From a986491e77677bfc20f7c93c6a354a6b75e0749a Mon Sep 17 00:00:00 2001 From: biffgaut Date: Thu, 29 Feb 2024 11:47:55 -0500 Subject: [PATCH 1/4] Remove Policy modifying code for State Machines --- ...tepfunctions-existing-eventbus.assets.json | 4 +- ...pfunctions-existing-eventbus.template.json | 33 +- .../manifest.json | 2 +- .../tree.json | 33 +- ...dge-stepfunctions-new-eventbus.assets.json | 4 +- ...e-stepfunctions-new-eventbus.template.json | 33 +- .../manifest.json | 2 +- .../tree.json | 33 +- ...idge-stepfunctions-no-argument.assets.json | 4 +- ...ge-stepfunctions-no-argument.template.json | 33 +- .../manifest.json | 2 +- .../tree.json | 33 +- ...idge-stepfunctions-with-lambda.assets.json | 4 +- ...ge-stepfunctions-with-lambda.template.json | 33 +- .../manifest.json | 2 +- .../tree.json | 33 +- .../farstp-new-resources.assets.json | 4 +- .../farstp-new-resources.template.json | 33 +- .../manifest.json | 2 +- .../tree.json | 33 +- .../farstp-no-cloudwatch-alarms.assets.json | 4 +- .../farstp-no-cloudwatch-alarms.template.json | 33 +- .../manifest.json | 2 +- .../tree.json | 33 +- .../lamstp-deploy-lambda.assets.json | 4 +- .../lamstp-deploy-lambda.template.json | 33 +- .../manifest.json | 2 +- .../tree.json | 33 +- .../lamstp-deployFunctionWithVpc.assets.json | 4 +- ...lamstp-deployFunctionWithVpc.template.json | 33 +- .../manifest.json | 2 +- .../tree.json | 33 +- .../lamstp-existing-function.assets.json | 4 +- .../lamstp-existing-function.template.json | 33 +- .../manifest.json | 2 +- .../tree.json | 33 +- .../index.js | 18 + .../cdk.out | 1 + .../integ.json | 12 + ...lamstp-state-machine-defintion.assets.json | 32 + ...mstp-state-machine-defintion.template.json | 715 ++++++++++++ ...efaultTestDeployAssert926FFCBD.assets.json | 19 + ...aultTestDeployAssert926FFCBD.template.json | 36 + .../manifest.json | 203 ++++ .../tree.json | 1022 +++++++++++++++++ .../integ.lamstp-state-machine-defintion.ts | 75 ++ .../manifest.json | 2 +- .../s3stp-customLoggingBucket.assets.json | 4 +- .../s3stp-customLoggingBucket.template.json | 33 +- .../tree.json | 35 +- .../manifest.json | 2 +- .../s3stp-pre-existing-bucket.assets.json | 4 +- .../s3stp-pre-existing-bucket.template.json | 33 +- .../tree.json | 35 +- .../manifest.json | 2 +- ...p-s3-stepfunctions-no-argument.assets.json | 4 +- ...s3-stepfunctions-no-argument.template.json | 33 +- .../tree.json | 35 +- .../core/lib/step-function-helper.ts | 31 +- .../core/test/step-function-helper.test.ts | 173 ++- 60 files changed, 2414 insertions(+), 793 deletions(-) create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/asset.fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93/index.js create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/cdk.out create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/integ.json create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstp-state-machine-defintion.assets.json create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstp-state-machine-defintion.template.json create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.assets.json create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.template.json create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/manifest.json create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/tree.json create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.ts diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-existing-eventbus.assets.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-existing-eventbus.assets.json index 0c8f80109..b8088c18b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-existing-eventbus.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-existing-eventbus.assets.json @@ -14,7 +14,7 @@ } } }, - "05fc1edac52c415d21de480b023de45248585d3e28f56576b766faa03e026538": { + "ad8ab564a1918f4dcd4f380744be433d1ddd07d98528aa35913bc98a4d2a0683": { "source": { "path": "evtstp-eventbridge-stepfunctions-existing-eventbus.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "05fc1edac52c415d21de480b023de45248585d3e28f56576b766faa03e026538.json", + "objectKey": "ad8ab564a1918f4dcd4f380744be433d1ddd07d98528aa35913bc98a4d2a0683.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-existing-eventbus.template.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-existing-eventbus.template.json index bc7506e19..ad1183c12 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-existing-eventbus.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-existing-eventbus.template.json @@ -234,40 +234,15 @@ } ] }, - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -288,7 +263,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/manifest.json index 3f7b59da7..ea23e771e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/05fc1edac52c415d21de480b023de45248585d3e28f56576b766faa03e026538.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ad8ab564a1918f4dcd4f380744be433d1ddd07d98528aa35913bc98a4d2a0683.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/tree.json index 3e2872ea5..7660cfeea 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-existing-eventbus.js.snapshot/tree.json @@ -369,40 +369,15 @@ } ] }, - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -745,7 +720,7 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-eventbridge-stepfunctions.EventbridgeToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "Integ": { diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-new-eventbus.assets.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-new-eventbus.assets.json index 7da2bfe11..60595aadd 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-new-eventbus.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-new-eventbus.assets.json @@ -14,7 +14,7 @@ } } }, - "c0c6a4481a83c0f870bcda3ac5271734a130dea0f47a3ce4a714a30ddcbc93b4": { + "317f1eec8d886232ed0717798a08a6dff5b18b1f4e4c3e718fafce0763125def": { "source": { "path": "evtstp-eventbridge-stepfunctions-new-eventbus.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c0c6a4481a83c0f870bcda3ac5271734a130dea0f47a3ce4a714a30ddcbc93b4.json", + "objectKey": "317f1eec8d886232ed0717798a08a6dff5b18b1f4e4c3e718fafce0763125def.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-new-eventbus.template.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-new-eventbus.template.json index ae2cf202f..061fc9a56 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-new-eventbus.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/evtstp-eventbridge-stepfunctions-new-eventbus.template.json @@ -228,40 +228,15 @@ } ] }, - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -282,7 +257,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/manifest.json index 5676a3ac0..75494e45e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c0c6a4481a83c0f870bcda3ac5271734a130dea0f47a3ce4a714a30ddcbc93b4.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/317f1eec8d886232ed0717798a08a6dff5b18b1f4e4c3e718fafce0763125def.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/tree.json index c31a1bfad..f35f5e9a6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-new-eventbus.js.snapshot/tree.json @@ -345,40 +345,15 @@ } ] }, - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -745,7 +720,7 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-eventbridge-stepfunctions.EventbridgeToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "Integ": { diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/evtstp-eventbridge-stepfunctions-no-argument.assets.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/evtstp-eventbridge-stepfunctions-no-argument.assets.json index dfa2a923c..f858420a6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/evtstp-eventbridge-stepfunctions-no-argument.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/evtstp-eventbridge-stepfunctions-no-argument.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "74c566a36a8a986121cbe9ec6bb4c53b6f80a7bd4748db737199b26d4dc2a25f": { + "855ceec37ff0e29ed678adfaea9f9c7a7f128481581123820dae1d975c0a0fd1": { "source": { "path": "evtstp-eventbridge-stepfunctions-no-argument.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "74c566a36a8a986121cbe9ec6bb4c53b6f80a7bd4748db737199b26d4dc2a25f.json", + "objectKey": "855ceec37ff0e29ed678adfaea9f9c7a7f128481581123820dae1d975c0a0fd1.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/evtstp-eventbridge-stepfunctions-no-argument.template.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/evtstp-eventbridge-stepfunctions-no-argument.template.json index f1d5b93d1..c30bac3e9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/evtstp-eventbridge-stepfunctions-no-argument.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/evtstp-eventbridge-stepfunctions-no-argument.template.json @@ -64,40 +64,15 @@ "Properties": { "PolicyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -118,7 +93,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/manifest.json index c7ce380b4..ea54fa7f5 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/74c566a36a8a986121cbe9ec6bb4c53b6f80a7bd4748db737199b26d4dc2a25f.