diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/appconfigenvironmentDefaultTestDeployAssert75BD28E7.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/appconfigenvironmentDefaultTestDeployAssert75BD28E7.assets.json index 947e7fb4d76ea..13d8dae10ffa1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/appconfigenvironmentDefaultTestDeployAssert75BD28E7.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/appconfigenvironmentDefaultTestDeployAssert75BD28E7.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "39.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.assets.json index 8ffcd1a6d5b6d..cdc65b59c1ce0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "39.0.0", "files": { - "6ec3a45c455c20f3072a3622b3e548aa72a4c1b8e5a1fac757962194d9f1c82d": { + "8b5317b754f85f2bf23708deb5bed067016cee6070da8f8fdf848daf7d5e028c": { "source": { "path": "aws-appconfig-environment.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6ec3a45c455c20f3072a3622b3e548aa72a4c1b8e5a1fac757962194d9f1c82d.json", + "objectKey": "8b5317b754f85f2bf23708deb5bed067016cee6070da8f8fdf848daf7d5e028c.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.template.json index ea327d13d23c1..6d109a20eb71e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.template.json @@ -126,6 +126,7 @@ "ApplicationId": { "Ref": "MyApplicationForEnv1F597ED9" }, + "DeletionProtectionCheck": "ACCOUNT_DEFAULT", "Description": "This is the environment for integ testing", "Monitors": [ { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/cdk.out index 1f0068d32659a..91e1a8b9901d5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"39.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/integ.json index c314a395d9c88..49e33ed13ba49 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "39.0.0", "testCases": { "appconfig-environment/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/manifest.json index e21ade66747e8..7d7faf972f4ea 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "39.0.0", "artifacts": { "aws-appconfig-environment.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6ec3a45c455c20f3072a3622b3e548aa72a4c1b8e5a1fac757962194d9f1c82d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/8b5317b754f85f2bf23708deb5bed067016cee6070da8f8fdf848daf7d5e028c.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -105,15 +105,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "MyConfigDeployment36077E0B58611": [ - { - "type": "aws:cdk:logicalId", - "data": "MyConfigDeployment36077E0B58611", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "aws-appconfig-environment" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/tree.json index fd96c532cfa58..0e8689629772d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/tree.json @@ -22,14 +22,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnApplication", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-appconfig-alpha.Application", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "StartDeploymentCallCountAlarm": { @@ -69,14 +69,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "MyRole": { @@ -87,8 +87,8 @@ "id": "ImportMyRole", "path": "aws-appconfig-environment/MyRole/ImportMyRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "Resource": { @@ -127,14 +127,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "MyCompositeAlarm": { @@ -166,14 +166,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cloudwatch.CfnCompositeAlarm", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cloudwatch.CompositeAlarm", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "MyEnvironment": { @@ -188,8 +188,8 @@ "id": "ImportRole1963C", "path": "aws-appconfig-environment/MyEnvironment/Role1963C/ImportRole1963C", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "Resource": { @@ -228,14 +228,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "Resource": { @@ -247,6 +247,7 @@ "applicationId": { "Ref": "MyApplicationForEnv1F597ED9" }, + "deletionProtectionCheck": "ACCOUNT_DEFAULT", "description": "This is the environment for integ testing", "monitors": [ { @@ -296,14 +297,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnEnvironment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-appconfig-alpha.Environment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "MyDeploymentStrategy": { @@ -324,14 +325,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnDeploymentStrategy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-appconfig-alpha.DeploymentStrategy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "MyConfig": { @@ -352,8 +353,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnConfigurationProfile", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "Resource": { @@ -373,8 +374,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnHostedConfigurationVersion", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "Deployment1963C": { @@ -401,36 +402,36 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnDeployment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-appconfig-alpha.HostedConfiguration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-appconfig-environment/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-appconfig-environment/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "appconfig-environment": { @@ -446,7 +447,7 @@ "path": "appconfig-environment/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } }, "DeployAssert": { @@ -457,22 +458,22 @@ "id": "BootstrapVersion", "path": "appconfig-environment/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "appconfig-environment/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, @@ -492,13 +493,13 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.ts index e9c8b1bc81e60..aa11622386de7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.ts @@ -2,7 +2,7 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import { App, Duration, PhysicalName, Stack } from 'aws-cdk-lib'; import { Alarm, ComparisonOperator, CompositeAlarm, Metric, TreatMissingData } from 'aws-cdk-lib/aws-cloudwatch'; import { Role, ServicePrincipal, Effect, PolicyStatement, PolicyDocument } from 'aws-cdk-lib/aws-iam'; -import { Application, ConfigurationContent, DeploymentStrategy, Environment, HostedConfiguration, Monitor, RolloutStrategy } from 'aws-cdk-lib/aws-appconfig'; +import { Application, ConfigurationContent, DeletionProtectionCheck, DeploymentStrategy, Environment, HostedConfiguration, Monitor, RolloutStrategy } from 'aws-cdk-lib/aws-appconfig'; const app = new App(); @@ -54,6 +54,7 @@ const compositeAlarm = new CompositeAlarm(stack, 'MyCompositeAlarm', { const env = new Environment(stack, 'MyEnvironment', { application: appForEnv, description: 'This is the environment for integ testing', + deletionProtectionCheck: DeletionProtectionCheck.ACCOUNT_DEFAULT, monitors: [ Monitor.fromCloudWatchAlarm(alarm), Monitor.fromCfnMonitorsProperty({ diff --git a/packages/aws-cdk-lib/aws-appconfig/lib/environment.ts b/packages/aws-cdk-lib/aws-appconfig/lib/environment.ts index 705cc9c2144cc..6080a077cba7b 100644 --- a/packages/aws-cdk-lib/aws-appconfig/lib/environment.ts +++ b/packages/aws-cdk-lib/aws-appconfig/lib/environment.ts @@ -141,6 +141,32 @@ abstract class EnvironmentBase extends Resource implements IEnvironment, IExtens } } +/** + * The deletion protection check options. + */ +export enum DeletionProtectionCheck { + /** + * The default setting, + * which instructs AWS AppConfig to implement the deletion protection value specified in the UpdateAccountSettings API. + */ + ACCOUNT_DEFAULT = 'ACCOUNT_DEFAULT', + + /** + * Instructs the deletion protection check to run, + * even if deletion protection is disabled at the account level. + * + * APPLY also forces the deletion protection check to run against resources created in the past hour, + * which are normally excluded from deletion protection checks. + */ + APPLY = 'APPLY', + + /** + * Instructs AWS AppConfig to bypass the deletion protection check and delete a configuration profile + * even if deletion protection would have otherwise prevented it. + */ + BYPASS = 'BYPASS', +} + /** * Options for the Environment construct. */ @@ -165,6 +191,13 @@ export interface EnvironmentOptions { * @default - No monitors. */ readonly monitors?: Monitor[]; + + /** + * A property to prevent accidental deletion of active environments. + * + * @default undefined - AppConfig default is ACCOUNT_DEFAULT + */ + readonly deletionProtectionCheck?: DeletionProtectionCheck; } /** @@ -309,6 +342,7 @@ export class Environment extends EnvironmentBase { applicationId: this.applicationId, name: this.name, description: this.description, + deletionProtectionCheck: props.deletionProtectionCheck, monitors: this.monitors?.map((monitor) => { return { alarmArn: monitor.alarmArn, diff --git a/packages/aws-cdk-lib/aws-appconfig/test/environment.test.ts b/packages/aws-cdk-lib/aws-appconfig/test/environment.test.ts index 398a5dbc728ee..4ee3b62abe865 100644 --- a/packages/aws-cdk-lib/aws-appconfig/test/environment.test.ts +++ b/packages/aws-cdk-lib/aws-appconfig/test/environment.test.ts @@ -2,7 +2,7 @@ import { Template } from '../../assertions'; import { Alarm, CompositeAlarm, Metric } from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; import * as cdk from '../../core'; -import { Application, ConfigurationContent, Environment, HostedConfiguration, Monitor } from '../lib'; +import { Application, ConfigurationContent, DeletionProtectionCheck, Environment, HostedConfiguration, Monitor } from '../lib'; describe('environment', () => { test('default environment', () => { @@ -20,6 +20,27 @@ describe('environment', () => { }); }); + test.each([ + DeletionProtectionCheck.ACCOUNT_DEFAULT, + DeletionProtectionCheck.APPLY, + DeletionProtectionCheck.BYPASS, + ])('environment with deletion protection check', (deletionProtectionCheck) => { + const stack = new cdk.Stack(); + const app = new Application(stack, 'MyAppConfig'); + new Environment(stack, 'MyEnvironment', { + application: app, + deletionProtectionCheck, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::AppConfig::Environment', { + Name: 'MyEnvironment', + ApplicationId: { + Ref: 'MyAppConfigB4B63E75', + }, + DeletionProtectionCheck: deletionProtectionCheck, + }); + }); + test('environment with name', () => { const stack = new cdk.Stack(); const app = new Application(stack, 'MyAppConfig');