Merge branch 'master' into yattoni/lambda-singleton-function-bind-to-vpc

.github/ISSUE_TEMPLATE/bug.md

@@ -15,7 +15,10 @@ description of the bug:
 ### Reproduction Steps
 
 <!--
-minimal amount of code that causes the bug (if possible) or a reference:
+minimal amount of code that causes the bug (if possible) or a reference.
+
+The code sample should be an SSCCE. See http://sscce.org/ for details.
+In short, provide a code sample that we can copy/paste, run and reproduce.
 -->
 
 ### What did you expect to happen?

.mergify.yml

@@ -6,7 +6,7 @@ pull_request_rules:
       label:
         add: [ contribution/core ]
     conditions:
-      - author~=^(eladb|RomainMuller|garnaat|nija-at|skinny85|rix0rrr|NGL321|Jerry-AWS|MrArnoldPalmer|NetaNir|iliapolo|njlynch|ericzbeard|ccfife|fulghum|pkandasamy91|SoManyHs|uttarasridhar)$
+      - author~=^(eladb|RomainMuller|garnaat|nija-at|skinny85|rix0rrr|NGL321|Jerry-AWS|MrArnoldPalmer|NetaNir|iliapolo|njlynch|ericzbeard|ccfife|fulghum|pkandasamy91|SoManyHs|uttarasridhar|otaviomacedo|BenChaimberg|madeline-k)$
       - -label~="contribution/core"
   - name: automatic merge
     actions:

