Merge branch 'main' into issue#791

Author: kaiz-io

.github/workflows/build-pull-request.yml

@@ -33,7 +33,7 @@ jobs:
       # Get the list of changed files, excluding Markdown files and deleted files
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99
+        uses: tj-actions/changed-files@9934ab3fdf63239da75d9e0fbd339c48620c72c4
         with:
           files: ${{ matrix.language }}/**
           files_ignore: '**/*.md'

typescript/amplify-console-app/package.json

@@ -19,7 +19,7 @@
     "typescript": "~5.6.3"
   },
   "dependencies": {
-    "aws-cdk-lib": "2.185.0",
+    "aws-cdk-lib": "2.189.1",
     "constructs": "^10.0.0"
   }
 }

typescript/elasticbeanstalk/elasticbeanstalk-environment/README.md

@@ -30,4 +30,18 @@ cdk synth
 cdk bootstrap
 cdk deploy
 
-```
+```
+
+#### How to retrieve platform or solutionStackName?
+
+- `platform`
+```shell
+aws elasticbeanstalk list-platform-versions \
+    --query 'PlatformSummaryList[*].[PlatformArn,PlatformBranchName]' --output table
+```
+
+- `solutionStackName`
+```shell
+aws elasticbeanstalk list-available-solution-stacks \
+    --query 'SolutionStackDetails[*].[SolutionStackName]' --output table
+```

typescript/elasticbeanstalk/elasticbeanstalk-environment/cdk.json

@@ -1,6 +1,7 @@
 {
     "context": {
-        "platform": "arn:aws:elasticbeanstalk:us-east-1::platform/Tomcat 8 with Java 8 running on 64bit Amazon Linux"
+        "platform": "arn:aws:elasticbeanstalk:us-east-1::platform/Corretto 21 running on 64bit Amazon Linux 2023/4.5.0",
+        "solution": "64bit Amazon Linux 2023 v6.5.0 running Node.js 20"
     },
     "app": "node index"
 }

typescript/elasticbeanstalk/elasticbeanstalk-environment/index.ts

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 import * as cdk from 'aws-cdk-lib';
-import * as elasticbeanstalk from 'aws-cdk-lib/aws-elasticbeanstalk';
+import { CfnApplication, CfnEnvironment } from 'aws-cdk-lib/aws-elasticbeanstalk';
+import { InstanceProfile, ManagedPolicy, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
 
 
 export class CdkStack extends cdk.Stack {
@@ -11,21 +12,57 @@ export class CdkStack extends cdk.Stack {
     const node = this.node;
 
     const appName = 'MyApp';
-
     const platform = node.tryGetContext("platform");
+    const solution = node.tryGetContext("solution");
+
+
+    // Create Role: 
+    const ebRole = new Role(this, `${appName}-eb-role` , {
+      assumedBy: new ServicePrincipal('ec2.amazonaws.com'),
+      roleName:`${appName}-eb-role`
+    });
+  
+    // some managed policies eb must have
+    ebRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AWSElasticBeanstalkWebTier'));
+    ebRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AWSElasticBeanstalkMulticontainerDocker'));
+    ebRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AWSElasticBeanstalkWorkerTier'));
+
+    //Custom policies
+    //access to config secrets
+  
+    const roleARN = ebRole.roleArn;
+
+   // Create instance profile
+    const instanceProfile = new InstanceProfile(this, `${appName}-instance-role`, {
+      role: ebRole,
+      instanceProfileName: `${appName}-instance-role`,
+    })
 
-    const app = new elasticbeanstalk.CfnApplication(this, 'Application', {
+    const app = new CfnApplication(this, `${appName}-Application`, {
       applicationName: appName
     });
 
-    const env = new elasticbeanstalk.CfnEnvironment(this, 'Environment', {
-      environmentName: 'MySampleEnvironment',
-      applicationName: app.applicationName || appName,
-      platformArn: platform
+    const env = new CfnEnvironment(this, `${appName}-Environment`, {
+      environmentName: `${appName}-Environment`,
+      applicationName: appName,
+      solutionStackName: solution,
+      //platformArn: platform,
+      optionSettings: [
+        {
+          namespace: "aws:autoscaling:launchconfiguration",
+          optionName: "IamInstanceProfile",
+          value: instanceProfile.instanceProfileArn,
+        },
+        {
+          namespace: "aws:elasticbeanstalk:environment",
+          optionName: "EnvironmentType",
+          value: "SingleInstance", 
+        },
+      ]
     });
 
