fromInline(` + const synthetics = require('Synthetics'); + const log = require('SyntheticsLogger'); + + const basicCustomEntryPoint = async function () { + log.info('Starting second canary test'); + return await synthetics.executeStep('checkAPI', async function () { + const page = await synthetics.getPage(); + const response = await page.goto('https://httpbin.org/get', { waitUntil: 'domcontentloaded', timeout: 30000 }); + await synthetics.takeScreenshot('api', 'loaded'); + if (response.status() !== 200) { + throw 'Failed to load API!'; + } + }); + }; + + exports.handler = async () => { + return await synthetics.executeStep('basicCustomEntryPoint', basicCustomEntryPoint); + }; + `), + handler: 'index.handler', + }), + runtime: Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2, + canaryName: 'test-canary-2-for-group', +}); + +new Group(stack, 'TestGroup', { + groupName: 'test-canary-group', + canaries: [canary1, canary2], +}); + +new IntegTest(app, 'SyntheticsGroupIntegTest', { + testCases: [stack], +}); diff --git a/packages/aws-cdk-lib/aws-synthetics/README.md b/packages/aws-cdk-lib/aws-synthetics/README.md index 95275a03720b7..0426e4296d01d 100644 --- a/packages/aws-cdk-lib/aws-synthetics/README.md +++ b/packages/aws-cdk-lib/aws-synthetics/README.md @@ -38,7 +38,10 @@ const pageLoadBlueprint = async function () { const url = `https://api.example.com/${process.env.stage}/user/books/topbook/`; const page = await synthetics.getPage(); - const response = await page.goto(url, { waitUntil: 'domcontentloaded', timeout: 30000 }); + const response = await page.goto(url, { + waitUntil: 'domcontentloaded', + timeout: 30000, + }); // Wait for page to render. Increase or decrease wait time based on endpoint being monitored. await page.waitFor(15000); // This will take a screenshot that will be included in test output artifacts. @@ -99,7 +102,7 @@ For more information, see [Configuring your canary to retry automatically](https ```ts const canary = new synthetics.Canary(this, 'MyCanary', { - schedule: synthetics.Schedule.rate(Duration.minutes(5)), + schedule: synthetics.Schedule.rate(Duration.minutes(5)), test: synthetics.Test.custom({ handler: 'canary.handler', code: synthetics.Code.fromAsset(path.join(__dirname, 'canaries')), @@ -134,7 +137,7 @@ const canary = new synthetics.Canary(this, 'MyCanary', { You can set the maximum amount of memory the canary can use while running with the `memory` property. ```ts -import * as cdk from "aws-cdk-lib"; +import * as cdk from 'aws-cdk-lib'; const canary = new synthetics.Canary(this, 'MyCanary', { schedule: synthetics.Schedule.rate(Duration.minutes(5)), @@ -152,7 +155,7 @@ const canary = new synthetics.Canary(this, 'MyCanary', { You can set how long the canary is allowed to run before it must stop with the `timeout` property. ```ts -import * as cdk from "aws-cdk-lib"; +import * as cdk from 'aws-cdk-lib'; const canary = new synthetics.Canary(this, 'MyCanary', { schedule: synthetics.Schedule.rate(Duration.minutes(5)), @@ -170,6 +173,7 @@ const canary = new synthetics.Canary(this, 'MyCanary', { You can configure which browsers your canary uses for testing by specifying the `browserConfigs` property. This allows you to test your application across different browsers to ensure compatibility. Available browser types: + - `BrowserType.CHROME` - Google Chrome browser - `BrowserType.FIREFOX` - Mozilla Firefox browser @@ -196,10 +200,10 @@ const canary = new synthetics.Canary(this, 'MyCanary', { When you delete a lambda, the following underlying resources are isolated in your AWS account: - - Lambda Function that runs your canary script - - S3 Bucket for artifact storage - - IAM roles and policies - - Log Groups in CloudWatch Logs. +- Lambda Function that runs your canary script +- S3 Bucket for artifact storage +- IAM roles and policies +- Log Groups in CloudWatch Logs. To learn more about these underlying resources, see [Synthetics Canaries