CHANGELOG.md

@@ -2,6 +2,70 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.104.0](https://github.com/aws/aws-cdk/compare/v1.103.0...v1.104.0) (2021-05-14)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **apigatewayv2:** setting the authorizer of an API route to HttpNoneAuthorizer will now remove any existing authorizer on the route
+
+### Features
+
+* **appsync:** elasticsearch data source for graphql api ([#14651](https://github.com/aws/aws-cdk/issues/14651)) ([2337b5d](https://github.com/aws/aws-cdk/commit/2337b5d965028ba06d6ff72f991c0b8e46433a8f)), closes [#6063](https://github.com/aws/aws-cdk/issues/6063)
+* **cfnspec:** cloudformation spec v35.2.0 ([#14610](https://github.com/aws/aws-cdk/issues/14610)) ([799ce1a](https://github.com/aws/aws-cdk/commit/799ce1a7d5fb261cae92d514b4f7e315d8f0e589))
+* **cloudwatch:** GraphWidget supports period and statistic ([#14679](https://github.com/aws/aws-cdk/issues/14679)) ([b240f6e](https://github.com/aws/aws-cdk/commit/b240f6ece74d129e5f43b210e8ad12f95c4a2971))
+* **cloudwatch:** time range support for GraphWidget ([#14659](https://github.com/aws/aws-cdk/issues/14659)) ([010a6b1](https://github.com/aws/aws-cdk/commit/010a6b1a14f14be5001779644df3d3a2e27d4e71)), closes [#4649](https://github.com/aws/aws-cdk/issues/4649)
+* **ecs:** add support for EC2 Capacity Providers ([#14386](https://github.com/aws/aws-cdk/issues/14386)) ([114f7cc](https://github.com/aws/aws-cdk/commit/114f7ccdaf736988834fe2be487363a992a31369))
+* **secretsmanager:** Automatically grant permissions to rotation Lambda ([#14471](https://github.com/aws/aws-cdk/issues/14471)) ([85e00fa](https://github.com/aws/aws-cdk/commit/85e00faf1e3bcc32c2f7aa881d42c6d1f6c17f63))
+
+
+### Bug Fixes
+
+* **apigatewayv2:** authorizer is not removed when HttpNoneAuthorizer is used ([#14424](https://github.com/aws/aws-cdk/issues/14424)) ([3698a91](https://github.com/aws/aws-cdk/commit/3698a91ac81a31f763c55487f200458d5b5eaf0f))
+* **ecs:** Classes FargateService and Ec2Service have no defaultChild ([#14691](https://github.com/aws/aws-cdk/issues/14691)) ([348e11e](https://github.com/aws/aws-cdk/commit/348e11e26edc0ff90b623b7cec778f4935e61e6d)), closes [#14665](https://github.com/aws/aws-cdk/issues/14665)
+* **events-targets:** circular dependency when adding a KMS-encrypted SQS queue  ([#14638](https://github.com/aws/aws-cdk/issues/14638)) ([3063818](https://github.com/aws/aws-cdk/commit/3063818aa7c3c3ff56cf55254b0f6561db190a3e)), closes [#11158](https://github.com/aws/aws-cdk/issues/11158)
+* **lambda:** custom resource fails to connect to efs filesystem ([#14431](https://github.com/aws/aws-cdk/issues/14431)) ([10a633c](https://github.com/aws/aws-cdk/commit/10a633c8cda9f21b85c82f911d88641f3a362c4d))
+* **lambda-event-sources:** incorrect documented defaults for stream types ([#14562](https://github.com/aws/aws-cdk/issues/14562)) ([0ea24e9](https://github.com/aws/aws-cdk/commit/0ea24e95939412765c0e09133a7793557f779c76)), closes [#13908](https://github.com/aws/aws-cdk/issues/13908)
+* **lambda-nodejs:** handler filename missing from error message ([#14564](https://github.com/aws/aws-cdk/issues/14564)) ([256fd4c](https://github.com/aws/aws-cdk/commit/256fd4c6fcdbe6519bc70f62415557dbeae950a1))
+
+## [1.103.0](https://github.com/aws/aws-cdk/compare/v1.102.0...v1.103.0) (2021-05-10)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **appmesh:** HealthChecks require use of static factory methods
+* **apigatewayv2:** The `metricXXX` methods are no longer available in the
+`IApi` interface. The existing ones are moved into `IHttpApi` and new
+ones will be added to `IWebsocketApi`.
+* **apigatewayv2:** The `metricXXX` methods are no longer available in
+the `IStage` interface. The existing ones are moved into `IHttpStage`
+and new ones will be added to the `IWebsocketStage`.
+* **lambda-nodejs:** the default runtime version for `NodejsFunction` is now always `NODEJS_14_X` (previously the version was derived from the local NodeJS runtime and could be either 12.x or 14.x).
+
+### Features
+
+* **appmesh:** change HealthChecks to use protocol-specific union-like classes ([#14432](https://github.com/aws/aws-cdk/issues/14432)) ([063ddc7](https://github.com/aws/aws-cdk/commit/063ddc7315954a2104ac7aa4cb98f96239b8dd1e))
