diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/README.md b/packages/@aws-cdk/aws-imagebuilder-alpha/README.md index 6f219c0e8d5b3..d8858d46c2fc4 100644 --- a/packages/@aws-cdk/aws-imagebuilder-alpha/README.md +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/README.md @@ -92,3 +92,110 @@ const infrastructureConfiguration = new imagebuilder.InfrastructureConfiguration } }); ``` + +### Distribution Configuration + +Distribution configuration defines how and where your built images are distributed after successful creation. For AMIs, +this includes target AWS Regions, KMS encryption keys, account sharing permissions, License Manager associations, and +launch template configurations. For container images, it specifies the target Amazon ECR repositories across regions. +A distribution configuration can be associated with an image or an image pipeline to define these distribution settings +for image builds. + +```ts +const distributionConfiguration = new imagebuilder.DistributionConfiguration(this, 'DistributionConfiguration', { + distributionConfigurationName: 'test-distribution-configuration', + description: 'A Distribution Configuration', + amiDistributions: [ + { + // Distribute AMI to us-east-2 and publish the AMI ID to an SSM parameter + region: 'us-east-2', + ssmParameters: [ + { + parameter: ssm.StringParameter.fromStringParameterAttributes(this, 'CrossRegionParameter', { + parameterName: '/imagebuilder/ami', + forceDynamicReference: true + }) + } + ] + } + ] +}); + +// For AMI-based image builds - add an AMI distribution in the current region +distributionConfiguration.addAmiDistributions({ + amiName: 'imagebuilder-{{ imagebuilder:buildDate }}', + amiDescription: 'Build AMI', + amiKmsKey: kms.Key.fromLookup(this, 'ComponentKey', { aliasName: 'alias/distribution-encryption-key' }), + // Copy the AMI to different accounts + amiTargetAccountIds: ['123456789012', '098765432109'], + // Add launch permissions on the AMI + amiLaunchPermission: { + organizationArns: [ + this.formatArn({ region: '', service: 'organizations', resource: 'organization', resourceName: 'o-1234567abc' }) + ], + organizationalUnitArns: [ + this.formatArn({ + region: '', + service: 'organizations', + resource: 'ou', + resourceName: 'o-1234567abc/ou-a123-b4567890' + }) + ], + isPublicUserGroup: true, + accountIds: ['234567890123'] + }, + // Attach tags to the AMI + amiTags: { + Environment: 'production', + Version: '{{ imagebuilder:buildVersion }}' + }, + // Optional - publish the distributed AMI ID to an SSM parameter + ssmParameters: [ + { + parameter: ssm.StringParameter.fromStringParameterAttributes(this, 'Parameter', { + parameterName: '/imagebuilder/ami', + forceDynamicReference: true + }) + }, + { + amiAccount: '098765432109', + dataType: ssm.ParameterDataType.TEXT, + parameter: ssm.StringParameter.fromStringParameterAttributes(this, 'CrossAccountParameter', { + parameterName: 'imagebuilder-prod-ami', + forceDynamicReference: true + }) + } + ], + // Optional - create a new launch template version with the distributed AMI ID + launchTemplates: [ + { + launchTemplate: ec2.LaunchTemplate.fromLaunchTemplateAttributes(this, 'LaunchTemplate', { + launchTemplateName: 'imagebuilder-ami' + }), + setDefaultVersion: true + }, + { + accountId: '123456789012', + launchTemplate: ec2.LaunchTemplate.fromLaunchTemplateAttributes(this, 'CrossAccountLaunchTemplate', { + launchTemplateName: 'imagebuilder-cross-account-ami' + }), + setDefaultVersion: true + } + ], + // Optional - enable Fast Launch on an imported launch template + fastLaunchConfigurations: [ + { + enabled: true, + launchTemplate: ec2.LaunchTemplate.fromLaunchTemplateAttributes(this, 'FastLaunchLT', { + launchTemplateName: 'fast-launch-lt' + }), + maxParallelLaunches: 10, + targetSnapshotCount: 2 + } + ], + // Optional - license configurations to apply to the AMI + licenseConfigurationArns: [ + 'arn:aws:license-manager:us-west-2:123456789012:license-configuration:lic-abcdefghijklmnopqrstuvwxyz' + ] +}); +``` diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/lib/distribution-configuration.ts b/packages/@aws-cdk/aws-imagebuilder-alpha/lib/distribution-configuration.ts new file mode 100644 index 0000000000000..b3d4d0a15bcb8 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/lib/distribution-configuration.ts @@ -0,0 +1,765 @@ +import * as cdk from 'aws-cdk-lib'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as ecr from 'aws-cdk-lib/aws-ecr'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import { CfnDistributionConfiguration } from 'aws-cdk-lib/aws-imagebuilder'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import * as ssm from 'aws-cdk-lib/aws-ssm'; +import { propertyInjectable } from 'aws-cdk-lib/core/lib/prop-injectable'; +import { Construct } from 'constructs'; + +const DISTRIBUTION_CONFIGURATION_SYMBOL = Symbol.for('@aws-cdk/aws-imagebuilder-alpha.DistributionConfiguration'); + +// Fast Launch requires at least 6 parallel launches. +const MIN_PARALLEL_LAUNCHES = 6; + +/** + * An EC2 Image Builder Distribution Configuration. + */ +export interface IDistributionConfiguration extends cdk.IResource { + /** + * The ARN of the distribution configuration + * + * @attribute + */ + readonly distributionConfigurationArn: string; + + /** + * The name of the distribution configuration + * + * @attribute + */ + readonly distributionConfigurationName: string; + + /** + * Grant custom actions to the given grantee for the distribution configuration + * + * @param grantee The principal + * @param actions The list of actions + */ + grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant; + + /** + * Grant read permissions to the given grantee for the distribution configuration + * + * @param grantee The principal + */ + grantRead(grantee: iam.IGrantable): iam.Grant; +} + +/** + * The launch permissions for the AMI, defining which principals are allowed to access the AMI + */ +export interface AmiLaunchPermission { + /** + * The ARNs for the AWS Organizations organizational units to share the AMI with + * + * @default None + */ + readonly organizationalUnitArns?: string[]; + + /** + * The ARNs for the AWS Organization that you want to share the AMI with + * + * @default None + */ + readonly organizationArns?: string[]; + + /** + * Whether to make the AMI public. Block public access for AMIs must be disabled to make the AMI public. + * + * WARNING: Making an AMI public exposes it to any AWS account globally. + * Ensure the AMI does not contain: + * - Sensitive data or credentials + * - Proprietary software or configurations + * - Internal network information or security settings + * + * For more information on blocking public access for AMIs, see: [Understand block public access for AMIs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-to-amis.html) + * + * + * @default false + */ + readonly isPublicUserGroup?: boolean; + + /** + * The AWS account IDs to share the AMI with + * + * @default None + */ + readonly accountIds?: string[]; +} + +/** + * The SSM parameters to create or update for the distributed AMIs + */ +export interface SSMParameterConfigurations { + /** + * The AWS account ID that will own the SSM parameter in the given region. This must be one of the target accounts + * that was included in the list of AMI distribution target accounts + * + * @default The current account is used + */ + readonly amiAccount?: string; + + /** + * The data type of the SSM parameter + * + * @default ssm.ParameterDataType.AWS_EC2_IMAGE + */ + readonly dataType?: ssm.ParameterDataType; + + /** + * The SSM parameter to create or update + */ + readonly parameter: ssm.IStringParameter; +} + +/** + * The launch template to apply the distributed AMI to + */ +export interface LaunchTemplateConfiguration { + /** + * The launch template to apply the distributed AMI to. A new launch template version will be created for the + * provided launch template with the distributed AMI applied. + * + * *Note:* The launch template should expose a `launchTemplateId`. Templates + * imported by name only are not supported. + * + */ + readonly launchTemplate: ec2.ILaunchTemplate; + + /** + * The AWS account ID that owns the launch template + * + * @default The current account is used + */ + readonly accountId?: string; + + /** + * Whether to set the new launch template version that is created as the default launch template version. After + * creation of the launch template version containing the distributed AMI, it will be automatically set as the + * default version for the launch template. + * + * @default false + */ + readonly setDefaultVersion?: boolean; +} + +/** + * The EC2 Fast Launch configuration to use for the Windows AMI + */ +export interface FastLaunchConfiguration { + /** + * Whether to enable fast launch for the AMI + * + * @default false + */ + readonly enabled?: boolean; + + /** + * The launch template that the fast-launch enabled Windows AMI uses when it launches Windows instances to create + * pre-provisioned snapshots + * + * @default None + */ + readonly launchTemplate?: ec2.ILaunchTemplate; + + /** + * The maximum number of parallel instances that are launched for creating resources + * + * @default A maximum of 6 instances are launched in parallel + * @see https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_EnableFastLaunch.html + */ + readonly maxParallelLaunches?: number; + + /** + * The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI + * + * @default 10 snapshots are kept pre-provisioned + * @see https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_EnableFastLaunch.html + */ + readonly targetSnapshotCount?: number; +} + +/** + * The regional distribution settings to use for an AMI build + */ +export interface AmiDistribution { + /** + * The target region to distribute AMIs to + * + * @default The current region is used + */ + readonly region?: string; + + /** + * The tags to apply to the distributed AMIs + * + * @default None + */ + readonly amiTags?: { [key: string]: string }; + + /** + * The description of the AMI + * + * @default None + */ + readonly amiDescription?: string; + + /** + * The KMS key to encrypt the distributed AMI with + * + * @default None + */ + readonly amiKmsKey?: kms.IKey; + + /** + * The launch permissions for the AMI, defining which principals are allowed to access the AMI + * + * @default None + */ + readonly amiLaunchPermission?: AmiLaunchPermission; + + /** + * The name to use for the distributed AMIs + * + * @default A name is generated from the image recipe name + */ + readonly amiName?: string; + + /** + * The account IDs to copy the output AMI to + * + * @default None + */ + readonly amiTargetAccountIds?: string[]; + + /** + * The SSM parameters to create or update for the distributed AMIs + * + * @default None + */ + readonly ssmParameters?: SSMParameterConfigurations[]; + + /** + * The launch templates to