aws-cloudformation · ericzbeard · Oct 13, 2023 · Oct 12, 2023 · Oct 12, 2023 · Oct 13, 2023
diff --git a/.github/workflows/dependency.yml b/.github/workflows/dependency.yml
@@ -20,7 +20,7 @@ jobs:
     needs: req-files
     strategy:
       matrix:
-        python: [ 3.7, 3.8, 3.9, "3.10" ]
+        python: [ 3.8, 3.9, "3.10" ]
         os: [ubuntu-latest]
         files: ${{ fromJSON(needs.req-files.outputs.reqfiles) }} 
     runs-on: ${{ matrix.os }}

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -160,10 +160,10 @@ import ResourceModel` or they won't work when deployed.
 In order to run SAM to test your resource, you have to first run `cfn submit
 --dry-run` in order to create the `build/` folder that SAM relies on.
 
-Create a Python environment and use Python v3.7 for resource type and hook development.
+Create a Python environment and use Python v3.9 for resource type and hook development.
 
 ```sh
-python3.7 -m venv .env
+python3.9 -m venv .env
 source .env/bin/activate
 ```
 

diff --git a/README.md b/README.md
@@ -40,6 +40,7 @@ first be activated using the instructions
 |----|----|-------|-----------|
 |[AwsCommunity::Account::AlternateContact](./resources/Account_AlternateContact)|Resource|Prod|An alternate contact attached to an Amazon Web Services account|
 |[AwsCommunity::ApplicationAutoscaling::ScheduledAction](./resources/ApplicationAutoscaling_ScheduledAction)|Resource|Prod|Application Autoscaling Scheduled Action|
+|[AwsCommunity::AppSync::BreakingChangeDetection](./hooks/AppSync_BreakingChangeDetection)|Hook|Prod|Detect breaking changes to appsync schemas|
 |[AwsCommunity::CloudFront::LoggingEnabled](./hooks/CloudFront_LoggingEnabled)|Hook|Alpha|Validate that a CloudFront distribution has logging enabled|
 |[AwsCommunity::CloudFront::S3Website::MODULE](./modules/CloudFront_S3Website/)|Module|Prod|CloudFront backed by an S3 bucket with Route53 integration|
 |[AwsCommunity::DynamoDB::Item](./resources/DynamoDB_Item)|Resource|Prod|Manage the lifecycle of items in a DynamoDB table|

diff --git a/hooks/CloudFront_LoggingEnabled/.rpdk-config b/hooks/CloudFront_LoggingEnabled/.rpdk-config
@@ -1,8 +1,8 @@
 {
     "artifact_type": "HOOK",
     "typeName": "AwsCommunity::CloudFront::LoggingEnabled",
-    "language": "python38",
-    "runtime": "python3.8",
+    "language": "python39",
+    "runtime": "python3.9",
     "entrypoint": "awscommunity_cloudfront_loggingenabled.handlers.hook",
     "testEntrypoint": "awscommunity_cloudfront_loggingenabled.handlers.test_entrypoint",
     "settings": {

diff --git a/hooks/CloudFront_LoggingEnabled/template.yml b/hooks/CloudFront_LoggingEnabled/template.yml
@@ -12,13 +12,13 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       Handler: awscommunity_cloudfront_loggingenabled.handlers.hook
-      Runtime: python3.7
+      Runtime: python3.9
       CodeUri: build/
 
   TestEntrypoint:
     Type: AWS::Serverless::Function
     Properties:
       Handler: awscommunity_cloudfront_loggingenabled.handlers.test_entrypoint
-      Runtime: python3.7
+      Runtime: python3.9
       CodeUri: build/
 
diff --git a/hooks/CloudTrail_LogValidation/.rpdk-config b/hooks/CloudTrail_LogValidation/.rpdk-config
@@ -1,8 +1,8 @@
 {
     "artifact_type": "HOOK",
     "typeName": "AwsCommunity::CloudTrail::LogValidationEnabled",
-    "language": "python38",
-    "runtime": "python3.8",
+    "language": "python39",
+    "runtime": "python3.9",
     "entrypoint": "awscommunity_cloudtrail_logvalidationenabled.handlers.hook",
     "testEntrypoint": "awscommunity_cloudtrail_logvalidationenabled.handlers.test_entrypoint",
     "settings": {

diff --git a/hooks/CloudTrail_LogValidation/template.yml b/hooks/CloudTrail_LogValidation/template.yml
@@ -12,13 +12,13 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       Handler: awscommunity_cloudtrail_logvalidationenabled.handlers.hook
-      Runtime: python3.7
+      Runtime: python3.9
       CodeUri: build/
 
