diff --git a/CHANGELOG.md b/CHANGELOG.md index a0b2b1166..98c9532f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## 1.75.0 (2020-12-03) + +### Changed +- Upgraded all patterns to CDK v1.75.0 +- Updated `lambda-helper` in `core` to grant Vpc permissions for the lambda role, if required by the lambda function + ## 1.74.0 (2020-11-17) ### Changed diff --git a/source/lerna.json b/source/lerna.json index e21771575..cea7caf3a 100644 --- a/source/lerna.json +++ b/source/lerna.json @@ -6,5 +6,5 @@ "./patterns/@aws-solutions-constructs/*" ], "rejectCycles": "true", - "version": "1.74.0" + "version": "1.75.0" } diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap index f8b852aa4..a8aa2294d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap @@ -731,7 +731,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -1326,7 +1326,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -1901,7 +1901,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.deployFunction.expected.json index 3b8dbc861..796d49f40 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.deployFunction.expected.json @@ -84,7 +84,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.existingFunction.expected.json index b9ce91bf6..08904f635 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.existingFunction.expected.json @@ -84,7 +84,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap index c5ddb726b..4521265a2 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap @@ -327,7 +327,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -497,7 +497,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json index 76cfd54f9..1bb710fed 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json @@ -84,7 +84,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } @@ -686,7 +686,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.override-behavior.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.override-behavior.expected.json index d3b2071c2..9c8a0fdaf 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.override-behavior.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.override-behavior.expected.json @@ -132,7 +132,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } @@ -647,7 +647,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap index 7bf49913d..527ea5682 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap @@ -184,7 +184,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -897,7 +897,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json index 16c2f9cd6..562bd6b7d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json @@ -84,7 +84,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } @@ -686,7 +686,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap index ba9acca08..1b66772e7 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap @@ -450,7 +450,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json index b7fcffe91..870a20800 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json @@ -328,7 +328,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json index 6f7368844..9f01309ec 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json @@ -291,7 +291,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap index 8e83bb9bf..132654a91 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap @@ -261,7 +261,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/integ.no-arguments.expected.json index abaa972cb..e241a2007 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/integ.no-arguments.expected.json @@ -83,7 +83,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap index 8256e9a2b..19cac8e80 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap @@ -215,7 +215,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json index 36f12a48a..3ed201324 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json @@ -116,7 +116,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap index 637c6254a..a1a003975 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap @@ -209,7 +209,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/integ.no-arguments.expected.json index c38f348c7..46b0e67dd 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/integ.no-arguments.expected.json @@ -116,7 +116,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap index 7f32e4d2d..d170d4a5d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap @@ -188,7 +188,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/integ.events-rule-no-argument.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/integ.events-rule-no-argument.expected.json index 8b042fc8d..433057748 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/integ.events-rule-no-argument.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/integ.events-rule-no-argument.expected.json @@ -83,7 +83,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-with-lambda.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-with-lambda.expected.json index 92b8f77e2..861b439d1 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-with-lambda.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-with-lambda.expected.json @@ -83,7 +83,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap index 448b9fc1e..249ad757e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap @@ -195,7 +195,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/integ.iot-lambda-dynamodb.expected.json b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/integ.iot-lambda-dynamodb.expected.json index 404d755aa..100ff7885 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/integ.iot-lambda-dynamodb.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/integ.iot-lambda-dynamodb.expected.json @@ -109,7 +109,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap index d59f41cc3..72e7a2872 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap @@ -192,7 +192,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-new-func.expected.json b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-new-func.expected.json index a8dcacad3..8b314bad7 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-new-func.