diff --git a/.projen/deps.json b/.projen/deps.json index 4ad377d..e38b8b6 100644 --- a/.projen/deps.json +++ b/.projen/deps.json @@ -125,7 +125,7 @@ }, { "name": "aws-cdk-lib", - "version": "^2.85.0", + "version": "^2.127.0", "type": "peer" }, { diff --git a/.projenrc.js b/.projenrc.js index e330286..108ec16 100644 --- a/.projenrc.js +++ b/.projenrc.js @@ -5,7 +5,7 @@ const project = new awscdk.AwsCdkConstructLibrary({ author: 'Amir Szekely', authorAddress: 'amir@cloudsnorkel.com', stability: Stability.EXPERIMENTAL, - cdkVersion: '2.85.0', // for no more deprecated nodejs 14 in integration test + cdkVersion: '2.127.0', // 2.85.0 for no more deprecated nodejs 14 in integration test, 2.217.0 for lambda log settings defaultReleaseBranch: 'main', name: '@cloudsnorkel/cdk-rds-sanitized-snapshots', repositoryUrl: 'https://github.com/CloudSnorkel/cdk-rds-sanitized-snapshots.git', diff --git a/package.json b/package.json index 590d287..520688d 100644 --- a/package.json +++ b/package.json @@ -67,7 +67,7 @@ "@typescript-eslint/eslint-plugin": "^7", "@typescript-eslint/parser": "^7", "aws-cdk": "^2", - "aws-cdk-lib": "2.85.0", + "aws-cdk-lib": "2.127.0", "commit-and-tag-version": "^12", "constructs": "10.0.5", "esbuild": "^0.24.0", @@ -87,7 +87,7 @@ "typescript": "^4.9.5" }, "peerDependencies": { - "aws-cdk-lib": "^2.85.0", + "aws-cdk-lib": "^2.127.0", "constructs": "^10.0.5" }, "resolutions": { diff --git a/src/index.ts b/src/index.ts index 8fccfc2..9bd8f2f 100644 --- a/src/index.ts +++ b/src/index.ts @@ -6,6 +6,7 @@ import { aws_events_targets as events_targets, aws_iam as iam, aws_kms as kms, + aws_lambda as lambda, aws_logs as logs, aws_rds as rds, aws_stepfunctions as stepfunctions, @@ -141,6 +142,7 @@ export class RdsSanitizedSnapshotter extends Construct { private readonly sqlScript: string; private readonly reencrypt: boolean; private readonly useExistingSnapshot: boolean; + private readonly logGroup: logs.ILogGroup; private readonly generalTags: {Key: string; Value: string}[]; private readonly finalSnapshotTags: {Key: string; Value: string}[]; @@ -201,6 +203,11 @@ export class RdsSanitizedSnapshotter extends Construct { this.reencrypt = props.snapshotKey !== undefined; this.useExistingSnapshot = props.useExistingSnapshot ?? false; + this.logGroup = new logs.LogGroup(this, 'Logs', { + removalPolicy: cdk.RemovalPolicy.DESTROY, + retention: logs.RetentionDays.ONE_MONTH, + }); + this.dbClusterArn = cdk.Stack.of(this).formatArn({ service: 'rds', resource: 'cluster', @@ -329,7 +336,7 @@ export class RdsSanitizedSnapshotter extends Construct { } private dbParametersTask(databaseKey?: kms.IKey) { - const parametersFn = new ParametersFunction(this, 'parameters', { logRetention: logs.RetentionDays.ONE_MONTH }); + const parametersFn = new ParametersFunction(this, 'parameters', { logGroup: this.logGroup, loggingFormat: lambda.LoggingFormat.JSON }); const parametersState = new stepfunctions_tasks.LambdaInvoke(this, 'Get Parameters', { lambdaFunction: parametersFn, payload: stepfunctions.TaskInput.fromObject({ @@ -362,13 +369,15 @@ export class RdsSanitizedSnapshotter extends Construct { private findLatestSnapshot(id: string, databaseId: string) { const findFn = new FindSnapshotFunction(this, 'find-snapshot', { - logRetention: logs.RetentionDays.ONE_MONTH, + logGroup: this.logGroup, + loggingFormat: lambda.LoggingFormat.JSON, initialPolicy: [ new iam.PolicyStatement({ actions: ['rds:DescribeDBClusterSnapshots', 'rds:DescribeDBSnapshots'], resources: [this.dbClusterArn, this.dbInstanceArn], }), ], + timeout: cdk.Duration.minutes(1), }); let payload = { @@ -402,7 +411,8 @@ export class RdsSanitizedSnapshotter extends Construct { private waitForOperation(id: string, resourceType: 'snapshot' | 'cluster' | 'instance', databaseIdentifier: string, snapshotId?: string) { this.waitFn = this.waitFn ?? new WaitFunction(this, 'wait', { - logRetention: logs.RetentionDays.ONE_MONTH, + logGroup: this.logGroup, + loggingFormat: lambda.LoggingFormat.JSON, initialPolicy: [ new iam.PolicyStatement({ actions: ['rds:DescribeDBClusters', 'rds:DescribeDBClusterSnapshots', 'rds:DescribeDBSnapshots', 'rds:DescribeDBInstances'], @@ -545,11 +555,6 @@ export class RdsSanitizedSnapshotter extends Construct { } private sanitize(): stepfunctions.IChainable { - const logGroup = new logs.LogGroup(this, 'Logs', { - removalPolicy: cdk.RemovalPolicy.DESTROY, - retention: logs.RetentionDays.ONE_MONTH, - }); - const mysqlTask = new ecs.FargateTaskDefinition(this, 'MySQL Task', { volumes: [{ name: 'config', host: {} }], }); @@ -561,7 +566,7 @@ export class RdsSanitizedSnapshotter extends Construct { image: ecs.AssetImage.fromRegistry('public.ecr.aws/docker/library/bash:4-alpine3.15'), command: ['bash', '-c', `echo "${mycnf}" > ~/.my.cnf && chmod 700 ~/.my.cnf`], logging: ecs.LogDriver.awsLogs({ - logGroup, + logGroup: this.logGroup, streamPrefix: 'mysql-config', }), essential: false, @@ -571,7 +576,7 @@ export class RdsSanitizedSnapshotter extends Construct { image: ecs.AssetImage.fromRegistry('public.ecr.aws/lts/mysql:latest'), command: ['mysql', '-e', this.sqlScript], logging: ecs.LogDriver.awsLogs({ - logGroup, + logGroup: this.logGroup, streamPrefix: 'mysql-sanitize', }), }); @@ -583,7 +588,7 @@ export class RdsSanitizedSnapshotter extends Construct { image: ecs.AssetImage.fromRegistry('public.ecr.aws/lts/postgres:latest'), command: ['psql', '-c', this.sqlScript], logging: ecs.LogDriver.awsLogs({ - logGroup, + logGroup: this.logGroup, streamPrefix: 'psql-sanitize', }), }); @@ -726,7 +731,8 @@ export class RdsSanitizedSnapshotter extends Construct { private deleteOldSnapshots(historyLimit: number) { const deleteOldFn = new DeleteOldFunction(this, 'delete-old', { - logRetention: logs.RetentionDays.ONE_MONTH, + logGroup: this.logGroup, + loggingFormat: lambda.LoggingFormat.JSON, timeout: cdk.Duration.minutes(5), }); deleteOldFn.addToRolePolicy(new iam.PolicyStatement({ diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json index 08b65f0..de6346e 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json @@ -1,7 +1,7 @@ { - "version": "32.0.0", + "version": "36.0.0", "files": { - "43ed48878c85e3ce0324881d365f12acd6963f302748e21cd1257a713163350b": { + "da7ebb4e6882fcf053b199e0417772188b1369e252d27b7cf23ae1743467b6b0": { "source": { "path": "RDS-Sanitized-Snapshotter-RDS.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "43ed48878c85e3ce0324881d365f12acd6963f302748e21cd1257a713163350b.json", + "objectKey": "da7ebb4e6882fcf053b199e0417772188b1369e252d27b7cf23ae1743467b6b0.