Skip to content

Commit fb35eed

Browse files
arelraarelra
authored
Merge pull request #13838 from guardian/ravi/cdk-61.4.0
Upgrade to `@guardian/[email protected]`
2 parents 2e128cd + 3c43a37 commit fb35eed

File tree

7 files changed

+352
-372
lines changed

7 files changed

+352
-372
lines changed

apps-rendering/cdk/lib/__snapshots__/mobile-apps-rendering.test.ts.snap

Lines changed: 132 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ exports[`The MobileAppsRendering stack matches the snapshot 1`] = `
1111
"GuEc2App",
1212
"GuCertificate",
1313
"GuInstanceRole",
14+
"GuSsmSshPolicy",
1415
"GuDescribeEC2Policy",
1516
"GuLoggingStreamNameParameter",
1617
"GuLogShippingPolicy",
@@ -91,6 +92,11 @@ exports[`The MobileAppsRendering stack matches the snapshot 1`] = `
9192
},
9293
},
9394
"MaxSize": "2",
95+
"MetricsCollection": [
96+
{
97+
"Granularity": "1Minute",
98+
},
99+
],
94100
"MinSize": "1",
95101
"Tags": [
96102
{
@@ -427,20 +433,6 @@ exports[`The MobileAppsRendering stack matches the snapshot 1`] = `
427433
],
428434
"Version": "2012-10-17",
429435
},
430-
"ManagedPolicyArns": [
431-
{
432-
"Fn::Join": [
433-
"",
434-
[
435-
"arn:",
436-
{
437-
"Ref": "AWS::Partition",
438-
},
439-
":iam::aws:policy/AmazonSSMManagedInstanceCore",
440-
],
441-
],
442-
},
443-
],
444436
"Path": "/",
445437
"Tags": [
446438
{
@@ -571,6 +563,7 @@ exports[`The MobileAppsRendering stack matches the snapshot 1`] = `
571563
},
572564
"Port": 443,
573565
"Protocol": "HTTPS",
566+
"SslPolicy": "ELBSecurityPolicy-TLS13-1-2-2021-06",
574567
},
575568
"Type": "AWS::ElasticLoadBalancingV2::Listener",
576569
},
@@ -581,6 +574,14 @@ exports[`The MobileAppsRendering stack matches the snapshot 1`] = `
581574
"Key": "deletion_protection.enabled",
582575
"Value": "true",
583576
},
577+
{
578+
"Key": "routing.http.x_amzn_tls_version_and_cipher_suite.enabled",
579+
"Value": "true",
580+
},
581+
{
582+
"Key": "routing.http.drop_invalid_header_fields.enabled",
583+
"Value": "true",
584+
},
584585
{
585586
"Key": "idle_timeout.timeout_seconds",
586587
"Value": "4",
@@ -762,6 +763,42 @@ exports[`The MobileAppsRendering stack matches the snapshot 1`] = `
762763
},
763764
"Type": "AWS::IAM::Policy",
764765
},
766+
"SsmSshPolicy4CFC977E": {
767+
"Properties": {
768+
"PolicyDocument": {
769+
"Statement": [
770+
{
771+
"Action": [
772+
"ec2messages:AcknowledgeMessage",
773+
"ec2messages:DeleteMessage",
774+
"ec2messages:FailMessage",
775+
"ec2messages:GetEndpoint",
776+
"ec2messages:GetMessages",
777+
"ec2messages:SendReply",
778+
"ssm:UpdateInstanceInformation",
779+
"ssm:ListInstanceAssociations",
780+
"ssm:DescribeInstanceProperties",
781+
"ssm:DescribeDocumentParameters",
782+
"ssmmessages:CreateControlChannel",
783+
"ssmmessages:CreateDataChannel",
784+
"ssmmessages:OpenControlChannel",
785+
"ssmmessages:OpenDataChannel",
786+
],
787+
"Effect": "Allow",
788+
"Resource": "*",
789+
},
790+
],
791+