+* **aws-ecs:** Expose logdriver "mode" property ([#13965](https://github.com/aws/aws-cdk/issues/13965)) ([28fce22](https://github.com/aws/aws-cdk/commit/28fce2264448820495d921ed08ae0d3084442876)), closes [#13845](https://github.com/aws/aws-cdk/issues/13845)
+* **cloudwatch:** validate parameters for a metric dimensions (closes [#3116](https://github.com/aws/aws-cdk/issues/3116)) ([#14365](https://github.com/aws/aws-cdk/issues/14365)) ([4a24d61](https://github.com/aws/aws-cdk/commit/4a24d61654ef77557350e35443ddab7597d61736))
+* **docdb:** Support multiple security groups to DatabaseCluster ([#13290](https://github.com/aws/aws-cdk/issues/13290)) ([1a97b66](https://github.com/aws/aws-cdk/commit/1a97b6664f9124ec21a6db39be600cee0411ab8c))
+* **elbv2:** preserveClientIp for NetworkTargetGroup ([#14589](https://github.com/aws/aws-cdk/issues/14589)) ([d676ffc](https://github.com/aws/aws-cdk/commit/d676ffccb28d530a18d0e1630df0940632122a27))
+* **kinesis:** Basic stream level metrics ([#12556](https://github.com/aws/aws-cdk/issues/12556)) ([5f1b576](https://github.com/aws/aws-cdk/commit/5f1b57603330e707bc68f56c267a9e45faa29e55)), closes [#12555](https://github.com/aws/aws-cdk/issues/12555)
+* **kms:** allow specifying key spec and key usage ([#14478](https://github.com/aws/aws-cdk/issues/14478)) ([10ae1a9](https://github.com/aws/aws-cdk/commit/10ae1a902383e69d15a17585268dd836ffb4087b)), closes [#5639](https://github.com/aws/aws-cdk/issues/5639)
+* **lambda-go:** higher level construct for golang lambdas ([#11842](https://github.com/aws/aws-cdk/issues/11842)) ([0948cc7](https://github.com/aws/aws-cdk/commit/0948cc7d4e38ac4e9ae765fcc571ea4f49ca9095))
+* **msk:** Cluster L2 Construct ([#9908](https://github.com/aws/aws-cdk/issues/9908)) ([ce119ba](https://github.com/aws/aws-cdk/commit/ce119ba20d42191fa7ae2e83d459406be16e1748))
+
+
+### Bug Fixes
+
+* **apigatewayv2:** incorrect metric names for client and server-side errors ([#14541](https://github.com/aws/aws-cdk/issues/14541)) ([551182e](https://github.com/aws/aws-cdk/commit/551182efb1313425c97088b66c17d6227cb69da6)), closes [#14503](https://github.com/aws/aws-cdk/issues/14503)
+* `assert` matches more than the template on multiple CDK copies ([#14544](https://github.com/aws/aws-cdk/issues/14544)) ([f8abdbf](https://github.com/aws/aws-cdk/commit/f8abdbfb37ba9efd9e24414f5b64d90f4cf3f7cb)), closes [#14468](https://github.com/aws/aws-cdk/issues/14468)
+* **apigatewayv2-integrations:** fix broken lambda websocket integration uri ([#13820](https://github.com/aws/aws-cdk/issues/13820)) ([f0d5c25](https://github.com/aws/aws-cdk/commit/f0d5c25e1ae026eef03dc396e48368521dcb8331)), closes [#13679](https://github.com/aws/aws-cdk/issues/13679)
+* **cfn-include:** correctly parse Fn::Sub expressions containing serialized JSON ([#14512](https://github.com/aws/aws-cdk/issues/14512)) ([fd6d6d0](https://github.com/aws/aws-cdk/commit/fd6d6d0a563816ace616dfe48b3a03f4559636f7)), closes [#14095](https://github.com/aws/aws-cdk/issues/14095)
+* **cli:** 'cdk deploy *' should not deploy stacks in nested assemblies ([#14542](https://github.com/aws/aws-cdk/issues/14542)) ([93a3549](https://github.com/aws/aws-cdk/commit/93a3549e7a9791b5074dc95909f3289970800c10))
+* **cli:** synth fails if there was an error when synthesizing the stack ([#14613](https://github.com/aws/aws-cdk/issues/14613)) ([71c61e8](https://github.com/aws/aws-cdk/commit/71c61e81ca58c95979f66d7d7b8100777d3c7b99))
+* **lambda-nodejs:** non-deterministic runtime version ([#14538](https://github.com/aws/aws-cdk/issues/14538)) ([527f662](https://github.com/aws/aws-cdk/commit/527f6622146f007035ca669c33ad73861afe608a)), closes [#13893](https://github.com/aws/aws-cdk/issues/13893)
+* **ssm:** dynamic SSM parameter reference breaks with lists ([#14527](https://github.com/aws/aws-cdk/issues/14527)) ([3d1baac](https://github.com/aws/aws-cdk/commit/3d1baaca015443d7ee0eecdec9e81dd61e8920ad)), closes [#14205](https://github.com/aws/aws-cdk/issues/14205) [#14476](https://github.com/aws/aws-cdk/issues/14476)
+
 ## [1.102.0](https://github.com/aws/aws-cdk/compare/v1.101.0...v1.102.0) (2021-05-04)
 