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json index d0b8a49..4d7552f 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json @@ -78,7 +78,7 @@ }, "DeleteAutomatedBackups": true, "Engine": "mysql", - "MasterUsername": { + "MasterUserPassword": { "Fn::Join": [ "", [ @@ -86,11 +86,11 @@ { "Ref": "MySQLInstanceSecret84563F6F" }, - ":SecretString:username::}}" + ":SecretString:password::}}" ] ] }, - "MasterUserPassword": { + "MasterUsername": { "Fn::Join": [ "", [ @@ -98,7 +98,7 @@ { "Ref": "MySQLInstanceSecret84563F6F" }, - ":SecretString:password::}}" + ":SecretString:username::}}" ] ] }, @@ -190,7 +190,7 @@ "Ref": "MySQLClusterSubnets30A4ABD4" }, "Engine": "aurora-mysql", - "MasterUsername": { + "MasterUserPassword": { "Fn::Join": [ "", [ @@ -198,11 +198,11 @@ { "Ref": "MySQLClusterSecret06B35C31" }, - ":SecretString:username::}}" + ":SecretString:password::}}" ] ] }, - "MasterUserPassword": { + "MasterUsername": { "Fn::Join": [ "", [ @@ -210,7 +210,7 @@ { "Ref": "MySQLClusterSecret06B35C31" }, - ":SecretString:password::}}" + ":SecretString:username::}}" ] ] }, @@ -242,6 +242,7 @@ "Key961B73FD": { "Type": "AWS::KMS::Key", "Properties": { + "Description": "RDS sanitize test source key", "KeyPolicy": { "Statement": [ { @@ -269,8 +270,7 @@ } ], "Version": "2012-10-17" - }, - "Description": "RDS sanitize test source key" + } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" @@ -359,7 +359,7 @@ "Arn" ] }, - "MasterUsername": { + "MasterUserPassword": { "Fn::Join": [ "", [ @@ -367,11 +367,11 @@ { "Ref": "PostgresInstanceSecret47B7DD5E" }, - ":SecretString:username::}}" + ":SecretString:password::}}" ] ] }, - "MasterUserPassword": { + "MasterUsername": { "Fn::Join": [ "", [ @@ -379,7 +379,7 @@ { "Ref": "PostgresInstanceSecret47B7DD5E" }, - ":SecretString:password::}}" + ":SecretString:username::}}" ] ] }, @@ -478,7 +478,7 @@ "Arn" ] }, - "MasterUsername": { + "MasterUserPassword": { "Fn::Join": [ "", [ @@ -486,11 +486,11 @@ { "Ref": "PostgresClusterSecretEB353FC9" }, - ":SecretString:username::}}" + ":SecretString:password::}}" ] ] }, - "MasterUserPassword": { + "MasterUsername": { "Fn::Join": [ "", [ @@ -498,7 +498,7 @@ { "Ref": "PostgresClusterSecretEB353FC9" }, - ":SecretString:password::}}" + ":SecretString:username::}}" ] ] }, diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json index 8ad4840..1eb9757 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "files": { "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6": { "source": { @@ -14,19 +14,6 @@ } } }, - "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8": { - "source": { - "path": "asset.5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f": { "source": { "path": "asset.66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.lambda", @@ -40,7 +27,7 @@ } } }, - "4d342d6a3f6400ba76ff90f4cd6140b4d7b6f7a8a8c14189a2b75f634544caac": { + "3961ed00ffe563e995f9d7e4fa79705f773ae1376c3cd5b54e937b4bb5f047c9": { "source": { "path": "RDS-Sanitized-Snapshotter-SFN.template.json", "packaging": "file" @@ -48,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "4d342d6a3f6400ba76ff90f4cd6140b4d7b6f7a8a8c14189a2b75f634544caac.json", + "objectKey": "3961ed00ffe563e995f9d7e4fa79705f773ae1376c3cd5b54e937b4bb5f047c9.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json index 4bba36e..f55914d 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json @@ -25,7 +25,6 @@ "MySQLInstanceSnapshotterSGfromRDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1ALLPORTSE497E70E": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { - "IpProtocol": "tcp", "Description": "from RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1:ALL PORTS", "FromPort": 0, "GroupId": { @@ -34,6 +33,7 @@ "GroupId" ] }, + "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "MySQLInstanceSnapshotterSGC75DA465", @@ -60,6 +60,14 @@ "MySQLInstanceSnapshottercluster86DF6015": { "Type": "AWS::ECS::Cluster" }, + "MySQLInstanceSnapshotterLogs55691739": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "MySQLInstanceSnapshotterparametersServiceRole0017B602": { "Type": "AWS::IAM::Role", "Properties": { @@ -143,12 +151,6 @@ }, "S3Key": "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6.zip" }, - "Role": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterparametersServiceRole0017B602", - "Arn" - ] - }, "Description": "src/parameters.lambda.ts", "Environment": { "Variables": { @@ -156,6 +158,18 @@ } }, "Handler": "index.handler", + "LoggingConfig": { + "LogFormat": "JSON", + "LogGroup": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" + } + }, + "Role": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparametersServiceRole0017B602", + "Arn" + ] + }, "Runtime": "nodejs18.x" }, "DependsOn": [ @@ -163,29 +177,6 @@ "MySQLInstanceSnapshotterparametersServiceRole0017B602" ] }, - "MySQLInstanceSnapshotterparametersLogRetention879E313F": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "MySQLInstanceSnapshotterparameters53B0A6E1" - } - ] - ] - }, - "RetentionInDays": 30 - } - }, "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2": { "Type": "AWS::IAM::Role", "Properties": { @@ -379,12 +370,6 @@ }, "S3Key": "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.zip" }, - "Role": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2", - "Arn" - ] - }, "Description": "src/wait.lambda.ts", "Environment": { "Variables": { @@ -392,6 +377,18 @@ } }, "Handler": "index.handler", + "LoggingConfig": { + "LogFormat": "JSON", + "LogGroup": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" + } + }, + "Role": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2", + "Arn" + ] + }, "Runtime": "nodejs18.x" }, "DependsOn": [ @@ -399,37 +396,6 @@ "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2" ] }, - "MySQLInstanceSnapshotterwaitLogRetentionE2296216": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "MySQLInstanceSnapshotterwait17927A95" - } - ] - ] - }, - "RetentionInDays": 30 - } - }, - "MySQLInstanceSnapshotterLogs55691739": { - "Type": "AWS::Logs::LogGroup", - "Properties": { - "RetentionInDays": 30 - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36": { "Type": "AWS::IAM::Role", "Properties": { @@ -1374,17 +1340,11 @@ "MySQLInstanceSnapshotterDirector69A6B7B4": { "Type": "AWS::StepFunctions::StateMachine", "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterDirectorRoleE2669C80", - "Arn" - ] - }, "DefinitionString": { "Fn::Join": [ "", [ - "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", { "Fn::GetAtt": [ "MySQLInstanceSnapshotterparameters53B0A6E1", @@ -1403,7 +1363,7 @@ { "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" }, - "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "MySQLInstanceSnapshotterwait17927A95", @@ -1429,7 +1389,7 @@ { "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" }, - "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "MySQLInstanceSnapshotterwait17927A95", @@ -1440,7 +1400,7 @@ { "Ref": "AWS::Partition" }, - ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "MySQLInstanceSnapshotterwait17927A95", @@ -1511,7 +1471,7 @@ "GroupId" ] }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "MySQLInstanceSnapshotterwait17927A95", @@ -1529,6 +1489,12 @@ ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" ] ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterDirectorRoleE2669C80", + "Arn" + ] } }, "DependsOn": [ @@ -1538,92 +1504,6 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:PutRetentionPolicy", - "logs:DeleteRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", - "Roles": [ - { - "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" - } - ] - } - }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Runtime": { - "Fn::FindInMap": [ - "DefaultCrNodeVersionMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8.zip" - }, - "Role": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", - "Arn" - ] - } - }, - "DependsOn": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" - ] - }, "MySQLClusterSnapshotterSGF5188D63": { "Type": "AWS::EC2::SecurityGroup", "Properties": { @@ -1649,7 +1529,6 @@ "MySQLClusterSnapshotterSGfromRDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1ALLPORTS9D3E93FA": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { - "IpProtocol": "tcp", "Description": "from RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1:ALL PORTS", "FromPort": 0, "GroupId": { @@ -1658,6 +1537,7 @@ "GroupId" ] }, + "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "MySQLClusterSnapshotterSGF5188D63", @@ -1684,6 +1564,14 @@ "MySQLClusterSnapshottercluster9B2B4982": { "Type": "AWS::ECS::Cluster" }, + "MySQLClusterSnapshotterLogs987A7E0A": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "MySQLClusterSnapshotterparametersServiceRole4959428F": { "Type": "AWS::IAM::Role", "Properties": { @@ -1772,12 +1660,6 @@ }, "S3Key": "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6.zip" }, - "Role": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterparametersServiceRole4959428F", - "Arn" - ] - }, "Description": "src/parameters.lambda.ts", "Environment": { "Variables": { @@ -1785,6 +1667,18 @@ } }, "Handler": "index.handler", + "LoggingConfig": { + "LogFormat": "JSON", + "LogGroup": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" + } + }, + "Role": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersServiceRole4959428F", + "Arn" + ] + }, "Runtime": "nodejs18.x" }, "DependsOn": [ @@ -1792,29 +1686,6 @@ "MySQLClusterSnapshotterparametersServiceRole4959428F" ] }, - "MySQLClusterSnapshotterparametersLogRetention49B4A2F1": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "MySQLClusterSnapshotterparametersAF9FF89F" - } - ] - ] - }, - "RetentionInDays": 30 - } - }, "MySQLClusterSnapshotterwaitServiceRoleD1DB455D": { "Type": "AWS::IAM::Role", "Properties": { @@ -2008,12 +1879,6 @@ }, "S3Key": "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.zip" }, - "Role": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterwaitServiceRoleD1DB455D", - "Arn" - ] - }, "Description": "src/wait.lambda.ts", "Environment": { "Variables": { @@ -2021,6 +1886,18 @@ } }, "Handler": "index.handler", + "LoggingConfig": { + "LogFormat": "JSON", + "LogGroup": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" + } + }, + "Role": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwaitServiceRoleD1DB455D", + "Arn" + ] + }, "Runtime": "nodejs18.x" }, "DependsOn": [ @@ -2028,37 +1905,6 @@ "MySQLClusterSnapshotterwaitServiceRoleD1DB455D" ] }, - "MySQLClusterSnapshotterwaitLogRetention01D1F254": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "MySQLClusterSnapshotterwait73D57C6D" - } - ] - ] - }, - "RetentionInDays": 30 - } - }, - "MySQLClusterSnapshotterLogs987A7E0A": { - "Type": "AWS::Logs::LogGroup", - "Properties": { - "RetentionInDays": 30 - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027": { "Type": "AWS::IAM::Role", "Properties": { @@ -3073,17 +2919,11 @@ "MySQLClusterSnapshotterDirector73A14BB0": { "Type": "AWS::StepFunctions::StateMachine", "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterDirectorRole6035EB89", - "Arn" - ] - }, "DefinitionString": { "Fn::Join": [ "", [ - "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", { "Fn::GetAtt": [ "MySQLClusterSnapshotterparametersAF9FF89F", @@ -3102,7 +2942,7 @@ { "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" }, - "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "MySQLClusterSnapshotterwait73D57C6D", @@ -3128,7 +2968,7 @@ { "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" }, - "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "MySQLClusterSnapshotterwait73D57C6D", @@ -3139,7 +2979,7 @@ { "Ref": "AWS::Partition" }, - ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "MySQLClusterSnapshotterwait73D57C6D", @@ -3150,7 +2990,7 @@ { "Ref": "AWS::Partition" }, - ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "MySQLClusterSnapshotterwait73D57C6D", @@ -3221,7 +3061,7 @@ "GroupId" ] }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "MySQLClusterSnapshotterwait73D57C6D", @@ -3243,6 +3083,12 @@ ":states:::aws-sdk:rds:deleteDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" ] ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterDirectorRole6035EB89", + "Arn" + ] } }, "DependsOn": [ @@ -3277,7 +3123,6 @@ "PostgreSQLInstanceSnapshotterSGfromRDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5AALLPORTSEF1B0737": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { - "IpProtocol": "tcp", "Description": "from RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5A:ALL PORTS", "FromPort": 0, "GroupId": { @@ -3286,6 +3131,7 @@ "GroupId" ] }, + "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "PostgreSQLInstanceSnapshotterSG97FD02BB", @@ -3312,6 +3158,14 @@ "PostgreSQLInstanceSnapshottercluster067EC069": { "Type": "AWS::ECS::Cluster" }, + "PostgreSQLInstanceSnapshotterLogsF028D514": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630": { "Type": "AWS::IAM::Role", "Properties": { @@ -3395,12 +3249,6 @@ }, "S3Key": "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6.zip" }, - "Role": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630", - "Arn" - ] - }, "Description": "src/parameters.lambda.ts", "Environment": { "Variables": { @@ -3408,6 +3256,18 @@ } }, "Handler": "index.handler", + "LoggingConfig": { + "LogFormat": "JSON", + "LogGroup": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" + } + }, + "Role": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630", + "Arn" + ] + }, "Runtime": "nodejs18.x" }, "DependsOn": [ @@ -3415,29 +3275,6 @@ "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630" ] }, - "PostgreSQLInstanceSnapshotterparametersLogRetentionED632F48": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "PostgreSQLInstanceSnapshotterparametersA0CF862A" - } - ] - ] - }, - "RetentionInDays": 30 - } - }, "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF": { "Type": "AWS::IAM::Role", "Properties": { @@ -3631,12 +3468,6 @@ }, "S3Key": "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.zip" }, - "Role": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF", - "Arn" - ] - }, "Description": "src/wait.lambda.ts", "Environment": { "Variables": { @@ -3644,6 +3475,18 @@ } }, "Handler": "index.handler", + "LoggingConfig": { + "LogFormat": "JSON", + "LogGroup": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" + } + }, + "Role": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF", + "Arn" + ] + }, "Runtime": "nodejs18.x" }, "DependsOn": [ @@ -3651,37 +3494,6 @@ "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF" ] }, - "PostgreSQLInstanceSnapshotterwaitLogRetentionB9508260": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "PostgreSQLInstanceSnapshotterwaitE64141BC" - } - ] - ] - }, - "RetentionInDays": 30 - } - }, - "PostgreSQLInstanceSnapshotterLogsF028D514": { - "Type": "AWS::Logs::LogGroup", - "Properties": { - "RetentionInDays": 30 - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11": { "Type": "AWS::IAM::Role", "Properties": { @@ -4636,17 +4448,11 @@ "PostgreSQLInstanceSnapshotterDirector22C6400C": { "Type": "AWS::StepFunctions::StateMachine", "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterDirectorRole89143BB2", - "Arn" - ] - }, "DefinitionString": { "Fn::Join": [ "", [ - "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLInstanceSnapshotterparametersA0CF862A", @@ -4669,7 +4475,7 @@ { "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" }, - "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLInstanceSnapshotterwaitE64141BC", @@ -4695,7 +4501,7 @@ { "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" }, - "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLInstanceSnapshotterwaitE64141BC", @@ -4706,7 +4512,7 @@ { "Ref": "AWS::Partition" }, - ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLInstanceSnapshotterwaitE64141BC", @@ -4777,7 +4583,7 @@ "GroupId" ] }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLInstanceSnapshotterwaitE64141BC", @@ -4795,6 +4601,12 @@ ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" ] ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterDirectorRole89143BB2", + "Arn" + ] } }, "DependsOn": [ @@ -4807,6 +4619,7 @@ "SnapshotKey0EDEBDF6": { "Type": "AWS::KMS::Key", "Properties": { + "Description": "RDS sanitize test target key", "KeyPolicy": { "Statement": [ { @@ -4834,8 +4647,7 @@ } ], "Version": "2012-10-17" - }, - "Description": "RDS sanitize test target key" + } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" @@ -4865,7 +4677,6 @@ "PostgreSQLClusterSnapshotterSGfromRDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838ALLPORTS45F04871": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { - "IpProtocol": "tcp", "Description": "from RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838:ALL PORTS", "FromPort": 0, "GroupId": { @@ -4874,6 +4685,7 @@ "GroupId" ] }, + "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "PostgreSQLClusterSnapshotterSG7FF985A8", @@ -4900,6 +4712,14 @@ "PostgreSQLClusterSnapshotterclusterD066B562": { "Type": "AWS::ECS::Cluster" }, + "PostgreSQLClusterSnapshotterLogsD5C5A603": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28": { "Type": "AWS::IAM::Role", "Properties": { @@ -4988,12 +4808,6 @@ }, "S3Key": "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6.zip" }, - "Role": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28", - "Arn" - ] - }, "Description": "src/parameters.lambda.ts", "Environment": { "Variables": { @@ -5001,6 +4815,18 @@ } }, "Handler": "index.handler", + "LoggingConfig": { + "LogFormat": "JSON", + "LogGroup": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" + } + }, + "Role": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28", + "Arn" + ] + }, "Runtime": "nodejs18.x" }, "DependsOn": [ @@ -5008,29 +4834,6 @@ "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28" ] }, - "PostgreSQLClusterSnapshotterparametersLogRetention51777008": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "PostgreSQLClusterSnapshotterparameters25147BEC" - } - ] - ] - }, - "RetentionInDays": 30 - } - }, "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C": { "Type": "AWS::IAM::Role", "Properties": { @@ -5224,12 +5027,6 @@ }, "S3Key": "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.zip" }, - "Role": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C", - "Arn" - ] - }, "Description": "src/wait.lambda.ts", "Environment": { "Variables": { @@ -5237,6 +5034,18 @@ } }, "Handler": "index.handler", + "LoggingConfig": { + "LogFormat": "JSON", + "LogGroup": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" + } + }, + "Role": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C", + "Arn" + ] + }, "Runtime": "nodejs18.x" }, "DependsOn": [ @@ -5244,37 +5053,6 @@ "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C" ] }, - "PostgreSQLClusterSnapshotterwaitLogRetention454520B8": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "PostgreSQLClusterSnapshotterwait7A15A210" - } - ] - ] - }, - "RetentionInDays": 30 - } - }, - "PostgreSQLClusterSnapshotterLogsD5C5A603": { - "Type": "AWS::Logs::LogGroup", - "Properties": { - "RetentionInDays": 30 - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904": { "Type": "AWS::IAM::Role", "Properties": { @@ -6336,17 +6114,11 @@ "PostgreSQLClusterSnapshotterDirector864DA8F0": { "Type": "AWS::StepFunctions::StateMachine", "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterDirectorRole38961E19", - "Arn" - ] - }, "DefinitionString": { "Fn::Join": [ "", [ - "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLClusterSnapshotterparameters25147BEC", @@ -6369,7 +6141,7 @@ { "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" }, - "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Re-encrypt Snapshot\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Re-encrypt Snapshot\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLClusterSnapshotterwait7A15A210", @@ -6388,7 +6160,7 @@ { "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" }, - "\"}]}},\"Wait for Re-encrypt\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"}]}},\"Wait for Re-encrypt\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLClusterSnapshotterwait7A15A210", @@ -6414,7 +6186,7 @@ { "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" }, - "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLClusterSnapshotterwait7A15A210", @@ -6425,7 +6197,7 @@ { "Ref": "AWS::Partition" }, - ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLClusterSnapshotterwait7A15A210", @@ -6436,7 +6208,7 @@ { "Ref": "AWS::Partition" }, - ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLClusterSnapshotterwait7A15A210", @@ -6507,7 +6279,7 @@ "GroupId" ] }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", { "Fn::GetAtt": [ "PostgreSQLClusterSnapshotterwait7A15A210", @@ -6533,6 +6305,12 @@ ":states:::aws-sdk:rds:deleteDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" ] ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterDirectorRole38961E19", + "Arn" + ] } }, "DependsOn": [ @@ -6544,107 +6322,6 @@ } }, "Mappings": { - "DefaultCrNodeVersionMap": { - "af-south-1": { - "value": "nodejs16.x" - }, - "ap-east-1": { - "value": "nodejs16.x" - }, - "ap-northeast-1": { - "value": "nodejs16.x" - }, - "ap-northeast-2": { - "value": "nodejs16.x" - }, - "ap-northeast-3": { - "value": "nodejs16.x" - }, - "ap-south-1": { - "value": "nodejs16.x" - }, - "ap-south-2": { - "value": "nodejs16.x" - }, - "ap-southeast-1": { - "value": "nodejs16.x" - }, - "ap-southeast-2": { - "value": "nodejs16.x" - }, - "ap-southeast-3": { - "value": "nodejs16.x" - }, - "ca-central-1": { - "value": "nodejs16.x" - }, - "cn-north-1": { - "value": "nodejs16.x" - }, - "cn-northwest-1": { - "value": "nodejs16.x" - }, - "eu-central-1": { - "value": "nodejs16.x" - }, - "eu-central-2": { - "value": "nodejs16.x" - }, - "eu-north-1": { - "value": "nodejs16.x" - }, - "eu-south-1": { - "value": "nodejs16.x" - }, - "eu-south-2": { - "value": "nodejs16.x" - }, - "eu-west-1": { - "value": "nodejs16.x" - }, - "eu-west-2": { - "value": "nodejs16.x" - }, - "eu-west-3": { - "value": "nodejs16.x" - }, - "me-central-1": { - "value": "nodejs16.x" - }, - "me-south-1": { - "value": "nodejs16.x" - }, - "sa-east-1": { - "value": "nodejs16.x" - }, - "us-east-1": { - "value": "nodejs16.x" - }, - "us-east-2": { - "value": "nodejs16.x" - }, - "us-gov-east-1": { - "value": "nodejs16.x" - }, - "us-gov-west-1": { - "value": "nodejs16.x" - }, - "us-iso-east-1": { - "value": "nodejs14.x" - }, - "us-iso-west-1": { - "value": "nodejs14.x" - }, - "us-isob-east-1": { - "value": "nodejs14.x" - }, - "us-west-1": { - "value": "nodejs16.x" - }, - "us-west-2": { - "value": "nodejs16.x" - } - }, "ServiceprincipalMap": { "af-south-1": { "states": "states.af-south-1.amazonaws.com" @@ -6676,6 +6353,9 @@ "ap-southeast-3": { "states": "states.ap-southeast-3.amazonaws.com" }, + "ap-southeast-4": { + "states": "states.ap-southeast-4.amazonaws.com" + }, "ca-central-1": { "states": "states.ca-central-1.amazonaws.com" }, @@ -6709,6 +6389,9 @@ "eu-west-3": { "states": "states.eu-west-3.amazonaws.com" }, + "il-central-1": { + "states": "states.il-central-1.amazonaws.com" + }, "me-central-1": { "states": "states.me-central-1.amazonaws.com" }, diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json index 2a4f41c..94ac969 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "36.0.0", "files": { "295638eaca4e56d19aa29f193a42e7ff4e2e20125032e0676efb5c35b233d93c": { "source": { @@ -14,19 +14,6 @@ } } }, - "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8": { - "source": { - "path": "asset.5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, "a33c1b440d13b6b6bee62c123d3c08a68dd448e2e31726e9f3f30b0c06607178": { "source": { "path": "asset.a33c1b440d13b6b6bee62c123d3c08a68dd448e2e31726e9f3f30b0c06607178.lambda", @@ -40,20 +27,20 @@ } } }, - "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e": { + "7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94": { "source": { - "path": "asset.8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e", + "path": "asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip", + "objectKey": "7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "a301752ccc480328b97e28491cc71fcdb86fcb830116f446552af776ff464fed": { + "e1f9405828fbf3aabd2cdf441678d90c9a61d6073774961567561d3d5d8169e9": { "source": { "path": "RDS-Sanitized-Snapshotter-Test.template.json", "packaging": "file" @@ -61,7 +48,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "a301752ccc480328b97e28491cc71fcdb86fcb830116f446552af776ff464fed.json", + "objectKey": "e1f9405828fbf3aabd2cdf441678d90c9a61d6073774961567561d3d5d8169e9.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json index 523f68e..7d0d8c6 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json @@ -1,5 +1,13 @@ { "Resources": { + "Logs6819BB44": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 1 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "TestServiceRoleCF49002B": { "Type": "AWS::IAM::Role", "Properties": { @@ -61,12 +69,6 @@ }, "S3Key": "295638eaca4e56d19aa29f193a42e7ff4e2e20125032e0676efb5c35b233d93c.zip" }, - "Role": { - "Fn::GetAtt": [ - "TestServiceRoleCF49002B", - "Arn" - ] - }, "Description": "src/test.lambda.ts", "Environment": { "Variables": { @@ -74,120 +76,23 @@ } }, "Handler": "index.handler", - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "TestServiceRoleDefaultPolicyE51BF2AA", - "TestServiceRoleCF49002B" - ] - }, - "TestLogRetention7A4CD73F": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "Test7BFAF513" - } - ] - ] - }, - "RetentionInDays": 1 - } - }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] + "LoggingConfig": { + "LogFormat": "JSON", + "LogGroup": { + "Ref": "Logs6819BB44" } - ] - } - }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:PutRetentionPolicy", - "logs:DeleteRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", - "Roles": [ - { - "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" - } - ] - } - }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Runtime": { - "Fn::FindInMap": [ - "DefaultCrNodeVersionMap", - { - "Ref": "AWS::Region" - }, - "value" - ] - }, - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8.zip" }, "Role": { "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", + "TestServiceRoleCF49002B", "Arn" ] - } + }, + "Runtime": "nodejs18.x" }, "DependsOn": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + "TestServiceRoleDefaultPolicyE51BF2AA", + "TestServiceRoleCF49002B" ] }, "WaitServiceRole80F0B8D7": { @@ -257,12 +162,6 @@ }, "S3Key": "a33c1b440d13b6b6bee62c123d3c08a68dd448e2e31726e9f3f30b0c06607178.zip" }, - "Role": { - "Fn::GetAtt": [ - "WaitServiceRole80F0B8D7", - "Arn" - ] - }, "Description": "src/test-wait.lambda.ts", "Environment": { "Variables": { @@ -270,6 +169,18 @@ } }, "Handler": "index.handler", + "LoggingConfig": { + "LogFormat": "JSON", + "LogGroup": { + "Ref": "Logs6819BB44" + } + }, + "Role": { + "Fn::GetAtt": [ + "WaitServiceRole80F0B8D7", + "Arn" + ] + }, "Runtime": "nodejs18.x", "Timeout": 180 }, @@ -278,29 +189,6 @@ "WaitServiceRole80F0B8D7" ] }, - "WaitLogRetentionD0E6D74E": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "Wait4449FB25" - } - ] - ] - }, - "RetentionInDays": 1 - } - }, "ProviderframeworkonEventServiceRole9FF04296": { "Type": "AWS::IAM::Role", "Properties": { @@ -414,13 +302,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkonEventServiceRole9FF04296", - "Arn" - ] + "S3Key": "7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94.zip" }, "Description": "AWS CDK resource provider framework - onEvent (RDS-Sanitized-Snapshotter-Test/Provider)", "Environment": { @@ -443,15 +325,18 @@ } }, "Handler": "framework.onEvent", - "Runtime": { - "Fn::FindInMap": [ - "DefaultCrNodeVersionMap", - { - "Ref": "AWS::Region" - }, - "value" + "LoggingConfig": { + "LogGroup": { + "Ref": "Logs6819BB44" + } + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkonEventServiceRole9FF04296", + "Arn" ] }, + "Runtime": "nodejs18.x", "Timeout": 900 }, "DependsOn": [ @@ -459,29 +344,6 @@ "ProviderframeworkonEventServiceRole9FF04296" ] }, - "ProviderframeworkonEventLogRetention74EACA97": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "ProviderframeworkonEvent83C1D0A7" - } - ] - ] - }, - "RetentionInDays": 1 - } - }, "ProviderframeworkisCompleteServiceRoleB1087139": { "Type": "AWS::IAM::Role", "Properties": { @@ -588,13 +450,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkisCompleteServiceRoleB1087139", - "Arn" - ] + "S3Key": "7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94.zip" }, "Description": "AWS CDK resource provider framework - isComplete (RDS-Sanitized-Snapshotter-Test/Provider)", "Environment": { @@ -614,15 +470,18 @@ } }, "Handler": "framework.isComplete", - "Runtime": { - "Fn::FindInMap": [ - "DefaultCrNodeVersionMap", - { - "Ref": "AWS::Region" - }, - "value" + "LoggingConfig": { + "LogGroup": { + "Ref": "Logs6819BB44" + } + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkisCompleteServiceRoleB1087139", + "Arn" ] }, + "Runtime": "nodejs18.x", "Timeout": 900 }, "DependsOn": [ @@ -630,29 +489,6 @@ "ProviderframeworkisCompleteServiceRoleB1087139" ] }, - "ProviderframeworkisCompleteLogRetentionC7DBBE41": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "ProviderframeworkisComplete26D7B0CB" - } - ] - ] - }, - "RetentionInDays": 1 - } - }, "ProviderframeworkonTimeoutServiceRole28643D26": { "Type": "AWS::IAM::Role", "Properties": { @@ -759,13 +595,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkonTimeoutServiceRole28643D26", - "Arn" - ] + "S3Key": "7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94.zip" }, "Description": "AWS CDK resource provider framework - onTimeout (RDS-Sanitized-Snapshotter-Test/Provider)", "Environment": { @@ -785,15 +615,18 @@ } }, "Handler": "framework.onTimeout", - "Runtime": { - "Fn::FindInMap": [ - "DefaultCrNodeVersionMap", - { - "Ref": "AWS::Region" - }, - "value" + "LoggingConfig": { + "LogGroup": { + "Ref": "Logs6819BB44" + } + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkonTimeoutServiceRole28643D26", + "Arn" ] }, + "Runtime": "nodejs18.x", "Timeout": 900 }, "DependsOn": [ @@ -801,29 +634,6 @@ "ProviderframeworkonTimeoutServiceRole28643D26" ] }, - "ProviderframeworkonTimeoutLogRetentionE4EB0919": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "ProviderframeworkonTimeout0B47CA38" - } - ] - ] - }, - "RetentionInDays": 1 - } - }, "ProviderwaiterstatemachineRole0C7159F9": { "Type": "AWS::IAM::Role", "Properties": { @@ -1020,107 +830,6 @@ } }, "Mappings": { - "DefaultCrNodeVersionMap": { - "af-south-1": { - "value": "nodejs16.x" - }, - "ap-east-1": { - "value": "nodejs16.x" - }, - "ap-northeast-1": { - "value": "nodejs16.x" - }, - "ap-northeast-2": { - "value": "nodejs16.x" - }, - "ap-northeast-3": { - "value": "nodejs16.x" - }, - "ap-south-1": { - "value": "nodejs16.x" - }, - "ap-south-2": { - "value": "nodejs16.x" - }, - "ap-southeast-1": { - "value": "nodejs16.x" - }, - "ap-southeast-2": { - "value": "nodejs16.x" - }, - "ap-southeast-3": { - "value": "nodejs16.x" - }, - "ca-central-1": { - "value": "nodejs16.x" - }, - "cn-north-1": { - "value": "nodejs16.x" - }, - "cn-northwest-1": { - "value": "nodejs16.x" - }, - "eu-central-1": { - "value": "nodejs16.x" - }, - "eu-central-2": { - "value": "nodejs16.x" - }, - "eu-north-1": { - "value": "nodejs16.x" - }, - "eu-south-1": { - "value": "nodejs16.x" - }, - "eu-south-2": { - "value": "nodejs16.x" - }, - "eu-west-1": { - "value": "nodejs16.x" - }, - "eu-west-2": { - "value": "nodejs16.x" - }, - "eu-west-3": { - "value": "nodejs16.x" - }, - "me-central-1": { - "value": "nodejs16.x" - }, - "me-south-1": { - "value": "nodejs16.x" - }, - "sa-east-1": { - "value": "nodejs16.x" - }, - "us-east-1": { - "value": "nodejs16.x" - }, - "us-east-2": { - "value": "nodejs16.x" - }, - "us-gov-east-1": { - "value": "nodejs16.x" - }, - "us-gov-west-1": { - "value": "nodejs16.x" - }, - "us-iso-east-1": { - "value": "nodejs14.x" - }, - "us-iso-west-1": { - "value": "nodejs14.x" - }, - "us-isob-east-1": { - "value": "nodejs14.x" - }, - "us-west-1": { - "value": "nodejs16.x" - }, - "us-west-2": { - "value": "nodejs16.x" - } - }, "ServiceprincipalMap": { "af-south-1": { "states": "states.af-south-1.amazonaws.com" @@ -1152,6 +861,9 @@ "ap-southeast-3": { "states": "states.ap-southeast-3.amazonaws.com" }, + "ap-southeast-4": { + "states": "states.ap-southeast-4.amazonaws.com" + }, "ca-central-1": { "states": "states.ca-central-1.amazonaws.com" }, @@ -1185,6 +897,9 @@ "eu-west-3": { "states": "states.eu-west-3.amazonaws.com" }, + "il-central-1": { + "states": "states.il-central-1.amazonaws.com" + }, "me-central-1": { "states": "states.me-central-1.amazonaws.com" }, diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json index 20dc3c4..44a4c09 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json @@ -1,7 +1,7 @@ { - "version": "32.0.0", + "version": "36.0.0", "files": { - "7f7fe87c1bc49355a41f2ecfc0a1dc170c5c17a83e322d536b7500a4fc2dae48": { + "87f12f407d189e096c584f71ca2c69ffa63607430c7f39f994ea967e20be935b": { "source": { "path": "RDS-Sanitized-Snapshotter-VPC.