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/855ceec37ff0e29ed678adfaea9f9c7a7f128481581123820dae1d975c0a0fd1.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/tree.json index a3bbd5499..f16a92326 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-no-argument.js.snapshot/tree.json @@ -117,40 +117,15 @@ "aws:cdk:cloudformation:props": { "policyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -468,7 +443,7 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-eventbridge-stepfunctions.EventbridgeToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "Integ": { diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/evtstp-eventbridge-stepfunctions-with-lambda.assets.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/evtstp-eventbridge-stepfunctions-with-lambda.assets.json index 431429f10..44264bba7 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/evtstp-eventbridge-stepfunctions-with-lambda.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/evtstp-eventbridge-stepfunctions-with-lambda.assets.json @@ -14,7 +14,7 @@ } } }, - "cb442f99a002893cc1e6f48fb8336a0467628c91842ae526fc379f72b51abfbc": { + "f6a91ec79f4b0e904c3972f5610c93ec664d93fbf0a3b2228bf301f53cfbc87a": { "source": { "path": "evtstp-eventbridge-stepfunctions-with-lambda.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "cb442f99a002893cc1e6f48fb8336a0467628c91842ae526fc379f72b51abfbc.json", + "objectKey": "f6a91ec79f4b0e904c3972f5610c93ec664d93fbf0a3b2228bf301f53cfbc87a.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/evtstp-eventbridge-stepfunctions-with-lambda.template.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/evtstp-eventbridge-stepfunctions-with-lambda.template.json index b92c49a60..a3a0f9f06 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/evtstp-eventbridge-stepfunctions-with-lambda.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/evtstp-eventbridge-stepfunctions-with-lambda.template.json @@ -228,40 +228,15 @@ } ] }, - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -282,7 +257,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/manifest.json index d165ae592..f179af01c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/cb442f99a002893cc1e6f48fb8336a0467628c91842ae526fc379f72b51abfbc.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f6a91ec79f4b0e904c3972f5610c93ec664d93fbf0a3b2228bf301f53cfbc87a.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/tree.json index 4af8a38ee..db8af8d15 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/integ.evtstp-eventbridge-stepfunctions-with-lambda.js.snapshot/tree.json @@ -345,40 +345,15 @@ } ] }, - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -714,7 +689,7 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-eventbridge-stepfunctions.EventbridgeToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "Integ": { diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/farstp-new-resources.assets.json b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/farstp-new-resources.assets.json index c707c67fc..e6e284168 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/farstp-new-resources.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/farstp-new-resources.assets.json @@ -15,7 +15,7 @@ } } }, - "79f7e68f42f1a7299b1bce98dff3c3f0b61c7c946ac7a79a099faffea981e911": { + "5ded65a1c92292f081290c068e3e5c081bbc31aa22734527bbb8d47bee93076f": { "source": { "path": "farstp-new-resources.template.json", "packaging": "file" @@ -23,7 +23,7 @@ "destinations": { "current_account-us-east-1": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", - "objectKey": "79f7e68f42f1a7299b1bce98dff3c3f0b61c7c946ac7a79a099faffea981e911.json", + "objectKey": "5ded65a1c92292f081290c068e3e5c081bbc31aa22734527bbb8d47bee93076f.json", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" } diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/farstp-new-resources.template.json b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/farstp-new-resources.template.json index 2db7f9024..5f06a8a7a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/farstp-new-resources.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/farstp-new-resources.template.json @@ -1109,40 +1109,15 @@ "Properties": { "PolicyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -1163,7 +1138,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/manifest.json index 33d9c0072..e110d3e78 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/79f7e68f42f1a7299b1bce98dff3c3f0b61c7c946ac7a79a099faffea981e911.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/5ded65a1c92292f081290c068e3e5c081bbc31aa22734527bbb8d47bee93076f.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/tree.json index aca423515..a0f439497 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-new-resources.js.snapshot/tree.json @@ -1574,40 +1574,15 @@ "aws:cdk:cloudformation:props": { "policyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -1802,7 +1777,7 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-fargate-stepfunctions.FargateToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "farstp-new-resources-STEP_FUNCTIONS-security-group": { diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstp-no-cloudwatch-alarms.assets.json b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstp-no-cloudwatch-alarms.assets.json index 455f7711b..7925a558b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstp-no-cloudwatch-alarms.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstp-no-cloudwatch-alarms.assets.json @@ -15,7 +15,7 @@ } } }, - "ab98c1a38fd4451b6b4b362fbcdc7ce5647a809f7cb96d31674747b6d4d5042a": { + "6f4615ff247f8d8ee280206c5ef92d7489a9008da1f2855156bace6f9ba8bad3": { "source": { "path": "farstp-no-cloudwatch-alarms.template.json", "packaging": "file" @@ -23,7 +23,7 @@ "destinations": { "current_account-us-east-1": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", - "objectKey": "ab98c1a38fd4451b6b4b362fbcdc7ce5647a809f7cb96d31674747b6d4d5042a.json", + "objectKey": "6f4615ff247f8d8ee280206c5ef92d7489a9008da1f2855156bace6f9ba8bad3.json", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" } diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstp-no-cloudwatch-alarms.template.json b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstp-no-cloudwatch-alarms.template.json index 7ea164415..bbad86f96 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstp-no-cloudwatch-alarms.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstp-no-cloudwatch-alarms.template.json @@ -1109,40 +1109,15 @@ "Properties": { "PolicyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -1163,7 +1138,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/manifest.json index b5df26223..0114384ce 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/ab98c1a38fd4451b6b4b362fbcdc7ce5647a809f7cb96d31674747b6d4d5042a.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/6f4615ff247f8d8ee280206c5ef92d7489a9008da1f2855156bace6f9ba8bad3.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/tree.json index 8d7671f4b..656ede4b0 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-stepfunctions/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/tree.json @@ -1574,40 +1574,15 @@ "aws:cdk:cloudformation:props": { "policyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -1685,7 +1660,7 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-fargate-stepfunctions.FargateToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "farstp-no-cloudwatch-alarms-STEP_FUNCTIONS-security-group": { diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/lamstp-deploy-lambda.assets.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/lamstp-deploy-lambda.assets.json index ad627dfae..3606e26ed 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/lamstp-deploy-lambda.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/lamstp-deploy-lambda.assets.json @@ -27,7 +27,7 @@ } } }, - "5a0b4a97ac40ee534cc8dd7e2b2a811b691eb4b8e17da20c4b309ab130204f24": { + "dc5caf4e3a2ae274c1677a76602bff1e02bb2b3dad7599d4e02b7e0d0daf7af7": { "source": { "path": "lamstp-deploy-lambda.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "5a0b4a97ac40ee534cc8dd7e2b2a811b691eb4b8e17da20c4b309ab130204f24.json", + "objectKey": "dc5caf4e3a2ae274c1677a76602bff1e02bb2b3dad7599d4e02b7e0d0daf7af7.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/lamstp-deploy-lambda.template.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/lamstp-deploy-lambda.template.json index ed2eee561..f125aa844 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/lamstp-deploy-lambda.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/lamstp-deploy-lambda.template.json @@ -228,40 +228,15 @@ } ] }, - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -282,7 +257,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/manifest.json index 008c97d6b..7706a71f6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5a0b4a97ac40ee534cc8dd7e2b2a811b691eb4b8e17da20c4b309ab130204f24.