From 7ebc8de8c10f59ef6cc1f43e688599a5c316f234 Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Tue, 10 Sep 2024 11:35:55 -0700 Subject: [PATCH 1/4] Update integ test to check for multiple RoleAttachments --- .../test/integ.identitypool.ts | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts index e2d1ff3b4528c..e56d0c47bde70 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts @@ -19,6 +19,7 @@ import { import { UserPoolAuthenticationProvider, } from '../lib/identitypool-user-pool-authentication-provider'; +import { IdentityPoolRoleAttachment } from '../lib'; const app = new App(); const stack = new Stack(app, 'integ-identitypool'); @@ -69,6 +70,19 @@ const idPool = new IdentityPool(stack, 'identitypool', { allowClassicFlow: true, identityPoolName: 'my-id-pool', }); +idPool.addRoleMappings( + { + mappingKey: 'myKey', + providerUrl: IdentityPoolProviderUrl.userPool(userPool, client), + rules: [ + { + claim: 'myClaim', + claimValue: 'myValue', + mappedRole: idPool.authenticatedRole, + }, + ], + } +); idPool.authenticatedRole.addToPrincipalPolicy(new PolicyStatement({ effect: Effect.ALLOW, actions: ['dynamodb:*'], @@ -80,4 +94,7 @@ idPool.unauthenticatedRole.addToPrincipalPolicy(new PolicyStatement({ resources: ['*'], })); idPool.addUserPoolAuthentication(new UserPoolAuthenticationProvider({ userPool: otherPool })); +new IdentityPoolRoleAttachment(stack, 'RoleAttachment', { + identityPool: idPool, +}); app.synth(); From e1e453839e303a477afa426c3e2657a0f07747bc Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Tue, 1 Oct 2024 09:20:52 -0700 Subject: [PATCH 2/4] Rebase with main --- .../test/integ.identitypool.ts | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts index 26466161d77b8..6736f98b45e09 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts @@ -3,6 +3,7 @@ import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam'; import { App, SecretValue, Stack } from 'aws-cdk-lib'; import { IdentityPool, IdentityPoolProviderUrl } from '../lib/identitypool'; import { UserPoolAuthenticationProvider } from '../lib/identitypool-user-pool-authentication-provider'; +import { IdentityPoolRoleAttachment } from '../lib/identitypool-role-attachment'; const app = new App(); const stack = new Stack(app, 'integ-identitypool'); @@ -63,6 +64,19 @@ const idPool = new IdentityPool(stack, 'identitypool', { allowClassicFlow: true, identityPoolName: 'my-id-pool', }); +idPool.addRoleMappings( + { + mappingKey: 'myKey', + providerUrl: IdentityPoolProviderUrl.userPool(userPool, client), + rules: [ + { + claim: 'myClaim', + claimValue: 'myValue', + mappedRole: idPool.authenticatedRole, + }, + ], + } +); idPool.authenticatedRole.addToPrincipalPolicy(new PolicyStatement({ effect: Effect.ALLOW, actions: ['dynamodb:*'], @@ -74,4 +88,7 @@ idPool.unauthenticatedRole.addToPrincipalPolicy(new PolicyStatement({ resources: ['*'], })); idPool.addUserPoolAuthentication(new UserPoolAuthenticationProvider({ userPool: otherPool })); +new IdentityPoolRoleAttachment(stack, 'RoleAttachment', { + identityPool: idPool, +}); app.synth(); From cd7c48479e5d9c05a8090cd5a15f1f17f58de279 Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Fri, 25 Oct 2024 09:14:42 -0700 Subject: [PATCH 3/4] Add AWS Price List to endpoints --- packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index 258724e604fdb..d5d4b4daa76db 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -515,6 +515,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly PIPES_DATA = new InterfaceVpcEndpointAwsService('pipes-data'); public static readonly PIPES_FIPS = new InterfaceVpcEndpointAwsService('pipes-fips'); public static readonly POLLY = new InterfaceVpcEndpointAwsService('polly'); + public static readonly PRICING_API = new InterfaceVpcEndpointAwsService('pricing.api'); public static readonly PRIVATE_5G = new InterfaceVpcEndpointAwsService('private-networks'); public static readonly PRIVATE_CERTIFICATE_AUTHORITY = new InterfaceVpcEndpointAwsService('acm-pca'); public static readonly PRIVATE_CERTIFICATE_AUTHORITY_CONNECTOR_AD = new InterfaceVpcEndpointAwsService('pca-connector-ad'); From e0885652ea0bf3128c105b04f859ebf08726e1b1 Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Fri, 25 Oct 2024 09:25:19 -0700 Subject: [PATCH 4/4] i dont know how that keeps getting there --- .../test/integ.identitypool.ts | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts index 6736f98b45e09..26466161d77b8 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts @@ -3,7 +3,6 @@ import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam'; import { App, SecretValue, Stack } from 'aws-cdk-lib'; import { IdentityPool, IdentityPoolProviderUrl } from '../lib/identitypool'; import { UserPoolAuthenticationProvider } from '../lib/identitypool-user-pool-authentication-provider'; -import { IdentityPoolRoleAttachment } from '../lib/identitypool-role-attachment'; const app = new App(); const stack = new Stack(app, 'integ-identitypool'); @@ -64,19 +63,6 @@ const idPool = new IdentityPool(stack, 'identitypool', { allowClassicFlow: true, identityPoolName: 'my-id-pool', }); -idPool.addRoleMappings( - { - mappingKey: 'myKey', - providerUrl: IdentityPoolProviderUrl.userPool(userPool, client), - rules: [ - { - claim: 'myClaim', - claimValue: 'myValue', - mappedRole: idPool.authenticatedRole, - }, - ], - } -); idPool.authenticatedRole.addToPrincipalPolicy(new PolicyStatement({ effect: Effect.ALLOW, actions: ['dynamodb:*'], @@ -88,7 +74,4 @@ idPool.unauthenticatedRole.addToPrincipalPolicy(new PolicyStatement({ resources: ['*'], })); idPool.addUserPoolAuthentication(new UserPoolAuthenticationProvider({ userPool: otherPool })); -new IdentityPoolRoleAttachment(stack, 'RoleAttachment', { - identityPool: idPool, -}); app.synth();