apply the distributed AMI to + * + * @default None + */ + readonly launchTemplates?: LaunchTemplateConfiguration[]; + + /** + * The fast launch configurations to use for enabling EC2 Fast Launch on the distributed Windows AMI + * + * @default None + * @see https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_EnableFastLaunch.html + */ + readonly fastLaunchConfigurations?: FastLaunchConfiguration[]; + + /** + * The License Manager license configuration ARNs to apply to the distributed AMIs + * + * @default None + */ + readonly licenseConfigurationArns?: string[]; +} + +/** + * The regional distribution settings to use for a container build + */ +export interface ContainerDistribution { + /** + * The target region to distribute containers to + * + * @default The current region is used + */ + readonly region?: string; + + /** + * The destination repository to distribute the output container to + * + * @default The target repository in the container recipe is used + */ + readonly containerRepository: Repository; + + /** + * The description of the container image + * + * @default None + */ + readonly containerDescription?: string; + + /** + * The additional tags to apply to the distributed container images + * + * @default None + */ + readonly containerTags?: string[]; +} + +/** + * Properties for creating a Distribution Configuration resource + */ +export interface DistributionConfigurationProps { + /** + * The list of target regions and associated AMI distribution settings where the built AMI will be distributed. AMI + * distributions may also be added with the `addAmiDistributions` method. + * + * @default None if container distributions are provided. Otherwise, at least one AMI or container distribution must + * be provided + */ + readonly amiDistributions?: AmiDistribution[]; + + /** + * The list of target regions and associated container distribution settings where the built container will be + * distributed. Container distributions may also be added with the `addContainerDistributions` method. + * + * @default None if AMI distributions are provided. Otherwise, at least one AMI or container distribution must be + * provided + */ + readonly containerDistributions?: ContainerDistribution[]; + + /** + * The name of the distribution configuration. + * + * @default A name is generated + */ + readonly distributionConfigurationName?: string; + + /** + * The description of the distribution configuration. + * + * @default None + */ + readonly description?: string; + + /** + * The tags to apply to the distribution configuration + * + * @default None + */ + readonly tags?: { [key: string]: string }; +} + +/** + * A new or imported Distribution Configuration + */ +abstract class DistributionConfigurationBase extends cdk.Resource implements IDistributionConfiguration { + /** + * The ARN of the distribution configuration + */ + abstract readonly distributionConfigurationArn: string; + + /** + * The name of the distribution configuration + */ + abstract readonly distributionConfigurationName: string; + + /** + * Grant custom actions to the given grantee for the distribution configuration + * + * @param grantee The principal + * @param actions The list of actions + */ + public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant { + return iam.Grant.addToPrincipal({ + grantee, + actions, + resourceArns: [this.distributionConfigurationArn], + scope: this, + }); + } + + /** + * Grant read permissions to the given grantee for the distribution configuration + * + * @param grantee The principal + */ + public grantRead(grantee: iam.IGrantable): iam.Grant { + return this.grant(grantee, 'imagebuilder:GetDistributionConfiguration'); + } +} + +/** + * The service in which a container should be registered + */ +export enum RepositoryService { + /** + * Indicates the container should be registered in ECR + */ + ECR = 'ECR', +} + +/** + * A container repository used to distribute container images in EC2 Image Builder + */ +export abstract class Repository { + /** + * The ECR repository to use as the target container repository + * + * @param repository The ECR repository to use + */ + public static fromEcr(repository: ecr.IRepository): Repository { + class Import extends Repository { + public readonly repositoryName: string = repository.repositoryName; + public readonly service: RepositoryService = RepositoryService.ECR; + } + + return new Import(); + } + + /** + * The name of the container repository where the output container image is stored + */ + abstract readonly repositoryName: string; + + /** + * The service in which the container repository is hosted + */ + abstract readonly service: RepositoryService; +} + +/** + * Represents an EC2 Image Builder Distribution Configuration. + * + * @see https://docs.aws.amazon.com/imagebuilder/latest/userguide/manage-distribution-settings.html + */ +@propertyInjectable +export class DistributionConfiguration extends DistributionConfigurationBase { + /** Uniquely identifies this class. */ + public static readonly PROPERTY_INJECTION_ID: string = '@aws-cdk.aws-imagebuilder-alpha.DistributionConfiguration'; + + /** + * Import an existing distribution configuration given its ARN. + */ + public static fromDistributionConfigurationArn( + scope: Construct, + id: string, + distributionConfigurationArn: string, + ): IDistributionConfiguration { + const distributionConfigurationName = cdk.Stack.of(scope).splitArn( + distributionConfigurationArn, + cdk.ArnFormat.SLASH_RESOURCE_NAME, + ).resourceName!; + + class Import extends DistributionConfigurationBase { + public readonly distributionConfigurationArn = distributionConfigurationArn; + public readonly distributionConfigurationName = distributionConfigurationName; + } + + return new Import(scope, id); + } + + /** + * Import an existing distribution configuration given its name. The provided name must be normalized by converting + * all alphabetical characters to lowercase, and replacing all spaces and underscores with hyphens. + */ + public static fromDistributionConfigurationName( + scope: Construct, + id: string, + distributionConfigurationName: string, + ): IDistributionConfiguration { + return this.fromDistributionConfigurationArn( + scope, + id, + cdk.Stack.of(scope).formatArn({ + service: 'imagebuilder', + resource: 'distribution-configuration', + resourceName: distributionConfigurationName, + }), + ); + } + + /** + * Return whether the given object is a DistributionConfiguration. + */ + public static isDistributionConfiguration(x: any): x is DistributionConfiguration { + return x !== null && typeof x === 'object' && DISTRIBUTION_CONFIGURATION_SYMBOL in x; + } + + /** + * The ARN of the distribution configuration + */ + public readonly distributionConfigurationArn: string; + + /** + * The name of the distribution configuration + */ + public readonly distributionConfigurationName: string; + + private readonly amiDistributionsByRegion: { [region: string]: AmiDistribution } = {}; + private readonly containerDistributionsByRegion: { + [region: string]: ContainerDistribution; + } = {}; + + public constructor(scope: Construct, id: string, props: DistributionConfigurationProps = {}) { + super(scope, id, { + physicalName: + props.distributionConfigurationName ?? + cdk.Lazy.string({ + produce: () => + cdk.Names.uniqueResourceName(this, { + maxLength: 128, + separator: '-', + allowedSpecialCharacters: '-', + }).toLowerCase(), // Enforce lowercase for the auto-generated fallback + }), + }); + + Object.defineProperty(this, DISTRIBUTION_CONFIGURATION_SYMBOL, { value: true }); + + this.validateDistributionConfigurationName(); + + this.addAmiDistributions(...(props.amiDistributions ?? [])); + this.addContainerDistributions(...(props.containerDistributions ?? [])); + + const distributionConfiguration = new CfnDistributionConfiguration(this, 'Resource', { + name: this.physicalName, + description: props.description, + distributions: cdk.Lazy.any({ produce: () => this.renderDistributions() }), + tags: props.tags, + }); + + this.distributionConfigurationName = this.getResourceNameAttribute(distributionConfiguration.attrName); + this.distributionConfigurationArn = this.getResourceArnAttribute(distributionConfiguration.attrArn, { + service: 'imagebuilder', + resource: 'distribution-configuration', + resourceName: this.physicalName, + }); + } + + /** + * Adds AMI distribution settings to the distribution configuration + * + * @param amiDistributions The list of AMI distribution settings to apply + */ + public addAmiDistributions(...amiDistributions: AmiDistribution[]): void { + amiDistributions.forEach((amiDistribution) => { + const region = amiDistribution.region ?? cdk.Stack.of(this).region; + if (this.amiDistributionsByRegion[region]) { + throw new cdk.ValidationError( + `duplicate AMI distribution found for region "${region}"; only one AMI distribution per region is allowed`, + this, + ); + } + + this.amiDistributionsByRegion[region] = amiDistribution; + }); + } + + /** + * Adds container distribution settings to the distribution configuration + * + * @param containerDistributions The list of container distribution settings to apply + */ + public addContainerDistributions(...containerDistributions: ContainerDistribution[]): void { + containerDistributions.forEach((containerDistribution) => { + const region = containerDistribution.region ?? cdk.Stack.of(this).region; + if (this.containerDistributionsByRegion[region]) { + throw new cdk.ValidationError( + `duplicate Container distribution found for region "${region}"; only one Container distribution per region is allowed`, + this, + ); + } + + this.containerDistributionsByRegion[region] = containerDistribution; + }); + } + + private validateDistributionConfigurationName() { + if (cdk.Token.isUnresolved(this.physicalName)) { + return; // Cannot validate unresolved tokens, given their actual value is rendered at deployment time + } + + if (this.physicalName.length > 128) { + throw new cdk.ValidationError('The distributionConfigurationName cannot be longer than 128 characters', this); + } + + if (this.physicalName.includes(' ')) { + throw new cdk.ValidationError('The distributionConfigurationName cannot contain spaces', this); + } + + if (this.physicalName.includes('_')) { + throw new cdk.ValidationError('The distributionConfigurationName cannot contain underscores', this); + } + + if (this.physicalName !