Merge pull request #1054 from awslabs/bump/2.49.0

chore(release): 2.49.0

CHANGELOG.md

@@ -2,6 +2,16 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.49.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.48.0...v2.49.0) (2024-01-23)
+
+Built on CDK v2.118.0
+
+### Bug Fixes
+
+* **aws-clloudfront-s3:** do not create s3 access log bucket for cf log bucket when an existing bucket is provided (PR [1052](https://github.com/awslabs/aws-solutions-constructs/pull/1052))
+
+* **aws-clloudfront-s3:** insert empty originAccessIdentity (PR [1053](https://github.com/awslabs/aws-solutions-constructs/pull/1053))
+
 ## [2.48.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.47.0...v2.48.0) (2024-01-09)
 
 Built on CDK v2.111.0

deployment/v2/align-version.js

@@ -10,7 +10,7 @@ const findVersion = process.argv[2];
 const replaceVersion = process.argv[3];
 
 // these versions need to be sourced from a config file
-const awsCdkLibVersion = '2.111.0';
+const awsCdkLibVersion = '2.118.0';
 const constructsVersion = '10.0.0';
 const MODULE_EXEMPTIONS = new Set([
   '@aws-cdk/cloudformation-diff',

source/lerna.json

@@ -6,5 +6,5 @@
     "./patterns/@aws-solutions-constructs/*"
   ],
   "rejectCycles": "true",
-  "version": "2.48.0"
+  "version": "2.49.0"
 }

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.cftaplam-customCloudfrontLoggingBucket.expected.json

@@ -115,6 +115,7 @@
     "cftaplamcustomCloudfrontLoggingBucketauthorizer4D180075": {
       "Type": "AWS::ApiGateway::Authorizer",
       "Properties": {
+        "AuthorizerResultTtlInSeconds": 300,
         "AuthorizerUri": {
           "Fn::Join": [
             "",

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.cftaplam-no-arguments.expected.json

@@ -115,6 +115,7 @@
     "cftaplamnoargumentsauthorizerD7B341B1": {
       "Type": "AWS::ApiGateway::Authorizer",
       "Properties": {
+        "AuthorizerResultTtlInSeconds": 300,
         "AuthorizerUri": {
           "Fn::Join": [
             "",

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.cftaplam-override-behavior.expected.json

@@ -163,6 +163,7 @@
     "cftaplamoverridebehaviorauthorizer74D77225": {
       "Type": "AWS::ApiGateway::Authorizer",
       "Properties": {
+        "AuthorizerResultTtlInSeconds": 300,
         "AuthorizerUri": {
           "Fn::Join": [
             "",

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.cftapi-customCloudfrontLoggingBucket.expected.json

@@ -186,6 +186,7 @@
     "cftapicustomCloudfrontLoggingBucketapiauthorizerEDC48D75": {
       "Type": "AWS::ApiGateway::Authorizer",
       "Properties": {
+        "AuthorizerResultTtlInSeconds": 300,
         "AuthorizerUri": {
           "Fn::Join": [
             "",

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.cftapi-no-arguments.expected.json

@@ -186,6 +186,7 @@
     "cftapinoargumentsapiauthorizer4CAD6709": {
       "Type": "AWS::ApiGateway::Authorizer",
       "Properties": {
+        "AuthorizerResultTtlInSeconds": 300,
         "AuthorizerUri": {
           "Fn::Join": [
             "",

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json

@@ -580,7 +580,9 @@
                   "Id"
                 ]
               },
-              "S3OriginConfig": {}
+              "S3OriginConfig": {
+                "OriginAccessIdentity": ""
+              }
             }
           ]
         }

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json

@@ -538,7 +538,9 @@
                   "Id"
                 ]
               },
-              "S3OriginConfig": {}
+              "S3OriginConfig": {
+                "OriginAccessIdentity": ""
+              }
             }
           ]
         }