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/dc5caf4e3a2ae274c1677a76602bff1e02bb2b3dad7599d4e02b7e0d0daf7af7.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/tree.json index fbc03ad41..41368140c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deploy-lambda.js.snapshot/tree.json @@ -337,40 +337,15 @@ } ] }, - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -786,7 +761,7 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-lambda-stepfunctions.LambdaToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "Integ": { diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/lamstp-deployFunctionWithVpc.assets.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/lamstp-deployFunctionWithVpc.assets.json index 6df3a65a3..1ca9b11f1 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/lamstp-deployFunctionWithVpc.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/lamstp-deployFunctionWithVpc.assets.json @@ -27,7 +27,7 @@ } } }, - "f73cf110ad7b497d19e6dcbd73be5ed6cfd4a971a096c4f3d2159cf93be9d512": { + "d5ebf2f7a47385a850fa06c94f30e8d765a1817a8d83b2ddcfebfb4f94d19fb5": { "source": { "path": "lamstp-deployFunctionWithVpc.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f73cf110ad7b497d19e6dcbd73be5ed6cfd4a971a096c4f3d2159cf93be9d512.json", + "objectKey": "d5ebf2f7a47385a850fa06c94f30e8d765a1817a8d83b2ddcfebfb4f94d19fb5.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/lamstp-deployFunctionWithVpc.template.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/lamstp-deployFunctionWithVpc.template.json index 4294531ea..e6d2151e1 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/lamstp-deployFunctionWithVpc.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/lamstp-deployFunctionWithVpc.template.json @@ -65,40 +65,15 @@ "Properties": { "PolicyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -119,7 +94,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/manifest.json index 623ef5e32..7cc937a6b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f73cf110ad7b497d19e6dcbd73be5ed6cfd4a971a096c4f3d2159cf93be9d512.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d5ebf2f7a47385a850fa06c94f30e8d765a1817a8d83b2ddcfebfb4f94d19fb5.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/tree.json index 22e36c640..c01323478 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-deployFunctionWithVpc.js.snapshot/tree.json @@ -117,40 +117,15 @@ "aws:cdk:cloudformation:props": { "policyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -605,7 +580,7 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-lambda-stepfunctions.LambdaToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "Vpc": { diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/lamstp-existing-function.assets.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/lamstp-existing-function.assets.json index 99222d72e..1559a3959 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/lamstp-existing-function.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/lamstp-existing-function.assets.json @@ -14,7 +14,7 @@ } } }, - "67c4655b8ea05fc8349a806af930d0eba7d8b47f8331dc6ff49ba1ee1ddfced6": { + "ee5cc6011db359a08ee82fa7f2da099539e4296e68228f43d93cf6b09fecb1d9": { "source": { "path": "lamstp-existing-function.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "67c4655b8ea05fc8349a806af930d0eba7d8b47f8331dc6ff49ba1ee1ddfced6.json", + "objectKey": "ee5cc6011db359a08ee82fa7f2da099539e4296e68228f43d93cf6b09fecb1d9.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/lamstp-existing-function.template.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/lamstp-existing-function.template.json index ad491e6ce..ddf7cb7da 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/lamstp-existing-function.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/lamstp-existing-function.template.json @@ -211,40 +211,15 @@ "Properties": { "PolicyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -265,7 +240,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/manifest.json index eddd288de..1a63c5d37 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/67c4655b8ea05fc8349a806af930d0eba7d8b47f8331dc6ff49ba1ee1ddfced6.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ee5cc6011db359a08ee82fa7f2da099539e4296e68228f43d93cf6b09fecb1d9.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/tree.json index 9d2cd280a..9d2a1ee6f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-existing-function.js.snapshot/tree.json @@ -320,40 +320,15 @@ "aws:cdk:cloudformation:props": { "policyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -548,7 +523,7 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-lambda-stepfunctions.LambdaToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "Integ": { diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/asset.fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93/index.js b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/asset.fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93/index.js new file mode 100644 index 000000000..2a786d862 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/asset.fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93/index.js @@ -0,0 +1,18 @@ +const aws = require('aws-sdk'); + +console.log('Loading function'); + +exports.handler = () => { + const params = { + stateMachineArn: process.env.STATE_MACHINE_ARN, + input: JSON.stringify({}) + }; + const stepFunction = new aws.StepFunctions(); + stepFunction.startExecution(params, function (err, data) { + if (err) { + throw Error('An error occurred executing the step function.'); + } else { + console.log('Step function was successfully executed.'); + } + }) +}; \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/cdk.out b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/cdk.out new file mode 100644 index 000000000..1f0068d32 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/integ.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/integ.json new file mode 100644 index 000000000..ee885ff4f --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "lamstp-state-machine-defintion/Integ/DefaultTest": { + "stacks": [ + "lamstp-state-machine-defintion" + ], + "assertionStack": "lamstp-state-machine-defintion/Integ/DefaultTest/DeployAssert", + "assertionStackName": "lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD" + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstp-state-machine-defintion.assets.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstp-state-machine-defintion.assets.json new file mode 100644 index 000000000..9018bebb7 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstp-state-machine-defintion.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.0", + "files": { + "fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93": { + "source": { + "path": "asset.fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "9abc1a527d46abb263a904b246bdc8af0f2efd8615dd28fd6ec36c084ae75019": { + "source": { + "path": "lamstp-state-machine-defintion.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "9abc1a527d46abb263a904b246bdc8af0f2efd8615dd28fd6ec36c084ae75019.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstp-state-machine-defintion.template.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstp-state-machine-defintion.template.json new file mode 100644 index 000000000..b9d9bd287 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstp-state-machine-defintion.template.json @@ -0,0 +1,715 @@ +{ + "Resources": { + "firstfunctionServiceRole0FF7D94B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRolePolicy" + } + ] + } + }, + "firstfunctionServiceRoleDefaultPolicy05FFD222": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTelemetryRecords", + "xray:PutTraceSegments" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "firstfunctionServiceRoleDefaultPolicy05FFD222", + "Roles": [ + { + "Ref": "firstfunctionServiceRole0FF7D94B" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." + } + ] + } + } + }, + "firstfunction297AC5AB": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => { console.log(\"First Function\");}" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "firstfunctionServiceRole0FF7D94B", + "Arn" + ] + }, + "Runtime": "nodejs20.x", + "TracingConfig": { + "Mode": "Active" + } + }, + "DependsOn": [ + "firstfunctionServiceRoleDefaultPolicy05FFD222", + "firstfunctionServiceRole0FF7D94B" + ], + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W58", + "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions." + }, + { + "id": "W89", + "reason": "This is not a rule for the general case, just for specific use cases/industries" + }, + { + "id": "W92", + "reason": "Impossible for us to define the correct concurrency for clients" + } + ] + } + } + }, + "secondfunctionServiceRole5264DF4C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRolePolicy" + } + ] + } + }, + "secondfunctionServiceRoleDefaultPolicy02F27461": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTelemetryRecords", + "xray:PutTraceSegments" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "secondfunctionServiceRoleDefaultPolicy02F27461", + "Roles": [ + { + "Ref": "secondfunctionServiceRole5264DF4C" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." + } + ] + } + } + }, + "secondfunctionB2F1D4DD": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => { console.log(\"Second Function\");}" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "secondfunctionServiceRole5264DF4C", + "Arn" + ] + }, + "Runtime": "nodejs20.x", + "TracingConfig": { + "Mode": "Active" + } + }, + "DependsOn": [ + "secondfunctionServiceRoleDefaultPolicy02F27461", + "secondfunctionServiceRole5264DF4C" + ], + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W58", + "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions." + }, + { + "id": "W89", + "reason": "This is not a rule for the general case, just for specific use cases/industries" + }, + { + "id": "W92", + "reason": "Impossible for us to define the correct concurrency for clients" + } + ] + } + } + }, + "testlambdastepfunctionsconstructStateMachineLogGroup1FD4C0D4": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/vendedlogs/states/constructs/lamstp-state-machine-defintiontest-lambda-stepfunctions-constructStateMachineLog-", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + "/", + { + "Ref": "AWS::StackId" + } + ] + } + ] + } + ] + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W86", + "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely" + }, + { + "id": "W84", + "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)" + } + ] + } + } + }, + "testlambdastepfunctionsconstructStateMachineRoleD2891199": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "testlambdastepfunctionsconstructStateMachineRoleDefaultPolicyE8456E47": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "firstfunction297AC5AB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "secondfunctionB2F1D4DD", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "firstfunction297AC5AB", + "Arn" + ] + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "secondfunctionB2F1D4DD", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + }, + { + "Action": [ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testlambdastepfunctionsconstructStateMachineRoleDefaultPolicyE8456E47", + "Roles": [ + { + "Ref": "testlambdastepfunctionsconstructStateMachineRoleD2891199" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" + } + ] + } + } + }, + "testlambdastepfunctionsconstructStateMachineE1526513": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"task-one\",\"States\":{\"task-one\":{\"Next\":\"task-two\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::lambda:invoke\",\"Parameters\":{\"FunctionName\":\"", + { + "Fn::GetAtt": [ + "firstfunction297AC5AB", + "Arn" + ] + }, + "\",\"Payload.$\":\"$\"}},\"task-two\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::lambda:invoke\",\"Parameters\":{\"FunctionName\":\"", + { + "Fn::GetAtt": [ + "secondfunctionB2F1D4DD", + "Arn" + ] + }, + "\",\"Payload.$\":\"$\"}}}}" + ] + ] + }, + "LoggingConfiguration": { + "Destinations": [ + { + "CloudWatchLogsLogGroup": { + "LogGroupArn": { + "Fn::GetAtt": [ + "testlambdastepfunctionsconstructStateMachineLogGroup1FD4C0D4", + "Arn" + ] + } + } + } + ], + "Level": "ERROR" + }, + "RoleArn": { + "Fn::GetAtt": [ + "testlambdastepfunctionsconstructStateMachineRoleD2891199", + "Arn" + ] + } + }, + "DependsOn": [ + "testlambdastepfunctionsconstructStateMachineRoleDefaultPolicyE8456E47", + "testlambdastepfunctionsconstructStateMachineRoleD2891199" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "testlambdastepfunctionsconstructLambdaFunctionServiceRole2D3C3FD0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRolePolicy" + } + ] + } + }, + "testlambdastepfunctionsconstructLambdaFunctionServiceRoleDefaultPolicyB6E73348": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTelemetryRecords", + "xray:PutTraceSegments" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": { + "Ref": "testlambdastepfunctionsconstructStateMachineE1526513" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testlambdastepfunctionsconstructLambdaFunctionServiceRoleDefaultPolicyB6E73348", + "Roles": [ + { + "Ref": "testlambdastepfunctionsconstructLambdaFunctionServiceRole2D3C3FD0" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." + } + ] + } + } + }, + "testlambdastepfunctionsconstructLambdaFunction561377BC": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93.zip" + }, + "Environment": { + "Variables": { + "STATE_MACHINE_ARN": { + "Ref": "testlambdastepfunctionsconstructStateMachineE1526513" + } + } + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "testlambdastepfunctionsconstructLambdaFunctionServiceRole2D3C3FD0", + "Arn" + ] + }, + "Runtime": "nodejs20.x", + "TracingConfig": { + "Mode": "Active" + } + }, + "DependsOn": [ + "testlambdastepfunctionsconstructLambdaFunctionServiceRoleDefaultPolicyB6E73348", + "testlambdastepfunctionsconstructLambdaFunctionServiceRole2D3C3FD0" + ], + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W58", + "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions." + }, + { + "id": "W89", + "reason": "This is not a rule for the general case, just for specific use cases/industries" + }, + { + "id": "W92", + "reason": "Impossible for us to define the correct concurrency for clients" + } + ] + } + } + }, + "testlambdastepfunctionsconstructExecutionFailedAlarm47C759E2": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "StateMachineArn", + "Value": { + "Ref": "testlambdastepfunctionsconstructStateMachineE1526513" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "ExecutionsFailed", + "Namespace": "AWS/States", + "Period": 300, + "Statistic": "Sum", + "Threshold": 1 + } + }, + "testlambdastepfunctionsconstructExecutionThrottledAlarm23275AB5": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "StateMachineArn", + "Value": { + "Ref": "testlambdastepfunctionsconstructStateMachineE1526513" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "ExecutionThrottled", + "Namespace": "AWS/States", + "Period": 300, + "Statistic": "Sum", + "Threshold": 1 + } + }, + "testlambdastepfunctionsconstructExecutionAbortedAlarm6DBA2A2E": { + "Type": "AWS::CloudWatch::Alarm", + "Properties": { + "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", + "ComparisonOperator": "GreaterThanOrEqualToThreshold", + "Dimensions": [ + { + "Name": "StateMachineArn", + "Value": { + "Ref": "testlambdastepfunctionsconstructStateMachineE1526513" + } + } + ], + "EvaluationPeriods": 1, + "MetricName": "ExecutionsAborted", + "Namespace": "AWS/States", + "Period": 300, + "Statistic": "Maximum", + "Threshold": 1 + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.assets.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.assets.json new file mode 100644 index 000000000..804eea638 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.template.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.template.json new file mode 100644 index 000000000..ad9d0fb73 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/manifest.json new file mode 100644 index 000000000..cddfd7311 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/manifest.json @@ -0,0 +1,203 @@ +{ + "version": "36.0.0", + "artifacts": { + "lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "lamstpstatemachinedefintionIntegDefaultTestDeployAssert926FFCBD.assets" + ], + "metadata": { + "/lamstp-state-machine-defintion/Integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/lamstp-state-machine-defintion/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "lamstp-state-machine-defintion/Integ/DefaultTest/DeployAssert" + }, + "lamstp-state-machine-defintion.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "lamstp-state-machine-defintion.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "lamstp-state-machine-defintion": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "lamstp-state-machine-defintion.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9abc1a527d46abb263a904b246bdc8af0f2efd8615dd28fd6ec36c084ae75019.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "lamstp-state-machine-defintion.