From e8c029f1add010875be9e78a4f0117c0dabb9fc8 Mon Sep 17 00:00:00 2001 From: Tarun Belani Date: Fri, 7 Nov 2025 08:40:34 -0800 Subject: [PATCH] feat(imagebuilder): add support for EC2 Image Builder L2 Constructs - Infrastructure Configuration --- package.json | 2 + .../aws-imagebuilder-alpha/.eslintrc.js | 4 + .../aws-imagebuilder-alpha/.gitignore | 21 + .../aws-imagebuilder-alpha/.npmignore | 33 + .../@aws-cdk/aws-imagebuilder-alpha/LICENSE | 201 +++++ .../@aws-cdk/aws-imagebuilder-alpha/NOTICE | 19 + .../@aws-cdk/aws-imagebuilder-alpha/README.md | 94 ++ .../aws-imagebuilder-alpha/awslint.json | 5 + .../aws-imagebuilder-alpha/jest.config.js | 2 + .../aws-imagebuilder-alpha/lib/index.ts | 3 + .../lib/infrastructure-configuration.ts | 566 ++++++++++++ .../aws-imagebuilder-alpha/package.json | 122 +++ .../rosetta/default.ts-fixture | 25 + .../test/infrastructure-configuration.test.ts | 813 ++++++++++++++++++ ...efaultTestDeployAssert6566C732.assets.json | 20 + ...aultTestDeployAssert6566C732.template.json | 36 + ...e-configuration-all-parameters.assets.json | 20 + ...configuration-all-parameters.template.json | 163 ++++ .../cdk.out | 1 + .../integ.json | 13 + .../manifest.json | 729 ++++++++++++++++ .../tree.json | 1 + ...parameters.infrastructure-configuration.ts | 51 ++ ...efaultTestDeployAssert6566C732.assets.json | 20 + ...aultTestDeployAssert6566C732.template.json | 36 + ...nfiguration-default-parameters.assets.json | 20 + ...iguration-default-parameters.template.json | 104 +++ .../cdk.out | 1 + .../integ.json | 13 + .../manifest.json | 648 ++++++++++++++ .../tree.json | 1 + ...parameters.infrastructure-configuration.ts | 12 + .../aws-imagebuilder-alpha/tsconfig.json | 51 ++ 33 files changed, 3850 insertions(+) create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/.eslintrc.js create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/.gitignore create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/.npmignore create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/LICENSE create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/NOTICE create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/README.md create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/awslint.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/jest.config.js create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/lib/index.ts create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/lib/infrastructure-configuration.ts create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/package.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/rosetta/default.ts-fixture create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/infrastructure-configuration.test.ts create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.assets.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.template.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.ts create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.assets.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.template.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.ts create mode 100644 packages/@aws-cdk/aws-imagebuilder-alpha/tsconfig.json diff --git a/package.json b/package.json index d6ef88c2e2a1f..4ed91d04489dc 100644 --- a/package.json +++ b/package.json @@ -116,6 +116,8 @@ "@aws-cdk/aws-eks-v2-alpha/yaml/**", "@aws-cdk/aws-events-targets/aws-sdk", "@aws-cdk/aws-events-targets/aws-sdk/**", + "@aws-cdk/aws-imagebuilder-alpha/yaml", + "@aws-cdk/aws-imagebuilder-alpha/yaml/**", "@aws-cdk/aws-iot-actions-alpha/case", "@aws-cdk/aws-iot-actions-alpha/case/**", "@aws-cdk/aws-iot-actions/case", diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/.eslintrc.js b/packages/@aws-cdk/aws-imagebuilder-alpha/.eslintrc.js new file mode 100644 index 0000000000000..46bdbac86c07f --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/.eslintrc.js @@ -0,0 +1,4 @@ +const baseConfig = require('@aws-cdk/cdk-build-tools/config/eslintrc'); +baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; + +module.exports = baseConfig; diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/.gitignore b/packages/@aws-cdk/aws-imagebuilder-alpha/.gitignore new file mode 100644 index 0000000000000..a3e08bb2a91fc --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/.gitignore @@ -0,0 +1,21 @@ +*.d.ts +*.generated.ts +*.js +*.js.map +.jsii +.LAST_BUILD +.LAST_PACKAGE +nyc.config.js +.nyc_output +coverage +dist + +*.snk +!.eslintrc.js +!jest.config.js + +junit.xml +!**/*.snapshot/**/asset.*/*.js +!**/*.snapshot/**/asset.*/*.d.ts + +!**/*.snapshot/**/asset.*/** diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/.npmignore b/packages/@aws-cdk/aws-imagebuilder-alpha/.npmignore new file mode 100644 index 0000000000000..83cbb853b0cea --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/.npmignore @@ -0,0 +1,33 @@ +# The basics +*.ts +*.tgz +!*.d.ts +!*.js + +# Coverage +coverage +.nyc_output +.nycrc + +# Build gear +dist +.LAST_BUILD +.LAST_PACKAGE + +*.snk + +# Include .jsii +!.jsii + +*.tsbuildinfo + +tsconfig.json +.eslintrc.js +jest.config.js + +# exclude cdk artifacts +**/cdk.out +junit.xml +test/ +!*.lit.ts +**/*.snapshot diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/LICENSE b/packages/@aws-cdk/aws-imagebuilder-alpha/LICENSE new file mode 100644 index 0000000000000..5ccf0c6780bab --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018-2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/NOTICE b/packages/@aws-cdk/aws-imagebuilder-alpha/NOTICE new file mode 100644 index 0000000000000..e5076b3bda74b --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/NOTICE @@ -0,0 +1,19 @@ +AWS Cloud Development Kit (AWS CDK) +Copyright 2018-2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. + +---------------- + +** yaml - https://www.npmjs.com/package/yaml +Copyright 2018 Eemeli Aro + +Permission to use, copy, modify, and/or distribute this software for any purpose +with or without fee is hereby granted, provided that the above copyright notice +and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +THIS SOFTWARE. \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/README.md b/packages/@aws-cdk/aws-imagebuilder-alpha/README.md new file mode 100644 index 0000000000000..6f219c0e8d5b3 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/README.md @@ -0,0 +1,94 @@ +# EC2 Image Builder Construct Library + + + +--- + +![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge) + +> The APIs of higher level constructs in this module are experimental and under active development. +> They are subject to non-backward compatible changes or removal in any future version. These are +> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be +> announced in the release notes. This means that while you may use them, you may need to update +> your source code when upgrading to a newer version of this package. + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +## README + +[Amazon EC2 Image Builder](https://docs.aws.amazon.com/imagebuilder/latest/userguide/what-is-image-builder.html) is a +fully managed AWS service that helps you automate the creation, management, and deployment of customized, secure, and +up-to-date server images. You can use Image Builder to create Amazon Machine Images (AMIs) and container images for use +across AWS Regions. + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. It allows you to define +Image Builder pipelines, images, recipes, components, workflows, and lifecycle policies. +A component defines the sequence of steps required to customize an instance during image creation (build component) or +test an instance launched from the created image (test component). Components are created from declarative YAML or JSON +documents that describe runtime configuration for building, validating, or testing instances. Components are included +when added to the image recipe or container recipe for an image build. + +EC2 Image Builder supports AWS-managed components for common tasks, AWS Marketplace components, and custom components +that you create. Components run during specific workflow phases: build and validate phases during the build stage, and +test phase during the test stage. + +### Infrastructure Configuration + +Infrastructure configuration defines the compute resources and environment settings used during the image building +process. This includes instance types, IAM instance profile, VPC settings, subnets, security groups, SNS topics for +notifications, logging configuration, and troubleshooting settings like whether to terminate instances on failure or +keep them running for debugging. These settings are applied to builds when included in an image or an image pipeline. + +```ts +const infrastructureConfiguration = new imagebuilder.InfrastructureConfiguration(this, 'InfrastructureConfiguration', { + infrastructureConfigurationName: 'test-infrastructure-configuration', + description: 'An Infrastructure Configuration', + // Optional - instance types to use for build/test + instanceTypes: [ + ec2.InstanceType.of(ec2.InstanceClass.STANDARD7_INTEL, ec2.InstanceSize.LARGE), + ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.LARGE) + ], + // Optional - create an instance profile with necessary permissions + instanceProfile: new iam.InstanceProfile(this, 'InstanceProfile', { + instanceProfileName: 'test-instance-profile', + role: new iam.Role(this, 'InstanceProfileRole', { + assumedBy: iam.ServicePrincipal.fromStaticServicePrincipleName('ec2.amazonaws.com'), + managedPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore'), + iam.ManagedPolicy.fromAwsManagedPolicyName('EC2InstanceProfileForImageBuilder') + ] + }) + }), + // Use VPC network configuration + vpc, + subnetSelection: { subnetType: ec2.SubnetType.PUBLIC }, + securityGroups: [ec2.SecurityGroup.fromSecurityGroupId(this, 'SecurityGroup', vpc.vpcDefaultSecurityGroup)], + keyPair: ec2.KeyPair.fromKeyPairName(this, 'KeyPair', 'imagebuilder-instance-key-pair'), + terminateInstanceOnFailure: true, + // Optional - IMDSv2 settings + httpTokens: imagebuilder.HttpTokens.REQUIRED, + httpPutResponseHopLimit: 1, + // Optional - publish image completion messages to an SNS topic + notificationTopic: sns.Topic.fromTopicArn( + this, + 'Topic', + this.formatArn({ service: 'sns', resource: 'image-builder-topic' }) + ), + // Optional - log settings. Logging is enabled by default + logging: { + s3Bucket: s3.Bucket.fromBucketName(this, 'LogBucket', `imagebuilder-logging-${Aws.ACCOUNT_ID}`), + s3KeyPrefix: 'imagebuilder-logs' + }, + // Optional - host placement settings + ec2InstanceAvailabilityZone: Stack.of(this).availabilityZones[0], + ec2InstanceHostId: dedicatedHost.attrHostId, + ec2InstanceTenancy: imagebuilder.Tenancy.HOST, + resourceTags: { + Environment: 'production' + } +}); +``` diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/awslint.json b/packages/@aws-cdk/aws-imagebuilder-alpha/awslint.json new file mode 100644 index 0000000000000..670d4118dc9c4 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/awslint.json @@ -0,0 +1,5 @@ +{ + "exclude": [ + "props-no-arn-refs:@aws-cdk/aws-imagebuilder-alpha.InfrastructureConfigurationProps.ec2InstanceHostResourceGroupArn" + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/jest.config.js b/packages/@aws-cdk/aws-imagebuilder-alpha/jest.config.js new file mode 100644 index 0000000000000..3a2fd93a1228a --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/jest.config.js @@ -0,0 +1,2 @@ +const baseConfig = require('@aws-cdk/cdk-build-tools/config/jest.config'); +module.exports = baseConfig; diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/lib/index.ts b/packages/@aws-cdk/aws-imagebuilder-alpha/lib/index.ts new file mode 100644 index 0000000000000..9880ae0da4e2f --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/lib/index.ts @@ -0,0 +1,3 @@ +// AWS::ImageBuilder CloudFormation Resources: + +export * from './infrastructure-configuration'; diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/lib/infrastructure-configuration.ts b/packages/@aws-cdk/aws-imagebuilder-alpha/lib/infrastructure-configuration.ts new file mode 100644 index 0000000000000..9ff8c651a4070 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/lib/infrastructure-configuration.ts @@ -0,0 +1,566 @@ +import * as cdk from 'aws-cdk-lib'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import { CfnInfrastructureConfiguration } from 'aws-cdk-lib/aws-imagebuilder'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as sns from 'aws-cdk-lib/aws-sns'; +import { propertyInjectable } from 'aws-cdk-lib/core/lib/prop-injectable'; +import { Construct } from 'constructs'; + +const INFRASTRUCTURE_CONFIGURATION_SYMBOL = Symbol.for('@aws-cdk/aws-imagebuilder-alpha.InfrastructureConfiguration'); + +/** + * An EC2 Image Builder Infrastructure Configuration. + */ +export interface IInfrastructureConfiguration extends cdk.IResource { + /** + * The ARN of the infrastructure configuration + * + * @attribute + */ + readonly infrastructureConfigurationArn: string; + + /** + * The name of the infrastructure configuration + * + * @attribute + */ + readonly infrastructureConfigurationName: string; + + /** + * Grant custom actions to the given grantee for the infrastructure configuration + * + * @param grantee - The principal + * @param actions - The list of actions + */ + grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant; + + /** + * Grant read permissions to the given grantee for the infrastructure configuration + * + * @param grantee - The principal + */ + grantRead(grantee: iam.IGrantable): iam.Grant; +} + +/** + * Indicates whether a signed token header is required for instance metadata retrieval requests. + * + * @see https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_InstanceMetadataOptions.html#imagebuilder-Type-InstanceMetadataOptions-httpTokens + */ +export enum HttpTokens { + /** + * Allows retrieval of instance metadata with or without a signed token header in the request + */ + OPTIONAL = 'optional', + + /** + * Requires a signed token header in instance metadata retrieval requests + */ + REQUIRED = 'required', +} + +/** + * The tenancy to use for an instance. + * + * @see https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_Placement.html#imagebuilder-Type-Placement-tenancy + */ +export enum Tenancy { + /** + * Instances will be launched with default tenancy + */ + DEFAULT = 'default', + + /** + * Instances will be launched with dedicated tenancy + */ + DEDICATED = 'dedicated', + + /** + * Instances will be launched on a dedicated host + */ + HOST = 'host', +} + +/** + * The log settings for detailed build logging + */ +export interface InfrastructureConfigurationLogging { + /** + * The S3 logging bucket to use for detailed build logging + */ + readonly s3Bucket: s3.IBucket; + + /** + * The S3 logging prefix to use for detailed build logging + * + * @default - No prefix + */ + readonly s3KeyPrefix?: string; +} + +/** + * Properties for creating an Infrastructure Configuration resource + */ +export interface InfrastructureConfigurationProps { + /** + * The name of the infrastructure configuration. This name must be normalized by transforming all alphabetical + * characters to lowercase, and replacing all spaces and underscores with hyphens. + * + * @default - A name is generated + */ + readonly infrastructureConfigurationName?: string; + + /** + * The description of the infrastructure configuration. + * + * @default - None + */ + readonly description?: string; + + /** + * The instance types to launch build and test EC2 instances with. + * + * @default - Image Builder will choose from a default set of instance types compatible with the AMI + */ + readonly instanceTypes?: ec2.InstanceType[]; + + /** + * The instance profile to associate with the instance used to customize the AMI. + * + * By default, an instance profile and role will be created with minimal permissions needed to build the image, + * attached to the EC2 instance. + * + * If an S3 logging bucket and key prefix is provided, an IAM inline policy will be attached to the instance profile's + * role, allowing s3:PutObject permissions on the bucket. + * + * @default - An instance profile will be generated + */ + readonly instanceProfile?: iam.IInstanceProfile; + /** + * An IAM role to associate with the instance profile used by Image Builder + * + * The role must be assumable by the service principal `ec2.amazonaws.com`: + * Note: You can provide an instanceProfile or a role, but not both. + * + * @example + * const role = new iam.Role(this, 'MyRole', { + * assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com') + * }); + * + * @default - A role will automatically be created, it can be accessed via the `role` property + */ + readonly role?: iam.IRole; + + /** + * The VPC to place the instance used to customize the AMI. + * + * @default - The default VPC will be used + */ + readonly vpc?: ec2.IVpc; + + /** + * Select which subnet to place the instance used to customize the AMI. The first subnet that is selected will be used. + * You must specify the VPC to customize the subnet selection. + * + * @default - The first subnet selected from the provided VPC will be used + */ + readonly subnetSelection?: ec2.SubnetSelection; + + /** + * The security groups to associate with the instance used to customize the AMI. + * + * @default - The default security group for the VPC will be used + */ + readonly securityGroups?: ec2.ISecurityGroup[]; + + /** + * The key pair used to connect to the build and test EC2 instances. The key pair can be used to log into the build + * or test instances for troubleshooting any failures. + * + * @default - None + */ + readonly keyPair?: ec2.IKeyPair; + + /** + * Whether to terminate the EC2 instance when the build or test workflow fails. + * + * @default - true + */ + readonly terminateInstanceOnFailure?: boolean; + + /** + * The maximum number of hops that an instance metadata request can traverse to reach its destination. By default, + * this is set to 2. + * + * @default - 2 + */ + readonly httpPutResponseHopLimit?: number; + + /** + * Indicates whether a signed token header is required for instance metadata retrieval requests. By default, this is + * set to `required` to require IMDSv2 on build and test EC2 instances. + * + * @default - HttpTokens.REQUIRED + */ + readonly httpTokens?: HttpTokens; + + /** + * The SNS topic on which notifications are sent when an image build completes. + * + * @default - No notifications are sent + */ + readonly notificationTopic?: sns.ITopic; + + /** + * The log settings for detailed build logging. + * + * @default - None + */ + readonly logging?: InfrastructureConfigurationLogging; + + /** + * The availability zone to place Image Builder build and test EC2 instances. + * + * @default - EC2 will select a random zone + */ + readonly ec2InstanceAvailabilityZone?: string; + + /** + * The ID of the Dedicated Host on which build and test instances run. This only applies if the instance tenancy is + * `host`. This cannot be used with the `ec2InstanceHostResourceGroupArn` parameter. + * + * @default - None + */ + readonly ec2InstanceHostId?: string; + + /** + * The ARN of the host resource group on which build and test instances run. This only applies if the instance tenancy + * is `host`. This cannot be used with the `ec2InstanceHostId` parameter. + * + * @default - None + */ + readonly ec2InstanceHostResourceGroupArn?: string; + + /** + * The tenancy of the instance. Dedicated tenancy runs instances on single-tenant hardware, while host tenancy runs + * instances on a dedicated host. Shared tenancy is used by default. + * + * @default - Tenancy.DEFAULT + */ + readonly ec2InstanceTenancy?: Tenancy; + + /** + * The additional tags to assign to the Amazon EC2 instance that Image Builder launches during the build process. + * + * @default - None + */ + readonly resourceTags?: { [key: string]: string }; + + /** + * The tags to apply to the infrastructure configuration + * + * @default - None + */ + readonly tags?: { [key: string]: string }; +} + +/** + * Context information passed when an Infrastructure Configuration is being consumed + * + * @internal + */ +export interface InfrastructureConfigurationBindOptions { + /** + * Indicates whether the infrastructure configuration is being consumed inside of a container build + */ + readonly isContainerBuild?: boolean; +} + +/** + * A new or imported Infrastructure Configuration + */ +abstract class InfrastructureConfigurationBase extends cdk.Resource implements IInfrastructureConfiguration { + /** + * The ARN of the infrastructure configuration + */ + abstract readonly infrastructureConfigurationArn: string; + /** + * The name of the infrastructure configuration + */ + abstract readonly infrastructureConfigurationName: string; + + /** + * Grant custom actions to the given grantee for the infrastructure configuration + * + * @param grantee - The principal + * @param actions - The list of actions + */ + public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant { + return iam.Grant.addToPrincipal({ + grantee, + actions, + resourceArns: [this.infrastructureConfigurationArn], + scope: this, + }); + } + + /** + * Grant read permissions to the given grantee for the infrastructure configuration + * + * @param grantee - The principal + */ + public grantRead(grantee: iam.IGrantable): iam.Grant { + return this.grant(grantee, 'imagebuilder:GetInfrastructureConfiguration'); + } +} + +/** + * Represents an EC2 Image Builder Infrastructure Configuration. + * + * @see https://docs.aws.amazon.com/imagebuilder/latest/userguide/manage-infra-config.html + */ +@propertyInjectable +export class InfrastructureConfiguration extends InfrastructureConfigurationBase { + /** Uniquely identifies this class. */ + public static readonly PROPERTY_INJECTION_ID: string = '@aws-cdk.aws-imagebuilder-alpha.InfrastructureConfiguration'; + + /** + * Import an existing infrastructure configuration given its ARN. + */ + public static fromInfrastructureConfigurationArn( + scope: Construct, + id: string, + infrastructureConfigurationArn: string, + ): IInfrastructureConfiguration { + const infrastructureConfigurationName = cdk.Stack.of(scope).splitArn( + infrastructureConfigurationArn, + cdk.ArnFormat.SLASH_RESOURCE_NAME, + ).resourceName!; + + class Import extends InfrastructureConfigurationBase { + public readonly infrastructureConfigurationArn = infrastructureConfigurationArn; + public readonly infrastructureConfigurationName = infrastructureConfigurationName; + } + + return new Import(scope, id); + } + + /** + * Import an existing infrastructure configuration given its name. The provided name must be normalized by converting + * all alphabetical characters to lowercase, and replacing all spaces and underscores with hyphens. + */ + public static fromInfrastructureConfigurationName( + scope: Construct, + id: string, + infrastructureConfigurationName: string, + ): IInfrastructureConfiguration { + return InfrastructureConfiguration.fromInfrastructureConfigurationArn( + scope, + id, + cdk.Stack.of(scope).formatArn({ + service: 'imagebuilder', + resource: 'infrastructure-configuration', + resourceName: infrastructureConfigurationName, + }), + ); + } + + /** + * Return whether the given object is an InfrastructureConfiguration. + */ + public static isInfrastructureConfiguration(x: any): x is InfrastructureConfiguration { + return x !== null && typeof x === 'object' && INFRASTRUCTURE_CONFIGURATION_SYMBOL in x; + } + + /** + * The ARN of the infrastructure configuration + */ + public readonly infrastructureConfigurationArn: string; + + /** + * The name of the infrastructure configuration + */ + public readonly infrastructureConfigurationName: string; + + /** + * The EC2 instance profile to use for the build + */ + public readonly instanceProfile: iam.IInstanceProfile; + + /** + * The role associateded with the EC2 instance profile used for the build + */ + public readonly role?: iam.IRole; + + /** + * The bucket used to upload image build logs + */ + public readonly logBucket?: s3.IBucket; + + private readonly autoGeneratedInstanceProfileRole?: iam.IRole; + + public constructor(scope: Construct, id: string, props: InfrastructureConfigurationProps = {}) { + super(scope, id, { + physicalName: + props.infrastructureConfigurationName ?? + cdk.Lazy.string({ + produce: () => + cdk.Names.uniqueResourceName(this, { + maxLength: 128, + separator: '-', + allowedSpecialCharacters: '-', + }).toLowerCase(), // Enforce lowercase for the auto-generated fallback + }), + }); + + Object.defineProperty(this, INFRASTRUCTURE_CONFIGURATION_SYMBOL, { value: true }); + + this.validateInfrastructureConfigurationName(); + + if (props.subnetSelection && !props.vpc) { + throw new cdk.ValidationError('A vpc must be provided when using subnetSelection', this); + } + + const selectedSubnets = props.vpc?.selectSubnets(props.subnetSelection); + if (props.vpc && selectedSubnets && selectedSubnets.subnetIds.length === 0) { + throw new cdk.ValidationError('No subnets matched the given subnetSelection for the provided VPC.', this); + } + + if (props.instanceProfile && props.role) { + throw new cdk.ValidationError('Both an instance profile and a role cannot be provided', this); + } + + if (!cdk.Token.isUnresolved(props.ec2InstanceTenancy)) { + if (props.ec2InstanceTenancy === Tenancy.HOST) { + if (props.ec2InstanceHostId === undefined && props.ec2InstanceHostResourceGroupArn === undefined) { + throw new cdk.ValidationError( + 'ec2InstanceHostId or ec2InstanceHostResourceGroupArn must be specified when ec2InstanceTenancy is set to host', + this, + ); + } + } else { + if (props.ec2InstanceHostId !== undefined) { + throw new cdk.ValidationError( + 'ec2InstanceHostId cannot be specified unless ec2InstanceTenancy is set to host', + this, + ); + } + + if (props.ec2InstanceHostResourceGroupArn !== undefined) { + throw new cdk.ValidationError( + 'ec2InstanceHostResourceGroupArn cannot be specified unless ec2InstanceTenancy is set to host', + this, + ); + } + } + } + + if (props.ec2InstanceHostId !== undefined && props.ec2InstanceHostResourceGroupArn !== undefined) { + throw new cdk.ValidationError( + 'ec2InstanceHostId and ec2InstanceHostResourceGroupArn cannot be used together', + this, + ); + } + + if (!props.instanceProfile && !props.role) { + this.autoGeneratedInstanceProfileRole = new iam.Role(this, 'InstanceProfileRole', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + managedPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore'), + iam.ManagedPolicy.fromAwsManagedPolicyName('EC2InstanceProfileForImageBuilder'), + ], + }); + this.role = this.autoGeneratedInstanceProfileRole; + } + + this.instanceProfile = + props.instanceProfile || + new iam.InstanceProfile(this, 'InstanceProfile', { role: props.role ?? this.autoGeneratedInstanceProfileRole }); + + this.role = this.instanceProfile.role; + this.logBucket = props.logging?.s3Bucket; + + if (this.logBucket && this.role && props.logging?.s3KeyPrefix !== undefined) { + this.logBucket.grantPut(this.role, `${props.logging.s3KeyPrefix}/*`); + } + + const placement: CfnInfrastructureConfiguration.PlacementProperty = { + ...(props.ec2InstanceAvailabilityZone && { availabilityZone: props.ec2InstanceAvailabilityZone }), + ...(props.ec2InstanceHostId && { hostId: props.ec2InstanceHostId }), + ...(props.ec2InstanceHostResourceGroupArn && { hostResourceGroupArn: props.ec2InstanceHostResourceGroupArn }), + ...(props.ec2InstanceTenancy && { tenancy: props.ec2InstanceTenancy }), + }; + + const infrastructureConfiguration = new CfnInfrastructureConfiguration(this, 'Resource', { + name: this.physicalName, + instanceProfileName: this.instanceProfile.instanceProfileName, + description: props.description, + instanceMetadataOptions: { + httpTokens: props.httpTokens ?? HttpTokens.REQUIRED, + httpPutResponseHopLimit: props.httpPutResponseHopLimit ?? 2, + }, + instanceTypes: props.instanceTypes?.length + ? props.instanceTypes?.map((instanceType) => instanceType.toString()) + : undefined, + keyPair: props.keyPair?.keyPairName, + ...(props.logging && { + logging: { + s3Logs: { + s3BucketName: props.logging?.s3Bucket.bucketName, + s3KeyPrefix: props.logging?.s3KeyPrefix, + }, + }, + }), + placement: Object.keys(placement).length ? placement : undefined, + resourceTags: props.resourceTags, + securityGroupIds: props.securityGroups?.length + ? props.securityGroups?.map((securityGroup) => securityGroup.securityGroupId) + : undefined, + subnetId: props.vpc?.selectSubnets(props.subnetSelection).subnetIds[0], + snsTopicArn: props.notificationTopic?.topicArn, + tags: props.tags, + terminateInstanceOnFailure: props.terminateInstanceOnFailure, + }); + + this.infrastructureConfigurationName = this.getResourceNameAttribute(infrastructureConfiguration.attrName); + this.infrastructureConfigurationArn = this.getResourceArnAttribute(infrastructureConfiguration.attrArn, { + service: 'imagebuilder', + resource: 'infrastructure-configuration', + resourceName: this.physicalName, + }); + } + + private validateInfrastructureConfigurationName() { + if (cdk.Token.isUnresolved(this.physicalName)) { + return; // Cannot validate unresolved tokens, given their actual value is rendered at deployment time + } + + if (this.physicalName.length > 128) { + throw new cdk.ValidationError('The infrastructureConfigurationName cannot be longer than 128 characters', this); + } + + if (this.physicalName.includes(' ')) { + throw new cdk.ValidationError('The infrastructureConfigurationName cannot contain spaces', this); + } + + if (this.physicalName.includes('_')) { + throw new cdk.ValidationError('The infrastructureConfigurationName cannot contain underscores', this); + } + + if (this.physicalName !