From fb681df2a640ec773d83dcf099f7e492e6249ba1 Mon Sep 17 00:00:00 2001 From: Paul Sun Date: Tue, 22 Oct 2024 16:55:09 -0700 Subject: [PATCH] feat(kinesisfirehose-alpha): enable server-side encryption for delivery stream by default --- .../aws-kinesisfirehose-alpha/README.md | 20 +- .../lib/delivery-stream.ts | 20 +- .../test/delivery-stream.test.ts | 28 +- ...efaultTestDeployAssert8B5B0167.assets.json | 19 ++ ...aultTestDeployAssert8B5B0167.template.json | 36 +++ ...s-cdk-firehose-delivery-stream.assets.json | 19 ++ ...cdk-firehose-delivery-stream.template.json | 242 +++++++++++++++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 139 +++++++++ .../tree.json | 286 ++++++++++++++++++ .../integ.delivery-stream-aws-owned-key.ts | 41 +++ ...efaultTestDeployAssert32278252.assets.json | 19 ++ ...aultTestDeployAssert32278252.template.json | 36 +++ ...s-cdk-firehose-delivery-stream.assets.json | 6 +- ...cdk-firehose-delivery-stream.template.json | 23 -- .../integ.delivery-stream.js.snapshot/cdk.out | 2 +- .../integ.json | 12 +- .../manifest.json | 67 +++- .../tree.json | 92 +++--- ...-delivery-stream-source-stream.assets.json | 6 +- ...elivery-stream-source-stream.template.json | 3 + .../cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 5 +- .../tree.json | 3 + .../integ.delivery-stream.source-stream.ts | 6 +- .../test/integ.delivery-stream.ts | 7 +- ...s-cdk-firehose-delivery-stream.assets.json | 6 +- ...cdk-firehose-delivery-stream.template.json | 3 + .../cdk.out | 2 +- .../integ.json | 2 +- ...efaultTestDeployAssert44C8D370.assets.json | 2 +- .../manifest.json | 6 +- .../tree.json | 3 + .../integ.kinesis-stream-events-target.ts | 4 +- 36 files changed, 1071 insertions(+), 111 deletions(-) create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.assets.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.template.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/aws-cdk-firehose-delivery-stream.template.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.ts create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.assets.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.template.json diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md index 279b43b2cb7cc..d361c1b7dbc14 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/README.md @@ -135,7 +135,7 @@ before being written to the service's internal storage layer and decrypted after received from the internal storage layer. The service manages keys and cryptographic operations so that sources and destinations do not need to, as the data is encrypted and decrypted at the boundaries of the service (i.e., before the data is delivered to a -destination). By default, delivery streams do not have SSE enabled. +destination). By default, delivery streams have SSE enabled with an AWS-owned key. The Key Management Service keys (KMS keys) used for SSE can either be AWS-owned or customer-managed. AWS-owned KMS keys are created, owned and managed by AWS for use in @@ -172,6 +172,24 @@ new firehose.DeliveryStream(this, 'Delivery Stream Explicit Customer Managed', { See: [Data Protection](https://docs.aws.amazon.com/firehose/latest/dev/encryption.html) in the *Kinesis Data Firehose Developer Guide*. +### Restriction for Kinesis Data Stream as Source + +When using a Kinesis Data Stream as the source for a Delivery Stream, server-side encryption (SSE) must be explicitly disabled on the Delivery Stream. This is because the encryption should be specified on the source Kinesis Data Stream instead. + +```ts +declare const kinesisStream: kinesis.Stream; +declare const destination: firehose.IDestination; + +// SSE must be explicitly disabled when using a Kinesis Data Stream as source +new firehose.DeliveryStream(this, 'Delivery Stream with Kinesis Source', { + source: new firehose.KinesisStreamSource(kinesisStream), + encryption: firehose.StreamEncryption.unencrypted(), + destination: destination, +}); +``` + +It's recommended to specify SSE on the source Kinesis Data Stream if encryption is required. + ## Monitoring Kinesis Data Firehose is integrated with CloudWatch, so you can monitor the performance of diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts index e00fd1f25b72f..f551af2641904 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/delivery-stream.ts @@ -215,7 +215,10 @@ export interface DeliveryStreamProps { /** * Indicates the type of customer master key (CMK) to use for server-side encryption, if any. * - * @default StreamEncryption.unencrypted() + * If the source is a Kinesis Data Stream, encryption must be set to `StreamEncryption.unencrypted()`. + * To enable server-side encryption when using a Kinesis Data Stream as the source, apply the encryption settings directly on the data stream itself. + * + * @default StreamEncryption.awsOwnedKey() */ readonly encryption?: StreamEncryption; } @@ -328,17 +331,20 @@ export class DeliveryStream extends DeliveryStreamBase { }); } + const encryption = props.encryption ?? StreamEncryption.awsOwnedKey(); + const encryptionKey = encryption.encryptionKey ?? (encryption.type === StreamEncryptionType.CUSTOMER_MANAGED ? new kms.Key(this, 'Key') : undefined); + const encryptionConfig = (encryptionKey || (encryption?.type === StreamEncryptionType.AWS_OWNED)) ? { + keyArn: encryptionKey?.keyArn, + keyType: encryptionKey ? 'CUSTOMER_MANAGED_CMK' : 'AWS_OWNED_CMK', + } : undefined; + if ( props.source && - (props.encryption?.type === StreamEncryptionType.AWS_OWNED || props.encryption?.type === StreamEncryptionType.CUSTOMER_MANAGED) + (encryption.type === StreamEncryptionType.AWS_OWNED || encryption.type === StreamEncryptionType.CUSTOMER_MANAGED) ) { throw new Error('Requested server-side encryption but delivery stream source is a Kinesis data stream. Specify server-side encryption on the data stream instead.'); } - const encryptionKey = props.encryption?.encryptionKey ?? (props.encryption?.type === StreamEncryptionType.CUSTOMER_MANAGED ? new kms.Key(this, 'Key') : undefined); - const encryptionConfig = (encryptionKey || (props.encryption?.type === StreamEncryptionType.AWS_OWNED)) ? { - keyArn: encryptionKey?.keyArn, - keyType: encryptionKey ? 'CUSTOMER_MANAGED_CMK' : 'AWS_OWNED_CMK', - } : undefined; + /* * In order for the service role to have access to the encryption key before the delivery stream is created, the * CfnDeliveryStream below should have a dependency on the grant returned by the function call below: diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts index 8a253966b3158..5c6c942186a32 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts @@ -51,7 +51,10 @@ describe('delivery stream', () => { }); Template.fromStack(stack).hasResourceProperties('AWS::KinesisFirehose::DeliveryStream', { - DeliveryStreamEncryptionConfigurationInput: Match.absent(), + DeliveryStreamEncryptionConfigurationInput: { + KeyARN: Match.absent(), + KeyType: 'AWS_OWNED_CMK', + }, DeliveryStreamName: Match.absent(), DeliveryStreamType: 'DirectPut', KinesisStreamSourceConfiguration: Match.absent(), @@ -135,6 +138,7 @@ describe('delivery stream', () => { new firehose.DeliveryStream(stack, 'Delivery Stream', { destination: mockS3Destination, + encryption: StreamEncryption.unencrypted(), source: new source.KinesisStreamSource(sourceStream), }); @@ -182,6 +186,7 @@ describe('delivery stream', () => { new firehose.DeliveryStream(stack, 'Delivery Stream', { destination: mockS3Destination, source: new source.KinesisStreamSource(sourceStream), + encryption: StreamEncryption.unencrypted(), role: deliveryStreamRole, }); @@ -298,6 +303,23 @@ describe('delivery stream', () => { }); }); + test('not setting encryption defaults to AWS-owned key and does not create key and creates configuration', () => { + new firehose.DeliveryStream(stack, 'Delivery Stream', { + destination: mockS3Destination, + role: deliveryStreamRole, + }); + + Template.fromStack(stack).resourceCountIs('AWS::KMS::Key', 0); + Template.fromStack(stack).resourceCountIs('AWS::IAM::Policy', 0); + Template.fromStack(stack).hasResourceProperties('AWS::KinesisFirehose::DeliveryStream', { + DeliveryStreamType: 'DirectPut', + DeliveryStreamEncryptionConfigurationInput: { + KeyARN: Match.absent(), + KeyType: 'AWS_OWNED_CMK', + }, + }); + }); + test('requesting no encryption creates no configuration', () => { new firehose.DeliveryStream(stack, 