mbeacom
commented
1 year ago For some reason, there is an explicit pin on 2.84.0 -- not certain if this is intentional, but unless it's changed this will likely continue to be the case.
Closed fiserv-plat-eng closed 1 year ago
mbeacom
commented
1 year ago For some reason, there is an explicit pin on 2.84.0 -- not certain if this is intentional, but unless it's changed this will likely continue to be the case.
fiserv-plat-eng
commented
1 year ago @mbeacom is a little more complex of a change than that.
Following line needs to update:
then run yarn projen to update .projen/deps.json, package.json and yarn.lock.
Running npx projen build will still fail as there are snapshots that need to be updated based on what changes in the latest CDK ie: test/api-canary.integ.snapshot, test/application-load-balanced-codedeployed-fargate-service.integ.snapshot etc..
.projen/deps.json | 10 ++--
.projenrc.ts | 2 +-
package.json | 8 +--
test/api-canary.integ.snapshot/TestStack.assets.json | 6 +--
test/api-canary.integ.snapshot/TestStack.template.json | 14 ++---
test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-service-NagReport.csv | 6 +--
test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/cdk-ecs-codedeploy-service.assets.json | 12 ++---
test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/cdk-ecs-codedeploy-service.template.json | 228 +++++++++++++++++++++++++++++++++++++++----------------------------------------
test/ecs-deployment-hooks.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-ecs-deployment-NagReport.csv | 6 +--
test/ecs-deployment-hooks.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.assets.json | 12 ++---
test/ecs-deployment-hooks.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.template.json | 230 ++++++++++++++++++++++++++++++++++++++++----------------------------------------
test/ecs-deployment.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-ecs-deployment-NagReport.csv | 6 +--
test/ecs-deployment.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.assets.json | 12 ++---
test/ecs-deployment.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.template.json | 228 +++++++++++++++++++++++++++++++++++++++----------------------------------------
yarn.lock | 36 ++++++-------
15 files changed, 408 insertions(+), 408 deletions(-)Full diff
diff --git a/.projen/deps.json b/.projen/deps.json
index 3b00338..6aced4c 100644
--- a/.projen/deps.json
+++ b/.projen/deps.json
@@ -2,12 +2,12 @@
"dependencies": [
{
"name": "@aws-cdk/aws-synthetics-alpha",
- "version": "2.84.0-alpha.0",
+ "version": "2.92.0-alpha.0",
"type": "build"
},
{
"name": "@aws-cdk/integ-tests-alpha",
- "version": "^2.84.0-alpha.0",
+ "version": "^2.92.0-alpha.0",
"type": "build"
},
{
@@ -40,7 +40,7 @@
},
{
"name": "aws-cdk-lib",
- "version": "2.84.0",
+ "version": "2.92.0",
"type": "build"
},
{
@@ -182,12 +182,12 @@
},
{
"name": "@aws-cdk/aws-synthetics-alpha",
- "version": "^2.84.0-alpha.0",
+ "version": "^2.92.0-alpha.0",
"type": "peer"
},
{
"name": "aws-cdk-lib",
- "version": "^2.84.0",
+ "version": "^2.92.0",
"type": "peer"
},
{
diff --git a/.projenrc.ts b/.projenrc.ts
index 14d6b6a..0f3fe41 100644
--- a/.projenrc.ts
+++ b/.projenrc.ts
@@ -23,7 +23,7 @@ export class WorkflowDotNetVersionPatch {
);
}
}
-const cdkVersion = '2.84.0';
+const cdkVersion = '2.92.0';
const project = new CdklabsConstructLibrary({
setNodeEngineVersion: false,
private: false,
diff --git a/package.json b/package.json
index 9fe8e59..10a1de8 100644
--- a/package.json
+++ b/package.json
@@ -70,7 +70,7 @@
"organization": true
},
"devDependencies": {
- "@aws-cdk/aws-synthetics-alpha": "2.84.0-alpha.0",
+ "@aws-cdk/aws-synthetics-alpha": "2.92.0-alpha.0",
"@aws-cdk/integ-runner": "latest",
"@aws-cdk/integ-tests-alpha": "latest",
"@types/aws-lambda": "^8.10.119",
@@ -80,7 +80,7 @@
"@typescript-eslint/eslint-plugin": "^5",
"@typescript-eslint/parser": "^5",
"aws-cdk": "^2",
- "aws-cdk-lib": "2.84.0",
+ "aws-cdk-lib": "2.92.0",
"aws-sdk-client-mock": "^3.0.0",
"aws-sdk-client-mock-jest": "^3.0.0",
"cdk-nag": "^2.27.104",
@@ -107,8 +107,8 @@
"typescript": "^4.9.5"
},
"peerDependencies": {
- "@aws-cdk/aws-synthetics-alpha": "^2.84.0-alpha.0",
- "aws-cdk-lib": "^2.84.0",
+ "@aws-cdk/aws-synthetics-alpha": "^2.92.0-alpha.0",
+ "aws-cdk-lib": "^2.92.0",
"constructs": "^10.0.5"
},
"dependencies": {
diff --git a/test/api-canary.integ.snapshot/TestStack.assets.json b/test/api-canary.integ.snapshot/TestStack.assets.json
index cefa9a1..fb96350 100644
--- a/test/api-canary.integ.snapshot/TestStack.assets.json
+++ b/test/api-canary.integ.snapshot/TestStack.assets.json
@@ -1,5 +1,5 @@
{
- "version": "32.0.0",
+ "version": "33.0.0",
"files": {
"93db9dcabf8af9cc80ac1a58b535f16939207937839bf12b4db178e54a4bb659": {
"source": {
@@ -14,7 +14,7 @@
}
}
},
- "c6e791c2d86fda8742bba34c487f10342147c3562dd4f75a4f498a799ba87f69": {
+ "d428f5016b7e6efee91ad9984c36717dc703b4b47ff3843a0b4b2a800ec16e01": {
"source": {
"path": "TestStack.template.json",
"packaging": "file"
@@ -22,7 +22,7 @@
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "c6e791c2d86fda8742bba34c487f10342147c3562dd4f75a4f498a799ba87f69.json",
+ "objectKey": "d428f5016b7e6efee91ad9984c36717dc703b4b47ff3843a0b4b2a800ec16e01.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
diff --git a/test/api-canary.integ.snapshot/TestStack.template.json b/test/api-canary.integ.snapshot/TestStack.template.json
index 5076583..5ca2bc0 100644
--- a/test/api-canary.integ.snapshot/TestStack.template.json
+++ b/test/api-canary.integ.snapshot/TestStack.template.json
@@ -222,11 +222,6 @@
]
},
"Name": "teststacksynthe589c28",
- "RuntimeVersion": "syn-nodejs-puppeteer-4.0",
- "Schedule": {
- "DurationInSeconds": "0",
- "Expression": "rate(5 minutes)"
- },
"RunConfig": {
"EnvironmentVariables": {
"baseUrl": "https://xkcd.com",
@@ -234,6 +229,11 @@
"testSteps": "[{\"name\":\"info\",\"path\":\"/614/info.0.json\",\"jmesPath\":\"safe_title\",\"expectedValue\":\"Woodpecker\"}]"
}
},
+ "RuntimeVersion": "syn-nodejs-puppeteer-4.0",
+ "Schedule": {
+ "DurationInSeconds": "0",
+ "Expression": "rate(5 minutes)"
+ },
"StartCanaryAfterCreation": true
}
},
@@ -241,7 +241,6 @@
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"ComparisonOperator": "LessThanThreshold",
- "EvaluationPeriods": 2,
"Dimensions": [
{
"Name": "CanaryName",
@@ -250,6 +249,7 @@
}
}
],
+ "EvaluationPeriods": 2,
"MetricName": "SuccessPercent",
"Namespace": "CloudWatchSynthetics",
"Period": 300,
@@ -261,7 +261,6 @@
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"ComparisonOperator": "GreaterThanThreshold",
- "EvaluationPeriods": 2,
"Dimensions": [
{
"Name": "CanaryName",
@@ -270,6 +269,7 @@
}
}
],
+ "EvaluationPeriods": 2,
"MetricName": "Duration",
"Namespace": "CloudWatchSynthetics",
"Period": 300,
diff --git a/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-service-NagReport.csv b/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-service-NagReport.csv
index a45b82e..dbbe1a0 100644
--- a/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-service-NagReport.csv
+++ b/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-service-NagReport.csv
