diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.assets.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.assets.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.template.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.template.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/FlowLogsTestStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/FlowLogsTestStack.assets.json similarity index 56% rename from packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/FlowLogsTestStack.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/FlowLogsTestStack.assets.json index 70d37ca7aa3fd..98f7d4d16e15a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/FlowLogsTestStack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/FlowLogsTestStack.assets.json @@ -1,20 +1,6 @@ { "version": "48.0.0", "files": { - "a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c": { - "displayName": "FlowLogsTestStack/Custom::VpcRestrictDefaultSGCustomResourceProvider Code", - "source": { - "path": "asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region-4416417b": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61": { "displayName": "FlowLogsTestStack/Custom::S3AutoDeleteObjectsCustomResourceProvider Code", "source": { @@ -29,16 +15,16 @@ } } }, - "788d742171014f12e2bfb2c42b212a7a0a7beafe53b471ac322664c942aa5099": { + "57931f63e0df2e78d3f925ae440f4fc0feccd7c15163f918047650c6cc738a55": { "displayName": "FlowLogsTestStack Template", "source": { "path": "FlowLogsTestStack.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region-c5b8ff63": { + "current_account-current_region-5ebc1f41": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "788d742171014f12e2bfb2c42b212a7a0a7beafe53b471ac322664c942aa5099.json", + "objectKey": "57931f63e0df2e78d3f925ae440f4fc0feccd7c15163f918047650c6cc738a55.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/FlowLogsTestStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/FlowLogsTestStack.template.json similarity index 69% rename from packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/FlowLogsTestStack.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/FlowLogsTestStack.template.json index 36c34223351ca..f00579aad8de2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/FlowLogsTestStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/FlowLogsTestStack.template.json @@ -87,42 +87,6 @@ "VPCVPCGW99B986DC" ] }, - "VPCPublicSubnet1EIP6AD938E8": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "FlowLogsTestStack/VPC/PublicSubnet1" - } - ] - } - }, - "VPCPublicSubnet1NATGatewayE0556630": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "VPCPublicSubnet1EIP6AD938E8", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, - "Tags": [ - { - "Key": "Name", - "Value": "FlowLogsTestStack/VPC/PublicSubnet1" - } - ] - }, - "DependsOn": [ - "VPCPublicSubnet1DefaultRoute91CEF279", - "VPCPublicSubnet1RouteTableAssociation0B0896DC" - ] - }, "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { @@ -195,7 +159,7 @@ "VPCVPCGW99B986DC" ] }, - "VPCPrivateSubnet1Subnet8BCA10E0": { + "VPCIsolatedSubnet1SubnetEBD00FC6": { "Type": "AWS::EC2::Subnet", "Properties": { "AvailabilityZone": { @@ -211,15 +175,15 @@ "Tags": [ { "Key": "aws-cdk:subnet-name", - "Value": "Private" + "Value": "Isolated" }, { "Key": "aws-cdk:subnet-type", - "Value": "Private" + "Value": "Isolated" }, { "Key": "Name", - "Value": "FlowLogsTestStack/VPC/PrivateSubnet1" + "Value": "FlowLogsTestStack/VPC/IsolatedSubnet1" } ], "VpcId": { @@ -227,13 +191,13 @@ } } }, - "VPCPrivateSubnet1RouteTableBE8A6027": { + "VPCIsolatedSubnet1RouteTableEB156210": { "Type": "AWS::EC2::RouteTable", "Properties": { "Tags": [ { "Key": "Name", - "Value": "FlowLogsTestStack/VPC/PrivateSubnet1" + "Value": "FlowLogsTestStack/VPC/IsolatedSubnet1" } ], "VpcId": { @@ -241,30 +205,18 @@ } } }, - "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "VPCIsolatedSubnet1RouteTableAssociationA2D18F7C": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { - "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + "Ref": "VPCIsolatedSubnet1RouteTableEB156210" }, "SubnetId": { - "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + "Ref": "VPCIsolatedSubnet1SubnetEBD00FC6" } } }, - "VPCPrivateSubnet1DefaultRouteAE1D6490": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "VPCPublicSubnet1NATGatewayE0556630" - }, - "RouteTableId": { - "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" - } - } - }, - "VPCPrivateSubnet2SubnetCFCDAA7A": { + "VPCIsolatedSubnet2Subnet4B1C8CAA": { "Type": "AWS::EC2::Subnet", "Properties": { "AvailabilityZone": { @@ -280,15 +232,15 @@ "Tags": [ { "Key": "aws-cdk:subnet-name", - "Value": "Private" + "Value": "Isolated" }, { "Key": "aws-cdk:subnet-type", - "Value": "Private" + "Value": "Isolated" }, { "Key": "Name", - "Value": "FlowLogsTestStack/VPC/PrivateSubnet2" + "Value": "FlowLogsTestStack/VPC/IsolatedSubnet2" } ], "VpcId": { @@ -296,13 +248,13 @@ } } }, - "VPCPrivateSubnet2RouteTable0A19E10E": { + "VPCIsolatedSubnet2RouteTable9B4F78DC": { "Type": "AWS::EC2::RouteTable", "Properties": { "Tags": [ { "Key": "Name", - "Value": "FlowLogsTestStack/VPC/PrivateSubnet2" + "Value": "FlowLogsTestStack/VPC/IsolatedSubnet2" } ], "VpcId": { @@ -310,26 +262,14 @@ } } }, - "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "VPCIsolatedSubnet2RouteTableAssociation7BF8E0EB": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { - "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" }, "SubnetId": { - "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" - } - } - }, - "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "VPCPublicSubnet1NATGatewayE0556630" - }, - "RouteTableId": { - "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + "Ref": "VPCIsolatedSubnet2Subnet4B1C8CAA" } } }, @@ -355,34 +295,12 @@ } } }, - "VPCRestrictDefaultSecurityGroupCustomResource59474679": { - "Type": "Custom::VpcRestrictDefaultSG", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", - "Arn" - ] - }, - "DefaultSecurityGroupId": { - "Fn::GetAtt": [ - "VPCB9E5F0B4", - "DefaultSecurityGroup" - ] - }, - "Account": { - "Ref": "AWS::AccountId" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "VPCFlowLogsKinesisDataFirehoseFlowLog41C8928A": { + "VPCFlowLogsFirehoseFlowLogA2070211": { "Type": "AWS::EC2::FlowLog", "Properties": { "LogDestination": { "Fn::GetAtt": [ - "DeliveryStream", + "DeliveryStream58CF96DB", "Arn" ] }, @@ -394,106 +312,12 @@ "Tags": [ { "Key": "Name", - "Value": "FlowLogsTestStack/VPC/FlowLogsKinesisDataFirehose" + "Value": "FlowLogsTestStack/VPC/FlowLogsFirehose" } ], "TrafficType": "ALL" } }, - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ], - "Policies": [ - { - "PolicyName": "Inline", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:RevokeSecurityGroupEgress" - ], - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":ec2:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":security-group/", - { - "Fn::GetAtt": [ - "VPCB9E5F0B4", - "DefaultSecurityGroup" - ] - } - ] - ] - } - ] - } - ] - } - } - ] - } - }, - "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "__entrypoint__.handler", - "Role": { - "Fn::GetAtt": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", - "Arn" - ] - }, - "Runtime": "nodejs22.x", - "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" - }, - "DependsOn": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" - ] - }, "FlowLogsCWIAMRole017AD736": { "Type": "AWS::IAM::Role", "Properties": { @@ -729,7 +553,7 @@ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" ] }, - "Role1ABCC5F0": { + "DeliveryStreamS3DestinationRoleD96B8345": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -746,7 +570,7 @@ } } }, - "RoleDefaultPolicy5FFB7DAB": { + "DeliveryStreamS3DestinationRoleDefaultPolicyF652AD65": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -787,32 +611,23 @@ ] } ] - }, - { - "Action": [ - "kinesis:DescribeStream", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:ListShards" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" }, - "PolicyName": "RoleDefaultPolicy5FFB7DAB", + "PolicyName": "DeliveryStreamS3DestinationRoleDefaultPolicyF652AD65", "Roles": [ { - "Ref": "Role1ABCC5F0" + "Ref": "DeliveryStreamS3DestinationRoleD96B8345" } ] } }, - "DeliveryStream": { + "DeliveryStream58CF96DB": { "Type": "AWS::KinesisFirehose::DeliveryStream", "Properties": { - "S3DestinationConfiguration": { + "DeliveryStreamType": "DirectPut", + "ExtendedS3DestinationConfiguration": { "BucketARN": { "Fn::GetAtt": [ "Bucket83908E77", @@ -821,11 +636,126 @@ }, "RoleARN": { "Fn::GetAtt": [ - "Role1ABCC5F0", + "DeliveryStreamS3DestinationRoleD96B8345", "Arn" ] } } + }, + "DependsOn": [ + "DeliveryStreamS3DestinationRoleDefaultPolicyF652AD65" + ] + } + }, + "Mappings": { + "awscdkawskinesisfirehoseCidrBlocks": { + "af-south-1": { + "FirehoseCidrBlock": "13.244.121.224/27" + }, + "ap-east-1": { + "FirehoseCidrBlock": "18.162.221.32/27" + }, + "ap-east-2": { + "FirehoseCidrBlock": "43.212.53.160/27" + }, + "ap-northeast-1": { + "FirehoseCidrBlock": "13.113.196.224/27" + }, + "ap-northeast-2": { + "FirehoseCidrBlock": "13.209.1.64/27" + }, + "ap-northeast-3": { + "FirehoseCidrBlock": "13.208.177.192/27" + }, + "ap-south-1": { + "FirehoseCidrBlock": "13.232.67.32/27" + }, + "ap-south-2": { + "FirehoseCidrBlock": "18.60.192.128/27" + }, + "ap-southeast-1": { + "FirehoseCidrBlock": "13.228.64.192/27" + }, + "ap-southeast-2": { + "FirehoseCidrBlock": "13.210.67.224/27" + }, + "ap-southeast-3": { + "FirehoseCidrBlock": "108.136.221.64/27" + }, + "ap-southeast-4": { + "FirehoseCidrBlock": "16.50.161.128/27" + }, + "ap-southeast-5": { + "FirehoseCidrBlock": "43.216.58.0/27" + }, + "ap-southeast-7": { + "FirehoseCidrBlock": "43.208.112.96/27" + }, + "ca-central-1": { + "FirehoseCidrBlock": "35.183.92.128/27" + }, + "ca-west-1": { + "FirehoseCidrBlock": "40.176.98.192/27" + }, + "cn-north-1": { + "FirehoseCidrBlock": "52.81.151.32/27" + }, + "cn-northwest-1": { + "FirehoseCidrBlock": "161.189.23.64/27" + }, + "eu-central-1": { + "FirehoseCidrBlock": "35.158.127.160/27" + }, + "eu-central-2": { + "FirehoseCidrBlock": "16.62.183.32/27" + }, + "eu-north-1": { + "FirehoseCidrBlock": "13.53.63.224/27" + }, + "eu-south-1": { + "FirehoseCidrBlock": "15.161.135.128/27" + }, + "eu-south-2": { + "FirehoseCidrBlock": "18.100.71.96/27" + }, + "eu-west-1": { + "FirehoseCidrBlock": "52.19.239.192/27" + }, + "eu-west-2": { + "FirehoseCidrBlock": "18.130.1.96/27" + }, + "eu-west-3": { + "FirehoseCidrBlock": "35.180.1.96/27" + }, + "il-central-1": { + "FirehoseCidrBlock": "51.16.102.0/27" + }, + "me-central-1": { + "FirehoseCidrBlock": "3.28.159.32/27" + }, + "me-south-1": { + "FirehoseCidrBlock": "15.185.91.0/27" + }, + "sa-east-1": { + "FirehoseCidrBlock": "18.228.1.128/27" + }, + "us-east-1": { + "FirehoseCidrBlock": "52.70.63.192/27" + }, + "us-east-2": { + "FirehoseCidrBlock": "13.58.135.96/27" + }, + "us-gov-east-1": { + "FirehoseCidrBlock": "18.253.138.96/27" + }, + "us-gov-west-1": { + "FirehoseCidrBlock": "52.61.204.160/27" + }, + "us-west-1": { + "FirehoseCidrBlock": "13.57.135.192/27" + }, + "us-west-2": { + "FirehoseCidrBlock": "52.89.255.224/27" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js rename to packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61/index.js diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/cdk.out rename to packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/cdk.out diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/integ.json similarity index 92% rename from packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/integ.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/integ.json index d9054540eda96..a51735edacb5f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/integ.json @@ -5,7 +5,6 @@ "stacks": [ "FlowLogsTestStack" ], - "diffAssets": true, "assertionStack": "FlowLogs/DefaultTest/DeployAssert", "assertionStackName": "FlowLogsDefaultTestDeployAssert6AFD1854" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/manifest.json similarity index 90% rename from packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/manifest.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/manifest.json index 0000560bd96b0..5268de952c79c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/788d742171014f12e2bfb2c42b212a7a0a7beafe53b471ac322664c942aa5099.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/57931f63e0df2e78d3f925ae440f4fc0feccd7c15163f918047650c6cc738a55.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -38,7 +38,8 @@ { "type": "aws:cdk:analytics:construct", "data": { - "natGateways": "*" + "natGateways": "*", + "restrictDefaultSecurityGroup": false } } ], @@ -74,14 +75,6 @@ { "type": "aws:cdk:analytics:method", "data": {} - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addNatGateway": [ - "*" - ] - } } ], "/FlowLogsTestStack/VPC/PublicSubnet1/Subnet": [ @@ -108,18 +101,6 @@ "data": "VPCPublicSubnet1DefaultRoute91CEF279" } ], - "/FlowLogsTestStack/VPC/PublicSubnet1/EIP": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCPublicSubnet1EIP6AD938E8" - } - ], - "/FlowLogsTestStack/VPC/PublicSubnet1/NATGateway": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCPublicSubnet1NATGatewayE0556630" - } - ], "/FlowLogsTestStack/VPC/PublicSubnet2": [ { "type": "aws:cdk:analytics:construct", @@ -172,7 +153,7 @@ "data": "VPCPublicSubnet2DefaultRouteB7481BBA" } ], - "/FlowLogsTestStack/VPC/PrivateSubnet1": [ + "/FlowLogsTestStack/VPC/IsolatedSubnet1": [ { "type": "aws:cdk:analytics:construct", "data": { @@ -194,37 +175,27 @@ "ipv6CidrBlock": "*", "assignIpv6AddressOnCreation": "*" } - }, - { - "type": "aws:cdk:analytics:method", - "data": {} - } - ], - "/FlowLogsTestStack/VPC/PrivateSubnet1/Subnet": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCPrivateSubnet1Subnet8BCA10E0" } ], - "/FlowLogsTestStack/VPC/PrivateSubnet1/RouteTable": [ + "/FlowLogsTestStack/VPC/IsolatedSubnet1/Subnet": [ { "type": "aws:cdk:logicalId", - "data": "VPCPrivateSubnet1RouteTableBE8A6027" + "data": "VPCIsolatedSubnet1SubnetEBD00FC6" } ], - "/FlowLogsTestStack/VPC/PrivateSubnet1/RouteTableAssociation": [ + "/FlowLogsTestStack/VPC/IsolatedSubnet1/RouteTable": [ { "type": "aws:cdk:logicalId", - "data": "VPCPrivateSubnet1RouteTableAssociation347902D1" + "data": "VPCIsolatedSubnet1RouteTableEB156210" } ], - "/FlowLogsTestStack/VPC/PrivateSubnet1/DefaultRoute": [ + "/FlowLogsTestStack/VPC/IsolatedSubnet1/RouteTableAssociation": [ { "type": "aws:cdk:logicalId", - "data": "VPCPrivateSubnet1DefaultRouteAE1D6490" + "data": "VPCIsolatedSubnet1RouteTableAssociationA2D18F7C" } ], - "/FlowLogsTestStack/VPC/PrivateSubnet2": [ + "/FlowLogsTestStack/VPC/IsolatedSubnet2": [ { "type": "aws:cdk:analytics:construct", "data": { @@ -246,34 +217,24 @@ "ipv6CidrBlock": "*", "assignIpv6AddressOnCreation": "*" } - }, - { - "type": "aws:cdk:analytics:method", - "data": {} - } - ], - "/FlowLogsTestStack/VPC/PrivateSubnet2/Subnet": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCPrivateSubnet2SubnetCFCDAA7A" } ], - "/FlowLogsTestStack/VPC/PrivateSubnet2/RouteTable": [ + "/FlowLogsTestStack/VPC/IsolatedSubnet2/Subnet": [ { "type": "aws:cdk:logicalId", - "data": "VPCPrivateSubnet2RouteTable0A19E10E" + "data": "VPCIsolatedSubnet2Subnet4B1C8CAA" } ], - "/FlowLogsTestStack/VPC/PrivateSubnet2/RouteTableAssociation": [ + "/FlowLogsTestStack/VPC/IsolatedSubnet2/RouteTable": [ { "type": "aws:cdk:logicalId", - "data": "VPCPrivateSubnet2RouteTableAssociation0C73D413" + "data": "VPCIsolatedSubnet2RouteTable9B4F78DC" } ], - "/FlowLogsTestStack/VPC/PrivateSubnet2/DefaultRoute": [ + "/FlowLogsTestStack/VPC/IsolatedSubnet2/RouteTableAssociation": [ { "type": "aws:cdk:logicalId", - "data": "VPCPrivateSubnet2DefaultRouteF4F5CFD2" + "data": "VPCIsolatedSubnet2RouteTableAssociation7BF8E0EB" } ], "/FlowLogsTestStack/VPC/IGW": [ @@ -288,19 +249,7 @@ "data": "VPCVPCGW99B986DC" } ], - "/FlowLogsTestStack/VPC/RestrictDefaultSecurityGroupCustomResource": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], - "/FlowLogsTestStack/VPC/RestrictDefaultSecurityGroupCustomResource/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCRestrictDefaultSecurityGroupCustomResource59474679" - } - ], - "/FlowLogsTestStack/VPC/FlowLogsKinesisDataFirehose": [ + "/FlowLogsTestStack/VPC/FlowLogsFirehose": [ { "type": "aws:cdk:analytics:construct", "data": { @@ -309,28 +258,10 @@ } } ], - "/FlowLogsTestStack/VPC/FlowLogsKinesisDataFirehose/FlowLog": [ - { - "type": "aws:cdk:logicalId", - "data": "VPCFlowLogsKinesisDataFirehoseFlowLog41C8928A" - } - ], - "/FlowLogsTestStack/Custom::VpcRestrictDefaultSGCustomResourceProvider": [ - { - "type": "aws:cdk:is-custom-resource-handler-customResourceProvider", - "data": true - } - ], - "/FlowLogsTestStack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" - } - ], - "/FlowLogsTestStack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + "/FlowLogsTestStack/VPC/FlowLogsFirehose/FlowLog": [ { "type": "aws:cdk:logicalId", - "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + "data": "VPCFlowLogsFirehoseFlowLogA2070211" } ], "/FlowLogsTestStack/FlowLogsCW": [ @@ -503,7 +434,15 @@ "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" } ], - "/FlowLogsTestStack/Role": [ + "/FlowLogsTestStack/DeliveryStream": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "destination": "*" + } + } + ], + "/FlowLogsTestStack/DeliveryStream/S3 Destination Role": [ { "type": "aws:cdk:analytics:construct", "data": { @@ -536,37 +475,21 @@ "*" ] } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPrincipalPolicy": [ - {} - ] - } } ], - "/FlowLogsTestStack/Role/ImportRole": [ + "/FlowLogsTestStack/DeliveryStream/S3 Destination Role/ImportS3 Destination Role": [ { "type": "aws:cdk:analytics:construct", "data": "*" } ], - "/FlowLogsTestStack/Role/Resource": [ + "/FlowLogsTestStack/DeliveryStream/S3 Destination Role/Resource": [ { "type": "aws:cdk:logicalId", - "data": "Role1ABCC5F0" + "data": "DeliveryStreamS3DestinationRoleD96B8345" } ], - "/FlowLogsTestStack/Role/DefaultPolicy": [ + "/FlowLogsTestStack/DeliveryStream/S3 Destination Role/DefaultPolicy": [ { "type": "aws:cdk:analytics:construct", "data": "*" @@ -594,26 +517,24 @@ {} ] } - }, + } + ], + "/FlowLogsTestStack/DeliveryStream/S3 Destination Role/DefaultPolicy/Resource": [ { - "type": "aws:cdk:analytics:method", - "data": { - "addStatements": [ - {} - ] - } + "type": "aws:cdk:logicalId", + "data": "DeliveryStreamS3DestinationRoleDefaultPolicyF652AD65" } ], - "/FlowLogsTestStack/Role/DefaultPolicy/Resource": [ + "/FlowLogsTestStack/DeliveryStream/Resource": [ { "type": "aws:cdk:logicalId", - "data": "RoleDefaultPolicy5FFB7DAB" + "data": "DeliveryStream58CF96DB" } ], - "/FlowLogsTestStack/DeliveryStream": [ + "/FlowLogsTestStack/@aws-cdk--aws-kinesisfirehose.CidrBlocks": [ { "type": "aws:cdk:logicalId", - "data": "DeliveryStream" + "data": "awscdkawskinesisfirehoseCidrBlocks" } ], "/FlowLogsTestStack/BootstrapVersion": [ @@ -691,6 +612,7 @@ "module": "aws-cdk-lib", "flags": { "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "userValue": true, "recommendedValue": true, "explanation": "Pass signingProfileName to CfnSigningProfile" }, @@ -709,6 +631,7 @@ } }, "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "userValue": true, "recommendedValue": true, "explanation": "Disable implicit openListener when custom security groups are provided" }, @@ -820,7 +743,7 @@ "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { "userValue": true, "recommendedValue": true, - "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in." }, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { "userValue": true, @@ -1160,6 +1083,17 @@ "recommendedValue": true, "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" }, + "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { + "recommendedValue": true, + "explanation": "When enabled, Network Load Balancer will be created with a security group by default." + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { "recommendedValue": true, "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" @@ -1168,5 +1102,5 @@ } } }, - "minimumCliVersion": "2.1027.0" + "minimumCliVersion": "2.1033.0" } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/tree.json new file mode 100644 index 0000000000000..0e9f49cb8a15f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.js.snapshot/tree.json @@ -0,0 +1 @@ +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"FlowLogsTestStack":{"id":"FlowLogsTestStack","path":"FlowLogsTestStack","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"VPC":{"id":"VPC","path":"FlowLogsTestStack/VPC","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.Vpc","version":"0.0.0","metadata":[{"natGateways":"*","restrictDefaultSecurityGroup":false}]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/VPC/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnVPC","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::VPC","aws:cdk:cloudformation:props":{"cidrBlock":"10.0.0.0/16","enableDnsHostnames":true,"enableDnsSupport":true,"instanceTenancy":"default","tags":[{"key":"Name","value":"FlowLogsTestStack/VPC"}]}}},"PublicSubnet1":{"id":"PublicSubnet1","path":"FlowLogsTestStack/VPC/PublicSubnet1","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.PublicSubnet","version":"0.0.0","metadata":[{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":true,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":true,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{}]},"children":{"Subnet":{"id":"Subnet","path":"FlowLogsTestStack/VPC/PublicSubnet1/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZone":{"Fn::Select":[0,{"Fn::GetAZs":""}]},"cidrBlock":"10.0.0.0/18","mapPublicIpOnLaunch":true,"tags":[{"key":"aws-cdk:subnet-name","value":"Public"},{"key":"aws-cdk:subnet-type","value":"Public"},{"key":"Name","value":"FlowLogsTestStack/VPC/PublicSubnet1"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"Acl":{"id":"Acl","path":"FlowLogsTestStack/VPC/PublicSubnet1/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"FlowLogsTestStack/VPC/PublicSubnet1/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/PublicSubnet1"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"FlowLogsTestStack/VPC/PublicSubnet1/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Ref":"VPCPublicSubnet1RouteTableFEE4B781"},"subnetId":{"Ref":"VPCPublicSubnet1SubnetB4246D30"}}}},"DefaultRoute":{"id":"DefaultRoute","path":"FlowLogsTestStack/VPC/PublicSubnet1/DefaultRoute","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRoute","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Route","aws:cdk:cloudformation:props":{"destinationCidrBlock":"0.0.0.0/0","gatewayId":{"Ref":"VPCIGWB7E252D3"},"routeTableId":{"Ref":"VPCPublicSubnet1RouteTableFEE4B781"}}}}}},"PublicSubnet2":{"id":"PublicSubnet2","path":"FlowLogsTestStack/VPC/PublicSubnet2","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.PublicSubnet","version":"0.0.0","metadata":[{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":true,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":true,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{}]},"children":{"Subnet":{"id":"Subnet","path":"FlowLogsTestStack/VPC/PublicSubnet2/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZone":{"Fn::Select":[1,{"Fn::GetAZs":""}]},"cidrBlock":"10.0.64.0/18","mapPublicIpOnLaunch":true,"tags":[{"key":"aws-cdk:subnet-name","value":"Public"},{"key":"aws-cdk:subnet-type","value":"Public"},{"key":"Name","value":"FlowLogsTestStack/VPC/PublicSubnet2"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"Acl":{"id":"Acl","path":"FlowLogsTestStack/VPC/PublicSubnet2/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"FlowLogsTestStack/VPC/PublicSubnet2/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/PublicSubnet2"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"FlowLogsTestStack/VPC/PublicSubnet2/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Ref":"VPCPublicSubnet2RouteTable6F1A15F1"},"subnetId":{"Ref":"VPCPublicSubnet2Subnet74179F39"}}}},"DefaultRoute":{"id":"DefaultRoute","path":"FlowLogsTestStack/VPC/PublicSubnet2/DefaultRoute","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRoute","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Route","aws:cdk:cloudformation:props":{"destinationCidrBlock":"0.0.0.0/0","gatewayId":{"Ref":"VPCIGWB7E252D3"},"routeTableId":{"Ref":"VPCPublicSubnet2RouteTable6F1A15F1"}}}}}},"IsolatedSubnet1":{"id":"IsolatedSubnet1","path":"FlowLogsTestStack/VPC/IsolatedSubnet1","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.PrivateSubnet","version":"0.0.0","metadata":[{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":false,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":false,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"}]},"children":{"Subnet":{"id":"Subnet","path":"FlowLogsTestStack/VPC/IsolatedSubnet1/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZone":{"Fn::Select":[0,{"Fn::GetAZs":""}]},"cidrBlock":"10.0.128.0/18","mapPublicIpOnLaunch":false,"tags":[{"key":"aws-cdk:subnet-name","value":"Isolated"},{"key":"aws-cdk:subnet-type","value":"Isolated"},{"key":"Name","value":"FlowLogsTestStack/VPC/IsolatedSubnet1"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"Acl":{"id":"Acl","path":"FlowLogsTestStack/VPC/IsolatedSubnet1/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"FlowLogsTestStack/VPC/IsolatedSubnet1/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/IsolatedSubnet1"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"FlowLogsTestStack/VPC/IsolatedSubnet1/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Ref":"VPCIsolatedSubnet1RouteTableEB156210"},"subnetId":{"Ref":"VPCIsolatedSubnet1SubnetEBD00FC6"}}}}}},"IsolatedSubnet2":{"id":"IsolatedSubnet2","path":"FlowLogsTestStack/VPC/IsolatedSubnet2","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.PrivateSubnet","version":"0.0.0","metadata":[{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":false,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":false,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"}]},"children":{"Subnet":{"id":"Subnet","path":"FlowLogsTestStack/VPC/IsolatedSubnet2/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZone":{"Fn::Select":[1,{"Fn::GetAZs":""}]},"cidrBlock":"10.0.192.0/18","mapPublicIpOnLaunch":false,"tags":[{"key":"aws-cdk:subnet-name","value":"Isolated"},{"key":"aws-cdk:subnet-type","value":"Isolated"},{"key":"Name","value":"FlowLogsTestStack/VPC/IsolatedSubnet2"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"Acl":{"id":"Acl","path":"FlowLogsTestStack/VPC/IsolatedSubnet2/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"FlowLogsTestStack/VPC/IsolatedSubnet2/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/IsolatedSubnet2"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"FlowLogsTestStack/VPC/IsolatedSubnet2/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Ref":"VPCIsolatedSubnet2RouteTable9B4F78DC"},"subnetId":{"Ref":"VPCIsolatedSubnet2Subnet4B1C8CAA"}}}}}},"IGW":{"id":"IGW","path":"FlowLogsTestStack/VPC/IGW","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnInternetGateway","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::InternetGateway","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC"}]}}},"VPCGW":{"id":"VPCGW","path":"FlowLogsTestStack/VPC/VPCGW","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::VPCGatewayAttachment","aws:cdk:cloudformation:props":{"internetGatewayId":{"Ref":"VPCIGWB7E252D3"},"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"FlowLogsFirehose":{"id":"FlowLogsFirehose","path":"FlowLogsTestStack/VPC/FlowLogsFirehose","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.FlowLog","version":"0.0.0","metadata":[{"resourceType":"*","destination":"*"}]},"children":{"FlowLog":{"id":"FlowLog","path":"FlowLogsTestStack/VPC/FlowLogsFirehose/FlowLog","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnFlowLog","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::FlowLog","aws:cdk:cloudformation:props":{"logDestination":{"Fn::GetAtt":["DeliveryStream58CF96DB","Arn"]},"logDestinationType":"kinesis-data-firehose","resourceId":{"Ref":"VPCB9E5F0B4"},"resourceType":"VPC","tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/FlowLogsFirehose"}],"trafficType":"ALL"}}}}}}},"FlowLogsCW":{"id":"FlowLogsCW","path":"FlowLogsTestStack/FlowLogsCW","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.FlowLog","version":"0.0.0","metadata":[{"resourceType":"*","flowLogName":"*"}]},"children":{"IAMRole":{"id":"IAMRole","path":"FlowLogsTestStack/FlowLogsCW/IAMRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"roleName":"*","assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportIAMRole":{"id":"ImportIAMRole","path":"FlowLogsTestStack/FlowLogsCW/IAMRole/ImportIAMRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"FlowLogsTestStack/FlowLogsCW/IAMRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"vpc-flow-logs.amazonaws.com"}}],"Version":"2012-10-17"},"tags":[{"key":"Name","value":"CustomFlowLogName"}]}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"FlowLogsTestStack/FlowLogsCW/IAMRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/FlowLogsCW/IAMRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogStream","logs:DescribeLogStreams","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::GetAtt":["FlowLogsCWLogGroup0398E8F8","Arn"]}}],"Version":"2012-10-17"},"policyName":"FlowLogsCWIAMRoleDefaultPolicy943C8A20","roles":[{"Ref":"FlowLogsCWIAMRole017AD736"}]}}}}}}},"LogGroup":{"id":"LogGroup","path":"FlowLogsTestStack/FlowLogsCW/LogGroup","constructInfo":{"fqn":"aws-cdk-lib.aws_logs.LogGroup","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/FlowLogsCW/LogGroup/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_logs.CfnLogGroup","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Logs::LogGroup","aws:cdk:cloudformation:props":{"retentionInDays":731,"tags":[{"key":"Name","value":"CustomFlowLogName"}]}}}}},"FlowLog":{"id":"FlowLog","path":"FlowLogsTestStack/FlowLogsCW/FlowLog","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnFlowLog","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::FlowLog","aws:cdk:cloudformation:props":{"deliverLogsPermissionArn":{"Fn::GetAtt":["FlowLogsCWIAMRole017AD736","Arn"]},"logDestinationType":"cloud-watch-logs","logGroupName":{"Ref":"FlowLogsCWLogGroup0398E8F8"},"resourceId":{"Ref":"VPCB9E5F0B4"},"resourceType":"VPC","tags":[{"key":"Name","value":"CustomFlowLogName"}],"trafficType":"ALL"}}}}},"Bucket":{"id":"Bucket","path":"FlowLogsTestStack/Bucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"0.0.0","metadata":[{"removalPolicy":"destroy","autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/Bucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}]}}},"Policy":{"id":"Policy","path":"FlowLogsTestStack/Bucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"0.0.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/Bucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"Bucket83908E77"},"policyDocument":{"Statement":[{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["Bucket83908E77","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["Bucket83908E77","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"FlowLogsTestStack/Bucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"0.0.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"FlowLogsTestStack/Bucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"FlowLogsTestStack/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"FlowLogsTestStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Role":{"id":"Role","path":"FlowLogsTestStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}},"Handler":{"id":"Handler","path":"FlowLogsTestStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}},"DeliveryStream":{"id":"DeliveryStream","path":"FlowLogsTestStack/DeliveryStream","constructInfo":{"fqn":"aws-cdk-lib.aws_kinesisfirehose.DeliveryStream","version":"0.0.0","metadata":[{"destination":"*"}]},"children":{"S3 Destination Role":{"id":"S3 Destination Role","path":"FlowLogsTestStack/DeliveryStream/S3 Destination Role","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportS3 Destination Role":{"id":"ImportS3 Destination Role","path":"FlowLogsTestStack/DeliveryStream/S3 Destination Role/ImportS3 Destination Role","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"FlowLogsTestStack/DeliveryStream/S3 Destination Role/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"firehose.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"FlowLogsTestStack/DeliveryStream/S3 Destination Role/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/DeliveryStream/S3 Destination Role/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["s3:Abort*","s3:DeleteObject*","s3:GetBucket*","s3:GetObject*","s3:List*","s3:PutObject","s3:PutObjectLegalHold","s3:PutObjectRetention","s3:PutObjectTagging","s3:PutObjectVersionTagging"],"Effect":"Allow","Resource":[{"Fn::GetAtt":["Bucket83908E77","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["Bucket83908E77","Arn"]},"/*"]]}]}],"Version":"2012-10-17"},"policyName":"DeliveryStreamS3DestinationRoleDefaultPolicyF652AD65","roles":[{"Ref":"DeliveryStreamS3DestinationRoleD96B8345"}]}}}}}}},"Resource":{"id":"Resource","path":"FlowLogsTestStack/DeliveryStream/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::KinesisFirehose::DeliveryStream","aws:cdk:cloudformation:props":{"deliveryStreamType":"DirectPut","extendedS3DestinationConfiguration":{"roleArn":{"Fn::GetAtt":["DeliveryStreamS3DestinationRoleD96B8345","Arn"]},"bucketArn":{"Fn::GetAtt":["Bucket83908E77","Arn"]}}}}}}},"@aws-cdk--aws-kinesisfirehose.CidrBlocks":{"id":"@aws-cdk--aws-kinesisfirehose.CidrBlocks","path":"FlowLogsTestStack/@aws-cdk--aws-kinesisfirehose.CidrBlocks","constructInfo":{"fqn":"aws-cdk-lib.CfnMapping","version":"0.0.0"}},"BootstrapVersion":{"id":"BootstrapVersion","path":"FlowLogsTestStack/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"FlowLogsTestStack/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"FlowLogs":{"id":"FlowLogs","path":"FlowLogs","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"FlowLogs/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"FlowLogs/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"FlowLogs/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"FlowLogs/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"FlowLogs/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.ts new file mode 100644 index 0000000000000..e9b3f4ad8c4ba --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-firehose.ts @@ -0,0 +1,40 @@ +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib'; +import { FlowLog, FlowLogDestination, FlowLogResourceType, Vpc } from 'aws-cdk-lib/aws-ec2'; +import * as firehose from 'aws-cdk-lib/aws-kinesisfirehose'; +import * as s3 from 'aws-cdk-lib/aws-s3'; + +const app = new App(); + +class TestStack extends Stack { + constructor(scope: App, id: string, props?: StackProps) { + super(scope, id, props); + + const vpc = new Vpc(this, 'VPC', { natGateways: 0, restrictDefaultSecurityGroup: false }); + + new FlowLog(this, 'FlowLogsCW', { + resourceType: FlowLogResourceType.fromVpc(vpc), + flowLogName: 'CustomFlowLogName', + }); + + const destinationBucket = new s3.Bucket(this, 'Bucket', { + removalPolicy: RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); + const deliveryStream = new firehose.DeliveryStream(this, 'DeliveryStream', { + destination: new firehose.S3Bucket(destinationBucket, { + loggingConfig: new firehose.DisableLogging(), + }), + }); + + vpc.addFlowLog('FlowLogsFirehose', { + destination: FlowLogDestination.toFirehose(deliveryStream), + }); + } +} + +const stack = new TestStack(app, 'FlowLogsTestStack'); + +new IntegTest(app, 'FlowLogs', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/__entrypoint__.js deleted file mode 100644 index ff3a517fba12d..