Merge branch 'main' into rds-replica-storage-fix

ROADMAP.md

@@ -28,31 +28,34 @@ Security and stability of the CDK is a top priority. If you think you’ve found
 | 🚀          | Released               |
 
 ## Themes
+Over the course of the last few years, the CDK team has spent time speaking with and learning from its community. We've gathered that there were certain features that were greatly valued from the CDK and other features which would be beneficial to be added to its experience. We appreciate everyone sharing this feedback and we plan on addressing it through the targeted themes and RFCs listed below. Please be aware that the team will periodically  work to add RFCs as we look to prioritize more work. 
+
+### L2 Abstractions
+It’s clear that constructs are imperative to the CDK experience. We repeatedly hear from CDK builders that the most important improvement that the CDK can make for its construct experience would be to provide greater service coverage. Because of this, the CDK team intends to direct much of its focus towards investigating how we can provide more comprehensive AWS service coverage in the next year. In the past, the CDK has relied on community and in-house authored constructs to address construct demand.  In the future, our goal is to bring CDK builders a complete and consistent construct model through largely autogenerated means. This model would provide builders with Day 1 support of AWS services--the moment services are launched--complete with the features that builders love in their L2s. We’ll be investigating this effort in the coming months, and it’s possible that there will be gradual rollouts for us to realize this goal.  If you have feedback on what is most important to you while you work with CDK constructs today, we would highly appreciate you sharing this within our [Complete Construct Model RFC](https://github.com/aws/aws-cdk-rfcs/issues/611). 
+
+The CDK team is committed to supporting our existing library of AWS L2 abstractions. We continue to solicit community feedback on where additional L2 coverage makes it simpler and more efficient to build with AWS. Current L2s that the team’s working on are listed below. Please be aware that this list will update throughout the year. If you have feedback on other L2s that should be prioritized by our team, feel free to submit a separate RFC.
+* 🚀 [Enabling IPv6 on Resources and VPCs](https://github.com/aws/aws-cdk/pull/28366)
+* 🔍 [CloudFront Origin Access Control L2](https://github.com/aws/aws-cdk-rfcs/issues/491)
+* 🔍 [Rewrite EKS L2](https://github.com/aws/aws-cdk-rfcs/issues/605) - drop the custom resource implementation in favor of the native L1.
 
-### User Experience 
-* 🚀 [App Staging Synthesizer for Resource Isolation](https://aws.amazon.com/blogs/devops/enhancing-resource-isolation-in-aws-cdk-with-the-app-staging-synthesizer/) - This feature enhances resource isolation and cleanup control by creating separate staging resources for each application
-* 👂🏽 [CDK Refactoring](https://github.com/aws/aws-cdk-rfcs/issues/162) - We’re looking into providing built-in support for builder refactoring work.
-* 🛠️ [Understand deployment progress within CloudFormation](https://github.com/aws/aws-cdk-rfcs/issues/586) - This will help builders understand what CloudFormation is doing as deployments are in progress.
-* 🔍 [Garbage Collection for Assets](https://github.com/aws/aws-cdk-rfcs/issues/64) - Assets which are uploaded to the CDK's S3 bucket and ECR repository are never deleted. 
 
 ### Speed up development and testing 
+We've also heard from many CDK builders that there's a desire to see more features which enable builders to iterate within their development loop faster. Over the next year, the team is also making it a goal to provide greater support for testing, debugging and deployment.  Apart from the tickets listed below, if you have feedback have related to this goal, please submit it via and RFC and we will work to prioritize it towards this goal.
 * 🚀 [Enable CloudFormation builders to migrate existing infrastructure to CDK](https://github.com/aws/aws-cdk/blob/6004a17c593728e36ad4f5c3dcdd578ff46fa9bb/packages/aws-cdk/README.md#cdk-migrate) - CloudFormation builders can now generate a CDK application using an existing CloudFormation template in JSON or YAML format using cdk migrate!
 * 🚀 [Policy Validation at Synth](https://docs.aws.amazon.com/cdk/v2/guide/policy-validation-synthesis.html) - Builders can now check their policies immediately after synthesis using CloudFormation Guard or OPA!
 * 👂🏽 [Adding more resource support to Hotswap](https://github.com/aws/aws-cdk/issues/25418) - Apart from Lambda, we are looking into expanding resource support for Hotswap. Please share your feedback in this linked ticket!
 * 🔍 [Local application testing](https://github.com/aws/aws-cdk-rfcs/issues/585) - We are investigating how to improve CDK testing on builders’ locals. We would love to hear everyone’s feedback here on what they would like to see as part of this experience.
 * 🔍 [Upgrade deployment debugging experience](https://github.com/aws/aws-cdk-rfcs/issues/583) - We also are looking into providing more debugging support at time of deployment.  Please drop a note in this tagged ticket if you have any opinions related to this experience!
-
-### CI/CD
 * 🚀 [Secure CDK Deployments with IAM Permission Boundaries](https://aws.amazon.com/blogs/devops/secure-cdk-deployments-with-iam-permission-boundaries/) - CDK builders can now enact IAM permission boundaries, which help to ensure that all actions are within the overlap of the users permissions and the boundary, and ensure that any IAM entities that are created also have the same boundary applied!
 * 👂🏽 [CDK CLI Upgrade](https://github.com/aws/aws-cdk-rfcs/issues/300) - We are looking into how to further improve the CLI experience. This includes allowing builders to automate necessary tasks and integrate the CDK into CI/CD pipelines if they desire to. Please share your feedback in this ticket if you have anything you would like noted!
 * 👂🏽 [CDK CLI Triggers](https://github.com/aws/aws-cdk-rfcs/issues/228) - CLI enhancements are also being considered for post command hooks. 
 