@@ -42,17 +42,17 @@ Rule ID,Resource ID,Compliance,Exception Reason,Rule Level,Rule Info
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
-"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onEvent/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
+"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onEvent/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/Resource","Suppressed","[Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole] Allow AWSLambdaBasicExecutionRole policy","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
-"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
+"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/Resource","Suppressed","[Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole] Allow AWSLambdaBasicExecutionRole policy","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
-"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
+"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/waiter-state-machine/Role/Resource","Compliant","N/A","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/waiter-state-machine/Role/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/waiter-state-machine/Role/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
diff --git a/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/cdk-ecs-codedeploy-service.assets.json b/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/cdk-ecs-codedeploy-service.assets.json
index 7be4b84..ec820fd 100644
--- a/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/cdk-ecs-codedeploy-service.assets.json
+++ b/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/cdk-ecs-codedeploy-service.assets.json
@@ -1,5 +1,5 @@
{
- "version": "32.0.0",
+ "version": "33.0.0",
"files": {
"93db9dcabf8af9cc80ac1a58b535f16939207937839bf12b4db178e54a4bb659": {
"source": {
@@ -43,21 +43,21 @@
}
}
},
- "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e": {
+ "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf": {
"source": {
- "path": "asset.8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e",
+ "path": "asset.f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf",
"packaging": "zip"
},
"destinations": {
"current_account-us-west-2": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2",
- "objectKey": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip",
+ "objectKey": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip",
"region": "us-west-2",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2"
}
}
},
- "425997d3b1f101fb870afd27379a34915be6727f80b5263fa865da49f38573b5": {
+ "ae199d27aca17aebf78b87f1e3a61a5ab83617d02017470d1d869c81c89e2056": {
"source": {
"path": "cdk-ecs-codedeploy-service.template.json",
"packaging": "file"
@@ -65,7 +65,7 @@
"destinations": {
"current_account-us-west-2": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2",
- "objectKey": "425997d3b1f101fb870afd27379a34915be6727f80b5263fa865da49f38573b5.json",
+ "objectKey": "ae199d27aca17aebf78b87f1e3a61a5ab83617d02017470d1d869c81c89e2056.json",
"region": "us-west-2",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2"
}
diff --git a/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/cdk-ecs-codedeploy-service.template.json b/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/cdk-ecs-codedeploy-service.template.json
index c02663f..b9ab6a8 100644
--- a/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/cdk-ecs-codedeploy-service.template.json
+++ b/test/application-load-balanced-codedeployed-fargate-service.integ.snapshot/cdk-ecs-codedeploy-service.template.json
@@ -49,9 +49,6 @@
"ClusterVpcPublicSubnet1SubnetA9F7E0A5": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "ClusterVpcFAA3CEDF"
- },
"AvailabilityZone": {
"Fn::Select": [
0,
@@ -75,7 +72,10 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-service/Cluster/Vpc/PublicSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "ClusterVpcFAA3CEDF"
+ }
},
"Metadata": {
"cdk_nag": {
@@ -95,15 +95,15 @@
"ClusterVpcPublicSubnet1RouteTable5594A636": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "ClusterVpcFAA3CEDF"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-service/Cluster/Vpc/PublicSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "ClusterVpcFAA3CEDF"
+ }
},
"Metadata": {
"cdk_nag": {
@@ -148,12 +148,12 @@
"ClusterVpcPublicSubnet1DefaultRoute62DA4B4B": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "ClusterVpcPublicSubnet1RouteTable5594A636"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ClusterVpcIGW1E358A6E"
+ },
+ "RouteTableId": {
+ "Ref": "ClusterVpcPublicSubnet1RouteTable5594A636"
}
},
"DependsOn": [
@@ -203,15 +203,15 @@
"ClusterVpcPublicSubnet1NATGateway0693C346": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
- "SubnetId": {
- "Ref": "ClusterVpcPublicSubnet1SubnetA9F7E0A5"
- },
"AllocationId": {
"Fn::GetAtt": [
"ClusterVpcPublicSubnet1EIP433C56EE",
"AllocationId"
]
},
+ "SubnetId": {
+ "Ref": "ClusterVpcPublicSubnet1SubnetA9F7E0A5"
+ },
"Tags": [
{
"Key": "Name",
@@ -241,9 +241,6 @@
"ClusterVpcPublicSubnet2Subnet059113C4": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "ClusterVpcFAA3CEDF"
- },
"AvailabilityZone": {
"Fn::Select": [
1,
@@ -267,7 +264,10 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-service/Cluster/Vpc/PublicSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "ClusterVpcFAA3CEDF"
+ }
},
"Metadata": {
"cdk_nag": {
@@ -287,15 +287,15 @@
"ClusterVpcPublicSubnet2RouteTable7B43F18C": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "ClusterVpcFAA3CEDF"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-service/Cluster/Vpc/PublicSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "ClusterVpcFAA3CEDF"
+ }
},
"Metadata": {
"cdk_nag": {
@@ -340,12 +340,12 @@
"ClusterVpcPublicSubnet2DefaultRoute97446C8A": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "ClusterVpcPublicSubnet2RouteTable7B43F18C"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ClusterVpcIGW1E358A6E"
+ },
+ "RouteTableId": {
+ "Ref": "ClusterVpcPublicSubnet2RouteTable7B43F18C"
}
},
"DependsOn": [
@@ -395,15 +395,15 @@
"ClusterVpcPublicSubnet2NATGateway00B24686": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
- "SubnetId": {
- "Ref": "ClusterVpcPublicSubnet2Subnet059113C4"
- },
"AllocationId": {
"Fn::GetAtt": [
"ClusterVpcPublicSubnet2EIP203DF3E5",
"AllocationId"
]
},
+ "SubnetId": {
+ "Ref": "ClusterVpcPublicSubnet2Subnet059113C4"
+ },
"Tags": [
{
"Key": "Name",
@@ -433,9 +433,6 @@
"ClusterVpcPrivateSubnet1SubnetA4EB481A": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "ClusterVpcFAA3CEDF"
- },
"AvailabilityZone": {
"Fn::Select": [
0,
@@ -459,7 +456,10 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-service/Cluster/Vpc/PrivateSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "ClusterVpcFAA3CEDF"
+ }
},
"Metadata": {
"cdk_nag": {
@@ -479,15 +479,15 @@
"ClusterVpcPrivateSubnet1RouteTable5AAEDA3F": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "ClusterVpcFAA3CEDF"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-service/Cluster/Vpc/PrivateSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "ClusterVpcFAA3CEDF"
+ }
},
"Metadata": {
"cdk_nag": {
@@ -532,12 +532,12 @@
