From c426b12c28325ca7af937b90116a2089b55226cd Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sun, 3 Mar 2024 01:18:58 +0900 Subject: [PATCH 01/50] feat: configure replication --- .../aws-efs/lib/efs-file-system.ts | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index f5720923acc22..c85cc5a779571 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -1,6 +1,8 @@ +import * as destinations from 'aws-cdk-lib/aws-lambda-destinations'; import { Construct, DependencyGroup, IDependable } from 'constructs'; import { AccessPoint, AccessPointOptions } from './access-point'; import { CfnFileSystem, CfnMountTarget } from './efs.generated'; +import { DestinationFlowConfigProperty } from '../../aws-appflow/lib/appflow.generated'; import * as ec2 from '../../aws-ec2'; import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; @@ -324,6 +326,13 @@ export interface FileSystemProps { * @default ReplicationOverwriteProtection.ENABLED */ readonly replicationOverwriteProtection?: ReplicationOverwriteProtection; + + /** + * Replication configuration for the file system. + * + * @default - no replication + */ + readonly replicationConfiguration?: ReplicationConfiguration; } /** @@ -350,6 +359,42 @@ export interface FileSystemAttributes { readonly fileSystemArn?: string; } +export interface ReplicationConfiguration { + /** + * Whether to enable automatic replication. + * + * Other replication settings cannot be set if this is set to false. + */ + readonly enableReplication: boolean; + /** + * The existing destination file system for the replication. + * + * You cannot configure `kmsKey`, `region` and `az` when `destinationFileSystem` is set. + * + * @default - create a new file system for the replication destination + */ + readonly destinationFileSystem?: IFileSystem; + /** + * AWS KMS key used to protect the encrypted file system. + * + * @default - service-managed KMS key for Amazon EFS is used + */ + readonly kmsKey?: kms.IKey; + /** + * The AWS Region in which the destination file system is located. + * + * @default - the region of the stack + */ + readonly region?: string; + /** + * The availability zone name of the destination file system. + * One zone file system is used as the destination file system when this property is set. + * + * @default - create regional file system for the replication destination + */ + readonly az?: string; +} + enum ClientAction { MOUNT = 'elasticfilesystem:ClientMount', WRITE = 'elasticfilesystem:ClientWrite', @@ -573,12 +618,30 @@ export class FileSystem extends FileSystemBase { lifecyclePolicies.push({ transitionToArchive: props.transitionToArchivePolicy }); } + if ( + props.replicationConfiguration?.enableReplication === true && + props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED + ) { + throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); + } + const oneZoneAzName = props.vpc.availabilityZones[0]; const fileSystemProtection = props.replicationOverwriteProtection !== undefined ? { replicationOverwriteProtection: props.replicationOverwriteProtection, } : undefined; + const replicationConfiguration = props.replicationConfiguration?.enableReplication === true ? { + destinations: [ + { + fileSystemId: props.replicationConfiguration.destinationFileSystem?.fileSystemId, + kmsKeyId: props.replicationConfiguration.kmsKey?.keyArn, + region: props.replicationConfiguration.region ?? Stack.of(this).region, + az: props.replicationConfiguration.az, + }, + ], + } : undefined; + this._resource = new CfnFileSystem(this, 'Resource', { encrypted: encrypted, kmsKeyId: props.kmsKey?.keyArn, @@ -611,6 +674,7 @@ export class FileSystem extends FileSystemBase { }), fileSystemProtection, availabilityZoneName: props.oneZone ? oneZoneAzName : undefined, + replicationConfiguration, }); this._resource.applyRemovalPolicy(props.removalPolicy); From 6dcf4854e7dd8cedacec86cf62ee2a3b3e0490ae Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sun, 3 Mar 2024 23:48:29 +0900 Subject: [PATCH 02/50] fix: replication config correctly --- .../aws-efs/lib/efs-file-system.ts | 41 ++++++++++++++----- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index c85cc5a779571..491738ee76bb7 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -1,8 +1,6 @@ -import * as destinations from 'aws-cdk-lib/aws-lambda-destinations'; import { Construct, DependencyGroup, IDependable } from 'constructs'; import { AccessPoint, AccessPointOptions } from './access-point'; import { CfnFileSystem, CfnMountTarget } from './efs.generated'; -import { DestinationFlowConfigProperty } from '../../aws-appflow/lib/appflow.generated'; import * as ec2 from '../../aws-ec2'; import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; @@ -363,7 +361,7 @@ export interface ReplicationConfiguration { /** * Whether to enable automatic replication. * - * Other replication settings cannot be set if this is set to false. + * Other replication settings(`destinationFileSystem`, `kmsKey`, `region`, `az`) cannot be set if this is set to false. */ readonly enableReplication: boolean; /** @@ -390,6 +388,8 @@ export interface ReplicationConfiguration { * The availability zone name of the destination file system. * One zone file system