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "lamstp-state-machine-defintion.assets" + ], + "metadata": { + "/lamstp-state-machine-defintion/first-functionServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "firstfunctionServiceRole0FF7D94B" + } + ], + "/lamstp-state-machine-defintion/first-functionServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "firstfunctionServiceRoleDefaultPolicy05FFD222" + } + ], + "/lamstp-state-machine-defintion/first-function/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "firstfunction297AC5AB" + } + ], + "/lamstp-state-machine-defintion/second-functionServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "secondfunctionServiceRole5264DF4C" + } + ], + "/lamstp-state-machine-defintion/second-functionServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "secondfunctionServiceRoleDefaultPolicy02F27461" + } + ], + "/lamstp-state-machine-defintion/second-function/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "secondfunctionB2F1D4DD" + } + ], + "/lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachineLogGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testlambdastepfunctionsconstructStateMachineLogGroup1FD4C0D4" + } + ], + "/lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachine/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testlambdastepfunctionsconstructStateMachineRoleD2891199" + } + ], + "/lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachine/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testlambdastepfunctionsconstructStateMachineRoleDefaultPolicyE8456E47" + } + ], + "/lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachine/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testlambdastepfunctionsconstructStateMachineE1526513" + } + ], + "/lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunctionServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testlambdastepfunctionsconstructLambdaFunctionServiceRole2D3C3FD0" + } + ], + "/lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunctionServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testlambdastepfunctionsconstructLambdaFunctionServiceRoleDefaultPolicyB6E73348" + } + ], + "/lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunction/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testlambdastepfunctionsconstructLambdaFunction561377BC" + } + ], + "/lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/ExecutionFailedAlarm/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testlambdastepfunctionsconstructExecutionFailedAlarm47C759E2" + } + ], + "/lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/ExecutionThrottledAlarm/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testlambdastepfunctionsconstructExecutionThrottledAlarm23275AB5" + } + ], + "/lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/ExecutionAbortedAlarm/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testlambdastepfunctionsconstructExecutionAbortedAlarm6DBA2A2E" + } + ], + "/lamstp-state-machine-defintion/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/lamstp-state-machine-defintion/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "lamstp-state-machine-defintion" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/tree.json new file mode 100644 index 000000000..a85fe21c7 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.js.snapshot/tree.json @@ -0,0 +1,1022 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "lamstp-state-machine-defintion": { + "id": "lamstp-state-machine-defintion", + "path": "lamstp-state-machine-defintion", + "children": { + "first-functionServiceRole": { + "id": "first-functionServiceRole", + "path": "lamstp-state-machine-defintion/first-functionServiceRole", + "children": { + "Importfirst-functionServiceRole": { + "id": "Importfirst-functionServiceRole", + "path": "lamstp-state-machine-defintion/first-functionServiceRole/Importfirst-functionServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.127.0" + } + }, + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/first-functionServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "policies": [ + { + "policyName": "LambdaFunctionServiceRolePolicy", + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + } + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.127.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "lamstp-state-machine-defintion/first-functionServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/first-functionServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTelemetryRecords", + "xray:PutTraceSegments" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "firstfunctionServiceRoleDefaultPolicy05FFD222", + "roles": [ + { + "Ref": "firstfunctionServiceRole0FF7D94B" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.127.0" + } + }, + "first-function": { + "id": "first-function", + "path": "lamstp-state-machine-defintion/first-function", + "children": { + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/first-function/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "exports.handler = async (event) => { console.log(\"First Function\");}" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "firstfunctionServiceRole0FF7D94B", + "Arn" + ] + }, + "runtime": "nodejs20.x", + "tracingConfig": { + "mode": "Active" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.127.0" + } + }, + "task-one": { + "id": "task-one", + "path": "lamstp-state-machine-defintion/task-one", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.127.0" + } + }, + "second-functionServiceRole": { + "id": "second-functionServiceRole", + "path": "lamstp-state-machine-defintion/second-functionServiceRole", + "children": { + "Importsecond-functionServiceRole": { + "id": "Importsecond-functionServiceRole", + "path": "lamstp-state-machine-defintion/second-functionServiceRole/Importsecond-functionServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.127.0" + } + }, + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/second-functionServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "policies": [ + { + "policyName": "LambdaFunctionServiceRolePolicy", + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + } + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.127.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "lamstp-state-machine-defintion/second-functionServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/second-functionServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTelemetryRecords", + "xray:PutTraceSegments" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "secondfunctionServiceRoleDefaultPolicy02F27461", + "roles": [ + { + "Ref": "secondfunctionServiceRole5264DF4C" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.127.0" + } + }, + "second-function": { + "id": "second-function", + "path": "lamstp-state-machine-defintion/second-function", + "children": { + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/second-function/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "exports.handler = async (event) => { console.log(\"Second Function\");}" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "secondfunctionServiceRole5264DF4C", + "Arn" + ] + }, + "runtime": "nodejs20.x", + "tracingConfig": { + "mode": "Active" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.127.0" + } + }, + "task-two": { + "id": "task-two", + "path": "lamstp-state-machine-defintion/task-two", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.127.0" + } + }, + "test-lambda-stepfunctions-construct": { + "id": "test-lambda-stepfunctions-construct", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct", + "children": { + "StateMachineLogGroup": { + "id": "StateMachineLogGroup", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachineLogGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachineLogGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "logGroupName": { + "Fn::Join": [ + "", + [ + "/aws/vendedlogs/states/constructs/lamstp-state-machine-defintiontest-lambda-stepfunctions-constructStateMachineLog-", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + "/", + { + "Ref": "AWS::StackId" + } + ] + } + ] + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "2.127.0" + } + }, + "StateMachine": { + "id": "StateMachine", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachine", + "children": { + "Role": { + "id": "Role", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachine/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachine/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.127.0" + } + }, + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachine/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.127.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachine/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachine/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "firstfunction297AC5AB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "secondfunctionB2F1D4DD", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "firstfunction297AC5AB", + "Arn" + ] + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "secondfunctionB2F1D4DD", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + }, + { + "Action": [ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "testlambdastepfunctionsconstructStateMachineRoleDefaultPolicyE8456E47", + "roles": [ + { + "Ref": "testlambdastepfunctionsconstructStateMachineRoleD2891199" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.127.0" + } + }, + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/StateMachine/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::StepFunctions::StateMachine", + "aws:cdk:cloudformation:props": { + "definitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"task-one\",\"States\":{\"task-one\":{\"Next\":\"task-two\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::lambda:invoke\",\"Parameters\":{\"FunctionName\":\"", + { + "Fn::GetAtt": [ + "firstfunction297AC5AB", + "Arn" + ] + }, + "\",\"Payload.