     // to ensure the application is created before the environment
-    env.addDependsOn(app);
+    env.addDependency(app);
   }
 }
 

typescript/elasticbeanstalk/elasticbeanstalk-environment/package.json

@@ -20,7 +20,7 @@
     "aws-cdk": "2.1004.0"
   },
   "dependencies": {
-    "aws-cdk-lib": "2.185.0",
+    "aws-cdk-lib": "2.188.0",
     "constructs": "^10.0.0",
     "source-map-support": "^0.5.9"
   }

typescript/elasticbeanstalk/elasticbeanstalk-environment/tsconfig.json

@@ -1,20 +1,23 @@
 {
   "compilerOptions": {
-      "target":"ES2018",
-      "module": "commonjs",
-      "lib": ["es2016", "es2017.object", "es2017.string"],
-      "strict": true,
-      "noImplicitAny": true,
-      "strictNullChecks": true,
-      "noImplicitThis": true,
-      "alwaysStrict": true,
-      "noUnusedLocals": true,
-      "noUnusedParameters": true,
-      "noImplicitReturns": true,
-      "noFallthroughCasesInSwitch": false,
-      "inlineSourceMap": true,
-      "inlineSources": true,
-      "experimentalDecorators": true,
-      "strictPropertyInitialization":false
-  }
-}
+    "target": "ES2020",
+    "module": "commonjs",
+    "lib": ["es2020"],
+    "declaration": true,
+    "strict": true,
+    "noImplicitAny": true,
+    "strictNullChecks": true,
+    "noImplicitThis": true,
+    "alwaysStrict": true,
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": false,
+    "inlineSourceMap": true,
+    "inlineSources": true,
+    "experimentalDecorators": true,
+    "strictPropertyInitialization": false,
+    "typeRoots": ["./node_modules/@types"]
+  },
+  "exclude": ["node_modules", "cdk.out"]
+}

typescript/ssm-document-association/README.md

@@ -0,0 +1,89 @@
+# SSM Document Association
+
+<!--BEGIN STABILITY BANNER-->
+---
+
+![Stability: Stable](https://img.shields.io/badge/stability-Stable-success.svg?style=for-the-badge)
+
+> **This is a stable example. It should successfully build out of the box**
+>
+> This example is built on Construct Libraries marked "Stable" and does not have any infrastructure prerequisites to build.
+---
+<!--END STABILITY BANNER-->
+
+## Overview
+
+An example that shows how to create an SSM document and associate it with targets that meet certain conditions — in this case, based on a tag and value. Additionally, an EC2 instance is deployed with this specific tag-value combination, so the document will be executed on that instance. The document will write the current timestamp to a file on the instance every 30 minutes.
+
+## How it works
+
+1. SSM Document is created with a command to write the current timestamp to a file.
+2. SSM Document Association is created with a target tag, parameter, and schedule.
+3. An EC2 instance is created with the same tag-value combination as the SSM Document Association target.
+4. You can connect to the EC2 instance using AWS Session Manager.
+5. Verify the existence of the file with the timestamp.
+
+
+## Build and Deploy
+
+1. Ensure aws-cdk is installed and your AWS account/region is [bootstrapped](https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html).
+
+```bash
+npm install -g aws-cdk
+cdk bootstrap
+```
+
+2. Build and deploy.
+_You will need to have [Docker](https://docs.docker.com/get-docker/) installed and running._
+
+```bash
+npm run build
+cdk deploy
+```
+
+You should see some useful outputs in the terminal:
+
+```bash
+✅  SsmDocumentAssociationStack
+
+✨  Deployment time: 175.86s
+
+Outputs:
+SsmDocumentAssociationStack.DocumentName = WriteTimeToFile
+SsmDocumentAssociationStack.InstanceId = <INSTANCE_ID>
+Stack ARN: <STACK_ARN>
+
+✨  Total time: 67.29s
+```
+
+## Try it out
+
+1. Deploy the stack and connect to the EC2 instance using AWS Session Manager. 
+
+2. Verify the existence of the file with the timestamp.
+
+```bash
+$ ls /opt/aws/time_records/
+time_20250414_195134.txt
+$ cat /opt/aws/time_records/time_20250414_195134.txt
+Mon Apr 14 19:51:34 UTC 2025
+```
+
+3. Try again, 30 minutes later, and see the new file created.
+
+```bash
+$ ls /opt/aws/time_records/
+time_20250414_195134.txt  time_20250414_201930.txt
+$ cat /opt/aws/time_records/time_20250414_201930.txt
+Mon Apr 14 20:19:30 UTC 2025
+```
+
+
+## Useful commands
+
+ * `npm run build`   compile typescript to js
+ * `npm run watch`   watch for changes and compile
+ * `npm run test`    perform the jest unit tests
+ * `cdk deploy`      deploy this stack to your default AWS account/region
+ * `cdk diff`        compare deployed stack with current state
+ * `cdk synth`       emits the synthesized CloudFormation template

typescript/ssm-document-association/bin/ssm-document-association.ts

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+import * as cdk from 'aws-cdk-lib';
+import { SsmDocumentAssociationStack } from '../lib/ssm-document-association-stack';
+
+const app = new cdk.App();
+new SsmDocumentAssociationStack(app, 'SsmDocumentAssociationStack');

typescript/ssm-document-association/cdk.json

@@ -0,0 +1,90 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/ssm-document-association.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+    "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+    "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+    "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+    "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
+    "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
+    "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
+    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+    "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false,
+    "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true,
+    "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true,
+    "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true,
+    "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true,
+    "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true,
+    "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true,
+    "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true,
+    "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true,
+    "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true,
+    "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": true,
+    "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true,
+    "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true,
+    "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true,
+    "@aws-cdk/core:enableAdditionalMetadataCollection": true,
+    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": true,
+    "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true,
+    "@aws-cdk/aws-events:requireEventBusPolicySid": true
+  }
+}