aws
diff --git a/‎.cfnlintrc.yaml
Lines changed: 1 addition & 0 deletions b/‎.cfnlintrc.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎integration/combination/test_function_with_mq.py
Lines changed: 4 additions & 0 deletions b/‎integration/combination/test_function_with_mq.py
Lines changed: 4 additions & 0 deletions
diff --git a/‎tests/translator/input/function_with_mq.yaml
Lines changed: 167 additions & 0 deletions b/‎tests/translator/input/function_with_mq.yaml
Lines changed: 167 additions & 0 deletions
@@ -121,6 +121,7 @@ ignore_templates:
   - tests/translator/output/**/globals_for_function.json  # RuntimeManagementConfig
   - tests/translator/output/**/function_with_runtime_config.json  # RuntimeManagementConfig
   - tests/translator/output/**/managed_policies_minimal.json  # Intentionally has non-existent managed policy name
+  - tests/translator/output/**/function_with_mq.json  # Property "EventSourceArn" can Fn::GetAtt to a resource of types [AWS::DynamoDB::GlobalTable, AWS::DynamoDB::Table, AWS::Kinesis::Stream, AWS::Kinesis::StreamConsumer, AWS::SQS::Queue]
 ignore_checks:
   - E2531 # Deprecated runtime; not relevant for transform tests
   - W2531 # EOL runtime; not relevant for transform tests
 
@@ -26,6 +26,10 @@ def companion_stack_outputs(self, get_companion_stack_outputs):
         ]
     )
     def test_function_with_mq(self, file_name, mq_broker, mq_secret, subnet_key):
+        # Temporarily skip this test and we should either re-enable this once the AZ issue is fixed
+        # or once we figure out a way to trigger integ test only when transform output changes.
+        if subnet_key == "PreCreatedSubnetOne":
+            pytest.skip("Skipping this test to temporarily bypass AvailabilityZone issue.")
         companion_stack_outputs = self.companion_stack_outputs
         parameters = self.get_parameters(companion_stack_outputs, subnet_key)
         secret_name = mq_secret + "-" + generate_suffix()
 
@@ -0,0 +1,167 @@
+Parameters:
+  MQBrokerUser:
+    Description: The user to access the Amazon MQ broker.
+    Type: String
+    Default: testBrokerUser
+    MinLength: 2
+    ConstraintDescription: The Amazon MQ broker user is required !
+  MQBrokerPassword:
+    Description: The password to access the Amazon MQ broker. Min 12 characters
+    Type: String
+    Default: testBrokerPassword
+    MinLength: 12
+    ConstraintDescription: The Amazon MQ broker password is required !
+    NoEcho: true
+  PreCreatedVpc:
+    Type: String
+  PreCreatedSubnetOne:
+    Type: String
+  MQBrokerUserSecretName:
+    Type: String
+  PreCreatedInternetGateway:
+    Type: String
+  MQBrokerName:
+    Description: The name of MQ Broker
+    Type: String
+    Default: TestMQBroker
+
+Resources:
+  RouteTable:
+    Type: AWS::EC2::RouteTable
+    Properties:
+      VpcId:
+        Ref: PreCreatedVpc
+
+  Route:
+    Type: AWS::EC2::Route
+    Properties:
+      RouteTableId:
+        Ref: RouteTable
+      DestinationCidrBlock: 0.0.0.0/0
+      GatewayId:
+        Ref: PreCreatedInternetGateway
+
+  PublicSubnetRouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      SubnetId:
+        Ref: PreCreatedSubnetOne
+      RouteTableId:
+        Ref: RouteTable
+
+  MQSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Limits security group ingress and egress traffic for the Amazon
+        MQ instance
+      VpcId:
+        Ref: PreCreatedVpc
+      SecurityGroupIngress:
+      - IpProtocol: tcp
+        FromPort: 8162
+        ToPort: 8162
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 61617
+        ToPort: 61617
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 5671