$\":\"$\"}},\"task-two\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::lambda:invoke\",\"Parameters\":{\"FunctionName\":\"", + { + "Fn::GetAtt": [ + "secondfunctionB2F1D4DD", + "Arn" + ] + }, + "\",\"Payload.$\":\"$\"}}}}" + ] + ] + }, + "loggingConfiguration": { + "destinations": [ + { + "cloudWatchLogsLogGroup": { + "logGroupArn": { + "Fn::GetAtt": [ + "testlambdastepfunctionsconstructStateMachineLogGroup1FD4C0D4", + "Arn" + ] + } + } + } + ], + "level": "ERROR" + }, + "roleArn": { + "Fn::GetAtt": [ + "testlambdastepfunctionsconstructStateMachineRoleD2891199", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.CfnStateMachine", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.StateMachine", + "version": "2.127.0" + } + }, + "LambdaFunctionServiceRole": { + "id": "LambdaFunctionServiceRole", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunctionServiceRole", + "children": { + "ImportLambdaFunctionServiceRole": { + "id": "ImportLambdaFunctionServiceRole", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.127.0" + } + }, + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunctionServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "policies": [ + { + "policyName": "LambdaFunctionServiceRolePolicy", + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + } + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.127.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunctionServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunctionServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTelemetryRecords", + "xray:PutTraceSegments" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": { + "Ref": "testlambdastepfunctionsconstructStateMachineE1526513" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "testlambdastepfunctionsconstructLambdaFunctionServiceRoleDefaultPolicyB6E73348", + "roles": [ + { + "Ref": "testlambdastepfunctionsconstructLambdaFunctionServiceRole2D3C3FD0" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.127.0" + } + }, + "LambdaFunction": { + "id": "LambdaFunction", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunction", + "children": { + "Code": { + "id": "Code", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunction/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunction/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.127.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunction/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.127.0" + } + }, + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/LambdaFunction/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93.zip" + }, + "environment": { + "variables": { + "STATE_MACHINE_ARN": { + "Ref": "testlambdastepfunctionsconstructStateMachineE1526513" + } + } + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "testlambdastepfunctionsconstructLambdaFunctionServiceRole2D3C3FD0", + "Arn" + ] + }, + "runtime": "nodejs20.x", + "tracingConfig": { + "mode": "Active" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.127.0" + } + }, + "ExecutionFailedAlarm": { + "id": "ExecutionFailedAlarm", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/ExecutionFailedAlarm", + "children": { + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/ExecutionFailedAlarm/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "alarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "StateMachineArn", + "value": { + "Ref": "testlambdastepfunctionsconstructStateMachineE1526513" + } + } + ], + "evaluationPeriods": 1, + "metricName": "ExecutionsFailed", + "namespace": "AWS/States", + "period": 300, + "statistic": "Sum", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "2.127.0" + } + }, + "ExecutionThrottledAlarm": { + "id": "ExecutionThrottledAlarm", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/ExecutionThrottledAlarm", + "children": { + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/ExecutionThrottledAlarm/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "alarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "StateMachineArn", + "value": { + "Ref": "testlambdastepfunctionsconstructStateMachineE1526513" + } + } + ], + "evaluationPeriods": 1, + "metricName": "ExecutionThrottled", + "namespace": "AWS/States", + "period": 300, + "statistic": "Sum", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "2.127.0" + } + }, + "ExecutionAbortedAlarm": { + "id": "ExecutionAbortedAlarm", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/ExecutionAbortedAlarm", + "children": { + "Resource": { + "id": "Resource", + "path": "lamstp-state-machine-defintion/test-lambda-stepfunctions-construct/ExecutionAbortedAlarm/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Alarm", + "aws:cdk:cloudformation:props": { + "alarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", + "comparisonOperator": "GreaterThanOrEqualToThreshold", + "dimensions": [ + { + "name": "StateMachineArn", + "value": { + "Ref": "testlambdastepfunctionsconstructStateMachineE1526513" + } + } + ], + "evaluationPeriods": 1, + "metricName": "ExecutionsAborted", + "namespace": "AWS/States", + "period": 300, + "statistic": "Maximum", + "threshold": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-solutions-constructs/aws-lambda-stepfunctions.LambdaToStepfunctions", + "version": "2.53.0" + } + }, + "Integ": { + "id": "Integ", + "path": "lamstp-state-machine-defintion/Integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "lamstp-state-machine-defintion/Integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "lamstp-state-machine-defintion/Integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "lamstp-state-machine-defintion/Integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "lamstp-state-machine-defintion/Integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "2.127.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "lamstp-state-machine-defintion/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "2.127.0-alpha.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "2.127.0-alpha.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "lamstp-state-machine-defintion/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "2.127.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "lamstp-state-machine-defintion/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "2.127.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "2.127.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "2.127.0" + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.ts new file mode 100644 index 000000000..5bce46018 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/integ.lamstp-state-machine-defintion.ts @@ -0,0 +1,75 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +/// !cdk-integ * +import { App, Stack, RemovalPolicy } from "aws-cdk-lib"; +import { LambdaToStepfunctions, LambdaToStepfunctionsProps } from "../lib"; +import * as lambda from 'aws-cdk-lib/aws-lambda'; +import * as sftasks from 'aws-cdk-lib/aws-stepfunctions-tasks'; +import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; +import { generateIntegStackName, deployLambdaFunction } from '@aws-solutions-constructs/core'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +// Setup the app and stack +const app = new App(); +const stack = new Stack(app, generateIntegStackName(__filename)); + +const functionOne = deployLambdaFunction(stack, { + runtime: lambda.Runtime.NODEJS_20_X, + handler: 'index.handler', + code: lambda.Code.fromInline(`exports.handler = async (event) => { console.log("First Function");}`) +}, +'first-function'); + +const taskOne = new sftasks.LambdaInvoke(stack, 'task-one', { + lambdaFunction: functionOne, +}); + +const functionTwo = deployLambdaFunction(stack, { + runtime: lambda.Runtime.NODEJS_20_X, + handler: 'index.handler', + code: lambda.Code.fromInline(`exports.handler = async (event) => { console.log("Second Function");}`) +}, +'second-function'); + +const taskTwo = new sftasks.LambdaInvoke(stack, 'task-two', { + lambdaFunction: functionTwo, +}); + +// // Launch the construct +const startState = sfn.DefinitionBody.fromChainable(taskOne.next(taskTwo)); + +// Setup the pattern props +const props: LambdaToStepfunctionsProps = { + lambdaFunctionProps: { + runtime: lambda.Runtime.NODEJS_20_X, + handler: 'index.handler', + code: lambda.Code.fromAsset(`${__dirname}/lambda`) + }, + stateMachineProps: { + definitionBody: startState + }, + logGroupProps: { + removalPolicy: RemovalPolicy.DESTROY, + } +}; + +// Add the pattern +new LambdaToStepfunctions(stack, 'test-lambda-stepfunctions-construct', props); + +// Synth the app +new IntegTest(stack, 'Integ', { + testCases: [ + stack + ] +}); diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/manifest.json index 09fbc4c68..0e9e890b4 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7bbe6eb1b53060cede977b4f562244858912596b2f9f7fbafcbf4113c5f9816c.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/73c246934004d961f7231ff53e04d946d205d454389b98eaa9dc8d1289afdcb0.