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/__entrypoint__.js +++ /dev/null @@ -1,155 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.external = void 0; -exports.handler = handler; -exports.withRetries = withRetries; -const https = require("https"); -const url = require("url"); -// for unit tests -exports.external = { - sendHttpRequest: defaultSendHttpRequest, - log: defaultLog, - includeStackTraces: true, - userHandlerIndex: './index', -}; -const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; -const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; -async function handler(event, context) { - const sanitizedEvent = { ...event, ResponseURL: '...' }; - exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); - // ignore DELETE event when the physical resource ID is the marker that - // indicates that this DELETE is a subsequent DELETE to a failed CREATE - // operation. - if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { - exports.external.log('ignoring DELETE event caused by a failed CREATE event'); - await submitResponse('SUCCESS', event); - return; - } - try { - // invoke the user handler. this is intentionally inside the try-catch to - // ensure that if there is an error it's reported as a failure to - // cloudformation (otherwise cfn waits). - // eslint-disable-next-line @typescript-eslint/no-require-imports - const userHandler = require(exports.external.userHandlerIndex).handler; - const result = await userHandler(sanitizedEvent, context); - // validate user response and create the combined event - const responseEvent = renderResponse(event, result); - // submit to cfn as success - await submitResponse('SUCCESS', responseEvent); - } - catch (e) { - const resp = { - ...event, - Reason: exports.external.includeStackTraces ? e.stack : e.message, - }; - if (!resp.PhysicalResourceId) { - // special case: if CREATE fails, which usually implies, we usually don't - // have a physical resource id. in this case, the subsequent DELETE - // operation does not have any meaning, and will likely fail as well. to - // address this, we use a marker so the provider framework can simply - // ignore the subsequent DELETE. - if (event.RequestType === 'Create') { - exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); - resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; - } - else { - // otherwise, if PhysicalResourceId is not specified, something is - // terribly wrong because all other events should have an ID. - exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); - } - } - // this is an actual error, fail the activity altogether and exist. - await submitResponse('FAILED', resp); - } -} -function renderResponse(cfnRequest, handlerResponse = {}) { - // if physical ID is not returned, we have some defaults for you based - // on the request type. - const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; - // if we are in DELETE and physical ID was changed, it's an error. - if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { - throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); - } - // merge request event and result event (result prevails). - return { - ...cfnRequest, - ...handlerResponse, - PhysicalResourceId: physicalResourceId, - }; -} -async function submitResponse(status, event) { - const json = { - Status: status, - Reason: event.Reason ?? status, - StackId: event.StackId, - RequestId: event.RequestId, - PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, - LogicalResourceId: event.LogicalResourceId, - NoEcho: event.NoEcho, - Data: event.Data, - }; - const parsedUrl = url.parse(event.ResponseURL); - const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; - exports.external.log('submit response to cloudformation', loggingSafeUrl, json); - const responseBody = JSON.stringify(json); - const req = { - hostname: parsedUrl.hostname, - path: parsedUrl.path, - method: 'PUT', - headers: { - 'content-type': '', - 'content-length': Buffer.byteLength(responseBody, 'utf8'), - }, - }; - const retryOptions = { - attempts: 5, - sleep: 1000, - }; - await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); -} -async function defaultSendHttpRequest(options, requestBody) { - return new Promise((resolve, reject) => { - try { - const request = https.request(options, (response) => { - response.resume(); // Consume the response but don't care about it - if (!response.statusCode || response.statusCode >= 400) { - reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); - } - else { - resolve(); - } - }); - request.on('error', reject); - request.write(requestBody); - request.end(); - } - catch (e) { - reject(e); - } - }); -} -function defaultLog(fmt, ...params) { - // eslint-disable-next-line no-console - console.log(fmt, ...params); -} -function withRetries(options, fn) { - return async (...xs) => { - let attempts = options.attempts; - let ms = options.sleep; - while (true) { - try { - return await fn(...xs); - } - catch (e) { - if (attempts-- <= 0) { - throw e; - } - await sleep(Math.floor(Math.random() * ms)); - ms *= 2; - } - } - }; -} -async function sleep(ms) { - return new Promise((ok) => setTimeout(ok, ms)); -} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/index.js deleted file mode 100644 index 013bcaffd8fe5..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/tree.json deleted file mode 100644 index 6410ead98c558..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.js.snapshot/tree.json +++ /dev/null @@ -1 +0,0 @@ -{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"FlowLogsTestStack":{"id":"FlowLogsTestStack","path":"FlowLogsTestStack","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"VPC":{"id":"VPC","path":"FlowLogsTestStack/VPC","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.Vpc","version":"0.0.0","metadata":[{"natGateways":"*"}]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/VPC/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnVPC","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::VPC","aws:cdk:cloudformation:props":{"cidrBlock":"10.0.0.0/16","enableDnsHostnames":true,"enableDnsSupport":true,"instanceTenancy":"default","tags":[{"key":"Name","value":"FlowLogsTestStack/VPC"}]}}},"PublicSubnet1":{"id":"PublicSubnet1","path":"FlowLogsTestStack/VPC/PublicSubnet1","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.PublicSubnet","version":"0.0.0","metadata":[{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":true,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":true,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{},{"addNatGateway":["*"]}]},"children":{"Subnet":{"id":"Subnet","path":"FlowLogsTestStack/VPC/PublicSubnet1/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZone":{"Fn::Select":[0,{"Fn::GetAZs":""}]},"cidrBlock":"10.0.0.0/18","mapPublicIpOnLaunch":true,"tags":[{"key":"aws-cdk:subnet-name","value":"Public"},{"key":"aws-cdk:subnet-type","value":"Public"},{"key":"Name","value":"FlowLogsTestStack/VPC/PublicSubnet1"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"Acl":{"id":"Acl","path":"FlowLogsTestStack/VPC/PublicSubnet1/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"FlowLogsTestStack/VPC/PublicSubnet1/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/PublicSubnet1"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"FlowLogsTestStack/VPC/PublicSubnet1/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Ref":"VPCPublicSubnet1RouteTableFEE4B781"},"subnetId":{"Ref":"VPCPublicSubnet1SubnetB4246D30"}}}},"DefaultRoute":{"id":"DefaultRoute","path":"FlowLogsTestStack/VPC/PublicSubnet1/DefaultRoute","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRoute","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Route","aws:cdk:cloudformation:props":{"destinationCidrBlock":"0.0.0.0/0","gatewayId":{"Ref":"VPCIGWB7E252D3"},"routeTableId":{"Ref":"VPCPublicSubnet1RouteTableFEE4B781"}}}},"EIP":{"id":"EIP","path":"FlowLogsTestStack/VPC/PublicSubnet1/EIP","