From 0b3e755df82a5af25b8a0879124f6b40f268ac0a Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 1 Feb 2021 15:49:29 +0100 Subject: [PATCH 01/37] Cognito User Pool --- .../@aws-cdk/aws-cognito/lib/user-pool.ts | 10 ++- ...r-pool-client-explicit-props.expected.json | 26 +++++-- .../integ.user-pool-client-explicit-props.ts | 6 +- ...nteg.user-pool-domain-cfdist.expected.json | 68 ++++++++++--------- .../test/integ.user-pool-domain-cfdist.ts | 6 +- ...g.user-pool-domain-signinurl.expected.json | 4 +- .../test/integ.user-pool-domain-signinurl.ts | 6 +- ...teg.user-pool-explicit-props.expected.json | 64 ++++++++--------- .../test/integ.user-pool-explicit-props.ts | 3 +- .../integ.user-pool-idp.amazon.expected.json | 4 +- .../test/integ.user-pool-idp.amazon.ts | 6 +- .../integ.user-pool-idp.google.expected.json | 4 +- .../test/integ.user-pool-idp.google.ts | 6 +- ...eg.user-pool-resource-server.expected.json | 4 +- .../test/integ.user-pool-resource-server.ts | 3 +- .../integ.user-pool-signup-code.expected.json | 4 +- .../test/integ.user-pool-signup-code.ts | 3 +- .../integ.user-pool-signup-link.expected.json | 4 +- .../test/integ.user-pool-signup-link.ts | 3 +- .../test/integ.user-pool.expected.json | 4 +- .../aws-cognito/test/integ.user-pool.ts | 3 +- .../aws-cognito/test/user-pool.test.ts | 6 +- packages/@aws-cdk/core/lib/removal-policy.ts | 25 +++++++ 23 files changed, 182 insertions(+), 90 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts index 960d14bb8b426..eb5f8b3359bbf 100644 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts +++ b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts @@ -1,6 +1,6 @@ import { IRole, PolicyDocument, PolicyStatement, Role, ServicePrincipal } from '@aws-cdk/aws-iam'; import * as lambda from '@aws-cdk/aws-lambda'; -import { Duration, IResource, Lazy, Names, Resource, Stack, Token } from '@aws-cdk/core'; +import { Duration, IResource, Lazy, Names, RemovalPolicy, Resource, Stack, Token } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { toASCII as punycodeEncode } from 'punycode/'; import { CfnUserPool } from './cognito.generated'; @@ -567,6 +567,13 @@ export interface UserPoolProps { * @default AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL */ readonly accountRecovery?: AccountRecovery; + + /** + * Policy to apply when the user pool is removed from the stack + * + * @default - The user pool will be orphaned. + */ + readonly removalPolicy?: RemovalPolicy; } /** @@ -756,6 +763,7 @@ export class UserPool extends UserPoolBase { }), accountRecoverySetting: this.accountRecovery(props), }); + userPool.applyRemovalPolicy(props.removalPolicy); this.userPoolId = userPool.ref; this.userPoolArn = userPool.attrArn; diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json index 6d118b0cf046c..c2c5b4d18b269 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.expected.json @@ -27,7 +27,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "myuserpoolmyuserpoolclientAFB2274E": { "Type": "AWS::Cognito::UserPoolClient", @@ -64,9 +66,25 @@ "COGNITO" ], "WriteAttributes": [ - "address", "birthdate", "custom:attribute_one", "custom:attribute_two", "email", - "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", - "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo" + "address", + "birthdate", + "custom:attribute_one", + "custom:attribute_two", + "email", + "family_name", + "gender", + "given_name", + "locale", + "middle_name", + "name", + "nickname", + "phone_number", + "picture", + "preferred_username", + "profile", + "updated_at", + "website", + "zoneinfo" ] } } diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts index 2cd4557cdb48a..d8a058a86d9c8 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.ts @@ -1,10 +1,12 @@ -import { App, Stack } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack } from '@aws-cdk/core'; import { OAuthScope, UserPool, ClientAttributes } from '../lib'; const app = new App(); const stack = new Stack(app, 'integ-user-pool-client-explicit-props'); -const userpool = new UserPool(stack, 'myuserpool'); +const userpool = new UserPool(stack, 'myuserpool', { + removalPolicy: RemovalPolicy.DESTROY, +}); userpool.addClient('myuserpoolclient', { userPoolClientName: 'myuserpoolclient', diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.expected.json index 5f3a61539ea8a..e9a67d39c9235 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.expected.json @@ -27,7 +27,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "UserPoolDomainD0EA232A": { "Type": "AWS::Cognito::UserPoolDomain", @@ -38,6 +40,27 @@ } } }, + "UserPoolDomainCloudFrontDomainNameCustomResourcePolicy7DE54188": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "cognito-idp:DescribeUserPoolDomain", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "UserPoolDomainCloudFrontDomainNameCustomResourcePolicy7DE54188", + "Roles": [ + { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2" + } + ] + } + }, "UserPoolDomainCloudFrontDomainNameE213E594": { "Type": "Custom::UserPoolCloudFrontDomainName", "Properties": { @@ -77,11 +100,11 @@ }, "InstallLatestAwsSdk": true }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete", "DependsOn": [ "UserPoolDomainCloudFrontDomainNameCustomResourcePolicy7DE54188" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2": { "Type": "AWS::IAM::Role", @@ -114,29 +137,12 @@ ] } }, - "UserPoolDomainCloudFrontDomainNameCustomResourcePolicy7DE54188": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action":"cognito-idp:DescribeUserPoolDomain", - "Effect":"Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "UserPoolDomainCloudFrontDomainNameCustomResourcePolicy7DE54188", - "Roles": [{"Ref":"AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2"}] - } - }, "AWS679f53fac002430cb0da5b7982bd22872D164C4C": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersd731b1475f16a318a48a76c83d255f7422cfa5f025c5bff93537b8f0b8e94557S3BucketA250C084" + "Ref": "AssetParametersb64b129569a5ac7a9abf88a18ac0b504d1fb1208872460476ed3fd435830eb94S3Bucket38F1BB8E" }, "S3Key": { "Fn::Join": [ @@ -149,7 +155,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersd731b1475f16a318a48a76c83d255f7422cfa5f025c5bff93537b8f0b8e94557S3VersionKeyDC4F0CD7" + "Ref": "AssetParametersb64b129569a5ac7a9abf88a18ac0b504d1fb1208872460476ed3fd435830eb94S3VersionKeyCCDC67C0" } ] } @@ -162,7 +168,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersd731b1475f16a318a48a76c83d255f7422cfa5f025c5bff93537b8f0b8e94557S3VersionKeyDC4F0CD7" + "Ref": "AssetParametersb64b129569a5ac7a9abf88a18ac0b504d1fb1208872460476ed3fd435830eb94S3VersionKeyCCDC67C0" } ] } @@ -172,13 +178,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs12.x", "Timeout": 120 }, @@ -203,17 +209,17 @@ } }, "Parameters": { - "AssetParametersd731b1475f16a318a48a76c83d255f7422cfa5f025c5bff93537b8f0b8e94557S3BucketA250C084": { + "AssetParametersb64b129569a5ac7a9abf88a18ac0b504d1fb1208872460476ed3fd435830eb94S3Bucket38F1BB8E": { "Type": "String", - "Description": "S3 bucket for asset \"d731b1475f16a318a48a76c83d255f7422cfa5f025c5bff93537b8f0b8e94557\"" + "Description": "S3 bucket for asset \"b64b129569a5ac7a9abf88a18ac0b504d1fb1208872460476ed3fd435830eb94\"" }, - "AssetParametersd731b1475f16a318a48a76c83d255f7422cfa5f025c5bff93537b8f0b8e94557S3VersionKeyDC4F0CD7": { + "AssetParametersb64b129569a5ac7a9abf88a18ac0b504d1fb1208872460476ed3fd435830eb94S3VersionKeyCCDC67C0": { "Type": "String", - "Description": "S3 key for asset version \"d731b1475f16a318a48a76c83d255f7422cfa5f025c5bff93537b8f0b8e94557\"" + "Description": "S3 key for asset version \"b64b129569a5ac7a9abf88a18ac0b504d1fb1208872460476ed3fd435830eb94\"" }, - "AssetParametersd731b1475f16a318a48a76c83d255f7422cfa5f025c5bff93537b8f0b8e94557ArtifactHash5701DE73": { + "AssetParametersb64b129569a5ac7a9abf88a18ac0b504d1fb1208872460476ed3fd435830eb94ArtifactHash782948FC": { "Type": "String", - "Description": "Artifact hash for asset \"d731b1475f16a318a48a76c83d255f7422cfa5f025c5bff93537b8f0b8e94557\"" + "Description": "Artifact hash for asset \"b64b129569a5ac7a9abf88a18ac0b504d1fb1208872460476ed3fd435830eb94\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.ts index 7a45e144ffc3c..2c646a52721ae 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.ts @@ -1,5 +1,5 @@ /// !cdk-integ pragma:ignore-assets -import { App, CfnOutput, Stack } from '@aws-cdk/core'; +import { App, CfnOutput, RemovalPolicy, Stack } from '@aws-cdk/core'; import { UserPool } from '../lib'; /* @@ -10,7 +10,9 @@ import { UserPool } from '../lib'; const app = new App(); const stack = new Stack(app, 'integ-user-pool-domain-cfdist'); -const userpool = new UserPool(stack, 'UserPool'); +const userpool = new UserPool(stack, 'UserPool', { + removalPolicy: RemovalPolicy.DESTROY, +}); const domain = userpool.addDomain('Domain', { cognitoDomain: { diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-signinurl.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-signinurl.expected.json index 694cf43b5f5ea..f19f82379b701 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-signinurl.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-signinurl.expected.json @@ -27,7 +27,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "UserPoolDomainD0EA232A": { "Type": "AWS::Cognito::UserPoolDomain", diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-signinurl.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-signinurl.ts index 7d55d08fe12bb..7b26359354f9b 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-signinurl.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-signinurl.ts @@ -1,4 +1,4 @@ -import { App, CfnOutput, Stack } from '@aws-cdk/core'; +import { App, CfnOutput, RemovalPolicy, Stack } from '@aws-cdk/core'; import { UserPool } from '../lib'; /* @@ -10,7 +10,9 @@ import { UserPool } from '../lib'; const app = new App(); const stack = new Stack(app, 'integ-user-pool-domain-signinurl'); -const userpool = new UserPool(stack, 'UserPool'); +const userpool = new UserPool(stack, 'UserPool', { + removalPolicy: RemovalPolicy.DESTROY, +}); const domain = userpool.addDomain('Domain', { cognitoDomain: { diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.expected.json index ed77c3b7baa53..50da9815a769b 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.expected.json @@ -37,15 +37,15 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "createAuthChallengeServiceRole611710B5", "Arn" ] }, - "Runtime": "nodejs12.x", - "FunctionName": "createAuthChallenge" + "FunctionName": "createAuthChallenge", + "Handler": "index.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "createAuthChallengeServiceRole611710B5" @@ -101,15 +101,15 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "customMessageServiceRoleB4AE7F17", "Arn" ] }, - "Runtime": "nodejs12.x", - "FunctionName": "customMessage" + "FunctionName": "customMessage", + "Handler": "index.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "customMessageServiceRoleB4AE7F17" @@ -165,15 +165,15 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "defineAuthChallengeServiceRole9E2D15DF", "Arn" ] }, - "Runtime": "nodejs12.x", - "FunctionName": "defineAuthChallenge" + "FunctionName": "defineAuthChallenge", + "Handler": "index.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "defineAuthChallengeServiceRole9E2D15DF" @@ -229,15 +229,15 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "postAuthenticationServiceRole5B3B242A", "Arn" ] }, - "Runtime": "nodejs12.x", - "FunctionName": "postAuthentication" + "FunctionName": "postAuthentication", + "Handler": "index.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "postAuthenticationServiceRole5B3B242A" @@ -293,15 +293,15 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "postConfirmationServiceRole864BE5F9", "Arn" ] }, - "Runtime": "nodejs12.x", - "FunctionName": "postConfirmation" + "FunctionName": "postConfirmation", + "Handler": "index.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "postConfirmationServiceRole864BE5F9" @@ -357,15 +357,15 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "preAuthenticationServiceRole9712F4D8", "Arn" ] }, - "Runtime": "nodejs12.x", - "FunctionName": "preAuthentication" + "FunctionName": "preAuthentication", + "Handler": "index.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "preAuthenticationServiceRole9712F4D8" @@ -421,15 +421,15 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "preSignUpServiceRole0A7E91EB", "Arn" ] }, - "Runtime": "nodejs12.x", - "FunctionName": "preSignUp" + "FunctionName": "preSignUp", + "Handler": "index.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "preSignUpServiceRole0A7E91EB" @@ -485,15 +485,15 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "preTokenGenerationServiceRole430C3D14", "Arn" ] }, - "Runtime": "nodejs12.x", - "FunctionName": "preTokenGeneration" + "FunctionName": "preTokenGeneration", + "Handler": "index.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "preTokenGenerationServiceRole430C3D14" @@ -549,15 +549,15 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "userMigrationServiceRole091766B0", "Arn" ] }, - "Runtime": "nodejs12.x", - "FunctionName": "userMigration" + "FunctionName": "userMigration", + "Handler": "index.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "userMigrationServiceRole091766B0" @@ -613,15 +613,15 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "verifyAuthChallengeResponseServiceRole7077884C", "Arn" ] }, - "Runtime": "nodejs12.x", - "FunctionName": "verifyAuthChallengeResponse" + "FunctionName": "verifyAuthChallengeResponse", + "Handler": "index.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "verifyAuthChallengeResponseServiceRole7077884C" @@ -843,7 +843,9 @@ "EmailSubject": "verification email subject from the integ test", "SmsMessage": "verification sms message from the integ test. Code is {####}." } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "myuserpoolmyuserpooldomainEE1E11AF": { "Type": "AWS::Cognito::UserPoolDomain", diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.ts index 261251e1e2592..1bc35003fa472 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-explicit-props.ts @@ -1,11 +1,12 @@ import { Code, Function, IFunction, Runtime } from '@aws-cdk/aws-lambda'; -import { App, CfnOutput, Duration, Stack } from '@aws-cdk/core'; +import { App, CfnOutput, Duration, RemovalPolicy, Stack } from '@aws-cdk/core'; import { BooleanAttribute, DateTimeAttribute, Mfa, NumberAttribute, StringAttribute, UserPool } from '../lib'; const app = new App(); const stack = new Stack(app, 'integ-user-pool'); const userpool = new UserPool(stack, 'myuserpool', { + removalPolicy: RemovalPolicy.DESTROY, userPoolName: 'MyUserPool', userInvitation: { emailSubject: 'invitation email subject from the integ test', diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.amazon.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.amazon.expected.json index e68a262eb7ee3..dd2188ee4e517 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.amazon.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.amazon.expected.json @@ -27,7 +27,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "poolclient2623294C": { "Type": "AWS::Cognito::UserPoolClient", diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.amazon.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.amazon.ts index 7252dfc0a8a40..77b95a5857330 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.amazon.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.amazon.ts @@ -1,4 +1,4 @@ -import { App, CfnOutput, Stack } from '@aws-cdk/core'; +import { App, CfnOutput, RemovalPolicy, Stack } from '@aws-cdk/core'; import { ProviderAttribute, UserPool, UserPoolIdentityProviderAmazon } from '../lib'; /* @@ -9,7 +9,9 @@ import { ProviderAttribute, UserPool, UserPoolIdentityProviderAmazon } from '../ const app = new App(); const stack = new Stack(app, 'integ-user-pool-idp-amazon'); -const userpool = new UserPool(stack, 'pool'); +const userpool = new UserPool(stack, 'pool', { + removalPolicy: RemovalPolicy.DESTROY, +}); new UserPoolIdentityProviderAmazon(stack, 'amazon', { userPool: userpool, diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.google.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.google.expected.json index c767ee9d2d260..b90dd7faec0dd 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.google.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.google.expected.json @@ -27,7 +27,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "poolclient2623294C": { "Type": "AWS::Cognito::UserPoolClient", diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.google.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.google.ts index fac20b8351d38..f4ea4d077286d 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.google.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-idp.google.ts @@ -1,4 +1,4 @@ -import { App, CfnOutput, Stack } from '@aws-cdk/core'; +import { App, CfnOutput, RemovalPolicy, Stack } from '@aws-cdk/core'; import { ProviderAttribute, UserPool, UserPoolIdentityProviderGoogle } from '../lib'; /* @@ -9,7 +9,9 @@ import { ProviderAttribute, UserPool, UserPoolIdentityProviderGoogle } from '../ const app = new App(); const stack = new Stack(app, 'integ-user-pool-idp-google'); -const userpool = new UserPool(stack, 'pool'); +const userpool = new UserPool(stack, 'pool', { + removalPolicy: RemovalPolicy.DESTROY, +}); new UserPoolIdentityProviderGoogle(stack, 'google', { userPool: userpool, diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-resource-server.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-resource-server.expected.json index ffc765b879357..36b033a51f2fb 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-resource-server.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-resource-server.expected.json @@ -28,7 +28,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "myuserpoolmyserver50C4D8E9": { "Type": "AWS::Cognito::UserPoolResourceServer", diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-resource-server.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-resource-server.ts index 8610d7a3e1296..cd56612c65cd7 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-resource-server.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-resource-server.ts @@ -1,4 +1,4 @@ -import { App, CfnOutput, Stack } from '@aws-cdk/core'; +import { App, CfnOutput, RemovalPolicy, Stack } from '@aws-cdk/core'; import { OAuthScope, ResourceServerScope, UserPool } from '../lib'; const app = new App(); @@ -14,6 +14,7 @@ const stack = new Stack(app, 'integ-user-pool-resource-server'); */ const userPool = new UserPool(stack, 'myuserpool', { userPoolName: 'MyUserPool', + removalPolicy: RemovalPolicy.DESTROY, }); const readScope = new ResourceServerScope({ scopeName: 'read', scopeDescription: 'read only' }); diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-code.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-code.expected.json index 5cc13052434f2..091b5f4cb7a8a 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-code.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-code.expected.json @@ -87,7 +87,9 @@ "EmailSubject": "integ-test: Verify your account", "SmsMessage": "integ-test: Account verification code is {####}" } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "myuserpoolclient8A58A3E4": { "Type": "AWS::Cognito::UserPoolClient", diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-code.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-code.ts index 12e8c1d354ea3..9118b4c912adf 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-code.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-code.ts @@ -1,4 +1,4 @@ -import { App, CfnOutput, Stack } from '@aws-cdk/core'; +import { App, CfnOutput, RemovalPolicy, Stack } from '@aws-cdk/core'; import { UserPool, UserPoolClient, VerificationEmailStyle } from '../lib'; /* @@ -15,6 +15,7 @@ const app = new App(); const stack = new Stack(app, 'integ-user-pool-signup-code'); const userpool = new UserPool(stack, 'myuserpool', { + removalPolicy: RemovalPolicy.DESTROY, userPoolName: 'MyUserPool', autoVerify: { email: true, diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-link.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-link.expected.json index 53c9f89ed8031..f5cca975e608b 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-link.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-link.expected.json @@ -85,7 +85,9 @@ "EmailSubjectByLink": "integ-test: Verify your account", "SmsMessage": "integ-test: Account verification code is {####}" } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "myuserpoolmyuserpooldomainEE1E11AF": { "Type": "AWS::Cognito::UserPoolDomain", diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-link.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-link.ts index 92f0452010f22..b7121720ad940 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-link.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-signup-link.ts @@ -1,4 +1,4 @@ -import { App, CfnOutput, Stack } from '@aws-cdk/core'; +import { App, CfnOutput, RemovalPolicy, Stack } from '@aws-cdk/core'; import { UserPool, UserPoolClient, VerificationEmailStyle } from '../lib'; /* @@ -15,6 +15,7 @@ const app = new App(); const stack = new Stack(app, 'integ-user-pool-signup-link'); const userpool = new UserPool(stack, 'myuserpool', { + removalPolicy: RemovalPolicy.DESTROY, userPoolName: 'MyUserPool', autoVerify: { email: true, diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool.expected.json index 85214615c050d..a3a50d2f5287b 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool.expected.json @@ -28,7 +28,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool.ts b/packages/@aws-cdk/aws-cognito/test/integ.user-pool.ts index 565a6b1dd549e..5b587b8f94f75 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool.ts +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool.ts @@ -1,4 +1,4 @@ -import { App, CfnOutput, Stack } from '@aws-cdk/core'; +import { App, CfnOutput, RemovalPolicy, Stack } from '@aws-cdk/core'; import { UserPool } from '../lib'; const app = new App(); @@ -6,6 +6,7 @@ const stack = new Stack(app, 'integ-user-pool'); const userpool = new UserPool(stack, 'myuserpool', { userPoolName: 'MyUserPool', + removalPolicy: RemovalPolicy.DESTROY, }); new CfnOutput(stack, 'user-pool-id', { diff --git a/packages/@aws-cdk/aws-cognito/test/user-pool.test.ts b/packages/@aws-cdk/aws-cognito/test/user-pool.test.ts index a2199eecce800..6801e8ada2568 100644 --- a/packages/@aws-cdk/aws-cognito/test/user-pool.test.ts +++ b/packages/@aws-cdk/aws-cognito/test/user-pool.test.ts @@ -1,5 +1,5 @@ import '@aws-cdk/assert/jest'; -import { ABSENT } from '@aws-cdk/assert/lib/assertions/have-resource'; +import { ABSENT, ResourcePart } from '@aws-cdk/assert/lib/assertions/have-resource'; import { Role, ServicePrincipal } from '@aws-cdk/aws-iam'; import * as lambda from '@aws-cdk/aws-lambda'; import { CfnParameter, Duration, Stack, Tags } from '@aws-cdk/core'; @@ -32,6 +32,10 @@ describe('User Pool', () => { SmsConfiguration: ABSENT, lambdaTriggers: ABSENT, }); + + expect(stack).toHaveResource('AWS::Cognito::UserPool', { + DeletionPolicy: 'Retain', + }, ResourcePart.CompleteDefinition); }); test('self sign up option is correctly configured', () => { diff --git a/packages/@aws-cdk/core/lib/removal-policy.ts b/packages/@aws-cdk/core/lib/removal-policy.ts index 879a00f53b4f9..d815967fa2bf0 100644 --- a/packages/@aws-cdk/core/lib/removal-policy.ts +++ b/packages/@aws-cdk/core/lib/removal-policy.ts @@ -1,3 +1,28 @@ +/** + * Possible values for a resource's Removal Policy + * + * The removal policy controls what happens to the resource if it stops being + * managed by CloudFormation. This can happen in one of three situations: + * + * - The resource is removed from the template, so CloudFormation stops managing it; + * - A change to the resource is made that requires it to be replaced, so CloudFormation stops + * managing it; + * - The stack is deleted, so CloudFormation stops managing all resources in it. + * + * The Removal Policy applies to all above cases. + * + * Many stateful resources in the AWS Construct Library will accept a + * `removalPolicy` as a property, typically defaulting it to `RETAIN`. + * + * If the AWS Construct Library resource does not accept a `removalPolicy` + * argument, you can always configure it by using the escape hatch mechanism, + * as shown in the following example: + * + * ```ts + * const cfnBucket = bucket.node.findChild('Resource') as cdk.CfnResource; + * cfnBucket.applyRemovalPolicy(cdk.RemovalPolicy.DESTROY); + * ``` + */ export enum RemovalPolicy { /** * This is the default removal policy. It means that when the resource is From aec4c1b6ea98d71a03ea9f827d86ecc665343064 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 1 Feb 2021 15:53:28 +0100 Subject: [PATCH 02/37] EC2 Volume --- packages/@aws-cdk/aws-ec2/lib/volume.ts | 10 +++++++++- packages/@aws-cdk/aws-ec2/test/volume.test.ts | 4 ++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-ec2/lib/volume.ts b/packages/@aws-cdk/aws-ec2/lib/volume.ts index 65d84b30eed55..110b3ceed88d7 100644 --- a/packages/@aws-cdk/aws-ec2/lib/volume.ts +++ b/packages/@aws-cdk/aws-ec2/lib/volume.ts @@ -2,7 +2,7 @@ import * as crypto from 'crypto'; import { AccountRootPrincipal, Grant, IGrantable } from '@aws-cdk/aws-iam'; import { IKey, ViaServicePrincipal } from '@aws-cdk/aws-kms'; -import { Annotations, IResource, Resource, Size, SizeRoundingBehavior, Stack, Token, Tags, Names } from '@aws-cdk/core'; +import { Annotations, IResource, Resource, Size, SizeRoundingBehavior, Stack, Token, Tags, Names, RemovalPolicy } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnInstance, CfnVolume } from './ec2.generated'; import { IInstance } from './instance'; @@ -461,6 +461,13 @@ export interface VolumeProps { * @default None -- Required for {@link EbsDeviceVolumeType.PROVISIONED_IOPS_SSD} */ readonly iops?: number; + + /** + * Policy to apply when the volume is removed from the stack + * + * @default RemovalPolicy.RETAIN + */ + readonly removalPolicy?: RemovalPolicy; } /** @@ -635,6 +642,7 @@ export class Volume extends VolumeBase { snapshotId: props.snapshotId, volumeType: props.volumeType ?? EbsDeviceVolumeType.GENERAL_PURPOSE_SSD, }); + resource.applyRemovalPolicy(props.removalPolicy); this.volumeId = resource.ref; this.availabilityZone = props.availabilityZone; diff --git a/packages/@aws-cdk/aws-ec2/test/volume.test.ts b/packages/@aws-cdk/aws-ec2/test/volume.test.ts index e0d37a232c6d6..4278e2d681184 100644 --- a/packages/@aws-cdk/aws-ec2/test/volume.test.ts +++ b/packages/@aws-cdk/aws-ec2/test/volume.test.ts @@ -40,6 +40,10 @@ nodeunitShim({ VolumeType: 'gp2', }, ResourcePart.Properties)); + cdkExpect(stack).to(haveResource('AWS::EC2::Volume', { + DeletionPolicy: 'Retain', + }, ResourcePart.CompleteDefinition)); + test.done(); }, From e09ea5e8658d8b89b386e199546a884c2767ee5e Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 1 Feb 2021 17:43:53 +0100 Subject: [PATCH 03/37] ElasticSearch Domain --- packages/@aws-cdk/aws-elasticsearch/lib/domain.ts | 7 +++++++ .../@aws-cdk/aws-elasticsearch/test/domain.test.ts | 10 ++++++++++ .../integ.elasticsearch.advancedsecurity.expected.json | 4 +++- .../test/integ.elasticsearch.advancedsecurity.ts | 3 ++- .../integ.elasticsearch.custom-kms-key.expected.json | 6 ++++-- .../test/integ.elasticsearch.custom-kms-key.ts | 3 ++- .../test/integ.elasticsearch.expected.json | 10 +++++++--- .../aws-elasticsearch/test/integ.elasticsearch.ts | 3 ++- .../test/integ.elasticsearch.ultrawarm.expected.json | 4 +++- .../test/integ.elasticsearch.ultrawarm.ts | 3 ++- ...integ.elasticsearch.unsignedbasicauth.expected.json | 6 ++++-- .../test/integ.elasticsearch.unsignedbasicauth.ts | 3 ++- 12 files changed, 48 insertions(+), 14 deletions(-) diff --git a/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts b/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts index 603177c87c19f..1f2a36d9c6dc1 100644 --- a/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts +++ b/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts @@ -545,6 +545,12 @@ export interface DomainProps { */ readonly enableVersionUpgrade?: boolean; + /** + * Policy to apply when the domain is removed from the stack + * + * @default RemovalPolicy.RETAIN + */ + readonly removalPolicy?: cdk.RemovalPolicy; } /** @@ -1615,6 +1621,7 @@ export class Domain extends DomainBase implements IDomain { } : undefined, }); + this.domain.applyRemovalPolicy(props.removalPolicy); if (props.enableVersionUpgrade) { this.domain.cfnOptions.updatePolicy = { diff --git a/packages/@aws-cdk/aws-elasticsearch/test/domain.test.ts b/packages/@aws-cdk/aws-elasticsearch/test/domain.test.ts index f01fba3c4b332..502d9d0a1adeb 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/domain.test.ts +++ b/packages/@aws-cdk/aws-elasticsearch/test/domain.test.ts @@ -28,6 +28,16 @@ const readWriteActions = [ ...writeActions, ]; +test('default removalpolicy is retain', () => { + new Domain(stack, 'Domain', { + version: ElasticsearchVersion.V7_1, + }); + + expect(stack).toHaveResource('AWS::Elasticsearch::Domain', { + DeletionPolicy: 'Retain', + }, assert.ResourcePart.CompleteDefinition); +}); + test('grants kms permissions if needed', () => { const key = new kms.Key(stack, 'Key'); diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.expected.json index dac2d95d68b54..84333cb6005d7 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.expected.json @@ -44,7 +44,9 @@ "NodeToNodeEncryptionOptions": { "Enabled": true } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.ts b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.ts index 5baf8f4e1b99d..828a5c9fe75e7 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.ts +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.ts @@ -1,5 +1,5 @@ import { User } from '@aws-cdk/aws-iam'; -import { App, Stack, StackProps } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as es from '../lib'; @@ -10,6 +10,7 @@ class TestStack extends Stack { const user = new User(this, 'User'); new es.Domain(this, 'Domain', { + removalPolicy: RemovalPolicy.DESTROY, version: es.ElasticsearchVersion.V7_1, fineGrainedAccessControl: { masterUserArn: user.userArn, diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json index 201e3d81bd99d..d3f6fe675ebac 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json @@ -237,7 +237,9 @@ "DependsOn": [ "DomainESLogGroupPolicyc82ca7bfe2f2589b859ebab89e88da2efd284adfadCustomResourcePolicy0B41F6DF", "DomainESLogGroupPolicyc82ca7bfe2f2589b859ebab89e88da2efd284adfadA70E756D" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "DomainESAccessPolicyCustomResourcePolicy9747FC42": { "Type": "AWS::IAM::Policy", @@ -436,13 +438,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs12.x", "Timeout": 120 }, diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.ts b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.ts index 57152d5c70d5c..24bb07e4660ff 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.ts +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.ts @@ -1,7 +1,7 @@ import { EbsDeviceVolumeType } from '@aws-cdk/aws-ec2'; import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; -import { App, Stack, StackProps } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as es from '../lib'; @@ -12,6 +12,7 @@ class TestStack extends Stack { const key = new kms.Key(this, 'Key'); const domainProps: es.DomainProps = { + removalPolicy: RemovalPolicy.DESTROY, version: es.ElasticsearchVersion.V7_1, ebs: { volumeSize: 10, diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json index e43b6bb5f62e6..e510eb3534625 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json @@ -183,7 +183,9 @@ "DependsOn": [ "Domain1ESLogGroupPolicyc8858d5dba055f677469d76cb6ad538fd732ba69a6CustomResourcePolicy24436E05", "Domain1ESLogGroupPolicyc8858d5dba055f677469d76cb6ad538fd732ba69a6D8BDCF36" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "Domain1ESAccessPolicyCustomResourcePolicyC04432B6": { "Type": "AWS::IAM::Policy", @@ -352,13 +354,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs12.x", "Timeout": 120 }, @@ -549,7 +551,9 @@ "DependsOn": [ "Domain2ESLogGroupPolicyc8405238e455eeabd840cf6933e1814efc51d2de71CustomResourcePolicy77691A33", "Domain2ESLogGroupPolicyc8405238e455eeabd840cf6933e1814efc51d2de71F1DE93A1" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "Domain2ESAccessPolicyCustomResourcePolicy8EED1F24": { "Type": "AWS::IAM::Policy", diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ts b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ts index 4a6232d3ab130..448896e321957 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ts +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ts @@ -1,6 +1,6 @@ import { EbsDeviceVolumeType } from '@aws-cdk/aws-ec2'; import * as iam from '@aws-cdk/aws-iam'; -import { App, Stack, StackProps } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as es from '../lib'; @@ -9,6 +9,7 @@ class TestStack extends Stack { super(scope, id, props); const domainProps: es.DomainProps = { + removalPolicy: RemovalPolicy.DESTROY, version: es.ElasticsearchVersion.V7_1, ebs: { volumeSize: 10, diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ultrawarm.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ultrawarm.expected.json index c24aeb2f30740..702d302029600 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ultrawarm.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ultrawarm.expected.json @@ -34,7 +34,9 @@ "NodeToNodeEncryptionOptions": { "Enabled": false } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ultrawarm.ts b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ultrawarm.ts index 259f43fe0cef2..c7c581252fc7e 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ultrawarm.ts +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.ultrawarm.ts @@ -1,4 +1,4 @@ -import { App, Stack, StackProps } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as es from '../lib'; @@ -7,6 +7,7 @@ class TestStack extends Stack { super(scope, id, props); new es.Domain(this, 'Domain', { + removalPolicy: RemovalPolicy.DESTROY, version: es.ElasticsearchVersion.V7_1, capacity: { masterNodes: 2, diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json index b55ac9e14df69..065e569573421 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json @@ -58,7 +58,9 @@ "NodeToNodeEncryptionOptions": { "Enabled": true } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "DomainESAccessPolicyCustomResourcePolicy9747FC42": { "Type": "AWS::IAM::Policy", @@ -255,13 +257,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs12.x", "Timeout": 120 }, diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.ts b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.ts index 8844e5937305c..5e7fb2787972d 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.ts +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.ts @@ -1,4 +1,4 @@ -import { App, Stack, StackProps } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core'; import { Construct } from 'constructs'; import * as es from '../lib'; @@ -7,6 +7,7 @@ class TestStack extends Stack { super(scope, id, props); new es.Domain(this, 'Domain', { + removalPolicy: RemovalPolicy.DESTROY, version: es.ElasticsearchVersion.V7_1, useUnsignedBasicAuth: true, }); From 2fd98f7d6679727b59399b6f64808e064e70c51f Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 1 Feb 2021 17:49:50 +0100 Subject: [PATCH 04/37] FSx FileSystem --- packages/@aws-cdk/aws-fsx/lib/file-system.ts | 9 ++++++++- packages/@aws-cdk/aws-fsx/lib/lustre-file-system.ts | 1 + .../aws-fsx/test/integ.lustre-file-system.expected.json | 4 +++- .../@aws-cdk/aws-fsx/test/integ.lustre-file-system.ts | 3 ++- .../@aws-cdk/aws-fsx/test/lustre-file-system.test.ts | 6 +++++- 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-fsx/lib/file-system.ts b/packages/@aws-cdk/aws-fsx/lib/file-system.ts index 22b4f64d8cd3b..d19c0e7686151 100644 --- a/packages/@aws-cdk/aws-fsx/lib/file-system.ts +++ b/packages/@aws-cdk/aws-fsx/lib/file-system.ts @@ -1,6 +1,6 @@ import { Connections, IConnectable, ISecurityGroup, IVpc } from '@aws-cdk/aws-ec2'; import { IKey } from '@aws-cdk/aws-kms'; -import { Resource } from '@aws-cdk/core'; +import { RemovalPolicy, Resource } from '@aws-cdk/core'; /** * Interface to implement FSx File Systems. @@ -52,6 +52,13 @@ export interface FileSystemProps { * For SCRATCH_2 and PERSISTENT_1 types, valid values are 1,200, 2,400, then continuing in increments of 2,400 GiB. */ readonly storageCapacityGiB: number; + + /** + * Policy to apply when the file system is removed from the stack + * + * @default RemovalPolicy.RETAIN + */ + readonly removalPolicy?: RemovalPolicy; } /** diff --git a/packages/@aws-cdk/aws-fsx/lib/lustre-file-system.ts b/packages/@aws-cdk/aws-fsx/lib/lustre-file-system.ts index 9d27da5bca3cd..2206bb31dfad3 100644 --- a/packages/@aws-cdk/aws-fsx/lib/lustre-file-system.ts +++ b/packages/@aws-cdk/aws-fsx/lib/lustre-file-system.ts @@ -198,6 +198,7 @@ export class LustreFileSystem extends FileSystemBase { securityGroupIds: [securityGroup.securityGroupId], storageCapacity: props.storageCapacityGiB, }); + this.fileSystem.applyRemovalPolicy(props.removalPolicy); this.fileSystemId = this.fileSystem.ref; this.dnsName = `${this.fileSystemId}.fsx.${this.stack.region}.${Aws.URL_SUFFIX}`; diff --git a/packages/@aws-cdk/aws-fsx/test/integ.lustre-file-system.expected.json b/packages/@aws-cdk/aws-fsx/test/integ.lustre-file-system.expected.json index 0164e2f1f0067..c5826b996a6bf 100644 --- a/packages/@aws-cdk/aws-fsx/test/integ.lustre-file-system.expected.json +++ b/packages/@aws-cdk/aws-fsx/test/integ.lustre-file-system.expected.json @@ -593,7 +593,9 @@ } ], "StorageCapacity": 1200 - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "instInstanceSecurityGroup54790689": { "Type": "AWS::EC2::SecurityGroup", diff --git a/packages/@aws-cdk/aws-fsx/test/integ.lustre-file-system.ts b/packages/@aws-cdk/aws-fsx/test/integ.lustre-file-system.ts index 00b32cea3b297..5202df62b2d08 100644 --- a/packages/@aws-cdk/aws-fsx/test/integ.lustre-file-system.ts +++ b/packages/@aws-cdk/aws-fsx/test/integ.lustre-file-system.ts @@ -1,5 +1,5 @@ import { AmazonLinuxGeneration, AmazonLinuxImage, Instance, InstanceClass, InstanceSize, InstanceType, SubnetType, Vpc } from '@aws-cdk/aws-ec2'; -import { App, Stack } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack } from '@aws-cdk/core'; import { LustreDeploymentType, LustreFileSystem } from '../lib'; const app = new App(); @@ -17,6 +17,7 @@ const fs = new LustreFileSystem(stack, 'FsxLustreFileSystem', { storageCapacityGiB: storageCapacity, vpc, vpcSubnet: vpc.privateSubnets[0], + removalPolicy: RemovalPolicy.DESTROY, }); const inst = new Instance(stack, 'inst', { diff --git a/packages/@aws-cdk/aws-fsx/test/lustre-file-system.test.ts b/packages/@aws-cdk/aws-fsx/test/lustre-file-system.test.ts index 43541cd858fce..fe0159a212140 100644 --- a/packages/@aws-cdk/aws-fsx/test/lustre-file-system.test.ts +++ b/packages/@aws-cdk/aws-fsx/test/lustre-file-system.test.ts @@ -1,5 +1,5 @@ import { strictEqual } from 'assert'; -import { expect as expectCDK, haveResource } from '@aws-cdk/assert'; +import { expect as expectCDK, haveResource, ResourcePart } from '@aws-cdk/assert'; import { ISubnet, Port, SecurityGroup, Subnet, Vpc } from '@aws-cdk/aws-ec2'; import { Key } from '@aws-cdk/aws-kms'; import { Aws, Stack, Token } from '@aws-cdk/core'; @@ -40,6 +40,10 @@ describe('FSx for Lustre File System', () => { strictEqual( fileSystem.dnsName, `${fileSystem.fileSystemId}.fsx.${stack.region}.${Aws.URL_SUFFIX}`); + + expectCDK(stack).to(haveResource('AWS::FSx::FileSystem', { + DeletionPolicy: 'Retain', + }, ResourcePart.CompleteDefinition)); }); test('file system is created correctly when security group is provided', () => { From 51b4c713b01dac86298e55e03b263e39e4f24ed5 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 8 Feb 2021 12:01:48 +0100 Subject: [PATCH 05/37] WIP SQS --- packages/@aws-cdk/aws-sqs/lib/queue.ts | 15 ++++++++++++- .../aws-sqs/test/integ.sqs.expected.json | 12 +++++++--- packages/@aws-cdk/aws-sqs/test/test.sqs.ts | 22 ++++++++++++++++++- 3 files changed, 44 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-sqs/lib/queue.ts b/packages/@aws-cdk/aws-sqs/lib/queue.ts index 63b466de84421..1c3067c7a70d6 100644 --- a/packages/@aws-cdk/aws-sqs/lib/queue.ts +++ b/packages/@aws-cdk/aws-sqs/lib/queue.ts @@ -1,5 +1,5 @@ import * as kms from '@aws-cdk/aws-kms'; -import { Duration, Stack, Token } from '@aws-cdk/core'; +import { Duration, RemovalPolicy, Stack, Token } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { IQueue, QueueAttributes, QueueBase } from './queue-base'; import { CfnQueue } from './sqs.generated'; @@ -137,6 +137,18 @@ export interface QueueProps { * @default false */ readonly contentBasedDeduplication?: boolean; + + /** + * Policy to apply when the user pool is removed from the stack + * + * Even though queues are technically stateful, their contents are transient and it + * is common to add and remove Queues while rearchitecting your application. The + * default is therefore `DESTROY`. Change it to `RETAIN` if the messages are so + * valuable that accidentally losing them would be unacceptable. + * + * @default RemovalPolicy.DESTROY + */ + readonly removalPolicy?: RemovalPolicy; } /** @@ -273,6 +285,7 @@ export class Queue extends QueueBase { receiveMessageWaitTimeSeconds: props.receiveMessageWaitTime && props.receiveMessageWaitTime.toSeconds(), visibilityTimeout: props.visibilityTimeout && props.visibilityTimeout.toSeconds(), }); + queue.applyRemovalPolicy(props.removalPolicy ?? RemovalPolicy.DESTROY); this.queueArn = this.getResourceArnAttribute(queue.attrArn, { service: 'sqs', diff --git a/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json b/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json index 4ad0f8e0c8b34..50c36beb525a8 100644 --- a/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json +++ b/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json @@ -1,7 +1,9 @@ { "Resources": { "DeadLetterQueue9F481546": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "Queue4A7E3555": { "Type": "AWS::SQS::Queue", @@ -16,7 +18,9 @@ }, "maxReceiveCount": 5 } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "EncryptionKey1B843E66": { "Type": "AWS::KMS::Key", @@ -92,7 +96,9 @@ "Arn" ] } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "Role1ABCC5F0": { "Type": "AWS::IAM::Role", diff --git a/packages/@aws-cdk/aws-sqs/test/test.sqs.ts b/packages/@aws-cdk/aws-sqs/test/test.sqs.ts index 87e38c2dcf2ca..ea0233578c5a6 100644 --- a/packages/@aws-cdk/aws-sqs/test/test.sqs.ts +++ b/packages/@aws-cdk/aws-sqs/test/test.sqs.ts @@ -1,4 +1,4 @@ -import { expect, haveResource } from '@aws-cdk/assert'; +import { expect, haveResource, ResourcePart } from '@aws-cdk/assert'; import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; import { CfnParameter, Duration, Stack, App } from '@aws-cdk/core'; @@ -18,10 +18,16 @@ export = { 'Resources': { 'Queue4A7E3555': { 'Type': 'AWS::SQS::Queue', + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); + expect(stack).to(haveResource('AWS::SQS::Queue', { + DeletionPolicy: 'Delete', + }, ResourcePart.CompleteDefinition)); + test.done(); }, 'with a dead letter queue'(test: Test) { @@ -33,6 +39,8 @@ export = { 'Resources': { 'DLQ581697C4': { 'Type': 'AWS::SQS::Queue', + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, 'Queue4A7E3555': { 'Type': 'AWS::SQS::Queue', @@ -47,6 +55,8 @@ export = { 'maxReceiveCount': 3, }, }, + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); @@ -99,6 +109,8 @@ export = { 'Ref': 'myretentionperiod', }, }, + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); @@ -119,6 +131,8 @@ export = { 'Resources': { 'MyQueueE6CA6235': { 'Type': 'AWS::SQS::Queue', + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, 'MyQueuePolicy6BBEDDAC': { 'Type': 'AWS::SQS::QueuePolicy', @@ -311,6 +325,8 @@ export = { 'Properties': { 'KmsMasterKeyId': 'alias/aws/sqs', }, + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); @@ -378,6 +394,8 @@ export = { 'QueueName': 'MyQueue.fifo', 'FifoQueue': true, }, + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); @@ -400,6 +418,8 @@ export = { 'Properties': { 'FifoQueue': true, }, + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); From 6810bcf35dd9d7df9272052b633a06b36875c188 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 8 Feb 2021 12:01:48 +0100 Subject: [PATCH 06/37] SQS Queue --- .../integ.bucket-notifications.expected.json | 8 +++++-- .../test/integ.sns-lambda.expected.json | 8 ++++--- .../test/integ.sns-sqs.lit.expected.json | 8 ++++--- .../aws-sns-subscriptions/test/subs.test.ts | 10 +++++++++ packages/@aws-cdk/aws-sqs/lib/queue.ts | 15 ++++++++++++- .../aws-sqs/test/integ.sqs.expected.json | 12 +++++++--- packages/@aws-cdk/aws-sqs/test/test.sqs.ts | 22 ++++++++++++++++++- 7 files changed, 70 insertions(+), 13 deletions(-) diff --git a/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json index b4d969a3c6d42..2c463fe230ee2 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json @@ -53,7 +53,9 @@ ] }, "MyQueueE6CA6235": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "MyQueuePolicy6BBEDDAC": { "Type": "AWS::SQS::QueuePolicy", @@ -341,7 +343,9 @@ "Arn" ] } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "EncryptedQueuePolicy8AEB1708": { "Type": "AWS::SQS::QueuePolicy", diff --git a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.expected.json b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.expected.json index 38367e9204de2..d20fe9bf9a8db 100644 --- a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.expected.json +++ b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.expected.json @@ -40,13 +40,13 @@ "Code": { "ZipFile": "exports.handler = function handler(event, _context, callback) {\n /* eslint-disable no-console */\n console.log('====================================================');\n console.log(JSON.stringify(event, undefined, 2));\n console.log('====================================================');\n return callback(undefined, event);\n}" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "EchoServiceRoleBE28060B", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -93,7 +93,9 @@ } }, "DeadLetterQueue9F481546": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "DeadLetterQueuePolicyB1FB890C": { "Type": "AWS::SQS::QueuePolicy", @@ -167,13 +169,13 @@ "Code": { "ZipFile": "exports.handler = function handler(event, _context, callback) {\n /* eslint-disable no-console */\n console.log('====================================================');\n console.log(JSON.stringify(event, undefined, 2));\n console.log('====================================================');\n return callback(undefined, event);\n}" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "FilteredServiceRole16D9DDC1", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-sqs.lit.expected.json b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-sqs.lit.expected.json index ea6b8345f0469..f9b68ad7da9ca 100644 --- a/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-sqs.lit.expected.json +++ b/packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-sqs.lit.expected.json @@ -4,7 +4,9 @@ "Type": "AWS::SNS::Topic" }, "MyQueueE6CA6235": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "MyQueuePolicy6BBEDDAC": { "Type": "AWS::SQS::QueuePolicy", @@ -66,8 +68,8 @@ }, "DeadLetterQueue9F481546": { "Type": "AWS::SQS::Queue", - "Properties": { - } + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "DeadLetterQueuePolicyB1FB890C": { "Type": "AWS::SQS::QueuePolicy", diff --git a/packages/@aws-cdk/aws-sns-subscriptions/test/subs.test.ts b/packages/@aws-cdk/aws-sns-subscriptions/test/subs.test.ts index b2da0de8099b3..4bd8646176d08 100644 --- a/packages/@aws-cdk/aws-sns-subscriptions/test/subs.test.ts +++ b/packages/@aws-cdk/aws-sns-subscriptions/test/subs.test.ts @@ -82,6 +82,8 @@ test('url subscription with user provided dlq', () => { }, 'DeadLetterQueue9F481546': { 'Type': 'AWS::SQS::Queue', + 'DeletionPolicy': 'Delete', + 'UpdateReplacePolicy': 'Delete', 'Properties': { 'MessageRetentionPeriod': 1209600, 'QueueName': 'MySubscription_DLQ', @@ -248,6 +250,8 @@ test('queue subscription', () => { }, 'MyQueueE6CA6235': { 'Type': 'AWS::SQS::Queue', + 'DeletionPolicy': 'Delete', + 'UpdateReplacePolicy': 'Delete', }, 'MyQueuePolicy6BBEDDAC': { 'Type': 'AWS::SQS::QueuePolicy', @@ -325,6 +329,8 @@ test('queue subscription with user provided dlq', () => { }, 'MyQueueE6CA6235': { 'Type': 'AWS::SQS::Queue', + 'DeletionPolicy': 'Delete', + 'UpdateReplacePolicy': 'Delete', }, 'MyQueuePolicy6BBEDDAC': { 'Type': 'AWS::SQS::QueuePolicy', @@ -386,6 +392,8 @@ test('queue subscription with user provided dlq', () => { }, 'DeadLetterQueue9F481546': { 'Type': 'AWS::SQS::Queue', + 'DeletionPolicy': 'Delete', + 'UpdateReplacePolicy': 'Delete', 'Properties': { 'MessageRetentionPeriod': 1209600, 'QueueName': 'MySubscription_DLQ', @@ -745,6 +753,8 @@ test('multiple subscriptions', () => { }, 'MyQueueE6CA6235': { 'Type': 'AWS::SQS::Queue', + 'DeletionPolicy': 'Delete', + 'UpdateReplacePolicy': 'Delete', }, 'MyQueuePolicy6BBEDDAC': { 'Type': 'AWS::SQS::QueuePolicy', diff --git a/packages/@aws-cdk/aws-sqs/lib/queue.ts b/packages/@aws-cdk/aws-sqs/lib/queue.ts index 63b466de84421..1c3067c7a70d6 100644 --- a/packages/@aws-cdk/aws-sqs/lib/queue.ts +++ b/packages/@aws-cdk/aws-sqs/lib/queue.ts @@ -1,5 +1,5 @@ import * as kms from '@aws-cdk/aws-kms'; -import { Duration, Stack, Token } from '@aws-cdk/core'; +import { Duration, RemovalPolicy, Stack, Token } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { IQueue, QueueAttributes, QueueBase } from './queue-base'; import { CfnQueue } from './sqs.generated'; @@ -137,6 +137,18 @@ export interface QueueProps { * @default false */ readonly contentBasedDeduplication?: boolean; + + /** + * Policy to apply when the user pool is removed from the stack + * + * Even though queues are technically stateful, their contents are transient and it + * is common to add and remove Queues while rearchitecting your application. The + * default is therefore `DESTROY`. Change it to `RETAIN` if the messages are so + * valuable that accidentally losing them would be unacceptable. + * + * @default RemovalPolicy.DESTROY + */ + readonly removalPolicy?: RemovalPolicy; } /** @@ -273,6 +285,7 @@ export class Queue extends QueueBase { receiveMessageWaitTimeSeconds: props.receiveMessageWaitTime && props.receiveMessageWaitTime.toSeconds(), visibilityTimeout: props.visibilityTimeout && props.visibilityTimeout.toSeconds(), }); + queue.applyRemovalPolicy(props.removalPolicy ?? RemovalPolicy.DESTROY); this.queueArn = this.getResourceArnAttribute(queue.attrArn, { service: 'sqs', diff --git a/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json b/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json index 4ad0f8e0c8b34..50c36beb525a8 100644 --- a/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json +++ b/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json @@ -1,7 +1,9 @@ { "Resources": { "DeadLetterQueue9F481546": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "Queue4A7E3555": { "Type": "AWS::SQS::Queue", @@ -16,7 +18,9 @@ }, "maxReceiveCount": 5 } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "EncryptionKey1B843E66": { "Type": "AWS::KMS::Key", @@ -92,7 +96,9 @@ "Arn" ] } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "Role1ABCC5F0": { "Type": "AWS::IAM::Role", diff --git