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-new-func.expected.json @@ -83,7 +83,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-use-existing-func.expected.json b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-use-existing-func.expected.json index 4dc7bb841..7d7bafdf6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-use-existing-func.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-use-existing-func.expected.json @@ -83,7 +83,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existingStreamObj.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existingStreamObj.expected.json index 5b546098b..230b7f03e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existingStreamObj.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existingStreamObj.expected.json @@ -135,7 +135,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap index 3c6233992..06174726c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap @@ -217,7 +217,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/integ.no-arguments.expected.json index 5d98ab87d..6342fcea4 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/integ.no-arguments.expected.json @@ -135,7 +135,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap index aeb0475e9..7f69c1124 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap @@ -180,7 +180,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.add-secondary-index.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.add-secondary-index.expected.json index 5dacee6d2..27bfd8ecb 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.add-secondary-index.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.add-secondary-index.expected.json @@ -120,7 +120,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.no-arguments.expected.json index e1b18c7df..0f8faec03 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.no-arguments.expected.json @@ -109,7 +109,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.set-billing-mode.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.set-billing-mode.expected.json index b0c3891f8..979119b61 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.set-billing-mode.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.set-billing-mode.expected.json @@ -109,7 +109,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.use-existing-func.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.use-existing-func.expected.json index 08d4b8649..b6466a5e7 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.use-existing-func.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.use-existing-func.expected.json @@ -109,7 +109,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap index d8415ec8e..98760b34b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap @@ -525,7 +525,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json index f8b92128b..16ca25b16 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json @@ -83,7 +83,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json index e8a26341d..0e200c50a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json @@ -83,7 +83,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap index 5f8a710f5..54f18a071 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap @@ -154,7 +154,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -540,7 +540,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -896,7 +896,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -1255,7 +1255,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -1623,7 +1623,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -1994,7 +1994,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -2362,7 +2362,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -2733,7 +2733,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json index b58746df2..917875438 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json @@ -117,7 +117,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json index bf1899b8e..3e475472c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json @@ -117,7 +117,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.pre-existing-bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.pre-existing-bucket.expected.json index 83c08aa43..bc7bce574 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.pre-existing-bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.pre-existing-bucket.expected.json @@ -121,7 +121,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap index b39abc220..165ec983c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap @@ -167,7 +167,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -367,7 +367,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.deployFunction.expected.json index 6624f5195..72dbd8885 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.deployFunction.expected.json @@ -91,7 +91,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.existingFunction.expected.json index d89917383..37b4336ea 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.existingFunction.expected.json @@ -91,7 +91,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap index 728ea269c..d3e3d25c2 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap @@ -166,7 +166,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -417,7 +417,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -645,7 +645,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -980,7 +980,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -1206,7 +1206,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -1402,7 +1402,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -1774,7 +1774,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -2110,7 +2110,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -2415,7 +2415,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -2592,7 +2592,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -2821,7 +2821,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -3157,7 +3157,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -3386,7 +3386,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -3722,7 +3722,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.defaultDeployment.