Merge branch 'main' into merge-back/2.42.1

packages/@aws-cdk/aws-codedeploy/lib/utils.ts

@@ -58,6 +58,14 @@ CfnDeploymentGroup.AutoRollbackConfigurationProperty | undefined {
     }
   }
 
+  if (autoRollbackConfig.failedDeployment === false
+    && autoRollbackConfig.stoppedDeployment !== true
+    && autoRollbackConfig.deploymentInAlarm === false) {
+    return {
+      enabled: false,
+    };
+  }
+
   return events.length > 0
     ? {
       enabled: true,

packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.integ.snapshot/aws-cdk-codedeploy-server-dg.assets.json

@@ -1,15 +1,15 @@
 {
-  "version": "20.0.0",
+  "version": "21.0.0",
   "files": {
-    "dae40555b89ef1d396d170d34f146291ebc161a078ebd48290cc01135f3291da": {
+    "5088f12eca5c246f5575ce7f87af7fe359933f451dfd57b1c97881139e63533b": {
       "source": {
         "path": "aws-cdk-codedeploy-server-dg.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "dae40555b89ef1d396d170d34f146291ebc161a078ebd48290cc01135f3291da.json",
+          "objectKey": "5088f12eca5c246f5575ce7f87af7fe359933f451dfd57b1c97881139e63533b.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.integ.snapshot/aws-cdk-codedeploy-server-dg.template.json

@@ -722,6 +722,9 @@
      ],
      "Enabled": true
     },
+    "AutoRollbackConfiguration": {
+     "Enabled": false
+    },
     "AutoScalingGroups": [
      {
       "Ref": "ASG46ED3070"

packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.integ.snapshot/cdk.out

@@ -1 +1 @@
-{"version":"20.0.0"}
+{"version":"21.0.0"}

packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.integ.snapshot/integ.json

@@ -1,5 +1,5 @@
 {
-  "version": "20.0.0",
+  "version": "21.0.0",
   "testCases": {
     "integ.deployment-group": {
       "stacks": [

packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.integ.snapshot/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "20.0.0",
+  "version": "21.0.0",
   "artifacts": {
     "Tree": {
       "type": "cdk:tree",
@@ -23,7 +23,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/dae40555b89ef1d396d170d34f146291ebc161a078ebd48290cc01135f3291da.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5088f12eca5c246f5575ce7f87af7fe359933f451dfd57b1c97881139e63533b.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [

packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.integ.snapshot/tree.json

@@ -9,7 +9,7 @@
         "path": "Tree",
         "constructInfo": {
           "fqn": "constructs.Construct",
-          "version": "10.1.85"
+          "version": "10.1.102"
         }
       },
       "aws-cdk-codedeploy-server-dg": {
@@ -91,8 +91,8 @@
                     "id": "Acl",
                     "path": "aws-cdk-codedeploy-server-dg/VPC/PublicSubnet1/Acl",
                     "constructInfo": {
-                      "fqn": "constructs.Construct",
-                      "version": "10.1.85"
+                      "fqn": "@aws-cdk/core.Resource",
+                      "version": "0.0.0"
                     }
                   },
                   "RouteTable": {
@@ -258,8 +258,8 @@
                     "id": "Acl",
                     "path": "aws-cdk-codedeploy-server-dg/VPC/PublicSubnet2/Acl",
                     "constructInfo": {
-                      "fqn": "constructs.Construct",
-                      "version": "10.1.85"
+                      "fqn": "@aws-cdk/core.Resource",
+                      "version": "0.0.0"
                     }
                   },
                   "RouteTable": {
@@ -425,8 +425,8 @@
                     "id": "Acl",
                     "path": "aws-cdk-codedeploy-server-dg/VPC/PrivateSubnet1/Acl",
                     "constructInfo": {
-                      "fqn": "constructs.Construct",
-                      "version": "10.1.85"
+                      "fqn": "@aws-cdk/core.Resource",
+                      "version": "0.0.0"
                     }
                   },
                   "RouteTable": {
@@ -544,8 +544,8 @@
                     "id": "Acl",
                     "path": "aws-cdk-codedeploy-server-dg/VPC/PrivateSubnet2/Acl",
                     "constructInfo": {
-                      "fqn": "constructs.Construct",
-                      "version": "10.1.85"
+                      "fqn": "@aws-cdk/core.Resource",
+                      "version": "0.0.0"
                     }
                   },
                   "RouteTable": {
@@ -936,16 +936,16 @@
             "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter",
             "path": "aws-cdk-codedeploy-server-dg/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter",
             "constructInfo": {
-              "fqn": "constructs.Construct",
-              "version": "10.1.85"
+              "fqn": "@aws-cdk/core.CfnParameter",
+              "version": "0.0.0"
             }
           },
           "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118": {
             "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118",
             "path": "aws-cdk-codedeploy-server-dg/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118",
             "constructInfo": {
-              "fqn": "constructs.Construct",
-              "version": "10.1.85"
+              "fqn": "@aws-cdk/core.Resource",
+              "version": "0.0.0"
             }
           },
           "ELB": {
@@ -1190,6 +1190,9 @@
                       ],
                       "enabled": true
                     },
+                    "autoRollbackConfiguration": {
+                      "enabled": false
+                    },
                     "autoScalingGroups": [
                       {
                         "Ref": "ASG46ED3070"
@@ -1225,20 +1228,20 @@
             "id": "Service-principalMap",
             "path": "aws-cdk-codedeploy-server-dg/Service-principalMap",
             "constructInfo": {
-              "fqn": "constructs.Construct",
-              "version": "10.1.85"
+              "fqn": "@aws-cdk/core.CfnMapping",
+              "version": "0.0.0"
             }
           }
         },
         "constructInfo": {
-          "fqn": "constructs.Construct",
-          "version": "10.1.85"
+          "fqn": "@aws-cdk/core.Stack",
+          "version": "0.0.0"
         }
       }
     },
     "constructInfo": {
-      "fqn": "constructs.Construct",
-      "version": "10.1.85"
+      "fqn": "@aws-cdk/core.App",
+      "version": "0.0.0"
     }
   }
 }