== this.physicalName.toLowerCase()) { + throw new cdk.ValidationError('The distributionConfigurationName must be lowercase', this); + } + } + + private renderDistributions(): CfnDistributionConfiguration.DistributionProperty[] { + if ( + !Object.keys(this.amiDistributionsByRegion).length && + !Object.keys(this.containerDistributionsByRegion).length + ) { + throw new cdk.ValidationError('You must specify at least one AMI or container distribution', this); + } + + const distributionByRegion: { [region: string]: CfnDistributionConfiguration.DistributionProperty } = + Object.fromEntries( + Object.entries(this.amiDistributionsByRegion).map( + ([region, distribution]): [string, CfnDistributionConfiguration.DistributionProperty] => [ + region, + { + region, + amiDistributionConfiguration: this.buildAmiDistribution(distribution), + fastLaunchConfigurations: this.buildFastLaunchConfigurations(distribution), + launchTemplateConfigurations: this.buildLaunchTemplateConfigurations(distribution), + ssmParameterConfigurations: this.buildSsmParameterConfigurations(distribution), + licenseConfigurationArns: this.buildLicenseConfigurationArns(distribution), + }, + ], + ), + ); + Object.values(this.containerDistributionsByRegion).forEach((containerDistribution) => { + const region = containerDistribution.region ?? cdk.Stack.of(this).region; + distributionByRegion[region] = { + ...(distributionByRegion[region] ?? {}), + region, + containerDistributionConfiguration: this.buildContainerDistribution(containerDistribution), + }; + }); + + return Object.values(distributionByRegion); + } + + private buildAmiDistribution(amiDistribution: AmiDistribution): object | undefined { + const launchPermissions = this.buildAmiLaunchPermissions(amiDistribution); + const amiDistributionConfiguration = { + ...(Object.keys(amiDistribution.amiTags ?? {}).length && { AmiTags: amiDistribution.amiTags }), + ...(amiDistribution.amiDescription !== undefined && { Description: amiDistribution.amiDescription }), + ...(amiDistribution.amiKmsKey !== undefined && { KmsKeyId: amiDistribution.amiKmsKey.keyArn }), + ...(launchPermissions && { LaunchPermissionConfiguration: launchPermissions }), + ...(amiDistribution.amiName !== undefined && { Name: amiDistribution.amiName }), + ...(amiDistribution.amiTargetAccountIds !== undefined && { + TargetAccountIds: amiDistribution.amiTargetAccountIds, + }), + }; + + return Object.keys(amiDistributionConfiguration).length ? amiDistributionConfiguration : undefined; + } + + private buildContainerDistribution(containerDistribution: ContainerDistribution): object | undefined { + return { + ContainerTags: containerDistribution.containerTags, + Description: containerDistribution.containerDescription, + TargetRepository: { + RepositoryName: containerDistribution.containerRepository.repositoryName, + Service: containerDistribution.containerRepository.service, + }, + }; + } + + private buildAmiLaunchPermissions(amiDistribution: AmiDistribution): object | undefined { + if (amiDistribution.amiLaunchPermission?.isPublicUserGroup) { + cdk.Annotations.of(this).addWarning( + 'AMI is configured for public access, making it available to any AWS account globally. ' + + 'Ensure no sensitive data, credentials, or proprietary configurations are included. ' + + "Review your organization's security policies before deploying public AMIs.", + ); + } + + const launchPermissions = { + ...(amiDistribution.amiLaunchPermission?.organizationalUnitArns !== undefined && { + OrganizationalUnitArns: amiDistribution.amiLaunchPermission?.organizationalUnitArns, + }), + ...(amiDistribution.amiLaunchPermission?.organizationArns !== undefined && { + OrganizationArns: amiDistribution.amiLaunchPermission?.organizationArns, + }), + ...(amiDistribution.amiLaunchPermission?.isPublicUserGroup && { + UserGroups: ['all'], + }), + ...(amiDistribution.amiLaunchPermission?.accountIds !== undefined && { + UserIds: amiDistribution.amiLaunchPermission?.accountIds, + }), + }; + + return Object.keys(launchPermissions).length ? launchPermissions : undefined; + } + + private buildFastLaunchConfigurations( + amiDistribution: AmiDistribution, + ): CfnDistributionConfiguration.FastLaunchConfigurationProperty[] | undefined { + const fastLaunchConfigurations = amiDistribution.fastLaunchConfigurations?.map( + (fastLaunchConfiguration): CfnDistributionConfiguration.FastLaunchConfigurationProperty => { + if ( + fastLaunchConfiguration.maxParallelLaunches !== undefined && + !cdk.Token.isUnresolved(fastLaunchConfiguration.maxParallelLaunches) && + fastLaunchConfiguration.maxParallelLaunches < MIN_PARALLEL_LAUNCHES + ) { + throw new cdk.ValidationError( + `you must specify a maximum parallel launch count of at least ${MIN_PARALLEL_LAUNCHES}`, + this, + ); + } + + const launchTemplate = fastLaunchConfiguration.launchTemplate; + const useFastLaunchLaunchTemplateId = launchTemplate?.launchTemplateId !== undefined; + const fastLaunchLaunchTemplate: CfnDistributionConfiguration.FastLaunchLaunchTemplateSpecificationProperty = { + ...(useFastLaunchLaunchTemplateId && { + launchTemplateId: launchTemplate?.launchTemplateId, + }), + ...(!useFastLaunchLaunchTemplateId && { + launchTemplateName: launchTemplate?.launchTemplateName, + }), + ...(launchTemplate?.versionNumber !== undefined && { + launchTemplateVersion: launchTemplate?.versionNumber, + }), + }; + + return { + enabled: fastLaunchConfiguration.enabled, + maxParallelLaunches: fastLaunchConfiguration.maxParallelLaunches, + ...(Object.keys(fastLaunchLaunchTemplate).length && { launchTemplate: fastLaunchLaunchTemplate }), + ...(fastLaunchConfiguration.targetSnapshotCount !== undefined && { + snapshotConfiguration: { targetResourceCount: fastLaunchConfiguration.targetSnapshotCount }, + }), + }; + }, + ); + + return fastLaunchConfigurations?.length ? fastLaunchConfigurations : undefined; + } + + private buildLaunchTemplateConfigurations( + amiDistribution: AmiDistribution, + ): CfnDistributionConfiguration.LaunchTemplateConfigurationProperty[] | undefined { + const launchTemplateConfigurations = amiDistribution.launchTemplates?.map( + (launchTemplateConfiguration): CfnDistributionConfiguration.LaunchTemplateConfigurationProperty => { + if (!launchTemplateConfiguration.launchTemplate.launchTemplateId) { + throw new cdk.ValidationError( + 'You must reference launch templates by ID in launch template configurations', + this, + ); + } + + return { + accountId: launchTemplateConfiguration.accountId, + launchTemplateId: launchTemplateConfiguration.launchTemplate.launchTemplateId, + setDefaultVersion: launchTemplateConfiguration.setDefaultVersion, + }; + }, + ); + + return launchTemplateConfigurations?.length ? launchTemplateConfigurations : undefined; + } + + private buildLicenseConfigurationArns(amiDistribution: AmiDistribution): string[] | undefined { + return amiDistribution.licenseConfigurationArns?.length ? amiDistribution.licenseConfigurationArns : undefined; + } + + private buildSsmParameterConfigurations( + amiDistribution: AmiDistribution, + ): CfnDistributionConfiguration.SsmParameterConfigurationProperty[] | undefined { + const ssmParameterConfigurations = amiDistribution.ssmParameters?.map( + (ssmParameterConfiguration): CfnDistributionConfiguration.SsmParameterConfigurationProperty => ({ + amiAccountId: ssmParameterConfiguration.amiAccount, + dataType: ssmParameterConfiguration.dataType, + parameterName: ssmParameterConfiguration.parameter.parameterName, + }), + ); + + return ssmParameterConfigurations?.length ? ssmParameterConfigurations : undefined; + } +} diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/lib/index.ts b/packages/@aws-cdk/aws-imagebuilder-alpha/lib/index.ts index 9880ae0da4e2f..97cf3cbca1ef6 100644 --- a/packages/@aws-cdk/aws-imagebuilder-alpha/lib/index.ts +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/lib/index.ts @@ -1,3 +1,4 @@ // AWS::ImageBuilder CloudFormation Resources: +export * from './distribution-configuration'; export * from './infrastructure-configuration'; diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/distribution-configuration.test.ts b/packages/@aws-cdk/aws-imagebuilder-alpha/test/distribution-configuration.test.ts new file mode 100644 index 0000000000000..6308f78ff6789 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/distribution-configuration.test.ts @@ -0,0 +1,558 @@ +import * as cdk from 'aws-cdk-lib'; +import { Match, Template } from 'aws-cdk-lib/assertions'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as ecr from 'aws-cdk-lib/aws-ecr'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import * as ssm from 'aws-cdk-lib/aws-ssm'; +import { DistributionConfiguration, Repository } from '../lib'; + +describe('Distribution Configuration', () => { + let app: cdk.App; + let stack: cdk.Stack; + + beforeEach(() => { + app = new cdk.App(); + stack = new cdk.Stack(app, 'Stack', { env: { region: 'us-east-1', account: '123456789012' } }); + }); + + test('imported by name', () => { + const distributionConfiguration = DistributionConfiguration.fromDistributionConfigurationName( + stack, + 'DistributionConfiguration', + 'imported-distribution-configuration-by-name', + ); + + expect(stack.resolve(distributionConfiguration.distributionConfigurationArn)).toEqual({ + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':imagebuilder:us-east-1:123456789012:distribution-configuration/imported-distribution-configuration-by-name', + ], + ], + }); + expect(distributionConfiguration.distributionConfigurationName).toEqual( + 'imported-distribution-configuration-by-name', + ); + }); + + test('imported by name as an unresolved token', () => { + const distributionConfiguration = DistributionConfiguration.fromDistributionConfigurationName( + stack, + 'DistributionConfiguration', + `test-distribution-configuration-${stack.partition}`, + ); + + expect(stack.resolve(distributionConfiguration.distributionConfigurationArn)).toEqual({ + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':imagebuilder:us-east-1:123456789012:distribution-configuration/test-distribution-configuration-', + { Ref: 'AWS::Partition' }, + ], + ], + }); + expect(stack.resolve(distributionConfiguration.distributionConfigurationName)).toEqual({ + 'Fn::Join': ['', ['test-distribution-configuration-', { Ref: 'AWS::Partition' }]], + }); + }); + + test('imported by arn', () => { + const distributionConfiguration = DistributionConfiguration.fromDistributionConfigurationArn( + stack, + 'DistributionConfiguration', + 'arn:aws:imagebuilder:us-east-1:123456789012:distribution-configuration/imported-distribution-configuration-by-arn', + ); + + expect(distributionConfiguration.distributionConfigurationArn).toEqual( + 'arn:aws:imagebuilder:us-east-1:123456789012:distribution-configuration/imported-distribution-configuration-by-arn', + ); + expect(distributionConfiguration.distributionConfigurationName).toEqual( + 'imported-distribution-configuration-by-arn', + ); + }); + + test('with all parameters', () => { + const distributionConfiguration = new DistributionConfiguration(stack, 'DistributionConfiguration', { + distributionConfigurationName: 'test-distribution-configuration', + description: 'A Distribution Configuration', + amiDistributions: [ + { + region: 'us-east-2', + fastLaunchConfigurations: [ + { + enabled: true, + launchTemplate: ec2.LaunchTemplate.fromLaunchTemplateAttributes(stack, 'CrossRegionFastLaunchLT', { + launchTemplateId: 