Merge branch 'master' into syn-nodejs-puppeteer-3.3

aws · Oct 25, 2021 · a3f6652 · a3f6652
2 parents 3584c5f + c36c73f
commit a3f6652
Show file tree

Hide file tree

Showing 30 changed files with 1,103 additions and 254 deletions.
diff --git a/packages/@aws-cdk/aws-cloudfront/lib/cache-policy.ts b/packages/@aws-cdk/aws-cloudfront/lib/cache-policy.ts
@@ -85,9 +85,13 @@ export interface CachePolicyProps {
  * A Cache Policy configuration.
  *
  * @resource AWS::CloudFront::CachePolicy
+ * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html
  */
 export class CachePolicy extends Resource implements ICachePolicy {
-
+  /**
+   * This policy is designed for use with an origin that is an AWS Amplify web app.
+   */
+  public static readonly AMPLIFY = CachePolicy.fromManagedCachePolicy('2e54312d-136d-493c-8eb9-b001f22f67d2');
   /**
    * Optimize cache efficiency by minimizing the values that CloudFront includes in the cache key.
    * Query strings and cookies are not included in the cache key, and only the normalized 'Accept-Encoding' header is included.

diff --git a/packages/@aws-cdk/aws-ec2/README.md b/packages/@aws-cdk/aws-ec2/README.md
@@ -744,7 +744,7 @@ By default, a new security group is created and logging is enabled. Moreover, a
 authorize all users to the VPC CIDR is created.
 
 To customize authorization rules, set the `authorizeAllUsersToVpcCidr` prop to `false`
-and use `addaddAuthorizationRule()`:
+and use `addAuthorizationRule()`:
 
 ```ts fixture=client-vpn
 const endpoint = vpc.addClientVpnEndpoint('Endpoint', {
@@ -1110,6 +1110,7 @@ const instance = new ec2.Instance(this, 'Instance', {
 const localPath = instance.userData.addS3DownloadCommand({
   bucket:asset.bucket,
   bucketKey:asset.s3ObjectKey,
+  region: 'us-east-1', // Optional
 });
 instance.userData.addExecuteFileCommand({
   filePath:localPath,

diff --git a/packages/@aws-cdk/aws-ec2/lib/instance-types.ts b/packages/@aws-cdk/aws-ec2/lib/instance-types.ts
@@ -372,6 +372,20 @@ export enum InstanceClass {
    */
   X1E = 'x1e',
 
+  /**
+   * Memory-intensive instances, 2nd generation with Graviton2 processors
+   *
+   * This instance type can be used only in RDS. It is not supported in EC2.
+   */
+  MEMORY_INTENSIVE_2_GRAVITON2 = 'x2g',
+
+  /**
+   * Memory-intensive instances, 2nd generation with Graviton2 processors
+   *
+   * This instance type can be used only in RDS. It is not supported in EC2.
+   */
+  X2G = 'x2g',
+
   /**
    * Memory-intensive instances, 2nd generation with Graviton2 processors and local NVME drive
    */

diff --git a/packages/@aws-cdk/aws-ec2/lib/user-data.ts b/packages/@aws-cdk/aws-ec2/lib/user-data.ts
@@ -37,6 +37,12 @@ export interface S3DownloadOptions {
    */
   readonly localFile?: string;
 
+  /**
+   * The region of the S3 Bucket (needed for access via VPC Gateway)
+   * @default none
+   */
+  readonly region?: string
+
 }
 
 /**
@@ -156,7 +162,7 @@ class LinuxUserData extends UserData {
     const localPath = ( params.localFile && params.localFile.length !== 0 ) ? params.localFile : `/tmp/${ params.bucketKey }`;
     this.addCommands(
       `mkdir -p $(dirname '${localPath}')`,
-      `aws s3 cp '${s3Path}' '${localPath}'`,
+      `aws s3 cp '${s3Path}' '${localPath}'` + (params.region !== undefined ? ` --region ${params.region}` : ''),
     );
 
     return localPath;
@@ -215,7 +221,7 @@ class WindowsUserData extends UserData {
     const localPath = ( params.localFile && params.localFile.length !== 0 ) ? params.localFile : `C:/temp/${ params.bucketKey }`;
     this.addCommands(
       `mkdir (Split-Path -Path '${localPath}' ) -ea 0`,
-      `Read-S3Object -BucketName '${params.bucket.bucketName}' -key '${params.bucketKey}' -file '${localPath}' -ErrorAction Stop`,
+      `Read-S3Object -BucketName '${params.bucket.bucketName}' -key '${params.bucketKey}' -file '${localPath}' -ErrorAction Stop` + (params.region !== undefined ? ` -Region ${params.region}` : ''),