is used as the destination file system when this property is set. * + * You have to specify the `region` property for the region that the specified availability zone belongs to. + * * @default - create regional file system for the replication destination */ readonly az?: string; @@ -598,6 +598,32 @@ export class FileSystem extends FileSystemBase { if (props.throughputMode === ThroughputMode.ELASTIC && props.performanceMode === PerformanceMode.MAX_IO) { throw new Error('ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO'); } + + // if (props.replicationConfiguration?.enableReplication) { + // if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { + // throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); + // } + // if ( + // props.replicationConfiguration.destinationFileSystem && + // ( + // props.replicationConfiguration.region || + // props.replicationConfiguration.az || + // props.replicationConfiguration.kmsKey + // ) + // ) { + // throw new Error('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); + // } + // } + + // if (props.replicationConfiguration?.enableReplication === false && ( + // props.replicationConfiguration.destinationFileSystem || + // props.replicationConfiguration.region || + // props.replicationConfiguration.az || + // props.replicationConfiguration.kmsKey + // )) { + // throw new Error('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); + // } + // we explictly use 'undefined' to represent 'false' to maintain backwards compatibility since // its considered an actual change in CloudFormations eyes, even though they have the same meaning. const encrypted = props.encrypted ?? (FeatureFlags.of(this).isEnabled( @@ -618,20 +644,13 @@ export class FileSystem extends FileSystemBase { lifecyclePolicies.push({ transitionToArchive: props.transitionToArchivePolicy }); } - if ( - props.replicationConfiguration?.enableReplication === true && - props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED - ) { - throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); - } - const oneZoneAzName = props.vpc.availabilityZones[0]; const fileSystemProtection = props.replicationOverwriteProtection !== undefined ? { replicationOverwriteProtection: props.replicationOverwriteProtection, } : undefined; - const replicationConfiguration = props.replicationConfiguration?.enableReplication === true ? { + const replicationConfiguration = props.replicationConfiguration?.enableReplication ? { destinations: [ { fileSystemId: props.replicationConfiguration.destinationFileSystem?.fileSystemId, From b1361d8c0d66148c72889d6f168dbda61476ad22 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 4 Mar 2024 01:38:54 +0900 Subject: [PATCH 03/50] fix: debug --- packages/aws-cdk-lib/aws-efs/README.md | 38 ++++++++++++ .../aws-efs/lib/efs-file-system.ts | 59 ++++++++++--------- 2 files changed, 68 insertions(+), 29 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index ff45e5c05bd8a..e0fac19e1516b 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -76,6 +76,44 @@ This is to prevent deployment failures due to cross-AZ configurations. ⚠️ When `oneZone` is enabled, `vpcSubnets` cannot be specified. +### [Replicating file systems](https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html) + +You can create a replica of your EFS file system in the AWS Region of your preference. + +```ts +declare const vpc: ec2.Vpc; +declare const kmsKey: kms.Key; + +// auto generate a replication destination file system +new efs.FileSystem(this, 'ReplicationSourceFileSystem1', { + vpc, + replicationConfiguration: { + enable: true, + kmsKey, // optional + region: 'us-east-1', // optional + az: 'us-east-1a', // optional, Specifing the AZ means creating a One Zone file system as the replication destination + } +}); + +// specify the replication destination file system +const destinationFileSystem = new efs.FileSystem(this, 'DestinationFileSystem', { + vpc, + // set as the read-only file system for use as a replication destination + replicationOverwriteProtection: efs.ReplicationOverwriteProtection.DISABLED, +}); + +new efs.FileSystem(this, 'ReplicationSourceFileSystem2', { + vpc, + replicationConfiguration: { + enable: true, + destinationFileSystem, + // cannot configure other properties when destinationFileSystem is specified + } +}); +``` + + + ### IAM to control file system data access You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access. diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 491738ee76bb7..22f1aa36d1ad5 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -363,7 +363,7 @@ export interface ReplicationConfiguration { * * Other replication settings(`destinationFileSystem`, `kmsKey`, `region`, `az`) cannot be set if this is set to false. */ - readonly enableReplication: boolean; + readonly enable: boolean; /** * The existing destination file system for the replication. * @@ -392,7 +392,7 @@ export interface ReplicationConfiguration { * * @default - create regional file system for the replication destination */ - readonly az?: string; + readonly availabilityZone?: string; } enum ClientAction { @@ -599,30 +599,30 @@ export class FileSystem extends FileSystemBase { throw