Update to version v1.85.0

.viperlightignore

@@ -16,7 +16,7 @@ source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunc
 source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.apigateway-sqs-crud.expected.json:193
 source/tools/cdk-integ-tools/package-lock.json:373
 source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.js:115
-source/patterns/@aws-solutions-constructs/core/test/lambda-helper.test.ts:296
+source/patterns/@aws-solutions-constructs/core/test/lambda-helper.test.ts:297
 source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts:102
 source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts:219
 source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts:185

CHANGELOG.md

@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## 1.85.0 (2021-02-05)
+
+### Changed
+- Upgraded all patterns to CDK v1.85.0
+- Updated READMEs for all `aws-cloudfront-*` patterns to address ([#127](https://github.com/awslabs/aws-solutions-constructs/issues/127))
+- Fixed the bug related to lambda permission name collision when chaining two constructs that require to add LambdaInvokePermission
+
 ## 1.84.0 (2021-01-29)
 
 ### Changed

source/lerna.json

@@ -6,5 +6,5 @@
     "./patterns/@aws-solutions-constructs/*"
   ],
   "rejectCycles": "true",
-  "version": "1.84.0"
+  "version": "1.85.0"
 }

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/README.md

@@ -57,7 +57,7 @@ _Parameters_
 |existingLambdaObj?|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.Function.html)|Existing instance of Lambda Function object, if this is set then the lambdaFunctionProps is ignored.|
 |lambdaFunctionProps?|[`lambda.FunctionProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.FunctionProps.html)|User provided props to override the default props for the Lambda function.|
 |apiGatewayProps?|[`api.LambdaRestApiProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.LambdaRestApiProps.html)|Optional user provided props to override the default props for API Gateway|
-|cloudFrontDistributionProps?|[`cloudfront.CloudFrontWebDistributionProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.CloudFrontWebDistributionProps.html)|Optional user provided props to override the default props for CloudFront Distribution|
+|cloudFrontDistributionProps?|[`cloudfront.DistributionProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.DistributionProps.html)|Optional user provided props to override the default props for CloudFront Distribution|
 |insertHttpSecurityHeaders?|`boolean`|Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront|
 |logGroupProps?|[`logs.LogGroupProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroupProps.html)|User provided props to override the default props for for the CloudWatchLogs LogGroup.|
 

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/README.md

@@ -74,7 +74,7 @@ _Parameters_
 | **Name**     | **Type**        | **Description** |
 |:-------------|:----------------|-----------------|
 |existingApiGatewayObj|[`api.RestApi`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html)|The regional API Gateway that will be fronted with the CloudFront|
-|cloudFrontDistributionProps?|[`cloudfront.CloudFrontWebDistributionProps | any`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.CloudFrontWebDistributionProps.html)|Optional user provided props to override the default props for CloudFront Distribution|
+|cloudFrontDistributionProps?|[`cloudfront.DistributionProps | any`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.DistributionProps.html)|Optional user provided props to override the default props for CloudFront Distribution|
 |insertHttpSecurityHeaders?|`boolean`|Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront|
 ## Pattern Properties
 

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/README.md

@@ -51,7 +51,7 @@ _Parameters_
 |:-------------|:----------------|-----------------|
 |existingBucketObj?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.Bucket.html)|Existing instance of S3 Bucket object, if this is set then the bucketProps is ignored.|
 |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|User provided props to override the default props for the S3 Bucket.|
-|cloudFrontDistributionProps?|[`cloudfront.CloudFrontWebDistributionProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.CloudFrontWebDistributionProps.html)|Optional user provided props to override the default props for CloudFront Distribution|
+|cloudFrontDistributionProps?|[`cloudfront.DistributionProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.DistributionProps.html)|Optional user provided props to override the default props for CloudFront Distribution|
 |insertHttpSecurityHeaders?|`boolean`|Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront|
 
 ## Pattern Properties

source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/lib/index.ts

@@ -74,7 +74,7 @@ export class EventsRuleToLambda extends Construct {
 
     this.eventsRule = new events.Rule(this, 'EventsRule', eventsRuleProps);
 
-    this.lambdaFunction.addPermission("LambdaInvokePermission", {
+    defaults.addPermission(this.lambdaFunction, "AwsEventsLambdaInvokePermission", {
       principal: new iam.ServicePrincipal('events.amazonaws.com'),
       sourceArn: this.eventsRule.ruleArn
     });

source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap

@@ -108,7 +108,7 @@ Object {
       },
       "Type": "AWS::Lambda::Function",
     },
-    "testeventsrulelambdaLambdaFunctionLambdaInvokePermission803B9778": Object {
+    "testeventsrulelambdaLambdaFunctionAwsEventsLambdaInvokePermission1CC45551C": Object {
       "Properties": Object {
         "Action": "lambda:InvokeFunction",
         "FunctionName": Object {

source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/integ.events-rule-no-argument.expected.json

