Updated to version v1.8.3

Author: aijunpeng

CHANGELOG.md

@@ -3,14 +3,24 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [1.8.3] - 2023-04-18
+### Changed
+- Fixed S3 logging bucket setting
+- Fixed missing userName in codecommit event when pushes are made by assumed role credentials
+- Upgraded Werkzeug to mitigate CVE-2023-25577
+- Upgraded cryptography to mitigate CVE-2023-23931
+- upgraded tenacity
+- Added timeout to requests call
+- Upgraded Athena engine version 3
+
 ## [1.8.2] - 2023-01-13
 ### Security
 - Upgrade JSON5 to mitigate CVE-2022-46175
 - Upgrade certifi to mitigate CVE-2022-23491
 
 ## [1.8.1] - 2022-12-05
 ### Added
-- Added Application Regsitry
+- Added Application Registry
 ### Changed
 - Upgraded node 14 to 16
 

source/cdk.json

@@ -2,6 +2,7 @@
   "app": "npx ts-node bin/aws_devops_monitoring_dashboard.ts",
   "context": {
     "quicksight_source_template_arn": "arn:aws:quicksight:us-east-1:%%TEMPLATE_ACCOUNT_ID%%:template/%%DIST_QUICKSIGHT_NAMESPACE%%_%%SOLUTION_NAME%%_%%DASHED_VERSION%%",
-    "constructs:stackRelativeExports": false
+    "constructs:stackRelativeExports": false,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true
   }
 }

source/lambda/event_parser/codecommit_events.js

@@ -37,6 +37,11 @@ let TransformCodeCommitEvents = (data, recordNumber) => {
       if (detailData.hasOwnProperty('userIdentity') && detailData['userIdentity'] != null) {
         let userIdentity = detailData['userIdentity'];
         if (userIdentity['userName'] != null) transformedDetail['authorName'] = userIdentity['userName'];
+        //Fix missing userName in codecommit event when pushes are made by assumed role credentials
+        else if (userIdentity['sessionContext']['sessionIssuer']['userName'] != null)
+          transformedDetail['authorName'] = userIdentity['sessionContext']['sessionIssuer']['userName'];
+        else if (userIdentity['principalId'] != null)
+          transformedDetail['authorName'] = userIdentity['principalId'].split(':')[1];
       }
 
       //process commits made from aws codecommit console

source/lambda/quicksight-custom-resources/requirements-dev.txt

@@ -18,7 +18,7 @@ certifi==2022.12.7
 cffi==1.15.1
 charset-normalizer==2.1.1
 coverage==7.0.5
-cryptography==39.0.0
+cryptography~=39.0.1
 exceptiongroup==1.1.0
 idna==3.4
 iniconfig==2.0.0
@@ -32,5 +32,5 @@ responses==0.22.0
 toml==0.10.2
 tomli==2.0.1
 types-toml==0.10.8.1
-Werkzeug==2.2.2
+Werkzeug~=2.2.3
 xmltodict==0.13.0

source/lambda/quicksight-custom-resources/requirements.txt

@@ -1,7 +1,7 @@
 crhelper==2.0.11
 PyYAML==6.0
 requests==2.28.1
-tenacity==8.1.0
+tenacity~=8.2.2
 ## urllib3 should match Lambda runtime
 urllib3==1.26.9
 ## The following requirements were added by pip freeze:

source/lambda/solution_helper/util/solution_metrics.py

@@ -34,7 +34,7 @@ def send_metrics(data,
         json_data = dumps(metrics_data)
         print('metrics data:' + json_data)
         headers = {'content-type': 'application/json'}
-        response = requests.post(url, data=json_data, headers=headers)
+        response = requests.post(url, data=json_data, headers=headers, timeout=10)
         return response
     except Exception as error :
         logger.exception(f"Error sending usage data: {error}")

source/lib/aws_devops_monitoring_dashboard_stack.ts

@@ -323,6 +323,7 @@ export class DevOpsDashboardStack extends cdk.Stack {
     refMetricsBucket.addPropertyOverride('BucketName', 'aws-devops-metrics-' + uuid);
     refMetricsBucket.addPropertyOverride('OwnershipControls.Rules', [{ ObjectOwnership: 'BucketOwnerEnforced' }]);
     refLoggingBucket.addPropertyOverride('BucketName', 'aws-devops-metrics-logging-' + uuid);
+    refLoggingBucket.addPropertyDeletionOverride('AccessControl');
 