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.defaultDeployment.expected.json index bd04fb95e..4dc829a02 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.defaultDeployment.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.defaultDeployment.expected.json @@ -98,7 +98,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } @@ -438,7 +438,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingConsumerFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingConsumerFunction.expected.json index a64fe79f8..46b07878e 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingConsumerFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingConsumerFunction.expected.json @@ -100,7 +100,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } @@ -290,7 +290,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingProducerFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingProducerFunction.expected.json index cbb9e6587..dbef07d79 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingProducerFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingProducerFunction.expected.json @@ -98,7 +98,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } @@ -438,7 +438,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingQueue.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingQueue.expected.json index 9b2bdcea3..9d4af47c9 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingQueue.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingQueue.expected.json @@ -173,7 +173,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } @@ -354,7 +354,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap index e454da20f..e763248f5 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap @@ -154,7 +154,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -527,7 +527,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -823,7 +823,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -1037,7 +1037,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -1396,7 +1396,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json index 9b689f038..3bc8be236 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json @@ -98,7 +98,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json index 66e0e1f75..b92e50225 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json @@ -98,7 +98,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap index 02555ad85..8ff44063f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap @@ -155,7 +155,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -604,7 +604,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.deploy-lambda.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.deploy-lambda.expected.json index c68c70829..0071c5eac 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.deploy-lambda.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.deploy-lambda.expected.json @@ -219,7 +219,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.existing-function.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.existing-function.expected.json index 3de519ae3..db5311cb1 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.existing-function.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.existing-function.expected.json @@ -90,7 +90,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap index 9fc3ca960..6fd14c3a9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap @@ -309,7 +309,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -856,7 +856,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.existing-s3-bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.existing-s3-bucket.expected.json index a56e7cf14..1a2be1a8a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.existing-s3-bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.existing-s3-bucket.expected.json @@ -289,7 +289,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json index 95f62f533..e39590548 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json @@ -83,7 +83,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap index 721850d1a..bb1bfbaa0 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap @@ -167,7 +167,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/integ.no-arguments.expected.json index 644f16942..c933fc683 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/integ.no-arguments.expected.json @@ -84,7 +84,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap index 33699e529..986c5d133 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap @@ -324,7 +324,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, @@ -757,7 +757,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFifoQueue.expected.json b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFifoQueue.expected.json index e9fea99e9..b198fc171 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFifoQueue.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFifoQueue.expected.json @@ -100,7 +100,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFunction.expected.json index 0aa7d5fa6..6791cc7c8 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFunction.expected.json @@ -100,7 +100,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.existingFunction.expected.json index 7926c5a82..efb153a6c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.existingFunction.expected.json @@ -100,7 +100,7 @@ "rules_to_suppress": [ { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." } ] } diff --git a/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts index 2f31525ee..924ccd932 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts @@ -69,6 +69,21 @@ export function deployLambdaFunction(scope: cdk.Construct, } }); + // If this Lambda function is going to access resoures in a + // VPC, then it needs privileges to access an ENI in that VPC + if (lambdaFunctionProps.vpc) { + lambdaServiceRole.addToPolicy(new iam.PolicyStatement({ + actions: [ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" + ], + resources: ["*"] + })); + } + // Override the DefaultFunctionProps with user provided lambdaFunctionProps const _lambdaFunctionProps = overrideProps(DefaultLambdaFunctionProps(lambdaServiceRole), lambdaFunctionProps); @@ -99,7 +114,7 @@ export function deployLambdaFunction(scope: cdk.Construct, cfn_nag: { rules_to_suppress: [{ id: 'W12', - reason: `Lambda needs the following minimum required permissions to send trace data to X-Ray.