Deletion](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/synthetics_canaries_deletion.html). @@ -229,9 +233,9 @@ To configure the script the canary executes, use the `test` property. The `test` The `synthetics.Code` class exposes static methods to bundle your code artifacts: - - `code.fromInline(code)` - specify an inline script. - - `code.fromAsset(path)` - specify a .zip file or a directory in the local filesystem which will be zipped and uploaded to S3 on deployment. See the below Note for directory structure. - - `code.fromBucket(bucket, key[, objectVersion])` - specify an S3 object that contains the .zip file of your runtime code. See the below Note for directory structure. +- `code.fromInline(code)` - specify an inline script. +- `code.fromAsset(path)` - specify a .zip file or a directory in the local filesystem which will be zipped and uploaded to S3 on deployment. See the below Note for directory structure. +- `code.fromBucket(bucket, key[, objectVersion])` - specify an S3 object that contains the .zip file of your runtime code. See the below Note for directory structure. Using the `Code` class static initializers: @@ -401,9 +405,11 @@ const canary = new synthetics.Canary(this, 'MyCanary', { handler: 'index.handler', }), runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2, - artifactsBucketLifecycleRules: [{ - expiration: Duration.days(30), - }], + artifactsBucketLifecycleRules: [ + { + expiration: Duration.days(30), + }, + ], }); ``` @@ -425,9 +431,11 @@ const canary = new synthetics.Canary(this, 'MyCanary', { handler: 'index.handler', }), runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_7_0, - artifactsBucketLifecycleRules: [{ - expiration: Duration.days(30), - }], + artifactsBucketLifecycleRules: [ + { + expiration: Duration.days(30), + }, + ], artifactS3EncryptionMode: synthetics.ArtifactsEncryptionMode.KMS, artifactS3KmsKey: key, }); @@ -445,9 +453,72 @@ const canary = new synthetics.Canary(this, 'MyCanary', { handler: 'index.handler', }), runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_7_0, - resourcesToReplicateTags: [synthetics.ResourceToReplicateTags.LAMBDA_FUNCTION], + resourcesToReplicateTags: [ + synthetics.ResourceToReplicateTags.LAMBDA_FUNCTION, + ], }); ``` When you specify `ResourceToReplicateTags.LAMBDA_FUNCTION` in the `resourcesToReplicateTags` property, CloudWatch Synthetics will keep the tags of the canary and the Lambda function synchronized. Any future changes you make to the canary's tags will also be applied to the function. +## Groups + +You can create groups to associate canaries with each other, including cross-Region canaries. Using groups can help you with managing and automating your canaries, and you can also view aggregated run results and statistics for all canaries in a group. + +Groups are global resources. When you create a group, it is replicated across all AWS Regions that support groups, and you can add canaries from any of these Regions to it. + +### Creating a Group + +You can create a group and associate canaries with it: + +```ts +// First, declare your canaries +declare const canary1: synthetics.Canary; +declare const canary2: synthetics.Canary; + +const group = new synthetics.Group(this, 'MyCanaryGroup', { + groupName: 'production-canaries', + canaries: [canary1, canary2], +}); +``` + +### Adding Canaries to a Group + +You can add canaries to a group after creation: + +```ts +declare const canary: synthetics.Canary; + +const group = new synthetics.Group(this, 'MyCanaryGroup'); + +// Add canary to group +group.addCanary(canary); +``` + +### Group Limitations + +- Each group can contain as many as 10 canaries +- You can have as many as 20 groups in your account +- Any single canary can be a member of up to 10 groups + +### Importing Existing Groups + +You can import existing groups by ARN or name: + +```ts +// Import by ARN +const importedGroupByArn = synthetics.Group.fromGroupArn( + this, + 