== this.physicalName.toLowerCase()) { + throw new cdk.ValidationError('The infrastructureConfigurationName must be lowercase', this); + } + } + + /** + * @internal + */ + public _bind(options: InfrastructureConfigurationBindOptions) { + if (options.isContainerBuild) { + this.autoGeneratedInstanceProfileRole?.addManagedPolicy( + iam.ManagedPolicy.fromAwsManagedPolicyName('EC2InstanceProfileForImageBuilderECRContainerBuilds'), + ); + } + } +} diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/package.json b/packages/@aws-cdk/aws-imagebuilder-alpha/package.json new file mode 100644 index 0000000000000..44ce004e58b76 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/package.json @@ -0,0 +1,122 @@ +{ + "name": "@aws-cdk/aws-imagebuilder-alpha", + "version": "0.0.0", + "private": false, + "description": "The CDK Construct Library for EC2 Image Builder", + "main": "lib/index.js", + "types": "lib/index.d.ts", + "jsii": { + "outdir": "dist", + "targets": { + "java": { + "package": "software.amazon.awscdk.services.imagebuilder.alpha", + "maven": { + "groupId": "software.amazon.awscdk", + "artifactId": "imagebuilder-alpha" + } + }, + "dotnet": { + "namespace": "Amazon.CDK.AWS.ImageBuilder.Alpha", + "packageId": "Amazon.CDK.AWS.ImageBuilder.Alpha", + "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/main/logo/default-256-dark.png" + }, + "python": { + "distName": "aws-cdk.aws-imagebuilder-alpha", + "module": "aws_cdk.aws_imagebuilder_alpha", + "classifiers": [ + "Framework :: AWS CDK", + "Framework :: AWS CDK :: 2" + ] + }, + "go": { + "moduleName": "github.com/aws/aws-cdk-go", + "packageName": "awsimagebuilderalpha" + } + }, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, + "tsconfig": "tsconfig.json", + "validateTsconfig": "minimal" + }, + "repository": { + "type": "git", + "url": "https://github.com/aws/aws-cdk.git", + "directory": "packages/@aws-cdk/aws-imagebuilder-alpha" + }, + "scripts": { + "build": "cdk-build", + "watch": "cdk-watch", + "lint": "cdk-lint", + "test": "cdk-test", + "integ": "integ-runner --unstable=toolkit-lib-engine --language javascript", + "pkglint": "pkglint -f", + "package": "cdk-package", + "awslint": "cdk-awslint", + "build+test": "yarn build && yarn test", + "build+test+package": "yarn build+test && yarn package", + "compat": "cdk-compat", + "rosetta:extract": "yarn --silent jsii-rosetta extract", + "build+extract": "yarn build && yarn rosetta:extract", + "build+test+extract": "yarn build+test && yarn rosetta:extract" + }, + "keywords": [ + "aws", + "cdk", + "constructs", + "imagebuilder" + ], + "author": { + "name": "Amazon Web Services", + "url": "https://aws.amazon.com", + "organization": true + }, + "license": "Apache-2.0", + "devDependencies": { + "aws-cdk-lib": "0.0.0", + "@aws-cdk/cdk-build-tools": "0.0.0", + "@aws-cdk/integ-runner": "^2.190.2", + "@aws-cdk/pkglint": "0.0.0", + "@aws-cdk/integ-tests-alpha": "0.0.0", + "@types/jest": "^29.5.14", + "constructs": "^10.0.0", + "jest": "^29.7.0" + }, + "dependencies": { + "yaml": "1.10.2" + }, + "bundledDependencies": [ + "yaml" + ], + "homepage": "https://github.com/aws/aws-cdk", + "peerDependencies": { + "aws-cdk-lib": "^0.0.0", + "constructs": "^10.0.0" + }, + "engines": { + "node": ">= 18.0.0" + }, + "stability": "experimental", + "maturity": "experimental", + "cdk-build": { + "env": { + "AWSLINT_BASE_CONSTRUCT": true + } + }, + "publishConfig": { + "tag": "latest" + }, + "awscdkio": { + "announce": false + }, + "pkglint": { + "exclude": [ + "naming/package-matches-directory", + "assert/assert-dependency" + ] + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-imagebuilder-alpha/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..ae53273528fc1 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/rosetta/default.ts-fixture @@ -0,0 +1,25 @@ +// Fixture with packages imported, but nothing else +import * as imagebuilder from '@aws-cdk/aws-imagebuilder-alpha'; +import { Aws, Duration, Stack } from 'aws-cdk-lib'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as sns from 'aws-cdk-lib/aws-sns'; +import * as ssm from 'aws-cdk-lib/aws-ssm'; +import { Construct } from 'constructs'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + + const vpc = new ec2.Vpc(this, 'VPCForImageBuilds'); + const dedicatedHost = new ec2.CfnHost(this, 'DedicatedHost', { + autoPlacement: 'on', + availabilityZone: Stack.of(this).availabilityZones[0], + instanceType: ec2.InstanceType.of(ec2.InstanceClass.STANDARD6_GRAVITON, ec2.InstanceSize.LARGE).toString(), + }); + + /// here + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/infrastructure-configuration.test.ts b/packages/@aws-cdk/aws-imagebuilder-alpha/test/infrastructure-configuration.test.ts new file mode 100644 index 0000000000000..e4834da59a99b --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/infrastructure-configuration.test.ts @@ -0,0 +1,813 @@ +import * as cdk from 'aws-cdk-lib'; +import { Match, Template } from 'aws-cdk-lib/assertions'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as sns from 'aws-cdk-lib/aws-sns'; +import { HttpTokens, InfrastructureConfiguration, Tenancy } from '../lib'; + +describe('Infrastructure Configuration', () => { + let app: cdk.App; + let stack: cdk.Stack; + + beforeEach(() => { + app = new cdk.App(); + stack = new cdk.Stack(app, 'Stack', { env: { region: 'us-east-1', account: '123456789012' } }); + }); + + test('imported by name', () => { + const infrastructureConfiguration = InfrastructureConfiguration.fromInfrastructureConfigurationName( + stack, + 'InfrastructureConfiguration', + 'imported-infrastructure-configuration-by-name', + ); + + expect(stack.resolve(infrastructureConfiguration.infrastructureConfigurationArn)).toEqual({ + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':imagebuilder:us-east-1:123456789012:infrastructure-configuration/imported-infrastructure-configuration-by-name', + ], + ], + }); + expect(infrastructureConfiguration.infrastructureConfigurationName).toEqual( + 'imported-infrastructure-configuration-by-name', + ); + }); + + test('imported by name as an unresolved token', () => { + const infrastructureConfiguration = InfrastructureConfiguration.fromInfrastructureConfigurationName( + stack, + 'InfrastructureConfiguration', + `test-infrastructure-configuration-${stack.partition}`, + ); + + expect(stack.resolve(infrastructureConfiguration.infrastructureConfigurationArn)).toEqual({ + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':imagebuilder:us-east-1:123456789012:infrastructure-configuration/test-infrastructure-configuration-', + { Ref: 'AWS::Partition' }, + ], + ], + }); + expect(stack.resolve(infrastructureConfiguration.infrastructureConfigurationName)).toEqual({ + 'Fn::Join': ['', ['test-infrastructure-configuration-', { Ref: 'AWS::Partition' }]], + }); + }); + + test('imported by arn', () => { + const infrastructureConfiguration = InfrastructureConfiguration.fromInfrastructureConfigurationArn( + stack, + 'InfrastructureConfiguration', + 'arn:aws:imagebuilder:us-east-1:123456789012:infrastructure-configuration/imported-infrastructure-configuration-by-arn', + ); + + expect(infrastructureConfiguration.infrastructureConfigurationArn).toEqual( + 'arn:aws:imagebuilder:us-east-1:123456789012:infrastructure-configuration/imported-infrastructure-configuration-by-arn', + ); + expect(infrastructureConfiguration.infrastructureConfigurationName).toEqual( + 'imported-infrastructure-configuration-by-arn', + ); + }); + + test('with all parameters', () => { + const vpc = ec2.Vpc.fromVpcAttributes(stack, 'Vpc', { + vpcId: 'vpc-123', + publicSubnetIds: ['subnet-123456', 'subnet-abcdef'], + availabilityZones: ['us-east-1a', 'us-east-1b'], + }); + + const infrastructureConfiguration = new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + infrastructureConfigurationName: 'infra-config-all-parameters', + instanceProfile: iam.InstanceProfile.fromInstanceProfileName( + stack, + 'InstanceProfile', + 'EC2InstanceProfileForImageBuilder', + ), + description: 'This is an infrastructure configuration.', + ec2InstanceAvailabilityZone: stack.availabilityZones[0], + ec2InstanceHostId: 'h-12345678', + ec2InstanceTenancy: Tenancy.HOST, + httpPutResponseHopLimit: 1, + httpTokens: HttpTokens.OPTIONAL, + instanceTypes: [ + ec2.InstanceType.of(ec2.InstanceClass.M7I_FLEX, ec2.InstanceSize.LARGE), + ec2.InstanceType.of(ec2.InstanceClass.C7G, ec2.InstanceSize.MEDIUM), + ], + keyPair: ec2.KeyPair.fromKeyPairName(stack, 'KeyPair', 'key-pair-name'), + logging: { + s3Bucket: s3.Bucket.fromBucketName(stack, 'S3Bucket', 'imagebuilder-logging-bucket'), + s3KeyPrefix: 'imagebuilder-logs', + }, + notificationTopic: sns.Topic.fromTopicArn( + stack, + 'ImageBuilderTopic', + 'arn:aws:sns:us-east-1:123456789012:imagebuilder-topic', + ), + resourceTags: { + infraTag1: 'infraValue1', + infraTag2: 'infraValue2', + }, + securityGroups: [ec2.SecurityGroup.fromSecurityGroupId(stack, 'SecurityGroup', 'sg-12345678')], + vpc, + subnetSelection: { subnets: vpc.publicSubnets }, + tags: { + key1: 'value1', + key2: 'value2', + }, + terminateInstanceOnFailure: false, + }); + + expect( + InfrastructureConfiguration.isInfrastructureConfiguration(infrastructureConfiguration as unknown), + ).toBeTruthy(); + expect(InfrastructureConfiguration.isInfrastructureConfiguration('InfrastructureConfiguration')).toBeFalsy(); + + Template.fromStack(stack).templateMatches({ + Resources: Match.objectEquals({ + InfrastructureConfiguration86C7777D: { + Type: 'AWS::ImageBuilder::InfrastructureConfiguration', + Properties: { + Name: 'infra-config-all-parameters', + InstanceProfileName: 'EC2InstanceProfileForImageBuilder', + Description: 'This is an infrastructure configuration.', + InstanceMetadataOptions: { + HttpPutResponseHopLimit: 1, + HttpTokens: 'optional', + }, + InstanceTypes: ['m7i-flex.large', 'c7g.medium'], + KeyPair: 'key-pair-name', + Logging: { + S3Logs: { + S3BucketName: 'imagebuilder-logging-bucket', + S3KeyPrefix: 'imagebuilder-logs', + }, + }, + Placement: { + AvailabilityZone: 'dummy1a', + HostId: 'h-12345678', + Tenancy: 'host', + }, + ResourceTags: { + infraTag1: 'infraValue1', + infraTag2: 'infraValue2', + }, + SecurityGroupIds: ['sg-12345678'], + SnsTopicArn: 'arn:aws:sns:us-east-1:123456789012:imagebuilder-topic', + SubnetId: 'subnet-123456', + Tags: { + key1: 'value1', + key2: 'value2', + }, + TerminateInstanceOnFailure: false, + }, + }, + }), + }); + }); + + test('with a host ID', () => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + ec2InstanceTenancy: Tenancy.HOST, + ec2InstanceHostId: 'h-12345678', + }); + + Template.fromStack(stack).templateMatches({ + Resources: { + InfrastructureConfiguration86C7777D: Match.objectEquals({ + Type: 'AWS::ImageBuilder::InfrastructureConfiguration', + Properties: { + Name: 'stack-infrastructureconfiguration-fa45cca8', + InstanceProfileName: { + Ref: 'InfrastructureConfigurationInstanceProfile8FD9235B', + }, + InstanceMetadataOptions: { + HttpTokens: 'required', + HttpPutResponseHopLimit: 2, + }, + Placement: { + HostId: 'h-12345678', + Tenancy: 'host', + }, + }, + }), + }, + }); + }); + + test('with a host resource group ARN', () => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + ec2InstanceTenancy: Tenancy.HOST, + ec2InstanceHostResourceGroupArn: 'arn:aws:resource-groups:us-east-1:123456789012:group/host-group', + }); + + Template.fromStack(stack).templateMatches({ + Resources: { + InfrastructureConfiguration86C7777D: Match.objectEquals({ + Type: 'AWS::ImageBuilder::InfrastructureConfiguration', + Properties: { + Name: 'stack-infrastructureconfiguration-fa45cca8', + InstanceProfileName: { + Ref: 'InfrastructureConfigurationInstanceProfile8FD9235B', + }, + InstanceMetadataOptions: { + HttpTokens: 'required', + HttpPutResponseHopLimit: 2, + }, + Placement: { + HostResourceGroupArn: 'arn:aws:resource-groups:us-east-1:123456789012:group/host-group', + Tenancy: 'host', + }, + }, + }), + }, + }); + }); + + test('generates an instance profile by default', () => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration'); + + Template.fromStack(stack).templateMatches({ + Resources: Match.objectEquals({ + InfrastructureConfigurationInstanceProfileRole3AFA1533: { + Type: 'AWS::IAM::Role', + Properties: { + ManagedPolicyArns: [ + { + 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::aws:policy/AmazonSSMManagedInstanceCore']], + }, + { + 'Fn::Join': [ + '', + ['arn:', { Ref: 'AWS::Partition' }, ':iam::aws:policy/EC2InstanceProfileForImageBuilder'], + ], + }, + ], + AssumeRolePolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'ec2.amazonaws.com', + }, + }, + ], + }, + }, + }, + InfrastructureConfigurationInstanceProfile8FD9235B: { + Type: 'AWS::IAM::InstanceProfile', + Properties: { + Roles: [ + { + Ref: 'InfrastructureConfigurationInstanceProfileRole3AFA1533', + }, + ], + }, + }, + InfrastructureConfiguration86C7777D: { + Type: 'AWS::ImageBuilder::InfrastructureConfiguration', + Properties: { + Name: 'stack-infrastructureconfiguration-fa45cca8', + InstanceProfileName: { + Ref: 'InfrastructureConfigurationInstanceProfile8FD9235B', + }, + InstanceMetadataOptions: { + HttpTokens: 'required', + HttpPutResponseHopLimit: 2, + }, + }, + }, + }), + }); + }); + + test('does not generate an instance profile when provided with one', () => { + const instanceProfile = iam.InstanceProfile.fromInstanceProfileName( + stack, + 'InstanceProfile', + 'ImportedInstanceProfile', + ); + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { instanceProfile }); + + const template = Template.fromStack(stack); + + template.resourceCountIs('AWS::IAM::InstanceProfile', 0); + template.resourceCountIs('AWS::IAM::Role', 0); + template.templateMatches({ + Resources: Match.objectEquals({ + InfrastructureConfiguration86C7777D: { + Type: 'AWS::ImageBuilder::InfrastructureConfiguration', + Properties: { + Name: 'stack-infrastructureconfiguration-fa45cca8', + InstanceProfileName: 'ImportedInstanceProfile', + InstanceMetadataOptions: { + HttpTokens: 'required', + HttpPutResponseHopLimit: 2, + }, + }, + }, + }), + }); + }); + + test('does not generate an instance profile role when provided with one', () => { + const role = iam.Role.fromRoleName(stack, 'Role', 'EC2InstanceProfileForImageBuilderRole'); + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { role }); + + Template.fromStack(stack).templateMatches({ + Resources: Match.objectEquals({ + InfrastructureConfigurationInstanceProfile8FD9235B: { + Type: 'AWS::IAM::InstanceProfile', + Properties: { + Roles: ['EC2InstanceProfileForImageBuilderRole'], + }, + }, + InfrastructureConfiguration86C7777D: { + Type: 'AWS::ImageBuilder::InfrastructureConfiguration', + Properties: { + Name: 'stack-infrastructureconfiguration-fa45cca8', + InstanceProfileName: { + Ref: 'InfrastructureConfigurationInstanceProfile8FD9235B', + }, + InstanceMetadataOptions: { + HttpTokens: 'required', + HttpPutResponseHopLimit: 2, + }, + }, + }, + }), + }); + }); + + test('attaches the EC2InstanceProfileForImageBuilderECRContainerBuilds managed policy in container build contexts', () => { + const infrastructureConfiguration = new InfrastructureConfiguration(stack, 'InfrastructureConfiguration'); + infrastructureConfiguration._bind({ isContainerBuild: true }); + + Template.fromStack(stack).templateMatches({ + Resources: Match.objectEquals({ + InfrastructureConfigurationInstanceProfileRole3AFA1533: { + Type: 'AWS::IAM::Role', + Properties: { + ManagedPolicyArns: [ + { + 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::aws:policy/AmazonSSMManagedInstanceCore']], + }, + { + 'Fn::Join': [ + '', + ['arn:', { Ref: 'AWS::Partition' }, ':iam::aws:policy/EC2InstanceProfileForImageBuilder'], + ], + }, + { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds', + ], + ], + }, + ], + AssumeRolePolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'ec2.amazonaws.com', + }, + }, + ], + }, + }, + }, + InfrastructureConfigurationInstanceProfile8FD9235B: { + Type: 'AWS::IAM::InstanceProfile', + Properties: { + Roles: [ + { + Ref: 'InfrastructureConfigurationInstanceProfileRole3AFA1533', + }, + ], + }, + }, + InfrastructureConfiguration86C7777D: { + Type: 'AWS::ImageBuilder::InfrastructureConfiguration', + Properties: { + Name: 'stack-infrastructureconfiguration-fa45cca8', + InstanceProfileName: { + Ref: 'InfrastructureConfigurationInstanceProfile8FD9235B', + }, + InstanceMetadataOptions: { + HttpTokens: 'required', + HttpPutResponseHopLimit: 2, + }, + }, + }, + }), + }); + }); + + test('does not attach the EC2InstanceProfileForImageBuilderECRContainerBuilds managed policy in container build contexts when a user-provided role is passed', () => { + const role = new iam.Role(stack, 'Role', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + managedPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore'), + iam.ManagedPolicy.fromAwsManagedPolicyName('EC2InstanceProfileForImageBuilder'), + ], + }); + const infrastructureConfiguration = new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { role }); + infrastructureConfiguration._bind({ isContainerBuild: true }); + + Template.fromStack(stack).templateMatches({ + Resources: Match.objectEquals({ + Role1ABCC5F0: { + Type: 'AWS::IAM::Role', + Properties: { + ManagedPolicyArns: [ + { + 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::aws:policy/AmazonSSMManagedInstanceCore']], + }, + { + 'Fn::Join': [ + '', + ['arn:', { Ref: 'AWS::Partition' }, ':iam::aws:policy/EC2InstanceProfileForImageBuilder'], + ], + }, + ], + AssumeRolePolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'ec2.amazonaws.com', + }, + }, + ], + }, + }, + }, + InfrastructureConfigurationInstanceProfile8FD9235B: { + Type: 'AWS::IAM::InstanceProfile', + Properties: { + Roles: [ + { + Ref: 'Role1ABCC5F0', + }, + ], + }, + }, + InfrastructureConfiguration86C7777D: { + Type: 'AWS::ImageBuilder::InfrastructureConfiguration', + Properties: { + Name: 'stack-infrastructureconfiguration-fa45cca8', + InstanceProfileName: { + Ref: 'InfrastructureConfigurationInstanceProfile8FD9235B', + }, + InstanceMetadataOptions: { + HttpTokens: 'required', + HttpPutResponseHopLimit: 2, + }, + }, + }, + }), + }); + }); + + test('does not pass an instance type list when it is empty', () => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { instanceTypes: [] }); + + Template.fromStack(stack).templateMatches({ + Resources: { + InfrastructureConfiguration86C7777D: Match.objectEquals({ + Type: 'AWS::ImageBuilder::InfrastructureConfiguration', + Properties: { + Name: 'stack-infrastructureconfiguration-fa45cca8', + InstanceProfileName: { + Ref: 'InfrastructureConfigurationInstanceProfile8FD9235B', + }, + InstanceMetadataOptions: { + HttpTokens: 'required', + HttpPutResponseHopLimit: 2, + }, + }, + }), + }, + }); + }); + + test('does not pass a security group list when it is empty', () => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { securityGroups: [] }); + + Template.fromStack(stack).templateMatches({ + Resources: { + InfrastructureConfiguration86C7777D: Match.objectEquals({ + Type: 'AWS::ImageBuilder::InfrastructureConfiguration', + Properties: { + Name: 'stack-infrastructureconfiguration-fa45cca8', + InstanceProfileName: { + Ref: 'InfrastructureConfigurationInstanceProfile8FD9235B', + }, + InstanceMetadataOptions: { + HttpTokens: 'required', + HttpPutResponseHopLimit: 2, + }, + }, + }), + }, + }); + }); + + test('correct permissions granted to instance profile role when a key prefix is provided', () => { + const instanceProfile = iam.InstanceProfile.fromInstanceProfileAttributes(stack, 'InstanceProfile', { + instanceProfileArn: 'arn:aws:iam::123456789012:instance-profile/EC2InstanceProfileForImageBuilder', + role: iam.Role.fromRoleName(stack, 'Role', 'EC2InstanceProfileForImageBuilderRole'), + }); + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + instanceProfile, + logging: { + s3Bucket: s3.Bucket.fromBucketName(stack, 'S3Bucket', 'imagebuilder-logging-bucket'), + s3KeyPrefix: 'imagebuilder-logs', + }, + }); + + Template.fromStack(stack).templateMatches({ + Resources: { + RolePolicy72E7D967: Match.objectEquals({ + Type: 'AWS::IAM::Policy', + Properties: { + PolicyName: 'RolePolicy72E7D967', + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Effect: 'Allow', + Action: Match.arrayWith(['s3:PutObject']), + Resource: { + 'Fn::Join': [ + '', + ['arn:', { Ref: 'AWS::Partition' }, ':s3:::imagebuilder-logging-bucket/imagebuilder-logs/*'], + ], + }, + }, + ], + }, + Roles: ['EC2InstanceProfileForImageBuilderRole'], + }, + }), + }, + }); + }); + + test('no permissions are granted to instance profile role when a key prefix is not provided', () => { + const instanceProfile = iam.InstanceProfile.fromInstanceProfileAttributes(stack, 'InstanceProfile', { + instanceProfileArn: 'arn:aws:iam::123456789012:instance-profile/EC2InstanceProfileForImageBuilder', + role: iam.Role.fromRoleName(stack, 'Role', 