'lt-987', + }), + }, + ], + ssmParameters: [ + { + parameter: ssm.StringParameter.fromStringParameterAttributes(stack, 'CrossRegionParameter', { + parameterName: '/imagebuilder/ami', + forceDynamicReference: true, + }), + }, + ], + }, + ], + containerDistributions: [ + { + region: 'us-east-2', + containerRepository: Repository.fromEcr( + ecr.Repository.fromRepositoryName(stack, 'CrossRegionTargetRepository', 'cross-region-target-repository'), + ), + containerDescription: 'Test cross-region container image', + containerTags: ['latest', 'latest-1.0'], + }, + ], + tags: { + key1: 'value1', + key2: 'value2', + }, + }); + + distributionConfiguration.addAmiDistributions({ + amiName: 'imagebuilder-{{ imagebuilder:buildDate }}', + amiDescription: 'Build AMI', + amiKmsKey: kms.Alias.fromAliasName(stack, 'DistributedAMIKey', 'alias/distribution-encryption-key'), + amiTargetAccountIds: ['123456789012', '098765432109'], + amiLaunchPermission: { + organizationArns: [ + stack.formatArn({ + region: '', + service: 'organizations', + resource: 'organization', + resourceName: 'o-1234567abc', + }), + ], + organizationalUnitArns: [ + stack.formatArn({ + region: '', + service: 'organizations', + resource: 'ou', + resourceName: 'o-1234567abc/ou-a123-b4567890', + }), + ], + isPublicUserGroup: true, + accountIds: ['234567890123'], + }, + amiTags: { + Environment: 'test', + Version: '{{ imagebuilder:buildVersion }}', + }, + ssmParameters: [ + { + parameter: ssm.StringParameter.fromStringParameterAttributes(stack, 'Parameter', { + parameterName: '/imagebuilder/ami', + forceDynamicReference: true, + }), + }, + { + amiAccount: '098765432109', + dataType: ssm.ParameterDataType.TEXT, + parameter: ssm.StringParameter.fromStringParameterAttributes(stack, 'CrossAccountParameter', { + parameterName: 'imagebuilder-prod-ami', + forceDynamicReference: true, + }), + }, + ], + launchTemplates: [ + { + launchTemplate: ec2.LaunchTemplate.fromLaunchTemplateAttributes(stack, 'LaunchTemplate', { + launchTemplateId: 'lt-123', + }), + setDefaultVersion: true, + }, + { + accountId: '123456789012', + launchTemplate: ec2.LaunchTemplate.fromLaunchTemplateAttributes(stack, 'CrossAccountLaunchTemplate', { + launchTemplateId: 'lt-456', + }), + setDefaultVersion: false, + }, + ], + fastLaunchConfigurations: [ + { + enabled: true, + launchTemplate: ec2.LaunchTemplate.fromLaunchTemplateAttributes(stack, 'FastLaunchLT', { + launchTemplateName: 'fast-launch-lt', + versionNumber: '2', + }), + maxParallelLaunches: 10, + targetSnapshotCount: 25, + }, + ], + licenseConfigurationArns: [ + stack.formatArn({ + service: 'license-manager', + resource: 'license-configuration', + resourceName: 'lic-abcdefghijklmnopqrstuvwxyz123456', + arnFormat: cdk.ArnFormat.COLON_RESOURCE_NAME, + }), + ], + }); + + distributionConfiguration.addContainerDistributions({ + containerRepository: Repository.fromEcr( + ecr.Repository.fromRepositoryName(stack, 'TargetRepository', 'target-repository'), + ), + containerDescription: 'Test container image', + containerTags: ['default', 'default-1.0'], + }); + + expect(DistributionConfiguration.isDistributionConfiguration(distributionConfiguration as unknown)).toBeTruthy(); + expect(DistributionConfiguration.isDistributionConfiguration('DistributionConfiguration')).toBeFalsy(); + + Template.fromStack(stack).templateMatches({ + Resources: { + DistributionConfiguration26801BDF: Match.objectEquals({ + Type: 'AWS::ImageBuilder::DistributionConfiguration', + Properties: { + Name: 'test-distribution-configuration', + Description: 'A Distribution Configuration', + Distributions: [ + { + Region: 'us-east-2', + ContainerDistributionConfiguration: { + ContainerTags: ['latest', 'latest-1.0'], + Description: 'Test cross-region container image', + TargetRepository: { + RepositoryName: 'cross-region-target-repository', + Service: 'ECR', + }, + }, + FastLaunchConfigurations: [ + { Enabled: true, LaunchTemplate: { LaunchTemplateId: 'lt-987', LaunchTemplateVersion: '$Default' } }, + ], + SsmParameterConfigurations: [{ ParameterName: '/imagebuilder/ami' }], + }, + { + Region: 'us-east-1', + AmiDistributionConfiguration: { + Name: 'imagebuilder-{{ imagebuilder:buildDate }}', + Description: 'Build AMI', + KmsKeyId: { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':kms:us-east-1:123456789012:alias/distribution-encryption-key', + ], + ], + }, + LaunchPermissionConfiguration: { + OrganizationArns: [ + { + 'Fn::Join': [ + '', + ['arn:', { Ref: 'AWS::Partition' }, ':organizations::123456789012:organization/o-1234567abc'], + ], + }, + ], + OrganizationalUnitArns: [ + { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':organizations::123456789012:ou/o-1234567abc/ou-a123-b4567890', + ], + ], + }, + ], + UserGroups: ['all'], + UserIds: ['234567890123'], + }, + TargetAccountIds: ['123456789012', '098765432109'], + AmiTags: { + Environment: 'test', + Version: '{{ imagebuilder:buildVersion }}', + }, + }, + ContainerDistributionConfiguration: { + ContainerTags: ['default', 'default-1.0'], + Description: 'Test container image', + TargetRepository: { + RepositoryName: 'target-repository', + Service: 'ECR', + }, + }, + FastLaunchConfigurations: [ + { + Enabled: true, + LaunchTemplate: { LaunchTemplateName: 'fast-launch-lt', LaunchTemplateVersion: '2' }, + MaxParallelLaunches: 10, + SnapshotConfiguration: { TargetResourceCount: 25 }, + }, + ], + LaunchTemplateConfigurations: [ + { LaunchTemplateId: 'lt-123', SetDefaultVersion: true }, + { AccountId: '123456789012', LaunchTemplateId: 'lt-456', SetDefaultVersion: false }, + ], + LicenseConfigurationArns: [ + { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':license-manager:us-east-1:123456789012:license-configuration:lic-abcdefghijklmnopqrstuvwxyz123456', + ], + ], + }, + ], + SsmParameterConfigurations: [ + { ParameterName: '/imagebuilder/ami' }, + { AmiAccountId: '098765432109', DataType: 'text', ParameterName: 'imagebuilder-prod-ami' }, + ], + }, + ], + Tags: { + key1: 'value1', + key2: 'value2', + }, + }, + }), + }, + }); + }); + + test('with required parameters - AMI distribution', () => { + const distributionConfiguration = new DistributionConfiguration(stack, 'DistributionConfiguration'); + distributionConfiguration.addAmiDistributions({ amiName: 'imagebuilder-{{ imagebuilder:buildDate }}' }); + + Template.fromStack(stack).templateMatches({ + Resources: { + DistributionConfiguration26801BDF: Match.objectEquals({ + Type: 'AWS::ImageBuilder::DistributionConfiguration', + Properties: { + Name: 'stack-distributionconfiguration-15e7372b', + Distributions: [ + { + Region: 'us-east-1', + AmiDistributionConfiguration: { + Name: 'imagebuilder-{{ imagebuilder:buildDate }}', + }, + }, + ], + }, + }), + }, + }); + }); + + test('with required parameters - container distribution', () => { + const distributionConfiguration = new DistributionConfiguration(stack, 'DistributionConfiguration'); + distributionConfiguration.addContainerDistributions({ + containerRepository: Repository.fromEcr( + ecr.Repository.fromRepositoryName(stack, 'TargetRepository', 'target-repository'), + ), + }); + + Template.fromStack(stack).templateMatches({ + Resources: { + DistributionConfiguration26801BDF: Match.objectEquals({ + Type: 'AWS::ImageBuilder::DistributionConfiguration', + Properties: { + Name: 'stack-distributionconfiguration-15e7372b', + Distributions: [ + { + Region: 'us-east-1', + ContainerDistributionConfiguration: { + TargetRepository: { + RepositoryName: 'target-repository', + Service: 'ECR', + }, + }, + }, + ], + }, + }), + }, + }); + }); + + test('grants read access to IAM roles', () => { + const distributionConfiguration = new DistributionConfiguration(stack, 'DistributionConfiguration'); + distributionConfiguration.addAmiDistributions({ amiName: 'imagebuilder-{{ imagebuilder:buildDate }}' }); + + const role = new iam.Role(stack, 'Role', { assumedBy: new iam.AccountPrincipal('123456789012') }); + + distributionConfiguration.grantRead(role); + + const template = Template.fromStack(stack); + + template.resourceCountIs('AWS::IAM::Policy', 1); + template.resourceCountIs('AWS::IAM::Role', 1); + template.resourceCountIs('AWS::ImageBuilder::DistributionConfiguration', 1); + expect(Object.keys(template.toJSON().Resources)).toHaveLength(3); + + template.hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + AWS: { + 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::123456789012:root']], + }, + }, + }, + ], + }, + }); + + template.hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Effect: 'Allow', + Action: 'imagebuilder:GetDistributionConfiguration', + Resource: { + 'Fn::GetAtt': ['DistributionConfiguration26801BDF', 'Arn'], + }, + }, + ], + }, + Roles: [Match.anyValue()], + }); + }); + + test('grants permissions to IAM roles', () => { + const distributionConfiguration = new DistributionConfiguration(stack, 'DistributionConfiguration'); + distributionConfiguration.addAmiDistributions({ amiName: 'imagebuilder-{{ imagebuilder:buildDate }}' }); + + const role = new iam.Role(stack, 'Role', { assumedBy: new iam.AccountPrincipal('123456789012') }); + + distributionConfiguration.grant( + role, + 'imagebuilder:DeleteDistributionConfiguration', + 'imagebuilder:UpdateDistributionConfiguration', + ); + + const template = Template.fromStack(stack); + + template.resourceCountIs('AWS::IAM::Policy', 1); + template.resourceCountIs('AWS::IAM::Role', 1); + template.resourceCountIs('AWS::ImageBuilder::DistributionConfiguration', 1); + expect(Object.keys(template.toJSON().Resources)).toHaveLength(3); + + template.hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [ + { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + AWS: { + 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::123456789012:root']], + }, + }, + }, + ], + }, + }); + + template.hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Effect: 'Allow', + Action: ['imagebuilder:DeleteDistributionConfiguration', 'imagebuilder:UpdateDistributionConfiguration'], + Resource: { + 'Fn::GetAtt': ['DistributionConfiguration26801BDF', 'Arn'], + }, + }, + ], + }, + Roles: [Match.anyValue()], + }); + }); + + test('throws a validation error when the resource name contains spaces', () => { + expect(() => { + new DistributionConfiguration(stack, 'DistributionConfiguration', { + distributionConfigurationName: 'a name with spaces', + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when the resource name contains underscores', () => { + expect(() => { + new DistributionConfiguration(stack, 'DistributionConfiguration', { + distributionConfigurationName: 'a_name_with_underscores', + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when the resource name contains uppercase characters', () => { + expect(() => { + new DistributionConfiguration(stack, 'DistributionConfiguration', { + distributionConfigurationName: 'ANameWithUppercaseCharacters', + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when providing multiple AMI distributions for the same region', () => { + const distributionConfiguration = new DistributionConfiguration(stack, 'DistributionConfiguration'); + distributionConfiguration.addAmiDistributions({ amiName: 'imagebuilder-{{ imagebuilder:buildDate }}' }); + + expect(() => { + distributionConfiguration.addAmiDistributions({ amiName: 'imagebuilder-{{ imagebuilder:buildDate }}' }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when providing multiple container distributions in the same region', () => { + const distributionConfiguration = new DistributionConfiguration(stack, 'DistributionConfiguration'); + distributionConfiguration.addContainerDistributions({ + containerRepository: Repository.fromEcr( + ecr.Repository.fromRepositoryName(stack, 'TargetRepository', 'target-repository'), + ), + }); + + expect(() => { + distributionConfiguration.addContainerDistributions({ + containerRepository: Repository.fromEcr( + ecr.Repository.fromRepositoryName(stack, 'TargetRepository2', 'target-repository-2'), + ), + }); + }).