` + reason: `Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.` }] } }; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap index 5861ba24b..96ef68d42 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap @@ -1428,7 +1428,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap index 4fabe0860..7d1f06049 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap @@ -738,7 +738,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap index ff9169159..18015ed06 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap @@ -450,7 +450,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap index 222e3f11d..7cf4d12d4 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap @@ -169,7 +169,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-func.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-func.test.js.snap index 757d1639c..730d7b757 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-func.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-func.test.js.snap @@ -151,7 +151,7 @@ Object { "rules_to_suppress": Array [ Object { "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, diff --git a/source/patterns/@aws-solutions-constructs/core/test/lambda-func.test.ts b/source/patterns/@aws-solutions-constructs/core/test/lambda-func.test.ts index d0b35c45d..6ac5b925a 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/lambda-func.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/lambda-func.test.ts @@ -11,225 +11,213 @@ * and limitations under the License. */ -import { SynthUtils, ResourcePart } from '@aws-cdk/assert'; -import { Stack } from '@aws-cdk/core'; -import * as lambda from '@aws-cdk/aws-lambda'; -import * as defaults from '../index'; -import '@aws-cdk/assert/jest'; -import { Duration } from '@aws-cdk/core'; - -test('snapshot test LambdaFunction default params', () => { - const stack = new Stack(); +import { SynthUtils, ResourcePart } from "@aws-cdk/assert"; +import { Stack } from "@aws-cdk/core"; +import * as ec2 from "@aws-cdk/aws-ec2"; +import * as lambda from "@aws-cdk/aws-lambda"; +import * as defaults from "../index"; +import "@aws-cdk/assert/jest"; +import { Duration } from "@aws-cdk/core"; + +test("snapshot test LambdaFunction default params", () => { + const stack = new Stack(); - const lambdaFunctionProps: lambda.FunctionProps = { - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }; + const lambdaFunctionProps: lambda.FunctionProps = { + runtime: lambda.Runtime.NODEJS_12_X, + handler: "index.handler", + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + }; - defaults.deployLambdaFunction(stack, lambdaFunctionProps); + defaults.deployLambdaFunction(stack, lambdaFunctionProps); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); + expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); -test('test FunctionProps override code and runtime', () => { - const stack = new Stack(); +test("test FunctionProps override code and runtime", () => { + const stack = new Stack(); - const inProps: lambda.FunctionProps = { - code: lambda.Code.fromAsset(`${__dirname}/lambda-test`), - runtime: lambda.Runtime.PYTHON_3_6, - handler: 'index.handler' - }; + const inProps: lambda.FunctionProps = { + code: lambda.Code.fromAsset(`${__dirname}/lambda-test`), + runtime: lambda.Runtime.PYTHON_3_6, + handler: "index.handler", + }; - defaults.deployLambdaFunction(stack, inProps); + defaults.deployLambdaFunction(stack, inProps); - expect(stack).toHaveResource('AWS::Lambda::Function', { - Handler: "index.handler", - Role: { - "Fn::GetAtt": [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn" - ] - }, - Runtime: "python3.6" - }); + expect(stack).toHaveResource("AWS::Lambda::Function", { + Handler: "index.handler", + Role: { + "Fn::GetAtt": ["LambdaFunctionServiceRole0C4CDE0B", "Arn"], + }, + Runtime: "python3.6", + }); }); -test('test FunctionProps override timeout', () => { - const stack = new Stack(); +test("test FunctionProps override timeout", () => { + const stack = new Stack(); - const inProps: lambda.FunctionProps = { - code: lambda.Code.fromAsset(`${__dirname}/lambda`), - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler', - timeout: Duration.seconds(5), - }; + const inProps: lambda.FunctionProps = { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_12_X, + handler: "index.handler", + timeout: Duration.seconds(5), + }; - defaults.deployLambdaFunction(stack, inProps); + defaults.deployLambdaFunction(stack, inProps); - expect(stack).toHaveResource('AWS::Lambda::Function', { - Handler: "index.handler", - Role: { - "Fn::GetAtt": [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn" - ] - }, - Runtime: "nodejs12.x", - Timeout: 5 - }); + expect(stack).toHaveResource("AWS::Lambda::Function", { + Handler: "index.handler", + Role: { + "Fn::GetAtt": ["LambdaFunctionServiceRole0C4CDE0B", "Arn"], + }, + Runtime: "nodejs12.x", + Timeout: 5, + }); }); -test('test FunctionProps for envrionment variable when runtime = NODEJS', () => { +test("test FunctionProps for environment variable when runtime = NODEJS", () => { const stack = new Stack(); const inProps: lambda.FunctionProps = { - code: lambda.Code.fromAsset(`${__dirname}/lambda`), - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler' + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_10_X, + handler: "index.handler", }; defaults.deployLambdaFunction(stack, inProps); - expect(stack).toHaveResource('AWS::Lambda::Function', { + expect(stack).toHaveResource("AWS::Lambda::Function", { Handler: "index.handler", Role: { - "Fn::GetAtt": [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn" - ] + "Fn::GetAtt": ["LambdaFunctionServiceRole0C4CDE0B", "Arn"], }, Runtime: "nodejs10.x", Environment: { Variables: { - AWS_NODEJS_CONNECTION_REUSE_ENABLED: '1' - } - } + AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1", + }, + }, }); - }); -test('test