From 432f97d9de3522e198b5bd7832bce6e26cf18d1f Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Mon, 25 Mar 2024 08:52:55 -0700 Subject: [PATCH] feat: update L1 CloudFormation resource definitions (#29606) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-cloudwatch │ └ resources │ └[~] resource AWS::CloudWatch::AnomalyDetector │ └ types │ └[~] type SingleMetricAnomalyDetector │ └ properties │ └[+] AccountId: string ├[~] service aws-docdbelastic │ └ resources │ └[~] resource AWS::DocDBElastic::Cluster │ └ properties │ ├[+] BackupRetentionPeriod: integer │ ├[+] PreferredBackupWindow: string │ └[+] ShardInstanceCount: integer ├[~] service aws-elasticache │ └ resources │ └[~] resource AWS::ElastiCache::ParameterGroup │ └ attributes │ └[-] CacheParameterGroupName: string ├[~] service aws-entityresolution │ └ resources │ └[~] resource AWS::EntityResolution::IdMappingWorkflow │ ├ properties │ │ └ OutputSourceConfig: - Array (required) │ │ + Array │ └ types │ └[~] type IdMappingWorkflowInputSource │ └ properties │ ├ SchemaArn: - string (required) │ │ + string │ └[+] Type: string ├[~] service aws-iam │ └ resources │ └[~] resource AWS::IAM::ManagedPolicy │ └ properties │ └ Path: - string (immutable) │ + string (default="/", immutable) └[~] service aws-securityhub └ resources ├[-] resource AWS::SecurityHub::DelegatedAdmin │ ├ name: DelegatedAdmin │ │ cloudFormationType: AWS::SecurityHub::DelegatedAdmin │ │ documentation: The AWS::SecurityHub::DelegatedAdmin resource represents the AWS Security Hub delegated admin account in your organization. One delegated admin resource is allowed to create for the organization in each region in which you configure the AdminAccountId. │ ├ properties │ │ └AdminAccountId: string (required, immutable) │ └ attributes │ ├DelegatedAdminIdentifier: string │ └Status: string ├[-] resource AWS::SecurityHub::Insight │ ├ name: Insight │ │ cloudFormationType: AWS::SecurityHub::Insight │ │ documentation: Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation. │ │ To group the related findings in the insight, use the `GroupByAttribute` . │ ├ properties │ │ ├Name: string (required) │ │ ├Filters: AwsSecurityFindingFilters (required) │ │ └GroupByAttribute: string (required) │ ├ attributes │ │ └InsightArn: string │ └ types │ ├type AwsSecurityFindingFilters │ │├ documentation: A collection of filters that are applied to all active findings aggregated by AWS Security Hub . │ ││ You can filter by up to ten finding attributes. For each attribute, you can provide up to 20 filter values. │ ││ name: AwsSecurityFindingFilters │ │└ properties │ │ ├ProductArn: Array │ │ ├AwsAccountId: Array │ │ ├AwsAccountName: Array │ │ ├Id: Array │ │ ├GeneratorId: Array │ │ ├Type: Array │ │ ├Region: Array │ │ ├SeverityLabel: Array │ │ ├Title: Array │ │ ├Description: Array │ │ ├RecommendationText: Array │ │ ├SourceUrl: Array │ │ ├ProductFields: Array │ │ ├ProductName: Array │ │ ├CompanyName: Array │ │ ├UserDefinedFields: Array │ │ ├MalwareName: Array │ │ ├MalwareType: Array │ │ ├MalwarePath: Array │ │ ├MalwareState: Array │ │ ├NetworkDirection: Array │ │ ├NetworkProtocol: Array │ │ ├NetworkSourceIpV4: Array │ │ ├NetworkSourceIpV6: Array │ │ ├NetworkSourceDomain: Array │ │ ├NetworkSourceMac: Array │ │ ├NetworkDestinationIpV4: Array │ │ ├NetworkDestinationIpV6: Array │ │ ├NetworkDestinationDomain: Array │ │ ├ProcessName: Array │ │ ├ProcessPath: Array │ │ ├ThreatIntelIndicatorType: Array │ │ ├ThreatIntelIndicatorValue: Array │ │ ├ThreatIntelIndicatorCategory: Array │ │ ├ThreatIntelIndicatorSource: Array │ │ ├ThreatIntelIndicatorSourceUrl: Array │ │ ├ResourceType: Array │ │ ├ResourceId: Array │ │ ├ResourcePartition: Array │ │ ├ResourceRegion: Array │ │ ├ResourceTags: Array │ │ ├ResourceAwsEc2InstanceType: Array │ │ ├ResourceAwsEc2InstanceImageId: Array │ │ ├ResourceAwsEc2InstanceIpV4Addresses: Array │ │ ├ResourceAwsEc2InstanceIpV6Addresses: Array │ │ ├ResourceAwsEc2InstanceKeyName: Array │ │ ├ResourceAwsEc2InstanceIamInstanceProfileArn: Array │ │ ├ResourceAwsEc2InstanceVpcId: Array │ │ ├ResourceAwsEc2InstanceSubnetId: Array │ │ ├ResourceAwsS3BucketOwnerId: Array │ │ ├ResourceAwsS3BucketOwnerName: Array │ │ ├ResourceAwsIamAccessKeyStatus: Array │ │ ├ResourceContainerName: Array │ │ ├ResourceContainerImageId: Array │ │ ├ResourceContainerImageName: Array │ │ ├ResourceDetailsOther: Array │ │ ├ComplianceStatus: Array │ │ ├VerificationState: Array │ │ ├WorkflowState: Array │ │ ├WorkflowStatus: Array │ │ ├RecordState: Array │ │ ├RelatedFindingsProductArn: Array │ │ ├RelatedFindingsId: Array │ │ ├ResourceApplicationArn: Array │ │ ├ResourceApplicationName: Array │ │ ├NoteText: Array │ │ ├NoteUpdatedBy: Array │ │ ├Sample: Array │ │ ├ComplianceAssociatedStandardsId: Array │ │ ├ComplianceSecurityControlId: Array │ │ ├ComplianceSecurityControlParametersName: Array │ │ ├ComplianceSecurityControlParametersValue: Array │ │ ├FindingProviderFieldsRelatedFindingsId: Array │ │ ├FindingProviderFieldsRelatedFindingsProductArn: Array │ │ ├FindingProviderFieldsSeverityLabel: Array │ │ ├FindingProviderFieldsSeverityOriginal: Array │ │ ├FindingProviderFieldsTypes: Array │ │ ├ResourceAwsIamAccessKeyPrincipalName: Array │ │ ├ResourceAwsIamUserUserName: Array │ │ ├VulnerabilitiesExploitAvailable: Array │ │ └VulnerabilitiesFixAvailable: Array │ ├type StringFilter │ │├ documentation: A string filter for filtering AWS Security Hub findings. │ ││ name: StringFilter │ │└ properties │ │ ├Comparison: string (required) │ │ └Value: string (required) │ ├type MapFilter │ │├ documentation: A map filter for filtering AWS Security Hub findings. Each map filter provides the field to check for, the value to check for, and the comparison operator. │ ││ name: MapFilter │ │└ properties │ │ ├Comparison: string (required) │ │ ├Key: string (required) │ │ └Value: string (required) │ ├type IpFilter │ │├ documentation: The IP filter for querying findings. │ ││ name: IpFilter │ │└ properties │ │ └Cidr: string │ └type BooleanFilter │ ├ documentation: Boolean filter for querying findings. │ │ name: BooleanFilter │ └ properties │ └Value: boolean (required) └[-] resource AWS::SecurityHub::ProductSubscription ├ name: ProductSubscription │ cloudFormationType: AWS::SecurityHub::ProductSubscription │ documentation: The AWS::SecurityHub::ProductSubscription resource represents a subscription to a service that is allowed to generate findings for your Security Hub account. One product subscription resource is created for each product enabled. ├ properties │ └ProductArn: string (required, immutable) └ attributes └ProductSubscriptionArn: string ``` --- .../@aws-cdk/cloudformation-diff/package.json | 4 ++-- packages/@aws-cdk/integ-runner/package.json | 2 +- packages/aws-cdk-lib/package.json | 2 +- tools/@aws-cdk/spec2cdk/package.json | 4 ++-- yarn.lock | 18 +++++++++--------- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index 5d19a00dacf02..ece3fd0541f4b 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -23,8 +23,8 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.0.59", - "@aws-cdk/service-spec-types": "^0.0.59", + "@aws-cdk/aws-service-spec": "^0.0.60", + "@aws-cdk/service-spec-types": "^0.0.60", "aws-sdk": "2.1583.0", "chalk": "^4", "diff": "^5.2.0", diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index 6353c842b1f32..1d9dfef1d6324 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -74,7 +74,7 @@ "@aws-cdk/cloud-assembly-schema": "0.0.0", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", - "@aws-cdk/aws-service-spec": "^0.0.59", + "@aws-cdk/aws-service-spec": "^0.0.60", "cdk-assets": "0.0.0", "@aws-cdk/cdk-cli-wrapper": "0.0.0", "aws-cdk": "0.0.0", diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index 195d3ffcc3ae2..dc736afe85798 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -135,7 +135,7 @@ "mime-types": "^2.1.35" }, "devDependencies": { - "@aws-cdk/aws-service-spec": "^0.0.59", + "@aws-cdk/aws-service-spec": "^0.0.60", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/custom-resource-handlers": "0.0.0", "@aws-cdk/pkglint": "0.0.0", diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json index 646b9a7ce0da0..0d79af43106ee 100644 --- a/tools/@aws-cdk/spec2cdk/package.json +++ b/tools/@aws-cdk/spec2cdk/package.json @@ -32,9 +32,9 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.0.59", + "@aws-cdk/aws-service-spec": "^0.0.60", "@aws-cdk/service-spec-importers": "^0.0.27", - "@aws-cdk/service-spec-types": "^0.0.59", + "@aws-cdk/service-spec-types": "^0.0.60", "@cdklabs/tskb": "^0.0.3", "@cdklabs/typewriter": "^0.0.3", "camelcase": "^6", diff --git a/yarn.lock b/yarn.lock index f6dcc71809a7a..1d4de317afecb 100644 --- a/yarn.lock +++ b/yarn.lock @@ -56,12 +56,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz#6dc9b7cdb22ff622a7176141197962360c33e9ac" integrity sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg== -"@aws-cdk/aws-service-spec@^0.0.59": - version "0.0.59" - resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.59.tgz#4d3f64e42b566fa75d8228e19c8e95feec1f225c" - integrity sha512-uIk+FmA/giiDs8gORSUa8dKfJvkMPi6wQHcnZw7a0B1hQ6hA8WVXv+yxCmz5xd1b2Y7Zd/ww36XHTu9CvGKEvg== +"@aws-cdk/aws-service-spec@^0.0.60": + version "0.0.60" + resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.60.tgz#6ed18a6f9cd8bce649a49f26ecf5e3c7a1360cf0" + integrity sha512-HyIQGKkPz3olFP5JKXxxVomTZFcpwRvDQ5e+deJ2srTS4EpUTFs8jB/Etw4gNvv0ka0y6Vv3dZ4Tvz6EhZ9t3A== dependencies: - "@aws-cdk/service-spec-types" "^0.0.59" + "@aws-cdk/service-spec-types" "^0.0.60" "@cdklabs/tskb" "^0.0.3" "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242": @@ -92,10 +92,10 @@ dependencies: "@cdklabs/tskb" "^0.0.3" -"@aws-cdk/service-spec-types@^0.0.59": - version "0.0.59" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.59.tgz#79605be022b21dcda73c2422821c41ac7f104db7" - integrity sha512-uFTPHuQ3/qBZy+pusVvXcfbM5dCbeOiItxHv2se/nOzRlrCz024aEq334oIpE1QET9rY1XWR8ji8tPlSimXcIA== +"@aws-cdk/service-spec-types@^0.0.60": + version "0.0.60" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.60.tgz#497a45d223f9a5e8dcfc90c614271c54a92588a9" + integrity sha512-yXjN5vP1DmB7XJ4SmAvbvSusEklM9xe8e7QcETbokn3ghr0HHXjUkkzdVWaySr5EBBg92ANBG5dP/WZV2vHo/Q== dependencies: "@cdklabs/tskb" "^0.0.3"