'ImportedGroup', + 'arn:aws:synthetics:us-east-1:123456789012:group:my-group' +); + +// Import by name +const importedGroupByName = synthetics.Group.fromGroupName( + this, + 'ImportedGroup', + 'my-group' +); +``` + +For more information about groups, see the [CloudWatch Synthetics Groups documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Groups.html). diff --git a/packages/aws-cdk-lib/aws-synthetics/lib/canary.ts b/packages/aws-cdk-lib/aws-synthetics/lib/canary.ts index 6b03031ad24ea..1aaef48ca6fda 100644 --- a/packages/aws-cdk-lib/aws-synthetics/lib/canary.ts +++ b/packages/aws-cdk-lib/aws-synthetics/lib/canary.ts @@ -1,6 +1,7 @@ import * as crypto from 'crypto'; import { Construct } from 'constructs'; import { Code } from './code'; +import { ICanary } from './interfaces'; import { Runtime, RuntimeFamily } from './runtime'; import { Schedule } from './schedule'; import { CloudWatchSyntheticsMetrics } from './synthetics-canned-metrics.generated'; @@ -395,12 +396,44 @@ export enum ArtifactsEncryptionMode { * Define a new Canary */ @propertyInjectable -export class Canary extends cdk.Resource implements ec2.IConnectable { +export class Canary extends cdk.Resource implements ec2.IConnectable, ICanary { /** * Uniquely identifies this class. */ public static readonly PROPERTY_INJECTION_ID: string = 'aws-cdk-lib.aws-synthetics.Canary'; + /** + * Import an existing canary by ARN + */ + public static fromCanaryArn(scope: Construct, id: string, canaryArn: string): ICanary { + const arnParts = cdk.Arn.split(canaryArn, cdk.ArnFormat.COLON_RESOURCE_NAME); + const canaryName = arnParts.resourceName; + + if (!canaryName) { + throw new ValidationError('Canary ARN must contain a canary name', scope); + } + + return Canary.fromCanaryName(scope, id, canaryName); + } + + /** + * Import an existing canary by name + */ + public static fromCanaryName(scope: Construct, id: string, canaryName: string): ICanary { + class Import extends cdk.Resource implements ICanary { + public readonly canaryId = canaryName; + public readonly canaryName = canaryName; + public readonly canaryArn = cdk.Stack.of(this).formatArn({ + service: 'synthetics', + resource: 'canary', + resourceName: canaryName, + arnFormat: cdk.ArnFormat.COLON_RESOURCE_NAME, + }); + } + + return new Import(scope, id); + } + /** * Execution role associated with this Canary. */ @@ -424,6 +457,12 @@ export class Canary extends cdk.Resource implements ec2.IConnectable { */ public readonly canaryName: string; + /** + * The canary ARN + * @attribute + */ + public readonly canaryArn: string; + /** * Bucket where data from each canary run is stored. */ @@ -500,6 +539,12 @@ export class Canary extends cdk.Resource implements ec2.IConnectable { this.canaryId = resource.attrId; this.canaryState = resource.attrState; this.canaryName = this.getResourceNameAttribute(resource.ref); + this.canaryArn = cdk.Stack.of(this).formatArn({ + service: 'synthetics', + resource: 'canary', + resourceName: this.canaryName, + arnFormat: cdk.ArnFormat.COLON_RESOURCE_NAME, + }); if (props.cleanup === Cleanup.LAMBDA) { this.cleanupUnderlyingResources(); @@ -758,7 +803,7 @@ export class Canary extends cdk.Resource implements ec2.IConnectable { if ( props.activeTracing && ( - // Only check runtime family is nodejs because versions prior to syn-nodejs-2.0 are deprecated and can no longer be configured. + // Only check runtime family is nodejs because versions prior to syn-nodejs-2.0 are deprecated and can no longer be configured. (!cdk.Token.isUnresolved(props.runtime.family) && props.runtime.family !