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when providing a max parallel launch below 6 for fast launch configurations', () => { + const distributionConfiguration = new DistributionConfiguration(stack, 'DistributionConfiguration'); + distributionConfiguration.addAmiDistributions({ fastLaunchConfigurations: [{ maxParallelLaunches: 5 }] }); + + expect(() => Template.fromStack(stack)).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when providing a launch template by name only for launch template configurations', () => { + const distributionConfiguration = new DistributionConfiguration(stack, 'DistributionConfiguration'); + distributionConfiguration.addAmiDistributions({ + launchTemplates: [ + { + launchTemplate: ec2.LaunchTemplate.fromLaunchTemplateAttributes(stack, 'LaunchTemplate', { + launchTemplateName: 'imagebuilder-launch-template', + }), + }, + ], + }); + + expect(() => Template.fromStack(stack)).toThrow(cdk.ValidationError); + }); + + test('throws a validation error when no distributions are provided', () => { + new DistributionConfiguration(stack, 'DistributionConfiguration'); + + expect(() => Template.fromStack(stack)).toThrow(cdk.ValidationError); + }); +}); diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets.json new file mode 100644 index 0000000000000..602c179f9d9b1 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373 Template", + "source": { + "path": "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-d8d86b35": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.template.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-all-parameters.assets.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-all-parameters.assets.json new file mode 100644 index 0000000000000..b2feab0d265d9 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-all-parameters.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "bd1f475972ae85294ea1f85354352592e58178f9f873f2406875412bcaaf5dbf": { + "displayName": "aws-cdk-imagebuilder-distribution-configuration-all-parameters Template", + "source": { + "path": "aws-cdk-imagebuilder-distribution-configuration-all-parameters.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-fbb40ec6": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "bd1f475972ae85294ea1f85354352592e58178f9f873f2406875412bcaaf5dbf.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-all-parameters.template.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-all-parameters.template.json new file mode 100644 index 0000000000000..f903931502a52 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-all-parameters.template.json @@ -0,0 +1,498 @@ +{ + "Parameters": { + "CrossRegion": { + "Type": "String", + "Default": "ap-northeast-1", + "Description": "Unresolved token testing" + }, + "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64" + }, + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Resources": { + "LaunchTemplate04EC5460": { + "Type": "AWS::EC2::LaunchTemplate", + "Properties": { + "LaunchTemplateData": { + "ImageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t3.small", + "TagSpecifications": [ + { + "ResourceType": "instance", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-imagebuilder-distribution-configuration-all-parameters/LaunchTemplate" + } + ] + }, + { + "ResourceType": "volume", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-imagebuilder-distribution-configuration-all-parameters/LaunchTemplate" + } + ] + } + ], + "UserData": { + "Fn::Base64": "#!/bin/bash" + } + }, + "TagSpecifications": [ + { + "ResourceType": "launch-template", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-imagebuilder-distribution-configuration-all-parameters/LaunchTemplate" + } + ] + } + ] + } + }, + "Repository22E53BBD": { + "Type": "AWS::ECR::Repository", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "DistributionConfiguration26801BDF": { + "Type": "AWS::ImageBuilder::DistributionConfiguration", + "Properties": { + "Description": "This is a distribution configuration.", + "Distributions": [ + { + "AmiDistributionConfiguration": { + "AmiTags": { + "Environment": "test", + "Version": "{{ imagebuilder:buildVersion }}" + }, + "Description": "Build AMI", + "KmsKeyId": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":alias/distribution-encryption-key" + ] + ] + }, + "LaunchPermissionConfiguration": { + "OrganizationalUnitArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":organizations::", + { + "Ref": "AWS::AccountId" + }, + ":ou/o-1234567abc/ou-a123-b4567890" + ] + ] + } + ], + "OrganizationArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":organizations::", + { + "Ref": "AWS::AccountId" + }, + ":organization/o-1234567abc" + ] + ] + } + ], + "UserGroups": [ + "all" + ], + "UserIds": [ + "234567890123" + ] + }, + "Name": "imagebuilder-{{ imagebuilder:buildDate }}", + "TargetAccountIds": [ + "123456789012", + "098765432109" + ] + }, + "ContainerDistributionConfiguration": { + "ContainerTags": [ + "latest", + "latest-1.0" + ], + "Description": "Test container image", + "TargetRepository": { + "RepositoryName": { + "Ref": "Repository22E53BBD" + }, + "Service": "ECR" + } + }, + "FastLaunchConfigurations": [ + { + "Enabled": true, + "LaunchTemplate": { + "LaunchTemplateId": { + "Ref": "LaunchTemplate04EC5460" + }, + "LaunchTemplateVersion": { + "Fn::GetAtt": [ + "LaunchTemplate04EC5460", + "LatestVersionNumber" + ] + } + }, + "MaxParallelLaunches": 10, + "SnapshotConfiguration": { + "TargetResourceCount": 25 + } + } + ], + "LaunchTemplateConfigurations": [ + { + "LaunchTemplateId": { + "Ref": "LaunchTemplate04EC5460" + }, + "SetDefaultVersion": true + } + ], + "LicenseConfigurationArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":license-manager:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":license-configuration:lic-abcdefghijklmnopqrstuvwxyz123456" + ] + ] + } + ], + "Region": "us-east-1", + "SsmParameterConfigurations": [ + { + "AmiAccountId": "098765432109", + "ParameterName": "/imagebuilder/ami" + } + ] + }, + { + "AmiDistributionConfiguration": { + "AmiTags": { + "Environment": "test", + "Version": "{{ imagebuilder:buildVersion }}" + }, + "Description": "Build AMI", + "Name": "imagebuilder-{{ imagebuilder:buildDate }}" + }, + "ContainerDistributionConfiguration": { + "ContainerTags": [ + "cross-region-latest", + "cross-region-latest-1.0" + ], + "Description": "Test container image", + "TargetRepository": { + "RepositoryName": "cross-region-repository", + "Service": "ECR" + } + }, + "Region": { + "Ref": "CrossRegion" + }, + "SsmParameterConfigurations": [ + { + "ParameterName": "/imagebuilder/ami" + } + ] + } + ], + "Name": "aws-cdk-imagebuilder-distribution-configuration-all-parameters-distributionconfiguration-64f609ec", + "Tags": { + "key1": "value1", + "key2": "value2" + } + } + }, + "AMIDistributionConfigurationA286FE05": { + "Type": "AWS::ImageBuilder::DistributionConfiguration", + "Properties": { + "Description": "This is an AMI distribution configuration.", + "Distributions": [ + { + "AmiDistributionConfiguration": { + "AmiTags": { + "Environment": "test", + "Version": "{{ imagebuilder:buildVersion }}" + }, + "Description": "Build AMI", + "KmsKeyId": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":alias/distribution-encryption-key" + ] + ] + }, + "LaunchPermissionConfiguration": { + "OrganizationalUnitArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":organizations::", + { + "Ref": "AWS::AccountId" + }, + ":ou/o-1234567abc/ou-a123-b4567890" + ] + ] + } + ], + "OrganizationArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":organizations::", + { + "Ref": "AWS::AccountId" + }, + ":organization/o-1234567abc" + ] + ] + } + ], + "UserGroups": [ + "all" + ], + "UserIds": [ + "234567890123" + ] + }, + "Name": "imagebuilder-{{ imagebuilder:buildDate }}", + "TargetAccountIds": [ + "123456789012", + "098765432109" + ] + }, + "FastLaunchConfigurations": [ + { + "Enabled": true, + "LaunchTemplate": { + "LaunchTemplateId": { + "Ref": "LaunchTemplate04EC5460" + }, + "LaunchTemplateVersion": { + "Fn::GetAtt": [ + "LaunchTemplate04EC5460", + "LatestVersionNumber" + ] + } + }, + "MaxParallelLaunches": 10, + "SnapshotConfiguration": { + "TargetResourceCount": 25 + } + } + ], + "LaunchTemplateConfigurations": [ + { + "LaunchTemplateId": { + "Ref": "LaunchTemplate04EC5460" + }, + "SetDefaultVersion": true + } + ], + "LicenseConfigurationArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":license-manager:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":license-configuration:lic-abcdefghijklmnopqrstuvwxyz123456" + ] + ] + } + ], + "Region": "us-east-1", + "SsmParameterConfigurations": [ + { + "AmiAccountId": "098765432109", + "ParameterName": "/imagebuilder/ami" + } + ] + }, + { + "AmiDistributionConfiguration": { + "AmiTags": { + "Environment": "test", + "Version": "{{ imagebuilder:buildVersion }}" + }, + "Description": "Build AMI", + "Name": "imagebuilder-{{ imagebuilder:buildDate }}" + }, + "Region": { + "Ref": "CrossRegion" + }, + "SsmParameterConfigurations": [ + { + "ParameterName": "/imagebuilder/ami" + } + ] + } + ], + "Name": "aws-cdk-imagebuilder-distribution-configuration-all-parameters-amidistributionconfiguration-2114b1c4", + "Tags": { + "key1": "value1", + "key2": "value2" + } + } + }, + "ContainerDistributionConfiguration18609EDB": { + "Type": "AWS::ImageBuilder::DistributionConfiguration", + "Properties": { + "Description": "This is an AMI distribution configuration.", + "Distributions": [ + { + "ContainerDistributionConfiguration": { + "ContainerTags": [ + "latest", + "latest-1.0" + ], + "Description": "Test container image", + "TargetRepository": { + "RepositoryName": { + "Ref": "Repository22E53BBD" + }, + "Service": "ECR" + } + }, + "Region": "us-east-1" + }, + { + "ContainerDistributionConfiguration": { + "ContainerTags": [ + "cross-region-latest", + "cross-region-latest-1.0" + ], + "Description": "Test container image", + "TargetRepository": { + "RepositoryName": "cross-region-repository", + "Service": "ECR" + } + }, + "Region": { + "Ref": "CrossRegion" + } + } + ], + "Name": "aws-cdk-imagebuilder-distribution-configuration-all-parameters-containerdistributionconfiguration-c3e53c12", + "Tags": { + "key1": "value1", + "key2": "value2" + } + } + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/cdk.out b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/cdk.out new file mode 100644 index 0000000000000..523a9aac37cbf --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"48.