From 9572a627c23a448b787d0337ed7b745cec4174d6 Mon Sep 17 00:00:00 2001 From: shikha372 Date: Thu, 10 Oct 2024 10:14:23 -0700 Subject: [PATCH 1/9] adding imports for first draft --- .../@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts | 171 +++- .../@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts | 13 +- packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts | 234 ++++- .../\342\224\234[~] service aws-amazonmq.ini" | 886 ++++++++++++++++++ 4 files changed, 1278 insertions(+), 26 deletions(-) create mode 100644 "packages/@aws-cdk/aws-ec2-alpha/lib/\342\224\234[~] service aws-amazonmq.ini" diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts index 8b84cf66b68ce..89f50c0cf6091 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts @@ -4,6 +4,7 @@ import { Construct, DependencyGroup, IDependable } from 'constructs'; import { IVpcV2 } from './vpc-v2-base'; import { CidrBlock, CidrBlockIpv6 } from './util'; import { RouteTable } from './route'; +import { error } from 'console'; /** * Interface to define subnet CIDR @@ -120,6 +121,13 @@ export interface ISubnetV2 extends ISubnet { */ export class SubnetV2 extends Resource implements ISubnetV2 { + /** + * Import an existing subnet to the VPC + */ + public static fromSubnetV2attributes(scope: Construct, id: string, attrs: SubnetV2Attributes) : ISubnetV2 { + return new ImportedSubnetV2(scope, id, attrs); + } + /** * The Availability Zone the subnet is located in */ @@ -276,6 +284,133 @@ export class SubnetV2 extends Resource implements ISubnetV2 { } } +/** + * Properties required to import a subnet + */ +export interface SubnetV2Attributes { + /** + * The Availability Zone the subnet is located in + * + * @default - No AZ information, cannot use AZ selection features + */ + readonly availabilityZone: string; + + /** + * The IPv4 CIDR block associated with the subnet + * + * @default - No CIDR information, cannot use CIDR filter features + */ + readonly ipv4CidrBlock: string; + + /** + * The IPv4 CIDR block associated with the subnet + * + * @default - No CIDR information, cannot use CIDR filter features + */ + readonly ipv6CidrBlock?: string; + + /** + * The ID of the route table for this particular subnet + * + * @default - No route table information, cannot create VPC endpoints + */ + readonly routeTableId?: string; + + /** + * The subnetId for this particular subnet + */ + readonly subnetId: string; + + /** + * The type of subnet (public or private) that this subnet represents. + */ + readonly subnetType: SubnetType; + + /** + * The type of subnet (public or private) that this subnet represents. + */ + readonly subnetName?: string; + +} + +/** + * Properties required to import a subnet + */ +export interface ImportedSubnetV2Props extends SubnetV2Attributes {} + +/** + * Class to define an import for existing subnet + * @resource AWS::EC2::Subnet + */ +export class ImportedSubnetV2 extends Resource implements ISubnetV2 { + + /** + * The IPv6 CIDR Block for this subnet + */ + public readonly ipv6CidrBlock?: string; + + /** + * The type of subnet (public or private) that this subnet represents. + */ + public readonly subnetType?: SubnetType; + + /** + * The Availability Zone the subnet is located in + */ + public readonly availabilityZone: string; + + /** + * The subnetId for this particular subnet + */ + public readonly subnetId: string; + + /** + * Dependable that can be depended upon to force internet connectivity established on the VPC + */ + public readonly internetConnectivityEstablished: IDependable = new DependencyGroup(); + + /** + * The IPv4 CIDR block for this subnet + */ + public readonly ipv4CidrBlock: string; + + /** + * The route table for this subnet + */ + public readonly routeTable: IRouteTable; + + constructor(scope: Construct, id: string, props: ImportedSubnetV2Props) { + super(scope, id); + + if (!props.routeTableId) { + throw new Error('Route Table ID is required'); + } + + this.ipv4CidrBlock = props.ipv4CidrBlock; + this.availabilityZone = props.availabilityZone; + this.subnetType = props.subnetType; + this.ipv6CidrBlock = props.ipv6CidrBlock; + this.subnetId = props.subnetId; + this.routeTable = { + //if not given should we fallback + routeTableId: props.routeTableId!, + }; + } + + /** + * Associate a Network ACL with this subnet + * Required here since it is implemented in the ISubnetV2 + */ + public associateNetworkAcl(id: string, networkAcl: INetworkAcl) { + const scope = networkAcl instanceof Construct ? networkAcl : this; + const other = networkAcl instanceof Construct ? this : networkAcl; + new SubnetNetworkAclAssociation(scope, id + Names.nodeUniqueId(other.node), { + networkAcl, + subnet: this, + }); + } +} + const subnetTypeMap = { [SubnetType.PRIVATE_ISOLATED]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.isolatedSubnets.push(subnet), [SubnetType.PUBLIC]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.publicSubnets.push(subnet), @@ -305,8 +440,10 @@ function storeSubnetToVpcByType(vpc: IVpcV2, subnet: SubnetV2, type: SubnetType) * Need to set explicit dependency as during stack deletion, * the cidr blocks may get deleted first and will fail as the subnets are still using the cidr blocks */ - for (const cidr of vpc.secondaryCidrBlock) { - subnet.node.addDependency(cidr); + if (vpc.secondaryCidrBlock) { + for (const cidr of vpc.secondaryCidrBlock) { + subnet.node.addDependency(cidr); + } } } @@ -319,12 +456,15 @@ function storeSubnetToVpcByType(vpc: IVpcV2, subnet: SubnetV2, type: SubnetType) * @internal */ function validateSupportIpv6(vpc: IVpcV2) { - if (vpc.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true || + + if (vpc.secondaryCidrBlock) { + if (vpc.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true || secondaryAddress.ipv6IpamPoolId != undefined)) { - return true; - } else { - throw new Error('To use IPv6, the VPC must enable IPv6 support.'); - } + return true; + } else { + throw new Error('To use IPv6, the VPC must enable IPv6 support.'); + } + } else {return false;} } /** @@ -339,17 +479,18 @@ function checkCidrRanges(vpc: IVpcV2, cidrRange: string) { const vpcCidrBlock = [vpc.ipv4CidrBlock]; - for (const ipAddress of vpc.secondaryCidrBlock) { - if (ipAddress.cidrBlock) { - vpcCidrBlock.push(ipAddress.cidrBlock); + if (vpc.secondaryCidrBlock) { + for (const ipAddress of vpc.secondaryCidrBlock) { + if (ipAddress.cidrBlock) { + vpcCidrBlock.push(ipAddress.cidrBlock); + } } - } - const cidrs = vpcCidrBlock.map(cidr => new CidrBlock(cidr)); - - const subnetCidrBlock = new CidrBlock(cidrRange); + const cidrs = vpcCidrBlock.map(cidr => new CidrBlock(cidr)); - return cidrs.some(c => c.containsCidr(subnetCidrBlock)); + const subnetCidrBlock = new CidrBlock(cidrRange); + return cidrs.some(c => c.containsCidr(subnetCidrBlock)); + } else {throw error('No secondary IP address attached to VPC');} } /** diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts index 013bcfd501243..2bdb3468432ae 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts @@ -1,9 +1,10 @@ import { Resource, Annotations } from 'aws-cdk-lib'; -import { IVpc, ISubnet, SubnetSelection, SelectedSubnets, EnableVpnGatewayOptions, VpnGateway, VpnConnectionType, CfnVPCGatewayAttachment, CfnVPNGatewayRoutePropagation, VpnConnectionOptions, VpnConnection, ClientVpnEndpointOptions, ClientVpnEndpoint, InterfaceVpcEndpointOptions, InterfaceVpcEndpoint, GatewayVpcEndpointOptions, GatewayVpcEndpoint, FlowLogOptions, FlowLog, FlowLogResourceType, SubnetType, SubnetFilter, CfnVPCCidrBlock } from 'aws-cdk-lib/aws-ec2'; +import { IVpc, ISubnet, SubnetSelection, SelectedSubnets, EnableVpnGatewayOptions, VpnGateway, VpnConnectionType, CfnVPCGatewayAttachment, CfnVPNGatewayRoutePropagation, VpnConnectionOptions, VpnConnection, ClientVpnEndpointOptions, ClientVpnEndpoint, InterfaceVpcEndpointOptions, InterfaceVpcEndpoint, GatewayVpcEndpointOptions, GatewayVpcEndpoint, FlowLogOptions, FlowLog, FlowLogResourceType, SubnetType, SubnetFilter } from 'aws-cdk-lib/aws-ec2'; import { allRouteTableIds, flatten, subnetGroupNameFromConstructId } from './util'; import { IDependable, Dependable, IConstruct, DependencyGroup } from 'constructs'; import { EgressOnlyInternetGateway, InternetGateway, NatConnectivityType, NatGateway, NatGatewayOptions, Route, VPNGatewayV2 } from './route'; import { ISubnetV2 } from './subnet-v2'; +import { IVPCCidrBlock } from './vpc-v2'; /** * Options to define EgressOnlyInternetGateway for VPC @@ -86,7 +87,7 @@ export interface IVpcV2 extends IVpc { * * For more information, see the {@link https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-resize}. */ - readonly secondaryCidrBlock: CfnVPCCidrBlock[]; + readonly secondaryCidrBlock?: IVPCCidrBlock[]; /** * The primary IPv4 CIDR block associated with the VPC. @@ -188,7 +189,7 @@ export abstract class VpcV2Base extends Resource implements IVpcV2 { * Secondary IPs for the VPC, can be multiple Ipv4 or Ipv6 * Ipv4 should be within RFC#1918 range */ - public abstract readonly secondaryCidrBlock: CfnVPCCidrBlock[]; + public abstract readonly secondaryCidrBlock?: IVPCCidrBlock[]; /** * The primary IPv4 CIDR block associated with the VPC. @@ -344,8 +345,12 @@ export abstract class VpcV2Base extends Resource implements IVpcV2 { vpc: this, }); - const useIpv6 = (this.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true || + let useIpv6; + + if (this.secondaryCidrBlock) { + useIpv6 = (this.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true || secondaryAddress.ipv6IpamPoolId != undefined)); + } if (!useIpv6) { throw new Error('Egress only IGW can only be added to Ipv6 enabled VPC'); diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts index a4477c69a6587..1d25bb37552ea 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -1,8 +1,9 @@ import { CfnVPC, CfnVPCCidrBlock, DefaultInstanceTenancy, ISubnet } from 'aws-cdk-lib/aws-ec2'; -import { Arn, CfnResource, Lazy, Names } from 'aws-cdk-lib/core'; -import { Construct, IDependable } from 'constructs'; +import { Arn, CfnResource, Lazy, Names, Resource, Stack } from 'aws-cdk-lib/core'; +import { Construct, DependencyGroup, IDependable } from 'constructs'; import { IpamOptions, IIpamPool } from './ipam'; -import { VpcV2Base } from './vpc-v2-base'; +import { IVpcV2, VpcV2Base } from './vpc-v2-base'; +import { ISubnetV2, ImportedSubnetV2, SubnetV2Attributes } from './subnet-v2'; /** * Additional props needed for secondary Address @@ -182,6 +183,56 @@ export interface VpcV2Props { readonly vpcName?: string; } +/** + * Options to import a VPC created outside of CDK + */ +export interface VpcV2Attributes { + + /** + * The region in which the VPC is located + * @default - No region information + */ + readonly region?: string; + + /** + * The VPC ID + */ + readonly vpcId: string; + + /** + * Primary VPC CIDR Block of the imported VPC + * Can only be IPv4 + */ + readonly vpcCidrBlock: string; + + /** + * A VPN Gateway is attached to the VPC + */ + readonly vpnGatewayId?: string; + + /** + * Public subnets associated with VPC + */ + readonly publicSubnets?: SubnetV2Attributes[]; + + /** + * Private subnets associated with VPC + */ + readonly privateSubnets?: SubnetV2Attributes[]; + + /** + * Isolated subnets associated with VPC + */ + readonly isolatedSubnets?: SubnetV2Attributes[]; + + /** + * Import Secondary CIDR blocks associated with VPC + * @default - No secondary IP address + */ + readonly secondaryCidrBlocks?: VPCCidrBlockProps[]; + +} + /** * This class provides a foundation for creating and configuring a VPC with advanced features such as IPAM (IP Address Management) and IPv6 support. * @@ -255,7 +306,7 @@ export class VpcV2 extends VpcV2Base { /** * reference to all secondary blocks attached */ - public readonly secondaryCidrBlock = new Array; + public readonly secondaryCidrBlock?: IVPCCidrBlock[] = new Array; /** * For validation to define IPv6 subnets, set to true in case of @@ -323,7 +374,16 @@ export class VpcV2 extends VpcV2Base { throw new Error('CIDR block should be in the same RFC 1918 range in the VPC'); } } - const cfnVpcCidrBlock = new CfnVPCCidrBlock(this, secondaryVpcOptions.cidrBlockName, { + // const cfnVpcCidrBlock = new CfnVPCCidrBlock(this, secondaryVpcOptions.cidrBlockName, { + // vpcId: this.vpcId, + // cidrBlock: secondaryVpcOptions.ipv4CidrBlock, + // ipv4IpamPoolId: secondaryVpcOptions.ipv4IpamPool?.ipamPoolId, + // ipv4NetmaskLength: secondaryVpcOptions.ipv4NetmaskLength, + // ipv6NetmaskLength: secondaryVpcOptions.ipv6NetmaskLength, + // ipv6IpamPoolId: secondaryVpcOptions.ipv6IpamPool?.ipamPoolId, + // amazonProvidedIpv6CidrBlock: secondaryVpcOptions.amazonProvided, + // }); + const cfnVpcCidrBlock = new VPCCidrBlock(this, secondaryVpcOptions.cidrBlockName, { vpcId: this.vpcId, cidrBlock: secondaryVpcOptions.ipv4CidrBlock, ipv4IpamPoolId: secondaryVpcOptions.ipv4IpamPool?.ipamPoolId, @@ -334,11 +394,11 @@ export class VpcV2 extends VpcV2Base { }); if (secondaryVpcOptions.dependencies) { for (const dep of secondaryVpcOptions.dependencies) { - cfnVpcCidrBlock.addDependency(dep); + cfnVpcCidrBlock.node.addDependency(dep); } } //Create secondary blocks for Ipv4 and Ipv6 - this.secondaryCidrBlock.push(cfnVpcCidrBlock); + this.secondaryCidrBlock?.push(cfnVpcCidrBlock); } } @@ -363,6 +423,13 @@ export class VpcV2 extends VpcV2Base { */ this.internetConnectivityEstablished = this._internetConnectivityEstablished; } + + /** + * Create a VPC from existing attributes + */ + public fromVpcV2attributes(scope: Construct, id: string, options: VpcV2Attributes): IVpcV2 { + return new ImportedVpcV2(scope, id, options); + } } /** * Supports assigning IPv4 address to VPC @@ -443,6 +510,52 @@ class IpamIpv4 implements IIpAddresses { } } +/** + * Internal class to allow users to import VPC + * @internal + */ +class ImportedVpcV2 extends VpcV2Base { + public readonly vpcId: string; + public readonly vpcArn: string; + public readonly publicSubnets: ISubnetV2[] = []; + public readonly privateSubnets: ISubnetV2[] = []; + public readonly isolatedSubnets: ISubnetV2[] = []; + public readonly internetConnectivityEstablished: IDependable = new DependencyGroup(); + + //Added in IVPCv2 + public readonly ipv4CidrBlock: string; + + //Added in IVPCv2 + public readonly secondaryCidrBlock?: IVPCCidrBlock[]; + + public readonly vpcCidrBlock: string; + + constructor(scope: Construct, id: string, props: VpcV2Attributes) { + super(scope, id, { + region: props. region, + }); + this.vpcId = props.vpcId, + this.vpcArn = Arn.format({ + service: 'ec2', + resource: 'vpc', + resourceName: this.vpcId, + }, Stack.of(this)); + this.vpcCidrBlock = props.vpcCidrBlock; + this.ipv4CidrBlock = props.vpcCidrBlock; + this._vpnGatewayId = props.vpnGatewayId; //TODO if we need it for other gateways + if (props.publicSubnets) { + this.publicSubnets = props.publicSubnets.map(subnet => new ImportedSubnetV2(scope, 'ImportedPublicSubnet', subnet)); + } + if (props.privateSubnets) { + this.privateSubnets = props.privateSubnets.map(subnet => new ImportedSubnetV2(scope, 'ImportedPrivateSubnet', subnet)); + } + if (props.isolatedSubnets) { + this.isolatedSubnets = props.isolatedSubnets.map(subnet => new ImportedSubnetV2(scope, 'ImportedPrivateSubnet', subnet)); + } + this.secondaryCidrBlock = props.secondaryCidrBlocks?.map(cidrBlock => VPCCidrBlock.fromVPCCidrBlockattributes(scope, 'ImportedCidrBlock', cidrBlock)); + } +} + //@internal First two Octet to verify RFC 1918 interface IPaddressConfig { octet1: number; @@ -483,4 +596,111 @@ function validateIpv4address(cidr1?: string, cidr2?: string): boolean { return (ip1.octet1 === 10 && ip2.octet1 === 10) || (ip1.octet1 === 192 && ip1.octet2 === 168 && ip2.octet1 === 192 && ip2.octet2 === 168) || (ip1.octet1 === 172 && ip1.octet2 === 16 && ip2.octet1 === 172 && ip2.octet2 === 16); // CIDR ranges belong to same private IP address ranges +} + +/** + * Interface VPCCidrBlock + */ +export interface VPCCidrBlockProps { + /** + * The VPC Id + */ + readonly vpcId: string; + + /** + * The secondary IPv4 CIDR Block + * @default - no CIDR block provided + */ + readonly cidrBlock?: string; + + /** + * Opt for amazonProvided Ipv6 CIDR address + * @default false + */ + readonly amazonProvidedIpv6CidrBlock?: boolean; + + /** + * IPAM pool Id for IPv6 address type + * @default - no IPAM pool Id provided + */ + readonly ipv6IpamPoolId?: string; + + /** + * IPAM pool Id for IPv4 address type + * @default - no IPAM pool Id provided + */ + readonly ipv4IpamPoolId?: string; + + /** + * Net mask length for IPv4 address type + * @default - no Net mask length configured and it would fail the deployment + */ + readonly ipv4NetmaskLength?: number; + + /** + * Net mask length for IPv6 address type + * @default - no Net mask length configured and it would fail the deployment + */ + readonly ipv6NetmaskLength?: number; +} + +/** + * Internal L2 for VPC Cidr Block + * @internal + */ +class VPCCidrBlock extends Resource implements IVPCCidrBlock { + + public static fromVPCCidrBlockattributes(scope: Construct, id: string, props: VPCCidrBlockProps) : IVPCCidrBlock { + class Import extends Resource implements IVPCCidrBlock { + public readonly cidrBlock = props.cidrBlock; + public readonly amazonProvidedIpv6CidrBlock ?: boolean = props.amazonProvidedIpv6CidrBlock;; + public readonly ipv6IpamPoolId ?: string = props.ipv6IpamPoolId; + } + return new Import(scope, id); + } + + public readonly resource: CfnVPCCidrBlock; + + public readonly cidrBlock?: string; + + public readonly amazonProvidedIpv6CidrBlock?: boolean; + + public readonly ipv6IpamPoolId?: string; + + public readonly ipv4IpamPoolId?: string; + + constructor(scope: Construct, id: string, props: VPCCidrBlockProps) { + super(scope, id); + this.resource = new CfnVPCCidrBlock(this, id, props); + this.cidrBlock = props.cidrBlock; + this.ipv6IpamPoolId = props.ipv6IpamPoolId; + this.ipv4IpamPoolId = props.ipv4IpamPoolId; + this.amazonProvidedIpv6CidrBlock = props.amazonProvidedIpv6CidrBlock; + } + +} + +/** + * Interface to create L2 for VPC Cidr Block + */ +export interface IVPCCidrBlock { + /** + * The CIDR block + */ + readonly cidrBlock?: string; + + /** + * Amazon Provided Ipv6 + */ + readonly amazonProvidedIpv6CidrBlock? : boolean; + + /** + * IPAM pool for IPv6 address type + */ + readonly ipv6IpamPoolId ?: string; + + /** + * IPAM pool for IPv4 address type + */ + readonly ipv4IpamPoolId ?: string; } \ No newline at end of file diff --git "a/packages/@aws-cdk/aws-ec2-alpha/lib/\342\224\234[~] service aws-amazonmq.ini" "b/packages/@aws-cdk/aws-ec2-alpha/lib/\342\224\234[~] service aws-amazonmq.ini" new file mode 100644 index 0000000000000..b6eec04c09f0e --- /dev/null +++ "b/packages/@aws-cdk/aws-ec2-alpha/lib/\342\224\234[~] service aws-amazonmq.ini" @@ -0,0 +1,886 @@ +├[~] service aws-amazonmq +│ └ resources +│ └[~] resource AWS::AmazonMQ::Configuration +│ └ attributes +│ └ Revision: - integer +│ + string ⇐ integer +├[~] service aws-apigatewayv2 +│ └ resources +│ └[~] resource AWS::ApiGatewayV2::Integration +│ ├ attributes +│ │ └[-] Id: string +│ └ types +│ └[~] type ResponseParameter +│ ├ - documentation: response parameter +│ │ + documentation: Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match the pattern `:
.` or `overwrite.statuscode` . The action can be `append` , `overwrite` or `remove` . The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see [Transforming API requests and responses](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) . +│ └ properties +│ ├ Destination: (documentation changed) +│ └ Source: (documentation changed) +├[~] service aws-autoscaling +│ └ resources +│ └[~] resource AWS::AutoScaling::ScalingPolicy +│ └ types +│ ├[~] type TargetTrackingMetricDataQuery +│ │ └ - documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. +│ │ You can use `TargetTrackingMetricDataQuery` structures with a `PutScalingPolicy` operation when you specify a `TargetTrackingConfiguration` in the request. +│ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series. +│ │ For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* . +│ │ + documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. +│ │ You can use `TargetTrackingMetricDataQuery` structures with a [PutScalingPolicy](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PutScalingPolicy.html) operation when you specify a [TargetTrackingConfiguration](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_TargetTrackingConfiguration.html) in the request. +│ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series. +│ │ For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* . +│ └[~] type TargetTrackingMetricStat +│ └ - documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit. +│ `TargetTrackingMetricStat` is a property of the `TargetTrackingMetricDataQuery` object. +│ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . +│ + documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit. +│ `TargetTrackingMetricStat` is a property of the [TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_TargetTrackingMetricDataQuery.html) object. +│ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . +├[~] service aws-b2bi +│ └ resources +│ ├[~] resource AWS::B2BI::Capability +│ │ └ types +│ │ └[~] type EdiConfiguration +│ │ └ properties +│ │ └[+] CapabilityDirection: string +│ ├[~] resource AWS::B2BI::Partnership +│ │ ├ properties +│ │ │ ├ Capabilities: - Array +│ │ │ │ + Array (required) +│ │ │ └[+] CapabilityOptions: CapabilityOptions +│ │ └ types +│ │ ├[+] type CapabilityOptions +│ │ │ ├ name: CapabilityOptions +│ │ │ └ properties +│ │ │ └OutboundEdi: OutboundEdiOptions +│ │ ├[+] type OutboundEdiOptions +│ │ │ ├ name: OutboundEdiOptions +│ │ │ └ properties +│ │ │ └X12: X12Envelope (required) +│ │ ├[+] type X12Delimiters +│ │ │ ├ name: X12Delimiters +│ │ │ └ properties +│ │ │ ├ComponentSeparator: string +│ │ │ ├DataElementSeparator: string +│ │ │ └SegmentTerminator: string +│ │ ├[+] type X12Envelope +│ │ │ ├ name: X12Envelope +│ │ │ └ properties +│ │ │ └Common: X12OutboundEdiHeaders +│ │ ├[+] type X12FunctionalGroupHeaders +│ │ │ ├ name: X12FunctionalGroupHeaders +│ │ │ └ properties +│ │ │ ├ApplicationSenderCode: string +│ │ │ ├ApplicationReceiverCode: string +│ │ │ └ResponsibleAgencyCode: string +│ │ ├[+] type X12InterchangeControlHeaders +│ │ │ ├ name: X12InterchangeControlHeaders +│ │ │ └ properties +│ │ │ ├SenderIdQualifier: string +│ │ │ ├SenderId: string +│ │ │ ├ReceiverIdQualifier: string +│ │ │ ├ReceiverId: string +│ │ │ ├RepetitionSeparator: string +│ │ │ ├AcknowledgmentRequestedCode: string +│ │ │ └UsageIndicatorCode: string +│ │ └[+] type X12OutboundEdiHeaders +│ │ ├ name: X12OutboundEdiHeaders +│ │ └ properties +│ │ ├InterchangeControlHeaders: X12InterchangeControlHeaders +│ │ ├FunctionalGroupHeaders: X12FunctionalGroupHeaders +│ │ ├Delimiters: X12Delimiters +│ │ └ValidateEdi: boolean +│ └[~] resource AWS::B2BI::Transformer +│ ├ properties +│ │ ├ EdiType: - EdiType (required) +│ │ │ + EdiType (deprecated=WARN) +│ │ ├ FileFormat: - string (required) +│ │ │ + string (deprecated=WARN) +│ │ ├[+] InputConversion: InputConversion +│ │ ├[+] Mapping: Mapping +│ │ ├ MappingTemplate: - string (required) +│ │ │ + string (deprecated=WARN) +│ │ ├[+] OutputConversion: OutputConversion +│ │ ├ SampleDocument: - string +│ │ │ + string (deprecated=WARN) +│ │ └[+] SampleDocuments: SampleDocuments +│ └ types +│ ├[+] type FormatOptions +│ │ ├ name: FormatOptions +│ │ └ properties +│ │ └X12: X12Details (required) +│ ├[+] type InputConversion +│ │ ├ name: InputConversion +│ │ └ properties +│ │ ├FromFormat: string (required) +│ │ └FormatOptions: FormatOptions +│ ├[+] type Mapping +│ │ ├ name: Mapping +│ │ └ properties +│ │ ├TemplateLanguage: string (required) +│ │ └Template: string +│ ├[+] type OutputConversion +│ │ ├ name: OutputConversion +│ │ └ properties +│ │ ├ToFormat: string (required) +│ │ └FormatOptions: FormatOptions +│ ├[+] type SampleDocumentKeys +│ │ ├ name: SampleDocumentKeys +│ │ └ properties +│ │ ├Input: string +│ │ └Output: string +│ └[+] type SampleDocuments +│ ├ name: SampleDocuments +│ └ properties +│ ├BucketName: string (required) +│ └Keys: Array (required) +├[~] service aws-batch +│ └ resources +│ └[~] resource AWS::Batch::JobDefinition +│ └ types +│ ├[~] type EcsProperties +│ │ └ properties +│ │ └ TaskProperties: (documentation changed) +│ └[~] type PodProperties +│ └ properties +│ ├ Containers: (documentation changed) +│ └ InitContainers: (documentation changed) +├[~] service aws-bedrock +│ └ resources +│ ├[~] resource AWS::Bedrock::Flow +│ │ └ types +│ │ ├[~] type KnowledgeBaseFlowNodeConfiguration +│ │ │ └ properties +│ │ │ └ ModelId: (documentation changed) +│ │ └[~] type PromptFlowNodeInlineConfiguration +│ │ └ properties +│ │ └ ModelId: (documentation changed) +│ ├[~] resource AWS::Bedrock::FlowVersion +│ │ └ types +│ │ ├[~] type KnowledgeBaseFlowNodeConfiguration +│ │ │ └ properties +│ │ │ └ ModelId: (documentation changed) +│ │ └[~] type PromptFlowNodeInlineConfiguration +│ │ └ properties +│ │ └ ModelId: (documentation changed) +│ ├[~] resource AWS::Bedrock::KnowledgeBase +│ │ ├ attributes +│ │ │ ├ CreatedAt: (documentation changed) +│ │ │ └ UpdatedAt: (documentation changed) +│ │ └ types +│ │ └[~] type KnowledgeBaseConfiguration +│ │ └ properties +│ │ └ VectorKnowledgeBaseConfiguration: (documentation changed) +│ ├[~] resource AWS::Bedrock::Prompt +│ │ └ types +│ │ └[~] type PromptVariant +│ │ └ properties +│ │ └ ModelId: (documentation changed) +│ └[~] resource AWS::Bedrock::PromptVersion +│ └ types +│ └[~] type PromptVariant +│ └ properties +│ └ ModelId: (documentation changed) +├[~] service aws-cloudformation +│ └ resources +│ └[~] resource AWS::CloudFormation::HookTypeConfig +│ └ properties +│ ├ Configuration: (documentation changed) +│ ├ TypeArn: (documentation changed) +│ └ TypeName: (documentation changed) +├[~] service aws-cloudtrail +│ └ resources +│ ├[~] resource AWS::CloudTrail::EventDataStore +│ │ └ types +│ │ ├[~] type AdvancedEventSelector +│ │ │ └ - documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . +│ │ │ You cannot apply both event selectors and advanced event selectors to a trail. +│ │ │ *Supported CloudTrail event record fields for management events* +│ │ │ - `eventCategory` (required) +│ │ │ - `eventSource` +│ │ │ - `readOnly` +│ │ │ *Supported CloudTrail event record fields for data events* +│ │ │ - `eventCategory` (required) +│ │ │ - `resources.type` (required) +│ │ │ - `readOnly` +│ │ │ - `eventName` +│ │ │ - `resources.ARN` +│ │ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . +│ │ │ + documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* . +│ │ │ You cannot apply both event selectors and advanced event selectors to a trail. +│ │ │ *Supported CloudTrail event record fields for management events* +│ │ │ - `eventCategory` (required) +│ │ │ - `eventSource` +│ │ │ - `readOnly` +│ │ │ *Supported CloudTrail event record fields for data events* +│ │ │ - `eventCategory` (required) +│ │ │ - `resources.type` (required) +│ │ │ - `readOnly` +│ │ │ - `eventName` +│ │ │ - `resources.ARN` +│ │ │ *Supported CloudTrail event record fields for network activity events* +│ │ │ > Network activity events is in preview release for CloudTrail and is subject to change. +│ │ │ - `eventCategory` (required) +│ │ │ - `eventSource` (required) +│ │ │ - `eventName` +│ │ │ - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` . +│ │ │ - `vpcEndpointId` +│ │ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . +│ │ └[~] type AdvancedFieldSelector +│ │ └ properties +│ │ └ Field: (documentation changed) +│ └[~] resource AWS::CloudTrail::Trail +│ ├ properties +│ │ └ AdvancedEventSelectors: (documentation changed) +│ └ types +│ ├[~] type AdvancedEventSelector +│ │ └ - documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . +│ │ You cannot apply both event selectors and advanced event selectors to a trail. +│ │ *Supported CloudTrail event record fields for management events* +│ │ - `eventCategory` (required) +│ │ - `eventSource` +│ │ - `readOnly` +│ │ *Supported CloudTrail event record fields for data events* +│ │ - `eventCategory` (required) +│ │ - `resources.type` (required) +│ │ - `readOnly` +│ │ - `eventName` +│ │ - `resources.ARN` +│ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . +│ │ + documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* . +│ │ You cannot apply both event selectors and advanced event selectors to a trail. +│ │ *Supported CloudTrail event record fields for management events* +│ │ - `eventCategory` (required) +│ │ - `eventSource` +│ │ - `readOnly` +│ │ *Supported CloudTrail event record fields for data events* +│ │ - `eventCategory` (required) +│ │ - `resources.type` (required) +│ │ - `readOnly` +│ │ - `eventName` +│ │ - `resources.ARN` +│ │ *Supported CloudTrail event record fields for network activity events* +│ │ > Network activity events is in preview release for CloudTrail and is subject to change. +│ │ - `eventCategory` (required) +│ │ - `eventSource` (required) +│ │ - `eventName` +│ │ - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` . +│ │ - `vpcEndpointId` +│ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . +│ ├[~] type AdvancedFieldSelector +│ │ └ properties +│ │ └ Field: (documentation changed) +│ └[~] type DataResource +│ └ properties +│ └ Type: (documentation changed) +├[~] service aws-datasync +│ └ resources +│ └[~] resource AWS::DataSync::LocationS3 +│ └ - documentation: The `AWS::DataSync::LocationS3` resource specifies an endpoint for an Amazon S3 bucket. +│ For more information, see [Create an Amazon S3 location](https://docs.aws.amazon.com/datasync/latest/userguide/create-locations-cli.html#create-location-s3-cli) in the *AWS DataSync User Guide* . +│ + documentation: The `AWS::DataSync::LocationS3` resource specifies an endpoint for an Amazon S3 bucket. +│ For more information, see the [*AWS DataSync User Guide*](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html) . +├[~] service aws-ec2 +│ └ resources +│ ├[~] resource AWS::EC2::NatGateway +│ │ └ properties +│ │ └ SecondaryAllocationIds: (documentation changed) +│ ├[~] resource AWS::EC2::TransitGateway +│ │ └ properties +│ │ └[+] SecurityGroupReferencingSupport: string +│ ├[~] resource AWS::EC2::TransitGatewayAttachment +│ │ └ types +│ │ └[~] type Options +│ │ └ properties +│ │ └[+] SecurityGroupReferencingSupport: string +│ ├[~] resource AWS::EC2::TransitGatewayVpcAttachment +│ │ └ types +│ │ └[~] type Options +│ │ └ properties +│ │ └[+] SecurityGroupReferencingSupport: string +│ └[~] resource AWS::EC2::VPCEndpoint +│ └ properties +│ └ PolicyDocument: (documentation changed) +├[~] service aws-ecs +│ └ resources +│ ├[~] resource AWS::ECS::Service +│ │ └ types +│ │ └[~] type LogConfiguration +│ │ └ properties +│ │ └ Options: (documentation changed) +│ └[~] resource AWS::ECS::TaskDefinition +│ └ types +│ └[~] type LogConfiguration +│ └ properties +│ └ Options: (documentation changed) +├[~] service aws-eks +│ └ resources +│ └[~] resource AWS::EKS::Cluster +│ ├ properties +│ │ └[+] ZonalShiftConfig: ZonalShiftConfig +│ └ types +│ └[+] type ZonalShiftConfig +│ ├ documentation: The current zonal shift configuration to use for the cluster. +│ │ name: ZonalShiftConfig +│ └ properties +│ └Enabled: boolean +├[~] service aws-elasticloadbalancingv2 +│ └ resources +│ └[~] resource AWS::ElasticLoadBalancingV2::Listener +│ └ properties +│ └ ListenerAttributes: (documentation changed) +├[~] service aws-glue +│ └ resources +│ ├[~] resource AWS::Glue::Crawler +│ ├[~] resource AWS::Glue::Job +│ │ └ properties +│ │ ├[+] JobMode: string +│ │ └[+] JobRunQueuingEnabled: boolean +│ └[+] resource AWS::Glue::UsageProfile +│ ├ name: UsageProfile +│ │ cloudFormationType: AWS::Glue::UsageProfile +│ │ documentation: Creates an AWS Glue usage profile. +│ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} +│ ├ properties +│ │ ├Name: string (required, immutable) +│ │ ├Description: string +│ │ └Tags: Array +│ └ attributes +│ └CreatedOn: string +├[~] service aws-iotfleetwise +│ └ resources +│ └[~] resource AWS::IoTFleetWise::Campaign +│ └ properties +│ └ Action: - string (required) +│ + string +├[~] service aws-iottwinmaker +│ └ resources +│ └[~] resource AWS::IoTTwinMaker::Scene +│ └ properties +│ └ WorkspaceId: (documentation changed) +├[~] service aws-iotwireless +│ └ resources +│ └[~] resource AWS::IoTWireless::WirelessDevice +│ └ types +│ └[~] type OtaaV10x +│ └ - documentation: undefined +│ + documentation: OTAA device object for v1.0.x +├[~] service aws-kinesisfirehose +│ └ resources +│ └[~] resource AWS::KinesisFirehose::DeliveryStream +│ ├ properties +│ │ ├ DeliveryStreamName: (documentation changed) +│ │ ├ DeliveryStreamType: (documentation changed) +│ │ ├ IcebergDestinationConfiguration: (documentation changed) +│ │ └ Tags: (documentation changed) +│ └ types +│ ├[~] type AmazonOpenSearchServerlessBufferingHints +│ │ └ properties +│ │ └ SizeInMBs: (documentation changed) +│ ├[~] type CatalogConfiguration +│ │ ├ - documentation: Describes the containers where the destination Apache Iceberg Tables are persisted. +│ │ │ Amazon Data Firehose is in preview release and is subject to change. +│ │ │ + documentation: Describes the containers where the destination Apache Iceberg Tables are persisted. +│ │ └ properties +│ │ └ CatalogArn: (documentation changed) +│ ├[~] type DestinationTableConfiguration +│ │ ├ - documentation: Describes the configuration of a destination in Apache Iceberg Tables. +│ │ │ Amazon Data Firehose is in preview release and is subject to change. +│ │ │ + documentation: Describes the configuration of a destination in Apache Iceberg Tables. +│ │ └ properties +│ │ ├ DestinationDatabaseName: (documentation changed) +│ │ ├ DestinationTableName: (documentation changed) +│ │ ├ S3ErrorOutputPrefix: (documentation changed) +│ │ └ UniqueKeys: (documentation changed) +│ ├[~] type ExtendedS3DestinationConfiguration +│ │ └ properties +│ │ ├ CloudWatchLoggingOptions: (documentation changed) +│ │ └ S3BackupMode: (documentation changed) +│ ├[~] type IcebergDestinationConfiguration +│ │ ├ - documentation: Specifies the destination configure settings for Apache Iceberg Table. +│ │ │ Amazon Data Firehose is in preview release and is subject to change. +│ │ │ + documentation: Specifies the destination configure settings for Apache Iceberg Table. +│ │ └ properties +│ │ ├ CatalogConfiguration: (documentation changed) +│ │ ├ DestinationTableConfigurationList: (documentation changed) +│ │ ├ RoleARN: (documentation changed) +│ │ └ s3BackupMode: (documentation changed) +│ ├[~] type RedshiftDestinationConfiguration +│ │ └ properties +│ │ ├ CloudWatchLoggingOptions: (documentation changed) +│ │ └ S3BackupMode: (documentation changed) +│ ├[~] type S3DestinationConfiguration +│ │ └ properties +│ │ └ CloudWatchLoggingOptions: (documentation changed) +│ ├[~] type SecretsManagerConfiguration +│ │ └ properties +│ │ ├ Enabled: (documentation changed) +│ │ └ SecretARN: (documentation changed) +│ ├[~] type SnowflakeBufferingHints +│ │ └ properties +│ │ └ SizeInMBs: (documentation changed) +│ └[~] type SplunkDestinationConfiguration +│ └ properties +│ └ CloudWatchLoggingOptions: (documentation changed) +├[~] service aws-lambda +│ └ resources +│ ├[~] resource AWS::Lambda::CodeSigningConfig +│ │ └ properties +│ │ └ Tags: (documentation changed) +│ ├[~] resource AWS::Lambda::EventSourceMapping +│ │ ├ properties +│ │ │ └ Tags: (documentation changed) +│ │ └ attributes +│ │ └ EventSourceMappingArn: (documentation changed) +│ ├[~] resource AWS::Lambda::Function +│ │ └ properties +│ │ └ Tags: (documentation changed) +│ └[~] resource AWS::Lambda::Permission +│ └ properties +│ └ Principal: (documentation changed) +├[~] service aws-logs +│ └ resources +│ └[~] resource AWS::Logs::QueryDefinition +│ └ properties +│ └ Name: (documentation changed) +├[~] service aws-mediaconnect +│ └ resources +│ └[~] resource AWS::MediaConnect::FlowOutput +│ └ properties +│ └ OutputStatus: (documentation changed) +├[~] service aws-medialive +│ └ resources +│ └[~] resource AWS::MediaLive::Channel +│ └ types +│ ├[~] type H264Settings +│ │ └ properties +│ │ └[+] MinQp: integer +│ └[~] type H265Settings +│ └ properties +│ └[+] MinQp: integer +├[~] service aws-organizations +│ └ resources +│ └[~] resource AWS::Organizations::Policy +│ └ properties +│ └ Content: (documentation changed) +├[~] service aws-pipes +│ └ resources +│ └[~] resource AWS::Pipes::Pipe +│ └ types +│ └[~] type PipeTargetTimestreamParameters +│ └ properties +│ └ TimestampFormat: (documentation changed) +├[~] service aws-quicksight +│ └ resources +│ ├[~] resource AWS::QuickSight::Analysis +│ │ └ types +│ │ ├[~] type DefaultDateTimePickerControlOptions +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ ├[~] type DefaultFilterDropDownControlOptions +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ ├[~] type DefaultRelativeDateTimeControlOptions +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ ├[~] type FilterDateTimePickerControl +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ ├[~] type FilterDropDownControl +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ ├[~] type FilterRelativeDateTimeControl +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ └[~] type ParameterDropDownControl +│ │ └ properties +│ │ └[+] CommitMode: string +│ ├[~] resource AWS::QuickSight::Dashboard +│ │ └ types +│ │ ├[~] type DefaultDateTimePickerControlOptions +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ ├[~] type DefaultFilterDropDownControlOptions +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ ├[~] type DefaultRelativeDateTimeControlOptions +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ ├[~] type FilterDateTimePickerControl +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ ├[~] type FilterDropDownControl +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ ├[~] type FilterRelativeDateTimeControl +│ │ │ └ properties +│ │ │ └[+] CommitMode: string +│ │ └[~] type ParameterDropDownControl +│ │ └ properties +│ │ └[+] CommitMode: string +│ ├[+] resource AWS::QuickSight::Folder +│ │ ├ name: Folder +│ │ │ cloudFormationType: AWS::QuickSight::Folder +│ │ │ documentation: Definition of the AWS::QuickSight::Folder Resource Type. +│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} +│ │ ├ properties +│ │ │ ├AwsAccountId: string (immutable) +│ │ │ ├FolderId: string (immutable) +│ │ │ ├FolderType: string (immutable) +│ │ │ ├Name: string +│ │ │ ├ParentFolderArn: string (immutable) +│ │ │ ├Permissions: Array +│ │ │ ├SharingModel: string (immutable) +│ │ │ └Tags: Array +│ │ ├ attributes +│ │ │ ├Arn: string +│ │ │ ├CreatedTime: string +│ │ │ └LastUpdatedTime: string +│ │ └ types +│ │ └type ResourcePermission +│ │ ├ documentation:

Permission for the resource.