'Delivery Stream', { destination: mockS3Destination, @@ -331,6 +353,10 @@ describe('delivery stream', () => { encryption: StreamEncryption.customerManagedKey(new kms.Key(stack, 'Key')), source: new source.KinesisStreamSource(sourceStream), })).toThrowError('Requested server-side encryption but delivery stream source is a Kinesis data stream. Specify server-side encryption on the data stream instead.'); + expect(() => new firehose.DeliveryStream(stack, 'Delivery Stream 4', { + destination: mockS3Destination, + source: new source.KinesisStreamSource(sourceStream), + })).toThrowError('Requested server-side encryption but delivery stream source is a Kinesis data stream. Specify server-side encryption on the data stream instead.'); }); test('grant provides access to stream', () => { diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.assets.json new file mode 100644 index 0000000000000..5fb4972cece6d --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json new file mode 100644 index 0000000000000..39414fc63ff4a --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "c9b1aa8eb3006deac2b4c9a37930ff988ce11eb811c4f37196f30f680dd0b085": { + "source": { + "path": "aws-cdk-firehose-delivery-stream.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "c9b1aa8eb3006deac2b4c9a37930ff988ce11eb811c4f37196f30f680dd0b085.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/aws-cdk-firehose-delivery-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/aws-cdk-firehose-delivery-stream.template.json new file mode 100644 index 0000000000000..ecd162a3b0372 --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/aws-cdk-firehose-delivery-stream.template.json @@ -0,0 +1,242 @@ +{ + "Resources": { + "Bucket83908E77": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "Role1ABCC5F0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "firehose.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "RoleDefaultPolicy5FFB7DAB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "RoleDefaultPolicy5FFB7DAB", + "Roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + }, + "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82": { + "Type": "AWS::KinesisFirehose::DeliveryStream", + "Properties": { + "DeliveryStreamEncryptionConfigurationInput": { + "KeyType": "AWS_OWNED_CMK" + }, + "DeliveryStreamType": "DirectPut", + "ExtendedS3DestinationConfiguration": { + "BucketARN": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "RoleARN": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + }, + "DependsOn": [ + "RoleDefaultPolicy5FFB7DAB" + ] + } + }, + "Mappings": { + "awscdkawskinesisfirehoseCidrBlocks": { + "af-south-1": { + "FirehoseCidrBlock": "13.244.121.224/27" + }, + "ap-east-1": { + "FirehoseCidrBlock": "18.162.221.32/27" + }, + "ap-northeast-1": { + "FirehoseCidrBlock": "13.113.196.224/27" + }, + "ap-northeast-2": { + "FirehoseCidrBlock": "13.209.1.64/27" + }, + "ap-northeast-3": { + "FirehoseCidrBlock": "13.208.177.192/27" + }, + "ap-south-1": { + "FirehoseCidrBlock": "13.232.67.32/27" + }, + "ap-south-2": { + "FirehoseCidrBlock": "18.60.192.128/27" + }, + "ap-southeast-1": { + "FirehoseCidrBlock": "13.228.64.192/27" + }, + "ap-southeast-2": { + "FirehoseCidrBlock": "13.210.67.224/27" + }, + "ap-southeast-3": { + "FirehoseCidrBlock": "108.136.221.64/27" + }, + "ap-southeast-4": { + "FirehoseCidrBlock": "16.50.161.128/27" + }, + "ca-central-1": { + "FirehoseCidrBlock": "35.183.92.128/27" + }, + "ca-west-1": { + "FirehoseCidrBlock": "40.176.98.192/27" + }, + "cn-north-1": { + "FirehoseCidrBlock": "52.81.151.32/27" + }, + "cn-northwest-1": { + "FirehoseCidrBlock": "161.189.23.64/27" + }, + "eu-central-1": { + "FirehoseCidrBlock": "35.158.127.160/27" + }, + "eu-central-2": { + "FirehoseCidrBlock": "16.62.183.32/27" + }, + "eu-north-1": { + "FirehoseCidrBlock": "13.53.63.224/27" + }, + "eu-south-1": { + "FirehoseCidrBlock": "15.161.135.128/27" + }, + "eu-south-2": { + "FirehoseCidrBlock": "18.100.71.96/27" + }, + "eu-west-1": { + "FirehoseCidrBlock": "52.19.239.192/27" + }, + "eu-west-2": { + "FirehoseCidrBlock": "18.130.1.96/27" + }, + "eu-west-3": { + "FirehoseCidrBlock": "35.180.1.96/27" + }, + "il-central-1": { + "FirehoseCidrBlock": "51.16.102.0/27" + }, + "me-central-1": { + "FirehoseCidrBlock": "3.28.159.32/27" + }, + "me-south-1": { + "FirehoseCidrBlock": "15.185.91.0/27" + }, + "sa-east-1": { + "FirehoseCidrBlock": "18.228.1.128/27" + }, + "us-east-1": { + "FirehoseCidrBlock": "52.70.63.192/27" + }, + "us-east-2": { + "FirehoseCidrBlock": "13.58.135.96/27" + }, + "us-gov-east-1": { + "FirehoseCidrBlock": "18.253.138.96/27" + }, + "us-gov-west-1": { + "FirehoseCidrBlock": "52.61.204.160/27" + }, + "us-west-1": { + "FirehoseCidrBlock": "13.57.135.192/27" + }, + "us-west-2": { + "FirehoseCidrBlock": "52.89.255.224/27" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/cdk.out b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c6e612584e352 --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/integ.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/integ.json new file mode 100644 index 0000000000000..0bc3d0b6f440a --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "38.0.1", + "testCases": { + "DeliveryStreamWithDefaultEncryption/DefaultTest": { + "stacks": [ + "aws-cdk-firehose-delivery-stream" + ], + "assertionStack": "DeliveryStreamWithDefaultEncryption/DefaultTest/DeployAssert", + "assertionStackName": "DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/manifest.json new file mode 100644 index 0000000000000..c83e6f96f433a --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/manifest.json @@ -0,0 +1,139 @@ +{ + "version": "38.0.1", + "artifacts": { + "aws-cdk-firehose-delivery-stream.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-firehose-delivery-stream.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-firehose-delivery-stream": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-firehose-delivery-stream.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c9b1aa8eb3006deac2b4c9a37930ff988ce11eb811c4f37196f30f680dd0b085.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-firehose-delivery-stream.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-firehose-delivery-stream.assets" + ], + "metadata": { + "/aws-cdk-firehose-delivery-stream/Bucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Bucket83908E77" + } + ], + "/aws-cdk-firehose-delivery-stream/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Role1ABCC5F0" + } + ], + "/aws-cdk-firehose-delivery-stream/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RoleDefaultPolicy5FFB7DAB" + } + ], + "/aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82" + } + ], + "/aws-cdk-firehose-delivery-stream/@aws-cdk--aws-kinesisfirehose.CidrBlocks": [ + { + "type": "aws:cdk:logicalId", + "data": "awscdkawskinesisfirehoseCidrBlocks" + } + ], + "/aws-cdk-firehose-delivery-stream/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-firehose-delivery-stream/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-firehose-delivery-stream" + }, + "DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "DeliveryStreamWithDefaultEncryptionDefaultTestDeployAssert8B5B0167.assets" + ], + "metadata": { + "/DeliveryStreamWithDefaultEncryption/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/DeliveryStreamWithDefaultEncryption/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "DeliveryStreamWithDefaultEncryption/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/tree.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/tree.json new file mode 100644 index 0000000000000..9d88068e7e7a5 --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.js.snapshot/tree.json @@ -0,0 +1,286 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-firehose-delivery-stream": { + "id": "aws-cdk-firehose-delivery-stream", + "path": "aws-cdk-firehose-delivery-stream", + "children": { + "Bucket": { + "id": "Bucket", + "path": "aws-cdk-firehose-delivery-stream/Bucket", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/Bucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-cdk-firehose-delivery-stream/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-cdk-firehose-delivery-stream/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "firehose.