packages/@aws-cdk/aws-codedeploy/test/server/deployment-group.test.ts

@@ -412,6 +412,42 @@ describe('CodeDeploy Server Deployment Group', () => {
     expect(() => app.synth()).toThrow(/deploymentInAlarm/);
   });
 
+  test('disable automatic rollback', () => {
+    const stack = new cdk.Stack();
+
+    new codedeploy.ServerDeploymentGroup(stack, 'DeploymentGroup', {
+      autoRollback: {
+        deploymentInAlarm: false,
+        failedDeployment: false,
+      },
+    });
+
+    Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', {
+      'AutoRollbackConfiguration': {
+        'Enabled': false,
+      },
+    });
+  });
+
+  test('disable automatic rollback when all options are false', () => {
+    const stack = new cdk.Stack();
+
+    new codedeploy.ServerDeploymentGroup(stack, 'DeploymentGroup', {
+      autoRollback: {
+        deploymentInAlarm: false,
+        failedDeployment: false,
+        stoppedDeployment: false,
+      },
+    });
+
+    Template.fromStack(stack).hasResourceProperties('AWS::CodeDeploy::DeploymentGroup', {
+      'AutoRollbackConfiguration': {
+        'Enabled': false,
+      },
+    });
+  });
+
+
   test('can be used with an imported ALB Target Group as the load balancer', () => {
     const stack = new cdk.Stack();
 

packages/@aws-cdk/aws-ec2/README.md

@@ -1314,8 +1314,10 @@ vpc.addFlowLog('FlowLogS3', {
   destination: ec2.FlowLogDestination.toS3()
 });
 