+│ │ │ name: ResourcePermission +│ │ └ properties +│ │ ├Principal: string (required) +│ │ └Actions: Array (required) +│ └[~] resource AWS::QuickSight::Template +│ └ types +│ ├[~] type DefaultDateTimePickerControlOptions +│ │ └ properties +│ │ └[+] CommitMode: string +│ ├[~] type DefaultFilterDropDownControlOptions +│ │ └ properties +│ │ └[+] CommitMode: string +│ ├[~] type DefaultRelativeDateTimeControlOptions +│ │ └ properties +│ │ └[+] CommitMode: string +│ ├[~] type FilterDateTimePickerControl +│ │ └ properties +│ │ └[+] CommitMode: string +│ ├[~] type FilterDropDownControl +│ │ └ properties +│ │ └[+] CommitMode: string +│ ├[~] type FilterRelativeDateTimeControl +│ │ └ properties +│ │ └[+] CommitMode: string +│ └[~] type ParameterDropDownControl +│ └ properties +│ └[+] CommitMode: string +├[~] service aws-rds +│ └ resources +│ └[~] resource AWS::RDS::GlobalCluster +│ ├ - tagInformation: undefined +│ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"} +│ └ properties +│ └[+] Tags: Array +├[~] service aws-route53resolver +│ └ resources +│ └[~] resource AWS::Route53Resolver::ResolverRule +│ └ types +│ └[~] type TargetAddress +│ └ properties +│ └ Protocol: (documentation changed) +├[~] service aws-s3 +│ └ resources +│ └[~] resource AWS::S3::Bucket +│ └ types +│ ├[~] type ServerSideEncryptionByDefault +│ │ ├ - documentation: Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference* . +│ │ │ > If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +│ │ │ + documentation: Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) . +│ │ │ > - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key ( `aws/s3` ) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. +│ │ │ > - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported. +│ │ │ > - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. +│ │ └ properties +│ │ ├ KMSMasterKeyID: (documentation changed) +│ │ └ SSEAlgorithm: (documentation changed) +│ └[~] type ServerSideEncryptionRule +│ └ - documentation: Specifies the default server-side encryption configuration. +│ > If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +│ + documentation: Specifies the default server-side encryption configuration. +│ > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +│ > - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. +├[~] service aws-s3express +│ └ resources +│ └[~] resource AWS::S3Express::DirectoryBucket +│ ├ - documentation: The `AWS::S3Express::DirectoryBucket` resource creates an Amazon S3 directory bucket in the same AWS Region where you create the AWS CloudFormation stack. +│ │ To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) . +│ │ > You can only delete empty buckets. Deletion fails for buckets that have contents. +│ │ - **Permissions** - The required permissions for CloudFormation to use are based on the operations that are performed on the stack. +│ │ - Create +│ │ - s3express:CreateBucket +│ │ - s3express:ListAllMyDirectoryBuckets +│ │ - Read +│ │ - s3express:ListAllMyDirectoryBuckets +│ │ - Delete +│ │ - s3express:DeleteBucket +│ │ - s3express:ListAllMyDirectoryBuckets +│ │ - List +│ │ - s3express:ListAllMyDirectoryBuckets +│ │ The following operations are related to `AWS::S3Express::DirectoryBucket` : +│ │ - [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +│ │ - [ListDirectoryBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListDirectoryBuckets.html) +│ │ - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) +│ │ + documentation: The `AWS::S3Express::DirectoryBucket` resource creates an Amazon S3 directory bucket in the same AWS Region where you create the AWS CloudFormation stack. +│ │ To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) . +│ │ > You can only delete empty buckets. Deletion fails for buckets that have contents. +│ │ - **Permissions** - The required permissions for CloudFormation to use are based on the operations that are performed on the stack. +│ │ - Create +│ │ - s3express:CreateBucket +│ │ - s3express:ListAllMyDirectoryBuckets +│ │ - Read +│ │ - s3express:ListAllMyDirectoryBuckets +│ │ - ec2:DescribeAvailabilityZones +│ │ - Delete +│ │ - s3express:DeleteBucket +│ │ - s3express:ListAllMyDirectoryBuckets +│ │ - List +│ │ - s3express:ListAllMyDirectoryBuckets +│ │ - PutBucketEncryption +│ │ - s3express:PutEncryptionConfiguration +│ │ - To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and AWS KMS key policies for the target AWS KMS key. +│ │ - GetBucketEncryption +│ │ - s3express:GetBucketEncryption +│ │ - DeleteBucketEncryption +│ │ - s3express:PutEncryptionConfiguration +│ │ The following operations are related to `AWS::S3Express::DirectoryBucket` : +│ │ - [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +│ │ - [ListDirectoryBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListDirectoryBuckets.html) +│ │ - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) +│ ├ properties +│ │ ├[+] BucketEncryption: BucketEncryption +│ │ └ BucketName: (documentation changed) +│ ├ attributes +│ │ ├ Arn: (documentation changed) +│ │ └[+] AvailabilityZoneName: string +│ └ types +│ ├[+] type BucketEncryption +│ │ ├ documentation: Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). +│ │ │ name: BucketEncryption +│ │ └ properties +│ │ └ServerSideEncryptionConfiguration: Array (required) +│ ├[+] type ServerSideEncryptionByDefault +│ │ ├ documentation: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. +│ │ │ name: ServerSideEncryptionByDefault +│ │ └ properties +│ │ └SSEAlgorithm: string (required) +│ └[+] type ServerSideEncryptionRule +│ ├ documentation: Specifies the default server-side encryption configuration. +│ │ name: ServerSideEncryptionRule +│ └ properties +│ ├BucketKeyEnabled: boolean +│ └ServerSideEncryptionByDefault: ServerSideEncryptionByDefault +├[~] service aws-sagemaker +│ └ resources +│ └[~] resource AWS::SageMaker::ImageVersion +│ ├ properties +│ │ └[+] Version: integer +│ └ attributes +│ └ Version: (documentation changed) +├[~] service aws-secretsmanager +│ └ resources +│ ├[~] resource AWS::SecretsManager::RotationSchedule +│ │ ├ - documentation: Sets the rotation schedule and Lambda rotation function for a secret. For more information, see [How rotation works](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) . +│ │ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) . +│ │ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) . +│ │ │ For the rotation function, you have two options: +│ │ │ - You can create a new rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) by using `HostedRotationLambda` . +│ │ │ - You can choose an existing rotation function by using `RotationLambdaARN` . +│ │ │ For database secrets, if you define both the secret and the database or service in the AWS CloudFormation template, then you need to define the [AWS::SecretsManager::SecretTargetAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html) resource to populate the secret with the connection details of the database or service before you attempt to configure rotation. +│ │ │ + documentation: Sets the rotation schedule and Lambda rotation function for a secret. For more information, see [How rotation works](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) . +│ │ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) . +│ │ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) . +│ │ │ For the rotation function, you have two options: +│ │ │ - You can create a new rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) by using `HostedRotationLambda` . +│ │ │ - You can choose an existing rotation function by using `RotationLambdaARN` . +│ │ │ For database secrets, if you define both the secret and the database or service in the AWS CloudFormation template, then you need to define the [AWS::SecretsManager::SecretTargetAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html) resource to populate the secret with the connection details of the database or service before you attempt to configure rotation. +│ │ │ For a single secret, you can only define one rotation schedule with it. +│ │ └ properties +│ │ └ SecretId: (documentation changed) +│ └[~] resource AWS::SecretsManager::SecretTargetAttachment +│ ├ - documentation: The `AWS::SecretsManager::SecretTargetAttachment` resource completes the final link between a Secrets Manager secret and the associated database by adding the database connection information to the secret JSON. If you want to turn on automatic rotation for a database credential secret, the secret must contain the database connection information. For more information, see [JSON structure of Secrets Manager database credential secrets](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html) . +│ │ When you remove a `SecretTargetAttachment` from a stack, Secrets Manager removes the database connection information from the secret with a `PutSecretValue` call. +│ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) . +│ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) . +│ │ + documentation: The `AWS::SecretsManager::SecretTargetAttachment` resource completes the final link between a Secrets Manager secret and the associated database by adding the database connection information to the secret JSON. If you want to turn on automatic rotation for a database credential secret, the secret must contain the database connection information. For more information, see [JSON structure of Secrets Manager database credential secrets](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html) . +│ │ A single secret resource can only have one target attached to it. +│ │ When you remove a `SecretTargetAttachment` from a stack, Secrets Manager removes the database connection information from the secret with a `PutSecretValue` call. +│ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) . +│ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) . +│ └ properties +│ └ SecretId: (documentation changed) +├[~] service aws-securityhub +│ └ resources +│ ├[~] resource AWS::SecurityHub::AutomationRule +│ │ └ types +│ │ ├[~] type SeverityUpdate +│ │ │ └ properties +│ │ │ └ Normalized: (documentation changed) +│ │ └[~] type WorkflowUpdate +│ │ └ properties +│ │ └ Status: (documentation changed) +│ ├[~] resource AWS::SecurityHub::FindingAggregator +│ │ ├ properties +│ │ │ └ Regions: (documentation changed) +│ │ └ attributes +│ │ └ FindingAggregationRegion: (documentation changed) +│ └[~] resource AWS::SecurityHub::Insight +│ └ types +│ └[~] type AwsSecurityFindingFilters +│ └ properties +│ ├ SeverityNormalized: (documentation changed) +│ └ WorkflowStatus: (documentation changed) +├[~] service aws-ses +│ └ resources +│ └[~] resource AWS::SES::MailManagerRuleSet +│ └ types +│ └[~] type RuleStringToEvaluate +│ ├ - documentation: The string to evaluate in a string condition expression. +│ │ + documentation: The string to evaluate in a string condition expression. +│ │ > This data type is a UNION, so only one of the following members can be specified when used or returned. +│ └ properties +│ ├ Attribute: - string (required) +│ │ + string +│ └[+] MimeHeaderAttribute: string +├[~] service aws-sqs +│ └ resources +│ └[~] resource AWS::SQS::Queue +│ ├ - documentation: The `AWS::SQS::Queue` resource creates an Amazon SQS standard or FIFO queue. +│ │ Keep the following caveats in mind: +│ │ - If you don't specify the `FifoQueue` property, Amazon SQS creates a standard queue. +│ │ > You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Amazon SQS Developer Guide* . +│ │ - If you don't provide a value for a property, the queue is created with the default value for the property. +│ │ - If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name. +│ │ - To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues. +│ │ For more information about creating FIFO (first-in-first-out) queues, see [Creating an Amazon SQS queue ( AWS CloudFormation )](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/screate-queue-cloudformation.html) in the *Amazon SQS Developer Guide* . +│ │ + documentation: The `AWS::SQS::Queue` resource creates an Amazon SQS standard or FIFO queue. +│ │ Keep the following caveats in mind: +│ │ - If you don't specify the `FifoQueue` property, Amazon SQS creates a standard queue. +│ │ > You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Amazon SQS Developer Guide* . +│ │ - If you don't provide a value for a property, the queue is created with the default value for the property. +│ │ - If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name. +│ │ - To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues. +│ │ For more information about creating FIFO (first-in-first-out) queues, see [Creating an Amazon SQS queue ( AWS CloudFormation )](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/create-queue-cloudformation.html) in the *Amazon SQS Developer Guide* . +│ └ properties +│ ├ FifoQueue: (documentation changed) +│ ├ KmsMasterKeyId: (documentation changed) +│ └ QueueName: (documentation changed) +├[~] service aws-ssm +│ └ resources +│ └[~] resource AWS::SSM::PatchBaseline +│ └ properties +│ └ GlobalFilters: (documentation changed) +├[~] service aws-synthetics +│ └ resources +│ └[~] resource AWS::Synthetics::Canary +│ └ properties +│ └[+] ResourcesToReplicateTags: Array +├[~] service aws-waf +│ └ resources +│ ├[~] resource AWS::WAF::ByteMatchSet +│ │ └ types +│ │ ├[~] type ByteMatchTuple +│ │ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ │ > +│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ │ The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. +│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. +│ │ │ > +│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ │ > +│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ │ The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. +│ │ └[~] type FieldToMatch +│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ > +│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ Specifies where in a web request to look for `TargetString` . +│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. +│ │ > +│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ > +│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ Specifies where in a web request to look for `TargetString` . +│ ├[~] resource AWS::WAF::IPSet +│ │ ├ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ │ > +│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ │ Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128. +│ │ │ To specify an individual IP address, you specify the four-part IP address followed by a `/32` , for example, 192.0.2.0/32. To block a range of IP addresses, you can specify /8 or any range between /16 through /32 (for IPv4) or /24, /32, /48, /56, /64, or /128 (for IPv6). For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) . +│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. +│ │ │ > +│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ │ > +│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ │ Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128. +│ │ │ To specify an individual IP address, you specify the four-part IP address followed by a `/32` , for example, 192.0.2.0/32. To block a range of IP addresses, you can specify /8 or any range between /16 through /32 (for IPv4) or /24, /32, /48, /56, /64, or /128 (for IPv6). For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) . +│ │ └ types +│ │ └[~] type IPSetDescriptor +│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ > +│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ Specifies the IP address type ( `IPV4` or `IPV6` ) and the IP address range (in CIDR format) that web requests originate from. +│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. +│ │ > +│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ > +│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ Specifies the IP address type ( `IPV4` or `IPV6` ) and the IP address range (in CIDR format) that web requests originate from. +│ ├[~] resource AWS::WAF::SizeConstraintSet +│ │ ├ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ │ > +│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ │ A complex type that contains `SizeConstraint` objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a `SizeConstraintSet` contains more than one `SizeConstraint` object, a request only needs to match one constraint to be considered a match. +│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. +│ │ │ > +│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ │ > +│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ │ A complex type that contains `SizeConstraint` objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a `SizeConstraintSet` contains more than one `SizeConstraint` object, a request only needs to match one constraint to be considered a match. +│ │ └ types +│ │ └[~] type SizeConstraint +│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ > +│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ Specifies a constraint on the size of a part of the web request. AWS WAF uses the `Size` , `ComparisonOperator` , and `FieldToMatch` to build an expression in the form of " `Size` `ComparisonOperator` size in bytes of `FieldToMatch` ". If that expression is true, the `SizeConstraint` is considered to match. +│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. +│ │ > +│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ > +│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ Specifies a constraint on the size of a part of the web request. AWS WAF uses the `Size` , `ComparisonOperator` , and `FieldToMatch` to build an expression in the form of " `Size` `ComparisonOperator` size in bytes of `FieldToMatch` ". If that expression is true, the `SizeConstraint` is considered to match. +│ ├[~] resource AWS::WAF::SqlInjectionMatchSet +│ │ ├ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ │ > +│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ │ A complex type that contains `SqlInjectionMatchTuple` objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a `SqlInjectionMatchSet` contains more than one `SqlInjectionMatchTuple` object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match. +│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. +│ │ │ > +│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ │ > +│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ │ A complex type that contains `SqlInjectionMatchTuple` objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a `SqlInjectionMatchSet` contains more than one `SqlInjectionMatchTuple` object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match. +│ │ └ types +│ │ └[~] type SqlInjectionMatchTuple +│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ > +│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. +│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. +│ │ > +│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ > +│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. +│ ├[~] resource AWS::WAF::WebACL +│ │ └ types +│ │ └[~] type WafAction +│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ > +│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. +│ │ For the action that is associated with a rule in a `WebACL` , specifies the action that you want AWS WAF to perform when a web request matches all of the conditions in a rule. For the default action in a `WebACL` , specifies the action that you want AWS WAF to take when a web request doesn't match all of the conditions in any of the rules in a `WebACL` . +│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. +│ │ > +│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. +│ │ > +│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/lates \ No newline at end of file From 52c087c9fe36c040c8aea62ad2fc016256b3ca6c Mon Sep 17 00:00:00 2001 From: shikha372 Date: Thu, 10 Oct 2024 15:55:25 -0700 Subject: [PATCH 2/9] feat(VpcV2): adding imports for first draft --- .../@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts | 1 + packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts | 26 +- .../\342\224\234[~] service aws-amazonmq.ini" | 886 ------------------ .../integ.test-import.js.snapshot/cdk.out | 1 + .../integ.test-import.js.snapshot/integ.json | 12 + ...efaultTestDeployAssertCF40BD53.assets.json | 19 + ...aultTestDeployAssertCF40BD53.template.json | 36 + .../manifest.json | 151 +++ .../integ.test-import.js.snapshot/tree.json | 325 +++++++ .../vpcv2-import-integ-test.assets.json | 20 + .../vpcv2-import-integ-test.template.json | 121 +++ .../aws-ec2-alpha/test/integ.test-import.ts | 80 ++ 12 files changed, 784 insertions(+), 894 deletions(-) delete mode 100644 "packages/@aws-cdk/aws-ec2-alpha/lib/\342\224\234[~] service aws-amazonmq.ini" create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts index 89f50c0cf6091..24809815cffa6 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts @@ -328,6 +328,7 @@ export interface SubnetV2Attributes { /** * The type of subnet (public or private) that this subnet represents. + * @default - no subnet name */ readonly subnetName?: string; diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts index 1d25bb37552ea..64eae3410c86a 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -207,21 +207,25 @@ export interface VpcV2Attributes { /** * A VPN Gateway is attached to the VPC + * @default - No VPN Gateway */ readonly vpnGatewayId?: string; /** * Public subnets associated with VPC + * @default - no public subnets provided */ readonly publicSubnets?: SubnetV2Attributes[]; /** * Private subnets associated with VPC + * @default - no private subnets provided */ readonly privateSubnets?: SubnetV2Attributes[]; /** * Isolated subnets associated with VPC + * @default - no isolated subnets provided */ readonly isolatedSubnets?: SubnetV2Attributes[]; @@ -242,6 +246,13 @@ export interface VpcV2Attributes { */ export class VpcV2 extends VpcV2Base { + /** + * Create a VPC from existing attributes + */ + public static fromVpcV2attributes(scope: Construct, id: string, options: VpcV2Attributes): IVpcV2 { + return new ImportedVpcV2(scope, id, options); + } + /** * Identifier for this VPC */ @@ -423,13 +434,6 @@ export class VpcV2 extends VpcV2Base { */ this.internetConnectivityEstablished = this._internetConnectivityEstablished; } - - /** - * Create a VPC from existing attributes - */ - public fromVpcV2attributes(scope: Construct, id: string, options: VpcV2Attributes): IVpcV2 { - return new ImportedVpcV2(scope, id, options); - } } /** * Supports assigning IPv4 address to VPC @@ -552,7 +556,7 @@ class ImportedVpcV2 extends VpcV2Base { if (props.isolatedSubnets) { this.isolatedSubnets = props.isolatedSubnets.map(subnet => new ImportedSubnetV2(scope, 'ImportedPrivateSubnet', subnet)); } - this.secondaryCidrBlock = props.secondaryCidrBlocks?.map(cidrBlock => VPCCidrBlock.fromVPCCidrBlockattributes(scope, 'ImportedCidrBlock', cidrBlock)); + this.secondaryCidrBlock = props.secondaryCidrBlocks?.map(cidrBlock => VPCCidrBlock.fromVPCCidrBlockattributes(scope, cidrBlock.cidrBlockName ?? 'ImportedSecondaryCidrBlock', cidrBlock)); } } @@ -613,6 +617,12 @@ export interface VPCCidrBlockProps { */ readonly cidrBlock?: string; + /** + * CIDR Block Name + * @default - no CIDR Block name generated, this field is required while importing CIDR block for VPC + */ + readonly cidrBlockName?: string; + /** * Opt for amazonProvided Ipv6 CIDR address * @default false diff --git "a/packages/@aws-cdk/aws-ec2-alpha/lib/\342\224\234[~] service aws-amazonmq.ini" "b/packages/@aws-cdk/aws-ec2-alpha/lib/\342\224\234[~] service aws-amazonmq.ini" deleted file mode 100644 index b6eec04c09f0e..0000000000000 --- "a/packages/@aws-cdk/aws-ec2-alpha/lib/\342\224\234[~] service aws-amazonmq.ini" +++ /dev/null @@ -1,886 +0,0 @@ -├[~] service aws-amazonmq -│ └ resources -│ └[~] resource AWS::AmazonMQ::Configuration -│ └ attributes -│ └ Revision: - integer -│ + string ⇐ integer -├[~] service aws-apigatewayv2 -│ └ resources -│ └[~] resource AWS::ApiGatewayV2::Integration -│ ├ attributes -│ │ └[-] Id: string -│ └ types -│ └[~] type ResponseParameter -│ ├ - documentation: response parameter -│ │ + documentation: Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match the pattern `:
.` or `overwrite.statuscode` . The action can be `append` , `overwrite` or `remove` . The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see [Transforming API requests and responses](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) . -│ └ properties -│ ├ Destination: (documentation changed) -│ └ Source: (documentation changed) -├[~] service aws-autoscaling -│ └ resources -│ └[~] resource AWS::AutoScaling::ScalingPolicy -│ └ types -│ ├[~] type TargetTrackingMetricDataQuery -│ │ └ - documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. -│ │ You can use `TargetTrackingMetricDataQuery` structures with a `PutScalingPolicy` operation when you specify a `TargetTrackingConfiguration` in the request. -│ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series. -│ │ For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* . -│ │ + documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. -│ │ You can use `TargetTrackingMetricDataQuery` structures with a [PutScalingPolicy](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PutScalingPolicy.html) operation when you specify a [TargetTrackingConfiguration](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_TargetTrackingConfiguration.html) in the request. -│ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series. -│ │ For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* . -│ └[~] type TargetTrackingMetricStat -│ └ - documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit. -│ `TargetTrackingMetricStat` is a property of the `TargetTrackingMetricDataQuery` object. -│ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . -│ + documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit. -│ `TargetTrackingMetricStat` is a property of the [TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_TargetTrackingMetricDataQuery.html) object. -│ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . -├[~] service aws-b2bi -│ └ resources -│ ├[~] resource AWS::B2BI::Capability -│ │ └ types -│ │ └[~] type EdiConfiguration -│ │ └ properties -│ │ └[+] CapabilityDirection: string -│ ├[~] resource AWS::B2BI::Partnership -│ │ ├ properties -│ │ │ ├ Capabilities: - Array -│ │ │ │ + Array (required) -│ │ │ └[+] CapabilityOptions: CapabilityOptions -│ │ └ types -│ │ ├[+] type CapabilityOptions -│ │ │ ├ name: CapabilityOptions -│ │ │ └ properties -│ │ │ └OutboundEdi: OutboundEdiOptions -│ │ ├[+] type OutboundEdiOptions -│ │ │ ├ name: OutboundEdiOptions -│ │ │ └ properties -│ │ │ └X12: X12Envelope (required) -│ │ ├[+] type X12Delimiters -│ │ │ ├ name: X12Delimiters -│ │ │ └ properties -│ │ │ ├ComponentSeparator: string -│ │ │ ├DataElementSeparator: string -│ │ │ └SegmentTerminator: string -│ │ ├[+] type X12Envelope -│ │ │ ├ name: X12Envelope -│ │ │ └ properties -│ │ │ └Common: X12OutboundEdiHeaders -│ │ ├[+] type X12FunctionalGroupHeaders -│ │ │ ├ name: X12FunctionalGroupHeaders -│ │ │ └ properties -│ │ │ ├ApplicationSenderCode: string -│ │ │ ├ApplicationReceiverCode: string -│ │ │ └ResponsibleAgencyCode: string -│ │ ├[+] type X12InterchangeControlHeaders -│ │ │ ├ name: X12InterchangeControlHeaders -│ │ │ └ properties -│ │ │ ├SenderIdQualifier: string -│ │ │ ├SenderId: string -│ │ │ ├ReceiverIdQualifier: string -│ │ │ ├ReceiverId: string -│ │ │ ├RepetitionSeparator: string -│ │ │ ├AcknowledgmentRequestedCode: string -│ │ │ └UsageIndicatorCode: string -│ │ └[+] type X12OutboundEdiHeaders -│ │ ├ name: X12OutboundEdiHeaders -│ │ └ properties -│ │ ├InterchangeControlHeaders: X12InterchangeControlHeaders -│ │ ├FunctionalGroupHeaders: X12FunctionalGroupHeaders -│ │ ├Delimiters: X12Delimiters -│ │ └ValidateEdi: boolean -│ └[~] resource AWS::B2BI::Transformer -│ ├ properties -│ │ ├ EdiType: - EdiType (required) -│ │ │ + EdiType (deprecated=WARN) -│ │ ├ FileFormat: - string (required) -│ │ │ + string (deprecated=WARN) -│ │ ├[+] InputConversion: InputConversion -│ │ ├[+] Mapping: Mapping -│ │ ├ MappingTemplate: - string (required) -│ │ │ + string (deprecated=WARN) -│ │ ├[+] OutputConversion: OutputConversion -│ │ ├ SampleDocument: - string -│ │ │ + string (deprecated=WARN) -│ │ └[+] SampleDocuments: SampleDocuments -│ └ types -│ ├[+] type FormatOptions -│ │ ├ name: FormatOptions -│ │ └ properties -│ │ └X12: X12Details (required) -│ ├[+] type InputConversion -│ │ ├ name: InputConversion -│ │ └ properties -│ │ ├FromFormat: string (required) -│ │ └FormatOptions: FormatOptions -│ ├[+] type Mapping -│ │ ├ name: Mapping -│ │ └ properties -│ │ ├TemplateLanguage: string (required) -│ │ └Template: string -│ ├[+] type OutputConversion -│ │ ├ name: OutputConversion -│ │ └ properties -│ │ ├ToFormat: string (required) -│ │ └FormatOptions: FormatOptions -│ ├[+] type SampleDocumentKeys -│ │ ├ name: SampleDocumentKeys -│ │ └ properties -│ │ ├Input: string -│ │ └Output: string -│ └[+] type SampleDocuments -│ ├ name: SampleDocuments -│ └ properties -│ ├BucketName: string (required) -│ └Keys: Array (required) -├[~] service aws-batch -│ └ resources -│ └[~] resource AWS::Batch::JobDefinition -│ └ types -│ ├[~] type EcsProperties -│ │ └ properties -│ │ └ TaskProperties: (documentation changed) -│ └[~] type PodProperties -│ └ properties -│ ├ Containers: (documentation changed) -│ └ InitContainers: (documentation changed) -├[~] service aws-bedrock -│ └ resources -│ ├[~] resource AWS::Bedrock::Flow -│ │ └ types -│ │ ├[~] type KnowledgeBaseFlowNodeConfiguration -│ │ │ └ properties -│ │ │ └ ModelId: (documentation changed) -│ │ └[~] type PromptFlowNodeInlineConfiguration -│ │ └ properties -│ │ └ ModelId: (documentation changed) -│ ├[~] resource AWS::Bedrock::FlowVersion -│ │ └ types -│ │ ├[~] type KnowledgeBaseFlowNodeConfiguration -│ │ │ └ properties -│ │ │ └ ModelId: (documentation changed) -│ │ └[~] type PromptFlowNodeInlineConfiguration -│ │ └ properties -│ │ └ ModelId: (documentation changed) -│ ├[~] resource AWS::Bedrock::KnowledgeBase -│ │ ├ attributes -│ │ │ ├ CreatedAt: (documentation changed) -│ │ │ └ UpdatedAt: (documentation changed) -│ │ └ types -│ │ └[~] type KnowledgeBaseConfiguration -│ │ └ properties -│ │ └ VectorKnowledgeBaseConfiguration: (documentation changed) -│ ├[~] resource AWS::Bedrock::Prompt -│ │ └ types -│ │ └[~] type PromptVariant -│ │ └ properties -│ │ └ ModelId: (documentation changed) -│ └[~] resource AWS::Bedrock::PromptVersion -│ └ types -│ └[~] type PromptVariant -│ └ properties -│ └ ModelId: (documentation changed) -├[~] service aws-cloudformation -│ └ resources -│ └[~] resource AWS::CloudFormation::HookTypeConfig -│ └ properties -│ ├ Configuration: (documentation changed) -│ ├ TypeArn: (documentation changed) -│ └ TypeName: (documentation changed) -├[~] service aws-cloudtrail -│ └ resources -│ ├[~] resource AWS::CloudTrail::EventDataStore -│ │ └ types -│ │ ├[~] type AdvancedEventSelector -│ │ │ └ - documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . -│ │ │ You cannot apply both event selectors and advanced event selectors to a trail. -│ │ │ *Supported CloudTrail event record fields for management events* -│ │ │ - `eventCategory` (required) -│ │ │ - `eventSource` -│ │ │ - `readOnly` -│ │ │ *Supported CloudTrail event record fields for data events* -│ │ │ - `eventCategory` (required) -│ │ │ - `resources.type` (required) -│ │ │ - `readOnly` -│ │ │ - `eventName` -│ │ │ - `resources.ARN` -│ │ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . -│ │ │ + documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* . -│ │ │ You cannot apply both event selectors and advanced event selectors to a trail. -│ │ │ *Supported CloudTrail event record fields for management events* -│ │ │ - `eventCategory` (required) -│ │ │ - `eventSource` -│ │ │ - `readOnly` -│ │ │ *Supported CloudTrail event record fields for data events* -│ │ │ - `eventCategory` (required) -│ │ │ - `resources.type` (required) -│ │ │ - `readOnly` -│ │ │ - `eventName` -│ │ │ - `resources.ARN` -│ │ │ *Supported CloudTrail event record fields for network activity events* -│ │ │ > Network activity events is in preview release for CloudTrail and is subject to change. -│ │ │ - `eventCategory` (required) -│ │ │ - `eventSource` (required) -│ │ │ - `eventName` -│ │ │ - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` . -│ │ │ - `vpcEndpointId` -│ │ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . -│ │ └[~] type AdvancedFieldSelector -│ │ └ properties -│ │ └ Field: (documentation changed) -│ └[~] resource AWS::CloudTrail::Trail -│ ├ properties -│ │ └ AdvancedEventSelectors: (documentation changed) -│ └ types -│ ├[~] type AdvancedEventSelector -│ │ └ - documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . -│ │ You cannot apply both event selectors and advanced event selectors to a trail. -│ │ *Supported CloudTrail event record fields for management events* -│ │ - `eventCategory` (required) -│ │ - `eventSource` -│ │ - `readOnly` -│ │ *Supported CloudTrail event record fields for data events* -│ │ - `eventCategory` (required) -│ │ - `resources.type` (required) -│ │ - `readOnly` -│ │ - `eventName` -│ │ - `resources.ARN` -│ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . -│ │ + documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* . -│ │ You cannot apply both event selectors and advanced event selectors to a trail. -│ │ *Supported CloudTrail event record fields for management events* -│ │ - `eventCategory` (required) -│ │ - `eventSource` -│ │ - `readOnly` -│ │ *Supported CloudTrail event record fields for data events* -│ │ - `eventCategory` (required) -│ │ - `resources.type` (required) -│ │ - `readOnly` -│ │ - `eventName` -│ │ - `resources.ARN` -│ │ *Supported CloudTrail event record fields for network activity events* -│ │ > Network activity events is in preview release for CloudTrail and is subject to change. -│ │ - `eventCategory` (required) -│ │ - `eventSource` (required) -│ │ - `eventName` -│ │ - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` . -│ │ - `vpcEndpointId` -│ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . -│ ├[~] type AdvancedFieldSelector -│ │ └ properties -│ │ └ Field: (documentation changed) -│ └[~] type DataResource -│ └ properties -│ └ Type: (documentation changed) -├[~] service aws-datasync -│ └ resources -│ └[~] resource AWS::DataSync::LocationS3 -│ └ - documentation: The `AWS::DataSync::LocationS3` resource specifies an endpoint for an Amazon S3 bucket. -│ For more information, see [Create an Amazon S3 location](https://docs.aws.amazon.com/datasync/latest/userguide/create-locations-cli.html#create-location-s3-cli) in the *AWS DataSync User Guide* . -│ + documentation: The `AWS::DataSync::LocationS3` resource specifies an endpoint for an Amazon S3 bucket. -│ For more information, see the [*AWS DataSync User Guide*](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html) . -├[~] service aws-ec2 -│ └ resources -│ ├[~] resource AWS::EC2::NatGateway -│ │ └ properties -│ │ └ SecondaryAllocationIds: (documentation changed) -│ ├[~] resource AWS::EC2::TransitGateway -│ │ └ properties -│ │ └[+] SecurityGroupReferencingSupport: string -│ ├[~] resource AWS::EC2::TransitGatewayAttachment -│ │ └ types -│ │ └[~] type Options -│ │ └ properties -│ │ └[+] SecurityGroupReferencingSupport: string -│ ├[~] resource AWS::EC2::TransitGatewayVpcAttachment -│ │ └ types -│ │ └[~] type Options -│ │ └ properties -│ │ └[+] SecurityGroupReferencingSupport: string -│ └[~] resource AWS::EC2::VPCEndpoint -│ └ properties -│ └ PolicyDocument: (documentation changed) -├[~] service aws-ecs -│ └ resources -│ ├[~] resource AWS::ECS::Service -│ │ └ types -│ │ └[~] type LogConfiguration -│ │ └ properties -│ │ └ Options: (documentation changed) -│ └[~] resource AWS::ECS::TaskDefinition -│ └ types -│ └[~] type LogConfiguration -│ └ properties -│ └ Options: (documentation changed) -├[~] service aws-eks -│ └ resources -│ └[~] resource AWS::EKS::Cluster -│ ├ properties -│ │ └[+] ZonalShiftConfig: ZonalShiftConfig -│ └ types -│ └[+] type ZonalShiftConfig -│ ├ documentation: The current zonal shift configuration to use for the cluster. -│ │ name: ZonalShiftConfig -│ └ properties -│ └Enabled: boolean -├[~] service aws-elasticloadbalancingv2 -│ └ resources -│ └[~] resource AWS::ElasticLoadBalancingV2::Listener -│ └ properties -│ └ ListenerAttributes: (documentation changed) -├[~] service aws-glue -│ └ resources -│ ├[~] resource AWS::Glue::Crawler -│ ├[~] resource AWS::Glue::Job -│ │ └ properties -│ │ ├[+] JobMode: string -│ │ └[+] JobRunQueuingEnabled: boolean -│ └[+] resource AWS::Glue::UsageProfile -│ ├ name: UsageProfile -│ │ cloudFormationType: AWS::Glue::UsageProfile -│ │ documentation: Creates an AWS Glue usage profile. -│ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} -│ ├ properties -│ │ ├Name: string (required, immutable) -│ │ ├Description: string -│ │ └Tags: Array -│ └ attributes -│ └CreatedOn: string -├[~] service aws-iotfleetwise -│ └ resources -│ └[~] resource AWS::IoTFleetWise::Campaign -│ └ properties -│ └ Action: - string (required) -│ + string -├[~] service aws-iottwinmaker -│ └ resources -│ └[~] resource AWS::IoTTwinMaker::Scene -│ └ properties -│ └ WorkspaceId: (documentation changed) -├[~] service aws-iotwireless -│ └ resources -│ └[~] resource AWS::IoTWireless::WirelessDevice -│ └ types -│ └[~] type OtaaV10x -│ └ - documentation: undefined -│ + documentation: OTAA device object for v1.0.x -├[~] service aws-kinesisfirehose -│ └ resources -│ └[~] resource AWS::KinesisFirehose::DeliveryStream -│ ├ properties -│ │ ├ DeliveryStreamName: (documentation changed) -│ │ ├ DeliveryStreamType: (documentation changed) -│ │ ├ IcebergDestinationConfiguration: (documentation changed) -│ │ └ Tags: (documentation changed) -│ └ types -│ ├[~] type AmazonOpenSearchServerlessBufferingHints -│ │ └ properties -│ │ └ SizeInMBs: (documentation changed) -│ ├[~] type CatalogConfiguration -│ │ ├ - documentation: Describes the containers where the destination Apache Iceberg Tables are persisted. -│ │ │ Amazon Data Firehose is in preview release and is subject to change. -│ │ │ + documentation: Describes the containers where the destination Apache Iceberg Tables are persisted. -│ │ └ properties -│ │ └ CatalogArn: (documentation changed) -│ ├[~] type DestinationTableConfiguration -│ │ ├ - documentation: Describes the configuration of a destination in Apache Iceberg Tables. -│ │ │ Amazon Data Firehose is in preview release and is subject to change. -│ │ │ + documentation: Describes the configuration of a destination in Apache Iceberg Tables. -│ │ └ properties -│ │ ├ DestinationDatabaseName: (documentation changed) -│ │ ├ DestinationTableName: (documentation changed) -│ │ ├ S3ErrorOutputPrefix: (documentation changed) -│ │ └ UniqueKeys: (documentation changed) -│ ├[~] type ExtendedS3DestinationConfiguration -│ │ └ properties -│ │ ├ CloudWatchLoggingOptions: (documentation changed) -│ │ └ S3BackupMode: (documentation changed) -│ ├[~] type IcebergDestinationConfiguration -│ │ ├ - documentation: Specifies the destination configure settings for Apache Iceberg Table. -│ │ │ Amazon Data Firehose is in preview release and is subject to change. -│ │ │ + documentation: Specifies the destination configure settings for Apache Iceberg Table. -│ │ └ properties -│ │ ├ CatalogConfiguration: (documentation changed) -│ │ ├ DestinationTableConfigurationList: (documentation changed) -│ │ ├ RoleARN: (documentation changed) -│ │ └ s3BackupMode: (documentation changed) -│ ├[~] type RedshiftDestinationConfiguration -│ │ └ properties -│ │ ├ CloudWatchLoggingOptions: (documentation changed) -│ │ └ S3BackupMode: (documentation changed) -│ ├[~] type S3DestinationConfiguration -│ │ └ properties -│ │ └ CloudWatchLoggingOptions: (documentation changed) -│ ├[~] type SecretsManagerConfiguration -│ │ └ properties -│ │ ├ Enabled: (documentation changed) -│ │ └ SecretARN: (documentation changed) -│ ├[~] type SnowflakeBufferingHints -│ │ └ properties -│ │ └ SizeInMBs: (documentation changed) -│ └[~] type SplunkDestinationConfiguration -│ └ properties -│ └ CloudWatchLoggingOptions: (documentation changed) -├[~] service aws-lambda -│ └ resources -│ ├[~] resource AWS::Lambda::CodeSigningConfig -│ │ └ properties -│ │ └ Tags: (documentation changed) -│ ├[~] resource AWS::Lambda::EventSourceMapping -│ │ ├ properties -│ │ │ └ Tags: (documentation changed) -│ │ └ attributes -│ │ └ EventSourceMappingArn: (documentation changed) -│ ├[~] resource AWS::Lambda::Function -│ │ └ properties -│ │ └ Tags: (documentation changed) -│ └[~] resource AWS::Lambda::Permission -│ └ properties -│ └ Principal: (documentation changed) -├[~] service aws-logs -│ └ resources -│ └[~] resource AWS::Logs::QueryDefinition -│ └ properties -│ └ Name: (documentation changed) -├[~] service aws-mediaconnect -│ └ resources -│ └[~] resource AWS::MediaConnect::FlowOutput -│ └ properties -│ └ OutputStatus: (documentation changed) -├[~] service aws-medialive -│ └ resources -│ └[~] resource AWS::MediaLive::Channel -│ └ types -│ ├[~] type H264Settings -│ │ └ properties -│ │ └[+] MinQp: integer -│ └[~] type H265Settings -│ └ properties -│ └[+] MinQp: integer -├[~] service aws-organizations -│ └ resources -│ └[~] resource AWS::Organizations::Policy -│ └ properties -│ └ Content: (documentation changed) -├[~] service aws-pipes -│ └ resources -│ └[~] resource AWS::Pipes::Pipe -│ └ types -│ └[~] type PipeTargetTimestreamParameters -│ └ properties -│ └ TimestampFormat: (documentation changed) -├[~] service aws-quicksight -│ └ resources -│ ├[~] resource AWS::QuickSight::Analysis -│ │ └ types -│ │ ├[~] type DefaultDateTimePickerControlOptions -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ ├[~] type DefaultFilterDropDownControlOptions -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ ├[~] type DefaultRelativeDateTimeControlOptions -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ ├[~] type FilterDateTimePickerControl -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ ├[~] type FilterDropDownControl -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ ├[~] type FilterRelativeDateTimeControl -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ └[~] type ParameterDropDownControl -│ │ └ properties -│ │ └[+] CommitMode: string -│ ├[~] resource AWS::QuickSight::Dashboard -│ │ └ types -│ │ ├[~] type DefaultDateTimePickerControlOptions -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ ├[~] type DefaultFilterDropDownControlOptions -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ ├[~] type DefaultRelativeDateTimeControlOptions -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ ├[~] type FilterDateTimePickerControl -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ ├[~] type FilterDropDownControl -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ ├[~] type FilterRelativeDateTimeControl -│ │ │ └ properties -│ │ │ └[+] CommitMode: string -│ │ └[~] type ParameterDropDownControl -│ │ └ properties -│ │ └[+] CommitMode: string -│ ├[+] resource AWS::QuickSight::Folder -│ │ ├ name: Folder -│ │ │ cloudFormationType: AWS::QuickSight::Folder -│ │ │ documentation: Definition of the AWS::QuickSight::Folder Resource Type. -│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} -│ │ ├ properties -│ │ │ ├AwsAccountId: string (immutable) -│ │ │ ├FolderId: string (immutable) -│ │ │ ├FolderType: string (immutable) -│ │ │ ├Name: string -│ │ │ ├ParentFolderArn: string (immutable) -│ │ │ ├Permissions: Array -│ │ │ ├SharingModel: string (immutable) -│ │ │ └Tags: Array -│ │ ├ attributes -│ │ │ ├Arn: string -│ │ │ ├CreatedTime: string -│ │ │ └LastUpdatedTime: string -│ │ └ types -│ │ └type ResourcePermission -│ │ ├ documentation:

Permission for the resource.