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-firehose-delivery-stream/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "RoleDefaultPolicy5FFB7DAB", + "roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Delivery Stream No Source Or Encryption Key": { + "id": "Delivery Stream No Source Or Encryption Key", + "path": "aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisFirehose::DeliveryStream", + "aws:cdk:cloudformation:props": { + "deliveryStreamEncryptionConfigurationInput": { + "keyType": "AWS_OWNED_CMK" + }, + "deliveryStreamType": "DirectPut", + "extendedS3DestinationConfiguration": { + "bucketArn": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-kinesisfirehose-alpha.DeliveryStream", + "version": "0.0.0" + } + }, + "@aws-cdk--aws-kinesisfirehose.CidrBlocks": { + "id": "@aws-cdk--aws-kinesisfirehose.CidrBlocks", + "path": "aws-cdk-firehose-delivery-stream/@aws-cdk--aws-kinesisfirehose.CidrBlocks", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnMapping", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-firehose-delivery-stream/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-firehose-delivery-stream/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "DeliveryStreamWithDefaultEncryption": { + "id": "DeliveryStreamWithDefaultEncryption", + "path": "DeliveryStreamWithDefaultEncryption", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "DeliveryStreamWithDefaultEncryption/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "DeliveryStreamWithDefaultEncryption/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "DeliveryStreamWithDefaultEncryption/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "DeliveryStreamWithDefaultEncryption/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "DeliveryStreamWithDefaultEncryption/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.ts new file mode 100644 index 0000000000000..09c0fb9a0872b --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream-aws-owned-key.ts @@ -0,0 +1,41 @@ +#!/usr/bin/env node +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as cdk from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as constructs from 'constructs'; +import * as firehose from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-firehose-delivery-stream'); + +const bucket = new s3.Bucket(stack, 'Bucket', { + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +const role = new iam.Role(stack, 'Role', { + assumedBy: new iam.ServicePrincipal('firehose.amazonaws.com'), +}); + +const mockS3Destination: firehose.IDestination = { + bind(_scope: constructs.Construct, _options: firehose.DestinationBindOptions): firehose.DestinationConfig { + const bucketGrant = bucket.grantReadWrite(role); + return { + extendedS3DestinationConfiguration: { + bucketArn: bucket.bucketArn, + roleArn: role.roleArn, + }, + dependables: [bucketGrant], + }; + }, +}; + +new firehose.DeliveryStream(stack, 'Delivery Stream No Source Or Encryption Key', { + destination: mockS3Destination, +}); + +new integ.IntegTest(app, 'DeliveryStreamWithDefaultEncryption', { + testCases: [stack], +}); + diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.assets.json new file mode 100644 index 0000000000000..632e5943a27fa --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json index 67b5d04b59e1e..8c4a5eec78542 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "83678c48c2f99ce2d9c500abb384ceccdafe33a57acdec025491de0b6686802f": { + "9723351cbc204f46c6baefba8fbe818d26f34052c747f1169b7b2034192ff5af": { "source": { "path": "aws-cdk-firehose-delivery-stream.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "83678c48c2f99ce2d9c500abb384ceccdafe33a57acdec025491de0b6686802f.json", + "objectKey": "9723351cbc204f46c6baefba8fbe818d26f34052c747f1169b7b2034192ff5af.