'EC2InstanceProfileForImageBuilderRole'), + }); + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + instanceProfile, + logging: { + s3Bucket: s3.Bucket.fromBucketName(stack, 'S3Bucket', 'imagebuilder-logging-bucket'), + }, + }); + + Template.fromStack(stack).resourceCountIs('AWS::IAM::Policy', 0); + }); + + test('grants read access to IAM roles', () => { + const infrastructureConfiguration = new InfrastructureConfiguration(stack, 'InfrastructureConfiguration'); + const role = new iam.Role(stack, 'Role', { assumedBy: new iam.AccountPrincipal('123456789012') }); + + infrastructureConfiguration.grantRead(role); + + const template = Template.fromStack(stack); + + template.resourceCountIs('AWS::IAM::InstanceProfile', 1); + template.resourceCountIs('AWS::IAM::Policy', 1); + template.resourceCountIs('AWS::IAM::Role', 2); + template.resourceCountIs('AWS::ImageBuilder::InfrastructureConfiguration', 1); + expect(Object.keys(template.toJSON().Resources)).toHaveLength(5); + + template.hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + AWS: { + 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::123456789012:root']], + }, + }, + }, + ], + }, + }); + + template.hasResourceProperties('AWS::IAM::Policy', { + PolicyName: Match.anyValue(), + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Effect: 'Allow', + Action: 'imagebuilder:GetInfrastructureConfiguration', + Resource: { + 'Fn::GetAtt': ['InfrastructureConfiguration86C7777D', 'Arn'], + }, + }, + ], + }, + Roles: [ + { + Ref: 'Role1ABCC5F0', + }, + ], + }); + }); + + test('grants permissions to IAM roles', () => { + const infrastructureConfiguration = new InfrastructureConfiguration(stack, 'InfrastructureConfiguration'); + const role = new iam.Role(stack, 'Role', { assumedBy: new iam.AccountPrincipal('123456789012') }); + + infrastructureConfiguration.grant( + role, + 'imagebuilder:DeleteInfrastructureConfiguration', + 'imagebuilder:UpdateInfrastructureConfiguration', + ); + + const template = Template.fromStack(stack); + + template.resourceCountIs('AWS::IAM::InstanceProfile', 1); + template.resourceCountIs('AWS::IAM::Policy', 1); + template.resourceCountIs('AWS::IAM::Role', 2); + template.resourceCountIs('AWS::ImageBuilder::InfrastructureConfiguration', 1); + expect(Object.keys(template.toJSON().Resources)).toHaveLength(5); + + template.hasResourceProperties( + 'AWS::IAM::Role', + Match.objectEquals({ + AssumeRolePolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + AWS: { + 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::123456789012:root']], + }, + }, + }, + ], + }, + }), + ); + + template.hasResourceProperties( + 'AWS::IAM::Policy', + Match.objectEquals({ + PolicyName: Match.anyValue(), + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Effect: 'Allow', + Action: [ + 'imagebuilder:DeleteInfrastructureConfiguration', + 'imagebuilder:UpdateInfrastructureConfiguration', + ], + Resource: { + 'Fn::GetAtt': ['InfrastructureConfiguration86C7777D', 'Arn'], + }, + }, + ], + }, + Roles: [ + { + Ref: 'Role1ABCC5F0', + }, + ], + }), + ); + }); + + test('throws a validation error when the resource name is too long', () => { + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + infrastructureConfigurationName: 'a'.repeat(129), + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when the resource name contains spaces', () => { + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + infrastructureConfigurationName: 'a b c', + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when the resource name contains underscores', () => { + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + infrastructureConfigurationName: 'a_b_c', + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when the resource name contains uppercase characters', () => { + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + infrastructureConfigurationName: 'aBc', + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error an a subnet selection is provided without a VPC', () => { + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + subnetSelection: { + subnetFilters: [ec2.SubnetFilter.byIds(['subnet-12345678'])], + }, + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when no subnets are selected from the VPC', () => { + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + vpc: ec2.Vpc.fromVpcAttributes(stack, 'Vpc', { + vpcId: 'vpc-123', + availabilityZones: ['us-east-1a'], + publicSubnetIds: ['subnet-12345678'], + privateSubnetIds: ['subnet-87654321'], + }), + subnetSelection: { subnetFilters: [ec2.SubnetFilter.byIds([])] }, + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when an instance profile and role are provided', () => { + const instanceProfile = iam.InstanceProfile.fromInstanceProfileName( + stack, + 'InstanceProfile', + 'ImportedInstanceProfile', + ); + const role = new iam.Role(stack, 'Role', { assumedBy: new iam.AccountPrincipal('123456789012') }); + + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + instanceProfile, + role, + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when tenancy is host without a host ID or host resource group ARN', () => { + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + ec2InstanceTenancy: Tenancy.HOST, + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when tenancy is not host but a host ID is provided', () => { + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + ec2InstanceHostId: 'h-12345678', + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when tenancy is not host but a host resource group ARN is provided', () => { + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + ec2InstanceTenancy: Tenancy.DEDICATED, + ec2InstanceHostResourceGroupArn: 'arn:aws:resource-groups:us-east-1:123456789012:group/host-group', + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when both a host ID and host resource group ARN is provided', () => { + expect(() => { + new InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + ec2InstanceTenancy: Tenancy.HOST, + ec2InstanceHostId: 'h-12345678', + ec2InstanceHostResourceGroupArn: 'arn:aws:resource-groups:us-east-1:123456789012:group/host-group', + }); + }).toThrow(cdk.ValidationError); + }); +}); diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets.json new file mode 100644 index 0000000000000..c8da5f4c9085f --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732 Template", + "source": { + "path": "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-d8d86b35": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.assets.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.assets.json new file mode 100644 index 0000000000000..7dc4854ada073 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "b965cfcbba6a8fcc8f58243c7805be8569c1327f69a41007cfb25a342621f581": { + "displayName": "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters Template", + "source": { + "path": "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-ff7a9371": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "b965cfcbba6a8fcc8f58243c7805be8569c1327f69a41007cfb25a342621f581.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.template.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.template.json new file mode 100644 index 0000000000000..6c4d0c33fbb63 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.template.json @@ -0,0 +1,163 @@ +{ + "Resources": { + "NotificationTopicEB7A0DF1": { + "Type": "AWS::SNS::Topic" + }, + "EC2InstanceProfileForImageBuilderRole27031449": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "EC2InstanceProfileForImageBuilderRoleDefaultPolicy22D6CD5C": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "LogBucketCC3B17E8", + "Arn" + ] + }, + "/imagebuilder-logs/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "EC2InstanceProfileForImageBuilderRoleDefaultPolicy22D6CD5C", + "Roles": [ + { + "Ref": "EC2InstanceProfileForImageBuilderRole27031449" + } + ] + } + }, + "EC2InstanceProfileForImageBuilderA043DE9F": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "EC2InstanceProfileForImageBuilderRole27031449" + } + ] + } + }, + "LogBucketCC3B17E8": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "InfrastructureConfiguration86C7777D": { + "Type": "AWS::ImageBuilder::InfrastructureConfiguration", + "Properties": { + "Description": "This is an infrastructure configuration.", + "InstanceMetadataOptions": { + "HttpPutResponseHopLimit": 1, + "HttpTokens": "required" + }, + "InstanceProfileName": { + "Ref": "EC2InstanceProfileForImageBuilderA043DE9F" + }, + "InstanceTypes": [ + "m7i-flex.large", + "c7g.medium" + ], + "Logging": { + "S3Logs": { + "S3BucketName": { + "Ref": "LogBucketCC3B17E8" + }, + "S3KeyPrefix": "imagebuilder-logs" + } + }, + "Name": "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters-infrastructureconfiguration-4171ee68", + "Placement": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "Tenancy": "default" + }, + "ResourceTags": { + "infraTag1": "infraValue1", + "infraTag2": "infraValue2" + }, + "SnsTopicArn": { + "Ref": "NotificationTopicEB7A0DF1" + }, + "Tags": { + "key1": "value1", + "key2": "value2" + }, + "TerminateInstanceOnFailure": true + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/cdk.out b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/cdk.out new file mode 100644 index 0000000000000..523a9aac37cbf --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"48.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/integ.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/integ.json new file mode 100644 index 0000000000000..d65088438f7bb --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "48.0.0", + "testCases": { + "InfrastructureConfigurationTest/DefaultTest": { + "stacks": [ + "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters" + ], + "assertionStack": "InfrastructureConfigurationTest/DefaultTest/DeployAssert", + "assertionStackName": "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732" + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/manifest.