"ClusterVpcPrivateSubnet1DefaultRoute3B4D40DD": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "ClusterVpcPrivateSubnet1RouteTable5AAEDA3F"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ClusterVpcPublicSubnet1NATGateway0693C346"
+ },
+ "RouteTableId": {
+ "Ref": "ClusterVpcPrivateSubnet1RouteTable5AAEDA3F"
}
},
"Metadata": {
@@ -558,9 +558,6 @@
"ClusterVpcPrivateSubnet2SubnetBD1ECB6E": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "ClusterVpcFAA3CEDF"
- },
"AvailabilityZone": {
"Fn::Select": [
1,
@@ -584,7 +581,10 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-service/Cluster/Vpc/PrivateSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "ClusterVpcFAA3CEDF"
+ }
},
"Metadata": {
"cdk_nag": {
@@ -604,15 +604,15 @@
"ClusterVpcPrivateSubnet2RouteTable73064A66": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "ClusterVpcFAA3CEDF"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-service/Cluster/Vpc/PrivateSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "ClusterVpcFAA3CEDF"
+ }
},
"Metadata": {
"cdk_nag": {
@@ -657,12 +657,12 @@
"ClusterVpcPrivateSubnet2DefaultRoute011666AF": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "ClusterVpcPrivateSubnet2RouteTable73064A66"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ClusterVpcPublicSubnet2NATGateway00B24686"
+ },
+ "RouteTableId": {
+ "Ref": "ClusterVpcPrivateSubnet2RouteTable73064A66"
}
},
"Metadata": {
@@ -708,11 +708,11 @@
"ClusterVpcVPCGW47AC17E9": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
- "VpcId": {
- "Ref": "ClusterVpcFAA3CEDF"
- },
"InternetGatewayId": {
"Ref": "ClusterVpcIGW1E358A6E"
+ },
+ "VpcId": {
+ "Ref": "ClusterVpcFAA3CEDF"
}
},
"Metadata": {
@@ -833,13 +833,6 @@
"ServiceLBSecurityGrouptocdkecscodedeployserviceServiceSecurityGroup9DF0F5D5801750432E": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
- "GroupId": {
- "Fn::GetAtt": [
- "ServiceLBSecurityGroupF7435A5C",
- "GroupId"
- ]
- },
- "IpProtocol": "tcp",
"Description": "Load balancer to target",
"DestinationSecurityGroupId": {
"Fn::GetAtt": [
@@ -848,6 +841,13 @@
]
},
"FromPort": 80,
+ "GroupId": {
+ "Fn::GetAtt": [
+ "ServiceLBSecurityGroupF7435A5C",
+ "GroupId"
+ ]
+ },
+ "IpProtocol": "tcp",
"ToPort": 80
},
"DependsOn": [
@@ -1215,7 +1215,6 @@
"ServiceSecurityGroupfromcdkecscodedeployserviceServiceLBSecurityGroupD78B8ED9801A3479E0": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
- "IpProtocol": "tcp",
"Description": "Load balancer to target",
"FromPort": 80,
"GroupId": {
@@ -1224,6 +1223,7 @@
"GroupId"
]
},
+ "IpProtocol": "tcp",
"SourceSecurityGroupId": {
"Fn::GetAtt": [
"ServiceLBSecurityGroupF7435A5C",
@@ -1621,11 +1621,6 @@
]
},
"Name": "cdkecscodedeplob4f38c",
- "RuntimeVersion": "syn-nodejs-puppeteer-4.0",
- "Schedule": {
- "DurationInSeconds": "0",
- "Expression": "rate(5 minutes)"
- },
"RunConfig": {
"EnvironmentVariables": {
"baseUrl": {
@@ -1646,6 +1641,11 @@
"testSteps": "[{\"name\":\"health\",\"path\":\"/health\",\"jmesPath\":\"status\",\"expectedValue\":\"ok\"}]"
}
},
+ "RuntimeVersion": "syn-nodejs-puppeteer-4.0",
+ "Schedule": {
+ "DurationInSeconds": "0",
+ "Expression": "rate(5 minutes)"
+ },
"StartCanaryAfterCreation": true
},
"DependsOn": [
@@ -1658,7 +1658,6 @@
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"ComparisonOperator": "LessThanThreshold",
- "EvaluationPeriods": 2,
"Dimensions": [
{
"Name": "CanaryName",
@@ -1667,6 +1666,7 @@
}
}
],
+ "EvaluationPeriods": 2,
"MetricName": "SuccessPercent",
"Namespace": "CloudWatchSynthetics",
"Period": 300,
@@ -1682,6 +1682,7 @@
"ServiceHealthAlarmDAB0EF53": {
"Type": "AWS::CloudWatch::CompositeAlarm",
"Properties": {
+ "AlarmName": "cdkecscodedeployserviceServiceHealthAlarm93201C59",
"AlarmRule": {
"Fn::Join": [
"",
@@ -1696,8 +1697,7 @@
"\"))"
]
]
- },
- "AlarmName": "cdkecscodedeployserviceServiceHealthAlarm93201C59"
+ }
}
},
"ServiceGreenTargetGroup3BE32266": {
@@ -1770,15 +1770,6 @@
"ServiceDeploymentGroupE338BE38": {
"Type": "AWS::CodeDeploy::DeploymentGroup",
"Properties": {
- "ApplicationName": {
- "Ref": "ServiceApplication92776FC3"
- },
- "ServiceRoleArn": {
- "Fn::GetAtt": [
- "ServiceDeploymentGroupServiceRole2FF13484",
- "Arn"
- ]
- },
"AlarmConfiguration": {
"Alarms": [
{
@@ -1789,6 +1780,9 @@
],
"Enabled": true
},
+ "ApplicationName": {
+ "Ref": "ServiceApplication92776FC3"
+ },
"AutoRollbackConfiguration": {
"Enabled": true,
"Events": [
@@ -1862,6 +1856,12 @@
}
}
]
+ },
+ "ServiceRoleArn": {
+ "Fn::GetAtt": [
+ "ServiceDeploymentGroupServiceRole2FF13484",
+ "Arn"
+ ]
}
}
},
@@ -2024,12 +2024,6 @@
},
"S3Key": "dd70c9291f90686877dd7eb18ea62ac7d87af05bff8571f92ef962cc9026fa2c.zip"
},
- "Role": {
- "Fn::GetAtt": [
- "ServiceDeploymentGroupDeploymentDeploymentProviderOnEventLambdaServiceRole6EA4E767",
- "Arn"
- ]
- },
"Description": "src/ecs-deployment-provider/on-event.lambda.ts",
"Environment": {
"Variables": {
@@ -2037,6 +2031,12 @@
}
},
"Handler": "index.handler",
+ "Role": {
+ "Fn::GetAtt": [
+ "ServiceDeploymentGroupDeploymentDeploymentProviderOnEventLambdaServiceRole6EA4E767",
+ "Arn"
+ ]
+ },
"Runtime": "nodejs18.x",
"Timeout": 60
},
@@ -2167,12 +2167,6 @@
},
"S3Key": "65cf9f712727efa44fdfcabd0c3af10a91fab1a4cc79fa5408f9226165d29ec8.zip"
},
- "Role": {
- "Fn::GetAtt": [
- "ServiceDeploymentGroupDeploymentDeploymentProviderIsCompleteLambdaServiceRoleC7357CFE",
- "Arn"
- ]
- },
"Description": "src/ecs-deployment-provider/is-complete.lambda.ts",
"Environment": {
"Variables": {
@@ -2180,6 +2174,12 @@
}
},
"Handler": "index.handler",
+ "Role": {
+ "Fn::GetAtt": [
+ "ServiceDeploymentGroupDeploymentDeploymentProviderIsCompleteLambdaServiceRoleC7357CFE",
+ "Arn"
+ ]
+ },
"Runtime": "nodejs18.x",
"Timeout": 60
},
@@ -2356,13 +2356,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2"
},
- "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip"
- },
- "Role": {
- "Fn::GetAtt": [
- "ServiceDeploymentGroupDeploymentDeploymentProviderframeworkonEventServiceRole4597B89C",
- "Arn"
- ]
+ "S3Key": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip"
},
"Description": "AWS CDK resource provider framework - onEvent (cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider)",
"Environment": {
@@ -2385,7 +2379,13 @@
}
},
"Handler": "framework.onEvent",
- "Runtime": "nodejs14.x",
+ "Role": {
+ "Fn::GetAtt": [
+ "ServiceDeploymentGroupDeploymentDeploymentProviderframeworkonEventServiceRole4597B89C",
+ "Arn"
+ ]
+ },
+ "Runtime": "nodejs18.x",
"Timeout": 900
},
"DependsOn": [
@@ -2562,13 +2562,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2"
},
- "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip"
- },
- "Role": {
- "Fn::GetAtt": [
- "ServiceDeploymentGroupDeploymentDeploymentProviderframeworkisCompleteServiceRole36179A24",
- "Arn"
- ]
+ "S3Key": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip"
},
"Description": "AWS CDK resource provider framework - isComplete (cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider)",
"Environment": {
@@ -2588,7 +2582,13 @@
}
},
"Handler": "framework.isComplete",
- "Runtime": "nodejs14.x",
+ "Role": {
+ "Fn::GetAtt": [
+ "ServiceDeploymentGroupDeploymentDeploymentProviderframeworkisCompleteServiceRole36179A24",
+ "Arn"
+ ]
+ },
+ "Runtime": "nodejs18.x",
"Timeout": 900