-│ │ │ name: ResourcePermission -│ │ └ properties -│ │ ├Principal: string (required) -│ │ └Actions: Array (required) -│ └[~] resource AWS::QuickSight::Template -│ └ types -│ ├[~] type DefaultDateTimePickerControlOptions -│ │ └ properties -│ │ └[+] CommitMode: string -│ ├[~] type DefaultFilterDropDownControlOptions -│ │ └ properties -│ │ └[+] CommitMode: string -│ ├[~] type DefaultRelativeDateTimeControlOptions -│ │ └ properties -│ │ └[+] CommitMode: string -│ ├[~] type FilterDateTimePickerControl -│ │ └ properties -│ │ └[+] CommitMode: string -│ ├[~] type FilterDropDownControl -│ │ └ properties -│ │ └[+] CommitMode: string -│ ├[~] type FilterRelativeDateTimeControl -│ │ └ properties -│ │ └[+] CommitMode: string -│ └[~] type ParameterDropDownControl -│ └ properties -│ └[+] CommitMode: string -├[~] service aws-rds -│ └ resources -│ └[~] resource AWS::RDS::GlobalCluster -│ ├ - tagInformation: undefined -│ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"} -│ └ properties -│ └[+] Tags: Array -├[~] service aws-route53resolver -│ └ resources -│ └[~] resource AWS::Route53Resolver::ResolverRule -│ └ types -│ └[~] type TargetAddress -│ └ properties -│ └ Protocol: (documentation changed) -├[~] service aws-s3 -│ └ resources -│ └[~] resource AWS::S3::Bucket -│ └ types -│ ├[~] type ServerSideEncryptionByDefault -│ │ ├ - documentation: Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference* . -│ │ │ > If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. -│ │ │ + documentation: Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) . -│ │ │ > - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key ( `aws/s3` ) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. -│ │ │ > - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported. -│ │ │ > - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. -│ │ └ properties -│ │ ├ KMSMasterKeyID: (documentation changed) -│ │ └ SSEAlgorithm: (documentation changed) -│ └[~] type ServerSideEncryptionRule -│ └ - documentation: Specifies the default server-side encryption configuration. -│ > If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. -│ + documentation: Specifies the default server-side encryption configuration. -│ > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. -│ > - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. -├[~] service aws-s3express -│ └ resources -│ └[~] resource AWS::S3Express::DirectoryBucket -│ ├ - documentation: The `AWS::S3Express::DirectoryBucket` resource creates an Amazon S3 directory bucket in the same AWS Region where you create the AWS CloudFormation stack. -│ │ To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) . -│ │ > You can only delete empty buckets. Deletion fails for buckets that have contents. -│ │ - **Permissions** - The required permissions for CloudFormation to use are based on the operations that are performed on the stack. -│ │ - Create -│ │ - s3express:CreateBucket -│ │ - s3express:ListAllMyDirectoryBuckets -│ │ - Read -│ │ - s3express:ListAllMyDirectoryBuckets -│ │ - Delete -│ │ - s3express:DeleteBucket -│ │ - s3express:ListAllMyDirectoryBuckets -│ │ - List -│ │ - s3express:ListAllMyDirectoryBuckets -│ │ The following operations are related to `AWS::S3Express::DirectoryBucket` : -│ │ - [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) -│ │ - [ListDirectoryBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListDirectoryBuckets.html) -│ │ - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) -│ │ + documentation: The `AWS::S3Express::DirectoryBucket` resource creates an Amazon S3 directory bucket in the same AWS Region where you create the AWS CloudFormation stack. -│ │ To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) . -│ │ > You can only delete empty buckets. Deletion fails for buckets that have contents. -│ │ - **Permissions** - The required permissions for CloudFormation to use are based on the operations that are performed on the stack. -│ │ - Create -│ │ - s3express:CreateBucket -│ │ - s3express:ListAllMyDirectoryBuckets -│ │ - Read -│ │ - s3express:ListAllMyDirectoryBuckets -│ │ - ec2:DescribeAvailabilityZones -│ │ - Delete -│ │ - s3express:DeleteBucket -│ │ - s3express:ListAllMyDirectoryBuckets -│ │ - List -│ │ - s3express:ListAllMyDirectoryBuckets -│ │ - PutBucketEncryption -│ │ - s3express:PutEncryptionConfiguration -│ │ - To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and AWS KMS key policies for the target AWS KMS key. -│ │ - GetBucketEncryption -│ │ - s3express:GetBucketEncryption -│ │ - DeleteBucketEncryption -│ │ - s3express:PutEncryptionConfiguration -│ │ The following operations are related to `AWS::S3Express::DirectoryBucket` : -│ │ - [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) -│ │ - [ListDirectoryBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListDirectoryBuckets.html) -│ │ - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) -│ ├ properties -│ │ ├[+] BucketEncryption: BucketEncryption -│ │ └ BucketName: (documentation changed) -│ ├ attributes -│ │ ├ Arn: (documentation changed) -│ │ └[+] AvailabilityZoneName: string -│ └ types -│ ├[+] type BucketEncryption -│ │ ├ documentation: Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). -│ │ │ name: BucketEncryption -│ │ └ properties -│ │ └ServerSideEncryptionConfiguration: Array (required) -│ ├[+] type ServerSideEncryptionByDefault -│ │ ├ documentation: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. -│ │ │ name: ServerSideEncryptionByDefault -│ │ └ properties -│ │ └SSEAlgorithm: string (required) -│ └[+] type ServerSideEncryptionRule -│ ├ documentation: Specifies the default server-side encryption configuration. -│ │ name: ServerSideEncryptionRule -│ └ properties -│ ├BucketKeyEnabled: boolean -│ └ServerSideEncryptionByDefault: ServerSideEncryptionByDefault -├[~] service aws-sagemaker -│ └ resources -│ └[~] resource AWS::SageMaker::ImageVersion -│ ├ properties -│ │ └[+] Version: integer -│ └ attributes -│ └ Version: (documentation changed) -├[~] service aws-secretsmanager -│ └ resources -│ ├[~] resource AWS::SecretsManager::RotationSchedule -│ │ ├ - documentation: Sets the rotation schedule and Lambda rotation function for a secret. For more information, see [How rotation works](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) . -│ │ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) . -│ │ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) . -│ │ │ For the rotation function, you have two options: -│ │ │ - You can create a new rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) by using `HostedRotationLambda` . -│ │ │ - You can choose an existing rotation function by using `RotationLambdaARN` . -│ │ │ For database secrets, if you define both the secret and the database or service in the AWS CloudFormation template, then you need to define the [AWS::SecretsManager::SecretTargetAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html) resource to populate the secret with the connection details of the database or service before you attempt to configure rotation. -│ │ │ + documentation: Sets the rotation schedule and Lambda rotation function for a secret. For more information, see [How rotation works](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) . -│ │ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) . -│ │ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) . -│ │ │ For the rotation function, you have two options: -│ │ │ - You can create a new rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) by using `HostedRotationLambda` . -│ │ │ - You can choose an existing rotation function by using `RotationLambdaARN` . -│ │ │ For database secrets, if you define both the secret and the database or service in the AWS CloudFormation template, then you need to define the [AWS::SecretsManager::SecretTargetAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html) resource to populate the secret with the connection details of the database or service before you attempt to configure rotation. -│ │ │ For a single secret, you can only define one rotation schedule with it. -│ │ └ properties -│ │ └ SecretId: (documentation changed) -│ └[~] resource AWS::SecretsManager::SecretTargetAttachment -│ ├ - documentation: The `AWS::SecretsManager::SecretTargetAttachment` resource completes the final link between a Secrets Manager secret and the associated database by adding the database connection information to the secret JSON. If you want to turn on automatic rotation for a database credential secret, the secret must contain the database connection information. For more information, see [JSON structure of Secrets Manager database credential secrets](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html) . -│ │ When you remove a `SecretTargetAttachment` from a stack, Secrets Manager removes the database connection information from the secret with a `PutSecretValue` call. -│ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) . -│ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) . -│ │ + documentation: The `AWS::SecretsManager::SecretTargetAttachment` resource completes the final link between a Secrets Manager secret and the associated database by adding the database connection information to the secret JSON. If you want to turn on automatic rotation for a database credential secret, the secret must contain the database connection information. For more information, see [JSON structure of Secrets Manager database credential secrets](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html) . -│ │ A single secret resource can only have one target attached to it. -│ │ When you remove a `SecretTargetAttachment` from a stack, Secrets Manager removes the database connection information from the secret with a `PutSecretValue` call. -│ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) . -│ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) . -│ └ properties -│ └ SecretId: (documentation changed) -├[~] service aws-securityhub -│ └ resources -│ ├[~] resource AWS::SecurityHub::AutomationRule -│ │ └ types -│ │ ├[~] type SeverityUpdate -│ │ │ └ properties -│ │ │ └ Normalized: (documentation changed) -│ │ └[~] type WorkflowUpdate -│ │ └ properties -│ │ └ Status: (documentation changed) -│ ├[~] resource AWS::SecurityHub::FindingAggregator -│ │ ├ properties -│ │ │ └ Regions: (documentation changed) -│ │ └ attributes -│ │ └ FindingAggregationRegion: (documentation changed) -│ └[~] resource AWS::SecurityHub::Insight -│ └ types -│ └[~] type AwsSecurityFindingFilters -│ └ properties -│ ├ SeverityNormalized: (documentation changed) -│ └ WorkflowStatus: (documentation changed) -├[~] service aws-ses -│ └ resources -│ └[~] resource AWS::SES::MailManagerRuleSet -│ └ types -│ └[~] type RuleStringToEvaluate -│ ├ - documentation: The string to evaluate in a string condition expression. -│ │ + documentation: The string to evaluate in a string condition expression. -│ │ > This data type is a UNION, so only one of the following members can be specified when used or returned. -│ └ properties -│ ├ Attribute: - string (required) -│ │ + string -│ └[+] MimeHeaderAttribute: string -├[~] service aws-sqs -│ └ resources -│ └[~] resource AWS::SQS::Queue -│ ├ - documentation: The `AWS::SQS::Queue` resource creates an Amazon SQS standard or FIFO queue. -│ │ Keep the following caveats in mind: -│ │ - If you don't specify the `FifoQueue` property, Amazon SQS creates a standard queue. -│ │ > You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Amazon SQS Developer Guide* . -│ │ - If you don't provide a value for a property, the queue is created with the default value for the property. -│ │ - If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name. -│ │ - To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues. -│ │ For more information about creating FIFO (first-in-first-out) queues, see [Creating an Amazon SQS queue ( AWS CloudFormation )](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/screate-queue-cloudformation.html) in the *Amazon SQS Developer Guide* . -│ │ + documentation: The `AWS::SQS::Queue` resource creates an Amazon SQS standard or FIFO queue. -│ │ Keep the following caveats in mind: -│ │ - If you don't specify the `FifoQueue` property, Amazon SQS creates a standard queue. -│ │ > You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Amazon SQS Developer Guide* . -│ │ - If you don't provide a value for a property, the queue is created with the default value for the property. -│ │ - If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name. -│ │ - To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues. -│ │ For more information about creating FIFO (first-in-first-out) queues, see [Creating an Amazon SQS queue ( AWS CloudFormation )](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/create-queue-cloudformation.html) in the *Amazon SQS Developer Guide* . -│ └ properties -│ ├ FifoQueue: (documentation changed) -│ ├ KmsMasterKeyId: (documentation changed) -│ └ QueueName: (documentation changed) -├[~] service aws-ssm -│ └ resources -│ └[~] resource AWS::SSM::PatchBaseline -│ └ properties -│ └ GlobalFilters: (documentation changed) -├[~] service aws-synthetics -│ └ resources -│ └[~] resource AWS::Synthetics::Canary -│ └ properties -│ └[+] ResourcesToReplicateTags: Array -├[~] service aws-waf -│ └ resources -│ ├[~] resource AWS::WAF::ByteMatchSet -│ │ └ types -│ │ ├[~] type ByteMatchTuple -│ │ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ │ > -│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ │ The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. -│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. -│ │ │ > -│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ │ > -│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ │ The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. -│ │ └[~] type FieldToMatch -│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ > -│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ Specifies where in a web request to look for `TargetString` . -│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. -│ │ > -│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ > -│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ Specifies where in a web request to look for `TargetString` . -│ ├[~] resource AWS::WAF::IPSet -│ │ ├ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ │ > -│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ │ Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128. -│ │ │ To specify an individual IP address, you specify the four-part IP address followed by a `/32` , for example, 192.0.2.0/32. To block a range of IP addresses, you can specify /8 or any range between /16 through /32 (for IPv4) or /24, /32, /48, /56, /64, or /128 (for IPv6). For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) . -│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. -│ │ │ > -│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ │ > -│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ │ Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128. -│ │ │ To specify an individual IP address, you specify the four-part IP address followed by a `/32` , for example, 192.0.2.0/32. To block a range of IP addresses, you can specify /8 or any range between /16 through /32 (for IPv4) or /24, /32, /48, /56, /64, or /128 (for IPv6). For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) . -│ │ └ types -│ │ └[~] type IPSetDescriptor -│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ > -│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ Specifies the IP address type ( `IPV4` or `IPV6` ) and the IP address range (in CIDR format) that web requests originate from. -│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. -│ │ > -│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ > -│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ Specifies the IP address type ( `IPV4` or `IPV6` ) and the IP address range (in CIDR format) that web requests originate from. -│ ├[~] resource AWS::WAF::SizeConstraintSet -│ │ ├ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ │ > -│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ │ A complex type that contains `SizeConstraint` objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a `SizeConstraintSet` contains more than one `SizeConstraint` object, a request only needs to match one constraint to be considered a match. -│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. -│ │ │ > -│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ │ > -│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ │ A complex type that contains `SizeConstraint` objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a `SizeConstraintSet` contains more than one `SizeConstraint` object, a request only needs to match one constraint to be considered a match. -│ │ └ types -│ │ └[~] type SizeConstraint -│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ > -│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ Specifies a constraint on the size of a part of the web request. AWS WAF uses the `Size` , `ComparisonOperator` , and `FieldToMatch` to build an expression in the form of " `Size` `ComparisonOperator` size in bytes of `FieldToMatch` ". If that expression is true, the `SizeConstraint` is considered to match. -│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. -│ │ > -│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ > -│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ Specifies a constraint on the size of a part of the web request. AWS WAF uses the `Size` , `ComparisonOperator` , and `FieldToMatch` to build an expression in the form of " `Size` `ComparisonOperator` size in bytes of `FieldToMatch` ". If that expression is true, the `SizeConstraint` is considered to match. -│ ├[~] resource AWS::WAF::SqlInjectionMatchSet -│ │ ├ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ │ > -│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ │ A complex type that contains `SqlInjectionMatchTuple` objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a `SqlInjectionMatchSet` contains more than one `SqlInjectionMatchTuple` object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match. -│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. -│ │ │ > -│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ │ > -│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ │ A complex type that contains `SqlInjectionMatchTuple` objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a `SqlInjectionMatchSet` contains more than one `SqlInjectionMatchTuple` object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match. -│ │ └ types -│ │ └[~] type SqlInjectionMatchTuple -│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ > -│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. -│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. -│ │ > -│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ > -│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. -│ ├[~] resource AWS::WAF::WebACL -│ │ └ types -│ │ └[~] type WafAction -│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ > -│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. -│ │ For the action that is associated with a rule in a `WebACL` , specifies the action that you want AWS WAF to perform when a web request matches all of the conditions in a rule. For the default action in a `WebACL` , specifies the action that you want AWS WAF to take when a web request doesn't match all of the conditions in any of the rules in a `WebACL` . -│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025. -│ │ > -│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. -│ │ > -│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/lates \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c6e612584e352 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integ.json new file mode 100644 index 0000000000000..b03be16cbf1da --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "38.0.1", + "testCases": { + "integtest-model/DefaultTest": { + "stacks": [ + "vpcv2-import-integ-test" + ], + "assertionStack": "integtest-model/DefaultTest/DeployAssert", + "assertionStackName": "integtestmodelDefaultTestDeployAssertCF40BD53" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json new file mode 100644 index 0000000000000..1a14fac91ce61 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json new file mode 100644 index 0000000000000..1e4eb7b1b33cf --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json @@ -0,0 +1,151 @@ +{ + "version": "38.0.1", + "artifacts": { + "vpcv2-import-integ-test.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "vpcv2-import-integ-test.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "vpcv2-import-integ-test": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/us-west-2", + "properties": { + "templateFile": "vpcv2-import-integ-test.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-west-2", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-west-2", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/5d62285f365aaad1a318be65b4cbb19b1d8dd7336c95d61923a203dde81074c8.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "vpcv2-import-integ-test.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-us-west-2", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "vpcv2-import-integ-test.assets" + ], + "metadata": { + "/vpcv2-import-integ-test/ImportedNewVPC/InternetGateway/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCInternetGatewayIGWA7EB1B6C" + } + ], + "/vpcv2-import-integ-test/ImportedNewVPC/InternetGateway/GWAttachment": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCInternetGatewayGWAttachment5928F3D0" + } + ], + "/vpcv2-import-integ-test/ImportedNewVPC/ImportedPublicSubnet-DefaultRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCImportedPublicSubnetDefaultRoute56DCABA4" + } + ], + "/vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCAddnewImportedSubnetDefaultRoute40344A0C" + } + ], + "/vpcv2-import-integ-test/AddnewImportedSubnet/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "AddnewImportedSubnet53655C69" + } + ], + "/vpcv2-import-integ-test/AddnewImportedSubnet/RouteTable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "AddnewImportedSubnetRouteTable73C1E1B7" + } + ], + "/vpcv2-import-integ-test/AddnewImportedSubnet/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "AddnewImportedSubnetRouteTableAssociationE5634175" + } + ], + "/vpcv2-import-integ-test/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/vpcv2-import-integ-test/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "vpcv2-import-integ-test" + }, + "integtestmodelDefaultTestDeployAssertCF40BD53.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestmodelDefaultTestDeployAssertCF40BD53.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestmodelDefaultTestDeployAssertCF40BD53": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestmodelDefaultTestDeployAssertCF40BD53.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestmodelDefaultTestDeployAssertCF40BD53.assets" + ], + "metadata": { + "/integtest-model/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-model/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-model/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json new file mode 100644 index 0000000000000..edd5646aead9d --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json @@ -0,0 +1,325 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "vpcv2-import-integ-test": { + "id": "vpcv2-import-integ-test", + "path": "vpcv2-import-integ-test", + "children": { + "ImportedNewVPC": { + "id": "ImportedNewVPC", + "path": "vpcv2-import-integ-test/ImportedNewVPC", + "children": { + "InternetGateway": { + "id": "InternetGateway", + "path": "vpcv2-import-integ-test/ImportedNewVPC/InternetGateway", + "children": { + "IGW": { + "id": "IGW", + "path": "vpcv2-import-integ-test/ImportedNewVPC/InternetGateway/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "GWAttachment": { + "id": "GWAttachment", + "path": "vpcv2-import-integ-test/ImportedNewVPC/InternetGateway/GWAttachment", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "vpcId": "vpc-08193db3ccc4f909f" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.InternetGateway", + "version": "0.0.0" + } + }, + "ImportedPublicSubnet-DefaultRoute": { + "id": "ImportedPublicSubnet-DefaultRoute", + "path": "vpcv2-import-integ-test/ImportedNewVPC/ImportedPublicSubnet-DefaultRoute", + "children": { + "Route": { + "id": "Route", + "path": "vpcv2-import-integ-test/ImportedNewVPC/ImportedPublicSubnet-DefaultRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "routeTableId": "rtb-014f3043098fe4b96" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.Route", + "version": "0.0.0" + } + }, + "AddnewImportedSubnet-DefaultRoute": { + "id": "AddnewImportedSubnet-DefaultRoute", + "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultRoute", + "children": { + "Route": { + "id": "Route", + "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnetRouteTable73C1E1B7", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.Route", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.VpcV2Base", + "version": "0.0.0" + } + }, + "ImportedPublicSubnet": { + "id": "ImportedPublicSubnet", + "path": "vpcv2-import-integ-test/ImportedPublicSubnet", + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.ImportedSubnetV2", + "version": "0.0.0" + } + }, + "ImportedPrivateSubnet": { + "id": "ImportedPrivateSubnet", + "path": "vpcv2-import-integ-test/ImportedPrivateSubnet", + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.ImportedSubnetV2", + "version": "0.0.0" + } + }, + "ImportedCidrBlock": { + "id": "ImportedCidrBlock", + "path": "vpcv2-import-integ-test/ImportedCidrBlock", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "AddnewImportedSubnet": { + "id": "AddnewImportedSubnet", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet", + "children": { + "Subnet": { + "id": "Subnet", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-2a", + "cidrBlock": "10.2.2.0/24", + "vpcId": "vpc-08193db3ccc4f909f" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet/RouteTable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet/RouteTable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": "vpc-08193db3ccc4f909f" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnetRouteTable73C1E1B7", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "AddnewImportedSubnet53655C69" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "vpcv2-import-integ-test/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "vpcv2-import-integ-test/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integtest-model": { + "id": "integtest-model", + "path": "integtest-model", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integtest-model/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integtest-model/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integtest-model/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-model/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-model/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json new file mode 100644 index 0000000000000..1b231f6497789 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json @@ -0,0 +1,20 @@ +{ + "version": "38.0.1", + "files": { + "5d62285f365aaad1a318be65b4cbb19b1d8dd7336c95d61923a203dde81074c8": { + "source": { + "path": "vpcv2-import-integ-test.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-us-west-2": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2", + "objectKey": "5d62285f365aaad1a318be65b4cbb19b1d8dd7336c95d61923a203dde81074c8.json", + "region": "us-west-2", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json new file mode 100644 index 0000000000000..3e868ed3f3e73 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json @@ -0,0 +1,121 @@ +{ + "Resources": { + "ImportedNewVPCInternetGatewayIGWA7EB1B6C": { + "Type": "AWS::EC2::InternetGateway" + }, + "ImportedNewVPCInternetGatewayGWAttachment5928F3D0": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "VpcId": "vpc-08193db3ccc4f909f" + } + }, + "ImportedNewVPCImportedPublicSubnetDefaultRoute56DCABA4": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "RouteTableId": "rtb-014f3043098fe4b96" + }, + "DependsOn": [ + "ImportedNewVPCInternetGatewayGWAttachment5928F3D0", + "ImportedNewVPCInternetGatewayIGWA7EB1B6C" + ] + }, + "ImportedNewVPCAddnewImportedSubnetDefaultRoute40344A0C": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnetRouteTable73C1E1B7", + "RouteTableId" + ] + } + }, + "DependsOn": [ + "ImportedNewVPCInternetGatewayGWAttachment5928F3D0", + "ImportedNewVPCInternetGatewayIGWA7EB1B6C" + ] + }, + "AddnewImportedSubnet53655C69": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-2a", + "CidrBlock": "10.2.2.0/24", + "VpcId": "vpc-08193db3ccc4f909f" + } + }, + "AddnewImportedSubnetRouteTable73C1E1B7": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": "vpc-08193db3ccc4f909f" + } + }, + "AddnewImportedSubnetRouteTableAssociationE5634175": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnetRouteTable73C1E1B7", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "AddnewImportedSubnet53655C69" + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts new file mode 100644 index 0000000000000..7477757e9e156 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts @@ -0,0 +1,80 @@ +import * as VpcV2 from '../lib/vpc-v2'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import { SubnetType } from 'aws-cdk-lib/aws-ec2'; +import { IpCidr, SubnetV2 } from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'vpcv2-import-integ-test', { + env: { + region: 'us-west-2', + }, +}); + +/** + * Testing VPC import + */ +// const imported_vpc = VpcV2.VpcV2.fromVpcV2attributes(stack, 'ImportedVPC', { +// vpcId: 'vpc-058cd322b857c8c0d', +// vpcCidrBlock: '10.0.0.0/16', +// privateSubnets: [{ +// subnetId: 'subnet-0b29e0804726920a9', +// subnetType: SubnetType.PRIVATE, +// availabilityZone: 'us-west-2a', +// ipv4CidrBlock: '10.0.128.0/18', +// routeTableId: 'rtb-05d7e8cb38a502040', +// }], +// }); + +// imported_vpc.addInterfaceEndpoint('ec2Endpoint', { +// service: ec2.InterfaceVpcEndpointAwsService.EC2, +//}); + +const imported_new_vpc = VpcV2.VpcV2.fromVpcV2attributes(stack, 'ImportedNewVPC', { + vpcId: 'vpc-08193db3ccc4f909f', + vpcCidrBlock: '10.1.0.0/16', + secondaryCidrBlocks: [{ + vpcId: 'vpc-08193db3ccc4f909f', //eliminate VPC id and fetch it from above + cidrBlock: '10.2.0.0/16', + cidrBlockName: 'ImportedBlock1', + }, + { + vpcId: 'vpc-08193db3ccc4f909f', //another secondary address to test + cidrBlock: '10.3.0.0/16', + cidrBlockName: 'ImportedBlock2', + }], + privateSubnets: [{ + subnetId: 'subnet-03cd773c0fe08ed26', + subnetType: SubnetType.PRIVATE_ISOLATED, + availabilityZone: 'us-west-2a', + ipv4CidrBlock: '10.1.0.0/24', + routeTableId: 'rtb-0871c310f98da2cbb', + }], + publicSubnets: [{ + subnetId: 'subnet-0fa477e01db27d820', + subnetType: SubnetType.PUBLIC, + availabilityZone: 'us-west-2b', + ipv4CidrBlock: '10.3.0.0/24', + routeTableId: 'rtb-014f3043098fe4b96', + }], +}); + +new SubnetV2(stack, 'AddnewImportedSubnet', { + availabilityZone: 'us-west-2a', + ipv4CidrBlock: new IpCidr('10.2.2.0/24'), + vpc: imported_new_vpc, + subnetType: SubnetType.PUBLIC, +}); +new SubnetV2(stack, 'AddnewImportedSubnet', { + availabilityZone: 'us-west-2a', + ipv4CidrBlock: new IpCidr('10.3.2.0/24'), + vpc: imported_new_vpc, + subnetType: SubnetType.PUBLIC, +}); + +imported_new_vpc.addInternetGateway(); + +new IntegTest(app, 'integtest-model', { + testCases: [stack], +}); \ No newline at end of file From 4910b6f294e50aed6603b787507eba8bfe9c45de Mon Sep 17 00:00:00 2001 From: shikha372 Date: Tue, 15 Oct 2024 11:52:57 -0700 Subject: [PATCH 3/9] fix issue of subnet ip check with ipam range --- packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts | 11 + .../@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts | 43 +- .../@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts | 7 + packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts | 127 ++++-- .../manifest.json | 83 +++- .../integ.test-import.js.snapshot/tree.json | 427 +++++++++++++++++- .../vpcv2-import-integ-test.assets.json | 4 +- .../vpcv2-import-integ-test.template.json | 157 +++++++ .../aws-ec2-alpha/test/integ.test-import.ts | 90 +++- 9 files changed, 870 insertions(+), 79 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts index dc393fb149192..0d41d98f2cb5e 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts @@ -192,6 +192,11 @@ export interface IIpamPool{ */ readonly ipamCidrs: CfnIPAMPoolCidr[]; + /** + * Pool CIDR for IPv4 to be provisioned + */ + readonly ipamIpv4Cidrs?: string[]; + /** * Function to associate a IPv6 address with IPAM pool */ @@ -315,6 +320,11 @@ class IpamPool extends Resource implements IIpamPool { */ public readonly ipamCidrs: CfnIPAMPoolCidr[] = [] + /** + * Pool CIDR for IPv4 to be provisioned + */ + public readonly ipamIpv4Cidrs: string[] = [] + /** * Reference to ipamPool resource created in this class */ @@ -340,6 +350,7 @@ class IpamPool extends Resource implements IIpamPool { awsService: props.awsService, }); this.ipamPoolId = this._ipamPool.attrIpamPoolId; + props.ipv4ProvisionedCidrs?.map(cidr => (this.ipamIpv4Cidrs.push(cidr))); this.node.defaultChild = this._ipamPool; } diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts index 24809815cffa6..38704031b2418 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts @@ -4,7 +4,6 @@ import { Construct, DependencyGroup, IDependable } from 'constructs'; import { IVpcV2 } from './vpc-v2-base'; import { CidrBlock, CidrBlockIpv6 } from './util'; import { RouteTable } from './route'; -import { error } from 'console'; /** * Interface to define subnet CIDR @@ -476,9 +475,35 @@ function validateSupportIpv6(vpc: IVpcV2) { * @returns True if the CIDR range falls within the VPC's IP address ranges, false otherwise. * @internal */ +// function checkCidrRanges(vpc: IVpcV2, cidrRange: string) { + +// const vpcCidrBlock = [vpc.ipv4CidrBlock]; + +// if (vpc.secondaryCidrBlock) { +// for (const ipAddress of vpc.secondaryCidrBlock) { +// if (ipAddress.cidrBlock) { +// vpcCidrBlock.push(ipAddress.cidrBlock); +// } +// } +// const cidrs = vpcCidrBlock.map(cidr => new CidrBlock(cidr)); + +// const subnetCidrBlock = new CidrBlock(cidrRange); + +// return cidrs.some(c => c.containsCidr(subnetCidrBlock)); +// } +// if (vpc.ipv4ProvisionedCidrs) { + +// const cidrs = vpc.ipv4ProvisionedCidrs.map(cidr => new CidrBlock(cidr)); + +// const subnetCidrBlock = new CidrBlock(cidrRange); + +// return cidrs.some(c => c.containsCidr(subnetCidrBlock)); +// } else {throw error('No secondary IP address attached to VPC');} +// } function checkCidrRanges(vpc: IVpcV2, cidrRange: string) { const vpcCidrBlock = [vpc.ipv4CidrBlock]; + const allCidrs: CidrBlock[] = []; if (vpc.secondaryCidrBlock) { for (const ipAddress of vpc.secondaryCidrBlock) { @@ -487,11 +512,21 @@ function checkCidrRanges(vpc: IVpcV2, cidrRange: string) { } } const cidrs = vpcCidrBlock.map(cidr => new CidrBlock(cidr)); + allCidrs.push(...cidrs); + } + + if (vpc.ipv4ProvisionedCidrs) { + + const cidrs = vpc.ipv4ProvisionedCidrs.map(cidr => new CidrBlock(cidr)); + allCidrs.push(...cidrs); + } + if (allCidrs.length === 0) { + throw new Error('No secondary IP address attached to VPC'); + } - const subnetCidrBlock = new CidrBlock(cidrRange); + const subnetCidrBlock = new CidrBlock(cidrRange); - return cidrs.some(c => c.containsCidr(subnetCidrBlock)); - } else {throw error('No secondary IP address attached to VPC');} + return allCidrs.some(c => c.containsCidr(subnetCidrBlock)); } /** diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts index 2bdb3468432ae..15904a30e61aa 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts @@ -97,6 +97,13 @@ export interface IVpcV2 extends IVpc { */ readonly ipv4CidrBlock: string; + /** + * IPv4 CIDR provisioned under pool + * Required to check for overlapping CIDRs after provisioning + * is complete under IPAM pool + */ + readonly ipv4ProvisionedCidrs?: string[]; + /** * Add an Egress only Internet Gateway to current VPC. * Can only be used for ipv6 enabled VPCs. diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts index 64eae3410c86a..f1c9ef45c048b 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -3,7 +3,7 @@ import { Arn, CfnResource, Lazy, Names, Resource, Stack } from 'aws-cdk-lib/core import { Construct, DependencyGroup, IDependable } from 'constructs'; import { IpamOptions, IIpamPool } from './ipam'; import { IVpcV2, VpcV2Base } from './vpc-v2-base'; -import { ISubnetV2, ImportedSubnetV2, SubnetV2Attributes } from './subnet-v2'; +import { ISubnetV2, ImportedSubnetV2, SubnetV2Attributes } from './subnet-v2';; /** * Additional props needed for secondary Address @@ -112,6 +112,14 @@ export interface VpcCidrOptions { * @default - no name for primary addresses */ readonly cidrBlockName?: string; + + /** + * IPv4 CIDR provisioned under pool + * Required to check for overlapping CIDRs after provisioning + * is complete under IPAM pool + * @default - no IPAM IPv4 CIDR range is provisioned using IPAM + */ + readonly ipv4ProvisionedCidrs?: string[]; } /** @@ -233,7 +241,7 @@ export interface VpcV2Attributes { * Import Secondary CIDR blocks associated with VPC * @default - No secondary IP address */ - readonly secondaryCidrBlocks?: VPCCidrBlockProps[]; + readonly secondaryCidrBlocks?: VPCCidrBlockattributes[]; } @@ -315,10 +323,17 @@ export class VpcV2 extends VpcV2Base { public readonly internetConnectivityEstablished: IDependable; /** - * reference to all secondary blocks attached - */ + * reference to all secondary blocks attached + */ public readonly secondaryCidrBlock?: IVPCCidrBlock[] = new Array; + /** + * IPv4 CIDR provisioned under pool + * Required to check for overlapping CIDRs after provisioning + * is complete under IPAM pool + */ + public readonly ipv4ProvisionedCidrs?: string[]; + /** * For validation to define IPv6 subnets, set to true in case of * Amazon Provided IPv6 cidr range @@ -385,15 +400,17 @@ export class VpcV2 extends VpcV2Base { throw new Error('CIDR block should be in the same RFC 1918 range in the VPC'); } } - // const cfnVpcCidrBlock = new CfnVPCCidrBlock(this, secondaryVpcOptions.cidrBlockName, { - // vpcId: this.vpcId, - // cidrBlock: secondaryVpcOptions.ipv4CidrBlock, - // ipv4IpamPoolId: secondaryVpcOptions.ipv4IpamPool?.ipamPoolId, - // ipv4NetmaskLength: secondaryVpcOptions.ipv4NetmaskLength, - // ipv6NetmaskLength: secondaryVpcOptions.ipv6NetmaskLength, - // ipv6IpamPoolId: secondaryVpcOptions.ipv6IpamPool?.ipamPoolId, - // amazonProvidedIpv6CidrBlock: secondaryVpcOptions.amazonProvided, - // }); + + if (secondaryVpcOptions.ipv4ProvisionedCidrs!) { + let isOverlap; + for (const provisionedCidr of secondaryVpcOptions.ipv4ProvisionedCidrs) { + isOverlap = validateIpv4address(provisionedCidr, secondaryVpcOptions.ipv4CidrBlock); + } + if (isOverlap === false) { + throw new Error('CIDR block should be in the same RFC 1918 range in the VPC'); + } + this.ipv4ProvisionedCidrs?.push(...secondaryVpcOptions.ipv4ProvisionedCidrs); + } const cfnVpcCidrBlock = new VPCCidrBlock(this, secondaryVpcOptions.cidrBlockName, { vpcId: this.vpcId, cidrBlock: secondaryVpcOptions.ipv4CidrBlock, @@ -510,6 +527,7 @@ class IpamIpv4 implements IIpAddresses { ipv4NetmaskLength: this.props.netmaskLength, ipv4IpamPool: this.props.ipamPool, cidrBlockName: this.props?.cidrBlockName, + ipv4ProvisionedCidrs: this.props.ipamPool?.ipamIpv4Cidrs, }; } } @@ -534,6 +552,9 @@ class ImportedVpcV2 extends VpcV2Base { public readonly vpcCidrBlock: string; + // required to do CIDR range test on imported VPCs to create new subnets + public readonly ipv4ProvisionedCidrs: string[] = []; + constructor(scope: Construct, id: string, props: VpcV2Attributes) { super(scope, id, { region: props. region, @@ -548,15 +569,22 @@ class ImportedVpcV2 extends VpcV2Base { this.ipv4CidrBlock = props.vpcCidrBlock; this._vpnGatewayId = props.vpnGatewayId; //TODO if we need it for other gateways if (props.publicSubnets) { - this.publicSubnets = props.publicSubnets.map(subnet => new ImportedSubnetV2(scope, 'ImportedPublicSubnet', subnet)); + this.publicSubnets = props.publicSubnets.map(subnet => new ImportedSubnetV2(scope, subnet.subnetName?? 