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json index e09a917941c00..8a2a538624cba 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json @@ -189,29 +189,6 @@ "DependsOn": [ "RoleDefaultPolicy5FFB7DAB" ] - }, - "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82": { - "Type": "AWS::KinesisFirehose::DeliveryStream", - "Properties": { - "DeliveryStreamType": "DirectPut", - "ExtendedS3DestinationConfiguration": { - "BucketARN": { - "Fn::GetAtt": [ - "Bucket83908E77", - "Arn" - ] - }, - "RoleARN": { - "Fn::GetAtt": [ - "Role1ABCC5F0", - "Arn" - ] - } - } - }, - "DependsOn": [ - "RoleDefaultPolicy5FFB7DAB" - ] } }, "Mappings": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/cdk.out b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/cdk.out index bd5311dc372de..c6e612584e352 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.5"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/integ.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/integ.json index f485efceb47af..fc8f4202c9a4d 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/integ.json @@ -1,14 +1,12 @@ { - "version": "36.0.5", + "version": "38.0.1", "testCases": { - "integ.delivery-stream": { + "DeliveryStreamWithCustomerManagedKey/DefaultTest": { "stacks": [ "aws-cdk-firehose-delivery-stream" ], - "diffAssets": false, - "stackUpdateWorkflow": true + "assertionStack": "DeliveryStreamWithCustomerManagedKey/DefaultTest/DeployAssert", + "assertionStackName": "DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252" } - }, - "synthContext": {}, - "enableLookups": false + } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json index 0dca65f3c2e6f..0a4334caf81da 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "artifacts": { "aws-cdk-firehose-delivery-stream.assets": { "type": "cdk:asset-manifest", @@ -16,9 +16,10 @@ "templateFile": "aws-cdk-firehose-delivery-stream.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/83678c48c2f99ce2d9c500abb384ceccdafe33a57acdec025491de0b6686802f.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9723351cbc204f46c6baefba8fbe818d26f34052c747f1169b7b2034192ff5af.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -82,26 +83,78 @@ "data": "awscdkawskinesisfirehoseCidrBlocks" } ], - "/aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key/Resource": [ + "/aws-cdk-firehose-delivery-stream/BootstrapVersion": [ { "type": "aws:cdk:logicalId", - "data": "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82" + "data": "BootstrapVersion" } ], - "/aws-cdk-firehose-delivery-stream/BootstrapVersion": [ + "/aws-cdk-firehose-delivery-stream/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ], + "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82": [ + { + "type": "aws:cdk:logicalId", + "data": "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ] + }, + "displayName": "aws-cdk-firehose-delivery-stream" + }, + "DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "DeliveryStreamWithCustomerManagedKeyDefaultTestDeployAssert32278252.assets" + ], + "metadata": { + "/DeliveryStreamWithCustomerManagedKey/DefaultTest/DeployAssert/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/aws-cdk-firehose-delivery-stream/CheckBootstrapVersion": [ + "/DeliveryStreamWithCustomerManagedKey/DefaultTest/DeployAssert/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "aws-cdk-firehose-delivery-stream" + "displayName": "DeliveryStreamWithCustomerManagedKey/DefaultTest/DeployAssert" }, "Tree": { "type": "cdk:tree", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/tree.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/tree.json index 66cbdc11a7ab0..3a9b6895489df 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/tree.json @@ -342,44 +342,6 @@ "version": "0.0.0" } }, - "Delivery Stream No Source Or Encryption Key": { - "id": "Delivery Stream No Source Or Encryption Key", - "path": "aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KinesisFirehose::DeliveryStream", - "aws:cdk:cloudformation:props": { - "deliveryStreamType": "DirectPut", - "extendedS3DestinationConfiguration": { - "bucketArn": { - "Fn::GetAtt": [ - "Bucket83908E77", - "Arn" - ] - }, - "roleArn": { - "Fn::GetAtt": [ - "Role1ABCC5F0", - "Arn" - ] - } - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-kinesisfirehose-alpha.DeliveryStream", - "version": "0.0.0" - } - }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-firehose-delivery-stream/BootstrapVersion", @@ -402,6 +364,60 @@ "version": "0.0.0" } }, + "DeliveryStreamWithCustomerManagedKey": { + "id": "DeliveryStreamWithCustomerManagedKey", + "path": "DeliveryStreamWithCustomerManagedKey", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "DeliveryStreamWithCustomerManagedKey/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "DeliveryStreamWithCustomerManagedKey/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "DeliveryStreamWithCustomerManagedKey/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "DeliveryStreamWithCustomerManagedKey/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "DeliveryStreamWithCustomerManagedKey/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, "Tree": { "id": "Tree", "path": "Tree", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json index 05e3ec88f99aa..52220c77c8477 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "473d2000a650a5070954fafbd3cf99c95d9ef4d382f6337af9b5d9539b454541": { + "4ac04de17dbdc9c65b7ff6b15f2c6b97155b75d6760cf67a60ebe2ca203ac01d": { "source": { "path": "aws-cdk-firehose-delivery-stream-source-stream.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "473d2000a650a5070954fafbd3cf99c95d9ef4d382f6337af9b5d9539b454541.json", + "objectKey": "4ac04de17dbdc9c65b7ff6b15f2c6b97155b75d6760cf67a60ebe2ca203ac01d.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json index 0262efbfaa595..5a5c65a9aaff1 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json @@ -189,6 +189,9 @@ "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82": { "Type": "AWS::KinesisFirehose::DeliveryStream", "Properties": { + "DeliveryStreamEncryptionConfigurationInput": { + "KeyType": "AWS_OWNED_CMK" + }, "DeliveryStreamType": "DirectPut", "ExtendedS3DestinationConfiguration": { "BucketARN": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/cdk.out b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/cdk.out index bd5311dc372de..c6e612584e352 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.5"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/integ.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/integ.json index d471dc4bfd0bb..f6d7e14c69ae3 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "testCases": { "integ.delivery-stream.source-stream": { "stacks": [ diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json index 501d2fccb2578..c0e4becc6319e 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "artifacts": { "aws-cdk-firehose-delivery-stream-source-stream.assets": { "type": "cdk:asset-manifest", @@ -16,9 +16,10 @@ "templateFile": "aws-cdk-firehose-delivery-stream-source-stream.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/473d2000a650a5070954fafbd3cf99c95d9ef4d382f6337af9b5d9539b454541.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/4ac04de17dbdc9c65b7ff6b15f2c6b97155b75d6760cf67a60ebe2ca203ac01d.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/tree.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/tree.json index e0a9008d39838..3024a07d4daf5 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/tree.json @@ -355,6 +355,9 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::KinesisFirehose::DeliveryStream", "aws:cdk:cloudformation:props": { + "deliveryStreamEncryptionConfigurationInput": { + "keyType": "AWS_OWNED_CMK" + }, "deliveryStreamType": "DirectPut", "extendedS3DestinationConfiguration": { "bucketArn": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts index 3d2441f2f018a..f153e5232447d 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.ts @@ -3,6 +3,7 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import * as kinesis from 'aws-cdk-lib/aws-kinesis'; import * as s3 from 'aws-cdk-lib/aws-s3'; import * as cdk from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; import * as constructs from 'constructs'; import * as firehose from '../lib'; import * as source from '../lib/source'; @@ -37,10 +38,13 @@ const sourceStream = new kinesis.Stream(stack, 'Source Stream'); new firehose.DeliveryStream(stack, 'Delivery Stream', { destination: mockS3Destination, source: new source.KinesisStreamSource(sourceStream), + encryption: firehose.StreamEncryption.unencrypted(), }); new firehose.DeliveryStream(stack, 'Delivery Stream No Source Or Encryption Key', { destination: mockS3Destination, }); -app.synth(); +new integ.IntegTest(app, 