-### L2 Abstractions
-* 🚀 [Enabling IPv6 on Resources and VPCs](https://github.com/aws/aws-cdk/pull/28366)
-* 🔍 [CloudFront Origin Access Control L2](https://github.com/aws/aws-cdk-rfcs/issues/491)
-* 🔍 [Rewrite EKS L2](https://github.com/aws/aws-cdk-rfcs/issues/605) - drop the custom resource implementation in favor of the native L1.
-
-We are currently investigating other L2s to build out next. Feel free to create an RFC to request.
+### User Experience
+These are items that improve the user experience of the CDK. We strive to make the CDK as efficient and intuitive as possible. If you have other feedback around this area, please submit an RFC to detail your suggestion. 
+* 🚀 [App Staging Synthesizer for Resource Isolation](https://aws.amazon.com/blogs/devops/enhancing-resource-isolation-in-aws-cdk-with-the-app-staging-synthesizer/) - This feature enhances resource isolation and cleanup control by creating separate staging resources for each application
+* 👂🏽 [CDK Refactoring](https://github.com/aws/aws-cdk-rfcs/issues/162) - We’re looking into providing built-in support for builder refactoring work.
+* 🛠️ [Understand deployment progress within CloudFormation](https://github.com/aws/aws-cdk-rfcs/issues/586) - This will help builders understand what CloudFormation is doing as deployments are in progress.
+* 🔍 [Garbage Collection for Assets](https://github.com/aws/aws-cdk-rfcs/issues/64) - Assets which are uploaded to the CDK's S3 bucket and ECR repository are never deleted. 
 
 ## Community Engagement
 We would love to hear from you on how the CDK operates today and how it should grow in the future. To report a bug or create a small feature request, please [create an issue here](https://github.com/aws/aws-cdk/issues/new/choose). If you are seeking to request a change in strategic direction or make a CDK core framework change, please [create a Request for Comments (RFC) ticket here](https://github.com/aws/aws-cdk-rfcs/issues/new/choose). If you are ever unsure about where your feature request should live, it is best to follow the first link within the aws-cdk repo.

allowed-breaking-changes.txt

@@ -230,6 +230,9 @@ removed:aws-cdk-lib.aws_backup.BackupPlanRuleProps.schedule
 # This data identifer was added by mistake; it had never worked.
 removed:aws-cdk-lib.aws_logs.DataIdentifier.PHONENUMBER
 
+# This interface should not have been exported, it is not used in any public way.
+removed:aws-cdk-lib.aws_logs.DataProtectionPolicyConfig
+
 # These newly exported classes have been reverted and are no longer publicly consumeable
 removed:aws-cdk-lib.custom_resources.WaiterStateMachine
 removed:aws-cdk-lib.custom_resources.LogOptions

packages/@aws-cdk-testing/cli-integ/README.md

@@ -35,6 +35,17 @@ Each subdirectory contains one test **suite**, and in the development pipeline e
 
 Test suites are written as a collection of Jest tests, and they are run using Jest, using the code in the `lib/` directory as helpers.
 