'ImportedPublicSubnet', subnet)); } if (props.privateSubnets) { - this.privateSubnets = props.privateSubnets.map(subnet => new ImportedSubnetV2(scope, 'ImportedPrivateSubnet', subnet)); + this.privateSubnets = props.privateSubnets.map(subnet => new ImportedSubnetV2(scope, subnet.subnetName?? 'ImportedPrivateSubnet', subnet)); } if (props.isolatedSubnets) { - this.isolatedSubnets = props.isolatedSubnets.map(subnet => new ImportedSubnetV2(scope, 'ImportedPrivateSubnet', subnet)); + this.isolatedSubnets = props.isolatedSubnets.map(subnet => new ImportedSubnetV2(scope, subnet.subnetName?? 'ImportedIsolatedSubnet', subnet)); + } + this.secondaryCidrBlock = props.secondaryCidrBlocks?.map(cidrBlock => VPCCidrBlock.fromVPCCidrBlockattributes(scope, cidrBlock.cidrBlockName ?? 'ImportedSecondaryCidrBlock', { ...cidrBlock })); + if (props.secondaryCidrBlocks) { + for (const cidr of props.secondaryCidrBlocks) { + if (cidr.ipv4ProvisionedCidrs) { + this.ipv4ProvisionedCidrs.push(...cidr.ipv4ProvisionedCidrs); + } + } } - this.secondaryCidrBlock = props.secondaryCidrBlocks?.map(cidrBlock => VPCCidrBlock.fromVPCCidrBlockattributes(scope, cidrBlock.cidrBlockName ?? 'ImportedSecondaryCidrBlock', cidrBlock)); } } @@ -603,13 +631,10 @@ function validateIpv4address(cidr1?: string, cidr2?: string): boolean { } /** - * Interface VPCCidrBlock + * Attributes for VPCCidrBlock used for defining a new VPCCIDRBlock + * and also importing an existing VPCCIDRBlock */ -export interface VPCCidrBlockProps { - /** - * The VPC Id - */ - readonly vpcId: string; +export interface VPCCidrBlockattributes { /** * The secondary IPv4 CIDR Block @@ -618,40 +643,60 @@ export interface VPCCidrBlockProps { readonly cidrBlock?: string; /** - * CIDR Block Name - * @default - no CIDR Block name generated, this field is required while importing CIDR block for VPC - */ + * CIDR Block Name + * @default - no CIDR Block name generated, this field is required while importing CIDR block for VPC + */ readonly cidrBlockName?: string; /** - * Opt for amazonProvided Ipv6 CIDR address - * @default false - */ + * Opt for amazonProvided Ipv6 CIDR address + * @default false + */ readonly amazonProvidedIpv6CidrBlock?: boolean; /** - * IPAM pool Id for IPv6 address type - * @default - no IPAM pool Id provided - */ + * IPAM pool Id for IPv6 address type + * @default - no IPAM pool Id provided + */ readonly ipv6IpamPoolId?: string; /** - * IPAM pool Id for IPv4 address type - * @default - no IPAM pool Id provided - */ + * IPAM pool Id for IPv4 address type + * @default - no IPAM pool Id provided + */ readonly ipv4IpamPoolId?: string; /** - * Net mask length for IPv4 address type - * @default - no Net mask length configured and it would fail the deployment - */ + * Net mask length for IPv4 address type + * @default - no Net mask length configured and it would fail the deployment + */ readonly ipv4NetmaskLength?: number; /** - * Net mask length for IPv6 address type - * @default - no Net mask length configured and it would fail the deployment + * IPv4 CIDR provisioned under pool + * Required to check for overlapping CIDRs after provisioning + * is complete under IPAM pool + * @default - no IPAM IPv4 CIDR range is provisioned using IPAM */ + readonly ipv4ProvisionedCidrs?: string[]; + + /** + * Net mask length for IPv6 address type + * @default - no Net mask length configured and it would fail the deployment + */ readonly ipv6NetmaskLength?: number; + +} + +/** + * Interface VPCCidrBlock + */ +interface VPCCidrBlockProps extends VPCCidrBlockattributes { + /** + * The VPC Id + */ + readonly vpcId: string; + } /** @@ -660,7 +705,7 @@ export interface VPCCidrBlockProps { */ class VPCCidrBlock extends Resource implements IVPCCidrBlock { - public static fromVPCCidrBlockattributes(scope: Construct, id: string, props: VPCCidrBlockProps) : IVPCCidrBlock { + public static fromVPCCidrBlockattributes(scope: Construct, id: string, props: VPCCidrBlockattributes) : IVPCCidrBlock { class Import extends Resource implements IVPCCidrBlock { public readonly cidrBlock = props.cidrBlock; public readonly amazonProvidedIpv6CidrBlock ?: boolean = props.amazonProvidedIpv6CidrBlock;; diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json index 1e4eb7b1b33cf..8e59a9d1095a1 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json @@ -19,7 +19,7 @@ "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-west-2", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-west-2", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/5d62285f365aaad1a318be65b4cbb19b1d8dd7336c95d61923a203dde81074c8.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/8bcc09e4eceabfb397695075b581f1f4e8f8a03b61ec24651ebe38d9da4f754e.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -53,12 +53,48 @@ "data": "ImportedNewVPCImportedPublicSubnetDefaultRoute56DCABA4" } ], + "/vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultIPv6Route/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCAddnewImportedSubnetDefaultIPv6Route98D952A0" + } + ], "/vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultRoute/Route": [ { "type": "aws:cdk:logicalId", "data": "ImportedNewVPCAddnewImportedSubnetDefaultRoute40344A0C" } ], + "/vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultIPv6Route/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCAddnewImportedSubnet2DefaultIPv6Route1EBC364B" + } + ], + "/vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultRoute/Route": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCAddnewImportedSubnet2DefaultRouteE8630009" + } + ], + "/vpcv2-import-integ-test/ImportedNewVPC/NATGateway/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCNATGatewayEIP36F5A670" + } + ], + "/vpcv2-import-integ-test/ImportedNewVPC/NATGateway/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCNATGatewayE0ECDDFA" + } + ], + "/vpcv2-import-integ-test/ImportedNewVPC/EgressOnlyGW/EIGW": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCEgressOnlyGWEIGWF9D837A6" + } + ], "/vpcv2-import-integ-test/AddnewImportedSubnet/Subnet": [ { "type": "aws:cdk:logicalId", @@ -77,6 +113,51 @@ "data": "AddnewImportedSubnetRouteTableAssociationE5634175" } ], + "/vpcv2-import-integ-test/AddnewImportedSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "AddnewImportedSubnet2SubnetD9533DC5" + } + ], + "/vpcv2-import-integ-test/AddnewImportedSubnet2/RouteTable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "AddnewImportedSubnet2RouteTable2F07FB4F" + } + ], + "/vpcv2-import-integ-test/AddnewImportedSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "AddnewImportedSubnet2RouteTableAssociationA2C6CDF7" + } + ], + "/vpcv2-import-integ-test/ImportedIPAMVPC/EgressOnlyGW/EIGW": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedIPAMVPCEgressOnlyGWEIGW52C5892F" + } + ], + "/vpcv2-import-integ-test/AddnewSubnettoImportedIpam/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "AddnewSubnettoImportedIpamSubnet0F5C302A", + "trace": [ + "!!DESTRUCTIVE_CHANGES: MAY_REPLACE" + ] + } + ], + "/vpcv2-import-integ-test/AddnewSubnettoImportedIpam/RouteTable/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "AddnewSubnettoImportedIpamRouteTable1AE0FBA3" + } + ], + "/vpcv2-import-integ-test/AddnewSubnettoImportedIpam/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "AddnewSubnettoImportedIpamRouteTableAssociation20268806" + } + ], "/vpcv2-import-integ-test/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json index edd5646aead9d..07667e1059825 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json @@ -85,6 +85,42 @@ "version": "0.0.0" } }, + "AddnewImportedSubnet-DefaultIPv6Route": { + "id": "AddnewImportedSubnet-DefaultIPv6Route", + "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultIPv6Route", + "children": { + "Route": { + "id": "Route", + "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultIPv6Route/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationIpv6CidrBlock": "::/0", + "gatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnetRouteTable73C1E1B7", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.Route", + "version": "0.0.0" + } + }, "AddnewImportedSubnet-DefaultRoute": { "id": "AddnewImportedSubnet-DefaultRoute", "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultRoute", @@ -120,6 +156,146 @@ "fqn": "@aws-cdk/aws-ec2-alpha.Route", "version": "0.0.0" } + }, + "AddnewImportedSubnet2-DefaultIPv6Route": { + "id": "AddnewImportedSubnet2-DefaultIPv6Route", + "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultIPv6Route", + "children": { + "Route": { + "id": "Route", + "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultIPv6Route/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationIpv6CidrBlock": "::/0", + "gatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnet2RouteTable2F07FB4F", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.Route", + "version": "0.0.0" + } + }, + "AddnewImportedSubnet2-DefaultRoute": { + "id": "AddnewImportedSubnet2-DefaultRoute", + "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultRoute", + "children": { + "Route": { + "id": "Route", + "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultRoute/Route", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "routeTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnet2RouteTable2F07FB4F", + "RouteTableId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.Route", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "vpcv2-import-integ-test/ImportedNewVPC/NATGateway", + "children": { + "EIP": { + "id": "EIP", + "path": "vpcv2-import-integ-test/ImportedNewVPC/NATGateway/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc-08193db3ccc4f909f" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "vpcv2-import-integ-test/ImportedNewVPC/NATGateway/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "ImportedNewVPCNATGatewayEIP36F5A670", + "AllocationId" + ] + }, + "subnetId": "subnet-0d441651f6653d4a7" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.NatGateway", + "version": "0.0.0" + } + }, + "EgressOnlyGW": { + "id": "EgressOnlyGW", + "path": "vpcv2-import-integ-test/ImportedNewVPC/EgressOnlyGW", + "children": { + "EIGW": { + "id": "EIGW", + "path": "vpcv2-import-integ-test/ImportedNewVPC/EgressOnlyGW/EIGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EgressOnlyInternetGateway", + "aws:cdk:cloudformation:props": { + "vpcId": "vpc-08193db3ccc4f909f" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEgressOnlyInternetGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.EgressOnlyInternetGateway", + "version": "0.0.0" + } } }, "constructInfo": { @@ -135,17 +311,33 @@ "version": "0.0.0" } }, - "ImportedPrivateSubnet": { - "id": "ImportedPrivateSubnet", - "path": "vpcv2-import-integ-test/ImportedPrivateSubnet", + "IsolatedSubnet2": { + "id": "IsolatedSubnet2", + "path": "vpcv2-import-integ-test/IsolatedSubnet2", "constructInfo": { "fqn": "@aws-cdk/aws-ec2-alpha.ImportedSubnetV2", "version": "0.0.0" } }, - "ImportedCidrBlock": { - "id": "ImportedCidrBlock", - "path": "vpcv2-import-integ-test/ImportedCidrBlock", + "ImportedBlock1": { + "id": "ImportedBlock1", + "path": "vpcv2-import-integ-test/ImportedBlock1", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "ImportedBlock2": { + "id": "ImportedBlock2", + "path": "vpcv2-import-integ-test/ImportedBlock2", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "ImportedSecondaryCidrBlock": { + "id": "ImportedSecondaryCidrBlock", + "path": "vpcv2-import-integ-test/ImportedSecondaryCidrBlock", "constructInfo": { "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" @@ -164,6 +356,7 @@ "assignIpv6AddressOnCreation": false, "availabilityZone": "us-west-2a", "cidrBlock": "10.2.2.0/24", + "ipv6CidrBlock": "2600:1f14:b1d:6500::/64", "vpcId": "vpc-08193db3ccc4f909f" } }, @@ -232,6 +425,228 @@ "version": "0.0.0" } }, + "AddnewImportedSubnet2": { + "id": "AddnewImportedSubnet2", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-2a", + "cidrBlock": "10.3.2.0/24", + "ipv6CidrBlock": "2600:1f14:b1d:6501::/64", + "vpcId": "vpc-08193db3ccc4f909f" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet2/RouteTable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet2/RouteTable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": "vpc-08193db3ccc4f909f" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "vpcv2-import-integ-test/AddnewImportedSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnet2RouteTable2F07FB4F", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "AddnewImportedSubnet2SubnetD9533DC5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", + "version": "0.0.0" + } + }, + "IsolatedSubnet1": { + "id": "IsolatedSubnet1", + "path": "vpcv2-import-integ-test/IsolatedSubnet1", + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.ImportedSubnetV2", + "version": "0.0.0" + } + }, + "ImportedIPAMVPC": { + "id": "ImportedIPAMVPC", + "path": "vpcv2-import-integ-test/ImportedIPAMVPC", + "children": { + "EgressOnlyGW": { + "id": "EgressOnlyGW", + "path": "vpcv2-import-integ-test/ImportedIPAMVPC/EgressOnlyGW", + "children": { + "EIGW": { + "id": "EIGW", + "path": "vpcv2-import-integ-test/ImportedIPAMVPC/EgressOnlyGW/EIGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EgressOnlyInternetGateway", + "aws:cdk:cloudformation:props": { + "vpcId": "vpc-02407f4a207815a97" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEgressOnlyInternetGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.EgressOnlyInternetGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.VpcV2Base", + "version": "0.0.0" + } + }, + "ImportedIpamIpv6": { + "id": "ImportedIpamIpv6", + "path": "vpcv2-import-integ-test/ImportedIpamIpv6", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "ImportedIpamIpv4": { + "id": "ImportedIpamIpv4", + "path": "vpcv2-import-integ-test/ImportedIpamIpv4", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "AddnewSubnettoImportedIpam": { + "id": "AddnewSubnettoImportedIpam", + "path": "vpcv2-import-integ-test/AddnewSubnettoImportedIpam", + "children": { + "Subnet": { + "id": "Subnet", + "path": "vpcv2-import-integ-test/AddnewSubnettoImportedIpam/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "assignIpv6AddressOnCreation": false, + "availabilityZone": "us-west-2a", + "cidrBlock": "10.2.1.0/28", + "ipv6CidrBlock": "2600:1f24:6c:4000::/64", + "vpcId": "vpc-02407f4a207815a97" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "vpcv2-import-integ-test/AddnewSubnettoImportedIpam/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "vpcv2-import-integ-test/AddnewSubnettoImportedIpam/RouteTable", + "children": { + "RouteTable": { + "id": "RouteTable", + "path": "vpcv2-import-integ-test/AddnewSubnettoImportedIpam/RouteTable/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": "vpc-02407f4a207815a97" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.RouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "vpcv2-import-integ-test/AddnewSubnettoImportedIpam/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Fn::GetAtt": [ + "AddnewSubnettoImportedIpamRouteTable1AE0FBA3", + "RouteTableId" + ] + }, + "subnetId": { + "Ref": "AddnewSubnettoImportedIpamSubnet0F5C302A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.SubnetV2", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "vpcv2-import-integ-test/BootstrapVersion", diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json index 1b231f6497789..58c63d91d0496 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json @@ -1,7 +1,7 @@ { "version": "38.0.1", "files": { - "5d62285f365aaad1a318be65b4cbb19b1d8dd7336c95d61923a203dde81074c8": { + "8bcc09e4eceabfb397695075b581f1f4e8f8a03b61ec24651ebe38d9da4f754e": { "source": { "path": "vpcv2-import-integ-test.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-us-west-2": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2", - "objectKey": "5d62285f365aaad1a318be65b4cbb19b1d8dd7336c95d61923a203dde81074c8.json", + "objectKey": "8bcc09e4eceabfb397695075b581f1f4e8f8a03b61ec24651ebe38d9da4f754e.json", "region": "us-west-2", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2" } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json index 3e868ed3f3e73..0b60ec6faaba1 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json @@ -32,6 +32,28 @@ "ImportedNewVPCInternetGatewayIGWA7EB1B6C" ] }, + "ImportedNewVPCAddnewImportedSubnetDefaultIPv6Route98D952A0": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationIpv6CidrBlock": "::/0", + "GatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnetRouteTable73C1E1B7", + "RouteTableId" + ] + } + }, + "DependsOn": [ + "ImportedNewVPCInternetGatewayGWAttachment5928F3D0", + "ImportedNewVPCInternetGatewayIGWA7EB1B6C" + ] + }, "ImportedNewVPCAddnewImportedSubnetDefaultRoute40344A0C": { "Type": "AWS::EC2::Route", "Properties": { @@ -54,12 +76,81 @@ "ImportedNewVPCInternetGatewayIGWA7EB1B6C" ] }, + "ImportedNewVPCAddnewImportedSubnet2DefaultIPv6Route1EBC364B": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationIpv6CidrBlock": "::/0", + "GatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnet2RouteTable2F07FB4F", + "RouteTableId" + ] + } + }, + "DependsOn": [ + "ImportedNewVPCInternetGatewayGWAttachment5928F3D0", + "ImportedNewVPCInternetGatewayIGWA7EB1B6C" + ] + }, + "ImportedNewVPCAddnewImportedSubnet2DefaultRouteE8630009": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Fn::GetAtt": [ + "ImportedNewVPCInternetGatewayIGWA7EB1B6C", + "InternetGatewayId" + ] + }, + "RouteTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnet2RouteTable2F07FB4F", + "RouteTableId" + ] + } + }, + "DependsOn": [ + "ImportedNewVPCInternetGatewayGWAttachment5928F3D0", + "ImportedNewVPCInternetGatewayIGWA7EB1B6C" + ] + }, + "ImportedNewVPCNATGatewayEIP36F5A670": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc-08193db3ccc4f909f" + } + }, + "ImportedNewVPCNATGatewayE0ECDDFA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "ImportedNewVPCNATGatewayEIP36F5A670", + "AllocationId" + ] + }, + "SubnetId": "subnet-0d441651f6653d4a7" + } + }, + "ImportedNewVPCEgressOnlyGWEIGWF9D837A6": { + "Type": "AWS::EC2::EgressOnlyInternetGateway", + "Properties": { + "VpcId": "vpc-08193db3ccc4f909f" + } + }, "AddnewImportedSubnet53655C69": { "Type": "AWS::EC2::Subnet", "Properties": { "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2a", "CidrBlock": "10.2.2.0/24", + "Ipv6CidrBlock": "2600:1f14:b1d:6500::/64", "VpcId": "vpc-08193db3ccc4f909f" } }, @@ -82,6 +173,72 @@ "Ref": "AddnewImportedSubnet53655C69" } } + }, + "AddnewImportedSubnet2SubnetD9533DC5": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-2a", + "CidrBlock": "10.3.2.0/24", + "Ipv6CidrBlock": "2600:1f14:b1d:6501::/64", + "VpcId": "vpc-08193db3ccc4f909f" + } + }, + "AddnewImportedSubnet2RouteTable2F07FB4F": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": "vpc-08193db3ccc4f909f" + } + }, + "AddnewImportedSubnet2RouteTableAssociationA2C6CDF7": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "AddnewImportedSubnet2RouteTable2F07FB4F", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "AddnewImportedSubnet2SubnetD9533DC5" + } + } + }, + "ImportedIPAMVPCEgressOnlyGWEIGW52C5892F": { + "Type": "AWS::EC2::EgressOnlyInternetGateway", + "Properties": { + "VpcId": "vpc-02407f4a207815a97" + } + }, + "AddnewSubnettoImportedIpamSubnet0F5C302A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AssignIpv6AddressOnCreation": false, + "AvailabilityZone": "us-west-2a", + "CidrBlock": "10.2.1.0/28", + "Ipv6CidrBlock": "2600:1f24:6c:4000::/64", + "VpcId": "vpc-02407f4a207815a97" + } + }, + "AddnewSubnettoImportedIpamRouteTable1AE0FBA3": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": "vpc-02407f4a207815a97" + } + }, + "AddnewSubnettoImportedIpamRouteTableAssociation20268806": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Fn::GetAtt": [ + "AddnewSubnettoImportedIpamRouteTable1AE0FBA3", + "RouteTableId" + ] + }, + "SubnetId": { + "Ref": "AddnewSubnettoImportedIpamSubnet0F5C302A" + } + } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts index 7477757e9e156..1631cce1140ba 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts @@ -13,43 +13,32 @@ const stack = new cdk.Stack(app, 'vpcv2-import-integ-test', { }); /** - * Testing VPC import + * To deploy these test for importing VPCs + * Create VPC in account using integ.vpc-v2-alpha + * and integ.ipam.ts for IPAM related test + * Once created, change the subnet and VPCID + * according to the one alloted on creation */ -// const imported_vpc = VpcV2.VpcV2.fromVpcV2attributes(stack, 'ImportedVPC', { -// vpcId: 'vpc-058cd322b857c8c0d', -// vpcCidrBlock: '10.0.0.0/16', -// privateSubnets: [{ -// subnetId: 'subnet-0b29e0804726920a9', -// subnetType: SubnetType.PRIVATE, -// availabilityZone: 'us-west-2a', -// ipv4CidrBlock: '10.0.128.0/18', -// routeTableId: 'rtb-05d7e8cb38a502040', -// }], -// }); - -// imported_vpc.addInterfaceEndpoint('ec2Endpoint', { -// service: ec2.InterfaceVpcEndpointAwsService.EC2, -//}); - const imported_new_vpc = VpcV2.VpcV2.fromVpcV2attributes(stack, 'ImportedNewVPC', { - vpcId: 'vpc-08193db3ccc4f909f', + vpcId: 'vpc-08193db3ccc4f909f', //VPC id vpcCidrBlock: '10.1.0.0/16', secondaryCidrBlocks: [{ - vpcId: 'vpc-08193db3ccc4f909f', //eliminate VPC id and fetch it from above cidrBlock: '10.2.0.0/16', cidrBlockName: 'ImportedBlock1', }, { - vpcId: 'vpc-08193db3ccc4f909f', //another secondary address to test cidrBlock: '10.3.0.0/16', cidrBlockName: 'ImportedBlock2', + }, { + amazonProvidedIpv6CidrBlock: true, }], - privateSubnets: [{ - subnetId: 'subnet-03cd773c0fe08ed26', + isolatedSubnets: [{ + subnetName: 'IsolatedSubnet2', + subnetId: 'subnet-03cd773c0fe08ed26', //Subnet Id subnetType: SubnetType.PRIVATE_ISOLATED, availabilityZone: 'us-west-2a', - ipv4CidrBlock: '10.1.0.0/24', - routeTableId: 'rtb-0871c310f98da2cbb', + ipv4CidrBlock: '10.2.0.0/24', + routeTableId: 'rtb-0871c310f98da2cbb', //RouteTable id }], publicSubnets: [{ subnetId: 'subnet-0fa477e01db27d820', @@ -60,21 +49,72 @@ const imported_new_vpc = VpcV2.VpcV2.fromVpcV2attributes(stack, 'ImportedNewVPC' }], }); +//Test to add new subnet to imported VPC against secondary range new SubnetV2(stack, 'AddnewImportedSubnet', { availabilityZone: 'us-west-2a', ipv4CidrBlock: new IpCidr('10.2.2.0/24'), + //can be uncommented and modified after allocation is done using Amazon Provided Ipv6 + //ipv6CidrBlock: new IpCidr('2600:1f14:b1d:6500::/64'), vpc: imported_new_vpc, subnetType: SubnetType.PUBLIC, }); -new SubnetV2(stack, 'AddnewImportedSubnet', { + +//Test to add new subnet to imported VPC against secondary range +new SubnetV2(stack, 'AddnewImportedSubnet2', { availabilityZone: 'us-west-2a', ipv4CidrBlock: new IpCidr('10.3.2.0/24'), + //can be uncommented and modified after allocation is done using Amazon Provided Ipv6 + //ipv6CidrBlock: new IpCidr('2600:1f14:b1d:6500::/64'), vpc: imported_new_vpc, subnetType: SubnetType.PUBLIC, }); +const ImportedSubnet = SubnetV2.fromSubnetV2attributes(stack, 'IsolatedSubnet1', { + subnetId: 'subnet-0d441651f6653d4a7', + subnetType: SubnetType.PRIVATE_ISOLATED, + availabilityZone: 'us-west-2b', + ipv4CidrBlock: '10.2.0.0/24', + routeTableId: 'rtb-0f02fab3ed3fb4ba9', +}); + +//Test to add different types of gateways imported_new_vpc.addInternetGateway(); +imported_new_vpc.addNatGateway({ + subnet: ImportedSubnet, +}); + +imported_new_vpc.addEgressOnlyInternetGateway(); + +// Import another IPAM enabled VPC +const ipamvpc = VpcV2.VpcV2.fromVpcV2attributes(stack, 'ImportedIPAMVPC', { + vpcId: 'vpc-02407f4a207815a97', + vpcCidrBlock: '10.0.0.0/16', + secondaryCidrBlocks: [{ + ipv6IpamPoolId: 'ipam-pool-0316c6848898c09e0', + ipv6NetmaskLength: 52, + cidrBlockName: 'ImportedIpamIpv6', + }, + { + ipv4IpamPoolId: 'ipam-pool-0d53ae29b3b8ca8de', + ipv4ProvisionedCidrs: ['10.2.0.0/16'], + cidrBlockName: 'ImportedIpamIpv4', + }], +}); + +//Test to add different types of gateways +ipamvpc.addEgressOnlyInternetGateway(); + +//Test to add new subnet to imported VPC against IPAM range +new SubnetV2(stack, 'AddnewSubnettoImportedIpam', { + availabilityZone: 'us-west-2a', + ipv4CidrBlock: new IpCidr('10.2.1.0/28'), + //can be uncommented and modified after allocation is done using IPAM - Amazon Provided Ipv6 + ipv6CidrBlock: new IpCidr('2600:1f24:6c:4000::/64'), + vpc: ipamvpc, + subnetType: SubnetType.PUBLIC, +}); + new IntegTest(app, 'integtest-model', { testCases: [stack], }); \ No newline at end of file From 34fdfb3ccad31d6f28b582dbd76c7cbe0226baac Mon Sep 17 00:00:00 2001 From: shikha372 Date: Tue, 15 Oct 2024 12:14:29 -0700 Subject: [PATCH 4/9] fix unit tests --- packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts | 8 -------- packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts | 2 +- packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts | 2 +- packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts | 6 +++--- 4 files changed, 5 insertions(+), 13 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts index f1c9ef45c048b..f43e316572453 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -400,15 +400,7 @@ export class VpcV2 extends VpcV2Base { throw new Error('CIDR block should be in the same RFC 1918 range in the VPC'); } } - if (secondaryVpcOptions.ipv4ProvisionedCidrs!) { - let isOverlap; - for (const provisionedCidr of secondaryVpcOptions.ipv4ProvisionedCidrs) { - isOverlap = validateIpv4address(provisionedCidr, secondaryVpcOptions.ipv4CidrBlock); - } - if (isOverlap === false) { - throw new Error('CIDR block should be in the same RFC 1918 range in the VPC'); - } this.ipv4ProvisionedCidrs?.push(...secondaryVpcOptions.ipv4ProvisionedCidrs); } const cfnVpcCidrBlock = new VPCCidrBlock(this, secondaryVpcOptions.cidrBlockName, { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts index aa3fd7884bccd..59d3ce4820176 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/ipam.test.ts @@ -60,7 +60,7 @@ describe('IPAM Test', () => { }); new vpc.VpcV2(stack, 'TestVPC', { - primaryAddressBlock: vpc.IpAddresses.ipv4('10.2.0.0/16'), + primaryAddressBlock: vpc.IpAddresses.ipv4('10.1.0.0/16'), secondaryAddressBlocks: [vpc.IpAddresses.ipv4Ipam({ ipamPool: pool, netmaskLength: 20, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts index caf371cc524d4..b43f9be207f74 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/subnet-v2.test.ts @@ -207,7 +207,7 @@ describe('Subnet V2 with custom IP and routing', () => { }, }, TestVPCD26570D8: { Type: 'AWS::EC2::VPC' }, - TestVPCipv6Ipam6024F9EC: { Type: 'AWS::EC2::VPCCidrBlock' }, + TestVPCipv6IpamFF061725: { Type: 'AWS::EC2::VPCCidrBlock' }, IpamSubnet78671F8A: { Type: 'AWS::EC2::Subnet', Properties: { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts index 5b2167ae3007b..6c3087ce42a77 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/vpc-v2.test.ts @@ -56,7 +56,7 @@ describe('Vpc V2 with full control', () => { EnableDnsSupport: true, }, }, - TestVpcSecondaryAddressD76FCD9C: { + TestVpcSecondaryAddress72BC831D: { Type: 'AWS::EC2::VPCCidrBlock', Properties: { VpcId: { @@ -104,7 +104,7 @@ describe('Vpc V2 with full control', () => { EnableDnsSupport: true, }, }, - TestVpcAmazonProvided569F7097: { + TestVpcAmazonProvided00BF109D: { Type: 'AWS::EC2::VPCCidrBlock', Properties: { AmazonProvidedIpv6CidrBlock: true, //Amazon Provided IPv6 address @@ -235,7 +235,7 @@ describe('Vpc V2 with full control', () => { EnableDnsSupport: true, }, }, - TestVpcIPv6Ipam178145A5: { + TestVpcIPv6Ipam402F1C75: { Type: 'AWS::EC2::VPCCidrBlock', Properties: { VpcId: { From e1b038c82a1ab473cb20b1c12cfc3e50c040e6be Mon Sep 17 00:00:00 2001 From: shikha372 Date: Tue, 15 Oct 2024 18:12:50 -0700 Subject: [PATCH 5/9] adding unit test for defining imports --- .../manifest.json | 47 +++-- .../integ.test-import.js.snapshot/tree.json | 74 ------- .../vpcv2-import-integ-test.assets.json | 4 +- .../vpcv2-import-integ-test.template.json | 46 ----- .../aws-ec2-alpha/test/vpcv2-import.test.ts | 190 ++++++++++++++++++ 5 files changed, 220 insertions(+), 141 deletions(-) create mode 100644 packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json index 8e59a9d1095a1..617ebfcf6f9f4 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/manifest.json @@ -19,7 +19,7 @@ "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-west-2", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-west-2", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/8bcc09e4eceabfb397695075b581f1f4e8f8a03b61ec24651ebe38d9da4f754e.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2/10cbe304a3bd42e3465787e1f8f7f9ab051a9af6b83f2eeb56422e7e3c6e60b1.