     );
     return localPath;
   }

diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc-lookup.ts b/packages/@aws-cdk/aws-ec2/lib/vpc-lookup.ts
@@ -48,4 +48,11 @@ export interface VpcLookupOptions {
    * @default aws-cdk:subnet-name
    */
   readonly subnetGroupNameTag?: string;
+
+  /**
+   * Optional to override inferred region
+   *
+   * @default Current stack's environment region
+   */
+  readonly region?: string;
 }
diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc.ts b/packages/@aws-cdk/aws-ec2/lib/vpc.ts
@@ -1,7 +1,7 @@
 import * as cxschema from '@aws-cdk/cloud-assembly-schema';
 import {
   Annotations, ConcreteDependable, ContextProvider, DependableTrait, IConstruct,
-  IDependable, IResource, Lazy, Resource, Stack, Token, Tags, Names,
+  IDependable, IResource, Lazy, Resource, Stack, Token, Tags, Names, Arn,
 } from '@aws-cdk/core';
 import * as cxapi from '@aws-cdk/cx-api';
 import { Construct, Node } from 'constructs';
@@ -78,6 +78,12 @@ export interface IVpc extends IResource {
    */
   readonly vpcId: string;
 
+  /**
+   * ARN for this VPC
+   * @attribute
+   */
+  readonly vpcArn: string;
+
   /**
    * CIDR range for this VPC
    *
@@ -357,6 +363,11 @@ abstract class VpcBase extends Resource implements IVpc {
    */
   public abstract readonly vpcId: string;
 
+  /**
+   * Arn of this VPC
+   */
+  public abstract readonly vpcArn: string;
+
   /**
    * CIDR range for this VPC
    */
@@ -1118,9 +1129,15 @@ export class Vpc extends VpcBase {
       filter.isDefault = options.isDefault ? 'true' : 'false';
     }
 
+    const overrides: {[key: string]: string} = {};
+    if (options.region) {
+      overrides.region = options.region;
+    }
+
     const attributes: cxapi.VpcContextResponse = ContextProvider.getValue(scope, {
       provider: cxschema.ContextProvider.VPC_PROVIDER,
       props: {
+        ...overrides,
         filter,
         returnAsymmetricSubnets: true,
         subnetGroupNameTag: options.subnetGroupNameTag,
@@ -1147,6 +1164,11 @@ export class Vpc extends VpcBase {
    */
   public readonly vpcId: string;
 
+  /**
+   * @attribute
+   */
+  public readonly vpcArn: string;
+
   /**
    * @attribute
    */
@@ -1277,6 +1299,11 @@ export class Vpc extends VpcBase {
     this.availabilityZones = this.availabilityZones.slice(0, maxAZs);
 
     this.vpcId = this.resource.ref;
+    this.vpcArn = Arn.format({
+      service: 'ec2',
+      resource: 'vpc',
+      resourceName: this.vpcId,
+    }, stack);
 
     const defaultSubnet = props.natGateways === 0 ? Vpc.DEFAULT_SUBNETS_NO_NAT : Vpc.DEFAULT_SUBNETS;
     this.subnetConfiguration = ifUndefined(props.subnetConfiguration, defaultSubnet);
@@ -1853,6 +1880,7 @@ function ifUndefined<T>(value: T | undefined, defaultValue: T): T {
 
 class ImportedVpc extends VpcBase {
   public readonly vpcId: string;
+  public readonly vpcArn: string;
   public readonly publicSubnets: ISubnet[];
   public readonly privateSubnets: ISubnet[];
   public readonly isolatedSubnets: ISubnet[];
@@ -1864,6 +1892,11 @@ class ImportedVpc extends VpcBase {
     super(scope, id);
 
     this.vpcId = props.vpcId;
+    this.vpcArn = Arn.format({
+      service: 'ec2',
+      resource: 'vpc',
+      resourceName: this.vpcId,
+    }, Stack.of(this));
     this.cidr = props.vpcCidrBlock;
     this.availabilityZones = props.availabilityZones;
     this._vpnGatewayId = props.vpnGatewayId;
@@ -1897,6 +1930,7 @@ class ImportedVpc extends VpcBase {
 
 class LookedUpVpc extends VpcBase {
   public readonly vpcId: string;
+  public readonly vpcArn: string;
   public readonly internetConnectivityEstablished: IDependable = new ConcreteDependable();
   public readonly availabilityZones: string[];
   public readonly publicSubnets: ISubnet[];
@@ -1908,6 +1942,11 @@ class LookedUpVpc extends VpcBase {
     super(scope, id);
 
     this.vpcId = props.vpcId;
+    this.vpcArn = Arn.format({
+      service: 'ec2',