FunctionProps for no envrionment variable when runtime = PYTHON', () => { +test("test FunctionProps for no envrionment variable when runtime = PYTHON", () => { const stack = new Stack(); const inProps: lambda.FunctionProps = { code: lambda.Code.fromAsset(`${__dirname}/lambda-test`), runtime: lambda.Runtime.PYTHON_3_6, - handler: 'index.handler' + handler: "index.handler", }; defaults.deployLambdaFunction(stack, inProps); - expect(stack).toHaveResource('AWS::Lambda::Function', { - Type: "AWS::Lambda::Function", - Properties: { - Code: { - S3Bucket: { - Ref: "AssetParametersb472c1cea6f4795d84eb1b97e37bfa1f79f1c744caebeb372f30dbf716299895S3Bucket0A3514D6" + expect(stack).toHaveResource( + "AWS::Lambda::Function", + { + Type: "AWS::Lambda::Function", + Properties: { + Code: { + S3Bucket: { + Ref: + "AssetParametersb472c1cea6f4795d84eb1b97e37bfa1f79f1c744caebeb372f30dbf716299895S3Bucket0A3514D6", + }, + S3Key: { + "Fn::Join": [ + "", + [ + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + Ref: + "AssetParametersb472c1cea6f4795d84eb1b97e37bfa1f79f1c744caebeb372f30dbf716299895S3VersionKey0DB6BEDE", + }, + ], + }, + ], + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + Ref: + "AssetParametersb472c1cea6f4795d84eb1b97e37bfa1f79f1c744caebeb372f30dbf716299895S3VersionKey0DB6BEDE", + }, + ], + }, + ], + }, + ], + ], + }, + }, + Handler: "index.handler", + Role: { + "Fn::GetAtt": ["LambdaFunctionServiceRole0C4CDE0B", "Arn"], + }, + Runtime: "python3.6", + TracingConfig: { + Mode: "Active", }, - S3Key: { - "Fn::Join": [ - "", - [ - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - Ref: "AssetParametersb472c1cea6f4795d84eb1b97e37bfa1f79f1c744caebeb372f30dbf716299895S3VersionKey0DB6BEDE" - } - ] - } - ] - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - Ref: "AssetParametersb472c1cea6f4795d84eb1b97e37bfa1f79f1c744caebeb372f30dbf716299895S3VersionKey0DB6BEDE" - } - ] - } - ] - } - ] - ] - } - }, - Handler: "index.handler", - Role: { - "Fn::GetAtt": [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn" - ] }, - Runtime: "python3.6", - TracingConfig: { - Mode: "Active" - } + DependsOn: [ + "LambdaFunctionServiceRoleDefaultPolicy126C8897", + "LambdaFunctionServiceRole0C4CDE0B", + ], }, - DependsOn: [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B" - ] - }, ResourcePart.CompleteDefinition); - + ResourcePart.CompleteDefinition + ); }); -test('test buildLambdaFunction with deploy = true', () => { +test("test buildLambdaFunction with deploy = true", () => { const stack = new Stack(); const inProps: lambda.FunctionProps = { code: lambda.Code.fromAsset(`${__dirname}/lambda-test`), runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler' + handler: "index.handler", }; defaults.buildLambdaFunction(stack, { - lambdaFunctionProps: inProps + lambdaFunctionProps: inProps, }); - expect(stack).toHaveResource('AWS::Lambda::Function', { + expect(stack).toHaveResource("AWS::Lambda::Function", { Handler: "index.handler", Role: { - "Fn::GetAtt": [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn" - ] + "Fn::GetAtt": ["LambdaFunctionServiceRole0C4CDE0B", "Arn"], }, - Runtime: "nodejs12.x" + Runtime: "nodejs12.x", }); }); -test('test buildLambdaFunction with FunctionProps', () => { +test("test buildLambdaFunction with FunctionProps", () => { const stack = new Stack(); const inProps: lambda.FunctionProps = { code: lambda.Code.fromAsset(`${__dirname}/lambda-test`), runtime: lambda.Runtime.PYTHON_3_6, - handler: 'index.handler' + handler: "index.handler", }; defaults.deployLambdaFunction(stack, inProps); - expect(stack).toHaveResource('AWS::Lambda::Function', { + expect(stack).toHaveResource("AWS::Lambda::Function", { Handler: "index.handler", Role: { - "Fn::GetAtt": [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn" - ] + "Fn::GetAtt": ["LambdaFunctionServiceRole0C4CDE0B", "Arn"], }, - Runtime: "python3.6" + Runtime: "python3.6", }); }); -test('test exception', () => { +test("test exception", () => { const stack = new Stack(); try { @@ -239,26 +227,62 @@ test('test exception', () => { } }); -test('test buildLambdaFunction with Tracing Disabled', () => { +test("test buildLambdaFunction with Tracing Disabled", () => { const stack = new Stack(); const inProps: lambda.FunctionProps = { code: lambda.Code.fromAsset(`${__dirname}/lambda-test`), runtime: lambda.Runtime.PYTHON_3_6, - handler: 'index.handler', - tracing: lambda.Tracing.DISABLED + handler: "index.handler", + tracing: lambda.Tracing.DISABLED, }; defaults.deployLambdaFunction(stack, inProps); - expect(stack).toHaveResource('AWS::Lambda::Function', { + expect(stack).toHaveResource("AWS::Lambda::Function", { Handler: "index.handler", Role: { - "Fn::GetAtt": [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn" - ] + "Fn::GetAtt": ["LambdaFunctionServiceRole0C4CDE0B", "Arn"], + }, + Runtime: "python3.6", + }); +}); + +test("test buildLambdaFunction when Lambda properties includes a VPC", () => { + const stack = new Stack(); + + const fakeVpc = new ec2.Vpc(stack, "vpc", {}); + + const lambdaFunctionProps: lambda.FunctionProps = { + runtime: lambda.Runtime.NODEJS_12_X, + handler: "index.handler", + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + vpc: fakeVpc, + }; + + defaults.deployLambdaFunction(stack, lambdaFunctionProps); + + expect(stack).toHaveResource("AWS::IAM::Policy", { + PolicyDocument: { + Statement: [ + { + Action: [ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", + ], + Effect: "Allow", + Resource: "*", + }, + { + Action: ["xray:PutTraceSegments", "xray:PutTelemetryRecords"], + Effect: "Allow", + Resource: "*", + }, + ], + Version: "2012-10-17", }, - Runtime: "python3.6" }); }); diff --git a/source/tools/cdk-integ-tools/bin/cdk-integ-assert.ts b/source/tools/cdk-integ-tools/bin/cdk-integ-assert.ts index 0ca658490..2fd262a93 100644 --- a/source/tools/cdk-integ-tools/bin/cdk-integ-assert.ts +++ b/source/tools/cdk-integ-tools/bin/cdk-integ-assert.ts @@ -1,9 +1,12 @@ #!