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -53,24 +53,12 @@ "data": "ImportedNewVPCImportedPublicSubnetDefaultRoute56DCABA4" } ], - "/vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultIPv6Route/Route": [ - { - "type": "aws:cdk:logicalId", - "data": "ImportedNewVPCAddnewImportedSubnetDefaultIPv6Route98D952A0" - } - ], "/vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultRoute/Route": [ { "type": "aws:cdk:logicalId", "data": "ImportedNewVPCAddnewImportedSubnetDefaultRoute40344A0C" } ], - "/vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultIPv6Route/Route": [ - { - "type": "aws:cdk:logicalId", - "data": "ImportedNewVPCAddnewImportedSubnet2DefaultIPv6Route1EBC364B" - } - ], "/vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultRoute/Route": [ { "type": "aws:cdk:logicalId", @@ -98,7 +86,10 @@ "/vpcv2-import-integ-test/AddnewImportedSubnet/Subnet": [ { "type": "aws:cdk:logicalId", - "data": "AddnewImportedSubnet53655C69" + "data": "AddnewImportedSubnet53655C69", + "trace": [ + "!!DESTRUCTIVE_CHANGES: MAY_REPLACE" + ] } ], "/vpcv2-import-integ-test/AddnewImportedSubnet/RouteTable/RouteTable": [ @@ -116,7 +107,10 @@ "/vpcv2-import-integ-test/AddnewImportedSubnet2/Subnet": [ { "type": "aws:cdk:logicalId", - "data": "AddnewImportedSubnet2SubnetD9533DC5" + "data": "AddnewImportedSubnet2SubnetD9533DC5", + "trace": [ + "!!DESTRUCTIVE_CHANGES: MAY_REPLACE" + ] } ], "/vpcv2-import-integ-test/AddnewImportedSubnet2/RouteTable/RouteTable": [ @@ -140,10 +134,7 @@ "/vpcv2-import-integ-test/AddnewSubnettoImportedIpam/Subnet": [ { "type": "aws:cdk:logicalId", - "data": "AddnewSubnettoImportedIpamSubnet0F5C302A", - "trace": [ - "!!DESTRUCTIVE_CHANGES: MAY_REPLACE" - ] + "data": "AddnewSubnettoImportedIpamSubnet0F5C302A" } ], "/vpcv2-import-integ-test/AddnewSubnettoImportedIpam/RouteTable/RouteTable": [ @@ -169,6 +160,24 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "ImportedNewVPCAddnewImportedSubnetDefaultIPv6Route98D952A0": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCAddnewImportedSubnetDefaultIPv6Route98D952A0", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "ImportedNewVPCAddnewImportedSubnet2DefaultIPv6Route1EBC364B": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedNewVPCAddnewImportedSubnet2DefaultIPv6Route1EBC364B", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "vpcv2-import-integ-test" diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json index 07667e1059825..9bb101833e472 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/tree.json @@ -85,42 +85,6 @@ "version": "0.0.0" } }, - "AddnewImportedSubnet-DefaultIPv6Route": { - "id": "AddnewImportedSubnet-DefaultIPv6Route", - "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultIPv6Route", - "children": { - "Route": { - "id": "Route", - "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultIPv6Route/Route", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Route", - "aws:cdk:cloudformation:props": { - "destinationIpv6CidrBlock": "::/0", - "gatewayId": { - "Fn::GetAtt": [ - "ImportedNewVPCInternetGatewayIGWA7EB1B6C", - "InternetGatewayId" - ] - }, - "routeTableId": { - "Fn::GetAtt": [ - "AddnewImportedSubnetRouteTable73C1E1B7", - "RouteTableId" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-ec2-alpha.Route", - "version": "0.0.0" - } - }, "AddnewImportedSubnet-DefaultRoute": { "id": "AddnewImportedSubnet-DefaultRoute", "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet-DefaultRoute", @@ -157,42 +121,6 @@ "version": "0.0.0" } }, - "AddnewImportedSubnet2-DefaultIPv6Route": { - "id": "AddnewImportedSubnet2-DefaultIPv6Route", - "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultIPv6Route", - "children": { - "Route": { - "id": "Route", - "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultIPv6Route/Route", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Route", - "aws:cdk:cloudformation:props": { - "destinationIpv6CidrBlock": "::/0", - "gatewayId": { - "Fn::GetAtt": [ - "ImportedNewVPCInternetGatewayIGWA7EB1B6C", - "InternetGatewayId" - ] - }, - "routeTableId": { - "Fn::GetAtt": [ - "AddnewImportedSubnet2RouteTable2F07FB4F", - "RouteTableId" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-ec2-alpha.Route", - "version": "0.0.0" - } - }, "AddnewImportedSubnet2-DefaultRoute": { "id": "AddnewImportedSubnet2-DefaultRoute", "path": "vpcv2-import-integ-test/ImportedNewVPC/AddnewImportedSubnet2-DefaultRoute", @@ -356,7 +284,6 @@ "assignIpv6AddressOnCreation": false, "availabilityZone": "us-west-2a", "cidrBlock": "10.2.2.0/24", - "ipv6CidrBlock": "2600:1f14:b1d:6500::/64", "vpcId": "vpc-08193db3ccc4f909f" } }, @@ -438,7 +365,6 @@ "assignIpv6AddressOnCreation": false, "availabilityZone": "us-west-2a", "cidrBlock": "10.3.2.0/24", - "ipv6CidrBlock": "2600:1f14:b1d:6501::/64", "vpcId": "vpc-08193db3ccc4f909f" } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json index 58c63d91d0496..7286ed241f470 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.assets.json @@ -1,7 +1,7 @@ { "version": "38.0.1", "files": { - "8bcc09e4eceabfb397695075b581f1f4e8f8a03b61ec24651ebe38d9da4f754e": { + "10cbe304a3bd42e3465787e1f8f7f9ab051a9af6b83f2eeb56422e7e3c6e60b1": { "source": { "path": "vpcv2-import-integ-test.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-us-west-2": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-west-2", - "objectKey": "8bcc09e4eceabfb397695075b581f1f4e8f8a03b61ec24651ebe38d9da4f754e.json", + "objectKey": "10cbe304a3bd42e3465787e1f8f7f9ab051a9af6b83f2eeb56422e7e3c6e60b1.json", "region": "us-west-2", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-west-2" } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json index 0b60ec6faaba1..9b92be0a64da2 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.js.snapshot/vpcv2-import-integ-test.template.json @@ -32,28 +32,6 @@ "ImportedNewVPCInternetGatewayIGWA7EB1B6C" ] }, - "ImportedNewVPCAddnewImportedSubnetDefaultIPv6Route98D952A0": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationIpv6CidrBlock": "::/0", - "GatewayId": { - "Fn::GetAtt": [ - "ImportedNewVPCInternetGatewayIGWA7EB1B6C", - "InternetGatewayId" - ] - }, - "RouteTableId": { - "Fn::GetAtt": [ - "AddnewImportedSubnetRouteTable73C1E1B7", - "RouteTableId" - ] - } - }, - "DependsOn": [ - "ImportedNewVPCInternetGatewayGWAttachment5928F3D0", - "ImportedNewVPCInternetGatewayIGWA7EB1B6C" - ] - }, "ImportedNewVPCAddnewImportedSubnetDefaultRoute40344A0C": { "Type": "AWS::EC2::Route", "Properties": { @@ -76,28 +54,6 @@ "ImportedNewVPCInternetGatewayIGWA7EB1B6C" ] }, - "ImportedNewVPCAddnewImportedSubnet2DefaultIPv6Route1EBC364B": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationIpv6CidrBlock": "::/0", - "GatewayId": { - "Fn::GetAtt": [ - "ImportedNewVPCInternetGatewayIGWA7EB1B6C", - "InternetGatewayId" - ] - }, - "RouteTableId": { - "Fn::GetAtt": [ - "AddnewImportedSubnet2RouteTable2F07FB4F", - "RouteTableId" - ] - } - }, - "DependsOn": [ - "ImportedNewVPCInternetGatewayGWAttachment5928F3D0", - "ImportedNewVPCInternetGatewayIGWA7EB1B6C" - ] - }, "ImportedNewVPCAddnewImportedSubnet2DefaultRouteE8630009": { "Type": "AWS::EC2::Route", "Properties": { @@ -150,7 +106,6 @@ "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2a", "CidrBlock": "10.2.2.0/24", - "Ipv6CidrBlock": "2600:1f14:b1d:6500::/64", "VpcId": "vpc-08193db3ccc4f909f" } }, @@ -180,7 +135,6 @@ "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2a", "CidrBlock": "10.3.2.0/24", - "Ipv6CidrBlock": "2600:1f14:b1d:6501::/64", "VpcId": "vpc-08193db3ccc4f909f" } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts new file mode 100644 index 0000000000000..1e130d2c514ce --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts @@ -0,0 +1,190 @@ +import * as cdk from 'aws-cdk-lib'; +import { VpcV2 } from '../lib/vpc-v2'; +import { IpCidr, SubnetV2, VpcV2Base } from '../lib/'; +import { Template } from 'aws-cdk-lib/assertions'; +import { InterfaceVpcEndpointAwsService, SubnetType } from 'aws-cdk-lib/aws-ec2'; + +describe('Vpc V2 with full control', () => { + let stack: cdk.Stack; + + beforeEach(() => { + const app = new cdk.App({ + context: { + '@aws-cdk/core:newStyleStackSynthesis': false, + }, + }); + stack = new cdk.Stack(app); + }); + + test('VpcV2.fromVpcV2attributes creates correct vpcArn', () => { + const importedVpc = VpcV2.fromVpcV2attributes(stack, 'VpcWithArn', { + vpcId: 'vpc-12345', + vpcCidrBlock: '10.0.0.0/16', + }); + expect(importedVpc.vpcArn).toBe(`arn:${cdk.Stack.of(stack).partition}:ec2:${cdk.Stack.of(stack).region}:${cdk.Stack.of(stack).account}:vpc/vpc-12345`); + }); + + test('VpcV2.fromVpcV2attributes returns an instance of IVpcV2', () => { + const importedVpc = VpcV2.fromVpcV2attributes(stack, 'VpcInstance', { + vpcId: 'vpc-12345', + vpcCidrBlock: '10.0.0.0/16', + }); + expect(importedVpc).toBeInstanceOf(VpcV2Base); + }); + + test('Import VPC successfully', () => { + const vpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + vpcId: 'XXXXXXXXX', + vpcCidrBlock: '10.1.0.0/16', + publicSubnets: [{ + subnetId: 'subnet-isolated1', + availabilityZone: 'us-east-1a', + ipv4CidrBlock: '10.0.4.0/24', + subnetType: SubnetType.PUBLIC, + routeTableId: 'mockRouteTableId', + }], + }); + vpc.addInterfaceEndpoint('ec2', { + service: InterfaceVpcEndpointAwsService.SNS, + }); + const template = Template.fromStack(stack); + template.resourceCountIs('AWS::EC2::VPCEndpoint', 1); + }); + + test('Import different type of subnets successfully', () => { + const importedVpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + vpcId: 'vpc-12345', + vpcCidrBlock: '10.0.0.0/16', + secondaryCidrBlocks: [ + { + amazonProvidedIpv6CidrBlock: true, + }, + ], + isolatedSubnets: [{ + subnetId: 'subnet-isolated1', + subnetName: 'mockisolatedsubnet', + availabilityZone: 'us-east-1a', + ipv4CidrBlock: '10.0.4.0/24', + subnetType: SubnetType.PRIVATE_ISOLATED, + routeTableId: 'mockRouteTableId', + }, { + subnetId: 'subnet-isolated2', + subnetName: 'mockisolatedsubnet2', + availabilityZone: 'us-east-1b', + ipv4CidrBlock: '10.0.5.0/24', + subnetType: SubnetType.PRIVATE_ISOLATED, + routeTableId: 'mockRouteTableId', + }], + }); + + importedVpc.addEgressOnlyInternetGateway({ subnets: [{ subnetType: SubnetType.PRIVATE_ISOLATED }] } ); + + Template.fromStack(stack).hasResourceProperties('AWS::EC2::EgressOnlyInternetGateway', { + VpcId: 'vpc-12345', + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EC2::Route', { + EgressOnlyInternetGatewayId: { 'Fn::GetAtt': ['ImportedVpcEgressOnlyGWEIGW5788B31B', 'Id'] }, + DestinationIpv6CidrBlock: '::/0', + RouteTableId: 'mockRouteTableId', + }); + + expect(importedVpc.isolatedSubnets.length).toBe(2); + }); + + test('Import VPC with secondary address Ipv4 successfully', () => { + const vpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + vpcId: 'mockVpcID', + vpcCidrBlock: '10.0.0.0/16', + secondaryCidrBlocks: [ + { + cidrBlock: '10.1.0.0/16', + }, + ], + }); + //Subnet with secondary address + new SubnetV2(stack, 'testsubnet', { + vpc, + availabilityZone: 'us-west-2a', + ipv4CidrBlock: new IpCidr('10.1.0.0/24'), + subnetType: SubnetType.PRIVATE_ISOLATED, + }); + Template.fromStack(stack).hasResourceProperties('AWS::EC2::Subnet', { + CidrBlock: '10.1.0.0/24', + }); + }); + + test('Import VPC with IPAM IPv4', () => { + const vpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + vpcId: 'mockVpcID', + vpcCidrBlock: '10.0.0.0/16', + secondaryCidrBlocks: [{ + ipv4IpamPoolId: 'ipam-pool-0d53ae29b3b8ca8de', + ipv4ProvisionedCidrs: ['10.2.0.0/16'], + cidrBlockName: 'ImportedIpamIpv4', + }], + }); + //Subnet with secondary address from IPAM range + new SubnetV2(stack, 'testsubnet', { + vpc, + availabilityZone: 'us-west-2a', + ipv4CidrBlock: new IpCidr('10.2.0.0/24'), + subnetType: SubnetType.PRIVATE_ISOLATED, + }); + Template.fromStack(stack).hasResourceProperties('AWS::EC2::Subnet', { + CidrBlock: '10.2.0.0/24', + }); + }); + + test('Import VPC with IPAM IPv6', () => { + const vpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + vpcId: 'mockVpcID', + vpcCidrBlock: '10.0.0.0/16', + secondaryCidrBlocks: [{ + ipv6IpamPoolId: 'ipam-pool-0316c6848898c09e0', + ipv6NetmaskLength: 52, + cidrBlockName: 'ImportedIpamIpv6', + }], + }); + //will throw error if IPv6 not enabled using IPAM ipv6 + vpc.addEgressOnlyInternetGateway(); + + //will throw error if IPv6 not enabled using Amazon Provided IPv6 + new SubnetV2(stack, 'AddnewSubnettoImportedIpam', { + availabilityZone: 'us-west-2a', + ipv4CidrBlock: new IpCidr('10.0.1.0/28'), + //can be uncommented and modified after allocation is done using IPAM - Amazon Provided Ipv6 + ipv6CidrBlock: new IpCidr('2600:1f24:6c:4000::/64'), + vpc: vpc, + subnetType: SubnetType.PUBLIC, + }); + Template.fromStack(stack).hasResourceProperties('AWS::EC2::Subnet', { + Ipv6CidrBlock: '2600:1f24:6c:4000::/64', + }); + }); + + test('Import VPC with secondary address amazon provided Ipv6 successfully', () => { + const vpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + vpcId: 'mockVpcID', + vpcCidrBlock: '10.0.0.0/16', + secondaryCidrBlocks: [{ + amazonProvidedIpv6CidrBlock: true, + }], + }); + //will throw error if IPv6 not enabled using Amazon Provided IPv6 + vpc.addEgressOnlyInternetGateway(); + //will throw error if IPv6 not enabled using Amazon Provided IPv6 + new SubnetV2(stack, 'AddnewSubnettoImportedIpam', { + availabilityZone: 'us-west-2a', + ipv4CidrBlock: new IpCidr('10.0.1.0/28'), + //can be uncommented and modified after allocation is done using IPAM - Amazon Provided Ipv6 + ipv6CidrBlock: new IpCidr('2600:1f24:6c:4000::/64'), + vpc: vpc, + subnetType: SubnetType.PUBLIC, + }); + Template.fromStack(stack).hasResourceProperties('AWS::EC2::Subnet', { + Ipv6CidrBlock: '2600:1f24:6c:4000::/64', + }); + }); + +}); From 00eebb961d403cc6b03b2b5e7bfe233f2c1bb2cc Mon Sep 17 00:00:00 2001 From: shikha372 Date: Wed, 16 Oct 2024 09:33:01 -0700 Subject: [PATCH 6/9] fix nits --- packages/@aws-cdk/aws-ec2-alpha/README.md | 101 ++++ packages/@aws-cdk/aws-ec2-alpha/awslint.json | 2 - packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts | 12 +- .../@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts | 96 ++-- .../@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts | 3 +- packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts | 232 ++++----- ...ws-cdk-vpcv2-alpha-integ-ipam.assets.json} | 8 +- ...-cdk-vpcv2-alpha-integ-ipam.template.json} | 16 +- .../test/integ.ipam.js.snapshot/cdk.out | 2 +- .../test/integ.ipam.js.snapshot/integ.json | 4 +- ...efaultTestDeployAssertCF40BD53.assets.json | 2 +- .../test/integ.ipam.js.snapshot/manifest.json | 48 +- .../test/integ.ipam.js.snapshot/tree.json | 124 +++-- .../@aws-cdk/aws-ec2-alpha/test/integ.ipam.ts | 2 +- .../aws-cdk-routev2-alpha.assets.json | 6 +- .../aws-cdk-routev2-alpha.template.json | 6 +- ...routev2-dynamodbendpoint-alpha.assets.json | 6 +- ...utev2-dynamodbendpoint-alpha.template.json | 6 +- ...dk-routev2-egressonlyigw-alpha.assets.json | 6 +- ...-routev2-egressonlyigw-alpha.template.json | 12 +- .../aws-cdk-routev2-igw-alpha.assets.json | 6 +- .../aws-cdk-routev2-igw-alpha.template.json | 46 +- ...ws-cdk-routev2-networkif-alpha.assets.json | 6 +- ...-cdk-routev2-networkif-alpha.template.json | 6 +- ...cdk-routev2-privatenatgw-alpha.assets.json | 6 +- ...k-routev2-privatenatgw-alpha.template.json | 11 +- ...-cdk-routev2-publicnatgw-alpha.assets.json | 6 +- ...dk-routev2-publicnatgw-alpha.template.json | 52 +- ...routev2-virtualprivategw-alpha.assets.json | 6 +- ...utev2-virtualprivategw-alpha.template.json | 62 ++- ...outev2-vpcpeerconnection-alpha.assets.json | 6 +- ...tev2-vpcpeerconnection-alpha.template.json | 6 +- .../test/integ.route-v2.js.snapshot/cdk.out | 2 +- .../integ.route-v2.js.snapshot/integ.json | 2 +- ...efaultTestDeployAssertA16689B0.assets.json | 2 +- ...efaultTestDeployAssert46FEDE40.assets.json | 2 +- ...efaultTestDeployAssert04E3783E.assets.json | 2 +- ...efaultTestDeployAssertF3FA2F74.assets.json | 2 +- ...efaultTestDeployAssert4B12233C.assets.json | 2 +- ...efaultTestDeployAssertC0DDB875.assets.json | 2 +- ...efaultTestDeployAssert90B004F4.assets.json | 2 +- ...efaultTestDeployAssert4C509DCE.assets.json | 2 +- ...efaultTestDeployAssert77221752.assets.json | 2 +- .../integ.route-v2.js.snapshot/manifest.json | 131 +++-- .../test/integ.route-v2.js.snapshot/tree.json | 457 +++++++++++------- .../aws-cdk-vpcv2-alpha-new.assets.json | 6 +- .../aws-cdk-vpcv2-alpha-new.template.json | 12 +- .../test/integ.subnet-v2.js.snapshot/cdk.out | 2 +- .../integ.subnet-v2.js.snapshot/integ.json | 2 +- ...efaultTestDeployAssertCF40BD53.assets.json | 2 +- .../integ.subnet-v2.js.snapshot/manifest.json | 114 +---- .../integ.subnet-v2.js.snapshot/tree.json | 30 +- .../aws-ec2-alpha/test/integ.test-import.ts | 8 +- .../aws-cdk-vpcv2-alpha.assets.json | 6 +- .../aws-cdk-vpcv2-alpha.template.json | 60 +-- .../integ.vpc-v2-alpha.js.snapshot/cdk.out | 2 +- .../integ.vpc-v2-alpha.js.snapshot/integ.json | 2 +- ...efaultTestDeployAssertCF40BD53.assets.json | 2 +- .../manifest.json | 36 +- .../integ.vpc-v2-alpha.js.snapshot/tree.json | 90 ++-- .../aws-ec2-alpha/test/vpcv2-import.test.ts | 23 +- 61 files changed, 1075 insertions(+), 845 deletions(-) rename packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/{aws-cdk-vpcv2-alpha.assets.json => aws-cdk-vpcv2-alpha-integ-ipam.assets.json} (61%) rename packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/{aws-cdk-vpcv2-alpha.template.json => aws-cdk-vpcv2-alpha-integ-ipam.template.json} (91%) diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md index 32852b802bb05..714eab95984de 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/README.md +++ b/packages/@aws-cdk/aws-ec2-alpha/README.md @@ -366,3 +366,104 @@ myVpc.addInternetGateway({ ipv4Destination: '192.168.0.0/16', }); ``` + +## Importing an existing VPC + +You can import an existing VPC and its subnets using the `VpcV2.fromVpcV2Attributes()` method or an individual subnet using `SubnetV2.fromSubnetV2Attributes()` method. + +### Importing a VPC + +To import an existing VPC, use the `VpcV2.fromVpcV2Attributes()` method. You'll need to provide the VPC ID, primary CIDR block, and information about the subnets. You can import secondary address as well created through IPAM, BYOIP(IPv4) or enabled through Amazon Provided IPv6. You must provide VPC Id and its primary CIDR block for importing it. + +If you wish to add a new subnet to imported VPC, new subnet's IP range(IPv4) will be validated against provided secondary and primary address block to confirm that it is within the the range of VPC. + +Here's an example of how to import a VPC with multiple CIDR blocks, IPv6 support, and different subnet types: + +In this example, we're importing a VPC with: + + - A primary CIDR block (10.1.0.0/16) + - One secondary IPv4 CIDR block (10.2.0.0/16) + - Two secondary address using IPAM pool (IPv4 and IPv6) + - VPC has Amazon-provided IPv6 CIDR enabled + - An isolated subnet in us-west-2a + - A public subnet in us-west-2b + +```ts + +const stack = new Stack(); + +const importedVpc = VpcV2.fromVpcV2Attributes(this, 'ImportedVPC', { + vpcId: 'vpc-XXX', + vpcCidrBlock: '10.1.0.0/16', + secondaryCidrBlocks: [ + { + cidrBlock: '10.2.0.0/16', + cidrBlockName: 'ImportedBlock1', + }, + { + ipv6IpamPoolId: 'ipam-pool-XXX', + ipv6NetmaskLength: 52, + cidrBlockName: 'ImportedIpamIpv6', + }, + { + ipv4IpamPoolId: 'ipam-pool-XXX', + ipv4IpamProvisionedCidrs: ['10.2.0.0/16'], + cidrBlockName: 'ImportedIpamIpv4', + }, + { + amazonProvidedIpv6CidrBlock: true, + } + ], + isolatedSubnets: [{ + subnetName: 'IsolatedSubnet2', + subnetId: 'subnet-03cd773c0fe08ed26', + subnetType: SubnetType.PRIVATE_ISOLATED, + availabilityZone: 'us-west-2a', + ipv4CidrBlock: '10.2.0.0/24', + routeTableId: 'rtb-0871c310f98da2cbb', + }], + publicSubnets: [{ + subnetId: 'subnet-0fa477e01db27d820', + subnetType: SubnetType.PUBLIC, + availabilityZone: 'us-west-2b', + ipv4CidrBlock: '10.3.0.0/24', + routeTableId: 'rtb-014f3043098fe4b96', + }], +}); + +// You can now use the imported VPC in your stack + +// Adding a new subnet to the imported VPC +const importedSubnet = new SubnetV2(this, 'NewSubnet', { + availabilityZone: 'us-west-2a', + ipv4CidrBlock: new IpCidr('10.2.2.0/24'), + vpc: importedVpc, + subnetType: SubnetType.PUBLIC, +}); + +// Adding gateways to the imported VPC +importedVpc.addInternetGateway(); +importedVpc.addNatGateway({ subnet: importedSubnet }); +importedVpc.addEgressOnlyInternetGateway(); +``` + +You can add more subnets as needed by including additional entries in the `isolatedSubnets`, `publicSubnets`, or other subnet type arrays (e.g., `privateSubnets`). + +### Importing Subnets + +You can also import individual subnets using the `SubnetV2.fromSubnetV2Attributes()` method. This is useful when you need to work with specific subnets independently of a VPC. + +Here's an example of how to import a subnet: + +```ts + +SubnetV2.fromSubnetV2Attributes(this, 'ImportedSubnet', { + subnetId: 'subnet-0123456789abcdef0', + availabilityZone: 'us-west-2a', + ipv4CidrBlock: '10.2.0.0/24', + routeTableId: 'rtb-0871c310f98da2cbb', + subnetType: SubnetType.PRIVATE_ISOLATED, +}); +``` + +By importing existing VPCs and subnets, you can easily integrate your existing AWS infrastructure with new resources created through CDK. This is particularly useful when you need to work with pre-existing network configurations or when you're migrating existing infrastructure to CDK. diff --git a/packages/@aws-cdk/aws-ec2-alpha/awslint.json b/packages/@aws-cdk/aws-ec2-alpha/awslint.json index 6ea89091a597a..ec8b3e125eeea 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/awslint.json +++ b/packages/@aws-cdk/aws-ec2-alpha/awslint.json @@ -1,8 +1,6 @@ { "exclude": [ - "from-method:@aws-cdk/aws-ec2-alpha.VpcV2", "attribute-tag:@aws-cdk/aws-ec2-alpha.RouteTable.routeTableId", - "from-method:@aws-cdk/aws-ec2-alpha.SubnetV2", "from-method:@aws-cdk/aws-ec2-alpha.Route" ] } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts index 0d41d98f2cb5e..1fd931cbd73a5 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts @@ -92,7 +92,7 @@ export enum IpamScopeType { * * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html */ -export interface PoolOptions{ +export interface PoolOptions { /** * addressFamily - The address family of the pool (ipv4 or ipv6). @@ -180,7 +180,7 @@ export interface IpamPoolCidrProvisioningOptions { /** * Definition used to add or create a new IPAM pool */ -export interface IIpamPool{ +export interface IIpamPool { /** * Pool ID to be passed to the VPC construct * @attribute IpamPoolId @@ -193,7 +193,8 @@ export interface IIpamPool{ readonly ipamCidrs: CfnIPAMPoolCidr[]; /** - * Pool CIDR for IPv4 to be provisioned + * Pool CIDR for IPv4 to be provisioned using IPAM + * Required to check for subnet IP range is within the VPC range */ readonly ipamIpv4Cidrs?: string[]; @@ -321,7 +322,8 @@ class IpamPool extends Resource implements IIpamPool { public readonly ipamCidrs: CfnIPAMPoolCidr[] = [] /** - * Pool CIDR for IPv4 to be provisioned + * Pool CIDR for IPv4 to be provisioned using IPAM + * Required to check for subnet IP range is within the VPC range */ public readonly ipamIpv4Cidrs: string[] = [] @@ -350,6 +352,8 @@ class IpamPool extends Resource implements IIpamPool { awsService: props.awsService, }); this.ipamPoolId = this._ipamPool.attrIpamPoolId; + + // Populating to check for subnet range against all IPv4 ranges assigned to VPC including IPAM props.ipv4ProvisionedCidrs?.map(cidr => (this.ipamIpv4Cidrs.push(cidr))); this.node.defaultChild = this._ipamPool; } diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts index 38704031b2418..79d5f4ad7605b 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts @@ -123,7 +123,7 @@ export class SubnetV2 extends Resource implements ISubnetV2 { /** * Import an existing subnet to the VPC */ - public static fromSubnetV2attributes(scope: Construct, id: string, attrs: SubnetV2Attributes) : ISubnetV2 { + public static fromSubnetV2Attributes(scope: Construct, id: string, attrs: SubnetV2Attributes) : ISubnetV2 { return new ImportedSubnetV2(scope, id, attrs); } @@ -288,47 +288,48 @@ export class SubnetV2 extends Resource implements ISubnetV2 { */ export interface SubnetV2Attributes { /** - * The Availability Zone the subnet is located in + * The Availability Zone this subnet is located in * * @default - No AZ information, cannot use AZ selection features */ readonly availabilityZone: string; /** - * The IPv4 CIDR block associated with the subnet - * - * @default - No CIDR information, cannot use CIDR filter features - */ + * The IPv4 CIDR block associated with the subnet + * + * @default - No CIDR information, cannot use CIDR filter features + */ readonly ipv4CidrBlock: string; /** - * The IPv4 CIDR block associated with the subnet - * - * @default - No CIDR information, cannot use CIDR filter features - */ + * The IPv4 CIDR block associated with the subnet + * + * @default - No CIDR information, cannot use CIDR filter features + */ readonly ipv6CidrBlock?: string; /** - * The ID of the route table for this particular subnet - * - * @default - No route table information, cannot create VPC endpoints - */ + * The ID of the route table for this particular subnet + * + * @default - No route table information, cannot create VPC endpoints + */ readonly routeTableId?: string; /** - * The subnetId for this particular subnet - */ + * The subnetId for this particular subnet + */ readonly subnetId: string; /** - * The type of subnet (public or private) that this subnet represents. - */ + * The type of subnet (public or private) that this subnet represents. + */ readonly subnetType: SubnetType; /** - * The type of subnet (public or private) that this subnet represents. - * @default - no subnet name - */ + * Name of the given subnet + * + * @default - no subnet name + */ readonly subnetName?: string; } @@ -339,28 +340,29 @@ export interface SubnetV2Attributes { export interface ImportedSubnetV2Props extends SubnetV2Attributes {} /** - * Class to define an import for existing subnet + * Class to define an import for an existing subnet * @resource AWS::EC2::Subnet */ export class ImportedSubnetV2 extends Resource implements ISubnetV2 { /** - * The IPv6 CIDR Block for this subnet + * The IPv6 CIDR Block assigned to this subnet */ public readonly ipv6CidrBlock?: string; /** - * The type of subnet (public or private) that this subnet represents. + * The type of subnet (eg. public or private) that this subnet represents. */ public readonly subnetType?: SubnetType; /** - * The Availability Zone the subnet is located in + * The Availability Zone in which subnet is located */ public readonly availabilityZone: string; /** * The subnetId for this particular subnet + * Refers to the physical ID created */ public readonly subnetId: string; @@ -370,12 +372,12 @@ export class ImportedSubnetV2 extends Resource implements ISubnetV2 { public readonly internetConnectivityEstablished: IDependable = new DependencyGroup(); /** - * The IPv4 CIDR block for this subnet + * The IPv4 CIDR block assigned to this subnet */ public readonly ipv4CidrBlock: string; /** - * The route table for this subnet + * Current route table associated with this subnet */ public readonly routeTable: IRouteTable; @@ -392,7 +394,6 @@ export class ImportedSubnetV2 extends Resource implements ISubnetV2 { this.ipv6CidrBlock = props.ipv6CidrBlock; this.subnetId = props.subnetId; this.routeTable = { - //if not given should we fallback routeTableId: props.routeTableId!, }; } @@ -456,7 +457,6 @@ function storeSubnetToVpcByType(vpc: IVpcV2, subnet: SubnetV2, type: SubnetType) * @internal */ function validateSupportIpv6(vpc: IVpcV2) { - if (vpc.secondaryCidrBlock) { if (vpc.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true || secondaryAddress.ipv6IpamPoolId != undefined)) { @@ -475,36 +475,12 @@ function validateSupportIpv6(vpc: IVpcV2) { * @returns True if the CIDR range falls within the VPC's IP address ranges, false otherwise. * @internal */ -// function checkCidrRanges(vpc: IVpcV2, cidrRange: string) { - -// const vpcCidrBlock = [vpc.ipv4CidrBlock]; - -// if (vpc.secondaryCidrBlock) { -// for (const ipAddress of vpc.secondaryCidrBlock) { -// if (ipAddress.cidrBlock) { -// vpcCidrBlock.push(ipAddress.cidrBlock); -// } -// } -// const cidrs = vpcCidrBlock.map(cidr => new CidrBlock(cidr)); - -// const subnetCidrBlock = new CidrBlock(cidrRange); - -// return cidrs.some(c => c.containsCidr(subnetCidrBlock)); -// } -// if (vpc.ipv4ProvisionedCidrs) { - -// const cidrs = vpc.ipv4ProvisionedCidrs.map(cidr => new CidrBlock(cidr)); - -// const subnetCidrBlock = new CidrBlock(cidrRange); - -// return cidrs.some(c => c.containsCidr(subnetCidrBlock)); -// } else {throw error('No secondary IP address attached to VPC');} -// } function checkCidrRanges(vpc: IVpcV2, cidrRange: string) { - const vpcCidrBlock = [vpc.ipv4CidrBlock]; + const subnetCidrBlock = new CidrBlock(cidrRange); const allCidrs: CidrBlock[] = []; + // Secondary IP addresses assoicated using user defined IPv4 range if (vpc.secondaryCidrBlock) { for (const ipAddress of vpc.secondaryCidrBlock) { if (ipAddress.cidrBlock) { @@ -515,17 +491,17 @@ function checkCidrRanges(vpc: IVpcV2, cidrRange: string) { allCidrs.push(...cidrs); } - if (vpc.ipv4ProvisionedCidrs) { - - const cidrs = vpc.ipv4ProvisionedCidrs.map(cidr => new CidrBlock(cidr)); + // Secondary IP addresses assoicated using IPAM IPv4 range + if (vpc.ipv4IpamProvisionedCidrs) { + const cidrs = vpc.ipv4IpamProvisionedCidrs.map(cidr => new CidrBlock(cidr)); allCidrs.push(...cidrs); } + + // If no IPv4 is assigned as secondary address if (allCidrs.length === 0) { throw new Error('No secondary IP address attached to VPC'); } - const subnetCidrBlock = new CidrBlock(cidrRange); - return allCidrs.some(c => c.containsCidr(subnetCidrBlock)); } diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts index 15904a30e61aa..2b0757f29f3f4 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts @@ -102,7 +102,7 @@ export interface IVpcV2 extends IVpc { * Required to check for overlapping CIDRs after provisioning * is complete under IPAM pool */ - readonly ipv4ProvisionedCidrs?: string[]; + readonly ipv4IpamProvisionedCidrs?: string[]; /** * Add an Egress only Internet Gateway to current VPC. @@ -353,7 +353,6 @@ export abstract class VpcV2Base extends Resource implements IVpcV2 { }); let useIpv6; - if (this.secondaryCidrBlock) { useIpv6 = (this.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true || secondaryAddress.ipv6IpamPoolId != undefined)); diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts index f43e316572453..c1b0c3218b095 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -119,7 +119,7 @@ export interface VpcCidrOptions { * is complete under IPAM pool * @default - no IPAM IPv4 CIDR range is provisioned using IPAM */ - readonly ipv4ProvisionedCidrs?: string[]; + readonly ipv4IpamProvisionedCidrs?: string[]; } /** @@ -192,7 +192,7 @@ export interface VpcV2Props { } /** - * Options to import a VPC created outside of CDK + * Options to import a VPC created outside of CDK stack */ export interface VpcV2Attributes { @@ -204,6 +204,7 @@ export interface VpcV2Attributes { /** * The VPC ID + * Refers to physical Id of the resource */ readonly vpcId: string; @@ -242,7 +243,6 @@ export interface VpcV2Attributes { * @default - No secondary IP address */ readonly secondaryCidrBlocks?: VPCCidrBlockattributes[]; - } /** @@ -257,8 +257,8 @@ export class VpcV2 extends VpcV2Base { /** * Create a VPC from existing attributes */ - public static fromVpcV2attributes(scope: Construct, id: string, options: VpcV2Attributes): IVpcV2 { - return new ImportedVpcV2(scope, id, options); + public static fromVpcV2Attributes(scope: Construct, id: string, attrs: VpcV2Attributes): IVpcV2 { + return new ImportedVpcV2(scope, id, attrs); } /** @@ -328,11 +328,11 @@ export class VpcV2 extends VpcV2Base { public readonly secondaryCidrBlock?: IVPCCidrBlock[] = new Array; /** - * IPv4 CIDR provisioned under pool + * IPv4 CIDR provisioned using IPAM pool * Required to check for overlapping CIDRs after provisioning - * is complete under IPAM pool + * is complete under IPAM */ - public readonly ipv4ProvisionedCidrs?: string[]; + public readonly ipv4IpamProvisionedCidrs?: string[]; /** * For validation to define IPv6 subnets, set to true in case of @@ -400,10 +400,10 @@ export class VpcV2 extends VpcV2Base { throw new Error('CIDR block should be in the same RFC 1918 range in the VPC'); } } - if (secondaryVpcOptions.ipv4ProvisionedCidrs!) { - this.ipv4ProvisionedCidrs?.push(...secondaryVpcOptions.ipv4ProvisionedCidrs); + if (secondaryVpcOptions.ipv4IpamProvisionedCidrs!) { + this.ipv4IpamProvisionedCidrs?.push(...secondaryVpcOptions.ipv4IpamProvisionedCidrs); } - const cfnVpcCidrBlock = new VPCCidrBlock(this, secondaryVpcOptions.cidrBlockName, { + const vpcCidrBlock = new VPCCidrBlock(this, secondaryVpcOptions.cidrBlockName, { vpcId: this.vpcId, cidrBlock: secondaryVpcOptions.ipv4CidrBlock, ipv4IpamPoolId: secondaryVpcOptions.ipv4IpamPool?.ipamPoolId, @@ -414,11 +414,11 @@ export class VpcV2 extends VpcV2Base { }); if (secondaryVpcOptions.dependencies) { for (const dep of secondaryVpcOptions.dependencies) { - cfnVpcCidrBlock.node.addDependency(dep); + vpcCidrBlock.node.addDependency(dep); } } //Create secondary blocks for Ipv4 and Ipv6 - this.secondaryCidrBlock?.push(cfnVpcCidrBlock); + this.secondaryCidrBlock?.push(vpcCidrBlock); } } @@ -519,7 +519,7 @@ class IpamIpv4 implements IIpAddresses { ipv4NetmaskLength: this.props.netmaskLength, ipv4IpamPool: this.props.ipamPool, cidrBlockName: this.props?.cidrBlockName, - ipv4ProvisionedCidrs: this.props.ipamPool?.ipamIpv4Cidrs, + ipv4IpamProvisionedCidrs: this.props.ipamPool?.ipamIpv4Cidrs, }; } } @@ -535,17 +535,21 @@ class ImportedVpcV2 extends VpcV2Base { public readonly privateSubnets: ISubnetV2[] = []; public readonly isolatedSubnets: ISubnetV2[] = []; public readonly internetConnectivityEstablished: IDependable = new DependencyGroup(); - - //Added in IVPCv2 public readonly ipv4CidrBlock: string; - //Added in IVPCv2 + /* + * Reference to all secondary blocks attached + */ public readonly secondaryCidrBlock?: IVPCCidrBlock[]; + /** + * Refers to actual VPC Resource attribute in non-imported VPC + * Required to implement here due to extension from Base class + */ public readonly vpcCidrBlock: string; - // required to do CIDR range test on imported VPCs to create new subnets - public readonly ipv4ProvisionedCidrs: string[] = []; + // Required to do CIDR range test on imported VPCs to create new subnets + public readonly ipv4IpamProvisionedCidrs: string[] = []; constructor(scope: Construct, id: string, props: VpcV2Attributes) { super(scope, id, { @@ -558,8 +562,10 @@ class ImportedVpcV2 extends VpcV2Base { resourceName: this.vpcId, }, Stack.of(this)); this.vpcCidrBlock = props.vpcCidrBlock; + // Required for subnet range related checks this.ipv4CidrBlock = props.vpcCidrBlock; - this._vpnGatewayId = props.vpnGatewayId; //TODO if we need it for other gateways + this._vpnGatewayId = props.vpnGatewayId; + if (props.publicSubnets) { this.publicSubnets = props.publicSubnets.map(subnet => new ImportedSubnetV2(scope, subnet.subnetName?? 'ImportedPublicSubnet', subnet)); } @@ -571,98 +577,95 @@ class ImportedVpcV2 extends VpcV2Base { } this.secondaryCidrBlock = props.secondaryCidrBlocks?.map(cidrBlock => VPCCidrBlock.fromVPCCidrBlockattributes(scope, cidrBlock.cidrBlockName ?? 'ImportedSecondaryCidrBlock', { ...cidrBlock })); if (props.secondaryCidrBlocks) { - for (const cidr of props.secondaryCidrBlocks) { - if (cidr.ipv4ProvisionedCidrs) { - this.ipv4ProvisionedCidrs.push(...cidr.ipv4ProvisionedCidrs); + for (const cidrBlock of props.secondaryCidrBlocks) { + if (cidrBlock.ipv4IpamProvisionedCidrs) { + this.ipv4IpamProvisionedCidrs.push(...cidrBlock.ipv4IpamProvisionedCidrs); } } } } } -//@internal First two Octet to verify RFC 1918 -interface IPaddressConfig { - octet1: number; - octet2: number; -} - /** - * Validates whether a secondary IPv4 address is within the same private IP address range as the primary IPv4 address. - * - * @param cidr1 The secondary IPv4 CIDR block to be validated. - * @param cidr2 The primary IPv4 CIDR block to validate against. - * @returns True if the secondary IPv4 CIDR block is within the same private IP address range as the primary IPv4 CIDR block, false otherwise. - * @internal - * The private IP address ranges are defined by RFC 1918 as 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. + * Interface to create L2 for VPC Cidr Block */ -function validateIpv4address(cidr1?: string, cidr2?: string): boolean { - if (!cidr1 || !cidr2) { - return false; // Handle cases where CIDR ranges are not provided - } - - const octetsCidr1: number[] = cidr1.split('.').map(octet => parseInt(octet, 10)); - const octetsCidr2: number[] = cidr2.split('.').map(octet => parseInt(octet, 10)); - - if (octetsCidr1.length !== 4 || octetsCidr2.length !