new Error('ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO'); } - // if (props.replicationConfiguration?.enableReplication) { - // if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { - // throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); - // } - // if ( - // props.replicationConfiguration.destinationFileSystem && - // ( - // props.replicationConfiguration.region || - // props.replicationConfiguration.az || - // props.replicationConfiguration.kmsKey - // ) - // ) { - // throw new Error('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); - // } - // } - - // if (props.replicationConfiguration?.enableReplication === false && ( - // props.replicationConfiguration.destinationFileSystem || - // props.replicationConfiguration.region || - // props.replicationConfiguration.az || - // props.replicationConfiguration.kmsKey - // )) { - // throw new Error('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); - // } + if (props.replicationConfiguration?.enable) { + if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { + throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); + } + if ( + props.replicationConfiguration.destinationFileSystem && + ( + props.replicationConfiguration.region || + props.replicationConfiguration.availabilityZone || + props.replicationConfiguration.kmsKey + ) + ) { + throw new Error('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); + } + } + + if (props.replicationConfiguration?.enable === false && ( + props.replicationConfiguration.destinationFileSystem || + props.replicationConfiguration.region || + props.replicationConfiguration.availabilityZone || + props.replicationConfiguration.kmsKey + )) { + throw new Error('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); + } // we explictly use 'undefined' to represent 'false' to maintain backwards compatibility since // its considered an actual change in CloudFormations eyes, even though they have the same meaning. @@ -650,13 +650,14 @@ export class FileSystem extends FileSystemBase { replicationOverwriteProtection: props.replicationOverwriteProtection, } : undefined; - const replicationConfiguration = props.replicationConfiguration?.enableReplication ? { + const replicationConfiguration = props.replicationConfiguration?.enable ? { destinations: [ { fileSystemId: props.replicationConfiguration.destinationFileSystem?.fileSystemId, kmsKeyId: props.replicationConfiguration.kmsKey?.keyArn, - region: props.replicationConfiguration.region ?? Stack.of(this).region, - az: props.replicationConfiguration.az, + region: props.replicationConfiguration.region ?? + props.replicationConfiguration.destinationFileSystem ? undefined : Stack.of(this).region, + availabilityZoneName: props.replicationConfiguration.availabilityZone, }, ], } : undefined; From f31fc43a26bff95546c433709a113398a384823e Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 4 Mar 2024 01:39:24 +0900 Subject: [PATCH 04/50] test: add integ test --- .../__entrypoint__.js | 156 +++ .../index.js | 1 + .../cdk.out | 1 + .../efsReplication.assets.json | 32 + .../efsReplication.template.json | 795 +++++++++++ ...efaultTestDeployAssert2C078280.assets.json | 19 + ...aultTestDeployAssert2C078280.template.json | 36 + .../integ.json | 12 + .../manifest.json | 305 +++++ .../tree.json | 1172 +++++++++++++++++ .../test/integ.efs-filesystem-replication.ts | 47 + 11 files changed, 2576 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js new file mode 100644 index 0000000000000..9271364bb7e49 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js @@ -0,0 +1,156 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} +//# sourceMappingURL=data:application/json;base64, \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json new file mode 100644 index 0000000000000..1abac9d0b3912 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.0", + "files": { + "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da": { + "source": { + "path": "asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029": { + "source": { + "path": "efsReplication.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json new file mode 100644 index 0000000000000..36a35b7baa356 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json @@ -0,0 +1,795 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcIsolatedSubnet1SubnetE48C5737": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet1RouteTable4771E3E5": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet1RouteTableAssociationD300FCBB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" + }, + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "VpcIsolatedSubnet2Subnet16364B91": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet2RouteTable1D30AF7D": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" + }, + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "Key961B73FD": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "oneZoneReplicationFileSystem0A6BB0D2": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "ReplicationConfiguration": { + "Destinations": [ + { + "AvailabilityZoneName": "us-east-1a", + "KmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "Region": "us-east-1" + } + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "destinationFileSystem0FAD62DA": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemProtection": { + "ReplicationOverwriteProtection": "DISABLED" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/destinationFileSystem" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "destinationFileSystemEfsSecurityGroupB67C2699": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/destinationFileSystem" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "existFileSystemReplication3C6768D0": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/existFileSystemReplication" + } + ], + "ReplicationConfiguration": { + "Destinations": [ + { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "Region": { + "Ref": "AWS::Region" + } + } + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "existFileSystemReplicationEfsSecurityGroup516080B0": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/existFileSystemReplication" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json new file mode 100644 index 0000000000000..9f023624023ad --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json new file mode 100644 index 0000000000000..3baa48f7b8fa2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "efsReplicationIntegTest/DefaultTest": { + "stacks": [ + "efsReplication" + ], + "assertionStack": "efsReplicationIntegTest/DefaultTest/DeployAssert", + "assertionStackName": "efsReplicationIntegTestDefaultTestDeployAssert2C078280" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json new file mode 100644 index 0000000000000..644b0f1650db6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json @@ -0,0 +1,305 @@ +{ + "version": "36.0.0", + "artifacts": { + "efsReplication.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "efsReplication.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "efsReplication": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "efsReplication.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "efsReplication.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "efsReplication.assets" + ], + "metadata": { + "/efsReplication/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/efsReplication/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/efsReplication/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/efsReplication/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/efsReplication/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/efsReplication/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/efsReplication/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/efsReplication/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/efsReplication/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1SubnetE48C5737" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1RouteTable4771E3E5" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1RouteTableAssociationD300FCBB" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2Subnet16364B91" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2RouteTable1D30AF7D" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA" + } + ], + "/efsReplication/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/efsReplication/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE" + } + ], + "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/efsReplication/Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Key961B73FD" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystem0A6BB0D2" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8" + } + ], + "/efsReplication/destinationFileSystem/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystem0FAD62DA" + } + ], + "/efsReplication/destinationFileSystem/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsSecurityGroupB67C2699" + } + ], + "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3" + } + ], + "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46" + } + ], + "/efsReplication/existFileSystemReplication/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplication3C6768D0" + } + ], + "/efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsSecurityGroup516080B0" + } + ], + "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF" + } + ], + "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C" + } + ], + "/efsReplication/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/efsReplication/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "efsReplication" + }, + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "efsReplicationIntegTestDefaultTestDeployAssert2C078280": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" + ], + "metadata": { + "/efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "efsReplicationIntegTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json new file mode 100644 index 0000000000000..03e953816327e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json @@ -0,0 +1,1172 