a/packages/@aws-cdk/aws-sqs/test/test.sqs.ts b/packages/@aws-cdk/aws-sqs/test/test.sqs.ts index 87e38c2dcf2ca..ea0233578c5a6 100644 --- a/packages/@aws-cdk/aws-sqs/test/test.sqs.ts +++ b/packages/@aws-cdk/aws-sqs/test/test.sqs.ts @@ -1,4 +1,4 @@ -import { expect, haveResource } from '@aws-cdk/assert'; +import { expect, haveResource, ResourcePart } from '@aws-cdk/assert'; import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; import { CfnParameter, Duration, Stack, App } from '@aws-cdk/core'; @@ -18,10 +18,16 @@ export = { 'Resources': { 'Queue4A7E3555': { 'Type': 'AWS::SQS::Queue', + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); + expect(stack).to(haveResource('AWS::SQS::Queue', { + DeletionPolicy: 'Delete', + }, ResourcePart.CompleteDefinition)); + test.done(); }, 'with a dead letter queue'(test: Test) { @@ -33,6 +39,8 @@ export = { 'Resources': { 'DLQ581697C4': { 'Type': 'AWS::SQS::Queue', + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, 'Queue4A7E3555': { 'Type': 'AWS::SQS::Queue', @@ -47,6 +55,8 @@ export = { 'maxReceiveCount': 3, }, }, + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); @@ -99,6 +109,8 @@ export = { 'Ref': 'myretentionperiod', }, }, + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); @@ -119,6 +131,8 @@ export = { 'Resources': { 'MyQueueE6CA6235': { 'Type': 'AWS::SQS::Queue', + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, 'MyQueuePolicy6BBEDDAC': { 'Type': 'AWS::SQS::QueuePolicy', @@ -311,6 +325,8 @@ export = { 'Properties': { 'KmsMasterKeyId': 'alias/aws/sqs', }, + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); @@ -378,6 +394,8 @@ export = { 'QueueName': 'MyQueue.fifo', 'FifoQueue': true, }, + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); @@ -400,6 +418,8 @@ export = { 'Properties': { 'FifoQueue': true, }, + 'UpdateReplacePolicy': 'Delete', + 'DeletionPolicy': 'Delete', }, }, }); From 2753d118f4a3bb423b1d512a57a2e1ec1829c515 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 8 Feb 2021 14:14:08 +0100 Subject: [PATCH 07/37] NestedStack --- packages/@aws-cdk/core/lib/nested-stack.ts | 13 +++++++++++++ packages/@aws-cdk/core/test/stack.test.ts | 18 ++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/packages/@aws-cdk/core/lib/nested-stack.ts b/packages/@aws-cdk/core/lib/nested-stack.ts index f130d00ded80b..648211aab22f0 100644 --- a/packages/@aws-cdk/core/lib/nested-stack.ts +++ b/packages/@aws-cdk/core/lib/nested-stack.ts @@ -8,6 +8,7 @@ import { CfnStack } from './cloudformation.generated'; import { Duration } from './duration'; import { Lazy } from './lazy'; import { Names } from './names'; +import { RemovalPolicy } from './removal-policy'; import { IResolveContext } from './resolvable'; import { Stack } from './stack'; import { NestedStackSynthesizer } from './stack-synthesizers'; @@ -60,6 +61,17 @@ export interface NestedStackProps { * @default - notifications are not sent for this stack. */ readonly notificationArns?: string[]; + + /** + * Policy to apply when the nested stack is removed + * + * The default is `Destroy`, because all Removal Policies of resources inside the + * Nested Stack should already have been set correctly. You normally should + * not need to set this value. + * + * @default RemovalPolicy.DESTROY + */ + readonly removalPolicy?: RemovalPolicy; } /** @@ -126,6 +138,7 @@ export class NestedStack extends Stack { notificationArns: props.notificationArns, timeoutInMinutes: props.timeout ? props.timeout.toMinutes() : undefined, }); + this.resource.applyRemovalPolicy(props.removalPolicy ?? RemovalPolicy.DESTROY); this.nestedStackResource = this.resource; diff --git a/packages/@aws-cdk/core/test/stack.test.ts b/packages/@aws-cdk/core/test/stack.test.ts index 8891dbaa138c6..849ad10369147 100644 --- a/packages/@aws-cdk/core/test/stack.test.ts +++ b/packages/@aws-cdk/core/test/stack.test.ts @@ -640,7 +640,25 @@ describe('stack', () => { const assembly = app.synth(); expect(assembly.getStackByName(parentStack.stackName).template).toEqual({ Resources: { MyParentResource: { Type: 'Resource::Parent' } } }); expect(assembly.getStackByName(childStack.stackName).template).toEqual({ Resources: { MyChildResource: { Type: 'Resource::Child' } } }); + }); + + test('Nested Stacks are synthesized with DESTROY policy', () => { + const app = new App(); + // WHEN + const parentStack = new Stack(app, 'parent'); + const childStack = new NestedStack(parentStack, 'child'); + new CfnResource(childStack, 'ChildResource', { type: 'Resource::Child' }); + + const assembly = app.synth(); + expect(assembly.getStackByName(parentStack.stackName).template).toEqual(expect.objectContaining({ + Resources: { + childNestedStackchildNestedStackResource7408D03F: expect.objectContaining({ + Type: 'AWS::CloudFormation::Stack', + DeletionPolicy: 'Delete', + }), + }, + })); }); test('cross-stack reference (substack references parent stack)', () => { From 6a6fbadc9fed3ca86332ca1af578894ed4e979b0 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 8 Feb 2021 16:32:31 +0100 Subject: [PATCH 08/37] Update expectation --- .../test/integ.nested-stacks-docker.expected.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json b/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json index 779ad22187591..f86d0e5fea7ab 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json +++ b/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json @@ -49,7 +49,9 @@ ] ] } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Parameters": { @@ -66,4 +68,4 @@ "Description": "Artifact hash for asset \"41589ef1a760129e41441e85e58fe02db5f019ed532b8a4a20729f3245b0593b\"" } } -} +} \ No newline at end of file From 8c2e64d26c3e64e6fad8caa3e5e1b94e8750a75d Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 8 Feb 2021 17:06:51 +0100 Subject: [PATCH 09/37] Update expectations --- .../test/integ.nested-stack.expected.json | 12 ++++-- .../integ.nested-stacks-assets.expected.json | 42 ++++++++++--------- ...teg.nested-stacks-multi-refs.expected.json | 42 ++++++++++--------- .../integ.nested-stacks-multi.expected.json | 22 +++++----- ...cks-nested-export-to-sibling.expected.json | 4 +- .../integ.nested-stacks-refs1.expected.json | 4 +- .../integ.nested-stacks-refs2.expected.json | 4 +- .../integ.nested-stacks-refs3.expected.json | 8 +++- .../test/test.nested-stack.ts | 13 ++++-- 9 files changed, 89 insertions(+), 62 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stack.expected.json b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stack.expected.json index 8626fa9281ca5..d290134fa1cb6 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stack.expected.json +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stack.expected.json @@ -1,7 +1,9 @@ { "Resources": { "SubscriberQueueC193DC66": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "SubscriberQueuePolicy25A0799E": { "Type": "AWS::SQS::QueuePolicy", @@ -196,7 +198,9 @@ "Ref": "SubscriberQueueC193DC66" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "NestedStack2NestedStackNestedStack2NestedStackResourceFDF82E43": { "Type": "AWS::CloudFormation::Stack", @@ -250,7 +254,9 @@ "Parameters": { "TopicNamePrefix": "Prefix2" } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-assets.expected.json b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-assets.expected.json index d18d72744be00..45b52a4c8016d 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-assets.expected.json +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-assets.expected.json @@ -17,7 +17,7 @@ }, "/", { - "Ref": "AssetParameters28e3582cfc7c551f42435f44110c499fb2c415fe0f02a02a77139cf43edd1145S3BucketFDBB032A" + "Ref": "AssetParameters7bd7ccfde94a4ad94f13971f10733ee01020eb6d7538b7a5c2b05966db2c0aabS3Bucket2E4E0318" }, "/", { @@ -27,7 +27,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters28e3582cfc7c551f42435f44110c499fb2c415fe0f02a02a77139cf43edd1145S3VersionKey58263016" + "Ref": "AssetParameters7bd7ccfde94a4ad94f13971f10733ee01020eb6d7538b7a5c2b05966db2c0aabS3VersionKeyF6AB1DF2" } ] } @@ -40,7 +40,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters28e3582cfc7c551f42435f44110c499fb2c415fe0f02a02a77139cf43edd1145S3VersionKey58263016" + "Ref": "AssetParameters7bd7ccfde94a4ad94f13971f10733ee01020eb6d7538b7a5c2b05966db2c0aabS3VersionKeyF6AB1DF2" } ] } @@ -50,40 +50,42 @@ ] }, "Parameters": { - "referencetonestedstacksassetsAssetParametersb13aad60258df1fbe5fb1312a7b2f8f25c03b3e07113782f7c12f00e023e148aS3BucketE2268D38Ref": { - "Ref": "AssetParametersb13aad60258df1fbe5fb1312a7b2f8f25c03b3e07113782f7c12f00e023e148aS3BucketC5E2D427" + "referencetonestedstacksassetsAssetParametersbbe209afddb09a12327bab7a105e085758a29b769b5b4bf5b6320ac41b05fc51S3BucketFE27EEBCRef": { + "Ref": "AssetParametersbbe209afddb09a12327bab7a105e085758a29b769b5b4bf5b6320ac41b05fc51S3Bucket8C5997AB" }, - "referencetonestedstacksassetsAssetParametersb13aad60258df1fbe5fb1312a7b2f8f25c03b3e07113782f7c12f00e023e148aS3VersionKeyD31C6796Ref": { - "Ref": "AssetParametersb13aad60258df1fbe5fb1312a7b2f8f25c03b3e07113782f7c12f00e023e148aS3VersionKey31422F11" + "referencetonestedstacksassetsAssetParametersbbe209afddb09a12327bab7a105e085758a29b769b5b4bf5b6320ac41b05fc51S3VersionKey24D35F02Ref": { + "Ref": "AssetParametersbbe209afddb09a12327bab7a105e085758a29b769b5b4bf5b6320ac41b05fc51S3VersionKey81BEC7FB" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Parameters": { - "AssetParametersb13aad60258df1fbe5fb1312a7b2f8f25c03b3e07113782f7c12f00e023e148aS3BucketC5E2D427": { + "AssetParametersbbe209afddb09a12327bab7a105e085758a29b769b5b4bf5b6320ac41b05fc51S3Bucket8C5997AB": { "Type": "String", - "Description": "S3 bucket for asset \"b13aad60258df1fbe5fb1312a7b2f8f25c03b3e07113782f7c12f00e023e148a\"" + "Description": "S3 bucket for asset \"bbe209afddb09a12327bab7a105e085758a29b769b5b4bf5b6320ac41b05fc51\"" }, - "AssetParametersb13aad60258df1fbe5fb1312a7b2f8f25c03b3e07113782f7c12f00e023e148aS3VersionKey31422F11": { + "AssetParametersbbe209afddb09a12327bab7a105e085758a29b769b5b4bf5b6320ac41b05fc51S3VersionKey81BEC7FB": { "Type": "String", - "Description": "S3 key for asset version \"b13aad60258df1fbe5fb1312a7b2f8f25c03b3e07113782f7c12f00e023e148a\"" + "Description": "S3 key for asset version \"bbe209afddb09a12327bab7a105e085758a29b769b5b4bf5b6320ac41b05fc51\"" }, - "AssetParametersb13aad60258df1fbe5fb1312a7b2f8f25c03b3e07113782f7c12f00e023e148aArtifactHash2897446E": { + "AssetParametersbbe209afddb09a12327bab7a105e085758a29b769b5b4bf5b6320ac41b05fc51ArtifactHashB77349F4": { "Type": "String", - "Description": "Artifact hash for asset \"b13aad60258df1fbe5fb1312a7b2f8f25c03b3e07113782f7c12f00e023e148a\"" + "Description": "Artifact hash for asset \"bbe209afddb09a12327bab7a105e085758a29b769b5b4bf5b6320ac41b05fc51\"" }, - "AssetParameters28e3582cfc7c551f42435f44110c499fb2c415fe0f02a02a77139cf43edd1145S3BucketFDBB032A": { + "AssetParameters7bd7ccfde94a4ad94f13971f10733ee01020eb6d7538b7a5c2b05966db2c0aabS3Bucket2E4E0318": { "Type": "String", - "Description": "S3 bucket for asset \"28e3582cfc7c551f42435f44110c499fb2c415fe0f02a02a77139cf43edd1145\"" + "Description": "S3 bucket for asset \"7bd7ccfde94a4ad94f13971f10733ee01020eb6d7538b7a5c2b05966db2c0aab\"" }, - "AssetParameters28e3582cfc7c551f42435f44110c499fb2c415fe0f02a02a77139cf43edd1145S3VersionKey58263016": { + "AssetParameters7bd7ccfde94a4ad94f13971f10733ee01020eb6d7538b7a5c2b05966db2c0aabS3VersionKeyF6AB1DF2": { "Type": "String", - "Description": "S3 key for asset version \"28e3582cfc7c551f42435f44110c499fb2c415fe0f02a02a77139cf43edd1145\"" + "Description": "S3 key for asset version \"7bd7ccfde94a4ad94f13971f10733ee01020eb6d7538b7a5c2b05966db2c0aab\"" }, - "AssetParameters28e3582cfc7c551f42435f44110c499fb2c415fe0f02a02a77139cf43edd1145ArtifactHash592B4471": { + "AssetParameters7bd7ccfde94a4ad94f13971f10733ee01020eb6d7538b7a5c2b05966db2c0aabArtifactHash63670210": { "Type": "String", - "Description": "Artifact hash for asset \"28e3582cfc7c551f42435f44110c499fb2c415fe0f02a02a77139cf43edd1145\"" + "Description": "Artifact hash for asset \"7bd7ccfde94a4ad94f13971f10733ee01020eb6d7538b7a5c2b05966db2c0aab\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-multi-refs.expected.json b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-multi-refs.expected.json index bc546994b8e41..8e1abf0743734 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-multi-refs.expected.json +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-multi-refs.expected.json @@ -20,7 +20,7 @@ }, "/", { - "Ref": "AssetParametersad23da1cfc8b3fd7916c6ffc7debacadf084765e62fab8acf0b8b0a9b0289f95S3BucketDB605F9E" + "Ref": "AssetParameters2fa66e9dea71b1e05ebeed281df124cbaca34247ae93c767a533b6346cc17703S3BucketD17502DC" }, "/", { @@ -30,7 +30,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersad23da1cfc8b3fd7916c6ffc7debacadf084765e62fab8acf0b8b0a9b0289f95S3VersionKey26685906" + "Ref": "AssetParameters2fa66e9dea71b1e05ebeed281df124cbaca34247ae93c767a533b6346cc17703S3VersionKeyA042251F" } ] } @@ -43,7 +43,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersad23da1cfc8b3fd7916c6ffc7debacadf084765e62fab8acf0b8b0a9b0289f95S3VersionKey26685906" + "Ref": "AssetParameters2fa66e9dea71b1e05ebeed281df124cbaca34247ae93c767a533b6346cc17703S3VersionKeyA042251F" } ] } @@ -65,14 +65,16 @@ "referencetonestedstacksmultirefsAssetParameters495a6bc36c13a0adeb3778c921d18ac4a8205f5471108fcc199a291d14855c3aS3VersionKey5F9CF809Ref": { "Ref": "AssetParameters495a6bc36c13a0adeb3778c921d18ac4a8205f5471108fcc199a291d14855c3aS3VersionKey2CCE0573" }, - "referencetonestedstacksmultirefsAssetParameterscc623add53df153cf6a7df1cea4dc90740d7be087472579110754a633ec90847S3Bucket8F1E17B9Ref": { - "Ref": "AssetParameterscc623add53df153cf6a7df1cea4dc90740d7be087472579110754a633ec90847S3Bucket9A14AA6D" + "referencetonestedstacksmultirefsAssetParametersc2fbfb6df004b51bb870bd1f5cabda73830a59765a6c766aca0e906ec1e22441S3Bucket119ED767Ref": { + "Ref": "AssetParametersc2fbfb6df004b51bb870bd1f5cabda73830a59765a6c766aca0e906ec1e22441S3BucketAF9A3A0F" }, - "referencetonestedstacksmultirefsAssetParameterscc623add53df153cf6a7df1cea4dc90740d7be087472579110754a633ec90847S3VersionKey9EEEF950Ref": { - "Ref": "AssetParameterscc623add53df153cf6a7df1cea4dc90740d7be087472579110754a633ec90847S3VersionKeyF124C0D9" + "referencetonestedstacksmultirefsAssetParametersc2fbfb6df004b51bb870bd1f5cabda73830a59765a6c766aca0e906ec1e22441S3VersionKeyDCF85FE2Ref": { + "Ref": "AssetParametersc2fbfb6df004b51bb870bd1f5cabda73830a59765a6c766aca0e906ec1e22441S3VersionKey2F85340C" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Parameters": { @@ -88,29 +90,29 @@ "Type": "String", "Description": "Artifact hash for asset \"495a6bc36c13a0adeb3778c921d18ac4a8205f5471108fcc199a291d14855c3a\"" }, - "AssetParameterscc623add53df153cf6a7df1cea4dc90740d7be087472579110754a633ec90847S3Bucket9A14AA6D": { + "AssetParametersc2fbfb6df004b51bb870bd1f5cabda73830a59765a6c766aca0e906ec1e22441S3BucketAF9A3A0F": { "Type": "String", - "Description": "S3 bucket for asset \"cc623add53df153cf6a7df1cea4dc90740d7be087472579110754a633ec90847\"" + "Description": "S3 bucket for asset \"c2fbfb6df004b51bb870bd1f5cabda73830a59765a6c766aca0e906ec1e22441\"" }, - "AssetParameterscc623add53df153cf6a7df1cea4dc90740d7be087472579110754a633ec90847S3VersionKeyF124C0D9": { + "AssetParametersc2fbfb6df004b51bb870bd1f5cabda73830a59765a6c766aca0e906ec1e22441S3VersionKey2F85340C": { "Type": "String", - "Description": "S3 key for asset version \"cc623add53df153cf6a7df1cea4dc90740d7be087472579110754a633ec90847\"" + "Description": "S3 key for asset version \"c2fbfb6df004b51bb870bd1f5cabda73830a59765a6c766aca0e906ec1e22441\"" }, - "AssetParameterscc623add53df153cf6a7df1cea4dc90740d7be087472579110754a633ec90847ArtifactHashAF64C405": { + "AssetParametersc2fbfb6df004b51bb870bd1f5cabda73830a59765a6c766aca0e906ec1e22441ArtifactHash5D93ED07": { "Type": "String", - "Description": "Artifact hash for asset \"cc623add53df153cf6a7df1cea4dc90740d7be087472579110754a633ec90847\"" + "Description": "Artifact hash for asset \"c2fbfb6df004b51bb870bd1f5cabda73830a59765a6c766aca0e906ec1e22441\"" }, - "AssetParametersad23da1cfc8b3fd7916c6ffc7debacadf084765e62fab8acf0b8b0a9b0289f95S3BucketDB605F9E": { + "AssetParameters2fa66e9dea71b1e05ebeed281df124cbaca34247ae93c767a533b6346cc17703S3BucketD17502DC": { "Type": "String", - "Description": "S3 bucket for asset \"ad23da1cfc8b3fd7916c6ffc7debacadf084765e62fab8acf0b8b0a9b0289f95\"" + "Description": "S3 bucket for asset \"2fa66e9dea71b1e05ebeed281df124cbaca34247ae93c767a533b6346cc17703\"" }, - "AssetParametersad23da1cfc8b3fd7916c6ffc7debacadf084765e62fab8acf0b8b0a9b0289f95S3VersionKey26685906": { + "AssetParameters2fa66e9dea71b1e05ebeed281df124cbaca34247ae93c767a533b6346cc17703S3VersionKeyA042251F": { "Type": "String", - "Description": "S3 key for asset version \"ad23da1cfc8b3fd7916c6ffc7debacadf084765e62fab8acf0b8b0a9b0289f95\"" + "Description": "S3 key for asset version \"2fa66e9dea71b1e05ebeed281df124cbaca34247ae93c767a533b6346cc17703\"" }, - "AssetParametersad23da1cfc8b3fd7916c6ffc7debacadf084765e62fab8acf0b8b0a9b0289f95ArtifactHashAF8D54FC": { + "AssetParameters2fa66e9dea71b1e05ebeed281df124cbaca34247ae93c767a533b6346cc17703ArtifactHash8853E261": { "Type": "String", - "Description": "Artifact hash for asset \"ad23da1cfc8b3fd7916c6ffc7debacadf084765e62fab8acf0b8b0a9b0289f95\"" + "Description": "Artifact hash for asset \"2fa66e9dea71b1e05ebeed281df124cbaca34247ae93c767a533b6346cc17703\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-multi.expected.json b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-multi.expected.json index 6a10c9252c79a..0145629ff176e 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-multi.expected.json +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-multi.expected.json @@ -17,7 +17,7 @@ }, "/", { - "Ref": "AssetParametersf94d2259295147a175eeb7f8b31856e4beb5d4d4654f0bf956ee51d5e2ee5d8eS3Bucket0211CC54" + "Ref": "AssetParameters686794a6d724e01e517bba15106edebf9db8d4bb309f0c60d5ff55a11db4a856S3BucketDF3BC15F" }, "/", { @@ -27,7 +27,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersf94d2259295147a175eeb7f8b31856e4beb5d4d4654f0bf956ee51d5e2ee5d8eS3VersionKey5D85E7DD" + "Ref": "AssetParameters686794a6d724e01e517bba15106edebf9db8d4bb309f0c60d5ff55a11db4a856S3VersionKey1BCA0E57" } ] } @@ -40,7 +40,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersf94d2259295147a175eeb7f8b31856e4beb5d4d4654f0bf956ee51d5e2ee5d8eS3VersionKey5D85E7DD" + "Ref": "AssetParameters686794a6d724e01e517bba15106edebf9db8d4bb309f0c60d5ff55a11db4a856S3VersionKey1BCA0E57" } ] } @@ -57,7 +57,9 @@ "Ref": "AssetParameterse3410ccec04414535f1c8035ce0ea42f59eedf66d0e6d0eec8bc435c4a4e809dS3VersionKey8C8E79CA" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Parameters": { @@ -73,17 +75,17 @@ "Type": "String", "Description": "Artifact hash for asset \"e3410ccec04414535f1c8035ce0ea42f59eedf66d0e6d0eec8bc435c4a4e809d\"" }, - "AssetParametersf94d2259295147a175eeb7f8b31856e4beb5d4d4654f0bf956ee51d5e2ee5d8eS3Bucket0211CC54": { + "AssetParameters686794a6d724e01e517bba15106edebf9db8d4bb309f0c60d5ff55a11db4a856S3BucketDF3BC15F": { "Type": "String", - "Description": "S3 bucket for asset \"f94d2259295147a175eeb7f8b31856e4beb5d4d4654f0bf956ee51d5e2ee5d8e\"" + "Description": "S3 bucket for asset \"686794a6d724e01e517bba15106edebf9db8d4bb309f0c60d5ff55a11db4a856\"" }, - "AssetParametersf94d2259295147a175eeb7f8b31856e4beb5d4d4654f0bf956ee51d5e2ee5d8eS3VersionKey5D85E7DD": { + "AssetParameters686794a6d724e01e517bba15106edebf9db8d4bb309f0c60d5ff55a11db4a856S3VersionKey1BCA0E57": { "Type": "String", - "Description": "S3 key for asset version \"f94d2259295147a175eeb7f8b31856e4beb5d4d4654f0bf956ee51d5e2ee5d8e\"" + "Description": "S3 key for asset version \"686794a6d724e01e517bba15106edebf9db8d4bb309f0c60d5ff55a11db4a856\"" }, - "AssetParametersf94d2259295147a175eeb7f8b31856e4beb5d4d4654f0bf956ee51d5e2ee5d8eArtifactHashD0519824": { + "AssetParameters686794a6d724e01e517bba15106edebf9db8d4bb309f0c60d5ff55a11db4a856ArtifactHash9043932C": { "Type": "String", - "Description": "Artifact hash for asset \"f94d2259295147a175eeb7f8b31856e4beb5d4d4654f0bf956ee51d5e2ee5d8e\"" + "Description": "Artifact hash for asset \"686794a6d724e01e517bba15106edebf9db8d4bb309f0c60d5ff55a11db4a856\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-nested-export-to-sibling.expected.json b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-nested-export-to-sibling.expected.json index 3cac1b07eb420..115a1f9130ae3 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-nested-export-to-sibling.expected.json +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-nested-export-to-sibling.expected.json @@ -50,7 +50,9 @@ ] ] } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs1.expected.json b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs1.expected.json index cf2e508a0f8eb..299d5005eff0f 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs1.expected.json +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs1.expected.json @@ -70,7 +70,9 @@ ] ] } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs2.expected.json b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs2.expected.json index ee7be9113bdcb..c6e818da02313 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs2.expected.json +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs2.expected.json @@ -50,7 +50,9 @@ ] ] } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs3.expected.json b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs3.expected.json index 80a2f7712026c..2ef738be2c023 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs3.expected.json +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.nested-stacks-refs3.expected.json @@ -49,7 +49,9 @@ ] ] } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "Nested2NestedStackNested2NestedStackResource877A1112": { "Type": "AWS::CloudFormation::Stack", @@ -108,7 +110,9 @@ ] } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-cloudformation/test/test.nested-stack.ts b/packages/@aws-cdk/aws-cloudformation/test/test.nested-stack.ts index 64656faf0fca3..2149c48be5fd3 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/test.nested-stack.ts +++ b/packages/@aws-cdk/aws-cloudformation/test/test.nested-stack.ts @@ -130,6 +130,8 @@ export = { Resources: { nestedstackNestedStacknestedstackNestedStackResource71CDD241: { Type: 'AWS::CloudFormation::Stack', + DeletionPolicy: 'Delete', + UpdateReplacePolicy: 'Delete', Properties: { TemplateURL: { 'Fn::Join': [ @@ -718,7 +720,10 @@ export = { }, }); - const middleStackHash = 'b2670b4c0c3fdf1d8fd9b9272bb8bf8173d18c0f67a888ba165cc569a248a84f'; + const middleStackHash = '7c426f7299a739900279ac1ece040397c1913cdf786f5228677b289f4d5e4c48'; + const bucketSuffix = 'C706B101'; + const versionSuffix = '4B193AA5'; + const hashSuffix = 'E28F0693'; // nested1 wires the nested2 template through parameters, so we expect those expect(nested1).to(haveResource('Resource::1')); @@ -735,9 +740,9 @@ export = { AssetParameters8169c6f8aaeaf5e2e8620f5f895ffe2099202ccb4b6889df48fe0967a894235cS3BucketDE3B88D6: { Type: 'String', Description: 'S3 bucket for asset "8169c6f8aaeaf5e2e8620f5f895ffe2099202ccb4b6889df48fe0967a894235c"' }, AssetParameters8169c6f8aaeaf5e2e8620f5f895ffe2099202ccb4b6889df48fe0967a894235cS3VersionKey3A62EFEA: { Type: 'String', Description: 'S3 key for asset version "8169c6f8aaeaf5e2e8620f5f895ffe2099202ccb4b6889df48fe0967a894235c"' }, AssetParameters8169c6f8aaeaf5e2e8620f5f895ffe2099202ccb4b6889df48fe0967a894235cArtifactHash7DC546E0: { Type: 'String', Description: 'Artifact hash for asset "8169c6f8aaeaf5e2e8620f5f895ffe2099202ccb4b6889df48fe0967a894235c"' }, - [`AssetParameters${middleStackHash}S3Bucket3DB431CB`]: { Type: 'String', Description: `S3 bucket for asset "${middleStackHash}"` }, - [`AssetParameters${middleStackHash}S3VersionKeyBFFDABE9`]: { Type: 'String', Description: `S3 key for asset version "${middleStackHash}"` }, - [`AssetParameters${middleStackHash}ArtifactHash8EA52875`]: { Type: 'String', Description: `Artifact hash for asset "${middleStackHash}"` }, + [`AssetParameters${middleStackHash}S3Bucket${bucketSuffix}`]: { Type: 'String', Description: `S3 bucket for asset "${middleStackHash}"` }, + [`AssetParameters${middleStackHash}S3VersionKey${versionSuffix}`]: { Type: 'String', Description: `S3 key for asset version "${middleStackHash}"` }, + [`AssetParameters${middleStackHash}ArtifactHash${hashSuffix}`]: { Type: 'String', Description: `Artifact hash for asset "${middleStackHash}"` }, }); // proxy asset params to nested stack From 45ccb5844d68d504bb4a8687b9b1cb599f0caa92 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 9 Feb 2021 10:20:51 +0100 Subject: [PATCH 10/37] Update packages/@aws-cdk/aws-cognito/lib/user-pool.ts Co-authored-by: Pat Myron --- packages/@aws-cdk/aws-cognito/lib/user-pool.