== 4) { - return false; // Handle invalid CIDR ranges - } +export interface IVPCCidrBlock { + /** + * Amazon Provided Ipv6 + */ + readonly amazonProvidedIpv6CidrBlock? : boolean; - const ip1: IPaddressConfig = { - octet1: octetsCidr1[0], - octet2: octetsCidr1[1], - }; + /** + * The secondary IPv4 CIDR Block + * + * @default - no CIDR block provided + */ + readonly cidrBlock?: string; - const ip2: IPaddressConfig = { - octet1: octetsCidr2[0], - octet2: octetsCidr2[1], - }; + /** + * IPAM pool for IPv6 address type + */ + readonly ipv6IpamPoolId ?: string; - return (ip1.octet1 === 10 && ip2.octet1 === 10) || - (ip1.octet1 === 192 && ip1.octet2 === 168 && ip2.octet1 === 192 && ip2.octet2 === 168) || - (ip1.octet1 === 172 && ip1.octet2 === 16 && ip2.octet1 === 172 && ip2.octet2 === 16); // CIDR ranges belong to same private IP address ranges + /** + * IPAM pool for IPv4 address type + */ + readonly ipv4IpamPoolId ?: string; } /** - * Attributes for VPCCidrBlock used for defining a new VPCCIDRBlock - * and also importing an existing VPCCIDRBlock + * Attributes for VPCCidrBlock used for defining a new CIDR Block + * and also for importing an existing CIDR */ export interface VPCCidrBlockattributes { + /** + * Amazon Provided Ipv6 + * + * @default false + */ + readonly amazonProvidedIpv6CidrBlock? : boolean; /** * The secondary IPv4 CIDR Block + * * @default - no CIDR block provided */ readonly cidrBlock?: string; /** - * CIDR Block Name - * @default - no CIDR Block name generated, this field is required while importing CIDR block for VPC - */ + * The secondary IPv4 CIDR Block + * + * @default - no CIDR block provided + */ readonly cidrBlockName?: string; /** - * Opt for amazonProvided Ipv6 CIDR address - * @default false - */ - readonly amazonProvidedIpv6CidrBlock?: boolean; + * Net mask length for IPv6 address type + * + * @default - no Net mask length configured for IPv6 + */ + readonly ipv6NetmaskLength?: number; /** - * IPAM pool Id for IPv6 address type - * @default - no IPAM pool Id provided - */ - readonly ipv6IpamPoolId?: string; + * Net mask length for IPv4 address type + * + * @default - no Net mask length configured for IPv4 + */ + readonly ipv4NetmaskLength?: number; /** - * IPAM pool Id for IPv4 address type - * @default - no IPAM pool Id provided - */ - readonly ipv4IpamPoolId?: string; + * IPAM pool for IPv6 address type + * + * @default - no IPAM pool Id provided for IPv6 + */ + readonly ipv6IpamPoolId ?: string; /** - * Net mask length for IPv4 address type - * @default - no Net mask length configured and it would fail the deployment - */ - readonly ipv4NetmaskLength?: number; + * IPAM pool for IPv4 address type + * + * @default - no IPAM pool Id provided for IPv4 + */ + readonly ipv4IpamPoolId ?: string; /** * IPv4 CIDR provisioned under pool @@ -670,14 +673,7 @@ export interface VPCCidrBlockattributes { * is complete under IPAM pool * @default - no IPAM IPv4 CIDR range is provisioned using IPAM */ - readonly ipv4ProvisionedCidrs?: string[]; - - /** - * Net mask length for IPv6 address type - * @default - no Net mask length configured and it would fail the deployment - */ - readonly ipv6NetmaskLength?: number; - + readonly ipv4IpamProvisionedCidrs?: string[]; } /** @@ -685,23 +681,26 @@ export interface VPCCidrBlockattributes { */ interface VPCCidrBlockProps extends VPCCidrBlockattributes { /** - * The VPC Id + * The VPC Id for associating CIDR Block as a secondary address */ readonly vpcId: string; - } /** - * Internal L2 for VPC Cidr Block + * Internal L2 to define a new VPC CIDR Block * @internal */ class VPCCidrBlock extends Resource implements IVPCCidrBlock { + /** + * Import an existing VPC CIDR Block + */ public static fromVPCCidrBlockattributes(scope: Construct, id: string, props: VPCCidrBlockattributes) : IVPCCidrBlock { class Import extends Resource implements IVPCCidrBlock { public readonly cidrBlock = props.cidrBlock; public readonly amazonProvidedIpv6CidrBlock ?: boolean = props.amazonProvidedIpv6CidrBlock;; public readonly ipv6IpamPoolId ?: string = props.ipv6IpamPoolId; + public readonly ipv4IpamPoolId ?: string = props.ipv4IpamPoolId; } return new Import(scope, id); } @@ -719,35 +718,52 @@ class VPCCidrBlock extends Resource implements IVPCCidrBlock { constructor(scope: Construct, id: string, props: VPCCidrBlockProps) { super(scope, id); this.resource = new CfnVPCCidrBlock(this, id, props); + this.node.defaultChild = this.resource; this.cidrBlock = props.cidrBlock; this.ipv6IpamPoolId = props.ipv6IpamPoolId; this.ipv4IpamPoolId = props.ipv4IpamPoolId; this.amazonProvidedIpv6CidrBlock = props.amazonProvidedIpv6CidrBlock; } +} +//@internal First two Octet to verify RFC 1918 +interface IPaddressConfig { + octet1: number; + octet2: number; } /** - * Interface to create L2 for VPC Cidr Block + * Validates whether a secondary IPv4 address is within the same private IP address range as the primary IPv4 address. + * + * @param cidr1 The secondary IPv4 CIDR block to be validated. + * @param cidr2 The primary IPv4 CIDR block to validate against. + * @returns True if the secondary IPv4 CIDR block is within the same private IP address range as the primary IPv4 CIDR block, false otherwise. + * @internal + * The private IP address ranges are defined by RFC 1918 as 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. */ -export interface IVPCCidrBlock { - /** - * The CIDR block - */ - readonly cidrBlock?: string; +function validateIpv4address(cidr1?: string, cidr2?: string): boolean { + if (!cidr1 || !cidr2) { + return false; // Handle cases where CIDR ranges are not provided + } - /** - * Amazon Provided Ipv6 - */ - readonly amazonProvidedIpv6CidrBlock? : boolean; + const octetsCidr1: number[] = cidr1.split('.').map(octet => parseInt(octet, 10)); + const octetsCidr2: number[] = cidr2.split('.').map(octet => parseInt(octet, 10)); - /** - * IPAM pool for IPv6 address type - */ - readonly ipv6IpamPoolId ?: string; + if (octetsCidr1.length !== 4 || octetsCidr2.length !== 4) { + return false; // Handle invalid CIDR ranges + } - /** - * IPAM pool for IPv4 address type - */ - readonly ipv4IpamPoolId ?: string; + const ip1: IPaddressConfig = { + octet1: octetsCidr1[0], + octet2: octetsCidr1[1], + }; + + const ip2: IPaddressConfig = { + octet1: octetsCidr2[0], + octet2: octetsCidr2[1], + }; + + return (ip1.octet1 === 10 && ip2.octet1 === 10) || + (ip1.octet1 === 192 && ip1.octet2 === 168 && ip2.octet1 === 192 && ip2.octet2 === 168) || + (ip1.octet1 === 172 && ip1.octet2 === 16 && ip2.octet1 === 172 && ip2.octet2 === 16); // CIDR ranges belong to same private IP address ranges } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha-integ-ipam.assets.json similarity index 61% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha.assets.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha-integ-ipam.assets.json index 8a2f77121d709..de607f8193bad 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha-integ-ipam.assets.json @@ -1,15 +1,15 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "12b670f0da573a7daa252fe7ca5b1dd687f4248e204c38b0323beaf64d0400bc": { + "cf6001f1b0ee393f95767358461d05a2600abceb7a2c7db5cc301d8fcd4835c8": { "source": { - "path": "aws-cdk-vpcv2-alpha.template.json", + "path": "aws-cdk-vpcv2-alpha-integ-ipam.template.json", "packaging": "file" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "12b670f0da573a7daa252fe7ca5b1dd687f4248e204c38b0323beaf64d0400bc.json", + "objectKey": "cf6001f1b0ee393f95767358461d05a2600abceb7a2c7db5cc301d8fcd4835c8.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha-integ-ipam.template.json similarity index 91% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha.template.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha-integ-ipam.template.json index 2c44184f9db15..69540676785f9 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/aws-cdk-vpcv2-alpha-integ-ipam.template.json @@ -64,7 +64,7 @@ "InstanceTenancy": "default" } }, - "VPCintegtest1ipv4IpamCidr8105B4E4": { + "VPCintegtest1ipv4IpamCidr451A5376": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "Ipv4IpamPoolId": { @@ -82,7 +82,7 @@ } } }, - "VPCintegtest1Ipv6IpamCidrEF56F8F7": { + "VPCintegtest1Ipv6IpamCidr2E5BBFED": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "Ipv6IpamPoolId": { @@ -117,8 +117,8 @@ } }, "DependsOn": [ - "VPCintegtest1ipv4IpamCidr8105B4E4", - "VPCintegtest1Ipv6IpamCidrEF56F8F7" + "VPCintegtest1ipv4IpamCidr451A5376", + "VPCintegtest1Ipv6IpamCidr2E5BBFED" ] }, "testsbubnetRouteTableD0136BEA": { @@ -132,8 +132,8 @@ } }, "DependsOn": [ - "VPCintegtest1ipv4IpamCidr8105B4E4", - "VPCintegtest1Ipv6IpamCidrEF56F8F7" + "VPCintegtest1ipv4IpamCidr451A5376", + "VPCintegtest1Ipv6IpamCidr2E5BBFED" ] }, "testsbubnetRouteTableAssociationD6D083FA": { @@ -150,8 +150,8 @@ } }, "DependsOn": [ - "VPCintegtest1ipv4IpamCidr8105B4E4", - "VPCintegtest1Ipv6IpamCidrEF56F8F7" + "VPCintegtest1ipv4IpamCidr451A5376", + "VPCintegtest1Ipv6IpamCidr2E5BBFED" ] } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/cdk.out index bd5311dc372de..c6e612584e352 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.5"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/integ.json index b73b42e18e04e..4403be0daca3e 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/integ.json @@ -1,9 +1,9 @@ { - "version": "36.0.5", + "version": "38.0.1", "testCases": { "integtest-model/DefaultTest": { "stacks": [ - "aws-cdk-vpcv2-alpha" + "aws-cdk-vpcv2-alpha-integ-ipam" ], "assertionStack": "integtest-model/DefaultTest/DeployAssert", "assertionStackName": "integtestmodelDefaultTestDeployAssertCF40BD53" diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json index e93a555169b11..1a14fac91ce61 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/manifest.json index 663212ef1077a..af14056e81c3d 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/manifest.json @@ -1,28 +1,29 @@ { - "version": "36.0.5", + "version": "38.0.1", "artifacts": { - "aws-cdk-vpcv2-alpha.assets": { + "aws-cdk-vpcv2-alpha-integ-ipam.assets": { "type": "cdk:asset-manifest", "properties": { - "file": "aws-cdk-vpcv2-alpha.assets.json", + "file": "aws-cdk-vpcv2-alpha-integ-ipam.assets.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } }, - "aws-cdk-vpcv2-alpha": { + "aws-cdk-vpcv2-alpha-integ-ipam": { "type": "aws:cloudformation:stack", "environment": "aws://unknown-account/unknown-region", "properties": { - "templateFile": "aws-cdk-vpcv2-alpha.template.json", + "templateFile": "aws-cdk-vpcv2-alpha-integ-ipam.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/12b670f0da573a7daa252fe7ca5b1dd687f4248e204c38b0323beaf64d0400bc.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/cf6001f1b0ee393f95767358461d05a2600abceb7a2c7db5cc301d8fcd4835c8.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ - "aws-cdk-vpcv2-alpha.assets" + "aws-cdk-vpcv2-alpha-integ-ipam.assets" ], "lookupRole": { "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", @@ -31,83 +32,83 @@ } }, "dependencies": [ - "aws-cdk-vpcv2-alpha.assets" + "aws-cdk-vpcv2-alpha-integ-ipam.assets" ], "metadata": { - "/aws-cdk-vpcv2-alpha/IpamTest/Ipam": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/IpamTest/Ipam": [ { "type": "aws:cdk:logicalId", "data": "IpamTestIpam6C9298EF" } ], - "/aws-cdk-vpcv2-alpha/IpamTest/PrivatePool0/PrivatePool0": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/IpamTest/PrivatePool0/PrivatePool0": [ { "type": "aws:cdk:logicalId", "data": "IpamTestPrivatePool039C763DC" } ], - "/aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/IpamTest/PublicPool0/PublicPool0": [ { "type": "aws:cdk:logicalId", "data": "IpamTestPublicPool0C44B7C49" } ], - "/aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0Cidr": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/IpamTest/PublicPool0/PublicPool0Cidr": [ { "type": "aws:cdk:logicalId", "data": "IpamTestPublicPool0PublicPool0CidrC57CE00C" } ], - "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/Resource": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/VPC-integ-test-1/Resource": [ { "type": "aws:cdk:logicalId", "data": "VPCintegtest1EBA1CB75" } ], - "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/ipv4IpamCidr": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/VPC-integ-test-1/ipv4IpamCidr/ipv4IpamCidr": [ { "type": "aws:cdk:logicalId", - "data": "VPCintegtest1ipv4IpamCidr8105B4E4" + "data": "VPCintegtest1ipv4IpamCidr451A5376" } ], - "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/Ipv6IpamCidr": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/VPC-integ-test-1/Ipv6IpamCidr/Ipv6IpamCidr": [ { "type": "aws:cdk:logicalId", - "data": "VPCintegtest1Ipv6IpamCidrEF56F8F7" + "data": "VPCintegtest1Ipv6IpamCidr2E5BBFED" } ], - "/aws-cdk-vpcv2-alpha/testsbubnet/Subnet": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/testsbubnet/Subnet": [ { "type": "aws:cdk:logicalId", "data": "testsbubnetSubnet77337845" } ], - "/aws-cdk-vpcv2-alpha/testsbubnet/RouteTable/RouteTable": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/testsbubnet/RouteTable/RouteTable": [ { "type": "aws:cdk:logicalId", "data": "testsbubnetRouteTableD0136BEA" } ], - "/aws-cdk-vpcv2-alpha/testsbubnet/RouteTableAssociation": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/testsbubnet/RouteTableAssociation": [ { "type": "aws:cdk:logicalId", "data": "testsbubnetRouteTableAssociationD6D083FA" } ], - "/aws-cdk-vpcv2-alpha/BootstrapVersion": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/aws-cdk-vpcv2-alpha/CheckBootstrapVersion": [ + "/aws-cdk-vpcv2-alpha-integ-ipam/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "aws-cdk-vpcv2-alpha" + "displayName": "aws-cdk-vpcv2-alpha-integ-ipam" }, "integtestmodelDefaultTestDeployAssertCF40BD53.assets": { "type": "cdk:asset-manifest", @@ -124,6 +125,7 @@ "templateFile": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/tree.json index 87201a2c1351a..2004c08658944 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.js.snapshot/tree.json @@ -4,17 +4,17 @@ "id": "App", "path": "", "children": { - "aws-cdk-vpcv2-alpha": { - "id": "aws-cdk-vpcv2-alpha", - "path": "aws-cdk-vpcv2-alpha", + "aws-cdk-vpcv2-alpha-integ-ipam": { + "id": "aws-cdk-vpcv2-alpha-integ-ipam", + "path": "aws-cdk-vpcv2-alpha-integ-ipam", "children": { "IpamTest": { "id": "IpamTest", - "path": "aws-cdk-vpcv2-alpha/IpamTest", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/IpamTest", "children": { "Ipam": { "id": "Ipam", - "path": "aws-cdk-vpcv2-alpha/IpamTest/Ipam", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/IpamTest/Ipam", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::IPAM", "aws:cdk:cloudformation:props": { @@ -32,11 +32,11 @@ }, "PrivatePool0": { "id": "PrivatePool0", - "path": "aws-cdk-vpcv2-alpha/IpamTest/PrivatePool0", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/IpamTest/PrivatePool0", "children": { "PrivatePool0": { "id": "PrivatePool0", - "path": "aws-cdk-vpcv2-alpha/IpamTest/PrivatePool0/PrivatePool0", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/IpamTest/PrivatePool0/PrivatePool0", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPool", "aws:cdk:cloudformation:props": { @@ -68,11 +68,11 @@ }, "PublicPool0": { "id": "PublicPool0", - "path": "aws-cdk-vpcv2-alpha/IpamTest/PublicPool0", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/IpamTest/PublicPool0", "children": { "PublicPool0": { "id": "PublicPool0", - "path": "aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/IpamTest/PublicPool0/PublicPool0", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPool", "aws:cdk:cloudformation:props": { @@ -95,7 +95,7 @@ }, "PublicPool0Cidr": { "id": "PublicPool0Cidr", - "path": "aws-cdk-vpcv2-alpha/IpamTest/PublicPool0/PublicPool0Cidr", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/IpamTest/PublicPool0/PublicPool0Cidr", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::IPAMPoolCidr", "aws:cdk:cloudformation:props": { @@ -127,11 +127,11 @@ }, "VPC-integ-test-1": { "id": "VPC-integ-test-1", - "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/VPC-integ-test-1", "children": { "Resource": { "id": "Resource", - "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/Resource", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/VPC-integ-test-1/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPC", "aws:cdk:cloudformation:props": { @@ -148,53 +148,73 @@ }, "ipv4IpamCidr": { "id": "ipv4IpamCidr", - "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/ipv4IpamCidr", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "ipv4IpamPoolId": { - "Fn::GetAtt": [ - "IpamTestPrivatePool039C763DC", - "IpamPoolId" - ] + "path": "aws-cdk-vpcv2-alpha-integ-ipam/VPC-integ-test-1/ipv4IpamCidr", + "children": { + "ipv4IpamCidr": { + "id": "ipv4IpamCidr", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/VPC-integ-test-1/ipv4IpamCidr/ipv4IpamCidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "ipv4IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPrivatePool039C763DC", + "IpamPoolId" + ] + }, + "ipv4NetmaskLength": 20, + "vpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } }, - "ipv4NetmaskLength": 20, - "vpcId": { - "Fn::GetAtt": [ - "VPCintegtest1EBA1CB75", - "VpcId" - ] + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, "Ipv6IpamCidr": { "id": "Ipv6IpamCidr", - "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/Ipv6IpamCidr", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "ipv6IpamPoolId": { - "Fn::GetAtt": [ - "IpamTestPublicPool0C44B7C49", - "IpamPoolId" - ] + "path": "aws-cdk-vpcv2-alpha-integ-ipam/VPC-integ-test-1/Ipv6IpamCidr", + "children": { + "Ipv6IpamCidr": { + "id": "Ipv6IpamCidr", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/VPC-integ-test-1/Ipv6IpamCidr/Ipv6IpamCidr", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "ipv6IpamPoolId": { + "Fn::GetAtt": [ + "IpamTestPublicPool0C44B7C49", + "IpamPoolId" + ] + }, + "ipv6NetmaskLength": 60, + "vpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } }, - "ipv6NetmaskLength": 60, - "vpcId": { - "Fn::GetAtt": [ - "VPCintegtest1EBA1CB75", - "VpcId" - ] + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } @@ -206,11 +226,11 @@ }, "testsbubnet": { "id": "testsbubnet", - "path": "aws-cdk-vpcv2-alpha/testsbubnet", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/testsbubnet", "children": { "Subnet": { "id": "Subnet", - "path": "aws-cdk-vpcv2-alpha/testsbubnet/Subnet", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/testsbubnet/Subnet", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { @@ -232,7 +252,7 @@ }, "Acl": { "id": "Acl", - "path": "aws-cdk-vpcv2-alpha/testsbubnet/Acl", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/testsbubnet/Acl", "constructInfo": { "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" @@ -240,11 +260,11 @@ }, "RouteTable": { "id": "RouteTable", - "path": "aws-cdk-vpcv2-alpha/testsbubnet/RouteTable", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/testsbubnet/RouteTable", "children": { "RouteTable": { "id": "RouteTable", - "path": "aws-cdk-vpcv2-alpha/testsbubnet/RouteTable/RouteTable", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/testsbubnet/RouteTable/RouteTable", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { @@ -269,7 +289,7 @@ }, "RouteTableAssociation": { "id": "RouteTableAssociation", - "path": "aws-cdk-vpcv2-alpha/testsbubnet/RouteTableAssociation", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/testsbubnet/RouteTableAssociation", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", "aws:cdk:cloudformation:props": { @@ -297,7 +317,7 @@ }, "BootstrapVersion": { "id": "BootstrapVersion", - "path": "aws-cdk-vpcv2-alpha/BootstrapVersion", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/BootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" @@ -305,7 +325,7 @@ }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", - "path": "aws-cdk-vpcv2-alpha/CheckBootstrapVersion", + "path": "aws-cdk-vpcv2-alpha-integ-ipam/CheckBootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.ts index 133aa6e9649cd..7876e6a894ece 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.ipam.ts @@ -20,7 +20,7 @@ import { SubnetType } from 'aws-cdk-lib/aws-ec2'; const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-cdk-vpcv2-alpha'); +const stack = new cdk.Stack(app, 'aws-cdk-vpcv2-alpha-integ-ipam'); const ipam = new Ipam(stack, 'IpamTest', { operatingRegion: ['us-west-2'], diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json index 953b3a4ae82e9..0ff8af7288670 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "a963276e8401c096a74f0dc50ac7d80bb5f2bff399fce8c571660a0684ff54b7": { + "cdc2216d4099bb07ddbb64b36427127c20974e5d39078751ec4b7defd8110a88": { "source": { "path": "aws-cdk-routev2-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "a963276e8401c096a74f0dc50ac7d80bb5f2bff399fce8c571660a0684ff54b7.json", + "objectKey": "cdc2216d4099bb07ddbb64b36427127c20974e5d39078751ec4b7defd8110a88.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json index 0aa074e2e7b1f..77ecb5795c6af 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-alpha.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "defaultAmazonIpv6C7A4D665": { + "defaultAmazonIpv6D524D7D5": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -57,7 +57,7 @@ } }, "DependsOn": [ - "defaultAmazonIpv6C7A4D665" + "defaultAmazonIpv6D524D7D5" ] }, "defaultSubnetRouteTableAssociationF1D85D29": { @@ -74,7 +74,7 @@ } }, "DependsOn": [ - "defaultAmazonIpv6C7A4D665" + "defaultAmazonIpv6D524D7D5" ] } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json index 6f27e2c04e801..cd6aa8741df08 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "8b4b159425cc7d11fa6fd993c53e299319dd2fcea18d745e873a18d3ee156a50": { + "0250a80a07a681dbad6c490b9f7c3b5248c945559f9d2d6b87460a3251464f39": { "source": { "path": "aws-cdk-routev2-dynamodbendpoint-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "8b4b159425cc7d11fa6fd993c53e299319dd2fcea18d745e873a18d3ee156a50.json", + "objectKey": "0250a80a07a681dbad6c490b9f7c3b5248c945559f9d2d6b87460a3251464f39.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json index 7aaf0a70fd923..6aef606a18cd0 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-dynamodbendpoint-alpha.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "dynamodbAmazonIpv6698EF571": { + "dynamodbAmazonIpv68E00810B": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -57,7 +57,7 @@ } }, "DependsOn": [ - "dynamodbAmazonIpv6698EF571" + "dynamodbAmazonIpv68E00810B" ] }, "dynamodbSubnetRouteTableAssociationC38B30F3": { @@ -74,7 +74,7 @@ } }, "DependsOn": [ - "dynamodbAmazonIpv6698EF571" + "dynamodbAmazonIpv68E00810B" ] }, "testDynamoEndpoint03D5BDE5": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json index d17484319eef3..e9f134adee307 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "b0e303439a83ae17adf592a6599e13f880529abf2f46f433af0742284a224385": { + "31af8a4b3ed5c39cae0d40f9fa6de2f21f6b3f857e16ba4dfabf0e32bdbb0b22": { "source": { "path": "aws-cdk-routev2-egressonlyigw-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b0e303439a83ae17adf592a6599e13f880529abf2f46f433af0742284a224385.json", + "objectKey": "31af8a4b3ed5c39cae0d40f9fa6de2f21f6b3f857e16ba4dfabf0e32bdbb0b22.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json index cd3a0c0a42484..804894d44bddc 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-egressonlyigw-alpha.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "eigwAmazonIpv69E78211F": { + "eigwAmazonIpv6DB7F7BE7": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -35,7 +35,6 @@ "TestRoottableeigwRouteF867084E": { "Type": "AWS::EC2::Route", "Properties": { - "DestinationCidrBlock": "::/0", "DestinationIpv6CidrBlock": "::/0", "EgressOnlyInternetGatewayId": { "Fn::GetAtt": [ @@ -49,7 +48,10 @@ "RouteTableId" ] } - } + }, + "DependsOn": [ + "testEOIGWEIGW54CCAD37" + ] }, "eigwSubnetCC28B9F9": { "Type": "AWS::EC2::Subnet", @@ -65,7 +67,7 @@ } }, "DependsOn": [ - "eigwAmazonIpv69E78211F" + "eigwAmazonIpv6DB7F7BE7" ] }, "eigwSubnetRouteTableAssociation887F4A97": { @@ -82,7 +84,7 @@ } }, "DependsOn": [ - "eigwAmazonIpv69E78211F" + "eigwAmazonIpv6DB7F7BE7" ] }, "testEOIGWEIGW54CCAD37": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json index a62abd102c23c..fa6d8fb7bcca2 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "62f0873928dbdff7cc7c914e7275014da0d4f8e188fb633ea74a8cae7129ea0b": { + "768f53ce08170ccd9ae866aaa8526583c1a031cd5a89c8b6cf6cc0719801a995": { "source": { "path": "aws-cdk-routev2-igw-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "62f0873928dbdff7cc7c914e7275014da0d4f8e188fb633ea74a8cae7129ea0b.json", + "objectKey": "768f53ce08170ccd9ae866aaa8526583c1a031cd5a89c8b6cf6cc0719801a995.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json index 1e21b3bc2c96f..999fbd4ded162 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-igw-alpha.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "igwAmazonIpv64026617C": { + "igwAmazonIpv6476278C6": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -48,24 +48,11 @@ "RouteTableId" ] } - } - }, - "TestRoottableigwRouteGWAttachment4B3E8FD9": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "InternetGatewayId": { - "Fn::GetAtt": [ - "testIGW8D947AF2", - "InternetGatewayId" - ] - }, - "VpcId": { - "Fn::GetAtt": [ - "igw127F1970", - "VpcId" - ] - } - } + }, + "DependsOn": [ + "testIGWGWAttachment682A6782", + "testIGW8D947AF2" + ] }, "igwSubnetF238E402": { "Type": "AWS::EC2::Subnet", @@ -92,7 +79,7 @@ } }, "DependsOn": [ - "igwAmazonIpv64026617C" + "igwAmazonIpv6476278C6" ] }, "igwSubnetRouteTableAssociationA48C27F3": { @@ -109,11 +96,28 @@ } }, "DependsOn": [ - "igwAmazonIpv64026617C" + "igwAmazonIpv6476278C6" ] }, "testIGW8D947AF2": { "Type": "AWS::EC2::InternetGateway" + }, + "testIGWGWAttachment682A6782": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Fn::GetAtt": [ + "testIGW8D947AF2", + "InternetGatewayId" + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json index 805e32a041de3..8181831d8dca0 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "434c826abb6c12fb9eebf4adb6aae43788ba6e2a204ad7eea6f60321e69d3b38": { + "0e05b80c6506a076a2a254c93d55d0d0e365e2294315e7e162e70ba9a95c0661": { "source": { "path": "aws-cdk-routev2-networkif-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "434c826abb6c12fb9eebf4adb6aae43788ba6e2a204ad7eea6f60321e69d3b38.json", + "objectKey": "0e05b80c6506a076a2a254c93d55d0d0e365e2294315e7e162e70ba9a95c0661.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json index 1e157df23a14a..8cb5f8fe3be89 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-networkif-alpha.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "nifAmazonIpv6CF4BF46B": { + "nifAmazonIpv675574C2F": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -57,7 +57,7 @@ } }, "DependsOn": [ - "nifAmazonIpv6CF4BF46B" + "nifAmazonIpv675574C2F" ] }, "nifSubnetRouteTableAssociationE4036B9F": { @@ -74,7 +74,7 @@ } }, "DependsOn": [ - "nifAmazonIpv6CF4BF46B" + "nifAmazonIpv675574C2F" ] } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json index 6fae013fe0a29..4fc8d880ad0a8 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "a4d43e15d95d55923771937ed74a05c6bd09a65f55f0c99a5ba9ca05069d7cbd": { + "f59a6c688cc139a40850f502b2626fce81567794eb14b38691220b8ee189b3cb": { "source": { "path": "aws-cdk-routev2-privatenatgw-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "a4d43e15d95d55923771937ed74a05c6bd09a65f55f0c99a5ba9ca05069d7cbd.json", + "objectKey": "f59a6c688cc139a40850f502b2626fce81567794eb14b38691220b8ee189b3cb.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json index 654e1e1de840e..b5e608a08ac4c 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-privatenatgw-alpha.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "natgwprivAmazonIpv6915E8E4F": { + "natgwprivAmazonIpv68FE21C45": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -48,7 +48,10 @@ "RouteTableId" ] } - } + }, + "DependsOn": [ + "testNATgwNATGateway1533420D" + ] }, "natgwprivSubnetE547C5A0": { "Type": "AWS::EC2::Subnet", @@ -75,7 +78,7 @@ } }, "DependsOn": [ - "natgwprivAmazonIpv6915E8E4F" + "natgwprivAmazonIpv68FE21C45" ] }, "natgwprivSubnetRouteTableAssociation9E115869": { @@ -92,7 +95,7 @@ } }, "DependsOn": [ - "natgwprivAmazonIpv6915E8E4F" + "natgwprivAmazonIpv68FE21C45" ] }, "testNATgwNATGateway1533420D": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json index f59abe7b20923..a39748fdb79c1 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "85cd968be34ab2030a45e0e808082aa88035954029c2b379b38368ed20327047": { + "3cd2d2327728a3b0d353ffb3df39f530a2c61b89027ace480938237617938cc3": { "source": { "path": "aws-cdk-routev2-publicnatgw-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "85cd968be34ab2030a45e0e808082aa88035954029c2b379b38368ed20327047.json", + "objectKey": "3cd2d2327728a3b0d353ffb3df39f530a2c61b89027ace480938237617938cc3.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json index 81030e32ede4d..bb8700ab25ac7 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-publicnatgw-alpha.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "natgwpubAmazonIpv625B947F8": { + "natgwpubAmazonIpv6204D6A95": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -48,24 +48,11 @@ "RouteTableId" ] } - } - }, - "TestRoottablenatGwRouteGWAttachment1D9CDF77": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "InternetGatewayId": { - "Fn::GetAtt": [ - "testNATgwIGW6AC97E9A", - "InternetGatewayId" - ] - }, - "VpcId": { - "Fn::GetAtt": [ - "natgwpub2FB85986", - "VpcId" - ] - } - } + }, + "DependsOn": [ + "testNATgwIGWGWAttachment63DC9091", + "testNATgwIGW6AC97E9A" + ] }, "TestRoottablenatGwPubRoute0463E2F5": { "Type": "AWS::EC2::Route", @@ -83,7 +70,11 @@ "RouteTableId" ] } - } + }, + "DependsOn": [ + "testNATgwEIP1C260FAD", + "testNATgwNATGateway1533420D" + ] }, "natgwpubSubnet79D316E5": { "Type": "AWS::EC2::Subnet", @@ -110,7 +101,7 @@ } }, "DependsOn": [ - "natgwpubAmazonIpv625B947F8" + "natgwpubAmazonIpv6204D6A95" ] }, "natgwpubSubnetRouteTableAssociation019CE26A": { @@ -127,12 +118,29 @@ } }, "DependsOn": [ - "natgwpubAmazonIpv625B947F8" + "natgwpubAmazonIpv6204D6A95" ] }, "testNATgwIGW6AC97E9A": { "Type": "AWS::EC2::InternetGateway" }, + "testNATgwIGWGWAttachment63DC9091": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Fn::GetAtt": [ + "testNATgwIGW6AC97E9A", + "InternetGatewayId" + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, "testNATgwEIP1C260FAD": { "Type": "AWS::EC2::EIP", "Properties": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json index 0cd2e52e78a44..c9fa66db80d1b 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "fa2b156112be3f11361259d8aaafcd552d28499bba4cc881642fdc98bc04c924": { + "81a032b4432db12bf0035622e7573c9546888d62dc9d5b5f380d5ecb10a7aeca": { "source": { "path": "aws-cdk-routev2-virtualprivategw-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "fa2b156112be3f11361259d8aaafcd552d28499bba4cc881642fdc98bc04c924.json", + "objectKey": "81a032b4432db12bf0035622e7573c9546888d62dc9d5b5f380d5ecb10a7aeca.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json index b25f6ff502905..6d3ad6e3613b2 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-virtualprivategw-alpha.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "vpgwAmazonIpv6C872FF1E": { + "vpgwAmazonIpv6D24D8752": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -48,24 +48,12 @@ "RouteTableId" ] } - } - }, - "TestRoottablevpgwRouteGWAttachmentDD0077EE": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Fn::GetAtt": [ - "vpgw2AB64B6B", - "VpcId" - ] - }, - "VpnGatewayId": { - "Fn::GetAtt": [ - "testVPGWIGW816C7C4F", - "VPNGatewayId" - ] - } - } + }, + "DependsOn": [ + "testVPGWIGW816C7C4F", + "testVPGWRoutePropagationD01C7942", + "testVPGWVPCVPNGWF1D3DC88" + ] }, "vpgwSubnet5E7F36AD": { "Type": "AWS::EC2::Subnet", @@ -92,7 +80,7 @@ } }, "DependsOn": [ - "vpgwAmazonIpv6C872FF1E" + "vpgwAmazonIpv6D24D8752" ] }, "vpgwSubnetRouteTableAssociation49921F90": { @@ -109,7 +97,7 @@ } }, "DependsOn": [ - "vpgwAmazonIpv6C872FF1E" + "vpgwAmazonIpv6D24D8752" ] }, "testVPGWIGW816C7C4F": { @@ -117,6 +105,38 @@ "Properties": { "Type": "ipsec.1" } + }, + "testVPGWVPCVPNGWF1D3DC88": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + }, + "VpnGatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + } + } + }, + "testVPGWRoutePropagationD01C7942": { + "Type": "AWS::EC2::VPNGatewayRoutePropagation", + "Properties": { + "RouteTableIds": [], + "VpnGatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + } + }, + "DependsOn": [ + "testVPGWVPCVPNGWF1D3DC88" + ] } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json index 94cc48acf6542..15e903d06c87a 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "fa56ca630709a15070b4208becd94454c974906d445fd83b73389524957f89e8": { + "c733c57b8cbfd381c7b3048e4baac657309ea7413231f8e8b4a9cda04c890928": { "source": { "path": "aws-cdk-routev2-vpcpeerconnection-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "fa56ca630709a15070b4208becd94454c974906d445fd83b73389524957f89e8.json", + "objectKey": "c733c57b8cbfd381c7b3048e4baac657309ea7413231f8e8b4a9cda04c890928.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json index 7f195e58f758f..4f7a52fa7f580 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/aws-cdk-routev2-vpcpeerconnection-alpha.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "vpcpcAmazonIpv66504EEB2": { + "vpcpcAmazonIpv632B82F32": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -57,7 +57,7 @@ } }, "DependsOn": [ - "vpcpcAmazonIpv66504EEB2" + "vpcpcAmazonIpv632B82F32" ] }, "vpcpcSubnetRouteTableAssociation8531BF5C": { @@ -74,7 +74,7 @@ } }, "DependsOn": [ - "vpcpcAmazonIpv66504EEB2" + "vpcpcAmazonIpv632B82F32" ] } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/cdk.out index bd5311dc372de..c6e612584e352 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.5"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json index 488691ab97ceb..1454dfacdafeb 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "testCases": { "integtest-model-8/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json index 6f5363d26cf89..a11f7522ff2c1 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel0DefaultTestDeployAssertA16689B0.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json index 9094ce35beea5..26d3a67e90f8e 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel1DefaultTestDeployAssert46FEDE40.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json index 29387894579ea..879ae61de4a92 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel2DefaultTestDeployAssert04E3783E.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json index 6afa1f9195a7b..8c85a8079f81a 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel3DefaultTestDeployAssertF3FA2F74.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json index 2170d2cd526f2..3be51680402a3 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel4DefaultTestDeployAssert4B12233C.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json index aed458dfb9b1f..0ea575ebff5fb 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel5DefaultTestDeployAssertC0DDB875.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json index 29423943325fc..a0150ed0c4e0c 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel6DefaultTestDeployAssert90B004F4.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json index 6fe2b5a955f17..f38ecf622deca 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel7DefaultTestDeployAssert4C509DCE.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json index d9fd3cff95553..70e2f461020b3 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/integtestmodel8DefaultTestDeployAssert77221752.