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "efsReplication": { + "id": "efsReplication", + "path": "efsReplication", + "children": { + "Vpc": { + "id": "Vpc", + "path": "efsReplication/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "efsReplication/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "efsReplication/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "efsReplication/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "efsReplication/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "IsolatedSubnet1": { + "id": "IsolatedSubnet1", + "path": "efsReplication/Vpc/IsolatedSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/IsolatedSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Isolated" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Isolated" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/IsolatedSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" + }, + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IsolatedSubnet2": { + "id": "IsolatedSubnet2", + "path": "efsReplication/Vpc/IsolatedSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/IsolatedSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Isolated" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Isolated" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/IsolatedSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" + }, + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "efsReplication/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "efsReplication/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "Key": { + "id": "Key", + "path": "efsReplication/Key", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "oneZoneReplicationFileSystem": { + "id": "oneZoneReplicationFileSystem", + "path": "efsReplication/oneZoneReplicationFileSystem", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/oneZoneReplicationFileSystem/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "replicationConfiguration": { + "destinations": [ + { + "kmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "region": "us-east-1", + "availabilityZoneName": "us-east-1a" + } + ] + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/oneZoneReplicationFileSystem" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "destinationFileSystem": { + "id": "destinationFileSystem", + "path": "efsReplication/destinationFileSystem", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/destinationFileSystem/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "fileSystemProtection": { + "replicationOverwriteProtection": "DISABLED" + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/destinationFileSystem" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/destinationFileSystem/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/destinationFileSystem" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "existFileSystemReplication": { + "id": "existFileSystemReplication", + "path": "efsReplication/existFileSystemReplication", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/existFileSystemReplication/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "replicationConfiguration": { + "destinations": [ + { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "region": { + "Ref": "AWS::Region" + } + } + ] + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/existFileSystemReplication" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/existFileSystemReplication" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "efsReplication/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "efsReplication/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "efsReplicationIntegTest": { + "id": "efsReplicationIntegTest", + "path": "efsReplicationIntegTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "efsReplicationIntegTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "efsReplicationIntegTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts new file mode 100644 index 0000000000000..f1b5456d382a4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts @@ -0,0 +1,47 @@ +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as cdk from 'aws-cdk-lib'; +import * as efs from 'aws-cdk-lib/aws-efs'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import * as integ from '@aws-cdk/integ-tests-alpha'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'efsReplication'); + +const vpc = new ec2.Vpc(stack, 'Vpc', { + natGateways: 0, +}); + +const kmsKey = new kms.Key(stack, 'Key', { + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +new efs.FileSystem(stack, 'oneZoneReplicationFileSystem', { + vpc, + removalPolicy: cdk.RemovalPolicy.DESTROY, + replicationConfiguration: { + enable: true, + kmsKey, + region: 'us-east-1', + availabilityZone: 'us-east-1a', + }, +}); + +const destination = new efs.FileSystem(stack, 'destinationFileSystem', { + vpc, + removalPolicy: cdk.RemovalPolicy.DESTROY, + replicationOverwriteProtection: efs.ReplicationOverwriteProtection.DISABLED, +}); + +new efs.FileSystem(stack, 'existFileSystemReplication', { + vpc, + removalPolicy: cdk.RemovalPolicy.DESTROY, + replicationConfiguration: { + destinationFileSystem: destination, + enable: true, + }, +}); + +new integ.IntegTest(app, 'efsReplicationIntegTest', { + testCases: [stack], +}); +app.synth(); From 2737c3f7ba0a2b91c8912265c2d81f7786038e2a Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 4 Mar 2024 02:10:55 +0900 Subject: [PATCH 05/50] test: add unit test --- .../aws-efs/lib/efs-file-system.ts | 2 +- .../aws-efs/test/efs-file-system.test.ts | 188 ++++++++++++++++++ 2 files changed, 189 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 22f1aa36d1ad5..6d1991622b7b3 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -656,7 +656,7 @@ export class FileSystem extends FileSystemBase { fileSystemId: props.replicationConfiguration.destinationFileSystem?.fileSystemId, kmsKeyId: props.replicationConfiguration.kmsKey?.keyArn, region: props.replicationConfiguration.region ?? - props.replicationConfiguration.destinationFileSystem ? undefined : Stack.of(this).region, + (props.replicationConfiguration.destinationFileSystem ? undefined : Stack.of(this).region), availabilityZoneName: props.replicationConfiguration.availabilityZone, }, ], diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index 06ac74fba89d2..c7c9799ef5097 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -958,3 +958,191 @@ test.each([ }, }); }); + +describe('replication configuration', () => { + test('default settings', () => { + // WHEN + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: { + enable: true, + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EFS::FileSystem', { + ReplicationConfiguration: { + Destinations: [ + { + Region: { + Ref: 'AWS::Region', + }, + }, + ], + }, + }); + }); + + test('with destination file system', () => { + // WHEN + const destination = new FileSystem(stack, 'DestinationFileSystem', { + vpc, + replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, + }); + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: { + destinationFileSystem: destination, + enable: true, + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EFS::FileSystem', { + ReplicationConfiguration: { + Destinations: [ + { + FileSystemId: { + Ref: 'DestinationFileSystem12545967', + }, + }, + ], + }, + }); + }); + + test('with full settings', () => { + // WHEN + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: { + enable: true, + kmsKey: new kms.Key(stack, 'customKey'), + region: 'us-east-1', + availabilityZone: 'us-east-1a', + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EFS::FileSystem', { + ReplicationConfiguration: { + Destinations: [ + { + Region: 'us-east-1', + AvailabilityZoneName: 'us-east-1a', + KmsKeyId: { + 'Fn::GetAtt': [ + 'customKeyFEB2B57F', + 'Arn', + ], + }, + }, + ], + }, + }); + }); + + test('throw error for read-only file system', () => { + // THEN + expect(() => { + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: { + enable: true, + }, + replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, + }); + }).toThrow('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); + }); + + test.each([ + { region: 'us-east-1' }, + { availabilityZone: 'us-east-1a' }, + ])('throw error for specifing both destinationFileSystem and other parameters', (config) => { + // WHEN + const destination = new FileSystem(stack, 'DestinationFileSystem', { + vpc, + replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, + }); + + // THEN + expect(() => { + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: { + destinationFileSystem: destination, + enable: true, + ...config, + }, + }); + }).toThrow('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); + }); + + test('throw error for specifing both destinationFileSystem and kmsKey', () => { + // WHEN + const destination = new FileSystem(stack, 'DestinationFileSystem', { + vpc, + replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, + }); + + // THEN + expect(() => { + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: { + destinationFileSystem: destination, + enable: true, + kmsKey: new kms.Key(stack, 'customKey'), + }, + }); + }).toThrow('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); + }); + + test.each([ + { region: 'us-east-1' }, + { availabilityZone: 'us-east-1a' }, + ])('throw error when configure replication settings for replication disabled file system', (config) => { + // THEN + expect(() => { + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: { + enable: false, + ...config, + }, + }); + }).toThrow('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); + }); + + test('throw error when configure kmsKey for replication disabled file system', () => { + // THEN + expect(() => { + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: { + enable: false, + kmsKey: new kms.Key(stack, 'customKey'), + }, + }); + }).toThrow('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); + }); + + test('throw error when configure destinationFileSystem for replication disabled file system', () => { + // WHEN + const destination = new FileSystem(stack, 'DestinationFileSystem', { + vpc, + replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, + }); + + // THEN + expect(() => { + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: { + enable: false, + destinationFileSystem: destination, + }, + }); + }).toThrow('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); + }); +}); From 9956a3bfa2c91570b986c657a8184c93442ef37e Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 4 Mar 2024 02:15:22 +0900 Subject: [PATCH 06/50] fix: property name --- packages/aws-cdk-lib/aws-efs/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index