'DeliveryStreamWithSourceStream', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.ts index 633e1fc0b5b2d..a89e7fecf4275 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.ts @@ -3,6 +3,7 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import * as kms from 'aws-cdk-lib/aws-kms'; import * as s3 from 'aws-cdk-lib/aws-s3'; import * as cdk from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; import * as constructs from 'constructs'; import * as firehose from '../lib'; @@ -40,8 +41,6 @@ new firehose.DeliveryStream(stack, 'Delivery Stream', { encryption: firehose.StreamEncryption.customerManagedKey(key), }); -new firehose.DeliveryStream(stack, 'Delivery Stream No Source Or Encryption Key', { - destination: mockS3Destination, +new integ.IntegTest(app, 'DeliveryStreamWithCustomerManagedKey', { + testCases: [stack], }); - -app.synth(); diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json index 21c9fac7d17ad..758d38bfe43f1 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { - "92a76855bf6f2c207818069336988447e3fc865c24cb1a2dc92393c5ee52fd1b": { + "fd1471487c46b309f73bad46b43d8085d6fdc89fff0ee13bfdd162f6366e2818": { "source": { "path": "aws-cdk-firehose-delivery-stream.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "92a76855bf6f2c207818069336988447e3fc865c24cb1a2dc92393c5ee52fd1b.json", + "objectKey": "fd1471487c46b309f73bad46b43d8085d6fdc89fff0ee13bfdd162f6366e2818.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.template.json index 710315f533314..4b3a5639993a5 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.template.json @@ -78,6 +78,9 @@ "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82": { "Type": "AWS::KinesisFirehose::DeliveryStream", "Properties": { + "DeliveryStreamEncryptionConfigurationInput": { + "KeyType": "AWS_OWNED_CMK" + }, "DeliveryStreamType": "DirectPut", "ExtendedS3DestinationConfiguration": { "BucketARN": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/cdk.out b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/cdk.out index bd5311dc372de..c6e612584e352 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.5"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integ.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integ.json index af4e4d4e1309c..03ca4b7b638a5 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "testCases": { "integ-tests/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json index f61c48bf00c39..4ec216781e5f5 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/manifest.json index 6269e41e83fde..0314af94e12a2 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.5", + "version": "38.0.1", "artifacts": { "aws-cdk-firehose-delivery-stream.assets": { "type": "cdk:asset-manifest", @@ -16,9 +16,10 @@ "templateFile": "aws-cdk-firehose-delivery-stream.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/92a76855bf6f2c207818069336988447e3fc865c24cb1a2dc92393c5ee52fd1b.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/fd1471487c46b309f73bad46b43d8085d6fdc89fff0ee13bfdd162f6366e2818.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -112,6 +113,7 @@ "templateFile": "integtestsDefaultTestDeployAssert44C8D370.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/tree.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/tree.json index 575c5a7ff0c87..e16625693e457 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/tree.json @@ -154,6 +154,9 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::KinesisFirehose::DeliveryStream", "aws:cdk:cloudformation:props": { + "deliveryStreamEncryptionConfigurationInput": { + "keyType": "AWS_OWNED_CMK" + }, "deliveryStreamType": "DirectPut", "extendedS3DestinationConfiguration": { "bucketArn": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.ts index a3d65c30c589d..2a1733cd67c80 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.ts @@ -49,8 +49,6 @@ new events.Rule(stack, 'rule', { }, }).addTarget(new targets.KinesisFirehoseStreamV2(firehose.DeliveryStream.fromDeliveryStreamArn(stack, 'firehose', stream.deliveryStreamArn))); -new integ.IntegTest(app, 'integ-tests', { +new integ.IntegTest(app, 'DeliveryStreamAsEventTarget', { testCases: [stack], }); - -app.synth();