+      resource: 'vpc',
+      resourceName: this.vpcId,
+    }, Stack.of(this));
     this.cidr = props.vpcCidrBlock;
     this._vpnGatewayId = props.vpnGatewayId;
     this.incompleteSubnetDefinition = isIncomplete;

diff --git a/packages/@aws-cdk/aws-ec2/test/userdata.test.ts b/packages/@aws-cdk/aws-ec2/test/userdata.test.ts
@@ -85,6 +85,35 @@ describe('user data', () => {
       'Read-S3Object -BucketName \'test2\' -key \'filename2.bat\' -file \'c:\\test\\location\\otherScript.bat\' -ErrorAction Stop</powershell>',
     );
 
+  });
+  test('can windows userdata download S3 files with given region', () => {
+    // GIVEN
+    const stack = new Stack();
+    const userData = ec2.UserData.forWindows();
+    const bucket = Bucket.fromBucketName( stack, 'testBucket', 'test' );
+    const bucket2 = Bucket.fromBucketName( stack, 'testBucket2', 'test2' );
+
+    // WHEN
+    userData.addS3DownloadCommand({
+      bucket,
+      bucketKey: 'filename.bat',
+      region: 'us-east-1',
+    } );
+    userData.addS3DownloadCommand({
+      bucket: bucket2,
+      bucketKey: 'filename2.bat',
+      localFile: 'c:\\test\\location\\otherScript.bat',
+      region: 'us-east-1',
+    } );
+
+    // THEN
+    const rendered = userData.render();
+    expect(rendered).toEqual('<powershell>mkdir (Split-Path -Path \'C:/temp/filename.bat\' ) -ea 0\n' +
+      'Read-S3Object -BucketName \'test\' -key \'filename.bat\' -file \'C:/temp/filename.bat\' -ErrorAction Stop -Region us-east-1\n' +
+      'mkdir (Split-Path -Path \'c:\\test\\location\\otherScript.bat\' ) -ea 0\n' +
+      'Read-S3Object -BucketName \'test2\' -key \'filename2.bat\' -file \'c:\\test\\location\\otherScript.bat\' -ErrorAction Stop -Region us-east-1</powershell>',
+    );
+
   });
   test('can windows userdata execute files', () => {
     // GIVEN
@@ -189,6 +218,36 @@ describe('user data', () => {
       'aws s3 cp \'s3://test2/filename2.sh\' \'c:\\test\\location\\otherScript.sh\'',
     );
 
+  });
+  test('can linux userdata download S3 files from specific region', () => {
+    // GIVEN
+    const stack = new Stack();
+    const userData = ec2.UserData.forLinux();
+    const bucket = Bucket.fromBucketName( stack, 'testBucket', 'test' );
+    const bucket2 = Bucket.fromBucketName( stack, 'testBucket2', 'test2' );
+
+    // WHEN
+    userData.addS3DownloadCommand({
+      bucket,
+      bucketKey: 'filename.sh',
+      region: 'us-east-1',
+    } );
+    userData.addS3DownloadCommand({
+      bucket: bucket2,
+      bucketKey: 'filename2.sh',
+      localFile: 'c:\\test\\location\\otherScript.sh',
+      region: 'us-east-1',
+    } );
+
+    // THEN
+    const rendered = userData.render();
+    expect(rendered).toEqual('#!/bin/bash\n' +
+      'mkdir -p $(dirname \'/tmp/filename.sh\')\n' +
+      'aws s3 cp \'s3://test/filename.sh\' \'/tmp/filename.sh\' --region us-east-1\n' +
+      'mkdir -p $(dirname \'c:\\test\\location\\otherScript.sh\')\n' +
+      'aws s3 cp \'s3://test2/filename2.sh\' \'c:\\test\\location\\otherScript.sh\' --region us-east-1',
+    );
+
   });
   test('can linux userdata execute files', () => {
     // GIVEN

diff --git a/packages/@aws-cdk/aws-ec2/test/vpc.from-lookup.test.ts b/packages/@aws-cdk/aws-ec2/test/vpc.from-lookup.test.ts
@@ -250,6 +250,24 @@ describe('vpc from lookup', () => {
       restoreContextProvider(previous);
 
     });
+    test('passes account and region', () => {
+      const previous = mockVpcContextProviderWith({
+        vpcId: 'vpc-1234',
+        subnetGroups: [],
+      }, options => {
+        expect(options.region).toEqual('region-1234');
+      });
+
+      const stack = new Stack();
+      const vpc = Vpc.fromLookup(stack, 'Vpc', {
+        vpcId: 'vpc-1234',
+        region: 'region-1234',
+      });
+
+      expect(vpc.vpcId).toEqual('vpc-1234');
+
+      restoreContextProvider(previous);
+    });
   });
 });
 

diff --git a/packages/@aws-cdk/aws-ec2/test/vpc.test.ts b/packages/@aws-cdk/aws-ec2/test/vpc.test.ts