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json index 2e922475b66bf..636378bebe6ef 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "artifacts": { "aws-cdk-routev2-alpha.assets": { "type": "cdk:asset-manifest", @@ -16,9 +16,10 @@ "templateFile": "aws-cdk-routev2-alpha.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a963276e8401c096a74f0dc50ac7d80bb5f2bff399fce8c571660a0684ff54b7.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/cdc2216d4099bb07ddbb64b36427127c20974e5d39078751ec4b7defd8110a88.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -41,10 +42,10 @@ "data": "defaultC974F9E3" } ], - "/aws-cdk-routev2-alpha/default/AmazonIpv6": [ + "/aws-cdk-routev2-alpha/default/AmazonIpv6/AmazonIpv6": [ { "type": "aws:cdk:logicalId", - "data": "defaultAmazonIpv6C7A4D665" + "data": "defaultAmazonIpv6D524D7D5" } ], "/aws-cdk-routev2-alpha/TestRoottable/RouteTable": [ @@ -95,9 +96,10 @@ "templateFile": "aws-cdk-routev2-egressonlyigw-alpha.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b0e303439a83ae17adf592a6599e13f880529abf2f46f433af0742284a224385.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/31af8a4b3ed5c39cae0d40f9fa6de2f21f6b3f857e16ba4dfabf0e32bdbb0b22.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -120,10 +122,10 @@ "data": "eigwC0F094EF" } ], - "/aws-cdk-routev2-egressonlyigw-alpha/eigw/AmazonIpv6": [ + "/aws-cdk-routev2-egressonlyigw-alpha/eigw/AmazonIpv6/AmazonIpv6": [ { "type": "aws:cdk:logicalId", - "data": "eigwAmazonIpv69E78211F" + "data": "eigwAmazonIpv6DB7F7BE7" } ], "/aws-cdk-routev2-egressonlyigw-alpha/TestRoottable/RouteTable": [ @@ -186,9 +188,10 @@ "templateFile": "aws-cdk-routev2-igw-alpha.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/62f0873928dbdff7cc7c914e7275014da0d4f8e188fb633ea74a8cae7129ea0b.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/768f53ce08170ccd9ae866aaa8526583c1a031cd5a89c8b6cf6cc0719801a995.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -211,10 +214,10 @@ "data": "igw127F1970" } ], - "/aws-cdk-routev2-igw-alpha/igw/AmazonIpv6": [ + "/aws-cdk-routev2-igw-alpha/igw/AmazonIpv6/AmazonIpv6": [ { "type": "aws:cdk:logicalId", - "data": "igwAmazonIpv64026617C" + "data": "igwAmazonIpv6476278C6" } ], "/aws-cdk-routev2-igw-alpha/TestRoottable/RouteTable": [ @@ -229,12 +232,6 @@ "data": "TestRoottableigwRouteC52EF731" } ], - "/aws-cdk-routev2-igw-alpha/TestRoottable/igwRoute/GWAttachment": [ - { - "type": "aws:cdk:logicalId", - "data": "TestRoottableigwRouteGWAttachment4B3E8FD9" - } - ], "/aws-cdk-routev2-igw-alpha/igwSubnet/Subnet": [ { "type": "aws:cdk:logicalId", @@ -253,6 +250,12 @@ "data": "testIGW8D947AF2" } ], + "/aws-cdk-routev2-igw-alpha/testIGW/GWAttachment": [ + { + "type": "aws:cdk:logicalId", + "data": "testIGWGWAttachment682A6782" + } + ], "/aws-cdk-routev2-igw-alpha/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -283,9 +286,10 @@ "templateFile": "aws-cdk-routev2-virtualprivategw-alpha.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/fa2b156112be3f11361259d8aaafcd552d28499bba4cc881642fdc98bc04c924.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/81a032b4432db12bf0035622e7573c9546888d62dc9d5b5f380d5ecb10a7aeca.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -308,10 +312,10 @@ "data": "vpgw2AB64B6B" } ], - "/aws-cdk-routev2-virtualprivategw-alpha/vpgw/AmazonIpv6": [ + "/aws-cdk-routev2-virtualprivategw-alpha/vpgw/AmazonIpv6/AmazonIpv6": [ { "type": "aws:cdk:logicalId", - "data": "vpgwAmazonIpv6C872FF1E" + "data": "vpgwAmazonIpv6D24D8752" } ], "/aws-cdk-routev2-virtualprivategw-alpha/TestRoottable/RouteTable": [ @@ -326,12 +330,6 @@ "data": "TestRoottablevpgwRouteAD510A2A" } ], - "/aws-cdk-routev2-virtualprivategw-alpha/TestRoottable/vpgwRoute/GWAttachment": [ - { - "type": "aws:cdk:logicalId", - "data": "TestRoottablevpgwRouteGWAttachmentDD0077EE" - } - ], "/aws-cdk-routev2-virtualprivategw-alpha/vpgwSubnet/Subnet": [ { "type": "aws:cdk:logicalId", @@ -344,12 +342,30 @@ "data": "vpgwSubnetRouteTableAssociation49921F90" } ], + "/aws-cdk-routev2-virtualprivategw-alpha/testVPGW": [ + { + "type": "aws:cdk:warning", + "data": "No subnets matching selection: '[]'. Select other subnets to add routes to. [ack: @aws-cdk:aws-ec2-elpha:enableVpnGatewayV2]" + } + ], "/aws-cdk-routev2-virtualprivategw-alpha/testVPGW/IGW": [ { "type": "aws:cdk:logicalId", "data": "testVPGWIGW816C7C4F" } ], + "/aws-cdk-routev2-virtualprivategw-alpha/testVPGW/VPCVPNGW": [ + { + "type": "aws:cdk:logicalId", + "data": "testVPGWVPCVPNGWF1D3DC88" + } + ], + "/aws-cdk-routev2-virtualprivategw-alpha/testVPGW/RoutePropagation": [ + { + "type": "aws:cdk:logicalId", + "data": "testVPGWRoutePropagationD01C7942" + } + ], "/aws-cdk-routev2-virtualprivategw-alpha/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -380,9 +396,10 @@ "templateFile": "aws-cdk-routev2-publicnatgw-alpha.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/85cd968be34ab2030a45e0e808082aa88035954029c2b379b38368ed20327047.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3cd2d2327728a3b0d353ffb3df39f530a2c61b89027ace480938237617938cc3.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -405,10 +422,10 @@ "data": "natgwpub2FB85986" } ], - "/aws-cdk-routev2-publicnatgw-alpha/natgw_pub/AmazonIpv6": [ + "/aws-cdk-routev2-publicnatgw-alpha/natgw_pub/AmazonIpv6/AmazonIpv6": [ { "type": "aws:cdk:logicalId", - "data": "natgwpubAmazonIpv625B947F8" + "data": "natgwpubAmazonIpv6204D6A95" } ], "/aws-cdk-routev2-publicnatgw-alpha/TestRoottable/RouteTable": [ @@ -423,12 +440,6 @@ "data": "TestRoottablenatGwRoute31868FBF" } ], - "/aws-cdk-routev2-publicnatgw-alpha/TestRoottable/natGwRoute/GWAttachment": [ - { - "type": "aws:cdk:logicalId", - "data": "TestRoottablenatGwRouteGWAttachment1D9CDF77" - } - ], "/aws-cdk-routev2-publicnatgw-alpha/TestRoottable/natGwPubRoute/Route": [ { "type": "aws:cdk:logicalId", @@ -453,6 +464,12 @@ "data": "testNATgwIGW6AC97E9A" } ], + "/aws-cdk-routev2-publicnatgw-alpha/testNATgwIGW/GWAttachment": [ + { + "type": "aws:cdk:logicalId", + "data": "testNATgwIGWGWAttachment63DC9091" + } + ], "/aws-cdk-routev2-publicnatgw-alpha/testNATgw/EIP": [ { "type": "aws:cdk:logicalId", @@ -495,9 +512,10 @@ "templateFile": "aws-cdk-routev2-privatenatgw-alpha.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a4d43e15d95d55923771937ed74a05c6bd09a65f55f0c99a5ba9ca05069d7cbd.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f59a6c688cc139a40850f502b2626fce81567794eb14b38691220b8ee189b3cb.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -520,10 +538,10 @@ "data": "natgwpriv081A7D93" } ], - "/aws-cdk-routev2-privatenatgw-alpha/natgw_priv/AmazonIpv6": [ + "/aws-cdk-routev2-privatenatgw-alpha/natgw_priv/AmazonIpv6/AmazonIpv6": [ { "type": "aws:cdk:logicalId", - "data": "natgwprivAmazonIpv6915E8E4F" + "data": "natgwprivAmazonIpv68FE21C45" } ], "/aws-cdk-routev2-privatenatgw-alpha/TestRoottable/RouteTable": [ @@ -586,9 +604,10 @@ "templateFile": "aws-cdk-routev2-networkif-alpha.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/434c826abb6c12fb9eebf4adb6aae43788ba6e2a204ad7eea6f60321e69d3b38.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0e05b80c6506a076a2a254c93d55d0d0e365e2294315e7e162e70ba9a95c0661.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -611,10 +630,10 @@ "data": "nif44200315" } ], - "/aws-cdk-routev2-networkif-alpha/nif/AmazonIpv6": [ + "/aws-cdk-routev2-networkif-alpha/nif/AmazonIpv6/AmazonIpv6": [ { "type": "aws:cdk:logicalId", - "data": "nifAmazonIpv6CF4BF46B" + "data": "nifAmazonIpv675574C2F" } ], "/aws-cdk-routev2-networkif-alpha/TestRoottable/RouteTable": [ @@ -665,9 +684,10 @@ "templateFile": "aws-cdk-routev2-vpcpeerconnection-alpha.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/fa56ca630709a15070b4208becd94454c974906d445fd83b73389524957f89e8.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c733c57b8cbfd381c7b3048e4baac657309ea7413231f8e8b4a9cda04c890928.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -690,10 +710,10 @@ "data": "vpcpc6CAE1A04" } ], - "/aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/AmazonIpv6": [ + "/aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/AmazonIpv6/AmazonIpv6": [ { "type": "aws:cdk:logicalId", - "data": "vpcpcAmazonIpv66504EEB2" + "data": "vpcpcAmazonIpv632B82F32" } ], "/aws-cdk-routev2-vpcpeerconnection-alpha/TestRoottable/RouteTable": [ @@ -744,9 +764,10 @@ "templateFile": "aws-cdk-routev2-dynamodbendpoint-alpha.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/8b4b159425cc7d11fa6fd993c53e299319dd2fcea18d745e873a18d3ee156a50.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0250a80a07a681dbad6c490b9f7c3b5248c945559f9d2d6b87460a3251464f39.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -769,10 +790,10 @@ "data": "dynamodbC0A56799" } ], - "/aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/AmazonIpv6": [ + "/aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/AmazonIpv6/AmazonIpv6": [ { "type": "aws:cdk:logicalId", - "data": "dynamodbAmazonIpv6698EF571" + "data": "dynamodbAmazonIpv68E00810B" } ], "/aws-cdk-routev2-dynamodbendpoint-alpha/TestRoottable/RouteTable": [ @@ -810,6 +831,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "dynamodbAmazonIpv6698EF571": [ + { + "type": "aws:cdk:logicalId", + "data": "dynamodbAmazonIpv6698EF571", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "aws-cdk-routev2-dynamodbendpoint-alpha" @@ -829,6 +859,7 @@ "templateFile": "integtestmodel0DefaultTestDeployAssertA16689B0.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", @@ -877,6 +908,7 @@ "templateFile": "integtestmodel1DefaultTestDeployAssert46FEDE40.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", @@ -925,6 +957,7 @@ "templateFile": "integtestmodel2DefaultTestDeployAssert04E3783E.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", @@ -973,6 +1006,7 @@ "templateFile": "integtestmodel3DefaultTestDeployAssertF3FA2F74.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", @@ -1021,6 +1055,7 @@ "templateFile": "integtestmodel4DefaultTestDeployAssert4B12233C.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", @@ -1069,6 +1104,7 @@ "templateFile": "integtestmodel5DefaultTestDeployAssertC0DDB875.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", @@ -1117,6 +1153,7 @@ "templateFile": "integtestmodel6DefaultTestDeployAssert90B004F4.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", @@ -1165,6 +1202,7 @@ "templateFile": "integtestmodel7DefaultTestDeployAssert4C509DCE.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", @@ -1213,6 +1251,7 @@ "templateFile": "integtestmodel8DefaultTestDeployAssert77221752.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json index 68cca1ffdc6ab..39595fe890b66 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.route-v2.js.snapshot/tree.json @@ -32,20 +32,30 @@ "AmazonIpv6": { "id": "AmazonIpv6", "path": "aws-cdk-routev2-alpha/default/AmazonIpv6", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "defaultC974F9E3", - "VpcId" - ] + "children": { + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-alpha/default/AmazonIpv6/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "defaultC974F9E3", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } @@ -207,20 +217,30 @@ "AmazonIpv6": { "id": "AmazonIpv6", "path": "aws-cdk-routev2-egressonlyigw-alpha/eigw/AmazonIpv6", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "eigwC0F094EF", - "VpcId" - ] + "children": { + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-egressonlyigw-alpha/eigw/AmazonIpv6/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "eigwC0F094EF", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } @@ -263,7 +283,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "destinationCidrBlock": "::/0", "destinationIpv6CidrBlock": "::/0", "egressOnlyInternetGatewayId": { "Fn::GetAtt": [ @@ -286,7 +305,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-ec2-alpha.Route", "version": "0.0.0" } } @@ -437,20 +456,30 @@ "AmazonIpv6": { "id": "AmazonIpv6", "path": "aws-cdk-routev2-igw-alpha/igw/AmazonIpv6", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "igw127F1970", - "VpcId" - ] + "children": { + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-igw-alpha/igw/AmazonIpv6/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } @@ -512,35 +541,10 @@ "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", "version": "0.0.0" } - }, - "GWAttachment": { - "id": "GWAttachment", - "path": "aws-cdk-routev2-igw-alpha/TestRoottable/igwRoute/GWAttachment", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", - "aws:cdk:cloudformation:props": { - "internetGatewayId": { - "Fn::GetAtt": [ - "testIGW8D947AF2", - "InternetGatewayId" - ] - }, - "vpcId": { - "Fn::GetAtt": [ - "igw127F1970", - "VpcId" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" - } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-ec2-alpha.Route", "version": "0.0.0" } } @@ -638,6 +642,31 @@ "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", "version": "0.0.0" } + }, + "GWAttachment": { + "id": "GWAttachment", + "path": "aws-cdk-routev2-igw-alpha/testIGW/GWAttachment", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Fn::GetAtt": [ + "testIGW8D947AF2", + "InternetGatewayId" + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "igw127F1970", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } } }, "constructInfo": { @@ -695,20 +724,30 @@ "AmazonIpv6": { "id": "AmazonIpv6", "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgw/AmazonIpv6", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "vpgw2AB64B6B", - "VpcId" - ] + "children": { + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-virtualprivategw-alpha/vpgw/AmazonIpv6/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } @@ -770,35 +809,10 @@ "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", "version": "0.0.0" } - }, - "GWAttachment": { - "id": "GWAttachment", - "path": "aws-cdk-routev2-virtualprivategw-alpha/TestRoottable/vpgwRoute/GWAttachment", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", - "aws:cdk:cloudformation:props": { - "vpcId": { - "Fn::GetAtt": [ - "vpgw2AB64B6B", - "VpcId" - ] - }, - "vpnGatewayId": { - "Fn::GetAtt": [ - "testVPGWIGW816C7C4F", - "VPNGatewayId" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" - } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-ec2-alpha.Route", "version": "0.0.0" } } @@ -898,10 +912,55 @@ "fqn": "aws-cdk-lib.aws_ec2.CfnVPNGateway", "version": "0.0.0" } + }, + "VPCVPNGW": { + "id": "VPCVPNGW", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGW/VPCVPNGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Fn::GetAtt": [ + "vpgw2AB64B6B", + "VpcId" + ] + }, + "vpnGatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RoutePropagation": { + "id": "RoutePropagation", + "path": "aws-cdk-routev2-virtualprivategw-alpha/testVPGW/RoutePropagation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPNGatewayRoutePropagation", + "aws:cdk:cloudformation:props": { + "routeTableIds": [], + "vpnGatewayId": { + "Fn::GetAtt": [ + "testVPGWIGW816C7C4F", + "VPNGatewayId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPNGatewayRoutePropagation", + "version": "0.0.0" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2-alpha.VPNGateway", + "fqn": "@aws-cdk/aws-ec2-alpha.VPNGatewayV2", "version": "0.0.0" } }, @@ -955,20 +1014,30 @@ "AmazonIpv6": { "id": "AmazonIpv6", "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pub/AmazonIpv6", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "natgwpub2FB85986", - "VpcId" - ] + "children": { + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-publicnatgw-alpha/natgw_pub/AmazonIpv6/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } @@ -1030,35 +1099,10 @@ "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", "version": "0.0.0" } - }, - "GWAttachment": { - "id": "GWAttachment", - "path": "aws-cdk-routev2-publicnatgw-alpha/TestRoottable/natGwRoute/GWAttachment", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", - "aws:cdk:cloudformation:props": { - "internetGatewayId": { - "Fn::GetAtt": [ - "testNATgwIGW6AC97E9A", - "InternetGatewayId" - ] - }, - "vpcId": { - "Fn::GetAtt": [ - "natgwpub2FB85986", - "VpcId" - ] - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" - } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-ec2-alpha.Route", "version": "0.0.0" } }, @@ -1094,7 +1138,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-ec2-alpha.Route", "version": "0.0.0" } } @@ -1192,6 +1236,31 @@ "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", "version": "0.0.0" } + }, + "GWAttachment": { + "id": "GWAttachment", + "path": "aws-cdk-routev2-publicnatgw-alpha/testNATgwIGW/GWAttachment", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Fn::GetAtt": [ + "testNATgwIGW6AC97E9A", + "InternetGatewayId" + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "natgwpub2FB85986", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } } }, "constructInfo": { @@ -1300,20 +1369,30 @@ "AmazonIpv6": { "id": "AmazonIpv6", "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_priv/AmazonIpv6", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "natgwpriv081A7D93", - "VpcId" - ] + "children": { + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-privatenatgw-alpha/natgw_priv/AmazonIpv6/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "natgwpriv081A7D93", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } @@ -1378,7 +1457,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-ec2-alpha.Route", "version": "0.0.0" } } @@ -1544,20 +1623,30 @@ "AmazonIpv6": { "id": "AmazonIpv6", "path": "aws-cdk-routev2-networkif-alpha/nif/AmazonIpv6", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "nif44200315", - "VpcId" - ] + "children": { + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-networkif-alpha/nif/AmazonIpv6/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "nif44200315", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } @@ -1719,20 +1808,30 @@ "AmazonIpv6": { "id": "AmazonIpv6", "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/AmazonIpv6", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "vpcpc6CAE1A04", - "VpcId" - ] + "children": { + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-vpcpeerconnection-alpha/vpcpc/AmazonIpv6/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "vpcpc6CAE1A04", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } @@ -1894,20 +1993,30 @@ "AmazonIpv6": { "id": "AmazonIpv6", "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/AmazonIpv6", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "dynamodbC0A56799", - "VpcId" - ] + "children": { + "AmazonIpv6": { + "id": "AmazonIpv6", + "path": "aws-cdk-routev2-dynamodbendpoint-alpha/dynamodb/AmazonIpv6/AmazonIpv6", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "dynamodbC0A56799", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } @@ -1944,7 +2053,7 @@ "id": "dynamoRoute", "path": "aws-cdk-routev2-dynamodbendpoint-alpha/TestRoottable/dynamoRoute", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-ec2-alpha.Route", "version": "0.0.0" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json index d72a02628c295..dabbaf87c2e2c 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "3d3ee41ce855ed1f43bd76cb02f20825b0d6ea6965e4974823890801f598e628": { + "a88dc0ea3e4c5ea7d17016d0f0fb2cdac863bc0d2a1ed9aecfb42840baf64e13": { "source": { "path": "aws-cdk-vpcv2-alpha-new.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3d3ee41ce855ed1f43bd76cb02f20825b0d6ea6965e4974823890801f598e628.json", + "objectKey": "a88dc0ea3e4c5ea7d17016d0f0fb2cdac863bc0d2a1ed9aecfb42840baf64e13.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json index 50fbb4892afdb..7c46d95906fb4 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/aws-cdk-vpcv2-alpha-new.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "SubnetTestSecondaryTestBDE45F82": { + "SubnetTestSecondaryTest2AB12223": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -35,7 +35,7 @@ } }, "DependsOn": [ - "SubnetTestSecondaryTestBDE45F82" + "SubnetTestSecondaryTest2AB12223" ] }, "testSubnet1RouteTableB5FDDF81": { @@ -49,7 +49,7 @@ } }, "DependsOn": [ - "SubnetTestSecondaryTestBDE45F82" + "SubnetTestSecondaryTest2AB12223" ] }, "testSubnet1RouteTableAssociation1DA9E185": { @@ -66,7 +66,7 @@ } }, "DependsOn": [ - "SubnetTestSecondaryTestBDE45F82" + "SubnetTestSecondaryTest2AB12223" ] }, "InstanceInstanceSecurityGroupF0E2D5BE": { @@ -230,7 +230,7 @@ } }, "DependsOn": [ - "SubnetTestSecondaryTestBDE45F82" + "SubnetTestSecondaryTest2AB12223" ] }, "testSubnet2RouteTableAssociation40DCE4CD": { @@ -247,7 +247,7 @@ } }, "DependsOn": [ - "SubnetTestSecondaryTestBDE45F82" + "SubnetTestSecondaryTest2AB12223" ] } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out index bd5311dc372de..c6e612584e352 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.5"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json index 50d9ec54ae49a..d08885f4a8009 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "testCases": { "integtest-model/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json index e93a555169b11..1a14fac91ce61 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json index 63a3c3fdc4a8c..14f3c281405a7 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "artifacts": { "aws-cdk-vpcv2-alpha-new.assets": { "type": "cdk:asset-manifest", @@ -16,9 +16,10 @@ "templateFile": "aws-cdk-vpcv2-alpha-new.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3d3ee41ce855ed1f43bd76cb02f20825b0d6ea6965e4974823890801f598e628.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a88dc0ea3e4c5ea7d17016d0f0fb2cdac863bc0d2a1ed9aecfb42840baf64e13.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -40,10 +41,10 @@ "data": "SubnetTest3296A161" } ], - "/aws-cdk-vpcv2-alpha-new/SubnetTest/SecondaryTest": [ + "/aws-cdk-vpcv2-alpha-new/SubnetTest/SecondaryTest/SecondaryTest": [ { "type": "aws:cdk:logicalId", - "data": "SubnetTestSecondaryTestBDE45F82" + "data": "SubnetTestSecondaryTest2AB12223" } ], "/aws-cdk-vpcv2-alpha-new/testSubnet1/Subnet": [ @@ -67,10 +68,7 @@ "/aws-cdk-vpcv2-alpha-new/Instance/InstanceSecurityGroup/Resource": [ { "type": "aws:cdk:logicalId", - "data": "InstanceInstanceSecurityGroupF0E2D5BE", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" - ] + "data": "InstanceInstanceSecurityGroupF0E2D5BE" } ], "/aws-cdk-vpcv2-alpha-new/Instance/InstanceRole/Resource": [ @@ -88,10 +86,7 @@ "/aws-cdk-vpcv2-alpha-new/Instance/Resource": [ { "type": "aws:cdk:logicalId", - "data": "InstanceC1063A87", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" - ] + "data": "InstanceC1063A87" } ], "/aws-cdk-vpcv2-alpha-new/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ @@ -148,100 +143,10 @@ "data": "CheckBootstrapVersion" } ], - "Ipam50346F82": [ - { - "type": "aws:cdk:logicalId", - "data": "Ipam50346F82", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "IpamPublicPool050D6AA6C": [ - { - "type": "aws:cdk:logicalId", - "data": "IpamPublicPool050D6AA6C", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "IpamPublicPool0PublicPool0CidrAC7F711E": [ - { - "type": "aws:cdk:logicalId", - "data": "IpamPublicPool0PublicPool0CidrAC7F711E", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "VPCTestFB735C86": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCTestFB735C86", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "VPCTestIpv6IpamCidrD5C271DD": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCTestIpv6IpamCidrD5C271DD", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "VPCTestVpnGateway51EEED38": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCTestVpnGateway51EEED38", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "VPCTestVPCVPNGW0A869280": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCTestVPCVPNGW0A869280", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "VPCTestRoutePropagationFEA3011A": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCTestRoutePropagationFEA3011A", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "testsbubnetSubnet77337845": [ - { - "type": "aws:cdk:logicalId", - "data": "testsbubnetSubnet77337845", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "testsbubnetRouteTableF40F025B": [ - { - "type": "aws:cdk:logicalId", - "data": "testsbubnetRouteTableF40F025B", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "testsbubnetRouteTableAssociationD6D083FA": [ + "SubnetTestSecondaryTestBDE45F82": [ { "type": "aws:cdk:logicalId", - "data": "testsbubnetRouteTableAssociationD6D083FA", + "data": "SubnetTestSecondaryTestBDE45F82", "trace": [ "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" ] @@ -265,6 +170,7 @@ "templateFile": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json index 8cee5fa9bf37c..4ca5db479ab4e 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.subnet-v2.js.snapshot/tree.json @@ -32,20 +32,30 @@ "SecondaryTest": { "id": "SecondaryTest", "path": "aws-cdk-vpcv2-alpha-new/SubnetTest/SecondaryTest", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "SubnetTest3296A161", - "VpcId" - ] + "children": { + "SecondaryTest": { + "id": "SecondaryTest", + "path": "aws-cdk-vpcv2-alpha-new/SubnetTest/SecondaryTest/SecondaryTest", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "SubnetTest3296A161", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts index 1631cce1140ba..ea9da7f48a6db 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts @@ -19,7 +19,7 @@ const stack = new cdk.Stack(app, 'vpcv2-import-integ-test', { * Once created, change the subnet and VPCID * according to the one alloted on creation */ -const imported_new_vpc = VpcV2.VpcV2.fromVpcV2attributes(stack, 'ImportedNewVPC', { +const imported_new_vpc = VpcV2.VpcV2.fromVpcV2Attributes(stack, 'ImportedNewVPC', { vpcId: 'vpc-08193db3ccc4f909f', //VPC id vpcCidrBlock: '10.1.0.0/16', secondaryCidrBlocks: [{ @@ -69,7 +69,7 @@ new SubnetV2(stack, 'AddnewImportedSubnet2', { subnetType: SubnetType.PUBLIC, }); -const ImportedSubnet = SubnetV2.fromSubnetV2attributes(stack, 'IsolatedSubnet1', { +const ImportedSubnet = SubnetV2.fromSubnetV2Attributes(stack, 'IsolatedSubnet1', { subnetId: 'subnet-0d441651f6653d4a7', subnetType: SubnetType.PRIVATE_ISOLATED, availabilityZone: 'us-west-2b', @@ -87,7 +87,7 @@ imported_new_vpc.addNatGateway({ imported_new_vpc.addEgressOnlyInternetGateway(); // Import another IPAM enabled VPC -const ipamvpc = VpcV2.VpcV2.fromVpcV2attributes(stack, 'ImportedIPAMVPC', { +const ipamvpc = VpcV2.VpcV2.fromVpcV2Attributes(stack, 'ImportedIPAMVPC', { vpcId: 'vpc-02407f4a207815a97', vpcCidrBlock: '10.0.0.0/16', secondaryCidrBlocks: [{ @@ -97,7 +97,7 @@ const ipamvpc = VpcV2.VpcV2.fromVpcV2attributes(stack, 'ImportedIPAMVPC', { }, { ipv4IpamPoolId: 'ipam-pool-0d53ae29b3b8ca8de', - ipv4ProvisionedCidrs: ['10.2.0.0/16'], + ipv4IpamProvisionedCidrs: ['10.2.0.0/16'], cidrBlockName: 'ImportedIpamIpv4', }], }); diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json index ec6f321d9d708..84850797c1c08 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "353ce11111b0142986244849c029324fb6a6870f15c9cc910200712386cd1cbf": { + "f788e7e93312214b5744a46db25d85b0b2eedddcbc77e2fc51193c34dc73efd2": { "source": { "path": "aws-cdk-vpcv2-alpha.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "353ce11111b0142986244849c029324fb6a6870f15c9cc910200712386cd1cbf.json", + "objectKey": "f788e7e93312214b5744a46db25d85b0b2eedddcbc77e2fc51193c34dc73efd2.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json index 444a4d76a15c3..bf5bd0320e293 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/aws-cdk-vpcv2-alpha.template.json @@ -9,7 +9,7 @@ "InstanceTenancy": "default" } }, - "VPCintegtest1SecondaryAddress256BAC1D3": { + "VPCintegtest1SecondaryAddress2B60D56E9": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "CidrBlock": "10.2.0.0/16", @@ -21,7 +21,7 @@ } } }, - "VPCintegtest1AmazonProvidedE0445E5C": { + "VPCintegtest1AmazonProvided48C2076B": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "AmazonProvidedIpv6CidrBlock": true, @@ -33,7 +33,7 @@ } } }, - "VPCintegtest1SecondaryAddress3BCA08E40": { + "VPCintegtest1SecondaryAddress35E910ECB": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "CidrBlock": "10.3.0.0/16", @@ -313,9 +313,9 @@ } }, "DependsOn": [ - "VPCintegtest1AmazonProvidedE0445E5C", - "VPCintegtest1SecondaryAddress256BAC1D3", - "VPCintegtest1SecondaryAddress3BCA08E40" + "VPCintegtest1AmazonProvided48C2076B", + "VPCintegtest1SecondaryAddress2B60D56E9", + "VPCintegtest1SecondaryAddress35E910ECB" ] }, "testsbubnetRouteTableD0136BEA": { @@ -329,9 +329,9 @@ } }, "DependsOn": [ - "VPCintegtest1AmazonProvidedE0445E5C", - "VPCintegtest1SecondaryAddress256BAC1D3", - "VPCintegtest1SecondaryAddress3BCA08E40" + "VPCintegtest1AmazonProvided48C2076B", + "VPCintegtest1SecondaryAddress2B60D56E9", + "VPCintegtest1SecondaryAddress35E910ECB" ] }, "testsbubnetRouteTableAssociationD6D083FA": { @@ -348,9 +348,9 @@ } }, "DependsOn": [ - "VPCintegtest1AmazonProvidedE0445E5C", - "VPCintegtest1SecondaryAddress256BAC1D3", - "VPCintegtest1SecondaryAddress3BCA08E40" + "VPCintegtest1AmazonProvided48C2076B", + "VPCintegtest1SecondaryAddress2B60D56E9", + "VPCintegtest1SecondaryAddress35E910ECB" ] }, "testsubnetSubnetDD417829": { @@ -367,9 +367,9 @@ } }, "DependsOn": [ - "VPCintegtest1AmazonProvidedE0445E5C", - "VPCintegtest1SecondaryAddress256BAC1D3", - "VPCintegtest1SecondaryAddress3BCA08E40" + "VPCintegtest1AmazonProvided48C2076B", + "VPCintegtest1SecondaryAddress2B60D56E9", + "VPCintegtest1SecondaryAddress35E910ECB" ] }, "testsubnetRouteTable682580B2": { @@ -383,9 +383,9 @@ } }, "DependsOn": [ - "VPCintegtest1AmazonProvidedE0445E5C", - "VPCintegtest1SecondaryAddress256BAC1D3", - "VPCintegtest1SecondaryAddress3BCA08E40" + "VPCintegtest1AmazonProvided48C2076B", + "VPCintegtest1SecondaryAddress2B60D56E9", + "VPCintegtest1SecondaryAddress35E910ECB" ] }, "testsubnetRouteTableAssociationC106676D": { @@ -402,9 +402,9 @@ } }, "DependsOn": [ - "VPCintegtest1AmazonProvidedE0445E5C", - "VPCintegtest1SecondaryAddress256BAC1D3", - "VPCintegtest1SecondaryAddress3BCA08E40" + "VPCintegtest1AmazonProvided48C2076B", + "VPCintegtest1SecondaryAddress2B60D56E9", + "VPCintegtest1SecondaryAddress35E910ECB" ] }, "validateIpv6Subnet07BD40AE": { @@ -421,9 +421,9 @@ } }, "DependsOn": [ - "VPCintegtest1AmazonProvidedE0445E5C", - "VPCintegtest1SecondaryAddress256BAC1D3", - "VPCintegtest1SecondaryAddress3BCA08E40" + "VPCintegtest1AmazonProvided48C2076B", + "VPCintegtest1SecondaryAddress2B60D56E9", + "VPCintegtest1SecondaryAddress35E910ECB" ] }, "validateIpv6RouteTable09389F8D": { @@ -437,9 +437,9 @@ } }, "DependsOn": [ - "VPCintegtest1AmazonProvidedE0445E5C", - "VPCintegtest1SecondaryAddress256BAC1D3", - "VPCintegtest1SecondaryAddress3BCA08E40" + "VPCintegtest1AmazonProvided48C2076B", + "VPCintegtest1SecondaryAddress2B60D56E9", + "VPCintegtest1SecondaryAddress35E910ECB" ] }, "validateIpv6RouteTableAssociationD6330457": { @@ -456,9 +456,9 @@ } }, "DependsOn": [ - "VPCintegtest1AmazonProvidedE0445E5C", - "VPCintegtest1SecondaryAddress256BAC1D3", - "VPCintegtest1SecondaryAddress3BCA08E40" + "VPCintegtest1AmazonProvided48C2076B", + "VPCintegtest1SecondaryAddress2B60D56E9", + "VPCintegtest1SecondaryAddress35E910ECB" ] }, "routeTableRouteTable23B79F0B": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out index bd5311dc372de..c6e612584e352 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.5"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json index b73b42e18e04e..6c781e646d383 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "testCases": { "integtest-model/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json index e93a555169b11..1a14fac91ce61 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/integtestmodelDefaultTestDeployAssertCF40BD53.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json index 88e5763bc3db9..d86daa456035e 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "artifacts": { "aws-cdk-vpcv2-alpha.assets": { "type": "cdk:asset-manifest", @@ -16,9 +16,10 @@ "templateFile": "aws-cdk-vpcv2-alpha.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/353ce11111b0142986244849c029324fb6a6870f15c9cc910200712386cd1cbf.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f788e7e93312214b5744a46db25d85b0b2eedddcbc77e2fc51193c34dc73efd2.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -40,22 +41,22 @@ "data": "VPCintegtest1EBA1CB75" } ], - "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/SecondaryAddress2": [ + "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/SecondaryAddress2/SecondaryAddress2": [ { "type": "aws:cdk:logicalId", - "data": "VPCintegtest1SecondaryAddress256BAC1D3" + "data": "VPCintegtest1SecondaryAddress2B60D56E9" } ], - "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/AmazonProvided": [ + "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/AmazonProvided/AmazonProvided": [ { "type": "aws:cdk:logicalId", - "data": "VPCintegtest1AmazonProvidedE0445E5C" + "data": "VPCintegtest1AmazonProvided48C2076B" } ], - "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/SecondaryAddress3": [ + "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/SecondaryAddress3/SecondaryAddress3": [ { "type": "aws:cdk:logicalId", - "data": "VPCintegtest1SecondaryAddress3BCA08E40" + "data": "VPCintegtest1SecondaryAddress35E910ECB" } ], "/aws-cdk-vpcv2-alpha/VPC-integ-test-1/TestGWendpoint/Resource": [ @@ -213,24 +214,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "VPCintegtest1RoutePropagation062BDAD5": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCintegtest1RoutePropagation062BDAD5", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "VPCintegtest1TestNATGateway54FD55E6": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCintegtest1TestNATGateway54FD55E6", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "aws-cdk-vpcv2-alpha" @@ -250,6 +233,7 @@ "templateFile": "integtestmodelDefaultTestDeployAssertCF40BD53.