@@ -130,19 +130,19 @@
             ]
           }
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "testeventsrulelambdaLambdaFunctionServiceRole61DEA405",
             "Arn"
           ]
         },
-        "Runtime": "nodejs12.x",
         "Environment": {
           "Variables": {
             "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
           }
         },
+        "Handler": "index.handler",
+        "Runtime": "nodejs12.x",
         "TracingConfig": {
           "Mode": "Active"
         }
@@ -162,7 +162,7 @@
         }
       }
     },
-    "testeventsrulelambdaLambdaFunctionLambdaInvokePermission803B9778": {
+    "testeventsrulelambdaLambdaFunctionAwsEventsLambdaInvokePermission1CC45551C": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",

source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap

@@ -39,6 +39,25 @@ Object {
       },
       "Type": "AWS::IoT::TopicRule",
     },
+    "testiotlambdadynamodbstackIotToLambdaLambdaFunctionAwsIotLambdaInvokePermission1CF07890C": Object {
+      "Properties": Object {
+        "Action": "lambda:InvokeFunction",
+        "FunctionName": Object {
+          "Fn::GetAtt": Array [
+            "testiotlambdadynamodbstackIotToLambdaLambdaFunctionDFEAF894",
+            "Arn",
+          ],
+        },
+        "Principal": "iot.amazonaws.com",
+        "SourceArn": Object {
+          "Fn::GetAtt": Array [
+            "testiotlambdadynamodbstackIotToLambdaIotTopic74F5E3BB",
+            "Arn",
+          ],
+        },
+      },
+      "Type": "AWS::Lambda::Permission",
+    },
     "testiotlambdadynamodbstackIotToLambdaLambdaFunctionDFEAF894": Object {
       "DependsOn": Array [
         "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleDefaultPolicyB43AD823",
@@ -115,25 +134,6 @@ Object {
       },
       "Type": "AWS::Lambda::Function",
     },
-    "testiotlambdadynamodbstackIotToLambdaLambdaFunctionLambdaInvokePermissionBD47A3C8": Object {
-      "Properties": Object {
-        "Action": "lambda:InvokeFunction",
-        "FunctionName": Object {
-          "Fn::GetAtt": Array [
-            "testiotlambdadynamodbstackIotToLambdaLambdaFunctionDFEAF894",
-            "Arn",
-          ],
-        },
-        "Principal": "iot.amazonaws.com",
-        "SourceArn": Object {
-          "Fn::GetAtt": Array [
-            "testiotlambdadynamodbstackIotToLambdaIotTopic74F5E3BB",
-            "Arn",
-          ],
-        },
-      },
-      "Type": "AWS::Lambda::Permission",
-    },
     "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleC57F7FDA": Object {
       "Properties": Object {
         "AssumeRolePolicyDocument": Object {

source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/integ.iot-lambda-dynamodb.expected.json

@@ -157,14 +157,12 @@
             ]
           }
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleC57F7FDA",
             "Arn"
           ]
         },
-        "Runtime": "nodejs10.x",
         "Environment": {
           "Variables": {
             "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
@@ -173,6 +171,8 @@
             }
           }
         },
+        "Handler": "index.handler",
+        "Runtime": "nodejs10.x",
         "TracingConfig": {
           "Mode": "Active"
         }
@@ -192,7 +192,7 @@
         }
       }
     },
-    "testiotlambdadynamodbstackIotToLambdaLambdaFunctionLambdaInvokePermissionBD47A3C8": {
+    "testiotlambdadynamodbstackIotToLambdaLambdaFunctionAwsIotLambdaInvokePermission1CF07890C": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",

source/patterns/@aws-solutions-constructs/aws-iot-lambda/lib/index.ts

@@ -72,7 +72,7 @@ export class IotToLambda extends Construct {
     // Create the IoT topic rule
     this.iotTopicRule = new iot.CfnTopicRule(this, 'IotTopic', iotTopicProps);
 