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/manifest.json new file mode 100644 index 0000000000000..45e65f61fc5b1 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/manifest.json @@ -0,0 +1,729 @@ +{ + "version": "48.0.0", + "artifacts": { + "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b965cfcbba6a8fcc8f58243c7805be8569c1327f69a41007cfb25a342621f581.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters.assets" + ], + "metadata": { + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/NotificationTopic": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/NotificationTopic/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "NotificationTopicEB7A0DF1" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilderRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + } + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToPrincipalPolicy": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachInlinePolicy": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachInlinePolicy": [ + "*" + ] + } + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilderRole/ImportEC2InstanceProfileForImageBuilderRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilderRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EC2InstanceProfileForImageBuilderRole27031449" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilderRole/DefaultPolicy": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachToRole": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachToRole": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addStatements": [ + {} + ] + } + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilderRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EC2InstanceProfileForImageBuilderRoleDefaultPolicy22D6CD5C" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilder": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "role": "*" + } + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilder/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EC2InstanceProfileForImageBuilderA043DE9F" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/LogBucket": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "removalPolicy": "destroy" + } + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/LogBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogBucketCC3B17E8" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/InfrastructureConfiguration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InfrastructureConfiguration86C7777D", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-imagebuilder-infrastructure-configuration-all-parameters" + }, + "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets" + ], + "metadata": { + "/InfrastructureConfigurationTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/InfrastructureConfigurationTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "InfrastructureConfigurationTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "recommendedValue": true, + "explanation": "Pass signingProfileName to CfnSigningProfile" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "recommendedValue": true, + "explanation": "Disable implicit openListener when custom security groups are provided" + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": { + "userValue": false, + "recommendedValue": false, + "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**" + }, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**" + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { + "recommendedValue": true, + "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" + } + } + } + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/tree.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/tree.json new file mode 100644 index 0000000000000..7f6bc744d9937 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.js.snapshot/tree.json @@ -0,0 +1 @@ +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters":{"id":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"NotificationTopic":{"id":"NotificationTopic","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/NotificationTopic","constructInfo":{"fqn":"aws-cdk-lib.aws_sns.Topic","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/NotificationTopic/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_sns.CfnTopic","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::SNS::Topic","aws:cdk:cloudformation:props":{}}}}},"EC2InstanceProfileForImageBuilderRole":{"id":"EC2InstanceProfileForImageBuilderRole","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilderRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportEC2InstanceProfileForImageBuilderRole":{"id":"ImportEC2InstanceProfileForImageBuilderRole","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilderRole/ImportEC2InstanceProfileForImageBuilderRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilderRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilderRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilderRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["s3:Abort*","s3:PutObject","s3:PutObjectLegalHold","s3:PutObjectRetention","s3:PutObjectTagging","s3:PutObjectVersionTagging"],"Effect":"Allow","Resource":{"Fn::Join":["",[{"Fn::GetAtt":["LogBucketCC3B17E8","Arn"]},"/imagebuilder-logs/*"]]}}],"Version":"2012-10-17"},"policyName":"EC2InstanceProfileForImageBuilderRoleDefaultPolicy22D6CD5C","roles":[{"Ref":"EC2InstanceProfileForImageBuilderRole27031449"}]}}}}}}},"EC2InstanceProfileForImageBuilder":{"id":"EC2InstanceProfileForImageBuilder","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilder","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.InstanceProfile","version":"0.0.0","metadata":[{"role":"*"}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/EC2InstanceProfileForImageBuilder/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnInstanceProfile","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::InstanceProfile","aws:cdk:cloudformation:props":{"roles":[{"Ref":"EC2InstanceProfileForImageBuilderRole27031449"}]}}}}},"LogBucket":{"id":"LogBucket","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/LogBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"0.0.0","metadata":[{"removalPolicy":"destroy"}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/LogBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{}}}}},"InfrastructureConfiguration":{"id":"InfrastructureConfiguration","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/InfrastructureConfiguration","constructInfo":{"fqn":"@aws-cdk/aws-imagebuilder-alpha.InfrastructureConfiguration","version":"0.0.0","metadata":[]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/InfrastructureConfiguration/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_imagebuilder.CfnInfrastructureConfiguration","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ImageBuilder::InfrastructureConfiguration","aws:cdk:cloudformation:props":{"description":"This is an infrastructure configuration.","instanceMetadataOptions":{"httpTokens":"required","httpPutResponseHopLimit":1},"instanceProfileName":{"Ref":"EC2InstanceProfileForImageBuilderA043DE9F"},"instanceTypes":["m7i-flex.large","c7g.medium"],"logging":{"s3Logs":{"s3BucketName":{"Ref":"LogBucketCC3B17E8"},"s3KeyPrefix":"imagebuilder-logs"}},"name":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters-infrastructureconfiguration-4171ee68","placement":{"availabilityZone":{"Fn::Select":[0,{"Fn::GetAZs":""}]},"tenancy":"default"},"resourceTags":{"infraTag1":"infraValue1","infraTag2":"infraValue2"},"snsTopicArn":{"Ref":"NotificationTopicEB7A0DF1"},"tags":{"key1":"value1","key2":"value2"},"terminateInstanceOnFailure":true}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-imagebuilder-infrastructure-configuration-all-parameters/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"InfrastructureConfigurationTest":{"id":"InfrastructureConfigurationTest","path":"InfrastructureConfigurationTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"InfrastructureConfigurationTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"InfrastructureConfigurationTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"InfrastructureConfigurationTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"InfrastructureConfigurationTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"InfrastructureConfigurationTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.ts b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.ts new file mode 100644 index 0000000000000..7c2ba41991184 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.infrastructure-configuration.ts @@ -0,0 +1,51 @@ +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as sns from 'aws-cdk-lib/aws-sns'; +import * as imagebuilder from '../lib'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-imagebuilder-infrastructure-configuration-all-parameters'); + +const topic = new sns.Topic(stack, 'NotificationTopic'); +const instanceProfile = new iam.InstanceProfile(stack, 'EC2InstanceProfileForImageBuilder', { + role: new iam.Role(stack, 'EC2InstanceProfileForImageBuilderRole', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + }), +}); +const bucket = new s3.Bucket(stack, 'LogBucket', { + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +new imagebuilder.InfrastructureConfiguration(stack, 'InfrastructureConfiguration', { + instanceProfile: instanceProfile, + description: 'This is an infrastructure configuration.', + ec2InstanceAvailabilityZone: stack.availabilityZones[0], + ec2InstanceTenancy: imagebuilder.Tenancy.DEFAULT, + httpPutResponseHopLimit: 1, + httpTokens: imagebuilder.HttpTokens.REQUIRED, + instanceTypes: [ + ec2.InstanceType.of(ec2.InstanceClass.M7I_FLEX, ec2.InstanceSize.LARGE), + ec2.InstanceType.of(ec2.InstanceClass.C7G, ec2.InstanceSize.MEDIUM), + ], + logging: { + s3Bucket: bucket, + s3KeyPrefix: 'imagebuilder-logs', + }, + notificationTopic: topic, + resourceTags: { + infraTag1: 'infraValue1', + infraTag2: 'infraValue2', + }, + tags: { + key1: 'value1', + key2: 'value2', + }, + terminateInstanceOnFailure: true, +}); + +new integ.IntegTest(app, 'InfrastructureConfigurationTest', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets.json new file mode 100644 index 0000000000000..c8da5f4c9085f --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732 Template", + "source": { + "path": "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-d8d86b35": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.assets.