/usr/bin/env node // Verify that all integration tests still match their expected output +import { canonicalizeTemplate } from '@aws-cdk/assert'; import { diffTemplate, formatDifferences } from '@aws-cdk/cloudformation-diff'; import { DEFAULT_SYNTH_OPTIONS, IntegrationTests } from '../lib/integ-helpers'; -// tslint:disable:no-console +/* eslint-disable no-console */ + +const IGNORE_ASSETS_PRAGMA = 'pragma:ignore-assets'; async function main() { const tests = await new IntegrationTests('test').fromCliArgs(); // always assert all tests @@ -13,20 +16,16 @@ async function main() { process.stdout.write(`Verifying ${test.name} against ${test.expectedFileName} ... `); if (!test.hasExpected()) { - throw new Error(`No such file: ${test.expectedFileName}. Run 'npm run integ'.`); + throw new Error(`No such file: ${test.expectedFileName}. Run 'yarn integ'.`); } - const stackToDeploy = await test.determineTestStack(); - const expected = await test.readExpected(); + let expected = await test.readExpected(); + let actual = await test.cdkSynthFast(DEFAULT_SYNTH_OPTIONS); - const args = new Array(); - args.push('--no-path-metadata'); - args.push('--no-asset-metadata'); - args.push('--no-staging'); - const actual = await test.invoke(['--json', ...args, 'synth', ...stackToDeploy], { - json: true, - ...DEFAULT_SYNTH_OPTIONS - }); + if ((await test.pragmas()).includes(IGNORE_ASSETS_PRAGMA)) { + expected = canonicalizeTemplate(expected); + actual = canonicalizeTemplate(actual); + } const diff = diffTemplate(expected, actual); @@ -40,8 +39,8 @@ async function main() { } if (failures.length > 0) { - // tslint:disable-next-line:max-line-length - throw new Error(`Some stacks have changed. To verify that they still deploy successfully, run: 'npm run integ ${failures.join(' ')}'`); + // eslint-disable-next-line max-len + throw new Error(`Some stacks have changed. To verify that they still deploy successfully, run: 'yarn integ ${failures.join(' ')}'`); } } diff --git a/source/tools/cdk-integ-tools/bin/cdk-integ.ts b/source/tools/cdk-integ-tools/bin/cdk-integ.ts index 1112c1518..3eb50136d 100644 --- a/source/tools/cdk-integ-tools/bin/cdk-integ.ts +++ b/source/tools/cdk-integ-tools/bin/cdk-integ.ts @@ -3,17 +3,18 @@ import * as yargs from 'yargs'; import { DEFAULT_SYNTH_OPTIONS, IntegrationTests } from '../lib/integ-helpers'; -// tslint:disable:no-console +/* eslint-disable no-console */ async function main() { const argv = yargs .usage('Usage: cdk-integ [TEST...]') - .option('list', { type: 'boolean', default: false, desc: 'List tests instead of running them' }) - .option('clean', { type: 'boolean', default: true, desc: 'Skips stack clean up after test is completed (use --no-clean to negate)' }) - .option('verbose', { type: 'boolean', default: false, alias: 'v', desc: 'Verbose logs' }) - .argv; + .option('list', { type: 'boolean', default: false, desc: 'List tests instead of running them' }) + .option('clean', { type: 'boolean', default: true, desc: 'Skips stack clean up after test is completed (use --no-clean to negate)' }) + .option('verbose', { type: 'boolean', default: false, alias: 'v', desc: 'Verbose logs' }) + .option('dry-run', { type: 'boolean', default: false, desc: 'do not actually deploy the stack. just update the snapshot (not recommended!)' }) + .argv; - const tests = await new IntegrationTests('test').fromCliArgs(argv._); + const tests = await new IntegrationTests('test').fromCliArgs(argv._); if (argv.list) { process.stdout.write(tests.map(t => t.name).join(' ') + '\n'); @@ -21,47 +22,48 @@ async function main() { } for (const test of tests) { - console.error(`Trying to deploy ${test.name}`); + console.error(`Synthesizing ${test.name}.`); const stackToDeploy = await test.determineTestStack(); console.error(`Selected stack: ${stackToDeploy}`); const args = new Array(); - // don't inject cloudformation metadata into template - args.push('--no-path-metadata'); - args.push('--no-asset-metadata'); - args.push('--no-staging'); - // inject "--verbose" to the command line of "cdk" if we are in verbose mode if (argv.verbose) { args.push('--verbose'); } + const dryRun = argv['dry-run'] ?? false; + try { - // tslint:disable-next-line:max-line-length - await test.invoke([ ...args, 'deploy', '--require-approval', 'never', ...stackToDeploy ], { - verbose: argv.verbose - // Note: no "context" and "env", so use default user settings! - }); - console.error(`Success! Writing out reference synth.`); + if (dryRun) { + console.error('Skipping deployment (--dry-run), updating snapshot.'); + } else { + console.error(`Deploying ${test.name}...`); + await test.invokeCli([...args, 'deploy', '--require-approval', 'never', ...stackToDeploy], { + verbose: argv.verbose, + // Note: no "context" and "env", so use default user settings! + }); + console.error('Deployment succeeded, updating snapshot.'); + } // If this all worked, write the new expectation file - const actual = await test.invoke([ ...args, '--json', 'synth', ...stackToDeploy ], { - json: true, - verbose: argv.verbose, - ...DEFAULT_SYNTH_OPTIONS - }); + const actual = await test.cdkSynthFast(DEFAULT_SYNTH_OPTIONS); await test.writeExpected(actual); } finally { - if (argv.clean) { - console.error(`Cleaning up.`); - await test.invoke(['destroy', '--force', ...stackToDeploy ]); - } else { - console.error('Skipping clean up (--no-clean).'); + + if (!dryRun) { + if (argv.clean) { + console.error('Cleaning up.'); + await test.invokeCli(['destroy', '--force', ...stackToDeploy]); + } else { + console.error('Skipping clean up (--no-clean).'); + } } + } } } diff --git a/source/tools/cdk-integ-tools/lib/integ-helpers.ts b/source/tools/cdk-integ-tools/lib/integ-helpers.ts index 3b0871cc3..ad769a491 100644 --- a/source/tools/cdk-integ-tools/lib/integ-helpers.ts +++ b/source/tools/cdk-integ-tools/lib/integ-helpers.ts @@ -1,10 +1,13 @@ // Helper functions for integration tests import { spawnSync } from 'child_process'; -import * as fs from 'fs-extra'; import * as path from 'path'; +import * as fs from 'fs-extra'; import { AVAILABILITY_ZONE_FALLBACK_CONTEXT_KEY } from '@aws-cdk/cx-api'; +const CDK_OUTDIR = 'cdk-integ.out'; + const CDK_INTEG_STACK_PRAGMA = '/// !cdk-integ'; +const PRAGMA_PREFIX = 'pragma:'; export class IntegrationTests { constructor(private readonly directory: string) { @@ -64,6 +67,11 @@ export class IntegrationTests { } } +export interface SynthOptions { + readonly context?: Record; + readonly env?: Record; +} + export class IntegrationTest { public readonly expectedFileName: string; private readonly expectedFilePath: string; @@ -78,25 +86,112 @@ export class IntegrationTest { this.cdkContextPath = path.join(this.directory, 'cdk.context.json'); } - public async invoke(args: string[], options: { json?: boolean, context?: any, verbose?: boolean, env?: any } = { }): Promise { + /** + * Do a CDK synth, mimicking the CLI (without actually using it) + * + * The CLI has a pretty slow startup time because of all the modules it needs to load, + * and we are running this in a tight loop. Bypass it to be quicker! + * + * Return the "main" template or a concatenation of all listed templates in the pragma + */ + public async cdkSynthFast(options: SynthOptions = {}): Promise { + const context = { + ...options.context, + }; + + try { + await exec(['node', `${this.name}`], { + cwd: this.directory, + env: { + ...options.env, + CDK_CONTEXT_JSON: JSON.stringify(context), + CDK_DEFAULT_ACCOUNT: '12345678', + CDK_DEFAULT_REGION: 'test-region', + CDK_OUTDIR, + CDK_CLI_ASM_VERSION: '5.0.0', + }, + }); + + // Interpret the cloud assembly directly here. Not great, but I'm wary + // adding dependencies on the libraries that model it. + // + // FIXME: Refactor later if it doesn't introduce dependency cycles + const cloudManifest = await fs.readJSON(path.resolve(this.directory, CDK_OUTDIR, 'manifest.json')); + const stacks: Record = {}; + for (const [artifactId, artifact] of Object.entries(cloudManifest.artifacts ?? {}) as Array<[string, any]>) { + if (artifact.type !== 'aws:cloudformation:stack') { continue; } + + const template = await fs.readJSON(path.resolve(this.directory, CDK_OUTDIR, artifact.properties.templateFile)); + stacks[artifactId] = template; + } + + const stacksToDiff = await this.readStackPragma(); + + if (stacksToDiff.length > 0) { + // This is a monster. I'm sorry. :( + const templates = stacksToDiff.length === 1 && stacksToDiff[0] === '*' + ? Object.values(stacks) + : stacksToDiff.map(templateForStackName); + + // We're supposed to just return *a* template (which is an object), but there's a crazy + // case in which we diff multiple templates at once and then they're an array. And it works somehow. + return templates.length === 1 ? templates[0] : templates; + } else { + const names = Object.keys(stacks); + if (names.length !== 1) { + throw new Error('"cdk-integ" can only operate on apps with a single stack.\n\n' + + ' If your app has multiple stacks, specify which stack to select by adding this to your test source:\n\n' + + ` ${CDK_INTEG_STACK_PRAGMA} STACK ...\n\n` + + ` Available stacks: ${names.join(' ')} (wildcards are also supported)\n`); + } + return stacks[names[0]]; + } + + function templateForStackName(name: string) { + if (!stacks[name]) { + throw new Error(`No such stack in output: ${name}`); + } + return stacks[name]; + } + } finally { + this.cleanupTemporaryFiles(); + } + } + + /** + * Invoke the CDK CLI with some options + */ + public async invokeCli(args: string[], options: { json?: boolean, context?: any, verbose?: boolean, env?: any } = { }): Promise { // Write context to cdk.json, afterwards delete. We need to do this because there is no way // to pass structured context data from the command-line, currently. if (options.context) { await this.writeCdkContext(options.context); } else { - this.deleteCdkContext(); + this.cleanupTemporaryFiles(); } + const cliSwitches = [ + // This would otherwise trip on every version update + '--no-version-reporting', + // don't inject cloudformation metadata into template + '--no-path-metadata', + '--no-asset-metadata', + // save a copy step by not staging assets + '--no-staging', + // Different output directory + '-o', CDK_OUTDIR, + ]; + try { const cdk = require.resolve('aws-cdk/bin/cdk'); - return exec([cdk, '-a', `node ${this.name}`, '--no-version-reporting'].concat(args), { + return exec([cdk, '-a', `node ${this.name}`, ...cliSwitches, ...args], { cwd: this.directory, json: options.json, verbose: options.verbose, - env: options.env + env: options.env, }); } finally { - this.deleteCdkContext(); + this.cleanupTemporaryFiles(); } } @@ -121,10 +216,10 @@ export class IntegrationTest { return pragma; } - const stacks = (await this.invoke([ 'ls' ], { ...DEFAULT_SYNTH_OPTIONS })).split('\n'); + const stacks = (await this.invokeCli(['ls'], { ...DEFAULT_SYNTH_OPTIONS })).split('\n'); if (stacks.length !== 1) { - throw new Error(`"cdk-integ" can only operate on apps with a single stack.\n\n` + - ` If your app has multiple stacks, specify which stack to select by adding this to your test source:\n\n` + + throw new Error('"cdk-integ" can only operate on apps with a single stack.\n\n' + + ' If your app has multiple stacks, specify which stack to select by adding this to your test source:\n\n' + ` ${CDK_INTEG_STACK_PRAGMA} STACK ...\n\n` + ` Available stacks: ${stacks.join(' ')} (wildcards are also supported)\n`); } @@ -140,27 +235,58 @@ export class IntegrationTest { await fs.writeFile(this.expectedFilePath, JSON.stringify(actual, undefined, 2), { encoding: 'utf-8' }); } + /** + * Return the non-stack pragmas + * + * These are all pragmas that start with "pragma:". + * + * For backwards compatibility reasons, all pragmas that DON'T start with this + * string are considered to be stack names. + */ + public async pragmas(): Promise { + return (await this.readIntegPragma()).filter(p => p.startsWith(PRAGMA_PREFIX)); + } + private async writeCdkContext(config: any) { await fs.writeFile(this.cdkContextPath, JSON.stringify(config, undefined, 2), { encoding: 'utf-8' }); } - private deleteCdkContext() { + private cleanupTemporaryFiles() { if (fs.existsSync(this.cdkContextPath)) { fs.unlinkSync(this.cdkContextPath); } - const cdkOutPath = path.join(this.directory, 