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/s3stp-customLoggingBucket.assets.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/s3stp-customLoggingBucket.assets.json index ab5140778..78b4e86fb 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/s3stp-customLoggingBucket.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/s3stp-customLoggingBucket.assets.json @@ -14,7 +14,7 @@ } } }, - "7bbe6eb1b53060cede977b4f562244858912596b2f9f7fbafcbf4113c5f9816c": { + "73c246934004d961f7231ff53e04d946d205d454389b98eaa9dc8d1289afdcb0": { "source": { "path": "s3stp-customLoggingBucket.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "7bbe6eb1b53060cede977b4f562244858912596b2f9f7fbafcbf4113c5f9816c.json", + "objectKey": "73c246934004d961f7231ff53e04d946d205d454389b98eaa9dc8d1289afdcb0.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/s3stp-customLoggingBucket.template.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/s3stp-customLoggingBucket.template.json index e27b65f27..2935a37c3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/s3stp-customLoggingBucket.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/s3stp-customLoggingBucket.template.json @@ -431,40 +431,15 @@ "Properties": { "PolicyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -485,7 +460,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/tree.json index 522bbad6e..0caed9d6b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-customLoggingBucket.js.snapshot/tree.json @@ -544,40 +544,15 @@ "aws:cdk:cloudformation:props": { "policyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -911,13 +886,13 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-eventbridge-stepfunctions.EventbridgeToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } } }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-s3-stepfunctions.S3ToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "Custom::S3AutoDeleteObjectsCustomResourceProvider": { diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/manifest.json index 8ad1336a0..4cb500fdf 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3b3b1f35263dc91b13ee5f6e4c7814483f94c66e2b1e70c9d4c938e6c429dc4b.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/4a1aaa39260416c6e678519d1496aa1ccc10529589050bd8e639c583be016b11.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/s3stp-pre-existing-bucket.assets.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/s3stp-pre-existing-bucket.assets.json index dddf6bb5d..39fd4d5a1 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/s3stp-pre-existing-bucket.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/s3stp-pre-existing-bucket.assets.json @@ -14,7 +14,7 @@ } } }, - "3b3b1f35263dc91b13ee5f6e4c7814483f94c66e2b1e70c9d4c938e6c429dc4b": { + "4a1aaa39260416c6e678519d1496aa1ccc10529589050bd8e639c583be016b11": { "source": { "path": "s3stp-pre-existing-bucket.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3b3b1f35263dc91b13ee5f6e4c7814483f94c66e2b1e70c9d4c938e6c429dc4b.json", + "objectKey": "4a1aaa39260416c6e678519d1496aa1ccc10529589050bd8e639c583be016b11.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/s3stp-pre-existing-bucket.template.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/s3stp-pre-existing-bucket.template.json index 466d1a16b..4f6a1b1c7 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/s3stp-pre-existing-bucket.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/s3stp-pre-existing-bucket.template.json @@ -571,40 +571,15 @@ "Properties": { "PolicyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -625,7 +600,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/tree.json index 438612108..54b2ce766 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-pre-existing-bucket.js.snapshot/tree.json @@ -654,40 +654,15 @@ "aws:cdk:cloudformation:props": { "policyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -1021,13 +996,13 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-eventbridge-stepfunctions.EventbridgeToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } } }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-s3-stepfunctions.S3ToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "Integ": { diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/manifest.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/manifest.json index f283604fd..6acf43731 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/manifest.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/manifest.json @@ -66,7 +66,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0e2cf5494f34ef06909ced76e0a098d3a51a3bab1d020f973a3c4da6411423c6.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e0312b9e4e4b4cc127390f4495b65d8dc75df560cb812620a2a707fefb0510a7.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/s3stp-s3-stepfunctions-no-argument.assets.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/s3stp-s3-stepfunctions-no-argument.assets.json index 1ea8499bc..c6d9614bc 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/s3stp-s3-stepfunctions-no-argument.assets.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/s3stp-s3-stepfunctions-no-argument.assets.json @@ -14,7 +14,7 @@ } } }, - "0e2cf5494f34ef06909ced76e0a098d3a51a3bab1d020f973a3c4da6411423c6": { + "e0312b9e4e4b4cc127390f4495b65d8dc75df560cb812620a2a707fefb0510a7": { "source": { "path": "s3stp-s3-stepfunctions-no-argument.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "0e2cf5494f34ef06909ced76e0a098d3a51a3bab1d020f973a3c4da6411423c6.json", + "objectKey": "e0312b9e4e4b4cc127390f4495b65d8dc75df560cb812620a2a707fefb0510a7.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/s3stp-s3-stepfunctions-no-argument.template.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/s3stp-s3-stepfunctions-no-argument.template.json index 526077fa8..35a90bbc1 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/s3stp-s3-stepfunctions-no-argument.template.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/s3stp-s3-stepfunctions-no-argument.template.json @@ -428,40 +428,15 @@ "Properties": { "PolicyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -482,7 +457,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations" + "reason": "These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code" } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/tree.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/tree.json index a15504a1e..60feb958e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/tree.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3stp-s3-stepfunctions-no-argument.js.snapshot/tree.json @@ -531,40 +531,15 @@ "aws:cdk:cloudformation:props": { "policyDocument": { "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":*" - ] - ] - } - }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", + "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect": "Allow", @@ -898,13 +873,13 @@ }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-eventbridge-stepfunctions.EventbridgeToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } } }, "constructInfo": { "fqn": "@aws-solutions-constructs/aws-s3-stepfunctions.S3ToStepfunctions", - "version": "2.52.1" + "version": "2.53.0" } }, "Custom::S3AutoDeleteObjectsCustomResourceProvider": { diff --git a/source/patterns/@aws-solutions-constructs/core/lib/step-function-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/step-function-helper.ts index 6b587af8e..ddb9018e9 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/step-function-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/step-function-helper.ts @@ -88,40 +88,11 @@ export function buildStateMachine(scope: Construct, stateMachineProps: sfn.State if (!stateMachineProps.role) { const role = newStateMachine.node.findChild('Role') as iam.Role; const cfnDefaultPolicy = role.node.findChild('DefaultPolicy').node.defaultChild as any; - const jsonPolicyDocument = cfnDefaultPolicy.policyDocument.toJSON(); - - jsonPolicyDocument.Statement = - jsonPolicyDocument.Statement.filter((statement: any) => !Array.isArray(statement.Action) || !statement.Action[0].startsWith("logs:") ); - - jsonPolicyDocument.Statement.push({ - Action: [ - 'logs:PutResourcePolicy', - 'logs:DescribeResourcePolicies', - 'logs:DescribeLogGroups' - ], - Effect: "Allow", - Resource: [`arn:${cdk.Aws.PARTITION}:logs:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:*`] - }); - - jsonPolicyDocument.Statement.push({ - Action: [ - "logs:CreateLogDelivery", - 'logs:GetLogDelivery', - 'logs:UpdateLogDelivery', - 'logs:DeleteLogDelivery', - 'logs:ListLogDeliveries' - ], - Effect: "Allow", - Resource: "*" - }); - - cfnDefaultPolicy.policyDocument = iam.PolicyDocument.fromJson(jsonPolicyDocument); - // Override Cfn Nag warning W12: IAM policy should not allow * resource addCfnSuppressRules(cfnDefaultPolicy, [ { id: 'W12', - reason: `The 'LogDelivery' actions do not support resource-level authorizations` + reason: `These are CDK defaults. The 'LogDelivery' actions do not support resource-level authorizations. Any