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/integ.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/integ.json new file mode 100644 index 0000000000000..522d2b1ed395a --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "48.0.0", + "testCases": { + "DistributionConfigurationTest/DefaultTest": { + "stacks": [ + "aws-cdk-imagebuilder-distribution-configuration-all-parameters" + ], + "assertionStack": "DistributionConfigurationTest/DefaultTest/DeployAssert", + "assertionStackName": "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373" + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/manifest.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/manifest.json new file mode 100644 index 0000000000000..7e8e87f718e49 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/manifest.json @@ -0,0 +1,666 @@ +{ + "version": "48.0.0", + "artifacts": { + "aws-cdk-imagebuilder-distribution-configuration-all-parameters.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-imagebuilder-distribution-configuration-all-parameters.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-imagebuilder-distribution-configuration-all-parameters": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-imagebuilder-distribution-configuration-all-parameters.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/bd1f475972ae85294ea1f85354352592e58178f9f873f2406875412bcaaf5dbf.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-imagebuilder-distribution-configuration-all-parameters.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-imagebuilder-distribution-configuration-all-parameters.assets" + ], + "metadata": { + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/CrossRegion": [ + { + "type": "aws:cdk:logicalId", + "data": "CrossRegion" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/LaunchTemplate": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "machineImage": "*", + "instanceType": "*" + } + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/LaunchTemplate/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LaunchTemplate04EC5460" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ + { + "type": "aws:cdk:logicalId", + "data": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/Repository": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/Repository/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Repository22E53BBD" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/DistributionConfiguration": [ + { + "type": "aws:cdk:warning", + "data": "AMI is configured for public access, making it available to any AWS account globally. Ensure no sensitive data, credentials, or proprietary configurations are included. Review your organization's security policies before deploying public AMIs." + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/DistributionConfiguration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DistributionConfiguration26801BDF" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/AMIDistributionConfiguration": [ + { + "type": "aws:cdk:warning", + "data": "AMI is configured for public access, making it available to any AWS account globally. Ensure no sensitive data, credentials, or proprietary configurations are included. Review your organization's security policies before deploying public AMIs." + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/AMIDistributionConfiguration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AMIDistributionConfigurationA286FE05" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/ContainerDistributionConfiguration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ContainerDistributionConfiguration18609EDB" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-all-parameters/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-imagebuilder-distribution-configuration-all-parameters" + }, + "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets" + ], + "metadata": { + "/DistributionConfigurationTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/DistributionConfigurationTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "DistributionConfigurationTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "recommendedValue": true, + "explanation": "Pass signingProfileName to CfnSigningProfile" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "recommendedValue": true, + "explanation": "Disable implicit openListener when custom security groups are provided" + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": { + "userValue": false, + "recommendedValue": false, + "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**" + }, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**" + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { + "recommendedValue": true, + "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" + } + } + } + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/tree.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/tree.json new file mode 100644 index 0000000000000..d43e7c8c6812e --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.js.snapshot/tree.json @@ -0,0 +1 @@ +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-imagebuilder-distribution-configuration-all-parameters":{"id":"aws-cdk-imagebuilder-distribution-configuration-all-parameters","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"CrossRegion":{"id":"CrossRegion","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/CrossRegion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"LaunchTemplate":{"id":"LaunchTemplate","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/LaunchTemplate","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.LaunchTemplate","version":"0.0.0","metadata":[{"machineImage":"*","instanceType":"*"}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/LaunchTemplate/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnLaunchTemplate","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::LaunchTemplate","aws:cdk:cloudformation:props":{"launchTemplateData":{"imageId":{"Ref":"SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter"},"instanceType":"t3.small","tagSpecifications":[{"resourceType":"instance","tags":[{"key":"Name","value":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/LaunchTemplate"}]},{"resourceType":"volume","tags":[{"key":"Name","value":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/LaunchTemplate"}]}],"userData":{"Fn::Base64":"#!/bin/bash"}},"tagSpecifications":[{"resourceType":"launch-template","tags":[{"key":"Name","value":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/LaunchTemplate"}]}]}}}}},"SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter":{"id":"SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118":{"id":"SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/SsmParameterValue:--aws--service--ami-amazon-linux-latest--al2023-ami-kernel-6.1-x86_64:C96584B6-F00A-464E-AD19-53AFF4B05118","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"Repository":{"id":"Repository","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.Repository","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/Repository/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.CfnRepository","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ECR::Repository","aws:cdk:cloudformation:props":{}}}}},"DistributionConfiguration":{"id":"DistributionConfiguration","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/DistributionConfiguration","constructInfo":{"fqn":"@aws-cdk/aws-imagebuilder-alpha.DistributionConfiguration","version":"0.0.0","metadata":[]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/DistributionConfiguration/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_imagebuilder.CfnDistributionConfiguration","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ImageBuilder::DistributionConfiguration","aws:cdk:cloudformation:props":{"description":"This is a distribution configuration.","distributions":[{"region":"us-east-1","amiDistributionConfiguration":{"AmiTags":{"Environment":"test","Version":"{{ imagebuilder:buildVersion }}"},"Description":"Build AMI","KmsKeyId":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":kms:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":alias/distribution-encryption-key"]]},"LaunchPermissionConfiguration":{"OrganizationalUnitArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":organizations::",{"Ref":"AWS::AccountId"},":ou/o-1234567abc/ou-a123-b4567890"]]}],"OrganizationArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":organizations::",{"Ref":"AWS::AccountId"},":organization/o-1234567abc"]]}],"UserGroups":["all"],"UserIds":["234567890123"]},"Name":"imagebuilder-{{ imagebuilder:buildDate }}","TargetAccountIds":["123456789012","098765432109"]},"fastLaunchConfigurations":[{"enabled":true,"maxParallelLaunches":10,"launchTemplate":{"launchTemplateId":{"Ref":"LaunchTemplate04EC5460"},"launchTemplateVersion":{"Fn::GetAtt":["LaunchTemplate04EC5460","LatestVersionNumber"]}},"snapshotConfiguration":{"targetResourceCount":25}}],"launchTemplateConfigurations":[{"launchTemplateId":{"Ref":"LaunchTemplate04EC5460"},"setDefaultVersion":true}],"ssmParameterConfigurations":[{"amiAccountId":"098765432109","parameterName":"/imagebuilder/ami"}],"licenseConfigurationArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":license-manager:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":license-configuration:lic-abcdefghijklmnopqrstuvwxyz123456"]]}],"containerDistributionConfiguration":{"ContainerTags":["latest","latest-1.0"],"Description":"Test container image","TargetRepository":{"RepositoryName":{"Ref":"Repository22E53BBD"},"Service":"ECR"}}},{"region":{"Ref":"CrossRegion"},"amiDistributionConfiguration":{"AmiTags":{"Environment":"test","Version":"{{ imagebuilder:buildVersion }}"},"Description":"Build AMI","Name":"imagebuilder-{{ imagebuilder:buildDate }}"},"ssmParameterConfigurations":[{"parameterName":"/imagebuilder/ami"}],"containerDistributionConfiguration":{"ContainerTags":["cross-region-latest","cross-region-latest-1.0"],"Description":"Test container