+### Setup
+
+Building the @aws-cdk-testing package is not very different from building the rest of the CDK. However, If you are having issues with the tests, you can ensure your enviornment is built properly by following the steps below:
+
+```shell
+yarn install # Install dependencies
+npx lerna run build --scope=aws-cdk # Build the CDK cli
+yarn build # Build the @aws-cdk-testing/cli-integ package
+../../../scripts/align-version.sh # Align the versions of CDK packages
+```
+
 ### Running a test suite
 
 You run a suite using the `bin/run-suite` tool. You must select either a version of the CLI and framework which can be `npm install`ed, or point to the root of the source tree:

packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-logmetrics.js.snapshot/AppSyncLogMetrics.template.json

@@ -0,0 +1,235 @@
+{
+ "Resources": {
+  "ApiApiLogsRole90293F72": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "appsync.amazonaws.com"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Join": [
+       "",
+       [
+        "arn:",
+        {
+         "Ref": "AWS::Partition"
+        },
+        ":iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs"
+       ]
+      ]
+     }
+    ]
+   }
+  },
+  "ApiF70053CD": {
+   "Type": "AWS::AppSync::GraphQLApi",
+   "Properties": {
+    "AuthenticationType": "API_KEY",
+    "LogConfig": {
+     "CloudWatchLogsRoleArn": {
+      "Fn::GetAtt": [
+       "ApiApiLogsRole90293F72",
+       "Arn"
+      ]
+     },
+     "FieldLogLevel": "NONE"
+    },
+    "Name": "IntegLogRetention"
+   }
+  },
+  "ApiSchema510EECD7": {
+   "Type": "AWS::AppSync::GraphQLSchema",
+   "Properties": {
+    "ApiId": {
+     "Fn::GetAtt": [
+      "ApiF70053CD",
+      "ApiId"
+     ]
+    },
+    "Definition": "type test {\n  version: String!\n}\ntype Query {\n  getTests: [test]!\n}\ntype Mutation {\n  addTest(version: String!): test\n}\n"
+   }
+  },
+  "ApiDefaultApiKeyF991C37B": {
+   "Type": "AWS::AppSync::ApiKey",
+   "Properties": {
+    "ApiId": {
+     "Fn::GetAtt": [
+      "ApiF70053CD",
+      "ApiId"
+     ]
+    }
+   },
+   "DependsOn": [
+    "ApiSchema510EECD7"
+   ]
+  },
+  "ApiLogRetention94272E33": {
+   "Type": "Custom::LogRetention",
+   "Properties": {
+    "ServiceToken": {
+     "Fn::GetAtt": [
+      "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A",
+      "Arn"
+     ]
+    },
+    "LogGroupName": {
+     "Fn::Join": [
+      "",
+      [
+       "/aws/appsync/apis/",
+       {
+        "Fn::GetAtt": [
+         "ApiF70053CD",
+         "ApiId"
+        ]
+       }
+      ]
+     ]
+    },
+    "RetentionInDays": 7
+   }
+  },
+  "ApiLogGroupMetricFilter996FD830": {
+   "Type": "AWS::Logs::MetricFilter",
+   "Properties": {
+    "FilterPattern": "{ $.fieldName = \"myQuery\" && $.fieldInError IS TRUE }",
+    "LogGroupName": {
+     "Fn::GetAtt": [
+      "ApiLogRetention94272E33",
+      "LogGroupName"
+     ]
+    },
+    "MetricTransformations": [
+     {
+      "MetricName": "ErrorCount",
+      "MetricNamespace": "MyNamespace",
+      "MetricValue": "1"
+     }
+    ]
+   }
+  },
+  "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "lambda.amazonaws.com"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Join": [
+       "",
+       [
+        "arn:",
+        {
+         "Ref": "AWS::Partition"
+        },
+        ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+       ]
+      ]
+     }
+    ]
+   }
+  },
+  "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": {
+   "Type": "AWS::IAM::Policy",
+   "Properties": {
+    "PolicyDocument": {
+     "Statement": [
+      {
+       "Action": [
+        "logs:DeleteRetentionPolicy",
+        "logs:PutRetentionPolicy"
+       ],
+       "Effect": "Allow",
+       "Resource": "*"
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB",
+    "Roles": [
+     {
+      "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB"
+     }
+    ]
+   }
+  },
+  "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": {
+   "Type": "AWS::Lambda::Function",
+   "Properties": {
+    "Handler": "index.handler",
+    "Runtime": "nodejs18.x",
+    "Timeout": 900,
+    "Code": {
+     "S3Bucket": {
+      "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+     },
+     "S3Key": "e4afb15788ec44ed9ff3377e1d131ba2768d7b2e2931bc000d1f2005879b3035.zip"
+    },
+    "Role": {
+     "Fn::GetAtt": [
+      "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB",
+      "Arn"
+     ]
+    }
+   },
+   "DependsOn": [
+    "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB",
+    "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB"
+   ]
+  }
+ },
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}