     // Add cdk-nag suppression
     NagSuppressions.addResourceSuppressions(refLoggingBucket, [

source/lib/database/database_construct.ts

@@ -486,7 +486,7 @@ export class GlueDatabase extends Construct {
             }
           },
           engineVersion: {
-            selectedEngineVersion: 'Athena engine version 2'
+            selectedEngineVersion: 'Athena engine version 3'
           }
         }
       });

source/lib/deployment-helper/canary_alarm/canary_alarm_stack.ts

@@ -17,7 +17,6 @@ import { Canary, Code, Runtime, Schedule, Test } from '@aws-cdk/aws-synthetics-a
 import {
   BlockPublicAccess,
   Bucket,
-  BucketAccessControl,
   BucketEncryption,
   BucketProps,
   CfnBucket,
@@ -276,7 +275,6 @@ export class CanaryStack extends Stack {
       versioned: false,
       blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
       removalPolicy: RemovalPolicy.RETAIN,
-      accessControl: BucketAccessControl.LOG_DELIVERY_WRITE,
       bucketName: paramBucketName.valueAsString
     };
 

source/test/__snapshots__/aws_devops_monitoring_dashboard_stack.test.ts.snap

@@ -1138,7 +1138,7 @@ exports[`Snapshot test for primary devopsDashboardStack 1`] = `
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}",
           },
-          "S3Key": "c84340be658fa0b4aba030e932ff0f4ecdb2c3c521780160e5f472bac476bc0f.zip",
+          "S3Key": "b636deff91d9ee146f8394bf130e97730cc1bc6ee8169ec7b5a0d232f265a06c.zip",
         },
         "Description": "DevOps Monitoring Dashboard on AWS solution - This function performs lambda transformation within kinesis firehose. It parses CloudWatch metrics for CodeBuild, sends relevant data to S3 for downstream operation",
         "Environment": {
@@ -2214,7 +2214,6 @@ exports[`Snapshot test for primary devopsDashboardStack 1`] = `
         },
       },
       "Properties": {
-        "AccessControl": "LogDeliveryWrite",
         "BucketEncryption": {
           "ServerSideEncryptionConfiguration": [
             {
@@ -2532,7 +2531,7 @@ exports[`Snapshot test for primary devopsDashboardStack 1`] = `
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}",
           },
-          "S3Key": "c84340be658fa0b4aba030e932ff0f4ecdb2c3c521780160e5f472bac476bc0f.zip",
+          "S3Key": "b636deff91d9ee146f8394bf130e97730cc1bc6ee8169ec7b5a0d232f265a06c.zip",
         },
         "Description": "DevOps Monitoring Dashboard on AWS solution - This function performs lambda transformation within kinesis firehose. It parses raw cloudwatch events, sends relevant data to S3 for downstream operation",
         "Environment": {
@@ -2705,7 +2704,7 @@ exports[`Snapshot test for primary devopsDashboardStack 1`] = `
               {
                 "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}",
               },
-              "/7edf04fa4def4d8c6aca4f8afd40f203a7fcc21a56aa83b2a6d2ef37ceaabdc4.json",
+              "/2e01711597dd3bfb5869b8b72f5360ffa93d4c78f5485bd28ae92526454bbcd1.json",
             ],
           ],
         },
@@ -2744,7 +2743,7 @@ exports[`Snapshot test for primary devopsDashboardStack 1`] = `
         "State": "ENABLED",
         "WorkGroupConfiguration": {
           "EngineVersion": {
-            "SelectedEngineVersion": "Athena engine version 2",
+            "SelectedEngineVersion": "Athena engine version 3",
           },
           "PublishCloudWatchMetricsEnabled": true,
           "ResultConfiguration": {
@@ -3400,7 +3399,7 @@ exports[`Snapshot test for primary devopsDashboardStack 1`] = `
               {
                 "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}",
               },
-              "/0eac479a3e9370cb2e0a65a6f8ee7af51c380a070e8ff3f7eb8d616094cd09d4.json",
+              "/1b55fb1fc8297a047ff4cbb303f94613287be55e9e479bef30fdc1cac12ed1c4.json",
             ],
           ],
         },
@@ -3581,7 +3580,7 @@ exports[`Snapshot test for primary devopsDashboardStack 1`] = `
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}",
           },
-          "S3Key": "1bc90dd7152882885080ae1f0cc0303766e0b1200571b1f8362c56d832a4c654.zip",
+          "S3Key": "884355f006d5aec00da1c459ff68a1dcb1c88175bd41acaa19d3c2ced6b41aef.zip",
         },
         "Description": "DevOps Monitoring Dashboard on AWS solution - This function generates UUID for each deployment.",
         "Environment": {

source/test/__snapshots__/canary_stack.test.ts.snap

@@ -291,7 +291,6 @@ exports[`Snapshot test for canary alarm 1`] = `
         },
       },
       "Properties": {
-        "AccessControl": "LogDeliveryWrite",
         "BucketEncryption": {
           "ServerSideEncryptionConfiguration": [
             {

source/test/__snapshots__/sharing_account_stack.test.ts.snap

@@ -298,7 +298,7 @@ exports[`Snapshot test for primary SharingAccountStack 1`] = `
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}",
           },
-          "S3Key": "c84340be658fa0b4aba030e932ff0f4ecdb2c3c521780160e5f472bac476bc0f.zip",
+          "S3Key": "b636deff91d9ee146f8394bf130e97730cc1bc6ee8169ec7b5a0d232f265a06c.zip",
         },
         "Description": "DevOps Monitoring Dashboard on AWS solution - This function performs lambda transformation within kinesis firehose. It parses CloudWatch metrics for CodeBuild, sends relevant data to S3 for downstream operation",
         "Environment": {