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.assets.json new file mode 100644 index 0000000000000..327729a75a2ae --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "0675bbd978376490e5ba7f15b6af0c6cd574048f80c1879faa161472caaf6dbd": { + "displayName": "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters Template", + "source": { + "path": "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-f284b783": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "0675bbd978376490e5ba7f15b6af0c6cd574048f80c1879faa161472caaf6dbd.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.template.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.template.json new file mode 100644 index 0000000000000..555cc3a10175f --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.template.json @@ -0,0 +1,104 @@ +{ + "Resources": { + "InfrastructureConfigurationInstanceProfileRole3AFA1533": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonSSMManagedInstanceCore" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/EC2InstanceProfileForImageBuilder" + ] + ] + } + ] + } + }, + "InfrastructureConfigurationInstanceProfile8FD9235B": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "InfrastructureConfigurationInstanceProfileRole3AFA1533" + } + ] + } + }, + "InfrastructureConfiguration86C7777D": { + "Type": "AWS::ImageBuilder::InfrastructureConfiguration", + "Properties": { + "InstanceMetadataOptions": { + "HttpPutResponseHopLimit": 2, + "HttpTokens": "required" + }, + "InstanceProfileName": { + "Ref": "InfrastructureConfigurationInstanceProfile8FD9235B" + }, + "Name": "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters-infrastructureconfiguration-c323aaea" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/cdk.out b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/cdk.out new file mode 100644 index 0000000000000..523a9aac37cbf --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"48.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/integ.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/integ.json new file mode 100644 index 0000000000000..f346c7fc35cd4 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "48.0.0", + "testCases": { + "InfrastructureConfigurationTest/DefaultTest": { + "stacks": [ + "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters" + ], + "assertionStack": "InfrastructureConfigurationTest/DefaultTest/DeployAssert", + "assertionStackName": "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732" + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/manifest.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/manifest.json new file mode 100644 index 0000000000000..1b6a4e3b4c846 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/manifest.json @@ -0,0 +1,648 @@ +{ + "version": "48.0.0", + "artifacts": { + "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0675bbd978376490e5ba7f15b6af0c6cd574048f80c1879faa161472caaf6dbd.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters.assets" + ], + "metadata": { + "/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/InstanceProfileRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/InstanceProfileRole/ImportInstanceProfileRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/InstanceProfileRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InfrastructureConfigurationInstanceProfileRole3AFA1533" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/InstanceProfile": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "role": "*" + } + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/InstanceProfile/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InfrastructureConfigurationInstanceProfile8FD9235B" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InfrastructureConfiguration86C7777D" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-imagebuilder-infrastructure-configuration-default-parameters" + }, + "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "InfrastructureConfigurationTestDefaultTestDeployAssert6566C732.assets" + ], + "metadata": { + "/InfrastructureConfigurationTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/InfrastructureConfigurationTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "InfrastructureConfigurationTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "recommendedValue": true, + "explanation": "Pass signingProfileName to CfnSigningProfile" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "recommendedValue": true, + "explanation": "Disable implicit openListener when custom security groups are provided" + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": { + "userValue": false, + "recommendedValue": false, + "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**" + }, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**" + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { + "recommendedValue": true, + "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" + } + } + } + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/tree.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/tree.json new file mode 100644 index 0000000000000..4e271367c893d --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.js.snapshot/tree.json @@ -0,0 +1 @@ +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters":{"id":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters","path":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"InfrastructureConfiguration":{"id":"InfrastructureConfiguration","path":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration","constructInfo":{"fqn":"@aws-cdk/aws-imagebuilder-alpha.InfrastructureConfiguration","version":"0.0.0","metadata":[]},"children":{"InstanceProfileRole":{"id":"InstanceProfileRole","path":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/InstanceProfileRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"},{"managedPolicyArn":"*"}]}]},"children":{"ImportInstanceProfileRole":{"id":"ImportInstanceProfileRole","path":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/InstanceProfileRole/ImportInstanceProfileRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/InstanceProfileRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/AmazonSSMManagedInstanceCore"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/EC2InstanceProfileForImageBuilder"]]}]}}}}},"InstanceProfile":{"id":"InstanceProfile","path":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/InstanceProfile","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.InstanceProfile","version":"0.0.0","metadata":[{"role":"*"}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/InstanceProfile/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnInstanceProfile","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::InstanceProfile","aws:cdk:cloudformation:props":{"roles":[{"Ref":"InfrastructureConfigurationInstanceProfileRole3AFA1533"}]}}}}},"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/InfrastructureConfiguration/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_imagebuilder.CfnInfrastructureConfiguration","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ImageBuilder::InfrastructureConfiguration","aws:cdk:cloudformation:props":{"instanceMetadataOptions":{"httpTokens":"required","httpPutResponseHopLimit":2},"instanceProfileName":{"Ref":"InfrastructureConfigurationInstanceProfile8FD9235B"},"name":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters-infrastructureconfiguration-c323aaea"}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-imagebuilder-infrastructure-configuration-default-parameters/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"InfrastructureConfigurationTest":{"id":"InfrastructureConfigurationTest","path":"InfrastructureConfigurationTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"InfrastructureConfigurationTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"InfrastructureConfigurationTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"InfrastructureConfigurationTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"InfrastructureConfigurationTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"InfrastructureConfigurationTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.ts b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.ts new file mode 100644 index 0000000000000..240b7c5cd8dd8 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.infrastructure-configuration.ts @@ -0,0 +1,12 @@ +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import * as imagebuilder from '../lib'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-imagebuilder-infrastructure-configuration-default-parameters'); + +new imagebuilder.InfrastructureConfiguration(stack, 'InfrastructureConfiguration'); + +new integ.IntegTest(app, 'InfrastructureConfigurationTest', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/tsconfig.json b/packages/@aws-cdk/aws-imagebuilder-alpha/tsconfig.json new file mode 100644 index 0000000000000..2b326e452cfbc --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/tsconfig.json @@ -0,0 +1,51 @@ +{ + "compilerOptions": { + "declarationMap": false, + "inlineSourceMap": true, + "inlineSources": true, + "alwaysStrict": true, + "declaration": true, + "incremental": true, + "lib": [ + "es2022" + ], + "module": "commonjs", + "noEmitOnError": true, + "noFallthroughCasesInSwitch": true, + "noImplicitAny": true, + "noImplicitReturns": true, + "noImplicitThis": true, + "noUnusedLocals": true, + "noUnusedParameters": true, + "resolveJsonModule": true, + "skipLibCheck": true, + "strict": true, + "strictNullChecks": true, + "strictPropertyInitialization": true, + "stripInternal": false, + "target": "es2022", + "composite": true, + "tsBuildInfoFile": "tsconfig.tsbuildinfo", + "esModuleInterop": false + }, + "include": [ + "**/*.ts" + ], + "exclude": [ + "node_modules" + ], + "references": [ + { + "path": "../../aws-cdk-lib" + }, + { + "path": "../../../tools/@aws-cdk/cdk-build-tools" + }, + { + "path": "../../../tools/@aws-cdk/pkglint" + }, + { + "path": "../integ-tests-alpha" + } + ] +}