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts index 17c76ed144c9e..eff29527ab4af 100644 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts +++ b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts @@ -571,7 +571,7 @@ export interface UserPoolProps { /** * Policy to apply when the user pool is removed from the stack * - * @default - The user pool will be orphaned. + * @default RemovalPolicy.RETAIN */ readonly removalPolicy?: RemovalPolicy; } From 48b49f60a7603596668d4aa936f7b29af113203f Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 9 Feb 2021 11:12:17 +0100 Subject: [PATCH 11/37] Update expectations --- ....global-replicas-provisioned.expected.json | 4 +- .../test/integ.global.expected.json | 62 ++++++++++--------- 2 files changed, 35 insertions(+), 31 deletions(-) diff --git a/packages/@aws-cdk/aws-dynamodb/test/integ.global-replicas-provisioned.expected.json b/packages/@aws-cdk/aws-dynamodb/test/integ.global-replicas-provisioned.expected.json index ec15f88fdfea8..89a9c3807fc21 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/integ.global-replicas-provisioned.expected.json +++ b/packages/@aws-cdk/aws-dynamodb/test/integ.global-replicas-provisioned.expected.json @@ -302,7 +302,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Conditions": { diff --git a/packages/@aws-cdk/aws-dynamodb/test/integ.global.expected.json b/packages/@aws-cdk/aws-dynamodb/test/integ.global.expected.json index 2301663780e86..a66dd3d965ed9 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/integ.global.expected.json +++ b/packages/@aws-cdk/aws-dynamodb/test/integ.global.expected.json @@ -231,7 +231,7 @@ }, "/", { - "Ref": "AssetParameters51ac5fed1b824803906219cb11f0c17572739bd4fb019d961cdc1fbbfefc620eS3Bucket58C634A6" + "Ref": "AssetParametersf8cfc24954f0c95960d9a93888c01bf5e95802f26bfa5dc6fde5c913a1429ceaS3Bucket434BDB62" }, "/", { @@ -241,7 +241,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters51ac5fed1b824803906219cb11f0c17572739bd4fb019d961cdc1fbbfefc620eS3VersionKeyE8ACA4C1" + "Ref": "AssetParametersf8cfc24954f0c95960d9a93888c01bf5e95802f26bfa5dc6fde5c913a1429ceaS3VersionKey01638790" } ] } @@ -254,7 +254,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters51ac5fed1b824803906219cb11f0c17572739bd4fb019d961cdc1fbbfefc620eS3VersionKeyE8ACA4C1" + "Ref": "AssetParametersf8cfc24954f0c95960d9a93888c01bf5e95802f26bfa5dc6fde5c913a1429ceaS3VersionKey01638790" } ] } @@ -264,58 +264,60 @@ ] }, "Parameters": { - "referencetocdkdynamodbglobal20191121AssetParameters23c5f8cc1bdef276fc20dbb166d24d1b7d8cb516a5d5822ed0d38feec9631fd1S3BucketFE71C2D0Ref": { - "Ref": "AssetParameters23c5f8cc1bdef276fc20dbb166d24d1b7d8cb516a5d5822ed0d38feec9631fd1S3Bucket492F02B7" + "referencetocdkdynamodbglobal20191121AssetParametersf13d472270faaa08099009152a8848a0e7434b14773f3c3f94acca6f6c3ae714S3Bucket71E24D5BRef": { + "Ref": "AssetParametersf13d472270faaa08099009152a8848a0e7434b14773f3c3f94acca6f6c3ae714S3Bucket1C6779E0" }, - "referencetocdkdynamodbglobal20191121AssetParameters23c5f8cc1bdef276fc20dbb166d24d1b7d8cb516a5d5822ed0d38feec9631fd1S3VersionKey849A4FA5Ref": { - "Ref": "AssetParameters23c5f8cc1bdef276fc20dbb166d24d1b7d8cb516a5d5822ed0d38feec9631fd1S3VersionKeyC7F72494" + "referencetocdkdynamodbglobal20191121AssetParametersf13d472270faaa08099009152a8848a0e7434b14773f3c3f94acca6f6c3ae714S3VersionKeyD88E8BACRef": { + "Ref": "AssetParametersf13d472270faaa08099009152a8848a0e7434b14773f3c3f94acca6f6c3ae714S3VersionKey5C1D9275" }, - "referencetocdkdynamodbglobal20191121AssetParameters956c2f92ddbde06f551fdf914445c679dcadb21c6e8d1ee9c9632144ef5a2ad3S3Bucket80086951Ref": { - "Ref": "AssetParameters956c2f92ddbde06f551fdf914445c679dcadb21c6e8d1ee9c9632144ef5a2ad3S3Bucket0EEA1C2E" + "referencetocdkdynamodbglobal20191121AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketC7F3A147Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" }, - "referencetocdkdynamodbglobal20191121AssetParameters956c2f92ddbde06f551fdf914445c679dcadb21c6e8d1ee9c9632144ef5a2ad3S3VersionKeyC3096D21Ref": { - "Ref": "AssetParameters956c2f92ddbde06f551fdf914445c679dcadb21c6e8d1ee9c9632144ef5a2ad3S3VersionKey7BCE18C9" + "referencetocdkdynamodbglobal20191121AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyB6346792Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Parameters": { - "AssetParameters23c5f8cc1bdef276fc20dbb166d24d1b7d8cb516a5d5822ed0d38feec9631fd1S3Bucket492F02B7": { + "AssetParametersf13d472270faaa08099009152a8848a0e7434b14773f3c3f94acca6f6c3ae714S3Bucket1C6779E0": { "Type": "String", - "Description": "S3 bucket for asset \"23c5f8cc1bdef276fc20dbb166d24d1b7d8cb516a5d5822ed0d38feec9631fd1\"" + "Description": "S3 bucket for asset \"f13d472270faaa08099009152a8848a0e7434b14773f3c3f94acca6f6c3ae714\"" }, - "AssetParameters23c5f8cc1bdef276fc20dbb166d24d1b7d8cb516a5d5822ed0d38feec9631fd1S3VersionKeyC7F72494": { + "AssetParametersf13d472270faaa08099009152a8848a0e7434b14773f3c3f94acca6f6c3ae714S3VersionKey5C1D9275": { "Type": "String", - "Description": "S3 key for asset version \"23c5f8cc1bdef276fc20dbb166d24d1b7d8cb516a5d5822ed0d38feec9631fd1\"" + "Description": "S3 key for asset version \"f13d472270faaa08099009152a8848a0e7434b14773f3c3f94acca6f6c3ae714\"" }, - "AssetParameters23c5f8cc1bdef276fc20dbb166d24d1b7d8cb516a5d5822ed0d38feec9631fd1ArtifactHash43BB7053": { + "AssetParametersf13d472270faaa08099009152a8848a0e7434b14773f3c3f94acca6f6c3ae714ArtifactHash477AAEA7": { "Type": "String", - "Description": "Artifact hash for asset \"23c5f8cc1bdef276fc20dbb166d24d1b7d8cb516a5d5822ed0d38feec9631fd1\"" + "Description": "Artifact hash for asset \"f13d472270faaa08099009152a8848a0e7434b14773f3c3f94acca6f6c3ae714\"" }, - "AssetParameters956c2f92ddbde06f551fdf914445c679dcadb21c6e8d1ee9c9632144ef5a2ad3S3Bucket0EEA1C2E": { + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { "Type": "String", - "Description": "S3 bucket for asset \"956c2f92ddbde06f551fdf914445c679dcadb21c6e8d1ee9c9632144ef5a2ad3\"" + "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" }, - "AssetParameters956c2f92ddbde06f551fdf914445c679dcadb21c6e8d1ee9c9632144ef5a2ad3S3VersionKey7BCE18C9": { + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { "Type": "String", - "Description": "S3 key for asset version \"956c2f92ddbde06f551fdf914445c679dcadb21c6e8d1ee9c9632144ef5a2ad3\"" + "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" }, - "AssetParameters956c2f92ddbde06f551fdf914445c679dcadb21c6e8d1ee9c9632144ef5a2ad3ArtifactHash2CBB11D2": { + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { "Type": "String", - "Description": "Artifact hash for asset \"956c2f92ddbde06f551fdf914445c679dcadb21c6e8d1ee9c9632144ef5a2ad3\"" + "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" }, - "AssetParameters51ac5fed1b824803906219cb11f0c17572739bd4fb019d961cdc1fbbfefc620eS3Bucket58C634A6": { + "AssetParametersf8cfc24954f0c95960d9a93888c01bf5e95802f26bfa5dc6fde5c913a1429ceaS3Bucket434BDB62": { "Type": "String", - "Description": "S3 bucket for asset \"51ac5fed1b824803906219cb11f0c17572739bd4fb019d961cdc1fbbfefc620e\"" + "Description": "S3 bucket for asset \"f8cfc24954f0c95960d9a93888c01bf5e95802f26bfa5dc6fde5c913a1429cea\"" }, - "AssetParameters51ac5fed1b824803906219cb11f0c17572739bd4fb019d961cdc1fbbfefc620eS3VersionKeyE8ACA4C1": { + "AssetParametersf8cfc24954f0c95960d9a93888c01bf5e95802f26bfa5dc6fde5c913a1429ceaS3VersionKey01638790": { "Type": "String", - "Description": "S3 key for asset version \"51ac5fed1b824803906219cb11f0c17572739bd4fb019d961cdc1fbbfefc620e\"" + "Description": "S3 key for asset version \"f8cfc24954f0c95960d9a93888c01bf5e95802f26bfa5dc6fde5c913a1429cea\"" }, - "AssetParameters51ac5fed1b824803906219cb11f0c17572739bd4fb019d961cdc1fbbfefc620eArtifactHashDF827F41": { + "AssetParametersf8cfc24954f0c95960d9a93888c01bf5e95802f26bfa5dc6fde5c913a1429ceaArtifactHashD0E61C22": { "Type": "String", - "Description": "Artifact hash for asset \"51ac5fed1b824803906219cb11f0c17572739bd4fb019d961cdc1fbbfefc620e\"" + "Description": "Artifact hash for asset \"f8cfc24954f0c95960d9a93888c01bf5e95802f26bfa5dc6fde5c913a1429cea\"" } } } \ No newline at end of file From f25897b5e663ee1b9346ba07f06610c183ee0940 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 9 Feb 2021 14:39:03 +0100 Subject: [PATCH 12/37] Update expectation --- .../test/integ.cognito.lit.expected.json | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2-actions/test/integ.cognito.lit.expected.json b/packages/@aws-cdk/aws-elasticloadbalancingv2-actions/test/integ.cognito.lit.expected.json index 7aeccb623d6dd..206ab8458383d 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2-actions/test/integ.cognito.lit.expected.json +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2-actions/test/integ.cognito.lit.expected.json @@ -450,22 +450,28 @@ "LoadBalancerArn": { "Ref": "LB8A12904C" }, - "Port": 443, - "Protocol": "HTTPS", "Certificates": [ { "CertificateArn": "" } - ] + ], + "Port": 443, + "Protocol": "HTTPS" } }, "UserPool6BA7E5F2": { "Type": "AWS::Cognito::UserPool", "Properties": { - "AccountRecoverySetting": { + "AccountRecoverySetting": { "RecoveryMechanisms": [ - { "Name": "verified_phone_number", "Priority": 1 }, - { "Name": "verified_email", "Priority": 2 } + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } ] }, "AdminCreateUserConfig": { @@ -480,7 +486,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" }, "Client4A7F64DF": { "Type": "AWS::Cognito::UserPoolClient", @@ -544,4 +552,4 @@ } } } -} +} \ No newline at end of file From 994d8c3a5374b193b719904a1d4664aacc74d2a1 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 9 Feb 2021 15:30:19 +0100 Subject: [PATCH 13/37] Update expectations --- .../integ.cognito-authorizer.expected.json | 4 +++- .../test/integ.restapi-import.lit.expected.json | 12 +++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/test/authorizers/integ.cognito-authorizer.expected.json b/packages/@aws-cdk/aws-apigateway/test/authorizers/integ.cognito-authorizer.expected.json index 990619cb495d4..ef5bfef19c2c3 100644 --- a/packages/@aws-cdk/aws-apigateway/test/authorizers/integ.cognito-authorizer.expected.json +++ b/packages/@aws-cdk/aws-apigateway/test/authorizers/integ.cognito-authorizer.expected.json @@ -27,7 +27,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" }, "myauthorizer23CB99DD": { "Type": "AWS::ApiGateway::Authorizer", diff --git a/packages/@aws-cdk/aws-apigateway/test/integ.restapi-import.lit.expected.json b/packages/@aws-cdk/aws-apigateway/test/integ.restapi-import.lit.expected.json index 349ae37ce27c8..54805c9f2e682 100644 --- a/packages/@aws-cdk/aws-apigateway/test/integ.restapi-import.lit.expected.json +++ b/packages/@aws-cdk/aws-apigateway/test/integ.restapi-import.lit.expected.json @@ -130,7 +130,9 @@ "Ref": "RestApi0C43BF4B" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "integrestapiimportBooksStackNestedStackintegrestapiimportBooksStackNestedStackResource395C2C9B": { "Type": "AWS::CloudFormation::Stack", @@ -192,7 +194,9 @@ "Ref": "RestApi0C43BF4B" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "integrestapiimportDeployStackNestedStackintegrestapiimportDeployStackNestedStackResource0D0EE737": { "Type": "AWS::CloudFormation::Stack", @@ -252,7 +256,9 @@ "DependsOn": [ "integrestapiimportBooksStackNestedStackintegrestapiimportBooksStackNestedStackResource395C2C9B", "integrestapiimportPetsStackNestedStackintegrestapiimportPetsStackNestedStackResource2B31898B" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Outputs": { From 19a73330ef6483b340b7d9d937567654a3b88577 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 9 Feb 2021 16:14:44 +0100 Subject: [PATCH 14/37] Update expectations --- .../test/integ.kinesiswithdlq.expected.json | 18 ++++++++++-------- .../test/integ.sqs.expected.json | 16 +++++++++------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json index 0e57bd7dc85d1..4d0a6c1a54707 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json @@ -93,13 +93,13 @@ "Code": { "ZipFile": "exports.handler = async function handler(event) {\n // eslint-disable-next-line no-console\n console.log('event:', JSON.stringify(event, undefined, 2));\n throw new Error();\n}" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "FServiceRole3AC82EE1", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -110,12 +110,6 @@ "FKinesisEventSourcelambdaeventsourcekinesiswithdlqSD357FCB87EEA8CB4": { "Type": "AWS::Lambda::EventSourceMapping", "Properties": { - "EventSourceArn": { - "Fn::GetAtt": [ - "S509448A1", - "Arn" - ] - }, "FunctionName": { "Ref": "FC4345940" }, @@ -130,6 +124,12 @@ } } }, + "EventSourceArn": { + "Fn::GetAtt": [ + "S509448A1", + "Arn" + ] + }, "MaximumRetryAttempts": 0, "StartingPosition": "TRIM_HORIZON" } @@ -154,7 +154,9 @@ } }, "Q63C6E3AB": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json index e0bc8e07fece0..9f5565aff21d6 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json @@ -69,13 +69,13 @@ "Code": { "ZipFile": "exports.handler = async function handler(event) {\n console.log('event:', JSON.stringify(event, undefined, 2));\n return { event };\n}" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "FServiceRole3AC82EE1", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -86,20 +86,22 @@ "FSqsEventSourcelambdaeventsourcesqsQ67DE9201754EC819": { "Type": "AWS::Lambda::EventSourceMapping", "Properties": { + "FunctionName": { + "Ref": "FC4345940" + }, + "BatchSize": 5, "EventSourceArn": { "Fn::GetAtt": [ "Q63C6E3AB", "Arn" ] - }, - "FunctionName": { - "Ref": "FC4345940" - }, - "BatchSize": 5 + } } }, "Q63C6E3AB": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } } } \ No newline at end of file From 35df7861ce2610e17d5f2a62895214d5f155d0af Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 10 Feb 2021 11:05:50 +0100 Subject: [PATCH 15/37] Update expectations --- ...teg.eks-cluster-handlers-vpc.expected.json | 84 ++++++++++--------- ...eks-cluster-private-endpoint.expected.json | 84 ++++++++++--------- .../test/integ.eks-cluster.expected.json | 54 ++++++------ .../test/integ.fargate-cluster.expected.json | 84 ++++++++++--------- 4 files changed, 161 insertions(+), 145 deletions(-) diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-handlers-vpc.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-handlers-vpc.expected.json index 82488919bedb9..484dce7b9a079 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-handlers-vpc.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-handlers-vpc.expected.json @@ -1129,7 +1129,7 @@ }, "/", { - "Ref": "AssetParameters1a2bf12b9f0cf5ab2c838e7dd9be4d485bbf32056d6d5333bce57e49d12a172cS3Bucket151BE34C" + "Ref": "AssetParameters70396475d85a52e5c6ccad77894979d07433a207ea3c2668b929f3e70ffde081S3BucketFCD070AE" }, "/", { @@ -1139,7 +1139,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1a2bf12b9f0cf5ab2c838e7dd9be4d485bbf32056d6d5333bce57e49d12a172cS3VersionKey89E7CC67" + "Ref": "AssetParameters70396475d85a52e5c6ccad77894979d07433a207ea3c2668b929f3e70ffde081S3VersionKeyD47BE42B" } ] } @@ -1152,7 +1152,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1a2bf12b9f0cf5ab2c838e7dd9be4d485bbf32056d6d5333bce57e49d12a172cS3VersionKey89E7CC67" + "Ref": "AssetParameters70396475d85a52e5c6ccad77894979d07433a207ea3c2668b929f3e70ffde081S3VersionKeyD47BE42B" } ] } @@ -1193,7 +1193,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { "Type": "AWS::CloudFormation::Stack", @@ -1208,7 +1210,7 @@ }, "/", { - "Ref": "AssetParameters11ba420a0c99f0c77f563fb974e76d6110b4445114137af1fe1b69b0d366d2d7S3BucketE510C342" + "Ref": "AssetParameters3a065cef8968eb7f7e62ccb379c68400a56c31aceb97265d4e8f5f4620452db9S3Bucket7930790A" }, "/", { @@ -1218,7 +1220,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters11ba420a0c99f0c77f563fb974e76d6110b4445114137af1fe1b69b0d366d2d7S3VersionKeyD31A83B6" + "Ref": "AssetParameters3a065cef8968eb7f7e62ccb379c68400a56c31aceb97265d4e8f5f4620452db9S3VersionKey648E56F4" } ] } @@ -1231,7 +1233,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters11ba420a0c99f0c77f563fb974e76d6110b4445114137af1fe1b69b0d366d2d7S3VersionKeyD31A83B6" + "Ref": "AssetParameters3a065cef8968eb7f7e62ccb379c68400a56c31aceb97265d4e8f5f4620452db9S3VersionKey648E56F4" } ] } @@ -1274,17 +1276,17 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkekshandlersinvpctestAssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3BucketC0281AE8Ref": { - "Ref": "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3Bucket6DACDE73" + "referencetoawscdkekshandlersinvpctestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3Bucket124CC58FRef": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" }, - "referencetoawscdkekshandlersinvpctestAssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3VersionKeyD6BA7117Ref": { - "Ref": "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3VersionKey015AEA61" + "referencetoawscdkekshandlersinvpctestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyF4C27F59Ref": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" }, - "referencetoawscdkekshandlersinvpctestAssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3Bucket88622CD5Ref": { - "Ref": "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3Bucket7EE7EA15" + "referencetoawscdkekshandlersinvpctestAssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket68F78FB6Ref": { + "Ref": "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket6ABE1927" }, - "referencetoawscdkekshandlersinvpctestAssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3VersionKey1C342D31Ref": { - "Ref": "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3VersionKey6C948E78" + "referencetoawscdkekshandlersinvpctestAssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyCE91E7FDRef": { + "Ref": "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyF55A2EA9" }, "referencetoawscdkekshandlersinvpctestEksAllHandlersInVpcStackDefaultVpcE40EA7ACRef": { "Ref": "EksAllHandlersInVpcStackDefaultVpcBE11D4AE" @@ -1296,7 +1298,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Outputs": { @@ -1378,53 +1382,53 @@ "Type": "String", "Description": "Artifact hash for asset \"bafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757\"" }, - "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3Bucket6DACDE73": { + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { "Type": "String", - "Description": "S3 bucket for asset \"efd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1\"" + "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3VersionKey015AEA61": { + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { "Type": "String", - "Description": "S3 key for asset version \"efd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1\"" + "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1ArtifactHashC9FD06BA": { + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { "Type": "String", - "Description": "Artifact hash for asset \"efd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1\"" + "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3Bucket7EE7EA15": { + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket6ABE1927": { "Type": "String", - "Description": "S3 bucket for asset \"b61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449f\"" + "Description": "S3 bucket for asset \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" }, - "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3VersionKey6C948E78": { + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyF55A2EA9": { "Type": "String", - "Description": "S3 key for asset version \"b61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449f\"" + "Description": "S3 key for asset version \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" }, - "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fArtifactHash7E705796": { + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0ArtifactHash1D7A2D6E": { "Type": "String", - "Description": "Artifact hash for asset \"b61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449f\"" + "Description": "Artifact hash for asset \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" }, - "AssetParameters1a2bf12b9f0cf5ab2c838e7dd9be4d485bbf32056d6d5333bce57e49d12a172cS3Bucket151BE34C": { + "AssetParameters70396475d85a52e5c6ccad77894979d07433a207ea3c2668b929f3e70ffde081S3BucketFCD070AE": { "Type": "String", - "Description": "S3 bucket for asset \"1a2bf12b9f0cf5ab2c838e7dd9be4d485bbf32056d6d5333bce57e49d12a172c\"" + "Description": "S3 bucket for asset \"70396475d85a52e5c6ccad77894979d07433a207ea3c2668b929f3e70ffde081\"" }, - "AssetParameters1a2bf12b9f0cf5ab2c838e7dd9be4d485bbf32056d6d5333bce57e49d12a172cS3VersionKey89E7CC67": { + "AssetParameters70396475d85a52e5c6ccad77894979d07433a207ea3c2668b929f3e70ffde081S3VersionKeyD47BE42B": { "Type": "String", - "Description": "S3 key for asset version \"1a2bf12b9f0cf5ab2c838e7dd9be4d485bbf32056d6d5333bce57e49d12a172c\"" + "Description": "S3 key for asset version \"70396475d85a52e5c6ccad77894979d07433a207ea3c2668b929f3e70ffde081\"" }, - "AssetParameters1a2bf12b9f0cf5ab2c838e7dd9be4d485bbf32056d6d5333bce57e49d12a172cArtifactHashAEE8C2AB": { + "AssetParameters70396475d85a52e5c6ccad77894979d07433a207ea3c2668b929f3e70ffde081ArtifactHashF56FF52E": { "Type": "String", - "Description": "Artifact hash for asset \"1a2bf12b9f0cf5ab2c838e7dd9be4d485bbf32056d6d5333bce57e49d12a172c\"" + "Description": "Artifact hash for asset \"70396475d85a52e5c6ccad77894979d07433a207ea3c2668b929f3e70ffde081\"" }, - "AssetParameters11ba420a0c99f0c77f563fb974e76d6110b4445114137af1fe1b69b0d366d2d7S3BucketE510C342": { + "AssetParameters3a065cef8968eb7f7e62ccb379c68400a56c31aceb97265d4e8f5f4620452db9S3Bucket7930790A": { "Type": "String", - "Description": "S3 bucket for asset \"11ba420a0c99f0c77f563fb974e76d6110b4445114137af1fe1b69b0d366d2d7\"" + "Description": "S3 bucket for asset \"3a065cef8968eb7f7e62ccb379c68400a56c31aceb97265d4e8f5f4620452db9\"" }, - "AssetParameters11ba420a0c99f0c77f563fb974e76d6110b4445114137af1fe1b69b0d366d2d7S3VersionKeyD31A83B6": { + "AssetParameters3a065cef8968eb7f7e62ccb379c68400a56c31aceb97265d4e8f5f4620452db9S3VersionKey648E56F4": { "Type": "String", - "Description": "S3 key for asset version \"11ba420a0c99f0c77f563fb974e76d6110b4445114137af1fe1b69b0d366d2d7\"" + "Description": "S3 key for asset version \"3a065cef8968eb7f7e62ccb379c68400a56c31aceb97265d4e8f5f4620452db9\"" }, - "AssetParameters11ba420a0c99f0c77f563fb974e76d6110b4445114137af1fe1b69b0d366d2d7ArtifactHash1C37295C": { + "AssetParameters3a065cef8968eb7f7e62ccb379c68400a56c31aceb97265d4e8f5f4620452db9ArtifactHash66195F00": { "Type": "String", - "Description": "Artifact hash for asset \"11ba420a0c99f0c77f563fb974e76d6110b4445114137af1fe1b69b0d366d2d7\"" + "Description": "Artifact hash for asset \"3a065cef8968eb7f7e62ccb379c68400a56c31aceb97265d4e8f5f4620452db9\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-private-endpoint.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-private-endpoint.expected.json index f76e62c73ee73..0d19f29be9254 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-private-endpoint.