-    this.lambdaFunction.addPermission("LambdaInvokePermission", {
+    defaults.addPermission(this.lambdaFunction, "AwsIotLambdaInvokePermission", {
       principal: new iam.ServicePrincipal('iot.amazonaws.com'),
       sourceArn: this.iotTopicRule.attrArn
     });

source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap

@@ -39,6 +39,25 @@ Object {
       },
       "Type": "AWS::IoT::TopicRule",
     },
+    "testiotlambdaintegrationLambdaFunctionAwsIotLambdaInvokePermission184E45B6F": Object {
+      "Properties": Object {
+        "Action": "lambda:InvokeFunction",
+        "FunctionName": Object {
+          "Fn::GetAtt": Array [
+            "testiotlambdaintegrationLambdaFunctionC5329DBA",
+            "Arn",
+          ],
+        },
+        "Principal": "iot.amazonaws.com",
+        "SourceArn": Object {
+          "Fn::GetAtt": Array [
+            "testiotlambdaintegrationIotTopic18B6A735",
+            "Arn",
+          ],
+        },
+      },
+      "Type": "AWS::Lambda::Permission",
+    },
     "testiotlambdaintegrationLambdaFunctionC5329DBA": Object {
       "DependsOn": Array [
         "testiotlambdaintegrationLambdaFunctionServiceRoleDefaultPolicy0FB2AE4D",
@@ -112,25 +131,6 @@ Object {
       },
       "Type": "AWS::Lambda::Function",
     },
-    "testiotlambdaintegrationLambdaFunctionLambdaInvokePermissionC89CDD23": Object {
-      "Properties": Object {
-        "Action": "lambda:InvokeFunction",
-        "FunctionName": Object {
-          "Fn::GetAtt": Array [
-            "testiotlambdaintegrationLambdaFunctionC5329DBA",
-            "Arn",
-          ],
-        },
-        "Principal": "iot.amazonaws.com",
-        "SourceArn": Object {
-          "Fn::GetAtt": Array [
-            "testiotlambdaintegrationIotTopic18B6A735",
-            "Arn",
-          ],
-        },
-      },
-      "Type": "AWS::Lambda::Permission",
-    },
     "testiotlambdaintegrationLambdaFunctionServiceRole27C3EE41": Object {
       "Properties": Object {
         "AssumeRolePolicyDocument": Object {

source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-new-func.expected.json

@@ -130,19 +130,19 @@
             ]
           }
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "testiotlambdaintegrationLambdaFunctionServiceRole27C3EE41",
             "Arn"
           ]
         },
-        "Runtime": "nodejs10.x",
         "Environment": {
           "Variables": {
             "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
           }
         },
+        "Handler": "index.handler",
+        "Runtime": "nodejs10.x",
         "TracingConfig": {
           "Mode": "Active"
         }
@@ -162,7 +162,7 @@
         }
       }
     },
-    "testiotlambdaintegrationLambdaFunctionLambdaInvokePermissionC89CDD23": {
+    "testiotlambdaintegrationLambdaFunctionAwsIotLambdaInvokePermission184E45B6F": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",

source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-use-existing-func.expected.json

@@ -130,19 +130,19 @@
             ]
           }
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "LambdaFunctionServiceRole0C4CDE0B",
             "Arn"
           ]
         },
-        "Runtime": "nodejs10.x",
         "Environment": {
           "Variables": {
             "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
           }
         },
+        "Handler": "index.handler",
+        "Runtime": "nodejs10.x",
         "TracingConfig": {
           "Mode": "Active"
         }
@@ -162,7 +162,7 @@
         }
       }
     },
-    "LambdaFunctionLambdaInvokePermissionC135C9F1": {
+    "LambdaFunctionAwsIotLambdaInvokePermission13FA2DACB": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",

source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts

@@ -180,3 +180,35 @@ export function deployLambdaFunction(scope: cdk.Construct,
 
   return lambdafunction;
 }
+
+// A wrapper above Function.addPermision that
+// prevents two different calls to addPermission using
+// the same construct id.
+export function addPermission(targetFunction: lambda.Function, name: string, permission: lambda.Permission): any {
+  targetFunction.addPermission(GetNextId(targetFunction.permissionsNode.children, name), permission);
+}
+
+// Scan the current permissions for any entries with this core name and
+// return the first available synthesized name. Names are coreName-suffix.
+function GetNextId(children: cdk.IConstruct[], coreName: string): string {
+  let lastSuffix: number = 0;
+
+  children.forEach(child => {
+
+    // if (compare right side of string)
+    if (child.node.id.indexOf(coreName) === 0) {
+      const components = child.node.id.split('-');
+      if (components.length !== 2) {
+        throw new Error("Incorrectly formatted synthesized construct ID");
+      }
+
+      const usedSuffix = Number(components[1]);
+      if (usedSuffix > lastSuffix) {
+        lastSuffix = usedSuffix;
+      }
+    }
+
+  });
+
+  return `${coreName}-${lastSuffix + 1}`;
+}