image","TargetRepository":{"RepositoryName":"cross-region-repository","Service":"ECR"}}}],"name":"aws-cdk-imagebuilder-distribution-configuration-all-parameters-distributionconfiguration-64f609ec","tags":{"key1":"value1","key2":"value2"}}}}}},"AMIDistributionConfiguration":{"id":"AMIDistributionConfiguration","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/AMIDistributionConfiguration","constructInfo":{"fqn":"@aws-cdk/aws-imagebuilder-alpha.DistributionConfiguration","version":"0.0.0","metadata":[]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/AMIDistributionConfiguration/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_imagebuilder.CfnDistributionConfiguration","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ImageBuilder::DistributionConfiguration","aws:cdk:cloudformation:props":{"description":"This is an AMI distribution configuration.","distributions":[{"region":"us-east-1","amiDistributionConfiguration":{"AmiTags":{"Environment":"test","Version":"{{ imagebuilder:buildVersion }}"},"Description":"Build AMI","KmsKeyId":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":kms:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":alias/distribution-encryption-key"]]},"LaunchPermissionConfiguration":{"OrganizationalUnitArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":organizations::",{"Ref":"AWS::AccountId"},":ou/o-1234567abc/ou-a123-b4567890"]]}],"OrganizationArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":organizations::",{"Ref":"AWS::AccountId"},":organization/o-1234567abc"]]}],"UserGroups":["all"],"UserIds":["234567890123"]},"Name":"imagebuilder-{{ imagebuilder:buildDate }}","TargetAccountIds":["123456789012","098765432109"]},"fastLaunchConfigurations":[{"enabled":true,"maxParallelLaunches":10,"launchTemplate":{"launchTemplateId":{"Ref":"LaunchTemplate04EC5460"},"launchTemplateVersion":{"Fn::GetAtt":["LaunchTemplate04EC5460","LatestVersionNumber"]}},"snapshotConfiguration":{"targetResourceCount":25}}],"launchTemplateConfigurations":[{"launchTemplateId":{"Ref":"LaunchTemplate04EC5460"},"setDefaultVersion":true}],"ssmParameterConfigurations":[{"amiAccountId":"098765432109","parameterName":"/imagebuilder/ami"}],"licenseConfigurationArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":license-manager:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":license-configuration:lic-abcdefghijklmnopqrstuvwxyz123456"]]}]},{"region":{"Ref":"CrossRegion"},"amiDistributionConfiguration":{"AmiTags":{"Environment":"test","Version":"{{ imagebuilder:buildVersion }}"},"Description":"Build AMI","Name":"imagebuilder-{{ imagebuilder:buildDate }}"},"ssmParameterConfigurations":[{"parameterName":"/imagebuilder/ami"}]}],"name":"aws-cdk-imagebuilder-distribution-configuration-all-parameters-amidistributionconfiguration-2114b1c4","tags":{"key1":"value1","key2":"value2"}}}}}},"ContainerDistributionConfiguration":{"id":"ContainerDistributionConfiguration","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/ContainerDistributionConfiguration","constructInfo":{"fqn":"@aws-cdk/aws-imagebuilder-alpha.DistributionConfiguration","version":"0.0.0","metadata":[]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/ContainerDistributionConfiguration/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_imagebuilder.CfnDistributionConfiguration","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ImageBuilder::DistributionConfiguration","aws:cdk:cloudformation:props":{"description":"This is an AMI distribution configuration.","distributions":[{"region":"us-east-1","containerDistributionConfiguration":{"ContainerTags":["latest","latest-1.0"],"Description":"Test container image","TargetRepository":{"RepositoryName":{"Ref":"Repository22E53BBD"},"Service":"ECR"}}},{"region":{"Ref":"CrossRegion"},"containerDistributionConfiguration":{"ContainerTags":["cross-region-latest","cross-region-latest-1.0"],"Description":"Test container image","TargetRepository":{"RepositoryName":"cross-region-repository","Service":"ECR"}}}],"name":"aws-cdk-imagebuilder-distribution-configuration-all-parameters-containerdistributionconfiguration-c3e53c12","tags":{"key1":"value1","key2":"value2"}}}}}},"DistributedAMIKey":{"id":"DistributedAMIKey","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/DistributedAMIKey","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"Parameter":{"id":"Parameter","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/Parameter","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"CrossRegionParameter":{"id":"CrossRegionParameter","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/CrossRegionParameter","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"CrossRegionRepository":{"id":"CrossRegionRepository","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/CrossRegionRepository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-imagebuilder-distribution-configuration-all-parameters/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"DistributionConfigurationTest":{"id":"DistributionConfigurationTest","path":"DistributionConfigurationTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"DistributionConfigurationTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"DistributionConfigurationTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"DistributionConfigurationTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"DistributionConfigurationTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"DistributionConfigurationTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.ts b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.ts new file mode 100644 index 0000000000000..9fa34c85336b1 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.all-parameters.distribution-configuration.ts @@ -0,0 +1,170 @@ +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as ecr from 'aws-cdk-lib/aws-ecr'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import * as ssm from 'aws-cdk-lib/aws-ssm'; +import * as imagebuilder from '../lib'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-imagebuilder-distribution-configuration-all-parameters'); +const crossRegionParameter = new cdk.CfnParameter(stack, 'CrossRegion', { + type: 'String', + description: 'Unresolved token testing', + default: 'ap-northeast-1', +}); + +const launchTemplate = new ec2.LaunchTemplate(stack, 'LaunchTemplate', { + machineImage: ec2.MachineImage.latestAmazonLinux2023(), + instanceType: new ec2.InstanceType('t3.small'), +}); +const repository = new ecr.Repository(stack, 'Repository'); + +const distributionConfiguration = new imagebuilder.DistributionConfiguration(stack, 'DistributionConfiguration', { + description: 'This is a distribution configuration.', + tags: { + key1: 'value1', + key2: 'value2', + }, +}); + +const amiOnlyDistributionConfiguration = new imagebuilder.DistributionConfiguration( + stack, + 'AMIDistributionConfiguration', + { + description: 'This is an AMI distribution configuration.', + tags: { + key1: 'value1', + key2: 'value2', + }, + }, +); + +const containerOnlyDistributionConfiguration = new imagebuilder.DistributionConfiguration( + stack, + 'ContainerDistributionConfiguration', + { + description: 'This is an AMI distribution configuration.', + tags: { + key1: 'value1', + key2: 'value2', + }, + }, +); + +const amiDistributionConfiguration: imagebuilder.AmiDistribution = { + region: 'us-east-1', + amiName: 'imagebuilder-{{ imagebuilder:buildDate }}', + amiDescription: 'Build AMI', + amiKmsKey: kms.Alias.fromAliasName(stack, 'DistributedAMIKey', 'alias/distribution-encryption-key'), + amiTargetAccountIds: ['123456789012', '098765432109'], + amiLaunchPermission: { + organizationArns: [ + stack.formatArn({ + region: '', + service: 'organizations', + resource: 'organization', + resourceName: 'o-1234567abc', + }), + ], + organizationalUnitArns: [ + stack.formatArn({ + region: '', + service: 'organizations', + resource: 'ou', + resourceName: 'o-1234567abc/ou-a123-b4567890', + }), + ], + isPublicUserGroup: true, + accountIds: ['234567890123'], + }, + amiTags: { + Environment: 'test', + Version: '{{ imagebuilder:buildVersion }}', + }, + ssmParameters: [ + { + amiAccount: '098765432109', + parameter: ssm.StringParameter.fromStringParameterAttributes(stack, 'Parameter', { + parameterName: '/imagebuilder/ami', + forceDynamicReference: true, + }), + }, + ], + launchTemplates: [ + { + launchTemplate, + setDefaultVersion: true, + }, + ], + fastLaunchConfigurations: [ + { + enabled: true, + launchTemplate, + maxParallelLaunches: 10, + targetSnapshotCount: 25, + }, + ], + licenseConfigurationArns: [ + stack.formatArn({ + service: 'license-manager', + resource: 'license-configuration', + resourceName: 'lic-abcdefghijklmnopqrstuvwxyz123456', + arnFormat: cdk.ArnFormat.COLON_RESOURCE_NAME, + }), + ], +}; + +const crossRegionAmiDistributionConfiguration: imagebuilder.AmiDistribution = { + region: crossRegionParameter.valueAsString, + amiName: 'imagebuilder-{{ imagebuilder:buildDate }}', + amiDescription: 'Build AMI', + amiTags: { + Environment: 'test', + Version: '{{ imagebuilder:buildVersion }}', + }, + ssmParameters: [ + { + parameter: ssm.StringParameter.fromStringParameterAttributes(stack, 'CrossRegionParameter', { + parameterName: '/imagebuilder/ami', + forceDynamicReference: true, + }), + }, + ], +}; + +const containerDistributionConfiguration: imagebuilder.ContainerDistribution = { + region: 'us-east-1', + containerRepository: imagebuilder.Repository.fromEcr(repository), + containerDescription: 'Test container image', + containerTags: ['latest', 'latest-1.0'], +}; + +const crossRegionContainerDistributionConfiguration: imagebuilder.ContainerDistribution = { + region: crossRegionParameter.valueAsString, + containerRepository: imagebuilder.Repository.fromEcr( + ecr.Repository.fromRepositoryName(stack, 'CrossRegionRepository', 'cross-region-repository'), + ), + containerDescription: 'Test container image', + containerTags: ['cross-region-latest', 'cross-region-latest-1.0'], +}; + +distributionConfiguration.addAmiDistributions(amiDistributionConfiguration, crossRegionAmiDistributionConfiguration); +distributionConfiguration.addContainerDistributions( + containerDistributionConfiguration, + crossRegionContainerDistributionConfiguration, +); + +amiOnlyDistributionConfiguration.addAmiDistributions( + amiDistributionConfiguration, + crossRegionAmiDistributionConfiguration, +); + +containerOnlyDistributionConfiguration.addContainerDistributions( + containerDistributionConfiguration, + crossRegionContainerDistributionConfiguration, +); + +new integ.IntegTest(app, 'DistributionConfigurationTest', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets.json new file mode 100644 index 0000000000000..602c179f9d9b1 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373 Template", + "source": { + "path": "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-d8d86b35": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.template.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-default-parameters.assets.