+// Only reject traffic and interval every minute.
 vpc.addFlowLog('FlowLogCloudWatch', {
-  trafficType: ec2.FlowLogTrafficType.REJECT
+  trafficType: ec2.FlowLogTrafficType.REJECT,
+  maxAggregationInterval: FlowLogMaxAggregationInterval.ONE_MINUTE,
 });
 ```
 

packages/@aws-cdk/aws-ec2/lib/vpc-flow-logs.ts

@@ -383,6 +383,24 @@ class CloudWatchLogsDestination extends FlowLogDestination {
   }
 }
 
+/**
+ * The maximum interval of time during which a flow of packets
+ * is captured and aggregated into a flow log record.
+ *
+ */
+export enum FlowLogMaxAggregationInterval {
+  /**
+   * 1 minute (60 seconds)
+   */
+  ONE_MINUTE = 60,
+
+  /**
+   * 10 minutes (600 seconds)
+   */
+  TEN_MINUTES = 600,
+
+}
+
 /**
  * Options to add a flow log to a VPC
  */
@@ -401,6 +419,14 @@ export interface FlowLogOptions {
    * @default FlowLogDestinationType.toCloudWatchLogs()
    */
   readonly destination?: FlowLogDestination;
+
+  /**
+   * The maximum interval of time during which a flow of packets is captured
+   * and aggregated into a flow log record.
+   *
+   * @default FlowLogMaxAggregationInterval.TEN_MINUTES
+   */
+  readonly maxAggregationInterval?: FlowLogMaxAggregationInterval;
 }
 
 /**
@@ -501,6 +527,7 @@ export class FlowLog extends FlowLogBase {
       deliverLogsPermissionArn: this.iamRole ? this.iamRole.roleArn : undefined,
       logDestinationType: destinationConfig.logDestinationType,
       logGroupName: this.logGroup ? this.logGroup.logGroupName : undefined,
+      maxAggregationInterval: props.maxAggregationInterval,
       resourceId: props.resourceType.resourceId,
       resourceType: props.resourceType.resourceType,
       trafficType: props.trafficType

packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs-interval.ts

@@ -0,0 +1,79 @@
+import { PolicyStatement, Effect, ServicePrincipal } from '@aws-cdk/aws-iam';
+import * as s3 from '@aws-cdk/aws-s3';
+import { App, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core';
+import { IntegTest } from '@aws-cdk/integ-tests';
+import { FlowLog, FlowLogDestination, FlowLogResourceType, Vpc, FlowLogMaxAggregationInterval } from '../lib';
+
+const app = new App();
+
+
+class TestStack extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    const vpc = new Vpc(this, 'VPC');
+
+    new FlowLog(this, 'FlowLogsCW', {
+      resourceType: FlowLogResourceType.fromVpc(vpc),
+      maxAggregationInterval: FlowLogMaxAggregationInterval.TEN_MINUTES,
+    });
+
+    vpc.addFlowLog('FlowLogsS3', {
+      destination: FlowLogDestination.toS3(),
+      maxAggregationInterval: FlowLogMaxAggregationInterval.ONE_MINUTE,
+    });
+
+    const bucket = new s3.Bucket(this, 'Bucket', {
+      removalPolicy: RemovalPolicy.DESTROY,
+      autoDeleteObjects: true,
+    });
+    bucket.addToResourcePolicy(new PolicyStatement({
+      effect: Effect.ALLOW,
+      principals: [new ServicePrincipal('delivery.logs.amazonaws.com')],
+      actions: ['s3:PutObject'],
+      resources: [bucket.arnForObjects(`AWSLogs/${this.account}/*`)],
+      conditions: {
+        StringEquals: {
+          's3:x-amz-acl': 'bucket-owner-full-control',
+          'aws:SourceAccount': this.account,
+        },
+        ArnLike: {
+          'aws:SourceArn': this.formatArn({
+            service: 'logs',
+            resource: '*',
+          }),
+        },
+      },
+    }));
+    bucket.addToResourcePolicy(new PolicyStatement({
+      effect: Effect.ALLOW,
+      principals: [new ServicePrincipal('delivery.logs.amazonaws.com')],
+      actions: ['s3:GetBucketAcl', 's3:ListBucket'],
+      resources: [bucket.bucketArn],
+      conditions: {
+        StringEquals: {
+          'aws:SourceAccount': this.account,
+        },
+        ArnLike: {
+          'aws:SourceArn': this.formatArn({
+            service: 'logs',
+            resource: '*',
+          }),
+        },
+      },
+    }));
+
+    vpc.addFlowLog('FlowLogsS3KeyPrefix', {
+      destination: FlowLogDestination.toS3(bucket, 'prefix/'),
+    });
+  }
+}
+
+
+new IntegTest(app, 'FlowLogs', {
+  testCases: [
+    new TestStack(app, 'FlowLogsTestStack'),
+  ],
+});
+
+app.synth();

packages/@aws-cdk/aws-ec2/test/vpc-flow-logs-interval.integ.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.assets.json

@@ -0,0 +1,19 @@
+{
+  "version": "21.0.0",
+  "files": {
+    "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
+      "source": {
+        "path": "FlowLogsDefaultTestDeployAssert6AFD1854.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}