== RuntimeFamily.NODEJS) || (!cdk.Token.isUnresolved(props.runtime.name) && props.runtime.name.includes('playwright')) ) diff --git a/packages/aws-cdk-lib/aws-synthetics/lib/group.ts b/packages/aws-cdk-lib/aws-synthetics/lib/group.ts new file mode 100644 index 0000000000000..8edbcf90a2894 --- /dev/null +++ b/packages/aws-cdk-lib/aws-synthetics/lib/group.ts @@ -0,0 +1,167 @@ +import { Construct } from 'constructs'; +import { ICanary, IGroup } from './interfaces'; +import { CfnGroup } from './synthetics.generated'; +import * as cdk from '../../core'; +import { ValidationError } from '../../core/lib/errors'; +import { addConstructMetadata } from '../../core/lib/metadata-resource'; + +/** + * Properties for defining a CloudWatch Synthetics Group + */ +export interface GroupProps { + /** + * A name for the group. It can include any Unicode characters. + * + * The names for all groups in your account, across all Regions, must be unique. + * + * @default - A unique name will be generated from the construct ID + */ + readonly groupName?: string; + + /** + * List of canaries to associate with this group. + * + * Each group can contain as many as 10 canaries. + * + * @default - No canaries are associated with the group initially + */ + readonly canaries?: ICanary[]; +} + +/** + * Define a new CloudWatch Synthetics Group + * + * Groups allow you to associate canaries with each other, including cross-Region canaries. + * Using groups can help you with managing and automating your canaries, and you can also + * view aggregated run results and statistics for all canaries in a group. + */ +export class Group extends cdk.Resource implements IGroup { + /** + * Import an existing group by ARN + */ + public static fromGroupArn(scope: Construct, id: string, groupArn: string): IGroup { + const arnParts = cdk.Arn.split(groupArn, cdk.ArnFormat.COLON_RESOURCE_NAME); + const groupName = arnParts.resourceName; + + if (!groupName) { + throw new ValidationError('Group ARN must contain a group name', scope); + } + + return Group.fromGroupName(scope, id, groupName); + } + + /** + * Import an existing group by name + */ + public static fromGroupName(scope: Construct, id: string, groupName: string): IGroup { + class Import extends cdk.Resource implements IGroup { + public readonly groupId = groupName; + public readonly groupName = groupName; + public readonly groupArn = cdk.Stack.of(this).formatArn({ + service: 'synthetics', + resource: 'group', + resourceName: groupName, + arnFormat: cdk.ArnFormat.COLON_RESOURCE_NAME, + }); + + public addCanary(_canary: ICanary): void { + throw new ValidationError('Cannot add canaries to an imported group', this); + } + } + + return new Import(scope, id); + } + + /** + * The ID of the group + * @attribute + */ + public readonly groupId: string; + + /** + * The name of the group + * @attribute + */ + public readonly groupName: string; + + /** + * The ARN of the group + * @attribute + */ + public readonly groupArn: string; + + private readonly _resource: CfnGroup; + private readonly _canaries: Set = new Set(); + + constructor(scope: Construct, id: string, props: GroupProps = {}) { + super(scope, id, { + physicalName: props.groupName || cdk.Lazy.string({ + produce: () => this.generateUniqueName(), + }), + }); + + // Enhanced CDK Analytics Telemetry + addConstructMetadata(this, props); + + if (props.canaries && props.canaries.length > 10) { + throw new ValidationError('A group can contain at most 10 canaries', this); + } + + if (props.canaries) { + props.canaries.forEach(canary => this._canaries.add(canary)); + } + + this._resource = new CfnGroup(this, 'Resource', { + name: this.physicalName, + resourceArns: cdk.Lazy.list({ + produce: () => Array.from(this._canaries).map(canary => canary.canaryArn), + }), + }); + + this.groupId = this._resource.attrId; + this.groupName = this.getResourceNameAttribute(this._resource.ref); + this.groupArn = cdk.Stack.of(this).formatArn({ + service: 'synthetics', + resource: 'group', + resourceName: this.groupId, + arnFormat: cdk.ArnFormat.COLON_RESOURCE_NAME, + }); + } + + /** + * Add a canary to this group + * + * @param canary The canary to add to the group + */ + public addCanary(canary: ICanary): void { + if (this._canaries.size >= 10) { + throw new ValidationError('A group can contain at most 10 