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json

@@ -580,7 +580,9 @@
                   "Id"
                 ]
               },
-              "S3OriginConfig": {}
+              "S3OriginConfig": {
+                "OriginAccessIdentity": ""
+              }
             }
           ]
         }

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-custom-headers.expected.json

@@ -849,7 +849,9 @@
                   "Id"
                 ]
               },
-              "S3OriginConfig": {}
+              "S3OriginConfig": {
+                "OriginAccessIdentity": ""
+              }
             }
           ]
         }

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-custom-originPath.expected.json

@@ -818,7 +818,9 @@
                 ]
               },
               "OriginPath": "/testPath",
-              "S3OriginConfig": {}
+              "S3OriginConfig": {
+                "OriginAccessIdentity": ""
+              }
             }
           ]
         }

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json

@@ -568,7 +568,9 @@
                   "Id"
                 ]
               },
-              "S3OriginConfig": {}
+              "S3OriginConfig": {
+                "OriginAccessIdentity": ""
+              }
             }
           ]
         }

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-customLoggingBuckets.expected.json

@@ -855,7 +855,9 @@
                   "Id"
                 ]
               },
-              "S3OriginConfig": {}
+              "S3OriginConfig": {
+                "OriginAccessIdentity": ""
+              }
             }
           ]
         }

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-existing-bucket.expected.json

@@ -904,7 +904,9 @@
                   "Id"
                 ]
               },
-              "S3OriginConfig": {}
+              "S3OriginConfig": {
+                "OriginAccessIdentity": ""
+              }
             },
             {
               "DomainName": {

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-no-arguments.expected.json

@@ -827,7 +827,9 @@
                   "Id"
                 ]
               },
-              "S3OriginConfig": {}
+              "S3OriginConfig": {
+                "OriginAccessIdentity": ""
+              }
             }
           ]
         }

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-no-security-headers.expected.json

@@ -794,7 +794,9 @@
                   "Id"
                 ]
               },
-              "S3OriginConfig": {}
+              "S3OriginConfig": {
+                "OriginAccessIdentity": ""
+              }
             }
           ]
         }

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts

@@ -589,3 +589,17 @@ test("If a customer provides their own httpOrigin, or other origin type, use tha
     }
   });
 });
+
+test('Test that we do not create an S3 Access Log bucket for CF logs if one is provided', () => {
+  const stack = new cdk.Stack();
+  const cfS3AccessLogBucket = new s3.Bucket(stack, 'cf-s3-access-logs');
+  new CloudFrontToS3(stack, 'test-cloudfront-s3', {
+    cloudFrontLoggingBucketProps: {
+      serverAccessLogsBucket: cfS3AccessLogBucket
+    }
+  });
+
+  const template = Template.fromStack(stack);
+  template.resourceCountIs("AWS::S3::Bucket", 4);
+
+});

source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.s3lam-existing-s3-bucket.expected.json