   TestEntrypoint:
     Type: AWS::Serverless::Function
     Properties:
       Handler: awscommunity_cloudtrail_logvalidationenabled.handlers.test_entrypoint
-      Runtime: python3.7
+      Runtime: python3.9
       CodeUri: build/
 
diff --git a/hooks/EC2_SecurityGroupRestrictedSSH/.rpdk-config b/hooks/EC2_SecurityGroupRestrictedSSH/.rpdk-config
@@ -1,8 +1,8 @@
 {
     "artifact_type": "HOOK",
     "typeName": "AwsCommunity::EC2::SecurityGroupRestrictedSSH",
-    "language": "python38",
-    "runtime": "python3.8",
+    "language": "python39",
+    "runtime": "python3.9",
     "entrypoint": "awscommunity_ec2_securitygrouprestrictedssh.handlers.hook",
     "testEntrypoint": "awscommunity_ec2_securitygrouprestrictedssh.handlers.test_entrypoint",
     "settings": {

diff --git a/hooks/EC2_SecurityGroupRestrictedSSH/template.yml b/hooks/EC2_SecurityGroupRestrictedSSH/template.yml
@@ -12,13 +12,13 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       Handler: awscommunity_ec2_securitygrouprestrictedssh.handlers.hook
-      Runtime: python3.7
+      Runtime: python3.9
       CodeUri: build/
 
   TestEntrypoint:
     Type: AWS::Serverless::Function
     Properties:
       Handler: awscommunity_ec2_securitygrouprestrictedssh.handlers.test_entrypoint
-      Runtime: python3.7
+      Runtime: python3.9
       CodeUri: build/
 
diff --git a/hooks/KMS_EncryptionSettings/.rpdk-config b/hooks/KMS_EncryptionSettings/.rpdk-config
@@ -2,7 +2,7 @@
     "artifact_type": "HOOK",
     "typeName": "AwsCommunity::KMS::EncryptionSettings",
     "language": "java",
-    "runtime": "java8",
+    "runtime": "java11",
     "entrypoint": "com.awscommunity.kms.encryptionsettings.HookHandlerWrapper::handleRequest",
     "testEntrypoint": "com.awscommunity.kms.encryptionsettings.HookHandlerWrapper::testEntrypoint",
     "settings": {

diff --git a/hooks/KMS_EncryptionSettings/template.yml b/hooks/KMS_EncryptionSettings/template.yml
@@ -12,12 +12,12 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       Handler: com.awscommunity.kms.encryptionsettings.HookHandlerWrapper::handleRequest
-      Runtime: java8
+      Runtime: java11
       CodeUri: ./target/awscommunity-kms-encryptionsettings-handler-1.0-SNAPSHOT.jar
 
   TestEntrypoint:
     Type: AWS::Serverless::Function
     Properties:
       Handler: com.awscommunity.kms.encryptionsettings.HookHandlerWrapper::testEntrypoint
-      Runtime: java8
+      Runtime: java11
       CodeUri: ./target/awscommunity-kms-encryptionsettings-handler-1.0-SNAPSHOT.jar
diff --git a/hooks/S3_AccessControl/.rpdk-config b/hooks/S3_AccessControl/.rpdk-config
@@ -2,7 +2,7 @@
     "artifact_type": "HOOK",
     "typeName": "AwsCommunity::S3::AccessControl",
     "language": "java",
-    "runtime": "java8",
+    "runtime": "java11",
     "entrypoint": "com.awscommunity.s3.accesscontrol.HookHandlerWrapper::handleRequest",
     "testEntrypoint": "com.awscommunity.s3.accesscontrol.HookHandlerWrapper::testEntrypoint",
     "settings": {

diff --git a/hooks/S3_AccessControl/template.yml b/hooks/S3_AccessControl/template.yml
@@ -12,12 +12,12 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       Handler: com.awscommunity.s3.accesscontrol.HookHandlerWrapper::handleRequest
-      Runtime: java8
+      Runtime: java11
       CodeUri: ./target/awscommunity-s3-accesscontrol-handler-1.0-SNAPSHOT.jar
 
   TestEntrypoint:
     Type: AWS::Serverless::Function
     Properties:
       Handler: com.awscommunity.s3.accesscontrol.HookHandlerWrapper::testEntrypoint
-      Runtime: java8
+      Runtime: java11
       CodeUri: ./target/awscommunity-s3-accesscontrol-handler-1.0-SNAPSHOT.jar
diff --git a/hooks/S3_BucketVersioningEnabled/.rpdk-config b/hooks/S3_BucketVersioningEnabled/.rpdk-config
@@ -1,8 +1,8 @@
 {
     "artifact_type": "HOOK",
     "typeName": "AwsCommunity::S3::BucketVersioningEnabled",
-    "language": "python38",
-    "runtime": "python3.8",
+    "language": "python39",
+    "runtime": "python3.9",
     "entrypoint": "awscommunity_s3_bucketversioningenabled.handlers.hook",
     "testEntrypoint": "awscommunity_s3_bucketversioningenabled.handlers.test_entrypoint",
     "settings": {

diff --git a/hooks/S3_BucketVersioningEnabled/template.yml b/hooks/S3_BucketVersioningEnabled/template.yml
@@ -12,13 +12,13 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       Handler: awscommunity_s3_bucketversioningenabled.handlers.hook
-      Runtime: python3.7
+      Runtime: python3.9
       CodeUri: build/
 