"Version": "2012-10-17",
792+
},
793+
"PolicyName": "ssm-ssh-policy",
794+
"Roles": [
795+
{
796+
"Ref": "InstanceRoleMobileappsrenderingEC64402A",
797+
},
798+
],
799+
},
800+
"Type": "AWS::IAM::Policy",
801+
},
765802
"TargetGroupMobileappsrendering29320E35": {
766803
"Properties": {
767804
"HealthCheckIntervalSeconds": 10,
@@ -916,6 +953,7 @@ exports[`The MobileAppsRendering stack matches the snapshot 1`] = `
916953
"InstanceType": "t4g.small",
917954
"MetadataOptions": {
918955
"HttpTokens": "required",
956+
"InstanceMetadataTags": "enabled",
919957
},
920958
"SecurityGroupIds": [
921959
{
@@ -935,6 +973,10 @@ exports[`The MobileAppsRendering stack matches the snapshot 1`] = `
935973
{
936974
"ResourceType": "instance",
937975
"Tags": [
976+
{
977+
"Key": "App",
978+
"Value": "mobile-apps-rendering",
979+
},
938980
{
939981
"Key": "gu:cdk:version",
940982
"Value": "TEST",
@@ -960,6 +1002,10 @@ exports[`The MobileAppsRendering stack matches the snapshot 1`] = `
9601002
{
9611003
"ResourceType": "volume",
9621004
"Tags": [
1005+
{
1006+
"Key": "App",
1007+
"Value": "mobile-apps-rendering",
1008+
},
9631009
{
9641010
"Key": "gu:cdk:version",
9651011
"Value": "TEST",
@@ -988,15 +1034,14 @@ exports[`The MobileAppsRendering stack matches the snapshot 1`] = `
9881034
"Fn::Join": [
9891035
"",
9901036
[
991-
"#!/bin/bash -ev
1037+
"#!/bin/bash
1038+
set -ev
9921039
groupadd mapi
9931040
useradd -r -m -s /usr/bin/nologin -g mapi mobile-apps-rendering
994-
9951041
export App=mobile-apps-rendering
9961042
export Stack=mobile
9971043
export Stage=TEST
9981044
export NODE_ENV=production
999-
10001045
aws s3 cp s3://",
10011046
{
10021047
"Ref": "SsmParameterValueaccountservicesartifactbucketC96584B6F00A464EAD1953AFF4B05118Parameter",
@@ -1005,15 +1050,12 @@ aws s3 cp s3://",
10051050
mkdir -p /opt/mobile-apps-rendering
10061051
unzip /tmp/mobile-apps-rendering.zip -d /opt/mobile-apps-rendering
10071052
chown -R mobile-apps-rendering:mapi /opt/mobile-apps-rendering
1008-
10091053
mkdir -p /usr/share/mobile-apps-rendering/logs
10101054
chown -R mobile-apps-rendering:mapi /usr/share/mobile-apps-rendering
10111055
ln -s /usr/share/mobile-apps-rendering/logs /var/log/mobile-apps-rendering
10121056
chown -R mobile-apps-rendering:mapi /var/log/mobile-apps-rendering
1013-
10141057
export PM2_HOME="/usr/share/mobile-apps-rendering"
10151058
export ASSETS_MANIFEST="/opt/mobile-apps-rendering/manifest.json"
1016-
10171059
/usr/local/node/pm2 start --name mobile-apps-rendering --uid mobile-apps-rendering --gid mapi /opt/mobile-apps-rendering/server.js
10181060
/opt/aws-kinesis-agent/configure-aws-kinesis-agent ",
10191061
{
@@ -1030,6 +1072,10 @@ export ASSETS_MANIFEST="/opt/mobile-apps-rendering/manifest.json"
10301072
{
10311073
"ResourceType": "launch-template",
10321074
"Tags": [
1075+
{
1076+
"Key": "App",
1077+
"Value": "mobile-apps-rendering",
1078+
},
10331079
{
10341080