logging is done by State Machine code` } ]); } diff --git a/source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts index 4140caa7a..b7ed5d38e 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts @@ -15,14 +15,17 @@ import { Stack, Aws } from "aws-cdk-lib"; import * as defaults from '../'; import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; +import * as sfnTasks from 'aws-cdk-lib/aws-stepfunctions-tasks'; import { buildLogGroup } from '../lib/cloudwatch-log-group-helper'; import * as iam from 'aws-cdk-lib/aws-iam'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; import { Template } from 'aws-cdk-lib/assertions'; test('Test deployment w/ custom properties', () => { // Stack const stack = new Stack(); - // Step function definition + // State Machine definition const startState = new sfn.Pass(stack, 'StartState'); // Build state machine const buildStateMachineResponse = defaults.buildStateMachine(stack, { @@ -42,7 +45,7 @@ test('Test deployment w/ custom properties', () => { test('Test deployment w/ logging enabled', () => { // Stack const stack = new Stack(); - // Step function definition + // State Machine definition const startState = new sfn.Pass(stack, 'StartState'); // Log group // const logGroup = new LogGroup(stack, 'myLogGroup', defaults.buildLogGroup(stack)); @@ -82,7 +85,7 @@ test('Test deployment w/ logging enabled', () => { test('Check default Cloudwatch permissions', () => { // Stack const stack = new Stack(); - // Step function definition + // State Machine definition const startState = new sfn.Pass(stack, 'StartState'); // Build state machine const buildStateMachineResponse = defaults.buildStateMachine(stack, { @@ -90,36 +93,77 @@ test('Check default Cloudwatch permissions', () => { }); // Assertion expect(buildStateMachineResponse.stateMachine).toBeDefined(); - Template.fromStack(stack).hasResourceProperties("AWS::IAM::Policy", { + const template = Template.fromStack(stack); + template.hasResourceProperties("AWS::IAM::Policy", { PolicyDocument: { Statement: [ { Action: [ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups" ], Effect: "Allow", - Resource: { - "Fn::Join": [ - "", - [ - "arn:", - { - Ref: "AWS::Partition" - }, - ":logs:", - { - Ref: "AWS::Region" - }, - ":", - { - Ref: "AWS::AccountId" - }, - ":*" - ] - ] - } + Resource: "*" + } + ], + Version: "2012-10-17" + } + }); +}); + +test('Check State Machine IAM Policy with 2 Lambda fuctions in State Machine Definition', () => { + // Stack + const stack = new Stack(); + // State Machine definition + const taskOne = new sfnTasks.LambdaInvoke(stack, 'task-one', { + lambdaFunction: new lambda.Function(stack, 'first-function', { + runtime: lambda.Runtime.NODEJS_20_X, + handler: 'index.handler', + code: lambda.Code.fromInline(`exports.handler = async (event) => {return;}`) + }), + }); + + const taskTwo = new sfnTasks.LambdaInvoke(stack, 'task-two', { + lambdaFunction: new lambda.Function(stack, 'second-function', { + runtime: lambda.Runtime.NODEJS_20_X, + handler: 'index.handler', + code: lambda.Code.fromInline(`exports.handler = async (event) => {return;}`) + }), + }); + + // // Launch the construct + const startState = sfn.DefinitionBody.fromChainable(taskOne.next(taskTwo)); + // Build state machine + const buildStateMachineResponse = defaults.buildStateMachine(stack, { + definitionBody: startState + }); + // Assertion + expect(buildStateMachineResponse.stateMachine).toBeDefined(); + const template = Template.fromStack(stack); + template.hasResourceProperties("AWS::IAM::Policy", { + PolicyDocument: { + Statement: [ + { + Action: "lambda:InvokeFunction", + Effect: "Allow", + Resource: [ + {}, + {} + ] + }, + { + Action: "lambda:InvokeFunction", + Effect: "Allow", + Resource: [ + {}, + {} + ] }, { Action: [ @@ -127,7 +171,10 @@ test('Check default Cloudwatch permissions', () => { "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", - "logs:ListLogDeliveries" + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups" ], Effect: "Allow", Resource: "*" @@ -138,10 +185,80 @@ test('Check default Cloudwatch permissions', () => { }); }); +test('Check State Machine IAM Policy with S3 API call in State Machine Definition', () => { + // Stack + const stack = new Stack(); + const sourceBucket = new s3.Bucket(stack, 'SourceBucket', { + eventBridgeEnabled: true, + }); + const destinationBucket = new s3.Bucket(stack, 'DestinationBucket', {}); + + // State Machine definition + const stateMachineDefinition = new sfnTasks.CallAwsService(stack, 'Copy S3 object', { + service: 's3', + action: 'copyObject', + iamResources: [ + sourceBucket.bucketArn, + destinationBucket.bucketArn, + ], + parameters: { + CopySource: sfn.JsonPath.format( + '{}/{}', + sfn.JsonPath.stringAt('$.sourceBucketName'), + sfn.JsonPath.stringAt('$.sourceObjectKey') + ), + Bucket: destinationBucket.bucketName, + Key: sfn.JsonPath.format( + '{}/{}', + sfn.JsonPath.stringAt('$.destinationFolder'), + sfn.JsonPath.stringAt('$.sourceObjectKey') + ), + }, + resultPath: sfn.JsonPath.DISCARD, + }); + + // Build state machine + const buildStateMachineResponse = defaults.buildStateMachine(stack, { + definitionBody: sfn.DefinitionBody.fromChainable(stateMachineDefinition) + }); + // Assertion + expect(buildStateMachineResponse.stateMachine).toBeDefined(); + const template = Template.fromStack(stack); + template.hasResourceProperties("AWS::IAM::Policy", { + PolicyDocument: { + Statement: [ + { + Action: "s3:copyObject", + Effect: "Allow", + Resource: [ + {}, // Placeholders for source and destination buckets with stack ID specific names + {} + ], + }, + { + Action: [ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups" + ], + Effect: "Allow", + Resource: "*" + }, + ], + Version: "2012-10-17" + } + }); +}); + test('Count State Machine CW Alarms', () => { // Stack const stack = new Stack(); - // Step function definition + // State Machine definition const startState = new sfn.Pass(stack, 'StartState'); // Build state machine const buildStateMachineResponse = defaults.buildStateMachine(stack, { @@ -158,7 +275,7 @@ test('Test deployment with custom role', () => { // Stack const stack = new Stack(); - // Step function definition + // State Machine definition const startState = new sfn.Pass(stack, 'StartState'); const customRole = new iam.Role(stack, 'custom-role', { @@ -193,7 +310,7 @@ test('Test deployment with custom role', () => { test('Confirm format of name', () => { // Stack const stack = new Stack(undefined, 'teststack'); - // Step function definition + // State Machine definition const startState = new sfn.Pass(stack, 'StartState'); // Build state machine const buildStateMachineResponse = defaults.buildStateMachine(stack, { From bf318b5d69f46149a11b9c6c933d0f21f539de83 Mon Sep 17 00:00:00 2001 From: AWS Solutions Constructs Automation Date: Thu, 29 Feb 2024 18:01:30 +0000 Subject: [PATCH 2/4] chore(release): 2.54.0 --- CHANGELOG.md | 2 ++ source/lerna.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f0cd19d21..95949de0f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.54.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.53.0...v2.54.0) (2024-02-29) + ## [2.53.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.52.1...v2.53.0) (2024-02-22) Built on CDK v2.127.0 diff --git a/source/lerna.json b/source/lerna.json index 621046c2b..e7ac31570 100644 --- a/source/lerna.json +++ b/source/lerna.json @@ -6,5 +6,5 @@ "./patterns/@aws-solutions-constructs/*" ], "rejectCycles": "true", - "version": "2.53.0" + "version": "2.54.0" } From fb283a6a814c3b2bf774a5ac2dde037678a2d0dd Mon Sep 17 00:00:00 2001 From: biffgaut Date: Thu, 29 Feb 2024 13:05:59 -0500 Subject: [PATCH 3/4] chore(changelog): Updated CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95949de0f..42c4fc6eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. See [standa ## [2.54.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.53.0...v2.54.0) (2024-02-29) +Built on CDK v2.130.0 + +### Bug Fixes + +* **step-functions** no longer attempt to modify cloudwatch logs permissions for state machines ([#1090](https://github.com/awslabs/aws-solutions-constructs/pull/1090)) + ## [2.53.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.52.1...v2.53.0) (2024-02-22) Built on CDK v2.127.0 From 57587f7ac711fc192e9ed24c693b14d43b901df1 Mon Sep 17 00:00:00 2001 From: biffgaut Date: Thu, 29 Feb 2024 13:06:05 -0500 Subject: [PATCH 4/4] chore(version): Upgraded CDK --- deployment/v2/align-version.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/v2/align-version.js b/deployment/v2/align-version.js index 01a4ab1a3..51889317c 100755 --- a/deployment/v2/align-version.js +++ b/deployment/v2/align-version.js @@ -10,7 +10,7 @@ const nullVersionMarker = process.argv[2]; const targetSolutionsConstructsVersion = process.argv[3]; // these versions need to be sourced from a config file -const awsCdkLibVersion = '2.127.0'; +const awsCdkLibVersion = '2.130.0'; for (const file of process.argv.splice(4)) { const pkg = JSON.parse(fs.readFileSync(file).toString());