+        ToPort: 5671
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 61614
+        ToPort: 61614
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 8883
+        ToPort: 8883
+        CidrIp: 0.0.0.0/0
+
+  MyLambdaExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+        - Action: [sts:AssumeRole]
+          Effect: Allow
+          Principal:
+            Service: [lambda.amazonaws.com]
+      Policies:
+      - PolicyName: IntegrationTestExecution
+        PolicyDocument:
+          Statement:
+          - Action: [ec2:CreateNetworkInterface, ec2:CreateNetworkInterfacePermission,
+              ec2:DeleteNetworkInterface, ec2:DeleteNetworkInterfacePermission, ec2:DetachNetworkInterface,
+              ec2:DescribeSubnets, ec2:DescribeNetworkInterfaces, ec2:DescribeVpcs,
+              ec2:DescribeInternetGateways, ec2:DescribeNetworkInterfacePermissions,
+              ec2:DescribeSecurityGroups, ec2:DescribeRouteTables, logs:CreateLogGroup,
+              logs:CreateLogStream, logs:PutLogEvents, kms:Decrypt, mq:DescribeBroker,
+              secretsmanager:GetSecretValue]
+            Effect: Allow
+            Resource: '*'
+      ManagedPolicyArns:
+      - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
+      Tags:
+      - {Value: SAM, Key: lambda:createdBy}
+
+  MyMqBroker:
+    Properties:
+      BrokerName:
+        Ref: MQBrokerName
+      DeploymentMode: SINGLE_INSTANCE
+      EngineType: ACTIVEMQ
+      EngineVersion: 5.15.12
+      HostInstanceType: mq.t3.micro
+      Logs:
+        Audit: true
+        General: true
+      PubliclyAccessible: true
+      AutoMinorVersionUpgrade: false
+      SecurityGroups:
+      - Ref: MQSecurityGroup
+      SubnetIds:
+      - Ref: PreCreatedSubnetOne
+      Users:
+      - ConsoleAccess: true
+        Groups:
+        - admin
+        Username:
+          Ref: MQBrokerUser
+        Password:
+          Ref: MQBrokerPassword
+    Type: AWS::AmazonMQ::Broker
+    DependsOn: MyLambdaExecutionRole
+
+  MyLambdaFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Runtime: nodejs14.x
+      Handler: index.handler
+      CodeUri: s3://bucket/key
+      Role:
+        Fn::GetAtt: [MyLambdaExecutionRole, Arn]
+      Events:
+        MyMqEvent:
+          Type: MQ
+          Properties:
+            Broker:
+              Fn::GetAtt: MyMqBroker.Arn
+            Queues:
+            - TestQueue
+            SourceAccessConfigurations:
+            - Type: BASIC_AUTH
+              URI:
+                Ref: MQBrokerUserSecret
+
+  MQBrokerUserSecret:
+    Type: AWS::SecretsManager::Secret
+    Properties:
+      Name:
+        Ref: MQBrokerUserSecretName
+      SecretString:
+        Fn::Sub: '{"username":"${MQBrokerUser}","password":"${MQBrokerPassword}"}'
+      Description: SecretsManager Secret for broker user and password
+Metadata:
+  SamTransformTest: true
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,10 @@ def companion_stack_outputs(self, get_companion_stack_outputs):`
`26`	`26`	`]`
`27`	`27`	`)`
`28`	`28`	`def test_function_with_mq(self, file_name, mq_broker, mq_secret, subnet_key):`
	`29`	`+ # Temporarily skip this test and we should either re-enable this once the AZ issue is fixed`
	`30`	`+ # or once we figure out a way to trigger integ test only when transform output changes.`
	`31`	`+ if subnet_key == "PreCreatedSubnetOne":`
	`32`	`+ pytest.skip("Skipping this test to temporarily bypass AvailabilityZone issue.")`
`29`	`33`	`companion_stack_outputs = self.companion_stack_outputs`
`30`	`34`	`parameters = self.get_parameters(companion_stack_outputs, subnet_key)`
`31`	`35`	`secret_name = mq_secret + "-" + generate_suffix()`