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnEIP","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::EIP","aws:cdk:cloudformation:props":{"domain":"vpc","tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/PublicSubnet1"}]}}},"NATGateway":{"id":"NATGateway","path":"FlowLogsTestStack/VPC/PublicSubnet1/NATGateway","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnNatGateway","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::NatGateway","aws:cdk:cloudformation:props":{"allocationId":{"Fn::GetAtt":["VPCPublicSubnet1EIP6AD938E8","AllocationId"]},"subnetId":{"Ref":"VPCPublicSubnet1SubnetB4246D30"},"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/PublicSubnet1"}]}}}}},"PublicSubnet2":{"id":"PublicSubnet2","path":"FlowLogsTestStack/VPC/PublicSubnet2","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.PublicSubnet","version":"0.0.0","metadata":[{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":true,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":true,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{}]},"children":{"Subnet":{"id":"Subnet","path":"FlowLogsTestStack/VPC/PublicSubnet2/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZone":{"Fn::Select":[1,{"Fn::GetAZs":""}]},"cidrBlock":"10.0.64.0/18","mapPublicIpOnLaunch":true,"tags":[{"key":"aws-cdk:subnet-name","value":"Public"},{"key":"aws-cdk:subnet-type","value":"Public"},{"key":"Name","value":"FlowLogsTestStack/VPC/PublicSubnet2"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"Acl":{"id":"Acl","path":"FlowLogsTestStack/VPC/PublicSubnet2/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"FlowLogsTestStack/VPC/PublicSubnet2/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/PublicSubnet2"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"FlowLogsTestStack/VPC/PublicSubnet2/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Ref":"VPCPublicSubnet2RouteTable6F1A15F1"},"subnetId":{"Ref":"VPCPublicSubnet2Subnet74179F39"}}}},"DefaultRoute":{"id":"DefaultRoute","path":"FlowLogsTestStack/VPC/PublicSubnet2/DefaultRoute","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRoute","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Route","aws:cdk:cloudformation:props":{"destinationCidrBlock":"0.0.0.0/0","gatewayId":{"Ref":"VPCIGWB7E252D3"},"routeTableId":{"Ref":"VPCPublicSubnet2RouteTable6F1A15F1"}}}}}},"PrivateSubnet1":{"id":"PrivateSubnet1","path":"FlowLogsTestStack/VPC/PrivateSubnet1","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.PrivateSubnet","version":"0.0.0","metadata":[{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":false,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":false,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{}]},"children":{"Subnet":{"id":"Subnet","path":"FlowLogsTestStack/VPC/PrivateSubnet1/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZone":{"Fn::Select":[0,{"Fn::GetAZs":""}]},"cidrBlock":"10.0.128.0/18","mapPublicIpOnLaunch":false,"tags":[{"key":"aws-cdk:subnet-name","value":"Private"},{"key":"aws-cdk:subnet-type","value":"Private"},{"key":"Name","value":"FlowLogsTestStack/VPC/PrivateSubnet1"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"Acl":{"id":"Acl","path":"FlowLogsTestStack/VPC/PrivateSubnet1/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"FlowLogsTestStack/VPC/PrivateSubnet1/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/PrivateSubnet1"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"FlowLogsTestStack/VPC/PrivateSubnet1/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Ref":"VPCPrivateSubnet1RouteTableBE8A6027"},"subnetId":{"Ref":"VPCPrivateSubnet1Subnet8BCA10E0"}}}},"DefaultRoute":{"id":"DefaultRoute","path":"FlowLogsTestStack/VPC/PrivateSubnet1/DefaultRoute","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRoute","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Route","aws:cdk:cloudformation:props":{"destinationCidrBlock":"0.0.0.0/0","natGatewayId":{"Ref":"VPCPublicSubnet1NATGatewayE0556630"},"routeTableId":{"Ref":"VPCPrivateSubnet1RouteTableBE8A6027"}}}}}},"PrivateSubnet2":{"id":"PrivateSubnet2","path":"FlowLogsTestStack/VPC/PrivateSubnet2","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.PrivateSubnet","version":"0.0.0","metadata":[{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":false,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{"availabilityZone":"*","vpcId":"*","cidrBlock":"*","mapPublicIpOnLaunch":false,"ipv6CidrBlock":"*","assignIpv6AddressOnCreation":"*"},{}]},"children":{"Subnet":{"id":"Subnet","path":"FlowLogsTestStack/VPC/PrivateSubnet2/Subnet","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnet","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Subnet","aws:cdk:cloudformation:props":{"availabilityZone":{"Fn::Select":[1,{"Fn::GetAZs":""}]},"cidrBlock":"10.0.192.0/18","mapPublicIpOnLaunch":false,"tags":[{"key":"aws-cdk:subnet-name","value":"Private"},{"key":"aws-cdk:subnet-type","value":"Private"},{"key":"Name","value":"FlowLogsTestStack/VPC/PrivateSubnet2"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"Acl":{"id":"Acl","path":"FlowLogsTestStack/VPC/PrivateSubnet2/Acl","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}},"RouteTable":{"id":"RouteTable","path":"FlowLogsTestStack/VPC/PrivateSubnet2/RouteTable","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRouteTable","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::RouteTable","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/PrivateSubnet2"}],"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"RouteTableAssociation":{"id":"RouteTableAssociation","path":"FlowLogsTestStack/VPC/PrivateSubnet2/RouteTableAssociation","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::SubnetRouteTableAssociation","aws:cdk:cloudformation:props":{"routeTableId":{"Ref":"VPCPrivateSubnet2RouteTable0A19E10E"},"subnetId":{"Ref":"VPCPrivateSubnet2SubnetCFCDAA7A"}}}},"DefaultRoute":{"id":"DefaultRoute","path":"FlowLogsTestStack/VPC/PrivateSubnet2/DefaultRoute","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnRoute","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::Route","aws:cdk:cloudformation:props":{"destinationCidrBlock":"0.0.0.0/0","natGatewayId":{"Ref":"VPCPublicSubnet1NATGatewayE0556630"},"routeTableId":{"Ref":"VPCPrivateSubnet2RouteTable0A19E10E"}}}}}},"IGW":{"id":"IGW","path":"FlowLogsTestStack/VPC/IGW","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnInternetGateway","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::InternetGateway","aws:cdk:cloudformation:props":{"tags":[{"key":"Name","value":"FlowLogsTestStack/VPC"}]}}},"VPCGW":{"id":"VPCGW","path":"FlowLogsTestStack/VPC/VPCGW","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::VPCGatewayAttachment","aws:cdk:cloudformation:props":{"internetGatewayId":{"Ref":"VPCIGWB7E252D3"},"vpcId":{"Ref":"VPCB9E5F0B4"}}}},"RestrictDefaultSecurityGroupCustomResource":{"id":"RestrictDefaultSecurityGroupCustomResource","path":"FlowLogsTestStack/VPC/RestrictDefaultSecurityGroupCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"0.0.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"FlowLogsTestStack/VPC/RestrictDefaultSecurityGroupCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}},"FlowLogsKinesisDataFirehose":{"id":"FlowLogsKinesisDataFirehose","path":"FlowLogsTestStack/VPC/FlowLogsKinesisDataFirehose","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.FlowLog","version":"0.0.0","metadata":[{"resourceType":"*","destination":"*"}]},"children":{"FlowLog":{"id":"FlowLog","path":"FlowLogsTestStack/VPC/FlowLogsKinesisDataFirehose/FlowLog","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnFlowLog","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::FlowLog","aws:cdk:cloudformation:props":{"logDestination":{"Fn::GetAtt":["DeliveryStream","Arn"]},"logDestinationType":"kinesis-data-firehose","resourceId":{"Ref":"VPCB9E5F0B4"},"resourceType":"VPC","tags":[{"key":"Name","value":"FlowLogsTestStack/VPC/FlowLogsKinesisDataFirehose"}],"trafficType":"ALL"}}}}}}},"Custom::VpcRestrictDefaultSGCustomResourceProvider":{"id":"Custom::VpcRestrictDefaultSGCustomResourceProvider","path":"FlowLogsTestStack/Custom::VpcRestrictDefaultSGCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"FlowLogsTestStack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Role":{"id":"Role","path":"FlowLogsTestStack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}},"Handler":{"id":"Handler","path":"FlowLogsTestStack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}},"FlowLogsCW":{"id":"FlowLogsCW","path":"FlowLogsTestStack/FlowLogsCW","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.FlowLog","version":"0.0.0","metadata":[{"resourceType":"*","flowLogName":"*"}]},"children":{"IAMRole":{"id":"IAMRole","path":"FlowLogsTestStack/FlowLogsCW/IAMRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"roleName":"*","assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportIAMRole":{"id":"ImportIAMRole","path":"FlowLogsTestStack/FlowLogsCW/IAMRole/ImportIAMRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"FlowLogsTestStack/FlowLogsCW/IAMRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"vpc-flow-logs.amazonaws.com"}}],"Version":"2012-10-17"},"tags":[{"key":"Name","value":"CustomFlowLogName"}]}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"FlowLogsTestStack/FlowLogsCW/IAMRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/FlowLogsCW/IAMRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogStream","logs:DescribeLogStreams","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::GetAtt":["FlowLogsCWLogGroup0398E8F8","Arn"]}}],"Version":"2012-10-17"},"policyName":"FlowLogsCWIAMRoleDefaultPolicy943C8A20","roles":[{"Ref":"FlowLogsCWIAMRole017AD736"}]}}}}}}},"LogGroup":{"id":"LogGroup","path":"FlowLogsTestStack/FlowLogsCW/LogGroup","constructInfo":{"fqn":"aws-cdk-lib.aws_logs.LogGroup","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/FlowLogsCW/LogGroup/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_logs.CfnLogGroup","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Logs::LogGroup","aws:cdk:cloudformation:props":{"retentionInDays":731,"tags":[{"key":"Name","value":"CustomFlowLogName"}]}}}}},"FlowLog":{"id":"FlowLog","path":"FlowLogsTestStack/FlowLogsCW/FlowLog","constructInfo":{"fqn":"aws-cdk-lib.aws_ec2.CfnFlowLog","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::EC2::FlowLog","aws:cdk:cloudformation:props":{"deliverLogsPermissionArn":{"Fn::GetAtt":["FlowLogsCWIAMRole017AD736","Arn"]},"logDestinationType":"cloud-watch-logs","logGroupName":{"Ref":"FlowLogsCWLogGroup0398E8F8"},"resourceId":{"Ref":"VPCB9E5F0B4"},"resourceType":"VPC","tags":[{"key":"Name","value":"CustomFlowLogName"}],"trafficType":"ALL"}}}}},"Bucket":{"id":"Bucket","path":"FlowLogsTestStack/Bucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"0.0.0","metadata":[{"removalPolicy":"destroy","autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/Bucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}]}}},"Policy":{"id":"Policy","path":"FlowLogsTestStack/Bucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"0.0.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/Bucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"Bucket83908E77"},"policyDocument":{"Statement":[{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["Bucket83908E77","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["Bucket83908E77","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"FlowLogsTestStack/Bucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"0.0.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"FlowLogsTestStack/Bucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"FlowLogsTestStack/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"FlowLogsTestStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Role":{"id":"Role","path":"FlowLogsTestStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}},"Handler":{"id":"Handler","path":"FlowLogsTestStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}},"Role":{"id":"Role","path":"FlowLogsTestStack/Role","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportRole":{"id":"ImportRole","path":"FlowLogsTestStack/Role/ImportRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"FlowLogsTestStack/Role/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"firehose.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"FlowLogsTestStack/Role/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"FlowLogsTestStack/Role/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["s3:Abort*","s3:DeleteObject*","s3:GetBucket*","s3:GetObject*","s3:List*","s3:PutObject","s3:PutObjectLegalHold","s3:PutObjectRetention","s3:PutObjectTagging","s3:PutObjectVersionTagging"],"Effect":"Allow","Resource":[{"Fn::GetAtt":["Bucket83908E77","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["Bucket83908E77","Arn"]},"/*"]]}]},{"Action":["kinesis:DescribeStream","kinesis:GetRecords","kinesis:GetShardIterator","kinesis:ListShards"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"RoleDefaultPolicy5FFB7DAB","roles":[{"Ref":"Role1ABCC5F0"}]}}}}}}},"DeliveryStream":{"id":"DeliveryStream","path":"FlowLogsTestStack/DeliveryStream","constructInfo":{"fqn":"aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::KinesisFirehose::DeliveryStream","aws:cdk:cloudformation:props":{"s3DestinationConfiguration":{"bucketArn":{"Fn::GetAtt":["Bucket83908E77","Arn"]},"roleArn":{"Fn::GetAtt":["Role1ABCC5F0","Arn"]}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"FlowLogsTestStack/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"FlowLogsTestStack/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"FlowLogs":{"id":"FlowLogs","path":"FlowLogs","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"FlowLogs/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"FlowLogs/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"FlowLogs/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"FlowLogs/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"FlowLogs/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.ts deleted file mode 100644 index 0192ed4aa3a77..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-kinesis.ts +++ /dev/null @@ -1,61 +0,0 @@ -import * as iam from 'aws-cdk-lib/aws-iam'; -import * as s3 from 'aws-cdk-lib/aws-s3'; -import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; -import { FlowLog, FlowLogDestination, FlowLogResourceType, Vpc } from 'aws-cdk-lib/aws-ec2'; -import * as firehose from 'aws-cdk-lib/aws-kinesisfirehose'; - -const app = new App(); - -class TestStack extends Stack { - constructor(scope: App, id: string, props?: StackProps) { - super(scope, id, props); - - const vpc = new Vpc(this, 'VPC', { natGateways: 1 }); - - new FlowLog(this, 'FlowLogsCW', { - resourceType: FlowLogResourceType.fromVpc(vpc), - flowLogName: 'CustomFlowLogName', - }); - - const destinationBucket = new s3.Bucket(this, 'Bucket', { - removalPolicy: RemovalPolicy.DESTROY, - autoDeleteObjects: true, - }); - - const deliveryStreamRole = new iam.Role(this, 'Role', { - assumedBy: new iam.ServicePrincipal('firehose.amazonaws.com'), - }); - destinationBucket.grantReadWrite(deliveryStreamRole); - deliveryStreamRole.addToPolicy(new iam.PolicyStatement({ - effect: iam.Effect.ALLOW, - actions: [ - 'kinesis:DescribeStream', - 'kinesis:GetShardIterator', - 'kinesis:GetRecords', - 'kinesis:ListShards', - ], - resources: ['*'], - })); - - const deliveryStream = new firehose.CfnDeliveryStream(this, 'DeliveryStream', { - s3DestinationConfiguration: { - bucketArn: destinationBucket.bucketArn, - roleArn: deliveryStreamRole.roleArn, - }, - }); - - vpc.addFlowLog('FlowLogsKinesisDataFirehose', { - destination: FlowLogDestination.toKinesisDataFirehoseDestination(deliveryStream.attrArn), - }); - } -} - -new IntegTest(app, 'FlowLogs', { - testCases: [ - new TestStack(app, 'FlowLogsTestStack'), - ], - diffAssets: true, -}); - -app.synth(); diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md index 9bd039967978b..5dc266586634f 100644 --- a/packages/aws-cdk-lib/aws-ec2/README.md +++ b/packages/aws-cdk-lib/aws-ec2/README.md @@ -2397,10 +2397,10 @@ new ec2.FlowLog(this, 'FlowLogWithKeyPrefix', { import * as firehose from 'aws-cdk-lib/aws-kinesisfirehose'; declare const vpc: ec2.Vpc; -declare const deliveryStream: firehose.CfnDeliveryStream; +declare const deliveryStream: firehose.IDeliveryStream; -vpc.addFlowLog('FlowLogsKinesisDataFirehose', { - destination: ec2.FlowLogDestination.toKinesisDataFirehoseDestination(deliveryStream.attrArn), +vpc.addFlowLog('FlowLogsFirehose', { + destination: ec2.FlowLogDestination.toFirehose(deliveryStream), }); ``` diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts index b26a523711159..1a05c9feb96a0 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts @@ -2,6 +2,7 @@ import { Construct } from 'constructs'; import { CfnFlowLog, FlowLogReference, IFlowLogRef, ISubnetRef } from './ec2.generated'; import { IVpc } from './vpc'; import * as iam from '../../aws-iam'; +import * as firehose from '../../aws-kinesisfirehose'; import * as logs from '../../aws-logs'; import * as s3 from '../../aws-s3'; import { @@ -13,6 +14,8 @@ import { Resource, Stack, Tags, + Token, + TokenComparison, ValidationError, } from '../../core'; import { addConstructMetadata } from '../../core/lib/metadata-resource'; @@ -229,14 +232,32 @@ export abstract class FlowLogDestination { * Use Amazon Data Firehose as the destination * * @param deliveryStreamArn the ARN of Amazon Data Firehose delivery stream to publish logs to + * @deprecated use `toFirehose` */ public static toKinesisDataFirehoseDestination(deliveryStreamArn: string): FlowLogDestination { - return new KinesisDataFirehoseDestination({ + return new FirehoseDestination({ logDestinationType: FlowLogDestinationType.KINESIS_DATA_FIREHOSE, deliveryStreamArn, }); } + /** + * Use Amazon Data Firehose as the destination + * + * If the delivery stream and the VPC are in different account, you must specify `iamRole`. + * + * @param deliveryStream the Amazon Data Firehose delivery stream to publish logs to + * @param iamRole the IAM Role for cross account log delivery + * @see https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-firehose.html + */ + public static toFirehose(deliveryStream: firehose.IDeliveryStreamRef, iamRole?: iam.IRole): FlowLogDestination { + return new FirehoseDestination({ + logDestinationType: FlowLogDestinationType.KINESIS_DATA_FIREHOSE, + deliveryStream, + iamRole, + }); + } + /** * Generates a flow log destination configuration */ @@ -255,9 +276,11 @@ export interface FlowLogDestinationConfig { readonly logDestinationType: FlowLogDestinationType; /** - * The IAM Role that has access to publish to CloudWatch logs + * The IAM role that allows Amazon EC2 to publish flow logs to the log destination. + * + * Required if the destination type is CloudWatch logs, or if the destination type is Amazon Data Firehose delivery stream and the delivery stream and the VPC are in different accounts. * - * @default - default IAM role is created for you + * @default - default IAM role is created for you if the destination type is CloudWatch logs */ readonly iamRole?: iam.IRole; @@ -285,10 +308,18 @@ export interface FlowLogDestinationConfig { /** * The ARN of Amazon Data Firehose delivery stream to publish the flow logs to * + * @deprecated use deliveryStream * @default - undefined */ readonly deliveryStreamArn?: string; + /** + * The Amazon Data Firehose delivery stream to publish the flow logs to + * + * @default - undefined + */ + readonly deliveryStream?: firehose.IDeliveryStreamRef; + /** * Options for writing flow logs to a supported destination * @@ -434,22 +465,29 @@ class CloudWatchLogsDestination extends FlowLogDestination { } /** - * + * The Amazon Data Firehose flow log destination */ -class KinesisDataFirehoseDestination extends FlowLogDestination { +class FirehoseDestination extends FlowLogDestination { constructor(private readonly props: FlowLogDestinationConfig) { super(); } - public bind(scope: Construct, _flowLog: FlowLog): FlowLogDestinationConfig { - if (this.props.deliveryStreamArn === undefined) { - throw new ValidationError('deliveryStreamArn is required', scope); + public bind(scope: Construct, flowLog: FlowLog): FlowLogDestinationConfig { + if (!!this.props.deliveryStreamArn === !!this.props.deliveryStream) { + throw new ValidationError('Specify exactly one of either deliveryStream or deliveryStreamArn.', scope); + } + if (this.props.deliveryStream) { + const compareAccount = Token.compareStrings(this.props.deliveryStream.env.account, flowLog.env.account); + if (compareAccount === TokenComparison.DIFFERENT && !this.props.iamRole) { + throw new ValidationError('The iamRole is required for cross-account log delivery.', scope); + } } - const deliveryStreamArn = this.props.deliveryStreamArn; return { logDestinationType: FlowLogDestinationType.KINESIS_DATA_FIREHOSE, - deliveryStreamArn, + deliveryStreamArn: this.props.deliveryStreamArn, + deliveryStream: this.props.deliveryStream, + iamRole: this.props.iamRole, }; } } @@ -863,9 +901,15 @@ export class FlowLog extends FlowLogBase { /** * The ARN of the Amazon Data Firehose delivery stream to publish flow logs to + * @deprecated Use deliveryStream */ public readonly deliveryStreamArn?: string; + /** + * The Amazon Data Firehose delivery stream to publish flow logs to + */ + public readonly deliveryStream?: firehose.IDeliveryStreamRef; + constructor(scope: Construct, id: string, props: FlowLogProps) { super(scope, id); // Enhanced CDK Analytics Telemetry @@ -878,7 +922,9 @@ export class FlowLog extends FlowLogBase { this.bucket = destinationConfig.s3Bucket; this.iamRole = destinationConfig.iamRole; this.keyPrefix = destinationConfig.keyPrefix; - this.deliveryStreamArn = destinationConfig.deliveryStreamArn; + this.deliveryStreamArn = destinationConfig.deliveryStream?.deliveryStreamRef?.deliveryStreamArn + ?? destinationConfig.deliveryStreamArn; + this.deliveryStream = destinationConfig.deliveryStream; Tags.of(this).add(NAME_TAG, props.flowLogName || this.node.path); diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts index 2afb61e9c7b8d..935c86ea2660e 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts @@ -1,5 +1,6 @@ import { Template, Match } from '../../assertions'; import * as iam from '../../aws-iam'; +import * as firehose from '../../aws-kinesisfirehose'; import * as logs from '../../aws-logs'; import * as s3 from '../../aws-s3'; import { RemovalPolicy, Stack } from '../../core'; @@ -90,7 +91,8 @@ describe('vpc flow logs', () => { BucketName: 'testbucket', }); }); - test('with kinesis data firehose as the destination, allows use of existing resources', () => { + + test('with Amazon Data Firehose deliveryStreamArn as the destination, allows use of existing resources', () => { const stack = getTestStack(); const deliveryStreamArn = Stack.of(stack).formatArn({ @@ -109,12 +111,80 @@ describe('vpc flow logs', () => { Template.fromStack(stack).hasResourceProperties('AWS::EC2::FlowLog', { DestinationOptions: Match.absent(), + LogDestinationType: 'kinesis-data-firehose', + LogDestination: { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':firehose:::deliverystream/testdeliverystream']] }, + }); + Template.fromStack(stack).resourceCountIs('AWS::Logs::LogGroup', 0); + Template.fromStack(stack).resourceCountIs('AWS::S3::Bucket', 0); + }); + + test('with Amazon Data Firehose delivery stream as the destination, allows use of existing resources', () => { + const stack = getTestStack(); + + const bucket = new s3.Bucket(stack, 'Bucket'); + const deliveryStream = new firehose.DeliveryStream(stack, 'DeliveryStream', { + destination: new firehose.S3Bucket(bucket, { + loggingConfig: new firehose.DisableLogging(), + }), }); + new FlowLog(stack, 'FlowLogs', { + resourceType: FlowLogResourceType.fromNetworkInterfaceId('eni-123456'), + destination: FlowLogDestination.toFirehose(deliveryStream), + }); + Template.fromStack(stack).hasResourceProperties('AWS::EC2::FlowLog', { + DestinationOptions: Match.absent(), LogDestinationType: 'kinesis-data-firehose', + LogDestination: { 'Fn::GetAtt': ['DeliveryStream58CF96DB', 'Arn'] }, }); Template.fromStack(stack).resourceCountIs('AWS::Logs::LogGroup', 0); - Template.fromStack(stack).resourceCountIs('AWS::S3::Bucket', 0); + Template.fromStack(stack).resourceCountIs('AWS::S3::Bucket', 1); + }); + + test('with Amazon Data Firehose delivery stream as the destination with cross-account log delivery', () => { + const stack = getTestStack(); + + const bucket = new s3.Bucket(stack, 'Bucket'); + const deliveryStream = new firehose.DeliveryStream(stack, 'DeliveryStream', { + destination: new firehose.S3Bucket(bucket, { + loggingConfig: new firehose.DisableLogging(), + }), + }); + const role = new iam.Role(stack, 'Role', { + assumedBy: new iam.ServicePrincipal('delivery.logs.amazonaws.com'), + }); + new FlowLog(stack, 'FlowLogs', { + resourceType: FlowLogResourceType.fromNetworkInterfaceId('eni-123456'), + destination: FlowLogDestination.toFirehose(deliveryStream, role), + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EC2::FlowLog', { + DestinationOptions: Match.absent(), + LogDestinationType: 'kinesis-data-firehose', + LogDestination: { 'Fn::GetAtt': ['DeliveryStream58CF96DB', 'Arn'] }, + DeliverLogsPermissionArn: { 'Fn::GetAtt': ['Role1ABCC5F0', 'Arn'] }, + }); + }); + + test('toFirehose() throws when cross-account delivery and iamRole is missing', () => { + const stack = getTestStack(); + const bucket = new s3.Bucket(stack, 'Bucket'); + + const crossAccountStack = new Stack(undefined, 'CrossAccountStack', { + env: { account: '234567890123', region: 'us-east-1' }, + }); + const deliveryStream = new firehose.DeliveryStream(crossAccountStack, 'DeliveryStream', { + destination: new firehose.S3Bucket(bucket, { + loggingConfig: new firehose.DisableLogging(), + }), + }); + + expect(() => { + new FlowLog(stack, 'FlowLogs', { + resourceType: FlowLogResourceType.fromNetworkInterfaceId('eni-123456'), + destination: FlowLogDestination.toFirehose(deliveryStream), + }); + }).toThrow('The iamRole is required for cross-account log delivery.'); }); test('with flowLogName, adds Name tag with the name', () => { @@ -824,4 +894,3 @@ test('with custom log format set custom, it not creates with cloudwatch log dest }, }); }); -