This change moves the cdk version from 54.1.0 to 58.0.0
For compatibility this requires some changes - specifically focused on handling of AWSBackups opt in.
As of cdk v58.0.0 this will be handled by opting in on the individual construct definitions rather than at the stack level
(see cdk release notes).
Specific changes made in this PR:
Removing the "withBackup: true" setting from the SecurityHQ app definition
Replacing the aws-defined Table construct for DynamoDB with the new GuDynamoTable construct. This will n
Updating tests to account for these changes
Breaking or Major changes moving from 54.1.0 to earlier versions that may apply or be of interest:
cdk v55.0.0: cognito-auth-lambdas instead will use the PROD version instead of the INFRA version.
This is not a breaking change, but if we have not updated for a long while, when these are switched from INFRA to PROD they may be a lot of updates to the relevant lambdas.
v56.0.0: Load balancers now add headers with information about the TLS version and cipher suite used during negotiation. In addition they will now drop invalid headers before forwarding requests to target. Invalid headers are described as HTTP header names that do not conform to the regular expression [-A-Za-z0-9]+
This might cause problems if custom headers are used in security-hq.
What is the value of this?
SecurityHQ is using a very old version of cdk and if the gap grows updating will be increasingly more difficult and more risky.
Will this require CloudFormation and/or updates to the AWS StackSet?
Will need to check what this is asking for.
The Cloudformation template will be changed as a result of this cdk update and the changes in this PR:
V57.1.0 will add modify the DynamoDB definition to enable deletionProtection.
V56.0.0 will add a tag: "routing.http.drop_invalid_header_fields.enabled: true" to the loadbalancer;
V56.0.0 also contains a patch that will add and App tag to the relevant resources;
All deployment options
- [Deploy build 2822 of `security-hq` to CODE](https://riffraff.gutools.co.uk/deployment/deployAgain?project=security-hq&build=2822&stage=CODE&updateStrategy=MostlyHarmless&action=deploy)
- [Deploy parts of build 2822 to CODE by previewing it first](https://riffraff.gutools.co.uk/preview/yaml?project=security-hq&build=2822&stage=CODE&updateStrategy=MostlyHarmless)
- [What's on CODE right now?](https://riffraff.gutools.co.uk/deployment/history?projectName=security-hq&stage=CODE)
github-actions[bot]
commented
4 months ago
What does this change?
This change moves the cdk version from 54.1.0 to 58.0.0
For compatibility this requires some changes - specifically focused on handling of AWSBackups opt in. As of cdk v58.0.0 this will be handled by opting in on the individual construct definitions rather than at the stack level (see cdk release notes).
Specific changes made in this PR:
Breaking or Major changes moving from 54.1.0 to earlier versions that may apply or be of interest:
cdk v55.0.0: cognito-auth-lambdas instead will use the PROD version instead of the INFRA version.
v56.0.0: Load balancers now add headers with information about the TLS version and cipher suite used during negotiation. In addition they will now drop invalid headers before forwarding requests to target. Invalid headers are described as HTTP header names that do not conform to the regular expression [-A-Za-z0-9]+
What is the value of this?
SecurityHQ is using a very old version of cdk and if the gap grows updating will be increasingly more difficult and more risky.
Will this require CloudFormation and/or updates to the AWS StackSet?
Will need to check what this is asking for.
The Cloudformation template will be changed as a result of this cdk update and the changes in this PR:
Will this require changes to config?
Any additional notes?