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-private-endpoint.expected.json @@ -1062,7 +1062,7 @@ }, "/", { - "Ref": "AssetParameters84ba29b05aaf6a233dbb97b37e48eb1300f9d014f270252e29a8b2c22d6a08beS3Bucket9E737267" + "Ref": "AssetParameters75667ab2bbef2c8efc57fb73bf352f345af1d471fb09cb11f5b7bc27d009b609S3BucketA8C94679" }, "/", { @@ -1072,7 +1072,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters84ba29b05aaf6a233dbb97b37e48eb1300f9d014f270252e29a8b2c22d6a08beS3VersionKeyD5E002BC" + "Ref": "AssetParameters75667ab2bbef2c8efc57fb73bf352f345af1d471fb09cb11f5b7bc27d009b609S3VersionKey3777DB64" } ] } @@ -1085,7 +1085,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters84ba29b05aaf6a233dbb97b37e48eb1300f9d014f270252e29a8b2c22d6a08beS3VersionKeyD5E002BC" + "Ref": "AssetParameters75667ab2bbef2c8efc57fb73bf352f345af1d471fb09cb11f5b7bc27d009b609S3VersionKey3777DB64" } ] } @@ -1114,7 +1114,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { "Type": "AWS::CloudFormation::Stack", @@ -1129,7 +1131,7 @@ }, "/", { - "Ref": "AssetParameters2e2ec0fae5975d4ee5f3580e522c46615c1bd344e0302bc5d2df7501b7bb1ad0S3Bucket8FBFE327" + "Ref": "AssetParameterseb49ce353c5ff251ebe2c3225fe00fb3e9a68fcd8b10207e63a36bfc6e981519S3Bucket686DCA97" }, "/", { @@ -1139,7 +1141,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters2e2ec0fae5975d4ee5f3580e522c46615c1bd344e0302bc5d2df7501b7bb1ad0S3VersionKeyF5A05918" + "Ref": "AssetParameterseb49ce353c5ff251ebe2c3225fe00fb3e9a68fcd8b10207e63a36bfc6e981519S3VersionKey7EDC0140" } ] } @@ -1152,7 +1154,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters2e2ec0fae5975d4ee5f3580e522c46615c1bd344e0302bc5d2df7501b7bb1ad0S3VersionKeyF5A05918" + "Ref": "AssetParameterseb49ce353c5ff251ebe2c3225fe00fb3e9a68fcd8b10207e63a36bfc6e981519S3VersionKey7EDC0140" } ] } @@ -1195,17 +1197,17 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3Bucket4A0D6BE2Ref": { - "Ref": "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3Bucket6DACDE73" + "referencetoawscdkeksclusterprivateendpointtestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketFD6C4D26Ref": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3VersionKey6D9B8A02Ref": { - "Ref": "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3VersionKey015AEA61" + "referencetoawscdkeksclusterprivateendpointtestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey69E4725CRef": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3BucketD44FB215Ref": { - "Ref": "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3Bucket7EE7EA15" + "referencetoawscdkeksclusterprivateendpointtestAssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket5323F34ARef": { + "Ref": "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket6ABE1927" }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3VersionKey6C30661CRef": { - "Ref": "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3VersionKey6C948E78" + "referencetoawscdkeksclusterprivateendpointtestAssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKey548D79B4Ref": { + "Ref": "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyF55A2EA9" }, "referencetoawscdkeksclusterprivateendpointtestVpcFCD064BFRef": { "Ref": "Vpc8378EB38" @@ -1217,7 +1219,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Outputs": { @@ -1299,53 +1303,53 @@ "Type": "String", "Description": "Artifact hash for asset \"bafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757\"" }, - "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3Bucket6DACDE73": { + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { "Type": "String", - "Description": "S3 bucket for asset \"efd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1\"" + "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3VersionKey015AEA61": { + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { "Type": "String", - "Description": "S3 key for asset version \"efd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1\"" + "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1ArtifactHashC9FD06BA": { + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { "Type": "String", - "Description": "Artifact hash for asset \"efd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1\"" + "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3Bucket7EE7EA15": { + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket6ABE1927": { "Type": "String", - "Description": "S3 bucket for asset \"b61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449f\"" + "Description": "S3 bucket for asset \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" }, - "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3VersionKey6C948E78": { + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyF55A2EA9": { "Type": "String", - "Description": "S3 key for asset version \"b61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449f\"" + "Description": "S3 key for asset version \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" }, - "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fArtifactHash7E705796": { + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0ArtifactHash1D7A2D6E": { "Type": "String", - "Description": "Artifact hash for asset \"b61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449f\"" + "Description": "Artifact hash for asset \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" }, - "AssetParameters84ba29b05aaf6a233dbb97b37e48eb1300f9d014f270252e29a8b2c22d6a08beS3Bucket9E737267": { + "AssetParameters75667ab2bbef2c8efc57fb73bf352f345af1d471fb09cb11f5b7bc27d009b609S3BucketA8C94679": { "Type": "String", - "Description": "S3 bucket for asset \"84ba29b05aaf6a233dbb97b37e48eb1300f9d014f270252e29a8b2c22d6a08be\"" + "Description": "S3 bucket for asset \"75667ab2bbef2c8efc57fb73bf352f345af1d471fb09cb11f5b7bc27d009b609\"" }, - "AssetParameters84ba29b05aaf6a233dbb97b37e48eb1300f9d014f270252e29a8b2c22d6a08beS3VersionKeyD5E002BC": { + "AssetParameters75667ab2bbef2c8efc57fb73bf352f345af1d471fb09cb11f5b7bc27d009b609S3VersionKey3777DB64": { "Type": "String", - "Description": "S3 key for asset version \"84ba29b05aaf6a233dbb97b37e48eb1300f9d014f270252e29a8b2c22d6a08be\"" + "Description": "S3 key for asset version \"75667ab2bbef2c8efc57fb73bf352f345af1d471fb09cb11f5b7bc27d009b609\"" }, - "AssetParameters84ba29b05aaf6a233dbb97b37e48eb1300f9d014f270252e29a8b2c22d6a08beArtifactHashDF0A0444": { + "AssetParameters75667ab2bbef2c8efc57fb73bf352f345af1d471fb09cb11f5b7bc27d009b609ArtifactHash14CC8C95": { "Type": "String", - "Description": "Artifact hash for asset \"84ba29b05aaf6a233dbb97b37e48eb1300f9d014f270252e29a8b2c22d6a08be\"" + "Description": "Artifact hash for asset \"75667ab2bbef2c8efc57fb73bf352f345af1d471fb09cb11f5b7bc27d009b609\"" }, - "AssetParameters2e2ec0fae5975d4ee5f3580e522c46615c1bd344e0302bc5d2df7501b7bb1ad0S3Bucket8FBFE327": { + "AssetParameterseb49ce353c5ff251ebe2c3225fe00fb3e9a68fcd8b10207e63a36bfc6e981519S3Bucket686DCA97": { "Type": "String", - "Description": "S3 bucket for asset \"2e2ec0fae5975d4ee5f3580e522c46615c1bd344e0302bc5d2df7501b7bb1ad0\"" + "Description": "S3 bucket for asset \"eb49ce353c5ff251ebe2c3225fe00fb3e9a68fcd8b10207e63a36bfc6e981519\"" }, - "AssetParameters2e2ec0fae5975d4ee5f3580e522c46615c1bd344e0302bc5d2df7501b7bb1ad0S3VersionKeyF5A05918": { + "AssetParameterseb49ce353c5ff251ebe2c3225fe00fb3e9a68fcd8b10207e63a36bfc6e981519S3VersionKey7EDC0140": { "Type": "String", - "Description": "S3 key for asset version \"2e2ec0fae5975d4ee5f3580e522c46615c1bd344e0302bc5d2df7501b7bb1ad0\"" + "Description": "S3 key for asset version \"eb49ce353c5ff251ebe2c3225fe00fb3e9a68fcd8b10207e63a36bfc6e981519\"" }, - "AssetParameters2e2ec0fae5975d4ee5f3580e522c46615c1bd344e0302bc5d2df7501b7bb1ad0ArtifactHashDFBC9DE7": { + "AssetParameterseb49ce353c5ff251ebe2c3225fe00fb3e9a68fcd8b10207e63a36bfc6e981519ArtifactHashE5817DEB": { "Type": "String", - "Description": "Artifact hash for asset \"2e2ec0fae5975d4ee5f3580e522c46615c1bd344e0302bc5d2df7501b7bb1ad0\"" + "Description": "Artifact hash for asset \"eb49ce353c5ff251ebe2c3225fe00fb3e9a68fcd8b10207e63a36bfc6e981519\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json index 5c0b4bf402a5b..20e8c0c48cde0 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json @@ -3277,6 +3277,7 @@ } ], "AmiType": "AL2_x86_64", + "CapacityType": "SPOT", "ForceUpdateEnabled": true, "InstanceTypes": [ "c5.large", @@ -3287,8 +3288,7 @@ "DesiredSize": 3, "MaxSize": 3, "MinSize": 3 - }, - "CapacityType": "SPOT" + } } }, "ClusterNodegroupextrangarmNodeGroupRoleADF5749F": { @@ -3840,7 +3840,7 @@ }, "/", { - "Ref": "AssetParametersa69aadbed84d554dd9f2eb7987ffe5d8f76b53a86f1909059df07050e57bef0cS3Bucket1CB7A187" + "Ref": "AssetParameters264acf17cbf0c643f47bec1f4dbaed805e3bd1bad3f018c093d16fb936227daaS3Bucket862E8D6F" }, "/", { @@ -3850,7 +3850,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersa69aadbed84d554dd9f2eb7987ffe5d8f76b53a86f1909059df07050e57bef0cS3VersionKey7C13F243" + "Ref": "AssetParameters264acf17cbf0c643f47bec1f4dbaed805e3bd1bad3f018c093d16fb936227daaS3VersionKey9466BE3D" } ] } @@ -3863,7 +3863,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersa69aadbed84d554dd9f2eb7987ffe5d8f76b53a86f1909059df07050e57bef0cS3VersionKey7C13F243" + "Ref": "AssetParameters264acf17cbf0c643f47bec1f4dbaed805e3bd1bad3f018c093d16fb936227daaS3VersionKey9466BE3D" } ] } @@ -3892,7 +3892,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { "Type": "AWS::CloudFormation::Stack", @@ -3907,7 +3909,7 @@ }, "/", { - "Ref": "AssetParameters6b9ad3782e5bfd49d7a58fc915b6151dbed2e24d824730d7720bc8237ba252c8S3Bucket0B8E3806" + "Ref": "AssetParameters9f954a0baf5cb008231906c33569617ace43f4b2c804d16d0d4bae15fe9dfabcS3BucketF9C7C3C5" }, "/", { @@ -3917,7 +3919,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6b9ad3782e5bfd49d7a58fc915b6151dbed2e24d824730d7720bc8237ba252c8S3VersionKey862F0970" + "Ref": "AssetParameters9f954a0baf5cb008231906c33569617ace43f4b2c804d16d0d4bae15fe9dfabcS3VersionKey950894D5" } ] } @@ -3930,7 +3932,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6b9ad3782e5bfd49d7a58fc915b6151dbed2e24d824730d7720bc8237ba252c8S3VersionKey862F0970" + "Ref": "AssetParameters9f954a0baf5cb008231906c33569617ace43f4b2c804d16d0d4bae15fe9dfabcS3VersionKey950894D5" } ] } @@ -3995,7 +3997,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "LaunchTemplate": { "Type": "AWS::EC2::LaunchTemplate", @@ -4347,13 +4351,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "ServicePingerFunctionServiceRole3120191B", "Arn" ] }, + "Handler": "index.handler", "Runtime": "python3.6", "Timeout": 600, "VpcConfig": { @@ -4480,14 +4484,12 @@ ] } }, - "Handler": "framework.onEvent", "Role": { "Fn::GetAtt": [ "ServicePingerProviderframeworkonEventServiceRole3DB083B7", "Arn" ] }, - "Runtime": "nodejs10.x", "Description": "AWS CDK resource provider framework - onEvent (aws-cdk-eks-cluster-test/ServicePinger/Provider)", "Environment": { "Variables": { @@ -4499,6 +4501,8 @@ } } }, + "Handler": "framework.onEvent", + "Runtime": "nodejs10.x", "Timeout": 900 }, "DependsOn": [ @@ -4727,29 +4731,29 @@ "Type": "String", "Description": "Artifact hash for asset \"5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636d\"" }, - "AssetParametersa69aadbed84d554dd9f2eb7987ffe5d8f76b53a86f1909059df07050e57bef0cS3Bucket1CB7A187": { + "AssetParameters264acf17cbf0c643f47bec1f4dbaed805e3bd1bad3f018c093d16fb936227daaS3Bucket862E8D6F": { "Type": "String", - "Description": "S3 bucket for asset \"a69aadbed84d554dd9f2eb7987ffe5d8f76b53a86f1909059df07050e57bef0c\"" + "Description": "S3 bucket for asset \"264acf17cbf0c643f47bec1f4dbaed805e3bd1bad3f018c093d16fb936227daa\"" }, - "AssetParametersa69aadbed84d554dd9f2eb7987ffe5d8f76b53a86f1909059df07050e57bef0cS3VersionKey7C13F243": { + "AssetParameters264acf17cbf0c643f47bec1f4dbaed805e3bd1bad3f018c093d16fb936227daaS3VersionKey9466BE3D": { "Type": "String", - "Description": "S3 key for asset version \"a69aadbed84d554dd9f2eb7987ffe5d8f76b53a86f1909059df07050e57bef0c\"" + "Description": "S3 key for asset version \"264acf17cbf0c643f47bec1f4dbaed805e3bd1bad3f018c093d16fb936227daa\"" }, - "AssetParametersa69aadbed84d554dd9f2eb7987ffe5d8f76b53a86f1909059df07050e57bef0cArtifactHashBADE945D": { + "AssetParameters264acf17cbf0c643f47bec1f4dbaed805e3bd1bad3f018c093d16fb936227daaArtifactHashC5F5158C": { "Type": "String", - "Description": "Artifact hash for asset \"a69aadbed84d554dd9f2eb7987ffe5d8f76b53a86f1909059df07050e57bef0c\"" + "Description": "Artifact hash for asset \"264acf17cbf0c643f47bec1f4dbaed805e3bd1bad3f018c093d16fb936227daa\"" }, - "AssetParameters6b9ad3782e5bfd49d7a58fc915b6151dbed2e24d824730d7720bc8237ba252c8S3Bucket0B8E3806": { + "AssetParameters9f954a0baf5cb008231906c33569617ace43f4b2c804d16d0d4bae15fe9dfabcS3BucketF9C7C3C5": { "Type": "String", - "Description": "S3 bucket for asset \"6b9ad3782e5bfd49d7a58fc915b6151dbed2e24d824730d7720bc8237ba252c8\"" + "Description": "S3 bucket for asset \"9f954a0baf5cb008231906c33569617ace43f4b2c804d16d0d4bae15fe9dfabc\"" }, - "AssetParameters6b9ad3782e5bfd49d7a58fc915b6151dbed2e24d824730d7720bc8237ba252c8S3VersionKey862F0970": { + "AssetParameters9f954a0baf5cb008231906c33569617ace43f4b2c804d16d0d4bae15fe9dfabcS3VersionKey950894D5": { "Type": "String", - "Description": "S3 key for asset version \"6b9ad3782e5bfd49d7a58fc915b6151dbed2e24d824730d7720bc8237ba252c8\"" + "Description": "S3 key for asset version \"9f954a0baf5cb008231906c33569617ace43f4b2c804d16d0d4bae15fe9dfabc\"" }, - "AssetParameters6b9ad3782e5bfd49d7a58fc915b6151dbed2e24d824730d7720bc8237ba252c8ArtifactHashAAFBAA4D": { + "AssetParameters9f954a0baf5cb008231906c33569617ace43f4b2c804d16d0d4bae15fe9dfabcArtifactHash5984E3CE": { "Type": "String", - "Description": "Artifact hash for asset \"6b9ad3782e5bfd49d7a58fc915b6151dbed2e24d824730d7720bc8237ba252c8\"" + "Description": "Artifact hash for asset \"9f954a0baf5cb008231906c33569617ace43f4b2c804d16d0d4bae15fe9dfabc\"" }, "SsmParameterValueawsserviceeksoptimizedami118amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { "Type": "AWS::SSM::Parameter::Value", diff --git a/packages/@aws-cdk/aws-eks/test/integ.fargate-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.fargate-cluster.expected.json index 5d6efed26b63f..4469a8e9627d9 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.fargate-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.fargate-cluster.expected.json @@ -1139,7 +1139,7 @@ }, "/", { - "Ref": "AssetParametersae946640aaf0743990584e4a1cf45ddebbaddcaf60611f572e80100a02162f48S3BucketDA5FB24D" + "Ref": "AssetParameters3d252d05ccf0ae2934dd20707e8a709b466b2b8ea00c04ee8735667f90b17ac1S3Bucket01B07207" }, "/", { @@ -1149,7 +1149,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersae946640aaf0743990584e4a1cf45ddebbaddcaf60611f572e80100a02162f48S3VersionKey798A3941" + "Ref": "AssetParameters3d252d05ccf0ae2934dd20707e8a709b466b2b8ea00c04ee8735667f90b17ac1S3VersionKey3EEF52BA" } ] } @@ -1162,7 +1162,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersae946640aaf0743990584e4a1cf45ddebbaddcaf60611f572e80100a02162f48S3VersionKey798A3941" + "Ref": "AssetParameters3d252d05ccf0ae2934dd20707e8a709b466b2b8ea00c04ee8735667f90b17ac1S3VersionKey3EEF52BA" } ] } @@ -1191,7 +1191,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { "Type": "AWS::CloudFormation::Stack", @@ -1206,7 +1208,7 @@ }, "/", { - "Ref": "AssetParameters7449e3c4cf21a811d1d6612d2f1a806025f018320ebc8c1d8037eb34f0d0e98dS3BucketF39EF776" + "Ref": "AssetParameters37d93b8a35af568f83ecce5e05c6f06adaa06c68b84dfad9c3d82f57cd54ff13S3BucketDCD73A4E" }, "/", { @@ -1216,7 +1218,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters7449e3c4cf21a811d1d6612d2f1a806025f018320ebc8c1d8037eb34f0d0e98dS3VersionKeyE6E734A4" + "Ref": "AssetParameters37d93b8a35af568f83ecce5e05c6f06adaa06c68b84dfad9c3d82f57cd54ff13S3VersionKey796F5C1B" } ] } @@ -1229,7 +1231,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters7449e3c4cf21a811d1d6612d2f1a806025f018320ebc8c1d8037eb34f0d0e98dS3VersionKeyE6E734A4" + "Ref": "AssetParameters37d93b8a35af568f83ecce5e05c6f06adaa06c68b84dfad9c3d82f57cd54ff13S3VersionKey796F5C1B" } ] } @@ -1272,17 +1274,17 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkeksfargateclustertestAssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3Bucket9D3BB190Ref": { - "Ref": "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3Bucket6DACDE73" + "referencetoawscdkeksfargateclustertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3Bucket4F20F642Ref": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" }, - "referencetoawscdkeksfargateclustertestAssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3VersionKey3BB3C6F5Ref": { - "Ref": "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3VersionKey015AEA61" + "referencetoawscdkeksfargateclustertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyB82BAEF8Ref": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" }, - "referencetoawscdkeksfargateclustertestAssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3Bucket99BFDD36Ref": { - "Ref": "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3Bucket7EE7EA15" + "referencetoawscdkeksfargateclustertestAssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket9ED34BB4Ref": { + "Ref": "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket6ABE1927" }, - "referencetoawscdkeksfargateclustertestAssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3VersionKeyEEC9E8C1Ref": { - "Ref": "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3VersionKey6C948E78" + "referencetoawscdkeksfargateclustertestAssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyFE6D1F78Ref": { + "Ref": "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyF55A2EA9" }, "referencetoawscdkeksfargateclustertestFargateClusterDefaultVpcBD3C976FRef": { "Ref": "FargateClusterDefaultVpcE69D3A13" @@ -1294,7 +1296,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Outputs": { @@ -1376,53 +1380,53 @@ "Type": "String", "Description": "Artifact hash for asset \"bafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757\"" }, - "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3Bucket6DACDE73": { + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { "Type": "String", - "Description": "S3 bucket for asset \"efd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1\"" + "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1S3VersionKey015AEA61": { + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { "Type": "String", - "Description": "S3 key for asset version \"efd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1\"" + "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParametersefd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1ArtifactHashC9FD06BA": { + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { "Type": "String", - "Description": "Artifact hash for asset \"efd72738f046105c96299fb31b3da40320e71ee9cf74bc37720042898403e2a1\"" + "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3Bucket7EE7EA15": { + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket6ABE1927": { "Type": "String", - "Description": "S3 bucket for asset \"b61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449f\"" + "Description": "S3 bucket for asset \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" }, - "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fS3VersionKey6C948E78": { + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyF55A2EA9": { "Type": "String", - "Description": "S3 key for asset version \"b61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449f\"" + "Description": "S3 key for asset version \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" }, - "AssetParametersb61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449fArtifactHash7E705796": { + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0ArtifactHash1D7A2D6E": { "Type": "String", - "Description": "Artifact hash for asset \"b61858bbf1a0be803552e3efa9647befd728156696dff1b413b7b2fd4da1449f\"" + "Description": "Artifact hash for asset \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" }, - "AssetParametersae946640aaf0743990584e4a1cf45ddebbaddcaf60611f572e80100a02162f48S3BucketDA5FB24D": { + "AssetParameters3d252d05ccf0ae2934dd20707e8a709b466b2b8ea00c04ee8735667f90b17ac1S3Bucket01B07207": { "Type": "String", - "Description": "S3 bucket for asset \"ae946640aaf0743990584e4a1cf45ddebbaddcaf60611f572e80100a02162f48\"" + "Description": "S3 bucket for asset \"3d252d05ccf0ae2934dd20707e8a709b466b2b8ea00c04ee8735667f90b17ac1\"" }, - "AssetParametersae946640aaf0743990584e4a1cf45ddebbaddcaf60611f572e80100a02162f48S3VersionKey798A3941": { + "AssetParameters3d252d05ccf0ae2934dd20707e8a709b466b2b8ea00c04ee8735667f90b17ac1S3VersionKey3EEF52BA": { "Type": "String", - "Description": "S3 key for asset version \"ae946640aaf0743990584e4a1cf45ddebbaddcaf60611f572e80100a02162f48\"" + "Description": "S3 key for asset version \"3d252d05ccf0ae2934dd20707e8a709b466b2b8ea00c04ee8735667f90b17ac1\"" }, - "AssetParametersae946640aaf0743990584e4a1cf45ddebbaddcaf60611f572e80100a02162f48ArtifactHash865DB842": { + "AssetParameters3d252d05ccf0ae2934dd20707e8a709b466b2b8ea00c04ee8735667f90b17ac1ArtifactHash812ED4D5": { "Type": "String", - "Description": "Artifact hash for asset \"ae946640aaf0743990584e4a1cf45ddebbaddcaf60611f572e80100a02162f48\"" + "Description": "Artifact hash for asset \"3d252d05ccf0ae2934dd20707e8a709b466b2b8ea00c04ee8735667f90b17ac1\"" }, - "AssetParameters7449e3c4cf21a811d1d6612d2f1a806025f018320ebc8c1d8037eb34f0d0e98dS3BucketF39EF776": { + "AssetParameters37d93b8a35af568f83ecce5e05c6f06adaa06c68b84dfad9c3d82f57cd54ff13S3BucketDCD73A4E": { "Type": "String", - "Description": "S3 bucket for asset \"7449e3c4cf21a811d1d6612d2f1a806025f018320ebc8c1d8037eb34f0d0e98d\"" + "Description": "S3 bucket for asset \"37d93b8a35af568f83ecce5e05c6f06adaa06c68b84dfad9c3d82f57cd54ff13\"" }, - "AssetParameters7449e3c4cf21a811d1d6612d2f1a806025f018320ebc8c1d8037eb34f0d0e98dS3VersionKeyE6E734A4": { + "AssetParameters37d93b8a35af568f83ecce5e05c6f06adaa06c68b84dfad9c3d82f57cd54ff13S3VersionKey796F5C1B": { "Type": "String", - "Description": "S3 key for asset version \"7449e3c4cf21a811d1d6612d2f1a806025f018320ebc8c1d8037eb34f0d0e98d\"" + "Description": "S3 key for asset version \"37d93b8a35af568f83ecce5e05c6f06adaa06c68b84dfad9c3d82f57cd54ff13\"" }, - "AssetParameters7449e3c4cf21a811d1d6612d2f1a806025f018320ebc8c1d8037eb34f0d0e98dArtifactHash93FFAA4A": { + "AssetParameters37d93b8a35af568f83ecce5e05c6f06adaa06c68b84dfad9c3d82f57cd54ff13ArtifactHash8F2277C1": { "Type": "String", - "Description": "Artifact hash for asset \"7449e3c4cf21a811d1d6612d2f1a806025f018320ebc8c1d8037eb34f0d0e98d\"" + "Description": "Artifact hash for asset \"37d93b8a35af568f83ecce5e05c6f06adaa06c68b84dfad9c3d82f57cd54ff13\"" } } } \ No newline at end of file From 6d84f7cf7066ea85e1523d345647581f59674c30 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 10 Feb 2021 12:56:23 +0100 Subject: [PATCH 16/37] Update expectations --- .../test/codebuild/integ.project-events.expected.json | 6 ++++-- .../test/sns/integ.sns-event-rule-target.expected.json | 4 +++- .../test/sqs/integ.sqs-event-rule-target.expected.json | 4 +++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-events-targets/test/codebuild/integ.project-events.expected.json b/packages/@aws-cdk/aws-events-targets/test/codebuild/integ.project-events.expected.json index c9efaffc51134..007503de08383 100644 --- a/packages/@aws-cdk/aws-events-targets/test/codebuild/integ.project-events.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/codebuild/integ.project-events.expected.json @@ -340,7 +340,9 @@ } }, "MyQueueE6CA6235": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "MyQueuePolicy6BBEDDAC": { "Type": "AWS::SQS::QueuePolicy", @@ -422,4 +424,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-events-targets/test/sns/integ.sns-event-rule-target.expected.json b/packages/@aws-cdk/aws-events-targets/test/sns/integ.sns-event-rule-target.expected.json index f4aea52c23274..37a78f010d792 100644 --- a/packages/@aws-cdk/aws-events-targets/test/sns/integ.sns-event-rule-target.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/sns/integ.sns-event-rule-target.expected.json @@ -45,7 +45,9 @@ } }, "MyQueueE6CA6235": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "MyQueuePolicy6BBEDDAC": { "Type": "AWS::SQS::QueuePolicy", diff --git a/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json b/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json index 645845bc1f44b..eebbc3a996344 100644 --- a/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json @@ -19,7 +19,9 @@ } }, "MyQueueE6CA6235": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "MyQueuePolicy6BBEDDAC": { "Type": "AWS::SQS::QueuePolicy", From ddb2dfe0f8029b3143b28dd4811a9e06eaec4c1e Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 10 Feb 2021 14:14:53 +0100 Subject: [PATCH 17/37] Updat expectations --- .../test/integ.assign-public-ip.expected.json | 26 +++++++++++-------- .../integ.imported-environment.expected.json | 4 ++- .../test/sns/integ.publish.expected.json | 16 +++++++----- .../test/sqs/integ.send-message.expected.json | 16 +++++++----- 4 files changed, 36 insertions(+), 26 deletions(-) diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.assign-public-ip.expected.json b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.assign-public-ip.expected.json index 6a9f04c284047..6b7a3f0e42086 100644 --- a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.assign-public-ip.expected.json +++ b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.assign-public-ip.expected.json @@ -400,7 +400,9 @@ "Type": "AWS::SQS::Queue", "Properties": { "MessageRetentionPeriod": 1209600 - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "nameserviceTaskRecordManagerEventsQueueF805A6C1": { "Type": "AWS::SQS::Queue", @@ -415,7 +417,9 @@ "maxReceiveCount": 500 }, "VisibilityTimeout": 30 - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "nameserviceTaskRecordManagerEventsQueuePolicy65CC6F9E": { "Type": "AWS::SQS::QueuePolicy", @@ -746,14 +750,12 @@ ] } }, - "Handler": "index.queue_handler", "Role": { "Fn::GetAtt": [ "nameserviceTaskRecordManagerEventHandlerServiceRoleE66EE52A", "Arn" ] }, - "Runtime": "python3.8", "Environment": { "Variables": { "HOSTED_ZONE_ID": { @@ -777,7 +779,9 @@ } } }, + "Handler": "index.queue_handler", "ReservedConcurrentExecutions": 1, + "Runtime": "python3.8", "Timeout": 30 }, "DependsOn": [ @@ -788,14 +792,14 @@ "nameserviceTaskRecordManagerEventHandlerSqsEventSourceawsecsintegnameserviceTaskRecordManagerEventsQueueC5EE9A869F1EB155": { "Type": "AWS::Lambda::EventSourceMapping", "Properties": { + "FunctionName": { + "Ref": "nameserviceTaskRecordManagerEventHandler4B8C6905" + }, "EventSourceArn": { "Fn::GetAtt": [ "nameserviceTaskRecordManagerEventsQueueF805A6C1", "Arn" ] - }, - "FunctionName": { - "Ref": "nameserviceTaskRecordManagerEventHandler4B8C6905" } } }, @@ -909,13 +913,13 @@ ] } }, - "Handler": "index.cleanup_resource_handler", "Role": { "Fn::GetAtt": [ "nameserviceTaskRecordManagerCleanupResourceProviderHandlerServiceRoleCCA462F0", "Arn" ] }, + "Handler": "index.cleanup_resource_handler", "Runtime": "python3.8", "Timeout": 300 }, @@ -1022,14 +1026,12 @@ ] } }, - "Handler": "framework.onEvent", "Role": { "Fn::GetAtt": [ "nameserviceTaskRecordManagerCleanupResourceProviderframeworkonEventServiceRoleF0570BD0", "Arn" ] }, - "Runtime": "nodejs10.x", "Description": "AWS CDK resource provider framework - onEvent (aws-ecs-integ/name-service/TaskRecordManager/CleanupResourceProvider)", "Environment": { "Variables": { @@ -1041,6 +1043,8 @@ } } }, + "Handler": "framework.onEvent", + "Runtime": "nodejs10.x", "Timeout": 900 }, "DependsOn": [ @@ -1242,13 +1246,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs12.x", "Timeout": 120 }, diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.imported-environment.expected.json b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.imported-environment.expected.json index 80156c0ed0d2d..dbc216370e40d 100644 --- a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.imported-environment.expected.json +++ b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.imported-environment.expected.json @@ -49,7 +49,9 @@ ] ] } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "ServiceloadbalancerD5D60894": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/sns/integ.publish.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/sns/integ.publish.expected.json index bf407af2694d8..e5ac1d8ff84a7 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/sns/integ.publish.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/sns/integ.publish.expected.json @@ -4,7 +4,9 @@ "Type": "AWS::SNS::Topic" }, "showmethemessages8D16BBDB": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "showmethemessagesPolicyB08B04B0": { "Type": "AWS::SQS::QueuePolicy", @@ -110,6 +112,12 @@ "StateMachine2E01A3A5": { "Type": "AWS::StepFunctions::StateMachine", "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRoleB840431D", + "Arn" + ] + }, "DefinitionString": { "Fn::Join": [ "", @@ -125,12 +133,6 @@ "\",\"Message\":\"sending message over\"}},\"Final step\":{\"Type\":\"Pass\",\"End\":true}},\"TimeoutSeconds\":30}" ] ] - }, - "RoleArn": { - "Fn::GetAtt": [ - "StateMachineRoleB840431D", - "Arn" - ] } }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/sqs/integ.send-message.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/sqs/integ.send-message.expected.json index 7465187d65c20..5d13c58fc0a5b 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/sqs/integ.send-message.