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json index cb254995dba28..42f7be4ba047d 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpc-v2-alpha.js.snapshot/tree.json @@ -32,60 +32,90 @@ "SecondaryAddress2": { "id": "SecondaryAddress2", "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/SecondaryAddress2", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "cidrBlock": "10.2.0.0/16", - "vpcId": { - "Fn::GetAtt": [ - "VPCintegtest1EBA1CB75", - "VpcId" - ] + "children": { + "SecondaryAddress2": { + "id": "SecondaryAddress2", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/SecondaryAddress2/SecondaryAddress2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.2.0.0/16", + "vpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, "AmazonProvided": { "id": "AmazonProvided", "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/AmazonProvided", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "amazonProvidedIpv6CidrBlock": true, - "vpcId": { - "Fn::GetAtt": [ - "VPCintegtest1EBA1CB75", - "VpcId" - ] + "children": { + "AmazonProvided": { + "id": "AmazonProvided", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/AmazonProvided/AmazonProvided", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "amazonProvidedIpv6CidrBlock": true, + "vpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, "SecondaryAddress3": { "id": "SecondaryAddress3", "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/SecondaryAddress3", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "cidrBlock": "10.3.0.0/16", - "vpcId": { - "Fn::GetAtt": [ - "VPCintegtest1EBA1CB75", - "VpcId" - ] + "children": { + "SecondaryAddress3": { + "id": "SecondaryAddress3", + "path": "aws-cdk-vpcv2-alpha/VPC-integ-test-1/SecondaryAddress3/SecondaryAddress3", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.3.0.0/16", + "vpcId": { + "Fn::GetAtt": [ + "VPCintegtest1EBA1CB75", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts index 1e130d2c514ce..abfd0f22e2408 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts @@ -16,16 +16,16 @@ describe('Vpc V2 with full control', () => { stack = new cdk.Stack(app); }); - test('VpcV2.fromVpcV2attributes creates correct vpcArn', () => { - const importedVpc = VpcV2.fromVpcV2attributes(stack, 'VpcWithArn', { + test('VpcV2.fromVpcV2Attributes creates correct vpcArn', () => { + const importedVpc = VpcV2.fromVpcV2Attributes(stack, 'VpcWithArn', { vpcId: 'vpc-12345', vpcCidrBlock: '10.0.0.0/16', }); expect(importedVpc.vpcArn).toBe(`arn:${cdk.Stack.of(stack).partition}:ec2:${cdk.Stack.of(stack).region}:${cdk.Stack.of(stack).account}:vpc/vpc-12345`); }); - test('VpcV2.fromVpcV2attributes returns an instance of IVpcV2', () => { - const importedVpc = VpcV2.fromVpcV2attributes(stack, 'VpcInstance', { + test('VpcV2.fromVpcV2Attributes returns an instance of IVpcV2', () => { + const importedVpc = VpcV2.fromVpcV2Attributes(stack, 'VpcInstance', { vpcId: 'vpc-12345', vpcCidrBlock: '10.0.0.0/16', }); @@ -33,7 +33,7 @@ describe('Vpc V2 with full control', () => { }); test('Import VPC successfully', () => { - const vpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + const vpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { vpcId: 'XXXXXXXXX', vpcCidrBlock: '10.1.0.0/16', publicSubnets: [{ @@ -52,7 +52,7 @@ describe('Vpc V2 with full control', () => { }); test('Import different type of subnets successfully', () => { - const importedVpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + const importedVpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { vpcId: 'vpc-12345', vpcCidrBlock: '10.0.0.0/16', secondaryCidrBlocks: [ @@ -93,7 +93,7 @@ describe('Vpc V2 with full control', () => { }); test('Import VPC with secondary address Ipv4 successfully', () => { - const vpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + const vpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { vpcId: 'mockVpcID', vpcCidrBlock: '10.0.0.0/16', secondaryCidrBlocks: [ @@ -115,12 +115,12 @@ describe('Vpc V2 with full control', () => { }); test('Import VPC with IPAM IPv4', () => { - const vpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + const vpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { vpcId: 'mockVpcID', vpcCidrBlock: '10.0.0.0/16', secondaryCidrBlocks: [{ ipv4IpamPoolId: 'ipam-pool-0d53ae29b3b8ca8de', - ipv4ProvisionedCidrs: ['10.2.0.0/16'], + ipv4IpamProvisionedCidrs: ['10.2.0.0/16'], cidrBlockName: 'ImportedIpamIpv4', }], }); @@ -137,7 +137,7 @@ describe('Vpc V2 with full control', () => { }); test('Import VPC with IPAM IPv6', () => { - const vpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + const vpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { vpcId: 'mockVpcID', vpcCidrBlock: '10.0.0.0/16', secondaryCidrBlocks: [{ @@ -164,7 +164,7 @@ describe('Vpc V2 with full control', () => { }); test('Import VPC with secondary address amazon provided Ipv6 successfully', () => { - const vpc = VpcV2.fromVpcV2attributes(stack, 'ImportedVpc', { + const vpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { vpcId: 'mockVpcID', vpcCidrBlock: '10.0.0.0/16', secondaryCidrBlocks: [{ @@ -186,5 +186,4 @@ describe('Vpc V2 with full control', () => { Ipv6CidrBlock: '2600:1f24:6c:4000::/64', }); }); - }); From 13d14587681be80f6319e24bdf0c7431009acff0 Mon Sep 17 00:00:00 2001 From: shikha372 Date: Fri, 18 Oct 2024 10:24:43 -0700 Subject: [PATCH 7/9] adding arn field to populate account and region --- packages/@aws-cdk/aws-ec2-alpha/README.md | 4 -- .../@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts | 14 ++++++ packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts | 45 +++++++++++++------ .../aws-ec2-alpha/test/vpcv2-import.test.ts | 12 +++++ 4 files changed, 58 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md index 714eab95984de..b1f9e3dc742a6 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/README.md +++ b/packages/@aws-cdk/aws-ec2-alpha/README.md @@ -37,8 +37,6 @@ new VpcV2(this, 'Vpc', { `VpcV2` does not automatically create subnets or allocate IP addresses, which is different from the `Vpc` construct. -Importing existing VPC in an account into CDK as a `VpcV2` is not yet supported. - ## SubnetV2 `SubnetV2` is a re-write of the [`ec2.Subnet`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Subnet.html) construct. @@ -62,8 +60,6 @@ new SubnetV2(this, 'subnetA', { }) ``` -Same as `VpcV2`, importing existing subnets is not yet supported. - ## IP Addresses Management By default `VpcV2` uses `10.0.0.0/16` as the primary CIDR if none is defined. diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts index 2b0757f29f3f4..04938e6fec674 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts @@ -97,6 +97,20 @@ export interface IVpcV2 extends IVpc { */ readonly ipv4CidrBlock: string; + /** + * Optional to override inferred region + * + * @default - current stack's environment region + */ + readonly region?: string; + + /** + * The ID of the AWS account that owns the VPC + * + * @default - the account id of the parent stack + */ + readonly ownerAccountId?: string; + /** * IPv4 CIDR provisioned under pool * Required to check for overlapping CIDRs after provisioning diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts index c1b0c3218b095..a5fee506ca6b9 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -1,9 +1,9 @@ import { CfnVPC, CfnVPCCidrBlock, DefaultInstanceTenancy, ISubnet } from 'aws-cdk-lib/aws-ec2'; -import { Arn, CfnResource, Lazy, Names, Resource, Stack } from 'aws-cdk-lib/core'; +import { Arn, CfnResource, Lazy, Names, Resource } from 'aws-cdk-lib/core'; import { Construct, DependencyGroup, IDependable } from 'constructs'; import { IpamOptions, IIpamPool } from './ipam'; import { IVpcV2, VpcV2Base } from './vpc-v2-base'; -import { ISubnetV2, ImportedSubnetV2, SubnetV2Attributes } from './subnet-v2';; +import { ISubnetV2, ImportedSubnetV2, SubnetV2Attributes } from './subnet-v2'; /** * Additional props needed for secondary Address @@ -196,18 +196,20 @@ export interface VpcV2Props { */ export interface VpcV2Attributes { - /** - * The region in which the VPC is located - * @default - No region information - */ - readonly region?: string; - /** * The VPC ID * Refers to physical Id of the resource */ readonly vpcId: string; + /** + * Arn of the VPC + * will be used to set value for account and region + * which then later can be used for establishing VPC peering connection + * @default - constructed with stack account and region value + */ + readonly vpcArn?: string; + /** * Primary VPC CIDR Block of the imported VPC * Can only be IPv4 @@ -334,6 +336,16 @@ export class VpcV2 extends VpcV2Base { */ public readonly ipv4IpamProvisionedCidrs?: string[]; + /** + * Region for this VPC + */ + public readonly region?: string; + + /** + * Identifier of the owner for this VPC + */ + public readonly ownerAccountId?: string; + /** * For validation to define IPv6 subnets, set to true in case of * Amazon Provided IPv6 cidr range @@ -379,6 +391,8 @@ export class VpcV2 extends VpcV2Base { resource: 'vpc', resourceName: this.vpcId, }, this.stack); + this.region = this.stack.region; + this.ownerAccountId = this.stack.account; if (props.secondaryAddressBlocks) { const secondaryAddressBlocks: IIpAddresses[] = props.secondaryAddressBlocks; @@ -536,6 +550,8 @@ class ImportedVpcV2 extends VpcV2Base { public readonly isolatedSubnets: ISubnetV2[] = []; public readonly internetConnectivityEstablished: IDependable = new DependencyGroup(); public readonly ipv4CidrBlock: string; + public readonly region?: string; + public readonly ownerAccountId?: string; /* * Reference to all secondary blocks attached @@ -552,15 +568,18 @@ class ImportedVpcV2 extends VpcV2Base { public readonly ipv4IpamProvisionedCidrs: string[] = []; constructor(scope: Construct, id: string, props: VpcV2Attributes) { - super(scope, id, { - region: props. region, - }); + super(scope, id); this.vpcId = props.vpcId, - this.vpcArn = Arn.format({ + this.vpcArn = props.vpcArn ?? Arn.format({ service: 'ec2', resource: 'vpc', resourceName: this.vpcId, - }, Stack.of(this)); + }, this.stack); + // Populate region and account fields that can be used to set up peering connection + // sample vpc Arn - arn:aws:ec2:us-west-2:123456789012:vpc/vpc-0123456789abcdef0 + this.region = this.vpcArn.split(':')[3]; + this.ownerAccountId = this.vpcArn.split(':')[4]; + // Refers to actual VPC Resource attribute in non-imported VPC this.vpcCidrBlock = props.vpcCidrBlock; // Required for subnet range related checks this.ipv4CidrBlock = props.vpcCidrBlock; diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts index abfd0f22e2408..8f14c70e8246a 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts @@ -186,4 +186,16 @@ describe('Vpc V2 with full control', () => { Ipv6CidrBlock: '2600:1f24:6c:4000::/64', }); }); + test('Fetch correct account id and region ', () => { + const vpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { + vpcId: 'mockVpcID', + vpcCidrBlock: '10.0.0.0/16', + secondaryCidrBlocks: [{ + amazonProvidedIpv6CidrBlock: true, + }], + vpcArn: 'arn:aws:ec2:us-west-2:123456789012:vpc/mockVpcID', + }); + expect(vpc.ownerAccountId).toBe('123456789012'); + expect(vpc.region).toBe('us-west-2'); + }); }); From 6ec70f6b3be3372476f486ca1b4385c32dd8a3b9 Mon Sep 17 00:00:00 2001 From: shikha372 Date: Thu, 24 Oct 2024 20:26:27 +0530 Subject: [PATCH 8/9] addressing comments --- packages/@aws-cdk/aws-ec2-alpha/README.md | 34 ++- .../@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts | 135 +++++------- .../@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts | 14 +- packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts | 195 +++++++++--------- .../aws-ec2-alpha/test/integ.test-import.ts | 5 +- .../aws-ec2-alpha/test/vpcv2-import.test.ts | 22 +- 6 files changed, 215 insertions(+), 190 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md index b1f9e3dc742a6..e37075d97d321 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/README.md +++ b/packages/@aws-cdk/aws-ec2-alpha/README.md @@ -373,6 +373,34 @@ To import an existing VPC, use the `VpcV2.fromVpcV2Attributes()` method. You'll If you wish to add a new subnet to imported VPC, new subnet's IP range(IPv4) will be validated against provided secondary and primary address block to confirm that it is within the the range of VPC. +Here's an example of importing a VPC with only the required parameters + +``` ts + +const stack = new Stack(); + +const importedVpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { + vpcId: 'mockVpcID', + vpcCidrBlock: '10.0.0.0/16', +}); + +``` + +In case of cross account or cross region VPC, its recommended to provide VPC arn so that the region and accountId values for the VPC can be fetched from given arn value. If a VPC arn is not provided, arn will be populated using region and account configured in the stack. + +``` ts + +const stack = new Stack(); + +//Importing a cross acount or cross region VPC +const importedVpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { + vpcId: 'mockVpcID', + vpcCidrBlock: '10.0.0.0/16', + vpcArn: 'arn:aws:ec2:us-west-2:123456789012:vpc/vpc-0123abcd4567efgh8', +}); + +``` + Here's an example of how to import a VPC with multiple CIDR blocks, IPv6 support, and different subnet types: In this example, we're importing a VPC with: @@ -410,15 +438,15 @@ const importedVpc = VpcV2.fromVpcV2Attributes(this, 'ImportedVPC', { amazonProvidedIpv6CidrBlock: true, } ], - isolatedSubnets: [{ + subnets: [{ subnetName: 'IsolatedSubnet2', subnetId: 'subnet-03cd773c0fe08ed26', subnetType: SubnetType.PRIVATE_ISOLATED, availabilityZone: 'us-west-2a', ipv4CidrBlock: '10.2.0.0/24', routeTableId: 'rtb-0871c310f98da2cbb', - }], - publicSubnets: [{ + }, + { subnetId: 'subnet-0fa477e01db27d820', subnetType: SubnetType.PUBLIC, availabilityZone: 'us-west-2b', diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts index 79d5f4ad7605b..1300e782e94b4 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts @@ -124,7 +124,62 @@ export class SubnetV2 extends Resource implements ISubnetV2 { * Import an existing subnet to the VPC */ public static fromSubnetV2Attributes(scope: Construct, id: string, attrs: SubnetV2Attributes) : ISubnetV2 { - return new ImportedSubnetV2(scope, id, attrs); + /** + * Class to define an import for an existing subnet + * @resource AWS::EC2::Subnet + */ + class ImportedSubnetV2 extends Resource implements ISubnetV2 { + + /** + * The IPv6 CIDR Block assigned to this subnet + */ + public readonly ipv6CidrBlock?: string = attrs.ipv6CidrBlock; + + /** + * The type of subnet (eg. public or private) that this subnet represents. + */ + public readonly subnetType?: SubnetType = attrs.subnetType; + + /** + * The Availability Zone in which subnet is located + */ + public readonly availabilityZone: string = attrs.availabilityZone; + + /** + * The subnetId for this particular subnet + * Refers to the physical ID created + */ + public readonly subnetId: string = attrs.subnetId; + + /** + * Dependable that can be depended upon to force internet connectivity established on the VPC + */ + public readonly internetConnectivityEstablished: IDependable = new DependencyGroup(); + + /** + * The IPv4 CIDR block assigned to this subnet + */ + public readonly ipv4CidrBlock: string = attrs.ipv4CidrBlock; + + /** + * Current route table associated with this subnet + */ + public readonly routeTable: IRouteTable = { routeTableId: attrs.routeTableId! } + + /** + * Associate a Network ACL with this subnet + * Required here since it is implemented in the ISubnetV2 + */ + public associateNetworkAcl(aclId: string, networkAcl: INetworkAcl) { + const aclScope = networkAcl instanceof Construct ? networkAcl : this; + const other = networkAcl instanceof Construct ? this : networkAcl; + new SubnetNetworkAclAssociation(aclScope, aclId + Names.nodeUniqueId(other.node), { + networkAcl, + subnet: this, + }); + } + } + return new ImportedSubnetV2(scope, id); } /** @@ -334,84 +389,6 @@ export interface SubnetV2Attributes { } -/** - * Properties required to import a subnet - */ -export interface ImportedSubnetV2Props extends SubnetV2Attributes {} - -/** - * Class to define an import for an existing subnet - * @resource AWS::EC2::Subnet - */ -export class ImportedSubnetV2 extends Resource implements ISubnetV2 { - - /** - * The IPv6 CIDR Block assigned to this subnet - */ - public readonly ipv6CidrBlock?: string; - - /** - * The type of subnet (eg. public or private) that this subnet represents. - */ - public readonly subnetType?: SubnetType; - - /** - * The Availability Zone in which subnet is located - */ - public readonly availabilityZone: string; - - /** - * The subnetId for this particular subnet - * Refers to the physical ID created - */ - public readonly subnetId: string; - - /** - * Dependable that can be depended upon to force internet connectivity established on the VPC - */ - public readonly internetConnectivityEstablished: IDependable = new DependencyGroup(); - - /** - * The IPv4 CIDR block assigned to this subnet - */ - public readonly ipv4CidrBlock: string; - - /** - * Current route table associated with this subnet - */ - public readonly routeTable: IRouteTable; - - constructor(scope: Construct, id: string, props: ImportedSubnetV2Props) { - super(scope, id); - - if (!props.routeTableId) { - throw new Error('Route Table ID is required'); - } - - this.ipv4CidrBlock = props.ipv4CidrBlock; - this.availabilityZone = props.availabilityZone; - this.subnetType = props.subnetType; - this.ipv6CidrBlock = props.ipv6CidrBlock; - this.subnetId = props.subnetId; - this.routeTable = { - routeTableId: props.routeTableId!, - }; - } - - /** - * Associate a Network ACL with this subnet - * Required here since it is implemented in the ISubnetV2 - */ - public associateNetworkAcl(id: string, networkAcl: INetworkAcl) { - const scope = networkAcl instanceof Construct ? networkAcl : this; - const other = networkAcl instanceof Construct ? this : networkAcl; - new SubnetNetworkAclAssociation(scope, id + Names.nodeUniqueId(other.node), { - networkAcl, - subnet: this, - }); - } -} - const subnetTypeMap = { [SubnetType.PRIVATE_ISOLATED]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.isolatedSubnets.push(subnet), [SubnetType.PUBLIC]: (vpc: IVpcV2, subnet: SubnetV2) => vpc.publicSubnets.push(subnet), diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts index 04938e6fec674..cc45b67659c99 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts @@ -102,14 +102,14 @@ export interface IVpcV2 extends IVpc { * * @default - current stack's environment region */ - readonly region?: string; + readonly region: string; /** * The ID of the AWS account that owns the VPC * * @default - the account id of the parent stack */ - readonly ownerAccountId?: string; + readonly ownerAccountId: string; /** * IPv4 CIDR provisioned under pool @@ -220,6 +220,16 @@ export abstract class VpcV2Base extends Resource implements IVpcV2 { */ public abstract readonly ipv4CidrBlock: string; + /** + * Region for this VPC + */ + public abstract readonly region: string; + + /** + * Identifier of the owner for this VPC + */ + public abstract readonly ownerAccountId: string; + /** * If this is set to true, don't error out on trying to select subnets */ diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts index a5fee506ca6b9..8a4f1219b8ece 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -1,9 +1,9 @@ -import { CfnVPC, CfnVPCCidrBlock, DefaultInstanceTenancy, ISubnet } from 'aws-cdk-lib/aws-ec2'; +import { CfnVPC, CfnVPCCidrBlock, DefaultInstanceTenancy, ISubnet, SubnetType } from 'aws-cdk-lib/aws-ec2'; import { Arn, CfnResource, Lazy, Names, Resource } from 'aws-cdk-lib/core'; import { Construct, DependencyGroup, IDependable } from 'constructs'; import { IpamOptions, IIpamPool } from './ipam'; import { IVpcV2, VpcV2Base } from './vpc-v2-base'; -import { ISubnetV2, ImportedSubnetV2, SubnetV2Attributes } from './subnet-v2'; +import { ISubnetV2, SubnetV2, SubnetV2Attributes } from './subnet-v2'; /** * Additional props needed for secondary Address @@ -203,9 +203,10 @@ export interface VpcV2Attributes { readonly vpcId: string; /** - * Arn of the VPC - * will be used to set value for account and region - * which then later can be used for establishing VPC peering connection + * Arn of the VPC, required in case of cross acount or cross region VPC + * as given arn value will be used to set fields account and region for imported VPC, + * which then later can be used for establishing VPC peering connection. + * * @default - constructed with stack account and region value */ readonly vpcArn?: string; @@ -218,30 +219,21 @@ export interface VpcV2Attributes { /** * A VPN Gateway is attached to the VPC + * * @default - No VPN Gateway */ readonly vpnGatewayId?: string; /** - * Public subnets associated with VPC - * @default - no public subnets provided - */ - readonly publicSubnets?: SubnetV2Attributes[]; - - /** - * Private subnets associated with VPC - * @default - no private subnets provided - */ - readonly privateSubnets?: SubnetV2Attributes[]; - - /** - * Isolated subnets associated with VPC - * @default - no isolated subnets provided + * Subnets associated with imported VPC + * + * @default - no subnets provided to be imported */ - readonly isolatedSubnets?: SubnetV2Attributes[]; + readonly subnets?: SubnetV2Attributes[]; /** * Import Secondary CIDR blocks associated with VPC + * * @default - No secondary IP address */ readonly secondaryCidrBlocks?: VPCCidrBlockattributes[]; @@ -260,6 +252,76 @@ export class VpcV2 extends VpcV2Base { * Create a VPC from existing attributes */ public static fromVpcV2Attributes(scope: Construct, id: string, attrs: VpcV2Attributes): IVpcV2 { + /** + * Internal class to allow users to import VPC + * @internal + */ + class ImportedVpcV2 extends VpcV2Base { + + public readonly vpcId: string; + public readonly vpcArn: string; + public readonly publicSubnets: ISubnetV2[] = []; + public readonly privateSubnets: ISubnetV2[] = []; + public readonly isolatedSubnets: ISubnetV2[] = []; + public readonly internetConnectivityEstablished: IDependable = new DependencyGroup(); + public readonly ipv4CidrBlock: string; + public readonly region: string; + public readonly ownerAccountId: string; + + /* + * Reference to all secondary blocks attached + */ + public readonly secondaryCidrBlock?: IVPCCidrBlock[]; + + /** + * Refers to actual VPC Resource attribute in non-imported VPC + * Required to implement here due to extension from Base class + */ + public readonly vpcCidrBlock: string; + + // Required to do CIDR range test on imported VPCs to create new subnets + public readonly ipv4IpamProvisionedCidrs: string[] = []; + + constructor(construct: Construct, constructId: string, props: VpcV2Attributes) { + super(construct, constructId); + this.vpcId = props.vpcId, + this.vpcArn = props.vpcArn ?? Arn.format({ + service: 'ec2', + resource: 'vpc', + resourceName: this.vpcId, + }, this.stack); + // Populate region and account fields that can be used to set up peering connection + // sample vpc Arn - arn:aws:ec2:us-west-2:123456789012:vpc/vpc-0123456789abcdef0 + this.region = this.vpcArn.split(':')[3]; + this.ownerAccountId = this.vpcArn.split(':')[4]; + // Refers to actual VPC Resource attribute in non-imported VPC + this.vpcCidrBlock = props.vpcCidrBlock; + // Required for subnet range related checks + this.ipv4CidrBlock = props.vpcCidrBlock; + this._vpnGatewayId = props.vpnGatewayId; + + if (props.subnets) { + for (const subnet of props.subnets) { + if (subnet.subnetType === SubnetType.PRIVATE_WITH_EGRESS || subnet.subnetType === SubnetType.PRIVATE_WITH_NAT || + subnet.subnetType === SubnetType.PRIVATE) { + this.privateSubnets.push(SubnetV2.fromSubnetV2Attributes(scope, subnet.subnetName?? 'ImportedPrivateSubnet', subnet)); + } else if (subnet.subnetType === SubnetType.PUBLIC) { + this.publicSubnets.push(SubnetV2.fromSubnetV2Attributes(scope, subnet.subnetName?? 'ImportedPublicSubnet', subnet)); + } else if (subnet.subnetType === SubnetType.ISOLATED || subnet.subnetType === SubnetType.PRIVATE_ISOLATED) { + this.isolatedSubnets.push(SubnetV2.fromSubnetV2Attributes(scope, subnet.subnetName?? 'ImportedIsolatedSubnet', subnet)); + } + } + } + this.secondaryCidrBlock = props.secondaryCidrBlocks?.map(cidrBlock => VPCCidrBlock.fromVPCCidrBlockattributes(scope, cidrBlock.cidrBlockName ?? 'ImportedSecondaryCidrBlock', { ...cidrBlock })); + if (props.secondaryCidrBlocks) { + for (const cidrBlock of props.secondaryCidrBlocks) { + if (cidrBlock.ipv4IpamProvisionedCidrs) { + this.ipv4IpamProvisionedCidrs.push(...cidrBlock.ipv4IpamProvisionedCidrs); + } + } + } + } + } return new ImportedVpcV2(scope, id, attrs); } @@ -269,13 +331,13 @@ export class VpcV2 extends VpcV2Base { public readonly vpcId: string; /** - * @attribute - */ + * @attribute + */ public readonly vpcArn: string; /** * @attribute - */ + */ public readonly vpcCidrBlock: string; /** * The IPv6 CIDR blocks for the VPC. @@ -300,8 +362,8 @@ export class VpcV2 extends VpcV2Base { public readonly dnsHostnamesEnabled: boolean; /** - * Indicates if DNS support is enabled for this VPC. - */ + * Indicates if DNS support is enabled for this VPC. + */ public readonly dnsSupportEnabled: boolean; /** @@ -325,8 +387,8 @@ export class VpcV2 extends VpcV2Base { public readonly internetConnectivityEstablished: IDependable; /** - * reference to all secondary blocks attached - */ + * reference to all secondary blocks attached + */ public readonly secondaryCidrBlock?: IVPCCidrBlock[] = new Array; /** @@ -337,14 +399,14 @@ export class VpcV2 extends VpcV2Base { public readonly ipv4IpamProvisionedCidrs?: string[]; /** - * Region for this VPC - */ - public readonly region?: string; + * Region for this VPC + */ + public readonly region: string; /** - * Identifier of the owner for this VPC - */ - public readonly ownerAccountId?: string; + * Identifier of the owner for this VPC + */ + public readonly ownerAccountId: string; /** * For validation to define IPv6 subnets, set to true in case of @@ -538,73 +600,6 @@ class IpamIpv4 implements IIpAddresses { } } -/** - * Internal class to allow users to import VPC - * @internal - */ -class ImportedVpcV2 extends VpcV2Base { - public readonly vpcId: string; - public readonly vpcArn: string; - public readonly publicSubnets: ISubnetV2[] = []; - public readonly privateSubnets: ISubnetV2[] = []; - public readonly isolatedSubnets: ISubnetV2[] = []; - public readonly internetConnectivityEstablished: IDependable = new DependencyGroup(); - public readonly ipv4CidrBlock: string; - public readonly region?: string; - public readonly ownerAccountId?: string; - - /* - * Reference to all secondary blocks attached - */ - public readonly secondaryCidrBlock?: IVPCCidrBlock[]; - - /** - * Refers to actual VPC Resource attribute in non-imported VPC - * Required to implement here due to extension from Base class - */ - public readonly vpcCidrBlock: string; - - // Required to do CIDR range test on imported VPCs to create new subnets - public readonly ipv4IpamProvisionedCidrs: string[] = []; - - constructor(scope: Construct, id: string, props: VpcV2Attributes) { - super(scope, id); - this.vpcId = props.vpcId, - this.vpcArn = props.vpcArn ?? Arn.format({ - service: 'ec2', - resource: 'vpc', - resourceName: this.vpcId, - }, this.stack); - // Populate region and account fields that can be used to set up peering connection - // sample vpc Arn - arn:aws:ec2:us-west-2:123456789012:vpc/vpc-0123456789abcdef0 - this.region = this.vpcArn.split(':')[3]; - this.ownerAccountId = this.vpcArn.split(':')[4]; - // Refers to actual VPC Resource attribute in non-imported VPC - this.vpcCidrBlock = props.vpcCidrBlock; - // Required for subnet range related checks - this.ipv4CidrBlock = props.vpcCidrBlock; - this._vpnGatewayId = props.vpnGatewayId; - - if (props.publicSubnets) { - this.publicSubnets = props.publicSubnets.map(subnet => new ImportedSubnetV2(scope, subnet.subnetName?? 'ImportedPublicSubnet', subnet)); - } - if (props.privateSubnets) { - this.privateSubnets = props.privateSubnets.map(subnet => new ImportedSubnetV2(scope, subnet.subnetName?? 'ImportedPrivateSubnet', subnet)); - } - if (props.isolatedSubnets) { - this.isolatedSubnets = props.isolatedSubnets.map(subnet => new ImportedSubnetV2(scope, subnet.subnetName?? 'ImportedIsolatedSubnet', subnet)); - } - this.secondaryCidrBlock = props.secondaryCidrBlocks?.map(cidrBlock => VPCCidrBlock.fromVPCCidrBlockattributes(scope, cidrBlock.cidrBlockName ?? 'ImportedSecondaryCidrBlock', { ...cidrBlock })); - if (props.secondaryCidrBlocks) { - for (const cidrBlock of props.secondaryCidrBlocks) { - if (cidrBlock.ipv4IpamProvisionedCidrs) { - this.ipv4IpamProvisionedCidrs.push(...cidrBlock.ipv4IpamProvisionedCidrs); - } - } - } - } -} - /** * Interface to create L2 for VPC Cidr Block */ diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts index ea9da7f48a6db..c6075caafd0cb 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.test-import.ts @@ -32,15 +32,14 @@ const imported_new_vpc = VpcV2.VpcV2.fromVpcV2Attributes(stack, 'ImportedNewVPC' }, { amazonProvidedIpv6CidrBlock: true, }], - isolatedSubnets: [{ + subnets: [{ subnetName: 'IsolatedSubnet2', subnetId: 'subnet-03cd773c0fe08ed26', //Subnet Id subnetType: SubnetType.PRIVATE_ISOLATED, availabilityZone: 'us-west-2a', ipv4CidrBlock: '10.2.0.0/24', routeTableId: 'rtb-0871c310f98da2cbb', //RouteTable id - }], - publicSubnets: [{ + }, { subnetId: 'subnet-0fa477e01db27d820', subnetType: SubnetType.PUBLIC, availabilityZone: 'us-west-2b', diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts index 8f14c70e8246a..54b3102d086f7 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts @@ -1,6 +1,6 @@ import * as cdk from 'aws-cdk-lib'; import { VpcV2 } from '../lib/vpc-v2'; -import { IpCidr, SubnetV2, VpcV2Base } from '../lib/'; +import { IpCidr, NatGateway, SubnetV2, VpcV2Base } from '../lib/'; import { Template } from 'aws-cdk-lib/assertions'; import { InterfaceVpcEndpointAwsService, SubnetType } from 'aws-cdk-lib/aws-ec2'; @@ -36,7 +36,7 @@ describe('Vpc V2 with full control', () => { const vpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { vpcId: 'XXXXXXXXX', vpcCidrBlock: '10.1.0.0/16', - publicSubnets: [{ + subnets: [{ subnetId: 'subnet-isolated1', availabilityZone: 'us-east-1a', ipv4CidrBlock: '10.0.4.0/24', @@ -60,7 +60,7 @@ describe('Vpc V2 with full control', () => { amazonProvidedIpv6CidrBlock: true, }, ], - isolatedSubnets: [{ + subnets: [{ subnetId: 'subnet-isolated1', subnetName: 'mockisolatedsubnet', availabilityZone: 'us-east-1a', @@ -198,4 +198,20 @@ describe('Vpc V2 with full control', () => { expect(vpc.ownerAccountId).toBe('123456789012'); expect(vpc.region).toBe('us-west-2'); }); + test('Successfully import subnet using fromSubnetV2Attributes', () => { + const importedSubnet = SubnetV2.fromSubnetV2Attributes(stack, 'ImportedSubnet', { + availabilityZone: 'us-west-2a', + ipv4CidrBlock: '10.0.1.0/28', + subnetId: 'mockSubnetId', + subnetType: SubnetType.PRIVATE_ISOLATED, + routeTableId: 'mockRouteTableId', + }); + new NatGateway(stack, 'NatGateway', { + subnet: importedSubnet, + allocationId: 'mockAllocationId', + }); + Template.fromStack(stack).hasResourceProperties('AWS::EC2::NatGateway', { + SubnetId: 'mockSubnetId', + }); + }); }); From 7c47a493bf346503e2961808f3f60c379abfa590 Mon Sep 17 00:00:00 2001 From: shikha372 Date: Fri, 25 Oct 2024 20:20:14 +0530 Subject: [PATCH 9/9] add account and region in place of arn --- packages/@aws-cdk/aws-ec2-alpha/README.md | 7 +++-- packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts | 30 +++++++++++++++---- .../aws-ec2-alpha/test/vpcv2-import.test.ts | 8 ++--- 3 files changed, 34 insertions(+), 11 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md index e37075d97d321..ecedb42ae1189 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/README.md +++ b/packages/@aws-cdk/aws-ec2-alpha/README.md @@ -386,7 +386,9 @@ const importedVpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { ``` -In case of cross account or cross region VPC, its recommended to provide VPC arn so that the region and accountId values for the VPC can be fetched from given arn value. If a VPC arn is not provided, arn will be populated using region and account configured in the stack. +In case of cross account or cross region VPC, its recommended to provide region and ownerAccountId so that these values for the VPC can be used to populate correct arn value for the VPC. If a VPC region and account ID is not provided, then region and account configured in the stack will be used. Furthermore, these fields will be referenced later while setting up VPC peering connection, so its necessary to set these fields to a correct value. + +Below is an example of importing a cross region and cross acount VPC, VPC arn for this case would be 'arn:aws:ec2:us-west-2:123456789012:vpc/mockVpcID' ``` ts @@ -396,7 +398,8 @@ const stack = new Stack(); const importedVpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { vpcId: 'mockVpcID', vpcCidrBlock: '10.0.0.0/16', - vpcArn: 'arn:aws:ec2:us-west-2:123456789012:vpc/vpc-0123abcd4567efgh8', + ownerAccountId: '123456789012', + region: 'us-west-2', }); ``` diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts index 8a4f1219b8ece..e004593c70bdb 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -4,6 +4,7 @@ import { Construct, DependencyGroup, IDependable } from 'constructs'; import { IpamOptions, IIpamPool } from './ipam'; import { IVpcV2, VpcV2Base } from './vpc-v2-base'; import { ISubnetV2, SubnetV2, SubnetV2Attributes } from './subnet-v2'; +import { region_info } from 'aws-cdk-lib'; /** * Additional props needed for secondary Address @@ -203,13 +204,24 @@ export interface VpcV2Attributes { readonly vpcId: string; /** - * Arn of the VPC, required in case of cross acount or cross region VPC - * as given arn value will be used to set fields account and region for imported VPC, + * Region in which imported VPC is hosted + * required in case of cross region VPC + * as given value will be used to set field region for imported VPC, * which then later can be used for establishing VPC peering connection. * - * @default - constructed with stack account and region value + * @default - constructed with stack region value */ - readonly vpcArn?: string; + readonly region?: string; + + /** + * The ID of the AWS account that owns the imported VPC + * required in case of cross account VPC + * as given value will be used to set field account for imported VPC, + * which then later can be used for establishing VPC peering connection. + * + * @default - constructed with stack account value + */ + readonly ownerAccountId?: string; /** * Primary VPC CIDR Block of the imported VPC @@ -267,6 +279,7 @@ export class VpcV2 extends VpcV2Base { public readonly ipv4CidrBlock: string; public readonly region: string; public readonly ownerAccountId: string; + private readonly _partition?: string; /* * Reference to all secondary blocks attached @@ -285,11 +298,18 @@ export class VpcV2 extends VpcV2Base { constructor(construct: Construct, constructId: string, props: VpcV2Attributes) { super(construct, constructId); this.vpcId = props.vpcId, - this.vpcArn = props.vpcArn ?? Arn.format({ + this.region = props.region ?? this.stack.region, + this.ownerAccountId = props.ownerAccountId ?? this.stack.account, + this._partition = region_info.RegionInfo.get(this.region).partition, + this.vpcArn = Arn.format({ service: 'ec2', resource: 'vpc', resourceName: this.vpcId, + region: this.region, + account: this.ownerAccountId, + partition: this._partition, }, this.stack); + // Populate region and account fields that can be used to set up peering connection // sample vpc Arn - arn:aws:ec2:us-west-2:123456789012:vpc/vpc-0123456789abcdef0 this.region = this.vpcArn.split(':')[3]; diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts b/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts index 54b3102d086f7..212eb12a47af5 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/vpcv2-import.test.ts @@ -186,17 +186,17 @@ describe('Vpc V2 with full control', () => { Ipv6CidrBlock: '2600:1f24:6c:4000::/64', }); }); - test('Fetch correct account id and region ', () => { + test('Populate correct arn using account id and region ', () => { const vpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', { vpcId: 'mockVpcID', vpcCidrBlock: '10.0.0.0/16', secondaryCidrBlocks: [{ amazonProvidedIpv6CidrBlock: true, }], - vpcArn: 'arn:aws:ec2:us-west-2:123456789012:vpc/mockVpcID', + ownerAccountId: '123456789012', + region: 'us-west-2', }); - expect(vpc.ownerAccountId).toBe('123456789012'); - expect(vpc.region).toBe('us-west-2'); + expect(vpc.vpcArn).toBe('arn:aws:ec2:us-west-2:123456789012:vpc/mockVpcID'); }); test('Successfully import subnet using fromSubnetV2Attributes', () => { const importedSubnet = SubnetV2.fromSubnetV2Attributes(stack, 'ImportedSubnet', {