},
"DependsOn": [
@@ -2765,13 +2765,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2"
},
- "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip"
- },
- "Role": {
- "Fn::GetAtt": [
- "ServiceDeploymentGroupDeploymentDeploymentProviderframeworkonTimeoutServiceRole92068547",
- "Arn"
- ]
+ "S3Key": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip"
},
"Description": "AWS CDK resource provider framework - onTimeout (cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider)",
"Environment": {
@@ -2791,7 +2785,13 @@
}
},
"Handler": "framework.onTimeout",
- "Runtime": "nodejs14.x",
+ "Role": {
+ "Fn::GetAtt": [
+ "ServiceDeploymentGroupDeploymentDeploymentProviderframeworkonTimeoutServiceRole92068547",
+ "Arn"
+ ]
+ },
+ "Runtime": "nodejs18.x",
"Timeout": 900
},
"DependsOn": [
diff --git a/test/ecs-deployment-hooks.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-ecs-deployment-NagReport.csv b/test/ecs-deployment-hooks.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-ecs-deployment-NagReport.csv
index 71c3f73..17213c2 100644
--- a/test/ecs-deployment-hooks.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-ecs-deployment-NagReport.csv
+++ b/test/ecs-deployment-hooks.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-ecs-deployment-NagReport.csv
@@ -25,17 +25,17 @@ Rule ID,Resource ID,Compliance,Exception Reason,Rule Level,Rule Info
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
-"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onEvent/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
+"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onEvent/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/Resource","Suppressed","Unrelated to construct under test","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
-"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
+"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/Resource","Suppressed","Unrelated to construct under test","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
-"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
+"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/waiter-state-machine/Role/Resource","Compliant","N/A","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/waiter-state-machine/Role/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/waiter-state-machine/Role/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
diff --git a/test/ecs-deployment-hooks.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.assets.json b/test/ecs-deployment-hooks.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.assets.json
index 9e0a237..0569232 100644
--- a/test/ecs-deployment-hooks.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.assets.json
+++ b/test/ecs-deployment-hooks.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.assets.json
@@ -1,5 +1,5 @@
{
- "version": "32.0.0",
+ "version": "33.0.0",
"files": {
"dd70c9291f90686877dd7eb18ea62ac7d87af05bff8571f92ef962cc9026fa2c": {
"source": {
@@ -27,20 +27,20 @@
}
}
},
- "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e": {
+ "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf": {
"source": {
- "path": "asset.8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e",
+ "path": "asset.f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf",
"packaging": "zip"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip",
+ "objectKey": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
},
- "39da32df7e9ab7a958efb1bde3b36016363e5209013d41676eed5240ce7bc53c": {
+ "15c3d09661b19a1f5323985dc0889c624e1d5637f33f1a47e0353111cf46dc6b": {
"source": {
"path": "cdk-ecs-codedeploy-ecs-deployment.template.json",
"packaging": "file"
@@ -48,7 +48,7 @@
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "39da32df7e9ab7a958efb1bde3b36016363e5209013d41676eed5240ce7bc53c.json",
+ "objectKey": "15c3d09661b19a1f5323985dc0889c624e1d5637f33f1a47e0353111cf46dc6b.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
diff --git a/test/ecs-deployment-hooks.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.template.json b/test/ecs-deployment-hooks.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.template.json
index 449ac1f..bdc0a53 100644
--- a/test/ecs-deployment-hooks.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.template.json
+++ b/test/ecs-deployment-hooks.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.template.json
@@ -28,9 +28,6 @@
"VPCPublicSubnet1SubnetB4246D30": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"AvailabilityZone": {
"Fn::Select": [
0,
@@ -54,21 +51,24 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PublicSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPublicSubnet1RouteTableFEE4B781": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PublicSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPublicSubnet1RouteTableAssociation0B0896DC": {
@@ -85,12 +85,12 @@
"VPCPublicSubnet1DefaultRoute91CEF279": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "VPCIGWB7E252D3"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
}
},
"DependsOn": [
@@ -112,15 +112,15 @@
"VPCPublicSubnet1NATGatewayE0556630": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
- "SubnetId": {
- "Ref": "VPCPublicSubnet1SubnetB4246D30"
- },
"AllocationId": {
"Fn::GetAtt": [
"VPCPublicSubnet1EIP6AD938E8",
"AllocationId"
]
},
+ "SubnetId": {
+ "Ref": "VPCPublicSubnet1SubnetB4246D30"
+ },
"Tags": [
{
"Key": "Name",
@@ -136,9 +136,6 @@
"VPCPublicSubnet2Subnet74179F39": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"AvailabilityZone": {
"Fn::Select": [
1,
@@ -162,21 +159,24 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PublicSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPublicSubnet2RouteTable6F1A15F1": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PublicSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPublicSubnet2RouteTableAssociation5A808732": {
@@ -193,12 +193,12 @@
"VPCPublicSubnet2DefaultRouteB7481BBA": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "VPCIGWB7E252D3"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
}
},
"DependsOn": [
@@ -220,15 +220,15 @@
"VPCPublicSubnet2NATGateway3C070193": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
- "SubnetId": {
- "Ref": "VPCPublicSubnet2Subnet74179F39"
- },
"AllocationId": {
"Fn::GetAtt": [
"VPCPublicSubnet2EIP4947BC00",
"AllocationId"
]
},
+ "SubnetId": {
+ "Ref": "VPCPublicSubnet2Subnet74179F39"
+ },
"Tags": [
{
"Key": "Name",
@@ -244,9 +244,6 @@
"VPCPrivateSubnet1Subnet8BCA10E0": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"AvailabilityZone": {
"Fn::Select": [
0,
@@ -270,21 +267,24 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PrivateSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPrivateSubnet1RouteTableBE8A6027": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PrivateSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPrivateSubnet1RouteTableAssociation347902D1": {
@@ -301,21 +301,18 @@
"VPCPrivateSubnet1DefaultRouteAE1D6490": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "VPCPrivateSubnet1RouteTableBE8A6027"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "VPCPublicSubnet1NATGatewayE0556630"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPrivateSubnet1RouteTableBE8A6027"