"Key": "gu:cdk:version",
10351081
"Value": "TEST",
@@ -1081,6 +1127,7 @@ exports[`The MobileAppsRenderingPreview stack matches the snapshot 1`] = `
10811127
"GuEc2App",
10821128
"GuCertificate",
10831129
"GuInstanceRole",
1130+
"GuSsmSshPolicy",
10841131
"GuDescribeEC2Policy",
10851132
"GuLoggingStreamNameParameter",
10861133
"GuLogShippingPolicy",
@@ -1161,6 +1208,11 @@ exports[`The MobileAppsRenderingPreview stack matches the snapshot 1`] = `
11611208
},
11621209
},
11631210
"MaxSize": "2",
1211+
"MetricsCollection": [
1212+
{
1213+
"Granularity": "1Minute",
1214+
},
1215+
],
11641216
"MinSize": "1",
11651217
"Tags": [
11661218
{
@@ -1497,20 +1549,6 @@ exports[`The MobileAppsRenderingPreview stack matches the snapshot 1`] = `
14971549
],
14981550
"Version": "2012-10-17",
14991551
},
1500-
"ManagedPolicyArns": [
1501-
{
1502-
"Fn::Join": [
1503-
"",
1504-
[
1505-
"arn:",
1506-
{
1507-
"Ref": "AWS::Partition",
1508-
},
1509-
":iam::aws:policy/AmazonSSMManagedInstanceCore",
1510-
],
1511-
],
1512-
},
1513-
],
15141552
"Path": "/",
15151553
"Tags": [
15161554
{
@@ -1641,6 +1679,7 @@ exports[`The MobileAppsRenderingPreview stack matches the snapshot 1`] = `
16411679
},
16421680
"Port": 443,
16431681
"Protocol": "HTTPS",
1682+
"SslPolicy": "ELBSecurityPolicy-TLS13-1-2-2021-06",
16441683
},
16451684
"Type": "AWS::ElasticLoadBalancingV2::Listener",
16461685
},
@@ -1651,6 +1690,14 @@ exports[`The MobileAppsRenderingPreview stack matches the snapshot 1`] = `
16511690
"Key": "deletion_protection.enabled",
16521691
"Value": "true",
16531692
},
1693+
{
1694+
"Key": "routing.http.x_amzn_tls_version_and_cipher_suite.enabled",
1695+
"Value": "true",
1696+
},
1697+
{
1698+
"Key": "routing.http.drop_invalid_header_fields.enabled",
1699+
"Value": "true",
1700+
},
16541701
{
16551702
"Key": "idle_timeout.timeout_seconds",
16561703
"Value": "4",
@@ -1832,6 +1879,42 @@ exports[`The MobileAppsRenderingPreview stack matches the snapshot 1`] = `
18321879
},
18331880
"Type": "AWS::IAM::Policy",
18341881
},
1882+
"SsmSshPolicy4CFC977E": {
1883+
"Properties": {
1884+
"PolicyDocument": {
1885+
"Statement": [
1886+
{
1887+
"Action": [
1888+
"ec2messages:AcknowledgeMessage",
1889+
"ec2messages:DeleteMessage",
1890+
"ec2messages:FailMessage",
1891+
"ec2messages:GetEndpoint",
1892+
"ec2messages:GetMessages",
1893+
"ec2messages:SendReply",
1894+
"ssm:UpdateInstanceInformation",
1895+
"ssm:ListInstanceAssociations",
1896+
"ssm:DescribeInstanceProperties",
1897+
"ssm:DescribeDocumentParameters",
1898+
"ssmmessages:CreateControlChannel",
1899+
"ssmmessages:CreateDataChannel",
1900+
"ssmmessages:OpenControlChannel",
1901+
"ssmmessages:OpenDataChannel",
1902+
],
1903+
"Effect": "Allow",
1904+
"Resource": "*",
1905+
},
1906+
],
1907+
"Version": "2012-10-17",
1908+
},
1909+
"PolicyName": "ssm-ssh-policy",
1910+
"Roles": [
1911+
{
1912+
"Ref": "InstanceRoleMobileappsrenderingEC64402A",
1913+
},
1914+
],
1915+
},