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "7f7fe87c1bc49355a41f2ecfc0a1dc170c5c17a83e322d536b7500a4fc2dae48.json", + "objectKey": "87f12f407d189e096c584f71ca2c69ffa63607430c7f39f994ea967e20be935b.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json index 3b4fff3..4f5f759 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json @@ -18,9 +18,6 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -44,21 +41,24 @@ "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPublicSubnet1RouteTableFEE4B781": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "Tags": [ { "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPublicSubnet1RouteTableAssociation0B0896DC": { @@ -75,12 +75,12 @@ "VPCPublicSubnet1DefaultRoute91CEF279": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet1RouteTableFEE4B781" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" } }, "DependsOn": [ @@ -102,15 +102,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "Tags": [ { "Key": "Name", @@ -126,9 +126,6 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -152,21 +149,24 @@ "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPublicSubnet2RouteTable6F1A15F1": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "Tags": [ { "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPublicSubnet2RouteTableAssociation5A808732": { @@ -183,12 +183,12 @@ "VPCPublicSubnet2DefaultRouteB7481BBA": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" } }, "DependsOn": [ @@ -198,9 +198,6 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -224,21 +221,24 @@ "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPrivateSubnet1RouteTableBE8A6027": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "Tags": [ { "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPrivateSubnet1RouteTableAssociation347902D1": { @@ -255,9 +255,6 @@ "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -281,21 +278,24 @@ "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPrivateSubnet2RouteTable0A19E10E": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "Tags": [ { "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPrivateSubnet2RouteTableAssociation0C73D413": { @@ -312,9 +312,6 @@ "VPCIsolatedSubnet1SubnetEBD00FC6": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -338,21 +335,24 @@ "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCIsolatedSubnet1RouteTableEB156210": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "Tags": [ { "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCIsolatedSubnet1RouteTableAssociationA2D18F7C": { @@ -369,21 +369,18 @@ "VPCIsolatedSubnet1DefaultRoute97D5523A": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VPCIsolatedSubnet1RouteTableEB156210" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "RouteTableId": { + "Ref": "VPCIsolatedSubnet1RouteTableEB156210" } } }, "VPCIsolatedSubnet2Subnet4B1C8CAA": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -407,21 +404,24 @@ "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCIsolatedSubnet2RouteTable9B4F78DC": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "Tags": [ { "Key": "Name", "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCIsolatedSubnet2RouteTableAssociation7BF8E0EB": { @@ -438,12 +438,12 @@ "VPCIsolatedSubnet2DefaultRoute5D7CAC57": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "RouteTableId": { + "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" } } }, @@ -461,11 +461,11 @@ "VPCVPCGW99B986DC": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "InternetGatewayId": { "Ref": "VPCIGWB7E252D3" + }, + "VpcId": { + "Ref": "VPCB9E5F0B4" } } } diff --git a/test/default.integ.ts b/test/default.integ.ts index 086da0b..1583227 100644 --- a/test/default.integ.ts +++ b/test/default.integ.ts @@ -1,5 +1,13 @@ import * as cdk from 'aws-cdk-lib'; -import { aws_ec2 as ec2, aws_iam as iam, aws_kms as kms, aws_logs as logs, aws_rds as rds, custom_resources, RemovalPolicy } from 'aws-cdk-lib'; +import { + aws_ec2 as ec2, + aws_iam as iam, + aws_kms as kms, + aws_lambda as lambda, + aws_logs as logs, + aws_rds as rds, + custom_resources, +} from 'aws-cdk-lib'; import { RdsSanitizedSnapshotter } from '../src'; import { TestFunction } from '../src/test-function'; import { TestWaitFunction } from '../src/test-wait-function'; @@ -33,7 +41,7 @@ const mysqlDatabaseInstance = new rds.DatabaseInstance(rdsStack, 'MySQL Instance vpc, engine: rds.DatabaseInstanceEngine.MYSQL, instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL), - removalPolicy: RemovalPolicy.DESTROY, + removalPolicy: cdk.RemovalPolicy.DESTROY, backupRetention: cdk.Duration.days(0), deleteAutomatedBackups: true, }); @@ -44,16 +52,16 @@ const mysqlDatabaseCluster = new rds.DatabaseCluster(rdsStack, 'MySQL Cluster', backup: { retention: cdk.Duration.days(1), }, - removalPolicy: RemovalPolicy.DESTROY, + removalPolicy: cdk.RemovalPolicy.DESTROY, }); (mysqlDatabaseCluster.node.defaultChild as rds.CfnDBCluster).addPropertyDeletionOverride('DBClusterParameterGroupName'); -const sourceKey = new kms.Key(rdsStack, 'Key', { description: 'RDS sanitize test source key', removalPolicy: RemovalPolicy.DESTROY }); +const sourceKey = new kms.Key(rdsStack, 'Key', { description: 'RDS sanitize test source key', removalPolicy: cdk.RemovalPolicy.DESTROY }); const postgresDatabaseInstance = new rds.DatabaseInstance(rdsStack, 'Postgres Instance', { vpc, engine: rds.DatabaseInstanceEngine.POSTGRES, instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL), storageEncryptionKey: sourceKey, - removalPolicy: RemovalPolicy.DESTROY, + removalPolicy: cdk.RemovalPolicy.DESTROY, backupRetention: cdk.Duration.days(0), deleteAutomatedBackups: true, }); @@ -66,7 +74,7 @@ const postgresDatabaseCluster = new rds.DatabaseCluster(rdsStack, 'Postgres Clus backup: { retention: cdk.Duration.days(1), }, - removalPolicy: RemovalPolicy.DESTROY, + removalPolicy: cdk.RemovalPolicy.DESTROY, }); (postgresDatabaseCluster.node.defaultChild as rds.CfnDBCluster).addPropertyDeletionOverride('DBClusterParameterGroupName'); @@ -98,7 +106,7 @@ const postgresClusterSfn = new RdsSanitizedSnapshotter(sfnStack, 'PostgreSQL Clu script: 'SELECT 1', snapshotPrefix: 'psql-cluster-snapshot', databaseKey: sourceKey, - snapshotKey: new kms.Key(sfnStack, 'Snapshot Key', { description: 'RDS sanitize test target key', removalPolicy: RemovalPolicy.DESTROY }), // test re-encryption + snapshotKey: new kms.Key(sfnStack, 'Snapshot Key', { description: 'RDS sanitize test target key', removalPolicy: cdk.RemovalPolicy.DESTROY }), // test re-encryption }).snapshotter; // const postgresServerlessSfn = new RdsSanitizedSnapshotter(sfnStack, 'PostgreSQL Serverless Snapshotter', { // vpc, @@ -109,9 +117,14 @@ const postgresClusterSfn = new RdsSanitizedSnapshotter(sfnStack, 'PostgreSQL Clu // Trigger step functions const testStack = new cdk.Stack(app, 'RDS-Sanitized-Snapshotter-Test'); +const logGroup = new logs.LogGroup(testStack, 'Logs', { + removalPolicy: cdk.RemovalPolicy.DESTROY, + retention: logs.RetentionDays.ONE_DAY, +}); const provider = new custom_resources.Provider(testStack, 'Provider', { onEventHandler: new TestFunction(testStack, 'Test', { - logRetention: logs.RetentionDays.ONE_DAY, + loggingFormat: lambda.LoggingFormat.JSON, + logGroup: logGroup, initialPolicy: [ new iam.PolicyStatement({ actions: ['states:StartExecution'], @@ -121,7 +134,8 @@ const provider = new custom_resources.Provider(testStack, 'Provider', { }), isCompleteHandler: new TestWaitFunction(testStack, 'Wait', { timeout: cdk.Duration.minutes(3), - logRetention: logs.RetentionDays.ONE_DAY, + loggingFormat: lambda.LoggingFormat.JSON, + logGroup: logGroup, initialPolicy: [ new iam.PolicyStatement({ actions: [ @@ -132,7 +146,7 @@ const provider = new custom_resources.Provider(testStack, 'Provider', { }), ], }), - logRetention: logs.RetentionDays.ONE_DAY, + logGroup: logGroup, totalTimeout: cdk.Duration.minutes(59), // custom resource have 1 hour limit, so just below that }); new cdk.CustomResource(testStack, 'Test MySQL Instance', { diff --git a/yarn.lock b/yarn.lock index d0e6d27..a132114 100644 --- a/yarn.lock +++ b/yarn.lock @@ -10,20 +10,20 @@ "@jridgewell/gen-mapping" "^0.3.5" "@jridgewell/trace-mapping" "^0.3.24" -"@aws-cdk/asset-awscli-v1@^2.2.177": - version "2.2.204" - resolved "https://registry.yarnpkg.com/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.204.tgz#848de090616aeb34af65c4b11e9661c9e76ed39c" - integrity sha512-cm7aZKIubmBAS5IOkGEmh3h8VlKeOsNlLJJ39MnbmGZxXcW7+WaqIS7S4Z3YLKrs6EVQnrP8XQ2kt3cjkqKIJg== +"@aws-cdk/asset-awscli-v1@^2.2.202": + version "2.2.205" + resolved "https://registry.yarnpkg.com/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.205.tgz#ac25d541dd3c34e2aae6789d1bbfccdfd57b8210" + integrity sha512-aoCe5pUr0o5nJU7BtPyuNPM23YPKISQoU4S3g+il2iglY/sfdljXCNhzNrbqLhJtpIxWsVip8H+6BR7TkmjtnA== -"@aws-cdk/asset-kubectl-v20@^2.1.1": +"@aws-cdk/asset-kubectl-v20@^2.1.2": version "2.1.2" resolved "https://registry.yarnpkg.com/@aws-cdk/asset-kubectl-v20/-/asset-kubectl-v20-2.1.2.tgz#d8e20b5f5dc20128ea2000dc479ca3c7ddc27248" integrity sha512-3M2tELJOxQv0apCIiuKQ4pAbncz9GuLwnKFqxifWfe77wuMxyTRPmxssYHs42ePqzap1LT6GDcPygGs+hHstLg== -"@aws-cdk/asset-node-proxy-agent-v5@^2.0.148": - version "2.0.166" - resolved "https://registry.yarnpkg.com/@aws-cdk/asset-node-proxy-agent-v5/-/asset-node-proxy-agent-v5-2.0.166.tgz#467507db141cd829ff8aa9d6ea5519310a4276b8" - integrity sha512-j0xnccpUQHXJKPgCwQcGGNu4lRiC1PptYfdxBIH1L4dRK91iBxtSQHESRQX+yB47oGLaF/WfNN/aF3WXwlhikg== +"@aws-cdk/asset-node-proxy-agent-v6@^2.0.1": + version "2.1.0" + resolved "https://registry.yarnpkg.com/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.1.0.tgz#6d3c7860354d4856a7e75375f2f0ecab313b4989" + integrity sha512-7bY3J8GCVxLupn/kNmpPc5VJz8grx+4RKfnnJiO1LG+uxkZfANZG3RMHhE+qQxxwkyQ9/MfPtTpf748UhR425A== "@aws-crypto/sha256-browser@5.2.0": version "5.2.0" @@ -2249,22 +2249,22 @@ available-typed-arrays@^1.0.7: dependencies: possible-typed-array-names "^1.0.0" -aws-cdk-lib@2.85.0: - version "2.85.0" - resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.85.0.tgz#09a577799b63107d3128c2755ee02acedc580e5d" - integrity sha512-u+ypK8XEMRH3tGRMSmcbPYxLet7xBdGIztUkMcPtlNJGhS/vxqh12yYkem3g3zzmHwdX8OPLSnlZ2sIuiIqp/g== +aws-cdk-lib@2.127.0: + version "2.127.0" + resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.127.0.tgz#dc27045badd07579194c1b1af9f8fdfcfb3093fe" + integrity sha512-pEdp2TqgNLYY+kAo68oVzMDEHJevYoRArZJoH+bjM9YTwqRJJiwF1k6tc78e3jca4sCNDZAgX2ytOgqW6lVTWQ== dependencies: - "@aws-cdk/asset-awscli-v1" "^2.2.177" - "@aws-cdk/asset-kubectl-v20" "^2.1.1" - "@aws-cdk/asset-node-proxy-agent-v5" "^2.0.148" + "@aws-cdk/asset-awscli-v1" "^2.2.202" + "@aws-cdk/asset-kubectl-v20" "^2.1.2" + "@aws-cdk/asset-node-proxy-agent-v6" "^2.0.1" "@balena/dockerignore" "^1.0.2" case "1.6.3" - fs-extra "^11.1.1" - ignore "^5.2.4" + fs-extra "^11.2.0" + ignore "^5.3.1" jsonschema "^1.4.1" minimatch "^3.1.2" - punycode "^2.3.0" - semver "^7.5.1" + punycode "^2.3.1" + semver "^7.5.4" table "^6.8.1" yaml "1.10.2" @@ -3561,7 +3561,7 @@ fs-extra@^10.1.0: jsonfile "^6.0.1" universalify "^2.0.0" -fs-extra@^11.1.1: +fs-extra@^11.2.0: version "11.2.0" resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.2.0.tgz#e70e17dfad64232287d01929399e0ea7c86b0e5b" integrity sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw== @@ -3945,7 +3945,7 @@ iconv-lite@0.6.3: dependencies: safer-buffer ">= 2.1.2 < 3.0.0" -ignore@^5.2.0, ignore@^5.2.4, ignore@^5.3.1: +ignore@^5.2.0, ignore@^5.3.1: version "5.3.2" resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.2.tgz#3cd40e729f3643fd87cb04e50bf0eb722bc596f5" integrity sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g== @@ -5540,7 +5540,7 @@ psl@^1.1.33: resolved "https://registry.yarnpkg.com/psl/-/psl-1.9.0.tgz#d0df2a137f00794565fcaf3b2c00cd09f8d5a5a7" integrity sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag== -punycode@^2.1.0, punycode@^2.1.1, punycode@^2.3.0, punycode@^2.3.1: +punycode@^2.1.0, punycode@^2.1.1, punycode@^2.3.1: version "2.3.1" resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg== @@ -5793,7 +5793,7 @@ semver-intersect@^1.5.0: resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== -semver@7.x, semver@^7.0.0, semver@^7.3.2, semver@^7.3.4, semver@^7.5.1, semver@^7.5.3, semver@^7.6.0, semver@^7.6.3: +semver@7.x, semver@^7.0.0, semver@^7.3.2, semver@^7.3.4, semver@^7.5.3, semver@^7.5.4, semver@^7.6.0, semver@^7.6.3: version "7.6.3" resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143" integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==