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/sqs/integ.send-message.expected.json @@ -1,7 +1,9 @@ { "Resources": { "showmethemessages8D16BBDB": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "StateMachineRoleB840431D": { "Type": "AWS::IAM::Role", @@ -60,6 +62,12 @@ "StateMachine2E01A3A5": { "Type": "AWS::StepFunctions::StateMachine", "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRoleB840431D", + "Arn" + ] + }, "DefinitionString": { "Fn::Join": [ "", @@ -75,12 +83,6 @@ "\",\"MessageBody\":\"sending message over\"}},\"Final step\":{\"Type\":\"Pass\",\"End\":true}},\"TimeoutSeconds\":30}" ] ] - }, - "RoleArn": { - "Fn::GetAtt": [ - "StateMachineRoleB840431D", - "Arn" - ] } }, "DependsOn": [ From 0fb4aef444ca31933456306eb9536b1928d8fc54 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 10 Feb 2021 15:41:59 +0100 Subject: [PATCH 18/37] Update expectations --- .../test/integ.destinations.expected.json | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json b/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json index c9c1d8cd64563..510fe8cef21a8 100644 --- a/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json +++ b/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json @@ -4,7 +4,9 @@ "Type": "AWS::SNS::Topic" }, "Queue4A7E3555": { - "Type": "AWS::SQS::Queue" + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "SnsSqsServiceRole869866F7": { "Type": "AWS::IAM::Role", @@ -80,13 +82,13 @@ "Code": { "ZipFile": "exports.handler = async (event) => {\n if (event === 'OK') return 'success';\n throw new Error('failure');\n };" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "SnsSqsServiceRole869866F7", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -165,13 +167,13 @@ "Code": { "ZipFile": "exports.handler = async (event) => {\n console.log(event);\n };" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "OnSuccesServiceRole75E399CF", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -246,13 +248,13 @@ "Code": { "ZipFile": "exports.handler = async (event) => {\n if (event === 'OK') return 'success';\n throw new Error('failure');\n };" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "EventBusLambdaServiceRole9BC8901F", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ From 3a4fa0667b1914b88e3b9571f036de17e28b5397 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 10 Feb 2021 15:49:33 +0100 Subject: [PATCH 19/37] Import stateful resources from cfnlint and affect codegen --- .../@aws-cdk/cfnspec/build-tools/build.ts | 63 +++++++++++++++++-- .../cfnspec/build-tools/update-cfnlint.sh | 18 ++++++ .../cfnspec/lib/_private_schema/cfn-lint.ts | 23 +++++++ packages/@aws-cdk/cfnspec/lib/index.ts | 14 +++++ .../@aws-cdk/cfnspec/lib/schema/cfn-lint.ts | 14 +++++ packages/@aws-cdk/cfnspec/lib/schema/index.ts | 1 + packages/@aws-cdk/cfnspec/package.json | 2 +- .../cfn-lint/StatefulResources/000.json | 30 +++++++++ .../cfnspec/test/test.cfnlint-annotations.ts | 28 +++++++++ packages/@aws-cdk/core/lib/cfn-resource.ts | 8 +-- packages/@aws-cdk/core/lib/resource.ts | 21 +++++++ tools/cfn2ts/lib/codegen.ts | 42 +++++++++++-- 12 files changed, 251 insertions(+), 13 deletions(-) create mode 100755 packages/@aws-cdk/cfnspec/build-tools/update-cfnlint.sh create mode 100644 packages/@aws-cdk/cfnspec/lib/_private_schema/cfn-lint.ts create mode 100644 packages/@aws-cdk/cfnspec/lib/schema/cfn-lint.ts create mode 100644 packages/@aws-cdk/cfnspec/spec-source/cfn-lint/StatefulResources/000.json create mode 100644 packages/@aws-cdk/cfnspec/test/test.cfnlint-annotations.ts diff --git a/packages/@aws-cdk/cfnspec/build-tools/build.ts b/packages/@aws-cdk/cfnspec/build-tools/build.ts index 913605461e224..196c0fac693da 100644 --- a/packages/@aws-cdk/cfnspec/build-tools/build.ts +++ b/packages/@aws-cdk/cfnspec/build-tools/build.ts @@ -13,8 +13,19 @@ import { decorateResourceTypes, forEachSection, massageSpec, merge, normalize, p async function main() { const inputDir = path.join(process.cwd(), 'spec-source'); - const files = await fs.readdir(inputDir); + const outDir = path.join(process.cwd(), 'spec'); + + await generateResourceSpecification(inputDir, path.join(outDir, 'specification.json')); + await mergeSpecificationFromDirs(path.join(inputDir, 'cfn-lint'), path.join(outDir, 'cfn-lint.json')); +} + +/** + * Generate CloudFormation resource specification from sources and patches + */ +async function generateResourceSpecification(inputDir: string, outFile: string) { const spec: schema.Specification = { PropertyTypes: {}, ResourceTypes: {}, Fingerprint: '' }; + + const files = await fs.readdir(inputDir); for (const file of files.filter(n => n.endsWith('.json')).sort()) { const data = await fs.readJson(path.join(inputDir, file)); if (file.indexOf('patch') === -1) { @@ -29,9 +40,53 @@ async function main() { spec.Fingerprint = md5(JSON.stringify(normalize(spec))); - const outDir = path.join(process.cwd(), 'spec'); - await fs.mkdirp(outDir); - await fs.writeJson(path.join(outDir, 'specification.json'), spec, { spaces: 2 }); + await fs.mkdirp(path.dirname(outFile)); + await fs.writeJson(outFile, spec, { spaces: 2 }); + // eslint-disable-next-line no-console + console.log(outFile); +} + +/** + * Generate Cfnlint spec annotations from sources and patches + */ +async function mergeSpecificationFromDirs(inputDir: string, outFile: string) { + const spec: any = {}; + + for (const child of await fs.readdir(inputDir)) { + const fullPath = path.join(inputDir, child); + if (!(await fs.stat(fullPath)).isDirectory()) { continue; } + + const subspec = await loadMergedSpec(fullPath); + spec[child] = subspec; + } + + await fs.mkdirp(path.dirname(outFile)); + await fs.writeJson(outFile, spec, { spaces: 2 }); + // eslint-disable-next-line no-console + console.log(outFile); +} + +/** + * Load all files in the given directory, merge them and apply patches in the order found + * + * The base structure is always an empty object + */ +async function loadMergedSpec(inputDir: string) { + const structure: any = {}; + + const files = await fs.readdir(inputDir); + for (const file of files.filter(n => n.endsWith('.json')).sort()) { + const data = await fs.readJson(path.join(inputDir, file)); + if (file.indexOf('patch') === -1) { + // Copy properties from current object into structure, adding/overwriting whatever is found + Object.assign(structure, data); + } else { + // Apply the loaded file as a patch onto the current structure + patch(structure, data); + } + } + + return structure; } main() diff --git a/packages/@aws-cdk/cfnspec/build-tools/update-cfnlint.sh b/packages/@aws-cdk/cfnspec/build-tools/update-cfnlint.sh new file mode 100755 index 0000000000000..594e7dd165b87 --- /dev/null +++ b/packages/@aws-cdk/cfnspec/build-tools/update-cfnlint.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -euo pipefail +scriptdir=$(cd $(dirname $0) && pwd) + +# Download (parts of) the cfn-lint repo that we use to enhance our model +intermediate="$(mktemp -d)/tmp.zip" + +url="https://github.com/aws-cloudformation/cfn-python-lint/archive/master.zip" +echo >&2 "Downloading from ${url}..." +curl -sSfL "${url}" -o ${intermediate} + +for file in StatefulResources; do + echo >&2 "${file}.json" + mkdir -p "spec-source/cfn-lint/${file}" + unzip -p "${intermediate}" cfn-python-lint-master/src/cfnlint/data/AdditionalSpecs/${file}.json > spec-source/cfn-lint/${file}/000.json +done + +echo >&2 "Done." diff --git a/packages/@aws-cdk/cfnspec/lib/_private_schema/cfn-lint.ts b/packages/@aws-cdk/cfnspec/lib/_private_schema/cfn-lint.ts new file mode 100644 index 0000000000000..4c11394888ec4 --- /dev/null +++ b/packages/@aws-cdk/cfnspec/lib/_private_schema/cfn-lint.ts @@ -0,0 +1,23 @@ +/** + * All annotations imported from cfn-lint + */ +export interface CfnLintFileSchema { + /** + * Resource types that are in this map are stateful + * + * There is more information in the structure this maps to. + */ + readonly StatefulResources: { readonly ResourceTypes: Record }; +} + +/** + * Extra information on stateful resource types + */ +export interface CfnLintStatefulSchema { + /** + * Whether or not a Delete operation requires the resource to be empty + * + * @default false + */ + readonly DeleteRequiresEmptyResource?: boolean; +} diff --git a/packages/@aws-cdk/cfnspec/lib/index.ts b/packages/@aws-cdk/cfnspec/lib/index.ts index 8584e6877ed62..6ab020d9580cc 100644 --- a/packages/@aws-cdk/cfnspec/lib/index.ts +++ b/packages/@aws-cdk/cfnspec/lib/index.ts @@ -1,4 +1,5 @@ import * as crypto from 'crypto'; +import { CfnLintFileSchema } from './_private_schema/cfn-lint'; import * as schema from './schema'; export { schema }; export * from './canned-metrics'; @@ -38,6 +39,19 @@ export function resourceAugmentation(typeName: string): schema.ResourceAugmentat } } +/** + * Get the resource augmentations for a given type + */ +export function cfnLintAnnotations(typeName: string): schema.CfnLintResourceAnnotations { + // eslint-disable-next-line @typescript-eslint/no-require-imports + const allAnnotations: CfnLintFileSchema = require('../spec/cfn-lint.json'); + + return { + stateful: !!allAnnotations.StatefulResources.ResourceTypes[typeName], + mustBeEmptyToDelete: allAnnotations.StatefulResources.ResourceTypes[typeName]?.DeleteRequiresEmptyResource ?? false, + }; +} + /** * Return the property specification for the given resource's property */ diff --git a/packages/@aws-cdk/cfnspec/lib/schema/cfn-lint.ts b/packages/@aws-cdk/cfnspec/lib/schema/cfn-lint.ts new file mode 100644 index 0000000000000..204892f173a95 --- /dev/null +++ b/packages/@aws-cdk/cfnspec/lib/schema/cfn-lint.ts @@ -0,0 +1,14 @@ +/** + * Additional resource information obtained from cfn-lint + */ +export interface CfnLintResourceAnnotations { + /** + * Whether or not the given resource is stateful + */ + readonly stateful: boolean; + + /** + * Whether or not a Delete operation requires the resource to be empty + */ + readonly mustBeEmptyToDelete: boolean; +} \ No newline at end of file diff --git a/packages/@aws-cdk/cfnspec/lib/schema/index.ts b/packages/@aws-cdk/cfnspec/lib/schema/index.ts index 250e5cc1edd96..e4f8720f79e82 100644 --- a/packages/@aws-cdk/cfnspec/lib/schema/index.ts +++ b/packages/@aws-cdk/cfnspec/lib/schema/index.ts @@ -3,3 +3,4 @@ export * from './property'; export * from './resource-type'; export * from './specification'; export * from './augmentation'; +export * from './cfn-lint'; diff --git a/packages/@aws-cdk/cfnspec/package.json b/packages/@aws-cdk/cfnspec/package.json index a9cca1eb3107a..a74318a6dce27 100644 --- a/packages/@aws-cdk/cfnspec/package.json +++ b/packages/@aws-cdk/cfnspec/package.json @@ -3,7 +3,7 @@ "description": "The CloudFormation resource specification used by @aws-cdk packages", "version": "0.0.0", "scripts": { - "update": "cdk-build && /bin/bash build-tools/update.sh", + "update": "cdk-build && /bin/bash build-tools/update.sh && /bin/bash build-tools/update-cfnlint.sh", "update-metrics": "/bin/bash build-tools/update-metrics.sh", "build": "cdk-build && node build-tools/build", "watch": "cdk-watch", diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-lint/StatefulResources/000.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-lint/StatefulResources/000.json new file mode 100644 index 0000000000000..25c5e11c890ff --- /dev/null +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-lint/StatefulResources/000.json @@ -0,0 +1,30 @@ +{ + "ResourceTypes": { + "AWS::CloudFormation::Stack" : {}, + "AWS::Backup::BackupVault" : {}, + "AWS::Cognito::UserPool" : {}, + "AWS::DocDB::DBCluster" : {}, + "AWS::DocDB::DBInstance" : {}, + "AWS::DynamoDB::Table" : {}, + "AWS::EC2::Volume" : {}, + "AWS::EFS::FileSystem" : {}, + "AWS::EMR::Cluster" : {}, + "AWS::ElastiCache::CacheCluster" : {}, + "AWS::ElastiCache::ReplicationGroup" : {}, + "AWS::Elasticsearch::Domain" : {}, + "AWS::FSx::FileSystem" : {}, + "AWS::Logs::LogGroup" : {}, + "AWS::Neptune::DBCluster" : {}, + "AWS::Neptune::DBInstance" : {}, + "AWS::QLDB::Ledger" : {}, + "AWS::RDS::DBCluster" : {}, + "AWS::RDS::DBInstance" : {}, + "AWS::Redshift::Cluster" : {}, + "AWS::SDB::Domain" : {}, + "AWS::SQS::Queue" : {}, + "AWS::S3::Bucket" : { + "DeleteRequiresEmptyResource": true + } + } +} + diff --git a/packages/@aws-cdk/cfnspec/test/test.cfnlint-annotations.ts b/packages/@aws-cdk/cfnspec/test/test.cfnlint-annotations.ts new file mode 100644 index 0000000000000..04e0972893d12 --- /dev/null +++ b/packages/@aws-cdk/cfnspec/test/test.cfnlint-annotations.ts @@ -0,0 +1,28 @@ +import { Test } from 'nodeunit'; +import * as cfnspec from '../lib'; + +module.exports = { + 'spot-check Bucket statefulness'(test: Test) { + const anno = cfnspec.cfnLintAnnotations('AWS::S3::Bucket'); + test.equal(anno.stateful, true); + test.equal(anno.mustBeEmptyToDelete, true); + + test.done(); + }, + + 'spot-check Table statefulness'(test: Test) { + const anno = cfnspec.cfnLintAnnotations('AWS::DynamoDB::Table'); + test.equal(anno.stateful, true); + test.equal(anno.mustBeEmptyToDelete, false); + + test.done(); + }, + + 'spot-check MediaStore metrics'(test: Test) { + const anno = cfnspec.cfnLintAnnotations('AWS::MediaStore::Thingy'); + test.equal(anno.stateful, false); + + test.done(); + }, +}; + diff --git a/packages/@aws-cdk/core/lib/cfn-resource.ts b/packages/@aws-cdk/core/lib/cfn-resource.ts index c436e453cacac..9f9ee669374ed 100644 --- a/packages/@aws-cdk/core/lib/cfn-resource.ts +++ b/packages/@aws-cdk/core/lib/cfn-resource.ts @@ -320,13 +320,13 @@ export class CfnResource extends CfnRefElement { Description: this.cfnOptions.description, Metadata: ignoreEmpty(this.cfnOptions.metadata), Condition: this.cfnOptions.condition && this.cfnOptions.condition.logicalId, - }, props => { - const renderedProps = this.renderProperties(props.Properties || {}); + }, resourceDef => { + const renderedProps = this.renderProperties(resourceDef.Properties || {}); if (renderedProps) { const hasDefined = Object.values(renderedProps).find(v => v !== undefined); - props.Properties = hasDefined !== undefined ? renderedProps : undefined; + resourceDef.Properties = hasDefined !== undefined ? renderedProps : undefined; } - return deepMerge(props, this.rawOverrides); + return deepMerge(resourceDef, this.rawOverrides); }), }, }; diff --git a/packages/@aws-cdk/core/lib/resource.ts b/packages/@aws-cdk/core/lib/resource.ts index 917a2c442dcf1..fcb8231795642 100644 --- a/packages/@aws-cdk/core/lib/resource.ts +++ b/packages/@aws-cdk/core/lib/resource.ts @@ -9,6 +9,8 @@ import { generatePhysicalName, isGeneratedWhenNeededMarker } from './private/phy import { IResolveContext } from './resolvable'; import { Stack } from './stack'; import { Token } from './token'; +import { RemovalPolicy } from './removal-policy'; +import { CfnResource } from './cfn-resource'; /** * Represents the environment a given resource lives in. @@ -164,6 +166,25 @@ export abstract class Resource extends CoreConstruct implements IResource { } } + /** + * Apply the given removal policy to this resource + * + * The Removal Policy controls what happens to this resource when it stops + * being managed by CloudFormation, either because you've removed it from the + * CDK application or because you've made a change that requires the resource + * to be replaced. + * + * The resource can be deleted (`RemovalPolicy.DELETE`), or left in your AWS + * account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). + */ + public applyRemovalPolicy(policy: RemovalPolicy) { + const child = this.node.defaultChild; + if (!child || !CfnResource.isCfnResource(child)) { + throw new Error('Cannot apply RemovalPolicy: no child or not a CfnResource. Apply the removal policy on the CfnResource directly.'); + } + child.applyRemovalPolicy(policy); + } + protected generatePhysicalName(): string { return generatePhysicalName(this); } diff --git a/tools/cfn2ts/lib/codegen.ts b/tools/cfn2ts/lib/codegen.ts index f1e9f184e67af..c0ac6819eb57d 100644 --- a/tools/cfn2ts/lib/codegen.ts +++ b/tools/cfn2ts/lib/codegen.ts @@ -1,4 +1,4 @@ -import { schema } from '@aws-cdk/cfnspec'; +import { schema, cfnLintAnnotations } from '@aws-cdk/cfnspec'; import { CodeMaker } from 'codemaker'; import * as genspec from './genspec'; import { itemTypeNames, PropertyAttributeName, scalarTypeNames, SpecName } from './spec-utils'; @@ -125,7 +125,7 @@ export default class CodeGenerator { this.code.closeBlock(); this.code.line(); - this.emitValidator(resourceContext, name, spec.Properties, conversionTable); + this.emitPropertiesValidator(resourceContext, name, spec.Properties, conversionTable); this.code.line(); this.emitCloudFormationMapper(resourceContext, name, spec.Properties, conversionTable); this.emitFromCfnFactoryFunction(resourceContext, name, spec.Properties, conversionTable, false); @@ -354,6 +354,11 @@ export default class CodeGenerator { this.emitCloudFormationProperties(propsType, propMap, schema.isTaggableResource(spec)); } + // + // Validator + // + this.emitConstructValidator(resourceName); + this.closeClass(resourceName); this.endNamespace(resourceName); @@ -385,6 +390,35 @@ export default class CodeGenerator { this.code.closeBlock(); } + /** + * Emit a validator for the given construct + * + * The generated code looks like this: + * + * ``` + * protected validate(): string[] { + * const errors = new Array(); + * // Validation here... + * return errors; + * } + * ``` + */ + private emitConstructValidator(resourceType: genspec.CodeName) { + this.code.openBlock('public validate(): string[]'); + this.code.line('const errors = new Array();'); + + const cfnLint = cfnLintAnnotations(resourceType.specName?.fqn ?? ''); + + if (cfnLint.stateful) { + this.code.line('if (this.cfnOptions.deletionPolicy === undefined) {'); + this.code.line(` errors.push(\'\\\'${resourceType.specName?.fqn}\\\' is a stateful resource type, and you must specify a Removal Policy for it. Call \\\'resource.applyRemovalPolicy()\\\'.\');`); + this.code.line('}'); + } + + this.code.line('return errors;'); + this.code.closeBlock(); + } + /** * Emit the function that is going to implement the IInspectable interface. * @@ -665,7 +699,7 @@ export default class CodeGenerator { * * Generated as a top-level function outside any namespace so we can hide it from library consumers. */ - private emitValidator( + private emitPropertiesValidator( resource: genspec.CodeName, typeName: genspec.CodeName, propSpecs: { [name: string]: schema.Property }, @@ -819,7 +853,7 @@ export default class CodeGenerator { this.endNamespace(typeName); this.code.line(); - this.emitValidator(resourceContext, typeName, propTypeSpec.Properties, conversionTable); + this.emitPropertiesValidator(resourceContext, typeName, propTypeSpec.Properties, conversionTable); this.code.line(); this.emitCloudFormationMapper(resourceContext, typeName, propTypeSpec.Properties, conversionTable); this.emitFromCfnFactoryFunction(resourceContext, typeName, propTypeSpec.Properties, conversionTable, true); From aafe91f15160471696ba8b3c62ab20cb69953d5b Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Thu, 11 Feb 2021 09:59:37 +0100 Subject: [PATCH 20/37] SHould have been 'protected' --- tools/cfn2ts/lib/codegen.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/cfn2ts/lib/codegen.ts b/tools/cfn2ts/lib/codegen.ts index c0ac6819eb57d..241b67718756c 100644 --- a/tools/cfn2ts/lib/codegen.ts +++ b/tools/cfn2ts/lib/codegen.ts @@ -404,7 +404,7 @@ export default class CodeGenerator { * ``` */ private emitConstructValidator(resourceType: genspec.CodeName) { - this.code.openBlock('public validate(): string[]'); + this.code.openBlock('protected validate(): string[]'); this.code.line('const errors = new Array();'); const cfnLint = cfnLintAnnotations(resourceType.specName?.fqn ?? ''); From 981ae9ed72561dc99ca179ff9961380cf4a47259 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Thu, 11 Feb 2021 11:18:53 +0100 Subject: [PATCH 21/37] RDS explicitly leaves out policies that we want in --- packages/@aws-cdk/aws-rds/lib/cluster.ts | 15 +++++++-------- packages/@aws-cdk/aws-rds/lib/instance.ts | 2 +- packages/@aws-cdk/aws-rds/lib/private/util.ts | 4 ++-- .../test/integ.cluster-rotation.lit.expected.json | 11 ++++++++--- .../aws-rds/test/integ.cluster-s3.expected.json | 13 +++++++++---- .../aws-rds/test/integ.cluster.expected.json | 13 +++++++++---- ...instance-from-generated-password.expected.json | 3 ++- .../aws-rds/test/integ.instance-s3.expected.json | 6 ++++-- .../aws-rds/test/integ.instance.lit.expected.json | 11 ++++++----- .../aws-rds/test/integ.proxy.expected.json | 13 +++++++------ .../test/integ.serverless-cluster.expected.json | 3 ++- packages/@aws-cdk/aws-rds/test/test.cluster.ts | 10 +++++----- .../aws-rds/test/test.database-secretmanager.ts | 4 ++-- packages/@aws-cdk/aws-rds/test/test.instance.ts | 2 +- .../aws-rds/test/test.serverless-cluster.ts | 6 +++--- 15 files changed, 68 insertions(+), 48 deletions(-) diff --git a/packages/@aws-cdk/aws-rds/lib/cluster.ts b/packages/@aws-cdk/aws-rds/lib/cluster.ts index e0f2618a2fdf2..835f92e736b6e 100644 --- a/packages/@aws-cdk/aws-rds/lib/cluster.ts +++ b/packages/@aws-cdk/aws-rds/lib/cluster.ts @@ -310,7 +310,7 @@ abstract class DatabaseClusterNew extends DatabaseClusterBase { description: `Subnets for ${id} database`, vpc: props.instanceProps.vpc, vpcSubnets: props.instanceProps.vpcSubnets, - removalPolicy: props.removalPolicy === RemovalPolicy.RETAIN ? props.removalPolicy : undefined, + removalPolicy: props.removalPolicy, }); this.securityGroups = props.instanceProps.securityGroups ?? [ @@ -712,13 +712,12 @@ function createInstances(cluster: DatabaseClusterNew, props: DatabaseClusterBase deleteAutomatedBackups: props.instanceProps.deleteAutomatedBackups, }); - // If removalPolicy isn't explicitly set, - // it's Snapshot for Cluster. - // Because of that, in this case, - // we can safely use the CFN default of Delete for DbInstances with dbClusterIdentifier set. - if (props.removalPolicy) { - applyRemovalPolicy(instance, props.removalPolicy); - } + // The RemovalPolicy on the cluster is SNAPSHOT by default, or explicitly configured. + // We can safely default to DESTROY for instances that are part of a cluster. + // + // TODO: This should probably be `DESTROY` always, no, instead of inheriting the + // cluster removal policy? It would lead to useless additional snapshots or retentions... + applyRemovalPolicy(instance, props.removalPolicy ?? RemovalPolicy.DESTROY); // We must have a dependency on the NAT gateway provider here to create // things in the right order. diff --git a/packages/@aws-cdk/aws-rds/lib/instance.ts b/packages/@aws-cdk/aws-rds/lib/instance.ts index cb4c3d3487a8c..f7315e17ff8ec 100644 --- a/packages/@aws-cdk/aws-rds/lib/instance.ts +++ b/packages/@aws-cdk/aws-rds/lib/instance.ts @@ -642,7 +642,7 @@ abstract class DatabaseInstanceNew extends DatabaseInstanceBase implements IData description: `Subnet group for ${this.node.id} database`, vpc: this.vpc, vpcSubnets: this.vpcPlacement, - removalPolicy: props.removalPolicy === RemovalPolicy.RETAIN ? props.removalPolicy : undefined, + removalPolicy: props.removalPolicy, }); const securityGroups = props.securityGroups || [new ec2.SecurityGroup(this, 'SecurityGroup', { diff --git a/packages/@aws-cdk/aws-rds/lib/private/util.ts b/packages/@aws-cdk/aws-rds/lib/private/util.ts index f97486b5daddf..7f829d7d87001 100644 --- a/packages/@aws-cdk/aws-rds/lib/private/util.ts +++ b/packages/@aws-cdk/aws-rds/lib/private/util.ts @@ -78,8 +78,8 @@ export function engineDescription(engine: IEngine) { export function applyRemovalPolicy(cfnDatabase: CfnResource, removalPolicy?: RemovalPolicy): void { if (!removalPolicy) { - // the default DeletionPolicy is 'Snapshot', which is fine, - // but we should also make it 'Snapshot' for UpdateReplace policy + // Even though 'SNAPSHOT' is the default for RDS, make it explicit so cfnlint won't complain + cfnDatabase.cfnOptions.deletionPolicy = CfnDeletionPolicy.SNAPSHOT; cfnDatabase.cfnOptions.updateReplacePolicy = CfnDeletionPolicy.SNAPSHOT; } else { // just apply whatever removal policy the customer explicitly provided diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.expected.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.expected.json index 05293187edb33..74a0642b875c8 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-rotation.lit.expected.json @@ -706,7 +706,8 @@ } ] }, - "UpdateReplacePolicy": "Snapshot" + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" }, "DatabaseInstance1844F58FD": { "Type": "AWS::RDS::DBInstance", @@ -724,7 +725,9 @@ "VPCPrivateSubnet1DefaultRouteAE1D6490", "VPCPrivateSubnet2DefaultRouteF4F5CFD2", "VPCPrivateSubnet3DefaultRoute27F311AE" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "DatabaseInstance2AA380DEE": { "Type": "AWS::RDS::DBInstance", @@ -742,7 +745,9 @@ "VPCPrivateSubnet1DefaultRouteAE1D6490", "VPCPrivateSubnet2DefaultRouteF4F5CFD2", "VPCPrivateSubnet3DefaultRoute27F311AE" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "DatabaseRotationSingleUserSecurityGroupAC6E0E73": { "Type": "AWS::EC2::SecurityGroup", diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-s3.expected.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-s3.expected.json index 710884195806a..5a738ecfb69e0 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-s3.