}
}
},
"VPCPrivateSubnet2SubnetCFCDAA7A": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"AvailabilityZone": {
"Fn::Select": [
1,
@@ -339,21 +336,24 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PrivateSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPrivateSubnet2RouteTable0A19E10E": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PrivateSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPrivateSubnet2RouteTableAssociation0C73D413": {
@@ -370,12 +370,12 @@
"VPCPrivateSubnet2DefaultRouteF4F5CFD2": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "VPCPrivateSubnet2RouteTable0A19E10E"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "VPCPublicSubnet2NATGateway3C070193"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPrivateSubnet2RouteTable0A19E10E"
}
}
},
@@ -393,11 +393,11 @@
"VPCVPCGW99B986DC": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"InternetGatewayId": {
"Ref": "VPCIGWB7E252D3"
+ },
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
}
}
},
@@ -554,7 +554,6 @@
"FargateServiceSecurityGroupfromcdkecscodedeployecsdeploymentServiceLBSecurityGroup4FDF524A80079E23C1": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
- "IpProtocol": "tcp",
"Description": "Load balancer to target",
"FromPort": 80,
"GroupId": {
@@ -563,6 +562,7 @@
"GroupId"
]
},
+ "IpProtocol": "tcp",
"SourceSecurityGroupId": {
"Fn::GetAtt": [
"ServiceLBSecurityGroup2EA7EDA1",
@@ -663,13 +663,6 @@
"ServiceLBSecurityGrouptocdkecscodedeployecsdeploymentFargateServiceSecurityGroupF3FE9EA980C5221DA0": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
- "GroupId": {
- "Fn::GetAtt": [
- "ServiceLBSecurityGroup2EA7EDA1",
- "GroupId"
- ]
- },
- "IpProtocol": "tcp",
"Description": "Load balancer to target",
"DestinationSecurityGroupId": {
"Fn::GetAtt": [
@@ -678,6 +671,13 @@
]
},
"FromPort": 80,
+ "GroupId": {
+ "Fn::GetAtt": [
+ "ServiceLBSecurityGroup2EA7EDA1",
+ "GroupId"
+ ]
+ },
+ "IpProtocol": "tcp",
"ToPort": 80
},
"Metadata": {
@@ -841,9 +841,8 @@
"BlueUnhealthyHosts48919A97": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
- "EvaluationPeriods": 2,
"AlarmName": "cdk-ecs-codedeploy-ecs-deployment-Unhealthy-Hosts-Blue",
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
"Dimensions": [
{
"Name": "LoadBalancer",
@@ -906,6 +905,7 @@
}
}
],
+ "EvaluationPeriods": 2,
"MetricName": "UnHealthyHostCount",
"Namespace": "AWS/ApplicationELB",
"Period": 300,
@@ -916,9 +916,8 @@
"Blue5xx7E9798A6": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
- "EvaluationPeriods": 1,
"AlarmName": "cdk-ecs-codedeploy-ecs-deployment-Http-500-Blue",
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
"Dimensions": [
{
"Name": "LoadBalancer",
@@ -981,6 +980,7 @@
}
}
],
+ "EvaluationPeriods": 1,
"MetricName": "HTTPCode_Target_5XX_Count",
"Namespace": "AWS/ApplicationELB",
"Period": 60,
@@ -991,9 +991,8 @@
"GreenUnhealthyHosts8D9D09C1": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
- "EvaluationPeriods": 2,
"AlarmName": "cdk-ecs-codedeploy-ecs-deployment-Unhealthy-Hosts-Green",
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
"Dimensions": [
{
"Name": "LoadBalancer",
@@ -1056,6 +1055,7 @@
}
}
],
+ "EvaluationPeriods": 2,
"MetricName": "UnHealthyHostCount",
"Namespace": "AWS/ApplicationELB",
"Period": 300,
@@ -1066,9 +1066,8 @@
"Green5xx1A511A06": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
- "EvaluationPeriods": 1,
"AlarmName": "cdk-ecs-codedeploy-ecs-deployment-Http-500-Green",
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
"Dimensions": [
{
"Name": "LoadBalancer",
@@ -1131,6 +1130,7 @@
}
}
],
+ "EvaluationPeriods": 1,
"MetricName": "HTTPCode_Target_5XX_Count",
"Namespace": "AWS/ApplicationELB",
"Period": 60,
@@ -1213,15 +1213,6 @@
"DGEC40E9EF": {
"Type": "AWS::CodeDeploy::DeploymentGroup",
"Properties": {
- "ApplicationName": {
- "Ref": "AppF1B96344"
- },
- "ServiceRoleArn": {
- "Fn::GetAtt": [
- "DGServiceRoleD0230320",
- "Arn"
- ]
- },
"AlarmConfiguration": {
"Alarms": [
{
@@ -1247,6 +1238,9 @@
],
"Enabled": true
},
+ "ApplicationName": {
+ "Ref": "AppF1B96344"
+ },
"AutoRollbackConfiguration": {
"Enabled": true,
"Events": [
@@ -1323,6 +1317,12 @@
}
}
]
+ },
+ "ServiceRoleArn": {
+ "Fn::GetAtt": [
+ "DGServiceRoleD0230320",
+ "Arn"
+ ]
}
},
"DependsOn": [
@@ -1509,12 +1509,6 @@
},
"S3Key": "dd70c9291f90686877dd7eb18ea62ac7d87af05bff8571f92ef962cc9026fa2c.zip"
},
- "Role": {
- "Fn::GetAtt": [
- "DGDeploymentDeploymentProviderOnEventLambdaServiceRole60156287",
- "Arn"
- ]
- },
"Description": "src/ecs-deployment-provider/on-event.lambda.ts",
"Environment": {
"Variables": {
@@ -1522,6 +1516,12 @@
}
},
"Handler": "index.handler",
+ "Role": {
+ "Fn::GetAtt": [
+ "DGDeploymentDeploymentProviderOnEventLambdaServiceRole60156287",
+ "Arn"
+ ]
+ },
"Runtime": "nodejs18.x",
"Timeout": 60
},
@@ -1663,12 +1663,6 @@
},
"S3Key": "65cf9f712727efa44fdfcabd0c3af10a91fab1a4cc79fa5408f9226165d29ec8.zip"
},
- "Role": {
- "Fn::GetAtt": [
- "DGDeploymentDeploymentProviderIsCompleteLambdaServiceRole1AC61641",
- "Arn"
- ]
- },
"Description": "src/ecs-deployment-provider/is-complete.lambda.ts",
"Environment": {
"Variables": {
@@ -1676,6 +1670,12 @@
}
},
"Handler": "index.handler",
+ "Role": {
+ "Fn::GetAtt": [
+ "DGDeploymentDeploymentProviderIsCompleteLambdaServiceRole1AC61641",
+ "Arn"
+ ]
+ },
"Runtime": "nodejs18.x",
"Timeout": 60
},
@@ -1867,13 +1867,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
- "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip"
- },
- "Role": {
- "Fn::GetAtt": [
- "DGDeploymentDeploymentProviderframeworkonEventServiceRoleC4DB5791",
- "Arn"
- ]
+ "S3Key": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip"
},
"Description": "AWS CDK resource provider framework - onEvent (cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider)",
"Environment": {
@@ -1896,7 +1890,13 @@
}
},
"Handler": "framework.onEvent",
- "Runtime": "nodejs14.x",
+ "Role": {
+ "Fn::GetAtt": [
+ "DGDeploymentDeploymentProviderframeworkonEventServiceRoleC4DB5791",
+ "Arn"
+ ]
+ },
+ "Runtime": "nodejs18.x",
"Timeout": 900
},
"DependsOn": [
@@ -2092,13 +2092,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
- "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip"
- },
- "Role": {
- "Fn::GetAtt": [
- "DGDeploymentDeploymentProviderframeworkisCompleteServiceRole06E09942",
- "Arn"
- ]
+ "S3Key": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip"
},
"Description": "AWS CDK resource provider framework - isComplete (cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider)",
"Environment": {
@@ -2118,7 +2112,13 @@
}
},
"Handler": "framework.isComplete",
- "Runtime": "nodejs14.x",
+ "Role": {
+ "Fn::GetAtt": [
+ "DGDeploymentDeploymentProviderframeworkisCompleteServiceRole06E09942",
+ "Arn"
+ ]
+ },
+ "Runtime": "nodejs18.x",
"Timeout": 900
},
"DependsOn": [
@@ -2314,13 +2314,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
- "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip"
- },
- "Role": {
- "Fn::GetAtt": [
- "DGDeploymentDeploymentProviderframeworkonTimeoutServiceRole2B298F04",
- "Arn"
- ]
+ "S3Key": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip"