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-default-parameters.assets.json new file mode 100644 index 0000000000000..5a959aee44426 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-default-parameters.assets.json @@ -0,0 +1,20 @@ +{ + "version": "48.0.0", + "files": { + "7868915c6b0739d0249701ec46a9bc9d6aded4f4e10d8d61cc53bff8390717e6": { + "displayName": "aws-cdk-imagebuilder-distribution-configuration-default-parameters Template", + "source": { + "path": "aws-cdk-imagebuilder-distribution-configuration-default-parameters.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-74e5b618": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "7868915c6b0739d0249701ec46a9bc9d6aded4f4e10d8d61cc53bff8390717e6.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-default-parameters.template.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-default-parameters.template.json new file mode 100644 index 0000000000000..da0d6200ce2be --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/aws-cdk-imagebuilder-distribution-configuration-default-parameters.template.json @@ -0,0 +1,80 @@ +{ + "Resources": { + "Repository22E53BBD": { + "Type": "AWS::ECR::Repository", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AMIDistributionConfigurationA286FE05": { + "Type": "AWS::ImageBuilder::DistributionConfiguration", + "Properties": { + "Distributions": [ + { + "AmiDistributionConfiguration": { + "Name": "imagebuidler-{{ imagebuilder:buildDate }}" + }, + "Region": { + "Ref": "AWS::Region" + } + } + ], + "Name": "aws-cdk-imagebuilder-distribution-configuration-default-parameters-amidistributionconfiguration-555e4adc" + } + }, + "ContainerDistributionConfiguration18609EDB": { + "Type": "AWS::ImageBuilder::DistributionConfiguration", + "Properties": { + "Distributions": [ + { + "ContainerDistributionConfiguration": { + "TargetRepository": { + "RepositoryName": { + "Ref": "Repository22E53BBD" + }, + "Service": "ECR" + } + }, + "Region": { + "Ref": "AWS::Region" + } + } + ], + "Name": "aws-cdk-imagebuilder-distribution-configuration-default-parameters-containerdistributionconfiguration-8914840a" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/cdk.out b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/cdk.out new file mode 100644 index 0000000000000..523a9aac37cbf --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"48.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/integ.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/integ.json new file mode 100644 index 0000000000000..83f0e0add811c --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "48.0.0", + "testCases": { + "DistributionConfigurationTest/DefaultTest": { + "stacks": [ + "aws-cdk-imagebuilder-distribution-configuration-default-parameters" + ], + "assertionStack": "DistributionConfigurationTest/DefaultTest/DeployAssert", + "assertionStackName": "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373" + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/manifest.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/manifest.json new file mode 100644 index 0000000000000..57b9e9e6b28a7 --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/manifest.json @@ -0,0 +1,627 @@ +{ + "version": "48.0.0", + "artifacts": { + "aws-cdk-imagebuilder-distribution-configuration-default-parameters.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-imagebuilder-distribution-configuration-default-parameters.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-imagebuilder-distribution-configuration-default-parameters": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-imagebuilder-distribution-configuration-default-parameters.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7868915c6b0739d0249701ec46a9bc9d6aded4f4e10d8d61cc53bff8390717e6.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-imagebuilder-distribution-configuration-default-parameters.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-imagebuilder-distribution-configuration-default-parameters.assets" + ], + "metadata": { + "/aws-cdk-imagebuilder-distribution-configuration-default-parameters/Repository": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-default-parameters/Repository/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Repository22E53BBD" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-default-parameters/AMIDistributionConfiguration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AMIDistributionConfigurationA286FE05", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-default-parameters/ContainerDistributionConfiguration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ContainerDistributionConfiguration18609EDB", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-default-parameters/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-imagebuilder-distribution-configuration-default-parameters/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-imagebuilder-distribution-configuration-default-parameters" + }, + "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "DistributionConfigurationTestDefaultTestDeployAssertF6EA9373.assets" + ], + "metadata": { + "/DistributionConfigurationTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/DistributionConfigurationTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "DistributionConfigurationTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "recommendedValue": true, + "explanation": "Pass signingProfileName to CfnSigningProfile" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "recommendedValue": true, + "explanation": "Disable implicit openListener when custom security groups are provided" + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": { + "userValue": false, + "recommendedValue": false, + "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**" + }, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**" + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { + "recommendedValue": true, + "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" + } + } + } + } + }, + "minimumCliVersion": "2.1027.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/tree.json b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/tree.json new file mode 100644 index 0000000000000..fddc84afa9b7b --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.js.snapshot/tree.json @@ -0,0 +1 @@ +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-imagebuilder-distribution-configuration-default-parameters":{"id":"aws-cdk-imagebuilder-distribution-configuration-default-parameters","path":"aws-cdk-imagebuilder-distribution-configuration-default-parameters","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"Repository":{"id":"Repository","path":"aws-cdk-imagebuilder-distribution-configuration-default-parameters/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.Repository","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-distribution-configuration-default-parameters/Repository/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.CfnRepository","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ECR::Repository","aws:cdk:cloudformation:props":{}}}}},"AMIDistributionConfiguration":{"id":"AMIDistributionConfiguration","path":"aws-cdk-imagebuilder-distribution-configuration-default-parameters/AMIDistributionConfiguration","constructInfo":{"fqn":"@aws-cdk/aws-imagebuilder-alpha.DistributionConfiguration","version":"0.0.0","metadata":[]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-distribution-configuration-default-parameters/AMIDistributionConfiguration/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_imagebuilder.CfnDistributionConfiguration","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ImageBuilder::DistributionConfiguration","aws:cdk:cloudformation:props":{"distributions":[{"region":{"Ref":"AWS::Region"},"amiDistributionConfiguration":{"Name":"imagebuidler-{{ imagebuilder:buildDate }}"}}],"name":"aws-cdk-imagebuilder-distribution-configuration-default-parameters-amidistributionconfiguration-555e4adc"}}}}},"ContainerDistributionConfiguration":{"id":"ContainerDistributionConfiguration","path":"aws-cdk-imagebuilder-distribution-configuration-default-parameters/ContainerDistributionConfiguration","constructInfo":{"fqn":"@aws-cdk/aws-imagebuilder-alpha.DistributionConfiguration","version":"0.0.0","metadata":[]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-imagebuilder-distribution-configuration-default-parameters/ContainerDistributionConfiguration/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_imagebuilder.CfnDistributionConfiguration","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::ImageBuilder::DistributionConfiguration","aws:cdk:cloudformation:props":{"distributions":[{"region":{"Ref":"AWS::Region"},"containerDistributionConfiguration":{"TargetRepository":{"RepositoryName":{"Ref":"Repository22E53BBD"},"Service":"ECR"}}}],"name":"aws-cdk-imagebuilder-distribution-configuration-default-parameters-containerdistributionconfiguration-8914840a"}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-imagebuilder-distribution-configuration-default-parameters/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-imagebuilder-distribution-configuration-default-parameters/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"DistributionConfigurationTest":{"id":"DistributionConfigurationTest","path":"DistributionConfigurationTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"DistributionConfigurationTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"DistributionConfigurationTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"DistributionConfigurationTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"DistributionConfigurationTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"DistributionConfigurationTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.ts b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.ts new file mode 100644 index 0000000000000..f3d05a5c1764c --- /dev/null +++ b/packages/@aws-cdk/aws-imagebuilder-alpha/test/integ.default-parameters.distribution-configuration.ts @@ -0,0 +1,24 @@ +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import * as ecr from 'aws-cdk-lib/aws-ecr'; +import * as imagebuilder from '../lib'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-imagebuilder-distribution-configuration-default-parameters'); + +const repository = new ecr.Repository(stack, 'Repository'); + +const amiDistributionConfiguration = new imagebuilder.DistributionConfiguration(stack, 'AMIDistributionConfiguration'); +amiDistributionConfiguration.addAmiDistributions({ amiName: 'imagebuidler-{{ imagebuilder:buildDate }}' }); + +const containerDistributionConfiguration = new imagebuilder.DistributionConfiguration( + stack, + 'ContainerDistributionConfiguration', +); +containerDistributionConfiguration.addContainerDistributions({ + containerRepository: imagebuilder.Repository.fromEcr(repository), +}); + +new integ.IntegTest(app, 'DistributionConfigurationTest', { + testCases: [stack], +});