 

CONTRIBUTING.md

@@ -56,6 +56,8 @@ The following tools need to be installed on your system prior to installing the
 - [Yarn >= 1.19.1, < 2](https://yarnpkg.com/lang/en/docs/install)
 - [.NET Core SDK 3.1.x](https://www.microsoft.com/net/download)
 - [Python >= 3.6.5, < 4.0](https://www.python.org/downloads/release/python-365/)
+- [Docker >= 19.03](https://docs.docker.com/get-docker/)
+  - the Docker daemon must also be running
 
 First fork the repository, and then run the following commands to clone the repository locally.
 
@@ -113,8 +115,9 @@ However, if you wish to build the the entire repository, the following command w
 
 ```console
 cd <root of the CDK repo>
-yarn build
+scripts/foreach.sh yarn build
 ```
+Note: The `foreach` command is resumable by default; you must supply `-r` or `--reset` to start a new session.
 
 You are now ready to start contributing to the CDK. See the [Pull Requests](#pull-requests) section on how to make your
 changes and submit it as a pull request.

package.json

@@ -23,16 +23,17 @@
     "jest-junit": "^12.0.0",
     "jsii-diff": "^1.29.0",
     "jsii-pacmak": "^1.29.0",
-    "jsii-rosetta": "^1.29.0",
     "jsii-reflect": "^1.29.0",
+    "jsii-rosetta": "^1.29.0",
     "lerna": "^4.0.0",
     "patch-package": "^6.4.7",
-    "standard-version": "^9.2.0",
+    "standard-version": "^9.3.0",
     "typescript": "~3.9.9"
   },
   "tap-mocha-reporter-resolutions-comment": "should be removed or reviewed when nodeunit dependency is dropped or adjusted",
   "resolutions": {
-    "tap-mocha-reporter": "^5.0.1"
+    "tap-mocha-reporter": "^5.0.1",
+    "string-width": "^4.2.2"
   },
   "repository": {
     "type": "git",

packages/@aws-cdk-containers/ecs-service-extensions/CONTRIBUTING.md

@@ -0,0 +1 @@
+See: [Contributing Guide](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-ecs/README.md)

packages/@aws-cdk-containers/ecs-service-extensions/README.md

@@ -61,19 +61,19 @@ const nameService = new Service(stack, 'name', {
 ## Creating an `Environment`
 
 An `Environment` is a place to deploy your services. You can have multiple environments
-on a single AWS account. For example you could create a `test` environment as well
-as a `production` environment so you have a place to verify that you application
+on a single AWS account. For example, you could create a `test` environment as well
+as a `production` environment so you have a place to verify that your application
 works as intended before you deploy it to a live environment.
 
-Each environment is isolated from other environments. In specific
-by default when you create an environment the construct supplies its own VPC,
+Each environment is isolated from other environments. In other words,
+when you create an environment, by default the construct supplies its own VPC,
 ECS Cluster, and any other required resources for the environment:
 
 ```ts
 const environment = new Environment(stack, 'production');
 ```
 
-However, you can also choose to build an environment out of a pre-existing VPC,
+However, you can also choose to build an environment out of a pre-existing VPC
 or ECS Cluster:
 
 ```ts
@@ -89,7 +89,7 @@ const environment = new Environment(stack, 'production', {
 ## Defining your `ServiceDescription`
 
 The `ServiceDescription` defines what application you want the service to run and
-what optional extensions you want to add to the service. The most basic form of a `ServiceExtension` looks like this:
+what optional extensions you want to add to the service. The most basic form of a `ServiceDescription` looks like this:
 
 ```ts
 const nameDescription = new ServiceDescription();
@@ -105,9 +105,9 @@ nameDescription.add(new Container({
 ```
 
 Every `ServiceDescription` requires at minimum that you add a `Container` extension
-which defines the main application container to run for the service.
+which defines the main application (essential) container to run for the service.
 
-After that you can optionally enable additional features for the service using the `ServiceDescription.add()` method:
+After that, you can optionally enable additional features for the service using the `ServiceDescription.add()` method:
 
 ```ts
 nameDescription.add(new AppMeshExtension({ mesh }));
@@ -238,7 +238,7 @@ frontend.connectTo(backend);
 
 The address that a service will use to talk to another service depends on the
 type of ingress that has been created by the extension that did the connecting.
-For example if an App Mesh extension has been used then the service is accessible
+For example, if an App Mesh extension has been used, then the service is accessible
 at a DNS address of `<service name>.<environment name>`. For example:
 
 ```ts
@@ -280,7 +280,7 @@ const backend = new Service(stack, 'backend', {
 frontend.connectTo(backend);
 ```
 
-The above code uses the well known service discovery name for each
+The above code uses the well-known service discovery name for each
 service, and passes it as an environment variable to the container so
 that the container knows what address to use when communicating to
 the other service.

packages/@aws-cdk-containers/ecs-service-extensions/lib/environment.ts

@@ -8,25 +8,27 @@ import { EnvironmentCapacityType } from './extensions/extension-interfaces';
 import { Construct } from '@aws-cdk/core';
 
 /**
- * Settings for the environment you want to deploy.
- * services within.
+ * Settings for the environment where you want to deploy your services.
  */
 export interface EnvironmentProps {
   /**
-   * The VPC used by the service for networking
+   * The VPC used by the service for networking.
+   *
    * @default - Create a new VPC
    */
   readonly vpc?: ec2.IVpc,
 
   /**
    * The ECS cluster which provides compute capacity to this service.
+   *
    * [disable-awslint:ref-via-interface]
    * @default - Create a new cluster
    */
   readonly cluster?: ecs.Cluster
 
   /**
    * The type of capacity to use for this environment.
+   *
    * @default - EnvironmentCapacityType.FARGATE
    */
   readonly capacityType?: EnvironmentCapacityType
@@ -64,8 +66,8 @@ export interface IEnvironment {
 