'cdk.out'); + const cdkOutPath = path.join(this.directory, CDK_OUTDIR); if (fs.existsSync(cdkOutPath)) { fs.removeSync(cdkOutPath); } } /** + * Reads stack names from the "!cdk-integ" pragma. + * + * Every word that's NOT prefixed by "pragma:" is considered a stack name. + * + * @example + * + * /// !cdk-integ + */ + private async readStackPragma(): Promise { + return (await this.readIntegPragma()).filter(p => !p.startsWith(PRAGMA_PREFIX)); + } + + /** + * Read arbitrary cdk-integ pragma directives + * * Reads the test source file and looks for the "!cdk-integ" pragma. If it exists, returns it's * contents. This allows integ tests to supply custom command line arguments to "cdk deploy" and "cdk synth". + * + * @example + * + * /// !cdk-integ [...] */ - private async readStackPragma(): Promise { - const source = await fs.readFile(this.sourceFilePath, 'utf-8'); + private async readIntegPragma(): Promise { + const source = await fs.readFile(this.sourceFilePath, { encoding: 'utf-8' }); const pragmaLine = source.split('\n').find(x => x.startsWith(CDK_INTEG_STACK_PRAGMA + ' ')); if (!pragmaLine) { return []; @@ -168,7 +294,7 @@ export class IntegrationTest { const args = pragmaLine.substring(CDK_INTEG_STACK_PRAGMA.length).trim().split(' '); if (args.length === 0) { - throw new Error(`Invalid syntax for cdk-integ pragma. Usage: "${CDK_INTEG_STACK_PRAGMA} STACK ..."`); + throw new Error(`Invalid syntax for cdk-integ pragma. Usage: "${CDK_INTEG_STACK_PRAGMA} [STACK] [pragma:PRAGMA] [...]"`); } return args; } @@ -178,44 +304,45 @@ export class IntegrationTest { // account of the exercising user. export const DEFAULT_SYNTH_OPTIONS = { context: { - [AVAILABILITY_ZONE_FALLBACK_CONTEXT_KEY]: [ "test-region-1a", "test-region-1b", "test-region-1c" ], - "availability-zones:account=12345678:region=test-region": [ "test-region-1a", "test-region-1b", "test-region-1c" ], - "ssm:account=12345678:parameterName=/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2:region=test-region": "ami-1234", - "ssm:account=12345678:parameterName=/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2:region=test-region": "ami-1234", - "ssm:account=12345678:parameterName=/aws/service/ecs/optimized-ami/amazon-linux/recommended:region=test-region": "{\"image_id\": \"ami-1234\"}", - // tslint:disable-next-line:max-line-length - "ami:account=12345678:filters.image-type.0=machine:filters.name.0=amzn-ami-vpc-nat-*:filters.state.0=available:owners.0=amazon:region=test-region": "ami-1234", - "vpc-provider:account=12345678:filter.isDefault=true:region=test-region:returnAsymmetricSubnets=true": { - vpcId: "vpc-60900905", + [AVAILABILITY_ZONE_FALLBACK_CONTEXT_KEY]: ['test-region-1a', 'test-region-1b', 'test-region-1c'], + 'availability-zones:account=12345678:region=test-region': ['test-region-1a', 'test-region-1b', 'test-region-1c'], + 'ssm:account=12345678:parameterName=/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2:region=test-region': 'ami-1234', + 'ssm:account=12345678:parameterName=/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2:region=test-region': 'ami-1234', + 'ssm:account=12345678:parameterName=/aws/service/ecs/optimized-ami/amazon-linux/recommended:region=test-region': '{"image_id": "ami-1234"}', + // eslint-disable-next-line max-len + 'ami:account=12345678:filters.image-type.0=machine:filters.name.0=amzn-ami-vpc-nat-*:filters.state.0=available:owners.0=amazon:region=test-region': 'ami-1234', + 'vpc-provider:account=12345678:filter.isDefault=true:region=test-region:returnAsymmetricSubnets=true': { + vpcId: 'vpc-60900905', subnetGroups: [ { - type: "Public", - name: "Public", + type: 'Public', + name: 'Public', subnets: [ { - subnetId: "subnet-e19455ca", - availabilityZone: "us-east-1a", - routeTableId: "rtb-e19455ca", + subnetId: 'subnet-e19455ca', + availabilityZone: 'us-east-1a', + routeTableId: 'rtb-e19455ca', }, { - subnetId: "subnet-e0c24797", - availabilityZone: "us-east-1b", - routeTableId: "rtb-e0c24797", + subnetId: 'subnet-e0c24797', + availabilityZone: 'us-east-1b', + routeTableId: 'rtb-e0c24797', }, { - subnetId: "subnet-ccd77395", - availabilityZone: "us-east-1c", - routeTableId: "rtb-ccd77395", + subnetId: 'subnet-ccd77395', + availabilityZone: 'us-east-1c', + routeTableId: 'rtb-ccd77395', }, ], }, ], }, + '@aws-cdk/aws-ecr-assets:dockerIgnoreSupport': true, }, env: { - CDK_INTEG_ACCOUNT: "12345678", - CDK_INTEG_REGION: "test-region", - } + CDK_INTEG_ACCOUNT: '12345678', + CDK_INTEG_REGION: 'test-region', + }, }; /** @@ -223,13 +350,13 @@ export const DEFAULT_SYNTH_OPTIONS = { */ function exec(commandLine: string[], options: { cwd?: string, json?: boolean, verbose?: boolean, env?: any } = { }): any { const proc = spawnSync(commandLine[0], commandLine.slice(1), { - stdio: [ 'ignore', 'pipe', options.verbose ? 'inherit' : 'pipe' ], // inherit STDERR in verbose mode + stdio: ['ignore', 'pipe', options.verbose ? 'inherit' : 'pipe'], // inherit STDERR in verbose mode env: { ...process.env, CDK_INTEG_MODE: '1', ...options.env, }, - cwd: options.cwd + cwd: options.cwd, }); if (proc.error) { throw proc.error; } @@ -250,8 +377,8 @@ function exec(commandLine: string[], options: { cwd?: string, json?: boolean, ve } return output; } catch (e) { - // tslint:disable-next-line:no-console - console.error("Not JSON: " + output); + // eslint-disable-next-line no-console + console.error('Not JSON: ' + output); throw new Error('Command output is not JSON'); } } diff --git a/source/tools/cdk-integ-tools/package.json b/source/tools/cdk-integ-tools/package.json index 69f3c49dd..93a2c6cae 100644 --- a/source/tools/cdk-integ-tools/package.json +++ b/source/tools/cdk-integ-tools/package.json @@ -28,14 +28,15 @@ "@types/fs-extra": "^8.0.1", "@types/yargs": "^15.0.3", "tslint": "^5.20.1", - "typescript": "~3.7.4" + "typescript": "~3.9.7" }, "dependencies": { "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", + "@aws-cdk/assert": "0.0.0", "aws-cdk": "0.0.0", - "fs-extra": "^8.1.0", - "yargs": "^15.1.0" + "fs-extra": "^9.0.1", + "yargs": "^16.1.1" }, "keywords": [ "aws",