canaries', this); + } + + this._canaries.add(canary); + } + + /** + * Get all canaries associated with this group + */ + public get canaries(): ICanary[] { + return Array.from(this._canaries); + } + + /** + * Generate a unique name for the group + */ + private generateUniqueName(): string { + const uniqueId = cdk.Names.uniqueId(this); + const maxLength = 64; // AWS limit for group names + + if (uniqueId.length <= maxLength) { + return uniqueId; + } + + // Truncate and add hash to ensure uniqueness + const hash = cdk.Names.nodeUniqueId(this.node).slice(-8); + const truncated = uniqueId.slice(0, maxLength - 9); // Leave room for hash and separator + return `${truncated}-${hash}`; + } +} diff --git a/packages/aws-cdk-lib/aws-synthetics/lib/index.ts b/packages/aws-cdk-lib/aws-synthetics/lib/index.ts index ee024834f2bf1..3d397144bb27b 100644 --- a/packages/aws-cdk-lib/aws-synthetics/lib/index.ts +++ b/packages/aws-cdk-lib/aws-synthetics/lib/index.ts @@ -1,5 +1,7 @@ export * from './canary'; export * from './code'; +export * from './group'; +export * from './interfaces'; export * from './runtime'; export * from './schedule'; diff --git a/packages/aws-cdk-lib/aws-synthetics/lib/interfaces.ts b/packages/aws-cdk-lib/aws-synthetics/lib/interfaces.ts new file mode 100644 index 0000000000000..84dabf76ee170 --- /dev/null +++ b/packages/aws-cdk-lib/aws-synthetics/lib/interfaces.ts @@ -0,0 +1,54 @@ +import * as cdk from '../../core'; + +/** + * Represents a CloudWatch Synthetics Canary + */ +export interface ICanary extends cdk.IResource { + /** + * The ID of the canary + * @attribute + */ + readonly canaryId: string; + + /** + * The name of the canary + * @attribute + */ + readonly canaryName: string; + + /** + * The ARN of the canary + * @attribute + */ + readonly canaryArn: string; +} + +/** + * Represents a CloudWatch Synthetics Group + */ +export interface IGroup extends cdk.IResource { + /** + * The ID of the group + * @attribute + */ + readonly groupId: string; + + /** + * The name of the group + * @attribute + */ + readonly groupName: string; + + /** + * The ARN of the group + * @attribute + */ + readonly groupArn: string; + + /** + * Add a canary to this group + * + * @param canary The canary to add to the group + */ + addCanary(canary: ICanary): void; +} diff --git a/packages/aws-cdk-lib/aws-synthetics/test/canary.test.ts b/packages/aws-cdk-lib/aws-synthetics/test/canary.test.ts index 41a7f72ad209f..61bd3ccc43cf0 100644 --- a/packages/aws-cdk-lib/aws-synthetics/test/canary.test.ts +++ b/packages/aws-cdk-lib/aws-synthetics/test/canary.test.ts @@ -1347,3 +1347,33 @@ describe('Browser configurations', () => { }).toThrow('Firefox browser is not supported with Python Selenium runtimes. Use Chrome instead or switch to a Node.js runtime with Puppeteer or Playwright.'); }); }); + +describe('Browser configurations', () => { + test('can import canary by ARN', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const canary = synthetics.Canary.fromCanaryArn( + stack, + 'ImportedCanary', + 'arn:aws:synthetics:us-east-1:123456789012:canary:my-canary', + ); + + // THEN + expect(canary.canaryName).toBe('my-canary'); + expect(canary.canaryArn).toContain('my-canary'); + }); + + test('can import canary by name', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const canary = synthetics.Canary.fromCanaryName(stack, 'ImportedCanary', 'my-canary'); + + // THEN + expect(canary.canaryName).toBe('my-canary'); + expect(canary.canaryId).toBe('my-canary'); + }); +}); diff --git a/packages/aws-cdk-lib/aws-synthetics/test/group.test.ts b/packages/aws-cdk-lib/aws-synthetics/test/group.test.ts new file mode 100644 index 0000000000000..9cec10841744c --- /dev/null +++ b/packages/aws-cdk-lib/aws-synthetics/test/group.test.ts @@ -0,0 +1,147 @@ +import { Template } from '../../assertions'; +import { Stack } from '../../core'; +import * as synthetics from '../lib'; + +describe('Group', () => { + let stack: Stack; + + beforeEach(() => { + stack = new Stack(); + }); + + test('can create a basic group', () => { + // WHEN + new synthetics.Group(stack, 'Group'); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Synthetics::Group', { + Name: 'Group', + }); + }); + + test('can create a group with a custom name', () => { + // WHEN + new synthetics.Group(stack, 'Group', { + groupName: 'my-test-group', + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Synthetics::Group', { + Name: 'my-test-group', + }); + }); + + test('can create a group with canaries', () => { + // GIVEN + const canary = new synthetics.Canary(stack, 'Canary', { + test: synthetics.Test.custom({ + code: synthetics.Code.fromInline('exports.handler = async () => {};'), + handler: 'index.handler', + }), + runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_9_1, + }); + + // WHEN + new synthetics.Group(stack, 'Group', { + canaries: [canary], + }); + + // THEN + const template = Template.fromStack(stack); + const groupResources = template.findResources('AWS::Synthetics::Group'); + const groupResource = Object.values(groupResources)[0] as any; + expect(groupResource.Properties.ResourceArns).toHaveLength(1); + expect(groupResource.Properties.ResourceArns[0]).toMatchObject({ + 'Fn::Join': expect.arrayContaining([ + '', + expect.arrayContaining([ + 'arn:', + { Ref: 'AWS::Partition' }, + ':synthetics:', + { Ref: 'AWS::Region' }, + ':', + { Ref: 'AWS::AccountId' }, + ':canary:', + expect.any(Object), + ]), + ]), + }); + }); + + test('can add canaries to a group after creation', () => { + // GIVEN + const group = new synthetics.Group(stack, 'Group'); + const canary = new synthetics.Canary(stack, 'Canary', { + test: synthetics.Test.custom({ + code: synthetics.Code.fromInline('exports.handler = async () => {};'), + handler: 'index.handler', + }), + runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_9_1, + }); + + // WHEN + group.addCanary(canary); + + // THEN + const template = Template.fromStack(stack); + const groupResources = template.findResources('AWS::Synthetics::Group'); + const groupResource = Object.values(groupResources)[0] as any; + expect(groupResource.Properties.ResourceArns).toHaveLength(1); + }); + + test('throws error when adding more than 10 canaries', () => { + // GIVEN + const group = new synthetics.Group(stack, 'Group'); + const canaries = Array.from({ length: 11 }, (_, i) => + new synthetics.Canary(stack, `Canary${i}`, { + test: synthetics.Test.custom({ + code: synthetics.Code.fromInline('exports.handler = async () => {};'), + handler: 'index.handler', + }), + runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_9_1, + }), + ); + + // WHEN / THEN + canaries.slice(0, 10).forEach(canary => group.addCanary(canary)); + expect(() => group.addCanary(canaries[10])).toThrow('A group can contain at most 10 canaries'); + }); + + test('throws error when creating group with more than 10 canaries', () => { + // GIVEN + const canaries = Array.from({ length: 11 }, (_, i) => + new synthetics.Canary(stack, `Canary${i}`, { + test: synthetics.Test.custom({ + code: synthetics.Code.fromInline('exports.handler = async () => {};'), + handler: 'index.handler', + }), + runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_9_1, + }), + ); + + // WHEN / THEN + expect(() => new synthetics.Group(stack, 'Group', { canaries })).toThrow('A group can contain at most 10 canaries'); + }); + + test('can import group by ARN', () => { + // WHEN + const group = synthetics.Group.fromGroupArn( + stack, + 'ImportedGroup', + 'arn:aws:synthetics:us-east-1:123456789012:group:my-group', + ); + + // THEN + expect(group.groupName).toBe('my-group'); + expect(group.groupArn).toContain('my-group'); + }); + + test('can import group by name', () => { + // WHEN + const group = synthetics.Group.fromGroupName(stack, 'ImportedGroup', 'my-group'); + + // THEN + expect(group.groupName).toBe('my-group'); + expect(group.groupId).toBe('my-group'); + }); +});