 /**
  * An environment into which to deploy a service. This environment
- * can either be instantiated with a preexisting AWS VPC and ECS cluster,
- * or it can create it's own VPC and cluster. By default it will create
+ * can either be instantiated with a pre-existing AWS VPC and ECS cluster,
+ * or it can create its own VPC and cluster. By default, it will create
  * a cluster with Fargate capacity.
  */
 export class Environment extends Construct implements IEnvironment {
@@ -82,7 +84,7 @@ export class Environment extends Construct implements IEnvironment {
   public readonly id: string;
 
   /**
-   * The VPC into which environment services should be placed.
+   * The VPC where environment services should be placed.
    */
   public readonly vpc: ec2.IVpc;
 
@@ -159,10 +161,10 @@ export class ImportedEnvironment extends Construct implements IEnvironment {
   }
 
   /**
-   * Refuses to add a default cloudmap namespace to the cluster as we don't
+   * Adding a default cloudmap namespace to the cluster will throw an error, as we don't
    * own it.
    */
   addDefaultCloudMapNamespace(_options: ecs.CloudMapNamespaceOptions) {
     throw new Error('the cluster environment is immutable when imported');
   }
-}
+}

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/appmesh.ts

@@ -21,7 +21,7 @@ const APP_MESH_ENVOY_SIDECAR_VERSION = 'v1.15.1.0-prod';
  */
 export interface MeshProps {
   /**
-   * The service mesh into which to register the service
+   * The service mesh into which to register the service.
    */
   readonly mesh: appmesh.Mesh;
 
@@ -39,9 +39,9 @@ export interface MeshProps {
  * to the container in a service mesh.
  *
  * The service will then be available to other App Mesh services at the
- * address `<service name>.<environment name>`. For example a service called
+ * address `<service name>.<environment name>`. For example, a service called
  * `orders` deploying in an environment called `production` would be accessible
- * to other App Mesh enabled services at the address `http://orders.production`
+ * to other App Mesh enabled services at the address `http://orders.production`.
  */
 export class AppMeshExtension extends ServiceExtension {
   protected virtualNode!: appmesh.VirtualNode;
@@ -249,7 +249,7 @@ export class AppMeshExtension extends ServiceExtension {
     } as ServiceBuild;
   }
 
-  // Now that the service is defined we can create the AppMesh virtual service
+  // Now that the service is defined, we can create the AppMesh virtual service
   // and virtual node for the real service
   public useService(service: ecs.Ec2Service | ecs.FargateService) {
     const containerextension = this.parentService.serviceDescription.get('service-container') as Container;

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/cloudwatch-agent.ts

@@ -11,7 +11,7 @@ const CLOUDWATCH_AGENT_IMAGE = 'amazon/cloudwatch-agent:latest';
 
 /**
  * This extension adds a CloudWatch agent to the task definition and
- * configures the task to be able to publish metrics to CloudWatch
+ * configures the task to be able to publish metrics to CloudWatch.
  */
 export class CloudwatchAgentExtension extends ServiceExtension {
   private CW_CONFIG_CONTENT = {

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/container.ts

@@ -7,32 +7,33 @@ import { ServiceExtension } from './extension-interfaces';
 import { Construct } from '@aws-cdk/core';
 
 /**
- * Setting for the main application container of a service
+ * Setting for the main application container of a service.
  */
 export interface ContainerExtensionProps {
   /**
-   * How much CPU the container requires
+   * How much CPU the container requires.
    */
   readonly cpu: number,
 
   /**
-   * How much memory in megabytes the container requires
+   * How much memory in megabytes the container requires.
    */
   readonly memoryMiB: number,
 
   /**
-   * The image to run
+   * The image to run.
    */
   readonly image: ecs.ContainerImage,
 
   /**
-   * What port the image listen for traffic on
+   * What port the image listen for traffic on.
    */
   readonly trafficPort: number,
 
   /**
-   * Environment variables to pass into the container
-   * @default - No environment variables
+   * Environment variables to pass into the container.
+   *
+   * @default - No environment variables.
    */
   readonly environment?: {
     [key: string]: string,
@@ -51,7 +52,7 @@ export class Container extends ServiceExtension {
   public readonly trafficPort: number;
 
   /**
-   * The settings for the container
+   * The settings for the container.
    */
   private props: ContainerExtensionProps;