   TestEntrypoint:
     Type: AWS::Serverless::Function
     Properties:
       Handler: awscommunity_s3_bucketversioningenabled.handlers.test_entrypoint
-      Runtime: python3.7
+      Runtime: python3.9
       CodeUri: build/
 
diff --git a/hooks/S3_PublicAccessControlsRestricted/.rpdk-config b/hooks/S3_PublicAccessControlsRestricted/.rpdk-config
@@ -1,8 +1,8 @@
 {
     "artifact_type": "HOOK",
     "typeName": "AwsCommunity::S3::PublicAccessControlsRestricted",
-    "language": "python38",
-    "runtime": "python3.8",
+    "language": "python39",
+    "runtime": "python3.9",
     "entrypoint": "awscommunity_s3_publicaccesscontrolsrestricted.handlers.hook",
     "testEntrypoint": "awscommunity_s3_publicaccesscontrolsrestricted.handlers.test_entrypoint",
     "settings": {

diff --git a/hooks/S3_PublicAccessControlsRestricted/template.yml b/hooks/S3_PublicAccessControlsRestricted/template.yml
@@ -12,13 +12,13 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       Handler: awscommunity_s3_publicaccesscontrolsrestricted.handlers.hook
-      Runtime: python3.8
+      Runtime: python3.9
       CodeUri: build/
 
   TestEntrypoint:
     Type: AWS::Serverless::Function
     Properties:
       Handler: awscommunity_s3_publicaccesscontrolsrestricted.handlers.test_entrypoint
-      Runtime: python3.8
+      Runtime: python3.9
       CodeUri: build/
 
diff --git a/hooks/alpha-buildspec-java.yml b/hooks/alpha-buildspec-java.yml
@@ -3,8 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.8
-      java: corretto11
+      python: 3.9
     commands:
       - echo Entered the install phase...
       - echo About to build $HOOK_PATH

diff --git a/hooks/alpha-buildspec-python.yml b/hooks/alpha-buildspec-python.yml
@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.8
+      python: 3.9
     commands:
       - echo Entered the install phase...
       - echo About to build $HOOK_PATH

diff --git a/hooks/beta-buildspec-java-pre-update-only.yml b/hooks/beta-buildspec-java-pre-update-only.yml
@@ -3,8 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.8
-      java: corretto11
+      python: 3.9
     commands:
       - echo Entered the install phase...
       - echo About to build $HOOK_PATH

diff --git a/hooks/beta-buildspec-java.yml b/hooks/beta-buildspec-java.yml
@@ -3,8 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.8
-      java: corretto11
+      python: 3.9
     commands:
       - echo Entered the install phase...
       - echo About to build $HOOK_PATH

diff --git a/hooks/beta-buildspec-python.yml b/hooks/beta-buildspec-python.yml
@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.8
+      python: 3.9
     commands:
       - echo Entered the install phase...
       - echo About to build $HOOK_PATH

diff --git a/hooks/prod-buildspec-java.yml b/hooks/prod-buildspec-java.yml
@@ -3,8 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.8
-      java: corretto11
+      python: 3.9
     commands:
       - echo Entered the install phase...
       - echo About to build $HOOK_PATH

diff --git a/hooks/prod-buildspec-python.yml b/hooks/prod-buildspec-python.yml
@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.8
+      python: 3.9
     commands:
       - echo Entered the install phase...
       - echo About to build $HOOK_PATH

diff --git a/modules/alpha-buildspec.yml b/modules/alpha-buildspec.yml
@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.7
+      python: 3.9
     commands:
       - echo Entered the install phase...
       - echo About to build $MODULE_PATH

diff --git a/modules/beta-buildspec.yml b/modules/beta-buildspec.yml
@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.7
+      python: 3.9
     commands:
       - echo Entered the install phase...
       - echo About to build $MODULE_PATH

diff --git a/modules/prod-buildspec.yml b/modules/prod-buildspec.yml
@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.7
+      python: 3.9
     commands:
       - echo Entered the install phase...
       - echo About to build $MODULE_PATH

diff --git a/packages/cfn_guard_rs_hook/example/.rpdk-config b/packages/cfn_guard_rs_hook/example/.rpdk-config
@@ -1,8 +1,8 @@
 {
     "artifact_type": "HOOK",
     "typeName": "Sample::S3::DefaultLockEnabled",
-    "language": "python37",
-    "runtime": "python3.7",
+    "language": "python39",
+    "runtime": "python3.9",
     "entrypoint": "sample_s3_defaultlockenabled.handlers.hook",
     "testEntrypoint": "sample_s3_defaultlockenabled.handlers.test_entrypoint",
     "settings": {

diff --git a/packages/cfn_guard_rs_hook/example/template.yml b/packages/cfn_guard_rs_hook/example/template.yml
@@ -12,13 +12,13 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       Handler: sample_s3_defaultlockenabled.handlers.hook
-      Runtime: python3.7
+      Runtime: python3.9
       CodeUri: build/
 
   TestEntrypoint:
     Type: AWS::Serverless::Function
     Properties:
       Handler: sample_s3_defaultlockenabled.handlers.test_entrypoint
-      Runtime: python3.7
+      Runtime: python3.9
       CodeUri: build/