1916+
"Type": "AWS::IAM::Policy",
1917+
},
18351918
"TargetGroupMobileappsrendering29320E35": {
18361919
"Properties": {
18371920
"HealthCheckIntervalSeconds": 10,
@@ -1986,6 +2069,7 @@ exports[`The MobileAppsRenderingPreview stack matches the snapshot 1`] = `
19862069
"InstanceType": "t4g.micro",
19872070
"MetadataOptions": {
19882071
"HttpTokens": "required",
2072+
"InstanceMetadataTags": "enabled",
19892073
},
19902074
"SecurityGroupIds": [
19912075
{
@@ -2005,6 +2089,10 @@ exports[`The MobileAppsRenderingPreview stack matches the snapshot 1`] = `
20052089
{
20062090
"ResourceType": "instance",
20072091
"Tags": [
2092+
{
2093+
"Key": "App",
2094+
"Value": "mobile-apps-rendering",
2095+
},
20082096
{
20092097
"Key": "gu:cdk:version",
20102098
"Value": "TEST",
@@ -2030,6 +2118,10 @@ exports[`The MobileAppsRenderingPreview stack matches the snapshot 1`] = `
20302118
{
20312119
"ResourceType": "volume",
20322120
"Tags": [
2121+
{
2122+
"Key": "App",
2123+
"Value": "mobile-apps-rendering",
2124+
},
20332125
{
20342126
"Key": "gu:cdk:version",
20352127
"Value": "TEST",
@@ -2058,15 +2150,14 @@ exports[`The MobileAppsRenderingPreview stack matches the snapshot 1`] = `
20582150
"Fn::Join": [
20592151
"",
20602152
[
2061-
"#!/bin/bash -ev
2153+
"#!/bin/bash
2154+
set -ev
20622155
groupadd mapi
20632156
useradd -r -m -s /usr/bin/nologin -g mapi mobile-apps-rendering
2064-
20652157
export App=mobile-apps-rendering
20662158
export Stack=mobile-preview
20672159
export Stage=TEST
20682160
export NODE_ENV=production
2069-
20702161
aws s3 cp s3://",
20712162
{
20722163
"Ref": "SsmParameterValueaccountservicesartifactbucketC96584B6F00A464EAD1953AFF4B05118Parameter",
@@ -2075,15 +2166,12 @@ aws s3 cp s3://",
20752166
mkdir -p /opt/mobile-apps-rendering
20762167
unzip /tmp/mobile-apps-rendering.zip -d /opt/mobile-apps-rendering
20772168
chown -R mobile-apps-rendering:mapi /opt/mobile-apps-rendering
2078-
20792169
mkdir -p /usr/share/mobile-apps-rendering/logs
20802170
chown -R mobile-apps-rendering:mapi /usr/share/mobile-apps-rendering
20812171
ln -s /usr/share/mobile-apps-rendering/logs /var/log/mobile-apps-rendering
20822172
chown -R mobile-apps-rendering:mapi /var/log/mobile-apps-rendering
2083-
20842173
export PM2_HOME="/usr/share/mobile-apps-rendering"
20852174
export ASSETS_MANIFEST="/opt/mobile-apps-rendering/manifest.json"
2086-
20872175
/usr/local/node/pm2 start --name mobile-apps-rendering --uid mobile-apps-rendering --gid mapi /opt/mobile-apps-rendering/server.js
20882176
/opt/aws-kinesis-agent/configure-aws-kinesis-agent ",
20892177
{
@@ -2100,6 +2188,10 @@ export ASSETS_MANIFEST="/opt/mobile-apps-rendering/manifest.json"
21002188
{
21012189
"ResourceType": "launch-template",
21022190
"Tags": [
2191+
{
2192+
"Key": "App",
2193+
"Value": "mobile-apps-rendering",
2194+
},
21032195
{
21042196
"Key": "gu:cdk:version",
21052197
"Value": "TEST",

0 commit comments

Comments
 (0)