@@ -647,7 +647,7 @@
       "Properties": {
         "Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)",
         "Code": {
-          "ZipFile": "import boto3  # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n  response_status = \"SUCCESS\"\n  error_message = \"\"\n  try:\n    props = event[\"ResourceProperties\"]\n    bucket = props[\"BucketName\"]\n    notification_configuration = props[\"NotificationConfiguration\"]\n    request_type = event[\"RequestType\"]\n    managed = props.get('Managed', 'true').lower() == 'true'\n    stack_id = event['StackId']\n\n    if managed:\n      config = handle_managed(request_type, notification_configuration)\n    else:\n      config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n    put_bucket_notification_configuration(bucket, config)\n  except Exception as e:\n    logging.exception(\"Failed to put bucket notification configuration\")\n    response_status = \"FAILED\"\n    error_message = f\"Error: {str(e)}. \"\n  finally:\n    submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n  if request_type == 'Delete':\n    return {}\n  return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n  external_notifications = find_external_notifications(bucket, stack_id)\n\n  if request_type == 'Delete':\n    return external_notifications\n\n  def with_id(notification):\n    notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n    return notification\n\n  notifications = {}\n  for t in CONFIGURATION_TYPES:\n    external = external_notifications.get(t, [])\n    incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n    notifications[t] = external + incoming\n\n  if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n    notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n  elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n    notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n  return notifications\n\ndef find_external_notifications(bucket, stack_id):\n  existing_notifications = get_bucket_notification_configuration(bucket)\n  external_notifications = {}\n  for t in CONFIGURATION_TYPES:\n    external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n  if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n    external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n  return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n  return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n  s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n  response_body = json.dumps(\n    {\n      \"Status\": response_status,\n      \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n      \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n      \"StackId\": event[\"StackId\"],\n      \"RequestId\": event[\"RequestId\"],\n      \"LogicalResourceId\": event[\"LogicalResourceId\"],\n      \"NoEcho\": False,\n    }\n  ).encode(\"utf-8\")\n  headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n  try:\n    req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n    with urllib.request.urlopen(req) as response:\n      print(response.read().decode(\"utf-8\"))\n    print(\"Status code: \" + response.reason)\n  except Exception as e:\n      print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n"
+          "ZipFile": "import boto3  # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n  response_status = \"SUCCESS\"\n  error_message = \"\"\n  try:\n    props = event[\"ResourceProperties\"]\n    notification_configuration = props[\"NotificationConfiguration\"]\n    managed = props.get('Managed', 'true').lower() == 'true'\n    stack_id = event['StackId']\n    old = event.get(\"OldResourceProperties\", {}).get(\"NotificationConfiguration\", {})\n    if managed:\n      config = handle_managed(event[\"RequestType\"], notification_configuration)\n    else:\n      config = handle_unmanaged(props[\"BucketName\"], stack_id, event[\"RequestType\"], notification_configuration, old)\n    s3.put_bucket_notification_configuration(Bucket=props[\"BucketName\"], NotificationConfiguration=config)\n  except Exception as e:\n    logging.exception(\"Failed to put bucket notification configuration\")\n    response_status = \"FAILED\"\n    error_message = f\"Error: {str(e)}. \"\n  finally:\n    submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n  if request_type == 'Delete':\n    return {}\n  return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration, old):\n  def with_id(n):\n    n['Id'] = f\"{stack_id}-{hash(json.dumps(n, sort_keys=True))}\"\n    return n\n\n  external_notifications = {}\n  existing_notifications = s3.get_bucket_notification_configuration(Bucket=bucket)\n  for t in CONFIGURATION_TYPES:\n    if request_type == 'Update':\n        ids = [with_id(n) for n in old.get(t, [])]\n        old_incoming_ids = [n['Id'] for n in ids]\n        external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'] in old_incoming_ids]\n    elif request_type == 'Create':\n        external_notifications[t] = [n for n in existing_notifications.get(t, [])]\n  if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n    external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n  if request_type == 'Delete':\n    return external_notifications\n\n  notifications = {}\n  for t in CONFIGURATION_TYPES:\n    external = external_notifications.get(t, [])\n    incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n    notifications[t] = external + incoming\n\n  if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n    notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n  elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n    notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n  return notifications\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n  response_body = json.dumps(\n    {\n      \"Status\": response_status,\n      \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n      \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n      \"StackId\": event[\"StackId\"],\n      \"RequestId\": event[\"RequestId\"],\n      \"LogicalResourceId\": event[\"LogicalResourceId\"],\n      \"NoEcho\": False,\n    }\n  ).encode(\"utf-8\")\n  headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n  try:\n    req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n    with urllib.request.urlopen(req) as response:\n      print(response.read().decode(\"utf-8\"))\n    print(\"Status code: \" + response.reason)\n  except Exception as e:\n      print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n"
         },
         "Handler": "index.handler",
         "Role": {