},
"Description": "AWS CDK resource provider framework - onTimeout (cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider)",
"Environment": {
@@ -2340,7 +2334,13 @@
}
},
"Handler": "framework.onTimeout",
- "Runtime": "nodejs14.x",
+ "Role": {
+ "Fn::GetAtt": [
+ "DGDeploymentDeploymentProviderframeworkonTimeoutServiceRole2B298F04",
+ "Arn"
+ ]
+ },
+ "Runtime": "nodejs18.x",
"Timeout": 900
},
"DependsOn": [
@@ -2766,13 +2766,13 @@
"Code": {
"ZipFile": "\n var { CodeDeployClient, PutLifecycleEventHookExecutionStatusCommand } = require('@aws-sdk/client-codedeploy');\n var codedeploy = new CodeDeployClient({});\n exports.handler = async (event, context, callback) => {\n const command = new PutLifecycleEventHookExecutionStatusCommand({\n deploymentId: event.DeploymentId,\n lifecycleEventHookExecutionId: event.LifecycleEventHookExecutionId,\n status: 'Succeeded' // status can be 'Succeeded' or 'Failed'\n });\n await codedeploy.send(command);\n }\n "
},
+ "Handler": "index.handler",
"Role": {
"Fn::GetAtt": [
"FunctionServiceRole675BB04A",
"Arn"
]
},
- "Handler": "index.handler",
"Runtime": "nodejs18.x"
},
"DependsOn": [
diff --git a/test/ecs-deployment.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-ecs-deployment-NagReport.csv b/test/ecs-deployment.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-ecs-deployment-NagReport.csv
index 6bbdc1b..5270384 100644
--- a/test/ecs-deployment.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-ecs-deployment-NagReport.csv
+++ b/test/ecs-deployment.integ.snapshot/AwsSolutions-cdk-ecs-codedeploy-ecs-deployment-NagReport.csv
@@ -25,17 +25,17 @@ Rule ID,Resource ID,Compliance,Exception Reason,Rule Level,Rule Info
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
-"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onEvent/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
+"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onEvent/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/Resource","Suppressed","Unrelated to construct under test","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
-"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
+"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-isComplete/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/Resource","Suppressed","Unrelated to construct under test","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
-"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
+"AwsSolutions-L1","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/framework-onTimeout/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/waiter-state-machine/Role/Resource","Compliant","N/A","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/waiter-state-machine/Role/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider/waiter-state-machine/Role/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
diff --git a/test/ecs-deployment.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.assets.json b/test/ecs-deployment.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.assets.json
index 2ae8327..c79dd90 100644
--- a/test/ecs-deployment.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.assets.json
+++ b/test/ecs-deployment.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.assets.json
@@ -1,5 +1,5 @@
{
- "version": "32.0.0",
+ "version": "33.0.0",
"files": {
"dd70c9291f90686877dd7eb18ea62ac7d87af05bff8571f92ef962cc9026fa2c": {
"source": {
@@ -27,20 +27,20 @@
}
}
},
- "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e": {
+ "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf": {
"source": {
- "path": "asset.8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e",
+ "path": "asset.f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf",
"packaging": "zip"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip",
+ "objectKey": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
},
- "f41e62ba17e6df958fc4476d3da6b5e0f0891f1af3626a66538b6c22a890005d": {
+ "5d35a293ebbfab4914d68d27494f013c81ec4d308251f49ab279e70659e9878b": {
"source": {
"path": "cdk-ecs-codedeploy-ecs-deployment.template.json",
"packaging": "file"
@@ -48,7 +48,7 @@
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "f41e62ba17e6df958fc4476d3da6b5e0f0891f1af3626a66538b6c22a890005d.json",
+ "objectKey": "5d35a293ebbfab4914d68d27494f013c81ec4d308251f49ab279e70659e9878b.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
diff --git a/test/ecs-deployment.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.template.json b/test/ecs-deployment.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.template.json
index dfc4cb7..13a0bcf 100644
--- a/test/ecs-deployment.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.template.json
+++ b/test/ecs-deployment.integ.snapshot/cdk-ecs-codedeploy-ecs-deployment.template.json
@@ -28,9 +28,6 @@
"VPCPublicSubnet1SubnetB4246D30": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"AvailabilityZone": {
"Fn::Select": [
0,
@@ -54,21 +51,24 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PublicSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPublicSubnet1RouteTableFEE4B781": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PublicSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPublicSubnet1RouteTableAssociation0B0896DC": {
@@ -85,12 +85,12 @@
"VPCPublicSubnet1DefaultRoute91CEF279": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "VPCIGWB7E252D3"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
}
},
"DependsOn": [
@@ -112,15 +112,15 @@
"VPCPublicSubnet1NATGatewayE0556630": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
- "SubnetId": {
- "Ref": "VPCPublicSubnet1SubnetB4246D30"
- },
"AllocationId": {
"Fn::GetAtt": [
"VPCPublicSubnet1EIP6AD938E8",
"AllocationId"
]
},
+ "SubnetId": {
+ "Ref": "VPCPublicSubnet1SubnetB4246D30"
+ },
"Tags": [
{
"Key": "Name",
@@ -136,9 +136,6 @@
"VPCPublicSubnet2Subnet74179F39": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"AvailabilityZone": {
"Fn::Select": [
1,
@@ -162,21 +159,24 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PublicSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPublicSubnet2RouteTable6F1A15F1": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PublicSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPublicSubnet2RouteTableAssociation5A808732": {
@@ -193,12 +193,12 @@
"VPCPublicSubnet2DefaultRouteB7481BBA": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "VPCIGWB7E252D3"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
}
},
"DependsOn": [
@@ -220,15 +220,15 @@
"VPCPublicSubnet2NATGateway3C070193": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
- "SubnetId": {
- "Ref": "VPCPublicSubnet2Subnet74179F39"
- },
"AllocationId": {
"Fn::GetAtt": [
"VPCPublicSubnet2EIP4947BC00",
"AllocationId"
]
},
+ "SubnetId": {
+ "Ref": "VPCPublicSubnet2Subnet74179F39"
+ },
"Tags": [
{
"Key": "Name",
@@ -244,9 +244,6 @@
"VPCPrivateSubnet1Subnet8BCA10E0": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"AvailabilityZone": {
"Fn::Select": [
0,