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-s3.expected.json @@ -668,7 +668,8 @@ } ] }, - "UpdateReplacePolicy": "Snapshot" + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" }, "DatabaseInstance1844F58FD": { "Type": "AWS::RDS::DBInstance", @@ -686,7 +687,9 @@ "DependsOn": [ "VPCPublicSubnet1DefaultRoute91CEF279", "VPCPublicSubnet2DefaultRouteB7481BBA" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "DatabaseInstance2AA380DEE": { "Type": "AWS::RDS::DBInstance", @@ -704,7 +707,9 @@ "DependsOn": [ "VPCPublicSubnet1DefaultRoute91CEF279", "VPCPublicSubnet2DefaultRouteB7481BBA" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster.expected.json b/packages/@aws-cdk/aws-rds/test/integ.cluster.expected.json index 37f63d001843e..4568fd96bbbe4 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster.expected.json @@ -500,7 +500,8 @@ } ] }, - "UpdateReplacePolicy": "Snapshot" + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" }, "DatabaseInstance1844F58FD": { "Type": "AWS::RDS::DBInstance", @@ -518,7 +519,9 @@ "DependsOn": [ "VPCPublicSubnet1DefaultRoute91CEF279", "VPCPublicSubnet2DefaultRouteB7481BBA" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "DatabaseInstance2AA380DEE": { "Type": "AWS::RDS::DBInstance", @@ -536,7 +539,9 @@ "DependsOn": [ "VPCPublicSubnet1DefaultRoute91CEF279", "VPCPublicSubnet2DefaultRouteB7481BBA" - ] + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance-from-generated-password.expected.json b/packages/@aws-cdk/aws-rds/test/integ.instance-from-generated-password.expected.json index a01587728dac5..ca2ee08c781ad 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance-from-generated-password.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance-from-generated-password.expected.json @@ -619,7 +619,8 @@ } ] }, - "UpdateReplacePolicy": "Snapshot" + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json b/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json index cd2478b15b818..cb882959488fb 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json @@ -377,7 +377,9 @@ "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" } ] - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "DatabaseSecurityGroup5C91FDCB": { "Type": "AWS::EC2::SecurityGroup", @@ -613,4 +615,4 @@ "DeletionPolicy": "Delete" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json index ca91f92e62644..8a05969830f29 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json @@ -694,7 +694,8 @@ } ] }, - "UpdateReplacePolicy": "Snapshot" + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" }, "InstanceLogRetentiontrace487771C8": { "Type": "Custom::LogRetention", @@ -832,7 +833,6 @@ ] }, "functionName": "awscdkrdsinstanceInstanceRotationSingleUserAFE3C214", - "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", "vpcSubnetIds": { "Fn::Join": [ "", @@ -852,7 +852,8 @@ "InstanceRotationSingleUserSecurityGroupF3FB5C25", "GroupId" ] - } + }, + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" } } }, @@ -1094,13 +1095,13 @@ "Code": { "ZipFile": "exports.handler = (event) => console.log(event);" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "FunctionServiceRole675BB04A", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -1122,4 +1123,4 @@ "Description": "Artifact hash for asset \"884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json b/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json index 3a77314058702..84e4ac67de156 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json @@ -463,7 +463,8 @@ } ] }, - "UpdateReplacePolicy": "Snapshot" + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" }, "dbProxyIAMRole662F3AB8": { "Type": "AWS::IAM::Role", @@ -522,7 +523,6 @@ ], "DBProxyName": "dbProxy", "EngineFamily": "POSTGRESQL", - "RequireTLS": true, "RoleArn": { "Fn::GetAtt": [ "dbProxyIAMRole662F3AB8", @@ -536,7 +536,8 @@ { "Ref": "vpcPrivateSubnet2Subnet7031C2BA" } - ] + ], + "RequireTLS": true } }, "dbProxyProxyTargetGroup8DA26A77": { @@ -545,6 +546,7 @@ "DBProxyName": { "Ref": "dbProxy3B89EAF2" }, + "TargetGroupName": "default", "ConnectionPoolConfigurationInfo": { "ConnectionBorrowTimeout": 30, "MaxConnectionsPercent": 50 @@ -553,9 +555,8 @@ { "Ref": "dbInstance4076B1EC" } - ], - "TargetGroupName": "default" + ] } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster.expected.json b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster.expected.json index 3d392f574621e..752eae1b22894 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.serverless-cluster.expected.json @@ -432,7 +432,8 @@ } ] }, - "UpdateReplacePolicy": "Snapshot" + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/test.cluster.ts b/packages/@aws-cdk/aws-rds/test/test.cluster.ts index fc877641dcc42..bfa16c89f5717 100644 --- a/packages/@aws-cdk/aws-rds/test/test.cluster.ts +++ b/packages/@aws-cdk/aws-rds/test/test.cluster.ts @@ -1,4 +1,4 @@ -import { ABSENT, countResources, expect, haveResource, haveResourceLike, ResourcePart, SynthUtils } from '@aws-cdk/assert'; +import { countResources, expect, haveResource, haveResourceLike, ResourcePart, SynthUtils } from '@aws-cdk/assert'; import * as ec2 from '@aws-cdk/aws-ec2'; import { ManagedPolicy, Role, ServicePrincipal } from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; @@ -39,14 +39,14 @@ export = { MasterUserPassword: 'tooshort', VpcSecurityGroupIds: [{ 'Fn::GetAtt': ['DatabaseSecurityGroup5C91FDCB', 'GroupId'] }], }, - DeletionPolicy: ABSENT, + DeletionPolicy: 'Snapshot', UpdateReplacePolicy: 'Snapshot', }, ResourcePart.CompleteDefinition)); expect(stack).to(countResources('AWS::RDS::DBInstance', 2)); expect(stack).to(haveResource('AWS::RDS::DBInstance', { - DeletionPolicy: ABSENT, - UpdateReplacePolicy: ABSENT, + DeletionPolicy: 'Delete', + UpdateReplacePolicy: 'Delete', }, ResourcePart.CompleteDefinition)); test.done(); @@ -1674,7 +1674,7 @@ export = { VpcSecurityGroupIds: [{ 'Fn::GetAtt': ['DatabaseSecurityGroup5C91FDCB', 'GroupId'] }], SnapshotIdentifier: 'mySnapshot', }, - DeletionPolicy: ABSENT, + DeletionPolicy: 'Snapshot', UpdateReplacePolicy: 'Snapshot', }, ResourcePart.CompleteDefinition)); diff --git a/packages/@aws-cdk/aws-rds/test/test.database-secretmanager.ts b/packages/@aws-cdk/aws-rds/test/test.database-secretmanager.ts index 8d6310d21ce42..06170b82f50ec 100644 --- a/packages/@aws-cdk/aws-rds/test/test.database-secretmanager.ts +++ b/packages/@aws-cdk/aws-rds/test/test.database-secretmanager.ts @@ -1,4 +1,4 @@ -import { ABSENT, expect, haveResource, ResourcePart } from '@aws-cdk/assert'; +import { expect, haveResource, ResourcePart } from '@aws-cdk/assert'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; import * as cdk from '@aws-cdk/core'; @@ -41,7 +41,7 @@ export = { }, ], }, - DeletionPolicy: ABSENT, + DeletionPolicy: 'Snapshot', UpdateReplacePolicy: 'Snapshot', }, ResourcePart.CompleteDefinition)); diff --git a/packages/@aws-cdk/aws-rds/test/test.instance.ts b/packages/@aws-cdk/aws-rds/test/test.instance.ts index 7591a576946cb..fd09b15d08ec6 100644 --- a/packages/@aws-cdk/aws-rds/test/test.instance.ts +++ b/packages/@aws-cdk/aws-rds/test/test.instance.ts @@ -114,7 +114,7 @@ export = { }, ], }, - DeletionPolicy: ABSENT, + DeletionPolicy: 'Snapshot', UpdateReplacePolicy: 'Snapshot', }, ResourcePart.CompleteDefinition)); diff --git a/packages/@aws-cdk/aws-rds/test/test.serverless-cluster.ts b/packages/@aws-cdk/aws-rds/test/test.serverless-cluster.ts index de3c8a0018beb..d42791979872a 100644 --- a/packages/@aws-cdk/aws-rds/test/test.serverless-cluster.ts +++ b/packages/@aws-cdk/aws-rds/test/test.serverless-cluster.ts @@ -1,4 +1,4 @@ -import { ABSENT, expect, haveResource, haveResourceLike, ResourcePart, SynthUtils } from '@aws-cdk/assert'; +import { expect, haveResource, haveResourceLike, ResourcePart, SynthUtils } from '@aws-cdk/assert'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; @@ -44,7 +44,7 @@ export = { }, ], }, - DeletionPolicy: ABSENT, + DeletionPolicy: 'Snapshot', UpdateReplacePolicy: 'Snapshot', }, ResourcePart.CompleteDefinition)); @@ -105,7 +105,7 @@ export = { }, ], }, - DeletionPolicy: ABSENT, + DeletionPolicy: 'Snapshot', UpdateReplacePolicy: 'Snapshot', }, ResourcePart.CompleteDefinition)); test.done(); From d0c4a0f775fc1bb7067d3b41bfa9edfad4052d0e Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Thu, 11 Feb 2021 12:52:33 +0100 Subject: [PATCH 22/37] Fix linter issue --- packages/@aws-cdk/aws-elasticsearch/lib/domain.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts b/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts index 7805cd193662a..905ea5360f139 100644 --- a/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts +++ b/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts @@ -575,7 +575,7 @@ export interface DomainProps { * @default RemovalPolicy.RETAIN */ readonly removalPolicy?: cdk.RemovalPolicy; - + /** * To configure a custom domain configure these options * From 8ae2215191428bfb4f8512b1dfe79e0e06af6ffb Mon Sep 17 00:00:00 2001 From: EC2 Default User Date: Thu, 11 Feb 2021 13:29:51 +0000 Subject: [PATCH 23/37] Update expectation --- .../test/http/integ.user-pool.expected.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.user-pool.expected.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.user-pool.expected.json index cdfdf727a21f3..972fbb4ade33b 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.user-pool.expected.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.user-pool.expected.json @@ -157,7 +157,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" }, "userpoolmyclientFAD947AB": { "Type": "AWS::Cognito::UserPoolClient", From b5b90e9d4e31f979135e5cc94d219df880e90830 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Thu, 11 Feb 2021 14:43:16 +0000 Subject: [PATCH 24/37] Add required policy to EFS --- packages/@aws-cdk/aws-backup/test/selection.test.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-backup/test/selection.test.ts b/packages/@aws-cdk/aws-backup/test/selection.test.ts index b5523b963c20e..d801efb34894c 100644 --- a/packages/@aws-cdk/aws-backup/test/selection.test.ts +++ b/packages/@aws-cdk/aws-backup/test/selection.test.ts @@ -2,7 +2,7 @@ import '@aws-cdk/assert/jest'; import * as dynamodb from '@aws-cdk/aws-dynamodb'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as efs from '@aws-cdk/aws-efs'; -import { Stack } from '@aws-cdk/core'; +import { RemovalPolicy, Stack } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { BackupPlan, BackupResource, BackupSelection } from '../lib'; @@ -128,7 +128,8 @@ test('fromConstruct', () => { class EfsConstruct extends CoreConstruct { constructor(scope: Construct, id: string) { super(scope, id); - new efs.CfnFileSystem(this, 'FileSystem'); + const fs = new efs.CfnFileSystem(this, 'FileSystem'); + fs.applyRemovalPolicy(RemovalPolicy.DESTROY); } } class MyConstruct extends CoreConstruct { From 37143e7481ce142e2e7b0b48b0bce3b1a62fde4b Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 12 Feb 2021 10:31:20 +0000 Subject: [PATCH 25/37] Update integ test --- .../@aws-cdk/aws-backup/test/integ.backup.expected.json | 4 +++- packages/@aws-cdk/aws-backup/test/integ.backup.ts | 3 ++- packages/decdk/test/fixture/tsconfig.json | 7 +++++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-backup/test/integ.backup.expected.json b/packages/@aws-cdk/aws-backup/test/integ.backup.expected.json index 2ba1356211377..1ad2aefc7c46e 100644 --- a/packages/@aws-cdk/aws-backup/test/integ.backup.expected.json +++ b/packages/@aws-cdk/aws-backup/test/integ.backup.expected.json @@ -24,7 +24,9 @@ "DeletionPolicy": "Delete" }, "FileSystem": { - "Type": "AWS::EFS::FileSystem" + "Type": "AWS::EFS::FileSystem", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "Vault23237E5B": { "Type": "AWS::Backup::BackupVault", diff --git a/packages/@aws-cdk/aws-backup/test/integ.backup.ts b/packages/@aws-cdk/aws-backup/test/integ.backup.ts index bf71de03a1cb8..e04d3ba68671a 100644 --- a/packages/@aws-cdk/aws-backup/test/integ.backup.ts +++ b/packages/@aws-cdk/aws-backup/test/integ.backup.ts @@ -16,7 +16,8 @@ class TestStack extends Stack { removalPolicy: RemovalPolicy.DESTROY, }); - new efs.CfnFileSystem(this, 'FileSystem'); + const fs = new efs.CfnFileSystem(this, 'FileSystem'); + fs.applyRemovalPolicy(RemovalPolicy.DESTROY); const vault = new backup.BackupVault(this, 'Vault', { removalPolicy: RemovalPolicy.DESTROY, diff --git a/packages/decdk/test/fixture/tsconfig.json b/packages/decdk/test/fixture/tsconfig.json index 44dbf4775b1a7..1b7d2bae0fab0 100644 --- a/packages/decdk/test/fixture/tsconfig.json +++ b/packages/decdk/test/fixture/tsconfig.json @@ -4,6 +4,7 @@ "charset": "utf8", "declaration": true, "experimentalDecorators": true, + "incremental": true, "inlineSourceMap": true, "inlineSources": true, "lib": [ @@ -22,8 +23,10 @@ "strict": true, "strictNullChecks": true, "strictPropertyInitialization": true, - "stripInternal": true, - "target": "ES2018" + "stripInternal": false, + "target": "ES2018", + "composite": false, + "tsBuildInfoFile": "tsconfig.tsbuildinfo" }, "include": [ "**/*.ts" From 845a02b4ab536ddfe6b0406936fb54e03493884b Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 12 Feb 2021 10:58:05 +0000 Subject: [PATCH 26/37] Update expectations --- .../test/integ.graphql-iam.expected.json | 16 +++++++++------- .../aws-appsync/test/integ.graphql.expected.json | 4 +++- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.expected.json index 4cd9043b28c4b..e7f5a7af98e83 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.expected.json @@ -28,7 +28,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" }, "ApiF70053CD": { "Type": "AWS::AppSync::GraphQLApi", @@ -400,14 +402,12 @@ ] } }, - "Handler": "iam-query.handler", "Role": { "Fn::GetAtt": [ "LambdaIAM687B49AF", "Arn" ] }, - "Runtime": "nodejs12.x", "Environment": { "Variables": { "APPSYNC_ENDPOINT": { @@ -417,7 +417,9 @@ ] } } - } + }, + "Handler": "iam-query.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "LambdaIAMDefaultPolicy96DEA124", @@ -496,14 +498,12 @@ ] } }, - "Handler": "iam-query.handler", "Role": { "Fn::GetAtt": [ "testFailServiceRole9FF22F85", "Arn" ] }, - "Runtime": "nodejs12.x", "Environment": { "Variables": { "APPSYNC_ENDPOINT": { @@ -513,7 +513,9 @@ ] } } - } + }, + "Handler": "iam-query.handler", + "Runtime": "nodejs12.x" }, "DependsOn": [ "testFailServiceRole9FF22F85" diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json index d540f3777ed00..3fadf489fec56 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json @@ -28,7 +28,9 @@ "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}" } - } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" }, "ApiF70053CD": { "Type": "AWS::AppSync::GraphQLApi", From 641a708f839013d00bb207d41dc9bfc58c21c712 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 12 Feb 2021 13:40:56 +0000 Subject: [PATCH 27/37] Only apply L1 check when writing L2 --- packages/@aws-cdk/core/lib/resource.ts | 11 +++++++++++ tools/cfn2ts/lib/codegen.ts | 11 ++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/core/lib/resource.ts b/packages/@aws-cdk/core/lib/resource.ts index fcb8231795642..10e4e2a80fa3d 100644 --- a/packages/@aws-cdk/core/lib/resource.ts +++ b/packages/@aws-cdk/core/lib/resource.ts @@ -12,6 +12,8 @@ import { Token } from './token'; import { RemovalPolicy } from './removal-policy'; import { CfnResource } from './cfn-resource'; +const RESOURCE_SYMBOL = Symbol.for('@aws-cdk/core.Resource'); + /** * Represents the environment a given resource lives in. * Used as the return value for the {@link IResource.env} property. @@ -93,6 +95,13 @@ export interface ResourceProps { * A construct which represents an AWS resource. */ export abstract class Resource extends CoreConstruct implements IResource { + /** + * Check whether the given construct is a Resource + */ + public static isResource(construct: IConstruct): construct is CfnResource { + return construct !== null && typeof(construct) === 'object' && RESOURCE_SYMBOL in construct; + } + public readonly stack: Stack; public readonly env: ResourceEnvironment; @@ -116,6 +125,8 @@ export abstract class Resource extends CoreConstruct implements IResource { constructor(scope: Construct, id: string, props: ResourceProps = {}) { super(scope, id); + Object.defineProperty(this, RESOURCE_SYMBOL, { value: true }); + this.stack = Stack.of(this); this.env = { account: props.account ?? this.stack.account, diff --git a/tools/cfn2ts/lib/codegen.ts b/tools/cfn2ts/lib/codegen.ts index 6c81bb3809eed..203c7b37df4b8 100644 --- a/tools/cfn2ts/lib/codegen.ts +++ b/tools/cfn2ts/lib/codegen.ts @@ -410,7 +410,16 @@ export default class CodeGenerator { const cfnLint = cfnLintAnnotations(resourceType.specName?.fqn ?? ''); if (cfnLint.stateful) { - this.code.line('if (this.cfnOptions.deletionPolicy === undefined) {'); + // Do a statefulness check. A deletionPolicy is required (and in normal operation an UpdateReplacePolicy + // would also be set if a user doesn't do complicated shenanigans, in which case they probably know what + // they're doing. + // + // Only do this for L1s embedded in L2s (to force L2 authors to add a way to set this policy). If we did it for all L1s: + // + // - users working at the L1 level would start getting synthesis failures when we add this feature + // - the `cloudformation-include` library that loads CFN templates to L1s would start failing when it loads + // templates that don't have DeletionPolicy set. + this.code.line(`if (this.node.scope && ${CORE}.Resource.isResource(this.node.scope) && this.cfnOptions.deletionPolicy === undefined) {`); this.code.line(` errors.push(\'\\\'${resourceType.specName?.fqn}\\\' is a stateful resource type, and you must specify a Removal Policy for it. Call \\\'resource.applyRemovalPolicy()\\\'.\');`); this.code.line('}'); } From e906d4c935eacd983369b7643ca9e069ae62f32b Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 12 Feb 2021 17:08:56 +0000 Subject: [PATCH 28/37] Update expectations --- packages/decdk/test/__snapshots__/synth.test.js.snap | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/decdk/test/__snapshots__/synth.test.js.snap b/packages/decdk/test/__snapshots__/synth.test.js.snap index 0befd96765754..d3f2a4de98c71 100644 --- a/packages/decdk/test/__snapshots__/synth.test.js.snap +++ b/packages/decdk/test/__snapshots__/synth.test.js.snap @@ -2874,7 +2874,9 @@ exports[`pure-cfn.json: pure-cfn 1`] = ` Object { "Resources": Object { "Hello4A628BD4": Object { + "DeletionPolicy": "Delete", "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", }, "MyLogGroup": Object { "Properties": Object { @@ -2892,6 +2894,7 @@ exports[`queue-kms.json: queue-kms 1`] = ` Object { "Resources": Object { "MyQueueE6CA6235": Object { + "DeletionPolicy": "Delete", "Properties": Object { "KmsMasterKeyId": Object { "Fn::GetAtt": Array [ @@ -2901,6 +2904,7 @@ Object { }, }, "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", }, "MyQueueKey6C31ABF3": Object { "DeletionPolicy": "Retain", From ee1d015486a49abfcdcf52172f20c7e86b0ec479 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 16 Feb 2021 13:02:13 +0000 Subject: [PATCH 29/37] Test for all combinations of cluster and instance removalpolicy --- packages/@aws-cdk/aws-rds/lib/cluster.ts | 17 +++++----- packages/@aws-cdk/aws-rds/lib/instance.ts | 8 ++--- packages/@aws-cdk/aws-rds/lib/private/util.ts | 13 +------- .../aws-rds/lib/serverless-cluster.ts | 4 +-- .../@aws-cdk/aws-rds/test/cluster.test.ts | 31 +++++++++++++++++++ 5 files changed, 47 insertions(+), 26 deletions(-) diff --git a/packages/@aws-cdk/aws-rds/lib/cluster.ts b/packages/@aws-cdk/aws-rds/lib/cluster.ts index 835f92e736b6e..065e36eb0274c 100644 --- a/packages/@aws-cdk/aws-rds/lib/cluster.ts +++ b/packages/@aws-cdk/aws-rds/lib/cluster.ts @@ -10,7 +10,7 @@ import { IClusterEngine } from './cluster-engine'; import { DatabaseClusterAttributes, IDatabaseCluster } from './cluster-ref'; import { Endpoint } from './endpoint'; import { IParameterGroup } from './parameter-group'; -import { applyRemovalPolicy, DEFAULT_PASSWORD_EXCLUDE_CHARS, defaultDeletionProtection, renderCredentials, setupS3ImportExport } from './private/util'; +import { DEFAULT_PASSWORD_EXCLUDE_CHARS, defaultDeletionProtection, renderCredentials, setupS3ImportExport } from './private/util'; import { BackupProps, Credentials, InstanceProps, PerformanceInsightRetention, RotationSingleUserOptions, RotationMultiUserOptions } from './props'; import { DatabaseProxy, DatabaseProxyOptions, ProxyTarget } from './proxy'; import { CfnDBCluster, CfnDBClusterProps, CfnDBInstance } from './rds.generated'; @@ -512,7 +512,7 @@ export class DatabaseCluster extends DatabaseClusterNew { defaultPort: ec2.Port.tcp(this.clusterEndpoint.port), }); - applyRemovalPolicy(cluster, props.removalPolicy); + cluster.applyRemovalPolicy(props.removalPolicy ?? RemovalPolicy.SNAPSHOT); if (secret) { this.secret = secret.attach(this); @@ -608,7 +608,7 @@ export class DatabaseClusterFromSnapshot extends DatabaseClusterNew { defaultPort: ec2.Port.tcp(this.clusterEndpoint.port), }); - applyRemovalPolicy(cluster, props.removalPolicy); + cluster.applyRemovalPolicy(props.removalPolicy ?? RemovalPolicy.SNAPSHOT); setLogRetention(this, props); createInstances(this, props, this.subnetGroup); @@ -712,12 +712,13 @@ function createInstances(cluster: DatabaseClusterNew, props: DatabaseClusterBase deleteAutomatedBackups: props.instanceProps.deleteAutomatedBackups, }); - // The RemovalPolicy on the cluster is SNAPSHOT by default, or explicitly configured. - // We can safely default to DESTROY for instances that are part of a cluster. + // For instances that are part of a cluster: // - // TODO: This should probably be `DESTROY` always, no, instead of inheriting the - // cluster removal policy? It would lead to useless additional snapshots or retentions... - applyRemovalPolicy(instance, props.removalPolicy ?? RemovalPolicy.DESTROY); + // Cluster DESTROY or SNAPSHOT -> DESTROY (snapshot is good enough to recreate) + // Cluster RETAIN -> RETAIN (otherwise cluster state will disappear) + instance.applyRemovalPolicy(props.removalPolicy === RemovalPolicy.RETAIN + ? RemovalPolicy.RETAIN + : RemovalPolicy.DESTROY); // We must have a dependency on the NAT gateway provider here to create // things in the right order. diff --git a/packages/@aws-cdk/aws-rds/lib/instance.ts b/packages/@aws-cdk/aws-rds/lib/instance.ts index f7315e17ff8ec..abd3b82c5abbe 100644 --- a/packages/@aws-cdk/aws-rds/lib/instance.ts +++ b/packages/@aws-cdk/aws-rds/lib/instance.ts @@ -12,7 +12,7 @@ import { Endpoint } from './endpoint'; import { IInstanceEngine } from './instance-engine'; import { IOptionGroup } from './option-group'; import { IParameterGroup } from './parameter-group'; -import { applyRemovalPolicy, DEFAULT_PASSWORD_EXCLUDE_CHARS, defaultDeletionProtection, engineDescription, renderCredentials, setupS3ImportExport } from './private/util'; +import { DEFAULT_PASSWORD_EXCLUDE_CHARS, defaultDeletionProtection, engineDescription, renderCredentials, setupS3ImportExport } from './private/util'; import { Credentials, PerformanceInsightRetention, RotationMultiUserOptions, RotationSingleUserOptions, SnapshotCredentials } from './props'; import { DatabaseProxy, DatabaseProxyOptions, ProxyTarget } from './proxy'; import { CfnDBInstance, CfnDBInstanceProps } from './rds.generated'; @@ -976,7 +976,7 @@ export class DatabaseInstance extends DatabaseInstanceSource implements IDatabas const portAttribute = Token.asNumber(instance.attrEndpointPort); this.instanceEndpoint = new Endpoint(instance.attrEndpointAddress, portAttribute); - applyRemovalPolicy(instance, props.removalPolicy); + instance.applyRemovalPolicy(props.removalPolicy ?? RemovalPolicy.SNAPSHOT); if (secret) { this.secret = secret.attach(this); @@ -1052,7 +1052,7 @@ export class DatabaseInstanceFromSnapshot extends DatabaseInstanceSource impleme const portAttribute = Token.asNumber(instance.attrEndpointPort); this.instanceEndpoint = new Endpoint(instance.attrEndpointAddress, portAttribute); - applyRemovalPolicy(instance, props.removalPolicy); + instance.applyRemovalPolicy(props.removalPolicy ?? RemovalPolicy.SNAPSHOT); if (secret) { this.secret = secret.attach(this); @@ -1128,7 +1128,7 @@ export class DatabaseInstanceReadReplica extends DatabaseInstanceNew implements const portAttribute = Token.asNumber(instance.attrEndpointPort); this.instanceEndpoint = new Endpoint(instance.attrEndpointAddress, portAttribute); - applyRemovalPolicy(instance, props.removalPolicy); + instance.applyRemovalPolicy(props.removalPolicy ?? RemovalPolicy.SNAPSHOT); this.setLogRetention(); } diff --git a/packages/@aws-cdk/aws-rds/lib/private/util.ts b/packages/@aws-cdk/aws-rds/lib/private/util.ts index 7f829d7d87001..60503f4212ff7 100644 --- a/packages/@aws-cdk/aws-rds/lib/private/util.ts +++ b/packages/@aws-cdk/aws-rds/lib/private/util.ts @@ -1,6 +1,6 @@ import * as iam from '@aws-cdk/aws-iam'; import * as s3 from '@aws-cdk/aws-s3'; -import { CfnDeletionPolicy, CfnResource, RemovalPolicy } from '@aws-cdk/core'; +import { RemovalPolicy } from '@aws-cdk/core'; import { DatabaseSecret } from '../database-secret'; import { IEngine } from '../engine'; import { Credentials } from '../props'; @@ -76,17 +76,6 @@ export function engineDescription(engine: IEngine) { return engine.engineType + (engine.engineVersion?.fullVersion ? `-${engine.engineVersion.fullVersion}` : ''); } -export function applyRemovalPolicy(cfnDatabase: CfnResource, removalPolicy?: RemovalPolicy): void { - if (!removalPolicy) { - // Even though 'SNAPSHOT' is the default for RDS, make it explicit so cfnlint won't complain - cfnDatabase.cfnOptions.deletionPolicy = CfnDeletionPolicy.SNAPSHOT; - cfnDatabase.cfnOptions.updateReplacePolicy = CfnDeletionPolicy.SNAPSHOT; - } else { - // just apply whatever removal policy the customer explicitly provided - cfnDatabase.applyRemovalPolicy(removalPolicy); - } -} - /** * By default, deletion protection is disabled. * Enable if explicitly provided or if the RemovalPolicy has been set to RETAIN diff --git a/packages/@aws-cdk/aws-rds/lib/serverless-cluster.ts b/packages/@aws-cdk/aws-rds/lib/serverless-cluster.ts index 39258de8c7748..90438cbaa1c79 100644 --- a/packages/@aws-cdk/aws-rds/lib/serverless-cluster.ts +++ b/packages/@aws-cdk/aws-rds/lib/serverless-cluster.ts @@ -8,7 +8,7 @@ import { IClusterEngine } from './cluster-engine'; import { Endpoint } from './endpoint'; import { IParameterGroup } from './parameter-group'; import { DATA_API_ACTIONS } from './perms'; -import { applyRemovalPolicy, defaultDeletionProtection, DEFAULT_PASSWORD_EXCLUDE_CHARS, renderCredentials } from './private/util'; +import { defaultDeletionProtection, DEFAULT_PASSWORD_EXCLUDE_CHARS, renderCredentials } from './private/util'; import { Credentials, RotationMultiUserOptions, RotationSingleUserOptions } from './props'; import { CfnDBCluster } from './rds.generated'; import { ISubnetGroup, SubnetGroup } from './subnet-group'; @@ -468,7 +468,7 @@ export class ServerlessCluster extends ServerlessClusterBase { defaultPort: ec2.Port.tcp(this.clusterEndpoint.port), }); - applyRemovalPolicy(cluster, props.removalPolicy); + cluster.applyRemovalPolicy(props.removalPolicy ?? RemovalPolicy.SNAPSHOT); if (secret) { this.secret = secret.attach(this); diff --git a/packages/@aws-cdk/aws-rds/test/cluster.test.ts b/packages/@aws-cdk/aws-rds/test/cluster.test.ts index 4690afde953aa..f5c5df2659e1a 100644 --- a/packages/@aws-cdk/aws-rds/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-rds/test/cluster.test.ts @@ -1840,6 +1840,37 @@ nodeunitShim({ }, }); +test.each([ + [cdk.RemovalPolicy.RETAIN, 'Retain', 'Retain'], + [cdk.RemovalPolicy.SNAPSHOT, 'Snapshot', 'Delete'], + [cdk.RemovalPolicy.DESTROY, 'Delete', 'Delete'], +])('if Cluster RemovalPolicy is \'%s\', the DBCluster has DeletionPolicy \'%s\' and the DBInstance has \'%s\'', (removalPolicy, cluster, instance) => { + const stack = new cdk.Stack(); + + // WHEN + new DatabaseCluster(stack, 'Cluster', { + credentials: { username: 'admin' }, + engine: DatabaseClusterEngine.AURORA, + instanceProps: { + instanceType: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.LARGE), + vpc: new ec2.Vpc(stack, 'Vpc'), + }, + removalPolicy, + }); + + // THEN + expect(stack).to(haveResourceLike('AWS::RDS::DBCluster', { + DeletionPolicy: cluster, + UpdateReplacePolicy: cluster, + }, ResourcePart.CompleteDefinition)); + + expect(stack).to(haveResourceLike('AWS::RDS::DBInstance', { + DeletionPolicy: instance, + UpdateReplacePolicy: instance, + }, ResourcePart.CompleteDefinition)); +}); + + function testStack() { const stack = new cdk.Stack(undefined, undefined, { env: { account: '12345', region: 'us-test-1' } }); stack.node.setContext('availability-zones:12345:us-test-1', ['us-test-1a', 'us-test-1b']); From 0eee52312fbcd75d93c5e72b49ab43b99bcd681a Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 17 Feb 2021 10:39:42 +0000 Subject: [PATCH 30/37] Properly set removalpolicy value of DBSubnetGroup --- packages/@aws-cdk/aws-rds/lib/cluster.ts | 8 +++--- packages/@aws-cdk/aws-rds/lib/instance.ts | 4 +-- packages/@aws-cdk/aws-rds/lib/private/util.ts | 25 +++++++++++++++++ .../@aws-cdk/aws-rds/test/cluster.test.ts | 25 ++++++++++------- .../@aws-cdk/aws-rds/test/instance.test.ts | 27 +++++++++++++++++++ .../test/integ.instance-s3.expected.json | 4 +-- 6 files changed, 73 insertions(+), 20 deletions(-) diff --git a/packages/@aws-cdk/aws-rds/lib/cluster.ts b/packages/@aws-cdk/aws-rds/lib/cluster.ts index 065e36eb0274c..a3f06555afdb9 100644 --- a/packages/@aws-cdk/aws-rds/lib/cluster.ts +++ b/packages/@aws-cdk/aws-rds/lib/cluster.ts @@ -10,7 +10,7 @@ import { IClusterEngine } from './cluster-engine'; import { DatabaseClusterAttributes, IDatabaseCluster } from './cluster-ref'; import { Endpoint } from './endpoint'; import { IParameterGroup } from './parameter-group'; -import { DEFAULT_PASSWORD_EXCLUDE_CHARS, defaultDeletionProtection, renderCredentials, setupS3ImportExport } from './private/util'; +import { DEFAULT_PASSWORD_EXCLUDE_CHARS, defaultDeletionProtection, renderCredentials, setupS3ImportExport, helperRemovalPolicy, renderUnless } from './private/util'; import { BackupProps, Credentials, InstanceProps, PerformanceInsightRetention, RotationSingleUserOptions, RotationMultiUserOptions } from './props'; import { DatabaseProxy, DatabaseProxyOptions, ProxyTarget } from './proxy'; import { CfnDBCluster, CfnDBClusterProps, CfnDBInstance } from './rds.generated'; @@ -310,7 +310,7 @@ abstract class DatabaseClusterNew extends DatabaseClusterBase { description: `Subnets for ${id} database`, vpc: props.instanceProps.vpc, vpcSubnets: props.instanceProps.vpcSubnets, - removalPolicy: props.removalPolicy, + removalPolicy: renderUnless(helperRemovalPolicy(props.removalPolicy), RemovalPolicy.DESTROY), }); this.securityGroups = props.instanceProps.securityGroups ?? [ @@ -716,9 +716,7 @@ function createInstances(cluster: DatabaseClusterNew, props: DatabaseClusterBase // // Cluster DESTROY or SNAPSHOT -> DESTROY (snapshot is good enough to recreate) // Cluster RETAIN -> RETAIN (otherwise cluster state will disappear) - instance.applyRemovalPolicy(props.removalPolicy === RemovalPolicy.RETAIN - ? RemovalPolicy.RETAIN - : RemovalPolicy.DESTROY); + instance.applyRemovalPolicy(helperRemovalPolicy(props.removalPolicy)); // We must have a dependency on the NAT gateway provider here to create // things in the right order. diff --git a/packages/@aws-cdk/aws-rds/lib/instance.ts b/packages/@aws-cdk/aws-rds/lib/instance.ts index abd3b82c5abbe..f6bbe5481a112 100644 --- a/packages/@aws-cdk/aws-rds/lib/instance.ts +++ b/packages/@aws-cdk/aws-rds/lib/instance.ts @@ -12,7 +12,7 @@ import { Endpoint } from './endpoint'; import { IInstanceEngine } from './instance-engine'; import { IOptionGroup } from './option-group'; import { IParameterGroup } from './parameter-group'; -import { DEFAULT_PASSWORD_EXCLUDE_CHARS, defaultDeletionProtection, engineDescription, renderCredentials, setupS3ImportExport } from './private/util'; +import { DEFAULT_PASSWORD_EXCLUDE_CHARS, defaultDeletionProtection, engineDescription, renderCredentials, setupS3ImportExport, helperRemovalPolicy, renderUnless } from './private/util'; import { Credentials, PerformanceInsightRetention, RotationMultiUserOptions, RotationSingleUserOptions, SnapshotCredentials } from './props'; import { DatabaseProxy, DatabaseProxyOptions, ProxyTarget } from './proxy'; import { CfnDBInstance, CfnDBInstanceProps } from './rds.generated'; @@ -642,7 +642,7 @@ abstract class DatabaseInstanceNew extends DatabaseInstanceBase implements IData description: `Subnet group for ${this.node.id} database`, vpc: this.vpc, vpcSubnets: this.vpcPlacement, - removalPolicy: props.removalPolicy, + removalPolicy: renderUnless(helperRemovalPolicy(props.removalPolicy), RemovalPolicy.DESTROY), }); const securityGroups = props.securityGroups || [new ec2.SecurityGroup(this, 'SecurityGroup', { diff --git a/packages/@aws-cdk/aws-rds/lib/private/util.ts b/packages/@aws-cdk/aws-rds/lib/private/util.ts index 60503f4212ff7..0b6e2b72ff0be 100644 --- a/packages/@aws-cdk/aws-rds/lib/private/util.ts +++ b/packages/@aws-cdk/aws-rds/lib/private/util.ts @@ -107,3 +107,28 @@ export function renderCredentials(scope: Construct, engine: IEngine, credentials return renderedCredentials; } + +/** + * The RemovalPolicy that should be applied to a "helper" resource, if the base resource has the given removal policy + * + * - For Clusters, this determines the RemovalPolicy for Instances/SubnetGroups. + * - For Instances, this determines the RemovalPolicy for SubnetGroups. + * + * If the basePolicy is: + * + * DESTROY or SNAPSHOT -> DESTROY (snapshot is good enough to recreate) + * RETAIN -> RETAIN (anything else will lose data or fail to deploy) + * (undefined) -> DESTROY (base policy is assumed to be SNAPSHOT) + */ +export function helperRemovalPolicy(basePolicy?: RemovalPolicy): RemovalPolicy { + return basePolicy === RemovalPolicy.RETAIN + ? RemovalPolicy.RETAIN + : RemovalPolicy.DESTROY; +} + +/** + * Return a given value unless it's the same as another value + */ +export function renderUnless(value: A, suppressValue: A): A | undefined { + return value === suppressValue ? undefined : value; +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/cluster.test.ts b/packages/@aws-cdk/aws-rds/test/cluster.test.ts index f5c5df2659e1a..6bfda0f1cfa50 100644 --- a/packages/@aws-cdk/aws-rds/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-rds/test/cluster.test.ts @@ -1,4 +1,4 @@ -import { countResources, expect, haveResource, haveResourceLike, ResourcePart, SynthUtils } from '@aws-cdk/assert'; +import { ABSENT, countResources, expect, haveResource, haveResourceLike, ResourcePart, SynthUtils } from '@aws-cdk/assert'; import * as ec2 from '@aws-cdk/aws-ec2'; import { ManagedPolicy, Role, ServicePrincipal } from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; @@ -1841,10 +1841,10 @@ nodeunitShim({ }); test.each([ - [cdk.RemovalPolicy.RETAIN, 'Retain', 'Retain'], - [cdk.RemovalPolicy.SNAPSHOT, 'Snapshot', 'Delete'], - [cdk.RemovalPolicy.DESTROY, 'Delete', 'Delete'], -])('if Cluster RemovalPolicy is \'%s\', the DBCluster has DeletionPolicy \'%s\' and the DBInstance has \'%s\'', (removalPolicy, cluster, instance) => { + [cdk.RemovalPolicy.RETAIN, 'Retain', 'Retain', 'Retain'], + [cdk.RemovalPolicy.SNAPSHOT, 'Snapshot', 'Delete', ABSENT], + [cdk.RemovalPolicy.DESTROY, 'Delete', 'Delete', ABSENT], +])('if Cluster RemovalPolicy is \'%s\', the DBCluster has DeletionPolicy \'%s\', the DBInstance has \'%s\' and the DBSubnetGroup has \'%s\'', (clusterRemovalPolicy, clusterValue, instanceValue, subnetValue) => { const stack = new cdk.Stack(); // WHEN @@ -1855,18 +1855,23 @@ test.each([ instanceType: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.LARGE), vpc: new ec2.Vpc(stack, 'Vpc'), }, - removalPolicy, + removalPolicy: clusterRemovalPolicy, }); // THEN expect(stack).to(haveResourceLike('AWS::RDS::DBCluster', { - DeletionPolicy: cluster, - UpdateReplacePolicy: cluster, + DeletionPolicy: clusterValue, + UpdateReplacePolicy: clusterValue, }, ResourcePart.CompleteDefinition)); expect(stack).to(haveResourceLike('AWS::RDS::DBInstance', { - DeletionPolicy: instance, - UpdateReplacePolicy: instance, + DeletionPolicy: instanceValue, + UpdateReplacePolicy: instanceValue, + }, ResourcePart.CompleteDefinition)); + + expect(stack).to(haveResourceLike('AWS::RDS::DBSubnetGroup', { + DeletionPolicy: subnetValue, + UpdateReplacePolicy: subnetValue, }, ResourcePart.CompleteDefinition)); }); diff --git a/packages/@aws-cdk/aws-rds/test/instance.test.ts b/packages/@aws-cdk/aws-rds/test/instance.test.ts index 16011081f13c8..625dfa7074ae3 100644 --- a/packages/@aws-cdk/aws-rds/test/instance.test.ts +++ b/packages/@aws-cdk/aws-rds/test/instance.test.ts @@ -1243,3 +1243,30 @@ nodeunitShim({ test.done(); }, }); + +test.each([ + [cdk.RemovalPolicy.RETAIN, 'Retain', 'Retain'], + [cdk.RemovalPolicy.SNAPSHOT, 'Snapshot', ABSENT], + [cdk.RemovalPolicy.DESTROY, 'Delete', ABSENT], +])('if Instance RemovalPolicy is \'%s\', the instance has DeletionPolicy \'%s\' and the DBSubnetGroup has \'%s\'', (instanceRemovalPolicy, instanceValue, subnetValue) => { + // WHEN + new rds.DatabaseInstance(stack, 'Instance', { + engine: rds.DatabaseInstanceEngine.mysql({ + version: rds.MysqlEngineVersion.VER_8_0_19, + }), + vpc, + vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC }, + removalPolicy: instanceRemovalPolicy, + }); + + // THEN + expect(stack).to(haveResourceLike('AWS::RDS::DBInstance', { + DeletionPolicy: instanceValue, + UpdateReplacePolicy: instanceValue, + }, ResourcePart.CompleteDefinition)); + + expect(stack).to(haveResourceLike('AWS::RDS::DBSubnetGroup', { + DeletionPolicy: subnetValue, + UpdateReplacePolicy: subnetValue, + }, ResourcePart.CompleteDefinition)); +}); diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json b/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json index cb882959488fb..33cf6a9caf5c3 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json @@ -377,9 +377,7 @@ "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" } ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + } }, "DatabaseSecurityGroup5C91FDCB": { "Type": "AWS::EC2::SecurityGroup", From fbd9aa63ac874ed32da5b37e883a38609453264d Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 17 Feb 2021 13:53:41 +0000 Subject: [PATCH 31/37] Update snapshots you know --- ...ueue-processing-fargate-service-isolated.expected.json | 8 ++++++-- .../integ.queue-processing-fargate-service.expected.json | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json index d19d9c6a9fbb9..b1d88ed107154 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json @@ -668,7 +668,9 @@ "Type": "AWS::SQS::Queue", "Properties": { "MessageRetentionPeriod": 1209600 - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "IsolatedQueueServiceEcsProcessingQueueCCE172F1": { "Type": "AWS::SQS::Queue", @@ -682,7 +684,9 @@ }, "maxReceiveCount": 3 } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "IsolatedQueueServiceQueueProcessingTaskDefTaskRoleCFCB7511": { "Type": "AWS::IAM::Role", diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json index 3fd9825b7db3b..889eeefcd985e 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json @@ -359,7 +359,9 @@ "Type": "AWS::SQS::Queue", "Properties": { "MessageRetentionPeriod": 1209600 - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "QueueProcessingServiceEcsProcessingQueue552F0B37": { "Type": "AWS::SQS::Queue", @@ -373,7 +375,9 @@ }, "maxReceiveCount": 3 } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "QueueProcessingServiceQueueProcessingTaskDefTaskRole782B79A6": { "Type": "AWS::IAM::Role", From c1526254947936f54c5c0bfa691b3d7189af8b44 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 19 Feb 2021 13:47:40 +0000 Subject: [PATCH 32/37] Switch to this.node.addValidation() --- .../@aws-cdk/cfnspec/build-tools/build.ts | 4 --- tools/cfn2ts/lib/codegen.ts | 33 ++++++++----------- 2 files changed, 14 insertions(+), 23 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/build-tools/build.ts b/packages/@aws-cdk/cfnspec/build-tools/build.ts index 196c0fac693da..a96688ecc36f1 100644 --- a/packages/@aws-cdk/cfnspec/build-tools/build.ts +++ b/packages/@aws-cdk/cfnspec/build-tools/build.ts @@ -42,8 +42,6 @@ async function generateResourceSpecification(inputDir: string, outFile: string) await fs.mkdirp(path.dirname(outFile)); await fs.writeJson(outFile, spec, { spaces: 2 }); - // eslint-disable-next-line no-console - console.log(outFile); } /** @@ -62,8 +60,6 @@ async function mergeSpecificationFromDirs(inputDir: string, outFile: string) { await fs.mkdirp(path.dirname(outFile)); await fs.writeJson(outFile, spec, { spaces: 2 }); - // eslint-disable-next-line no-console - console.log(outFile); } /** diff --git a/tools/cfn2ts/lib/codegen.ts b/tools/cfn2ts/lib/codegen.ts index a0ec9f3f2f62c..2ba5274267fc7 100644 --- a/tools/cfn2ts/lib/codegen.ts +++ b/tools/cfn2ts/lib/codegen.ts @@ -343,6 +343,13 @@ export default class CodeGenerator { } } } + + // + // Validator + // + this.emitConstructValidator(resourceName); + + // End constructor this.code.closeBlock(); this.code.line(); @@ -354,11 +361,6 @@ export default class CodeGenerator { this.emitCloudFormationProperties(propsType, propMap, schema.isTaggableResource(spec)); } - // - // Validator - // - this.emitConstructValidator(resourceName); - this.closeClass(resourceName); this.endNamespace(resourceName); @@ -391,22 +393,16 @@ export default class CodeGenerator { } /** - * Emit a validator for the given construct + * Add validations for the given construct * * The generated code looks like this: * * ``` - * protected validate(): string[] { - * const errors = new Array(); - * // Validation here... - * return errors; + * this.node.addValidation({ validate: () => /* validation code * / }); * } * ``` */ private emitConstructValidator(resourceType: genspec.CodeName) { - this.code.openBlock('protected validate(): string[]'); - this.code.line('const errors = new Array();'); - const cfnLint = cfnLintAnnotations(resourceType.specName?.fqn ?? ''); if (cfnLint.stateful) { @@ -419,13 +415,12 @@ export default class CodeGenerator { // - users working at the L1 level would start getting synthesis failures when we add this feature // - the `cloudformation-include` library that loads CFN templates to L1s would start failing when it loads // templates that don't have DeletionPolicy set. - this.code.line(`if (this.node.scope && ${CORE}.Resource.isResource(this.node.scope) && this.cfnOptions.deletionPolicy === undefined) {`); - this.code.line(` errors.push(\'\\\'${resourceType.specName?.fqn}\\\' is a stateful resource type, and you must specify a Removal Policy for it. Call \\\'resource.applyRemovalPolicy()\\\'.\');`); - this.code.line('}'); + this.code.openBlock(`if (this.node.scope && ${CORE}.Resource.isResource(this.node.scope))`); + this.code.line('this.node.addValidation({ validate: () => this.cfnOptions.deletionPolicy === undefined'); + this.code.line(` ? [\\\'${resourceType.specName?.fqn}\\\' is a stateful resource type, and you must specify a Removal Policy for it. Call \\\'resource.applyRemovalPolicy()\\\'.\']`); + this.code.line(' : [] });'); + this.code.closeBlock(); } - - this.code.line('return errors;'); - this.code.closeBlock(); } /** From b053d495581e5507af9402e8bdce22326deb80b7 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 19 Feb 2021 14:59:45 +0000 Subject: [PATCH 33/37] Add construct-compat for addValidation() --- packages/@aws-cdk/core/lib/construct-compat.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/packages/@aws-cdk/core/lib/construct-compat.ts b/packages/@aws-cdk/core/lib/construct-compat.ts index 76e95ad38071d..ac7873a837dde 100644 --- a/packages/@aws-cdk/core/lib/construct-compat.ts +++ b/packages/@aws-cdk/core/lib/construct-compat.ts @@ -472,6 +472,13 @@ export class ConstructNode { Aspects.of(this.host).add(aspect); } + /** + * Add a validator to this construct Node + */ + public addValidation(validation: constructs.IValidation) { + this._actualNode.addValidation(validation); + } + /** * All parent scopes of this construct. * From 2f09cc33794c2964e3641c7b1208ad04ce8ce117 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 19 Feb 2021 16:11:05 +0000 Subject: [PATCH 34/37] Make the construct-based validation work --- .../aws-dynamodb/test/dynamodb.test.ts | 27 ++++++++++++++++++- packages/@aws-cdk/aws-s3/test/bucket.test.ts | 2 +- .../@aws-cdk/core/lib/private/synthesis.ts | 7 +++++ tools/cfn2ts/lib/codegen.ts | 2 +- 4 files changed, 35 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-dynamodb/test/dynamodb.test.ts b/packages/@aws-cdk/aws-dynamodb/test/dynamodb.test.ts index 30dae02e8a0df..768094c253213 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/dynamodb.test.ts +++ b/packages/@aws-cdk/aws-dynamodb/test/dynamodb.test.ts @@ -3,8 +3,9 @@ import '@aws-cdk/assert/jest'; import * as appscaling from '@aws-cdk/aws-applicationautoscaling'; import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; -import { App, Aws, CfnDeletionPolicy, ConstructNode, Duration, PhysicalName, RemovalPolicy, Stack, Tags } from '@aws-cdk/core'; +import { App, Aws, CfnDeletionPolicy, ConstructNode, Duration, PhysicalName, RemovalPolicy, Resource, Stack, Tags } from '@aws-cdk/core'; import { testLegacyBehavior } from 'cdk-build-tools/lib/feature-flag'; +import { Construct } from 'constructs'; import { Attribute, AttributeType, @@ -16,6 +17,7 @@ import { Table, TableEncryption, Operation, + CfnTable, } from '../lib'; /* eslint-disable quote-props */ @@ -2814,6 +2816,29 @@ describe('global', () => { }); }); +test('L1 inside L2 expects removalpolicy to have been set', () => { + // Check that the "stateful L1 validation generation" works. Do it here + // because we know DDB tables are stateful. + const app = new App(); + const stack = new Stack(app, 'Stack'); + + class FakeTableL2 extends Resource { + constructor(scope: Construct, id: string) { + super(scope, id); + + new CfnTable(this, 'Resource', { + keySchema: [{ attributeName: 'hash', keyType: 'S' }], + }); + } + } + + new FakeTableL2(stack, 'Table'); + + expect(() => { + SynthUtils.toCloudFormation(stack); + }).toThrow(/is a stateful resource type/); +}); + function testGrant(expectedActions: string[], invocation: (user: iam.IPrincipal, table: Table) => void) { // GIVEN const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-s3/test/bucket.test.ts b/packages/@aws-cdk/aws-s3/test/bucket.test.ts index b54957f32d500..0fb1bffa3726f 100644 --- a/packages/@aws-cdk/aws-s3/test/bucket.test.ts +++ b/packages/@aws-cdk/aws-s3/test/bucket.test.ts @@ -2406,4 +2406,4 @@ describe('bucket', () => { autoDeleteObjects: true, })).toThrow(/Cannot use \'autoDeleteObjects\' property on a bucket without setting removal policy to \'DESTROY\'/); }); -}); +}); \ No newline at end of file diff --git a/packages/@aws-cdk/core/lib/private/synthesis.ts b/packages/@aws-cdk/core/lib/private/synthesis.ts index bcc6ddc94dbc8..2cdb9004c6636 100644 --- a/packages/@aws-cdk/core/lib/private/synthesis.ts +++ b/packages/@aws-cdk/core/lib/private/synthesis.ts @@ -1,5 +1,6 @@ import * as cxapi from '@aws-cdk/cx-api'; import * as constructs from 'constructs'; +import { Node } from 'constructs'; import { Annotations } from '../annotations'; import { Aspects, IAspect } from '../aspect'; import { Construct, IConstruct, SynthesisOptions, ValidationError } from '../construct-compat'; @@ -172,11 +173,17 @@ function validateTree(root: IConstruct) { const errors = new Array(); visit(root, 'pre', construct => { + // Validations added by subclassing (deprecated) for (const message of construct.onValidate()) { errors.push({ message, source: construct as unknown as Construct }); } }); + // Validations added through `node.addValidation()` + errors.push(...Node.of(root).validate().map(e => ({ + message: e.message, source: e.source as unknown as Construct, + }))); + if (errors.length > 0) { const errorList = errors.map(e => `[${e.source.node.path}] ${e.message}`).join('\n '); throw new Error(`Validation failed with the following errors:\n ${errorList}`); diff --git a/tools/cfn2ts/lib/codegen.ts b/tools/cfn2ts/lib/codegen.ts index 2ba5274267fc7..c06fce32e10ff 100644 --- a/tools/cfn2ts/lib/codegen.ts +++ b/tools/cfn2ts/lib/codegen.ts @@ -417,7 +417,7 @@ export default class CodeGenerator { // templates that don't have DeletionPolicy set. this.code.openBlock(`if (this.node.scope && ${CORE}.Resource.isResource(this.node.scope))`); this.code.line('this.node.addValidation({ validate: () => this.cfnOptions.deletionPolicy === undefined'); - this.code.line(` ? [\\\'${resourceType.specName?.fqn}\\\' is a stateful resource type, and you must specify a Removal Policy for it. Call \\\'resource.applyRemovalPolicy()\\\'.\']`); + this.code.line(` ? [\'\\\'${resourceType.specName?.fqn}\\\' is a stateful resource type, and you must specify a Removal Policy for it. Call \\\'resource.applyRemovalPolicy()\\\'.\']`); this.code.line(' : [] });'); this.code.closeBlock(); } From 1b0e8948f21c3c014a814e678cdfbcbe15fda227 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 19 Feb 2021 16:23:48 +0000 Subject: [PATCH 35/37] Thanks eslint --- packages/@aws-cdk/core/lib/private/synthesis.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/@aws-cdk/core/lib/private/synthesis.ts b/packages/@aws-cdk/core/lib/private/synthesis.ts index 2cdb9004c6636..f3aa847d44e43 100644 --- a/packages/@aws-cdk/core/lib/private/synthesis.ts +++ b/packages/@aws-cdk/core/lib/private/synthesis.ts @@ -1,6 +1,5 @@ import * as cxapi from '@aws-cdk/cx-api'; import * as constructs from 'constructs'; -import { Node } from 'constructs'; import { Annotations } from '../annotations'; import { Aspects, IAspect } from '../aspect'; import { Construct, IConstruct, SynthesisOptions, ValidationError } from '../construct-compat'; @@ -180,7 +179,7 @@ function validateTree(root: IConstruct) { }); // Validations added through `node.addValidation()` - errors.push(...Node.of(root).validate().map(e => ({ + errors.push(...constructs.Node.of(root).validate().map(e => ({ message: e.message, source: e.source as unknown as Construct, }))); From d18bf9d4d8d5ddc611461f9fd8997ecfe8d9da80 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 22 Feb 2021 11:12:12 +0000 Subject: [PATCH 36/37] Test tells me compatibility is already ensured! ON to the new way! --- packages/@aws-cdk/core/lib/private/synthesis.ts | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/core/lib/private/synthesis.ts b/packages/@aws-cdk/core/lib/private/synthesis.ts index f3aa847d44e43..737f11367e13f 100644 --- a/packages/@aws-cdk/core/lib/private/synthesis.ts +++ b/packages/@aws-cdk/core/lib/private/synthesis.ts @@ -171,14 +171,9 @@ function synthesizeTree(root: IConstruct, builder: cxapi.CloudAssemblyBuilder) { function validateTree(root: IConstruct) { const errors = new Array(); - visit(root, 'pre', construct => { - // Validations added by subclassing (deprecated) - for (const message of construct.onValidate()) { - errors.push({ message, source: construct as unknown as Construct }); - } - }); - // Validations added through `node.addValidation()` + // This automatically also includes Ye Olde Method of validating, using + // the `protected validate()` methods. errors.push(...constructs.Node.of(root).validate().map(e => ({ message: e.message, source: e.source as unknown as Construct, }))); From 3edf12a3451781de4e16a69488667a4787653174 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 22 Feb 2021 13:52:01 +0000 Subject: [PATCH 37/37] Update expectations --- ....queue-processing-fargate-service-public.expected.json | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json index 104e2f2e6f45f..fd8f791e3a868 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json @@ -518,7 +518,9 @@ "Type": "AWS::SQS::Queue", "Properties": { "MessageRetentionPeriod": 1209600 - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "PublicQueueServiceEcsProcessingQueue84CD309D": { "Type": "AWS::SQS::Queue", @@ -532,7 +534,9 @@ }, "maxReceiveCount": 3 } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "PublicQueueServiceQueueProcessingTaskDefTaskRole172D980F": { "Type": "AWS::IAM::Role",