@@ -36,7 +36,12 @@ describe('vpc', () => {
         const stack = getTestStack();
         const vpc = new Vpc(stack, 'TheVPC');
         expect(stack.resolve(vpc.vpcId)).toEqual({ Ref: 'TheVPC92636AB0' });
+      });
 
+      test('vpc.vpcArn returns a token to the VPC ID', () => {
+        const stack = getTestStack();
+        const vpc = new Vpc(stack, 'TheVPC');
+        expect(stack.resolve(vpc.vpcArn)).toEqual({ 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':ec2:us-east-1:123456789012:vpc/', { Ref: 'TheVPC92636AB0' }]] });
       });
 
       test('it uses the correct network range', () => {
@@ -1786,4 +1791,4 @@ function hasTags(expectedTags: Array<{Key: string, Value: string}>): (props: any
       throw e;
     }
   };
-}
+}
diff --git a/packages/@aws-cdk/aws-rds/lib/cluster.ts b/packages/@aws-cdk/aws-rds/lib/cluster.ts
@@ -327,7 +327,7 @@ abstract class DatabaseClusterNew extends DatabaseClusterBase {
       }),
     ];
 
-    let { s3ImportRole, s3ExportRole } = setupS3ImportExport(this, props);
+    let { s3ImportRole, s3ExportRole } = setupS3ImportExport(this, props, /* combineRoles */ false);
     // bind the engine to the Cluster
     const clusterEngineBindConfig = props.engine.bindToCluster(this, {
       s3ImportRole,

diff --git a/packages/@aws-cdk/aws-rds/lib/instance.ts b/packages/@aws-cdk/aws-rds/lib/instance.ts
@@ -576,7 +576,6 @@ export interface DatabaseInstanceNewProps {
 
   /**
    * Role that will be associated with this DB instance to enable S3 export.
-   * This feature is only supported by the Microsoft SQL Server and Oracle engines.
    *
    * This property must not be used if `s3ExportBuckets` is used.
    *
@@ -591,7 +590,6 @@ export interface DatabaseInstanceNewProps {
 
   /**
    * S3 buckets that you want to load data into.
-   * This feature is only supported by the Microsoft SQL Server and Oracle engines.
    *
    * This property must not be used if `s3ExportRole` is used.
    *
@@ -847,7 +845,10 @@ abstract class DatabaseInstanceSource extends DatabaseInstanceNew implements IDa
     this.multiUserRotationApplication = props.engine.multiUserRotationApplication;
     this.engine = props.engine;
 
-    let { s3ImportRole, s3ExportRole } = setupS3ImportExport(this, props, true);
+    const engineType = props.engine.engineType;
+    // only Oracle and SQL Server require the import and export Roles to be the same
+    const combineRoles = engineType.startsWith('oracle-') || engineType.startsWith('sqlserver-');
+    let { s3ImportRole, s3ExportRole } = setupS3ImportExport(this, props, combineRoles);
     const engineConfig = props.engine.bindToInstance(this, {
       ...props,
       s3ImportRole,
@@ -866,8 +867,8 @@ abstract class DatabaseInstanceSource extends DatabaseInstanceNew implements IDa
       if (!engineFeatures?.s3Export) {
         throw new Error(`Engine '${engineDescription(props.engine)}' does not support S3 export`);
       }
-      // Only add the export role and feature if they are different from the import role & feature.
-      if (s3ImportRole !== s3ExportRole || engineFeatures.s3Import !== engineFeatures?.s3Export) {
+      // only add the export feature if it's different from the import feature
+      if (engineFeatures.s3Import !== engineFeatures?.s3Export) {
         instanceAssociatedRoles.push({ roleArn: s3ExportRole.roleArn, featureName: engineFeatures?.s3Export });
       }
     }
@@ -883,7 +884,7 @@ abstract class DatabaseInstanceSource extends DatabaseInstanceNew implements IDa
       allowMajorVersionUpgrade: props.allowMajorVersionUpgrade,
       dbName: props.databaseName,
       dbParameterGroupName: instanceParameterGroupConfig?.parameterGroupName,
-      engine: props.engine.engineType,
+      engine: engineType,
       engineVersion: props.engine.engineVersion?.fullVersion,
       licenseModel: props.licenseModel,
       timezone: props.timezone,