@@ -270,21 +267,24 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PrivateSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPrivateSubnet1RouteTableBE8A6027": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PrivateSubnet1"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPrivateSubnet1RouteTableAssociation347902D1": {
@@ -301,21 +301,18 @@
"VPCPrivateSubnet1DefaultRouteAE1D6490": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "VPCPrivateSubnet1RouteTableBE8A6027"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "VPCPublicSubnet1NATGatewayE0556630"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPrivateSubnet1RouteTableBE8A6027"
}
}
},
"VPCPrivateSubnet2SubnetCFCDAA7A": {
"Type": "AWS::EC2::Subnet",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"AvailabilityZone": {
"Fn::Select": [
1,
@@ -339,21 +336,24 @@
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PrivateSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPrivateSubnet2RouteTable0A19E10E": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"Tags": [
{
"Key": "Name",
"Value": "cdk-ecs-codedeploy-ecs-deployment/VPC/PrivateSubnet2"
}
- ]
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
}
},
"VPCPrivateSubnet2RouteTableAssociation0C73D413": {
@@ -370,12 +370,12 @@
"VPCPrivateSubnet2DefaultRouteF4F5CFD2": {
"Type": "AWS::EC2::Route",
"Properties": {
- "RouteTableId": {
- "Ref": "VPCPrivateSubnet2RouteTable0A19E10E"
- },
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "VPCPublicSubnet2NATGateway3C070193"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPrivateSubnet2RouteTable0A19E10E"
}
}
},
@@ -393,11 +393,11 @@
"VPCVPCGW99B986DC": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
- "VpcId": {
- "Ref": "VPCB9E5F0B4"
- },
"InternetGatewayId": {
"Ref": "VPCIGWB7E252D3"
+ },
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
}
}
},
@@ -554,7 +554,6 @@
"FargateServiceSecurityGroupfromcdkecscodedeployecsdeploymentServiceLBSecurityGroup4FDF524A80079E23C1": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
- "IpProtocol": "tcp",
"Description": "Load balancer to target",
"FromPort": 80,
"GroupId": {
@@ -563,6 +562,7 @@
"GroupId"
]
},
+ "IpProtocol": "tcp",
"SourceSecurityGroupId": {
"Fn::GetAtt": [
"ServiceLBSecurityGroup2EA7EDA1",
@@ -663,13 +663,6 @@
"ServiceLBSecurityGrouptocdkecscodedeployecsdeploymentFargateServiceSecurityGroupF3FE9EA980C5221DA0": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
- "GroupId": {
- "Fn::GetAtt": [
- "ServiceLBSecurityGroup2EA7EDA1",
- "GroupId"
- ]
- },
- "IpProtocol": "tcp",
"Description": "Load balancer to target",
"DestinationSecurityGroupId": {
"Fn::GetAtt": [
@@ -678,6 +671,13 @@
]
},
"FromPort": 80,
+ "GroupId": {
+ "Fn::GetAtt": [
+ "ServiceLBSecurityGroup2EA7EDA1",
+ "GroupId"
+ ]
+ },
+ "IpProtocol": "tcp",
"ToPort": 80
},
"Metadata": {
@@ -841,9 +841,8 @@
"BlueUnhealthyHosts48919A97": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
- "EvaluationPeriods": 2,
"AlarmName": "cdk-ecs-codedeploy-ecs-deployment-Unhealthy-Hosts-Blue",
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
"Dimensions": [
{
"Name": "LoadBalancer",
@@ -906,6 +905,7 @@
}
}
],
+ "EvaluationPeriods": 2,
"MetricName": "UnHealthyHostCount",
"Namespace": "AWS/ApplicationELB",
"Period": 300,
@@ -916,9 +916,8 @@
"Blue5xx7E9798A6": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
- "EvaluationPeriods": 1,
"AlarmName": "cdk-ecs-codedeploy-ecs-deployment-Http-500-Blue",
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
"Dimensions": [
{
"Name": "LoadBalancer",
@@ -981,6 +980,7 @@
}
}
],
+ "EvaluationPeriods": 1,
"MetricName": "HTTPCode_Target_5XX_Count",
"Namespace": "AWS/ApplicationELB",
"Period": 60,
@@ -991,9 +991,8 @@
"GreenUnhealthyHosts8D9D09C1": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
- "EvaluationPeriods": 2,
"AlarmName": "cdk-ecs-codedeploy-ecs-deployment-Unhealthy-Hosts-Green",
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
"Dimensions": [
{
"Name": "LoadBalancer",
@@ -1056,6 +1055,7 @@
}
}
],
+ "EvaluationPeriods": 2,
"MetricName": "UnHealthyHostCount",
"Namespace": "AWS/ApplicationELB",
"Period": 300,
@@ -1066,9 +1066,8 @@
"Green5xx1A511A06": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
- "EvaluationPeriods": 1,
"AlarmName": "cdk-ecs-codedeploy-ecs-deployment-Http-500-Green",
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
"Dimensions": [
{
"Name": "LoadBalancer",
@@ -1131,6 +1130,7 @@
}
}
],
+ "EvaluationPeriods": 1,
"MetricName": "HTTPCode_Target_5XX_Count",
"Namespace": "AWS/ApplicationELB",
"Period": 60,
@@ -1213,15 +1213,6 @@
"DGEC40E9EF": {
"Type": "AWS::CodeDeploy::DeploymentGroup",
"Properties": {
- "ApplicationName": {
- "Ref": "AppF1B96344"
- },
- "ServiceRoleArn": {
- "Fn::GetAtt": [
- "DGServiceRoleD0230320",
- "Arn"
- ]
- },
"AlarmConfiguration": {
"Alarms": [
{
@@ -1247,6 +1238,9 @@
],
"Enabled": true
},
+ "ApplicationName": {
+ "Ref": "AppF1B96344"
+ },
"AutoRollbackConfiguration": {
"Enabled": true,
"Events": [
@@ -1323,6 +1317,12 @@
}
}
]
+ },
+ "ServiceRoleArn": {
+ "Fn::GetAtt": [
+ "DGServiceRoleD0230320",
+ "Arn"
+ ]
}
},
"DependsOn": [
@@ -1509,12 +1509,6 @@
},
"S3Key": "dd70c9291f90686877dd7eb18ea62ac7d87af05bff8571f92ef962cc9026fa2c.zip"
},
- "Role": {
- "Fn::GetAtt": [
- "DGDeploymentDeploymentProviderOnEventLambdaServiceRole60156287",
- "Arn"
- ]
- },
"Description": "src/ecs-deployment-provider/on-event.lambda.ts",
"Environment": {
"Variables": {
@@ -1522,6 +1516,12 @@
}
},
"Handler": "index.handler",
+ "Role": {
+ "Fn::GetAtt": [
+ "DGDeploymentDeploymentProviderOnEventLambdaServiceRole60156287",
+ "Arn"
+ ]
+ },
"Runtime": "nodejs18.x",
"Timeout": 60
},
@@ -1663,12 +1663,6 @@
},
"S3Key": "65cf9f712727efa44fdfcabd0c3af10a91fab1a4cc79fa5408f9226165d29ec8.zip"
},
- "Role": {
- "Fn::GetAtt": [
- "DGDeploymentDeploymentProviderIsCompleteLambdaServiceRole1AC61641",
- "Arn"
- ]
- },
"Description": "src/ecs-deployment-provider/is-complete.lambda.ts",
"Environment": {
"Variables": {
@@ -1676,6 +1670,12 @@
}
},
"Handler": "index.handler",
+ "Role": {
+ "Fn::GetAtt": [
+ "DGDeploymentDeploymentProviderIsCompleteLambdaServiceRole1AC61641",
+ "Arn"
+ ]
+ },
"Runtime": "nodejs18.x",
"Timeout": 60
},
@@ -1867,13 +1867,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
- "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip"
- },
- "Role": {
- "Fn::GetAtt": [
- "DGDeploymentDeploymentProviderframeworkonEventServiceRoleC4DB5791",
- "Arn"
- ]
+ "S3Key": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip"
},
"Description": "AWS CDK resource provider framework - onEvent (cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider)",
"Environment": {
@@ -1896,7 +1890,13 @@
}
},
"Handler": "framework.onEvent",
- "Runtime": "nodejs14.x",
+ "Role": {
+ "Fn::GetAtt": [
+ "DGDeploymentDeploymentProviderframeworkonEventServiceRoleC4DB5791",
+ "Arn"
+ ]
+ },
+ "Runtime": "nodejs18.x",
"Timeout": 900
},
"DependsOn": [
@@ -2092,13 +2092,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
- "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip"
- },
- "Role": {
- "Fn::GetAtt": [
- "DGDeploymentDeploymentProviderframeworkisCompleteServiceRole06E09942",
- "Arn"
- ]
+ "S3Key": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip"
},
"Description": "AWS CDK resource provider framework - isComplete (cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider)",
"Environment": {
@@ -2118,7 +2112,13 @@
}
},
"Handler": "framework.isComplete",
- "Runtime": "nodejs14.x",
+ "Role": {
+ "Fn::GetAtt": [
+ "DGDeploymentDeploymentProviderframeworkisCompleteServiceRole06E09942",
+ "Arn"
+ ]
+ },
+ "Runtime": "nodejs18.x",
"Timeout": 900
},
"DependsOn": [
@@ -2314,13 +2314,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
- "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip"
- },
- "Role": {
- "Fn::GetAtt": [
- "DGDeploymentDeploymentProviderframeworkonTimeoutServiceRole2B298F04",
- "Arn"
- ]
+ "S3Key": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip"
},
"Description": "AWS CDK resource provider framework - onTimeout (cdk-ecs-codedeploy-ecs-deployment/DG/Deployment/DeploymentProvider)",
"Environment": {
@@ -2340,7 +2334,13 @@
}
},
"Handler": "framework.onTimeout",
- "Runtime": "nodejs14.x",
+ "Role": {
+ "Fn::GetAtt": [
+ "DGDeploymentDeploymentProviderframeworkonTimeoutServiceRole2B298F04",
+ "Arn"
+ ]
+ },
+ "Runtime": "nodejs18.x",
"Timeout": 900
},
"DependsOn": [
diff --git a/yarn.lock b/yarn.lock
index 2c012cd..f1d7e93 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -15,25 +15,25 @@
"@jridgewell/gen-mapping" "^0.3.0"
"@jridgewell/trace-mapping" "^0.3.9"
-"@aws-cdk/asset-awscli-v1@^2.2.177":
+"@aws-cdk/asset-awscli-v1@^2.2.200":
version "2.2.200"
resolved "https://registry.yarnpkg.com/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.200.tgz#6ead533f73f705ad7350eb46955e2538e50cd013"
integrity sha512-Kf5J8DfJK4wZFWT2Myca0lhwke7LwHcHBo+4TvWOGJrFVVKVuuiLCkzPPRBQQVDj0Vtn2NBokZAz8pfMpAqAKg==
-"@aws-cdk/asset-kubectl-v20@^2.1.1":
+"@aws-cdk/asset-kubectl-v20@^2.1.2":
version "2.1.2"
resolved "https://registry.yarnpkg.com/@aws-cdk/asset-kubectl-v20/-/asset-kubectl-v20-2.1.2.tgz#d8e20b5f5dc20128ea2000dc479ca3c7ddc27248"
integrity sha512-3M2tELJOxQv0apCIiuKQ4pAbncz9GuLwnKFqxifWfe77wuMxyTRPmxssYHs42ePqzap1LT6GDcPygGs+hHstLg==
-"@aws-cdk/asset-node-proxy-agent-v5@^2.0.148":
- version "2.0.166"
- resolved "https://registry.yarnpkg.com/@aws-cdk/asset-node-proxy-agent-v5/-/asset-node-proxy-agent-v5-2.0.166.tgz#467507db141cd829ff8aa9d6ea5519310a4276b8"
- integrity sha512-j0xnccpUQHXJKPgCwQcGGNu4lRiC1PptYfdxBIH1L4dRK91iBxtSQHESRQX+yB47oGLaF/WfNN/aF3WXwlhikg==
+"@aws-cdk/asset-node-proxy-agent-v6@^2.0.1":
+ version "2.0.1"
+ resolved "https://registry.yarnpkg.com/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz#6dc9b7cdb22ff622a7176141197962360c33e9ac"
+ integrity sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg==
-"@aws-cdk/aws-synthetics-alpha@2.84.0-alpha.0":
- version "2.84.0-alpha.0"
- resolved "https://registry.yarnpkg.com/@aws-cdk/aws-synthetics-alpha/-/aws-synthetics-alpha-2.84.0-alpha.0.tgz#165e309ae1747c1b66865ddf8d38cbd090b6ce9d"
- integrity sha512-3YR/5Lgs2Ps5QW9rVwGJz26HO6lU6m9B0VTGNBu7i52vRM/J9FMvRDn4/kI1PsUNyN1++uEA3XHcl/V6HJ7XQg==
+"@aws-cdk/aws-synthetics-alpha@2.92.0-alpha.0":
+ version "2.92.0-alpha.0"
+ resolved "https://registry.yarnpkg.com/@aws-cdk/aws-synthetics-alpha/-/aws-synthetics-alpha-2.92.0-alpha.0.tgz#8b7d6ad1f9ac7342b06e7e44459ae6ecb6e1589a"
+ integrity sha512-nNbUrxf2khl6nCnHdH1poeLdST6mUQ9nhJjpVPEYSqXu5uIHZnNPSGR8VzbkLlx8YIETzMz1Jo2Wfu5faYuBgw==
"@aws-cdk/integ-runner@latest":
version "2.91.0-alpha.0"
@@ -2397,14 +2397,14 @@ available-typed-arrays@^1.0.5:
resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz#92f95616501069d07d10edb2fc37d3e1c65123b7"
integrity sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==
-aws-cdk-lib@2.84.0:
- version "2.84.0"
- resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.84.0.tgz#cb08033f5cfba5aed3c0b0cb11a46fc1cbe1586c"
- integrity sha512-4zLtCLCIs5Ia4WRGqiXRwxSkpGaNy3NxMexO9qYHSuIYpqf4sHObzZ0tDHZCFL5Wkui3sCu3OLQWrRHrr93HvA==
+aws-cdk-lib@2.92.0:
+ version "2.92.0"
+ resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.92.0.tgz#6f036e8fb73dc7196aac71e4b22658d8226b8ce5"
+ integrity sha512-J+SUFSnOt9u2GbY5QIABgjGNiw8bL/v0S3zsPhhO1dVwK+G7oE+bhLcAi3iILrw2sIpirNWH9K3W0by9K+cyMw==
dependencies:
- "@aws-cdk/asset-awscli-v1" "^2.2.177"
- "@aws-cdk/asset-kubectl-v20" "^2.1.1"
- "@aws-cdk/asset-node-proxy-agent-v5" "^2.0.148"
+ "@aws-cdk/asset-awscli-v1" "^2.2.200"
+ "@aws-cdk/asset-kubectl-v20" "^2.1.2"
+ "@aws-cdk/asset-node-proxy-agent-v6" "^2.0.1"
"@balena/dockerignore" "^1.0.2"
case "1.6.3"
fs-extra "^11.1.1"
@@ -2412,7 +2412,7 @@ aws-cdk-lib@2.84.0:
jsonschema "^1.4.1"
minimatch "^3.1.2"
punycode "^2.3.0"
- semver "^7.5.1"
+ semver "^7.5.4"
table "^6.8.1"
yaml "1.10.2"
@cplee i have added an example merge request to upgrade to CDK 2.93.0
cplee
commented
1 year ago @fiserv-plat-eng - the peer dependency has a version of ^2.84.0 allowing consumers to use newer versions of CDK. What errors do you get when trying to upgrade aws-cdk-lib while using this construct?
fiserv-plat-eng
commented
1 year ago Currently you can't upgrade past 2.84.0 of aws-cdk-lib
npm i aws-cdk-lib
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: fruit-api@0.0.0
npm WARN Found: aws-cdk-lib@2.92.0
npm WARN node_modules/aws-cdk-lib
npm WARN peer aws-cdk-lib@"2.92.0" from @aws-cdk/aws-synthetics-alpha@2.92.0-alpha.0
npm WARN node_modules/@aws-cdk/aws-synthetics-alpha
npm WARN @aws-cdk/aws-synthetics-alpha@"^2.92.0-alpha.0" from the root project
npm WARN 5 more (@cdklabs/cdk-ecs-codedeploy, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer aws-cdk-lib@"2.92.0" from @aws-cdk/aws-synthetics-alpha@2.92.0-alpha.0
npm WARN node_modules/@aws-cdk/aws-synthetics-alpha
npm WARN @aws-cdk/aws-synthetics-alpha@"^2.92.0-alpha.0" from the root project
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: @cdklabs/cdk-ecs-codedeploy@0.0.207
npm ERR! Found: @aws-cdk/aws-synthetics-alpha@2.92.0-alpha.0
npm ERR! node_modules/@aws-cdk/aws-synthetics-alpha
npm ERR! @aws-cdk/aws-synthetics-alpha@"^2.92.0-alpha.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer @aws-cdk/aws-synthetics-alpha@"^2.84.0-alpha.0" from @cdklabs/cdk-ecs-codedeploy@0.0.207
npm ERR! node_modules/@cdklabs/cdk-ecs-codedeploy
npm ERR! @cdklabs/cdk-ecs-codedeploy@"^0.0.207" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: @aws-cdk/aws-synthetics-alpha@2.84.0-alpha.0
npm ERR! node_modules/@aws-cdk/aws-synthetics-alpha
npm ERR! peer @aws-cdk/aws-synthetics-alpha@"^2.84.0-alpha.0" from @cdklabs/cdk-ecs-codedeploy@0.0.207
npm ERR! node_modules/@cdklabs/cdk-ecs-codedeploy
npm ERR! @cdklabs/cdk-ecs-codedeploy@"^0.0.207" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR!@cplee note this happens via npm i, for some reason yarn install v1 is more forgiving.
fiserv-plat-eng
commented
1 year ago @cplee - how would this be resolved using npm ci ?
wesleymooiman
commented
1 year ago When will this get merged and released?
fiserv-plat-eng
commented
1 year ago @cplee - i have updated the issue to give more context and steps to reproduce.
cplee
commented
1 year ago This will be fixed in https://github.com/cdklabs/cdk-ecs-codedeploy/pull/279/files
Currently
cdk-ecs-codedeployonly supports CDK version2.84.0project, so when you upgrade to the latest cdk version2.92.0there are resolution issues.Steps to reproduce