e0fac19e1516b..515cce56e8744 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -91,7 +91,7 @@ new efs.FileSystem(this, 'ReplicationSourceFileSystem1', { enable: true, kmsKey, // optional region: 'us-east-1', // optional - az: 'us-east-1a', // optional, Specifing the AZ means creating a One Zone file system as the replication destination + availabilityZone: 'us-east-1a', // optional, Specifing the AZ means creating a One Zone file system as the replication destination } }); @@ -112,8 +112,6 @@ new efs.FileSystem(this, 'ReplicationSourceFileSystem2', { }); ``` - - ### IAM to control file system data access You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access. From 9a101c746016f8ffbae7eee4856c828ae574bb9a Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 4 Mar 2024 02:18:43 +0900 Subject: [PATCH 07/50] chore: add comments --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 6d1991622b7b3..61bcbfdead577 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -656,6 +656,7 @@ export class FileSystem extends FileSystemBase { fileSystemId: props.replicationConfiguration.destinationFileSystem?.fileSystemId, kmsKeyId: props.replicationConfiguration.kmsKey?.keyArn, region: props.replicationConfiguration.region ?? + // if destinationFileSystem is set, region is not specified, use the region of the destination file system (props.replicationConfiguration.destinationFileSystem ? undefined : Stack.of(this).region), availabilityZoneName: props.replicationConfiguration.availabilityZone, }, From 75dc9daa83a5ef44692a7611a342763d6bccfd66 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 4 Mar 2024 02:31:43 +0900 Subject: [PATCH 08/50] feat: add region validation --- .../aws-efs/lib/efs-file-system.ts | 38 ++++++++----------- .../aws-efs/test/efs-file-system.test.ts | 13 +++++++ 2 files changed, 29 insertions(+), 22 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 61bcbfdead577..565d2518c055a 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -4,7 +4,7 @@ import { CfnFileSystem, CfnMountTarget } from './efs.generated'; import * as ec2 from '../../aws-ec2'; import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; -import { ArnFormat, FeatureFlags, Lazy, RemovalPolicy, Resource, Size, Stack, Tags } from '../../core'; +import { ArnFormat, FeatureFlags, Lazy, RemovalPolicy, Resource, Size, Stack, Tags, Token } from '../../core'; import * as cxapi from '../../cx-api'; /** @@ -599,28 +599,22 @@ export class FileSystem extends FileSystemBase { throw new Error('ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO'); } - if (props.replicationConfiguration?.enable) { + const { destinationFileSystem, region, availabilityZone, kmsKey, enable } = props.replicationConfiguration ?? {}; + if (enable) { if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); } - if ( - props.replicationConfiguration.destinationFileSystem && - ( - props.replicationConfiguration.region || - props.replicationConfiguration.availabilityZone || - props.replicationConfiguration.kmsKey - ) - ) { + + if (destinationFileSystem && (region || availabilityZone || kmsKey)) { throw new Error('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); } + + if (region && !Token.isUnresolved(region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(region)) { + throw new Error('`replicationConfiguration.region` is invalid.'); + } } - if (props.replicationConfiguration?.enable === false && ( - props.replicationConfiguration.destinationFileSystem || - props.replicationConfiguration.region || - props.replicationConfiguration.availabilityZone || - props.replicationConfiguration.kmsKey - )) { + if (enable === false && (destinationFileSystem || region || availabilityZone || kmsKey)) { throw new Error('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); } @@ -650,15 +644,15 @@ export class FileSystem extends FileSystemBase { replicationOverwriteProtection: props.replicationOverwriteProtection, } : undefined; - const replicationConfiguration = props.replicationConfiguration?.enable ? { + const replicationConfiguration = enable ? { destinations: [ { - fileSystemId: props.replicationConfiguration.destinationFileSystem?.fileSystemId, - kmsKeyId: props.replicationConfiguration.kmsKey?.keyArn, - region: props.replicationConfiguration.region ?? + fileSystemId: destinationFileSystem?.fileSystemId, + kmsKeyId: kmsKey?.keyArn, + region: region ?? // if destinationFileSystem is set, region is not specified, use the region of the destination file system - (props.replicationConfiguration.destinationFileSystem ? undefined : Stack.of(this).region), - availabilityZoneName: props.replicationConfiguration.availabilityZone, + (destinationFileSystem ? undefined : Stack.of(this).region), + availabilityZoneName: availabilityZone, }, ], } : undefined; diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index c7c9799ef5097..fc3381cd828ba 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -1145,4 +1145,17 @@ describe('replication configuration', () => { }); }).toThrow('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); }); + + test('throw error for invalid region', () => { + // THEN + expect(() => { + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: { + enable: true, + region: 'invalid-region', + }, + }); + }).toThrow('`replicationConfiguration.region` is invalid.'); + }); }); From c5757357eae7aebd2b60a2c88dedff258843cae3 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 4 Mar 2024 02:33:41 +0900 Subject: [PATCH 09/50] chore: format --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 565d2518c055a..60951bcc7592d 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -364,6 +364,7 @@ export interface ReplicationConfiguration { * Other replication settings(`destinationFileSystem`, `kmsKey`, `region`, `az`) cannot be set if this is set to false. */ readonly enable: boolean; + /** * The existing destination file system for the replication. * @@ -372,18 +373,21 @@ export interface ReplicationConfiguration { * @default - create a new file system for the replication destination */ readonly destinationFileSystem?: IFileSystem; + /** * AWS KMS key used to protect the encrypted file system. * * @default - service-managed KMS key for Amazon EFS is used */ readonly kmsKey?: kms.IKey; + /** * The AWS Region in which the destination file system is located. * * @default - the region of the stack */ readonly region?: string; + /** * The availability zone name of the destination file system. * One zone file system is used as the destination file system when this property is set. From 8537be0be29270763e5ef26a756685073f460e3a Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 4 Mar 2024 02:34:49 +0900 Subject: [PATCH 10/50] fix: add comments --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 60951bcc7592d..f84eb3443c611 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -357,6 +357,9 @@ export interface FileSystemAttributes { readonly fileSystemArn?: string; } +/** + * Replication configuration for the file system. + */ export interface ReplicationConfiguration { /** * Whether to enable automatic replication. From 9cb4146b03a9a2c9ce1c7b96c2fa76af47c07b05 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 4 Mar 2024 22:34:41 +0900 Subject: [PATCH 11/50] feat: specify region when filesystem is passed --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index f84eb3443c611..b962655de82c5 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -6,6 +6,7 @@ import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; import { ArnFormat, FeatureFlags, Lazy, RemovalPolicy, Resource, Size, Stack, Tags, Token } from '../../core'; import * as cxapi from '../../cx-api'; +import { Region } from '../../../@aws-cdk/region-info/lib/aws-entities'; /** * EFS Lifecycle Policy, if a file is not accessed for given days, it will move to EFS Infrequent Access @@ -657,8 +658,8 @@ export class FileSystem extends FileSystemBase { fileSystemId: destinationFileSystem?.fileSystemId, kmsKeyId: kmsKey?.keyArn, region: region ?? - // if destinationFileSystem is set, region is not specified, use the region of the destination file system - (destinationFileSystem ? undefined : Stack.of(this).region), + // if destinationFileSystem is set, specify the region of the destination file system + (destinationFileSystem ? destinationFileSystem.env.region : Stack.of(this).region), availabilityZoneName: availabilityZone, }, ], From 2b664b2adfd70842c5b6d1584691ef653c13794a Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 4 Mar 2024 22:46:42 +0900 Subject: [PATCH 12/50] fix: remove unused import --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index b962655de82c5..9920af001180f 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -6,7 +6,6 @@ import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; import { ArnFormat, FeatureFlags, Lazy, RemovalPolicy, Resource, Size, Stack, Tags, Token } from '../../core'; import * as cxapi from '../../cx-api'; -import { Region } from '../../../@aws-cdk/region-info/lib/aws-entities'; /** * EFS Lifecycle Policy, if a file is not accessed for given days, it will move to EFS Infrequent Access From 2525202b2a9d945398a892a55af44c053e910228 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Tue, 5 Mar 2024 00:25:31 +0900 Subject: [PATCH 13/50] fix: readme --- packages/aws-cdk-lib/aws-efs/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index 515cce56e8744..3dcc00e5d462f 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -81,6 +81,8 @@ This is to prevent deployment failures due to cross-AZ configurations. You can create a replica of your EFS file system in the AWS Region of your preference. ```ts +import * as kms from 'aws-cdk-lib/aws-kms'; + declare const vpc: ec2.Vpc; declare const kmsKey: kms.Key; From e73da3748ce888c206281ade4868810c90969981 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Wed, 6 Mar 2024 01:19:39 +0900 Subject: [PATCH 14/50] Update efs-file-system.ts Co-authored-by: Luca Pizzini --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 9920af001180f..5c7811aa3f139 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -656,9 +656,7 @@ export class FileSystem extends FileSystemBase { { fileSystemId: destinationFileSystem?.fileSystemId, kmsKeyId: kmsKey?.keyArn, - region: region ?? - // if destinationFileSystem is set, specify the region of the destination file system - (destinationFileSystem ? destinationFileSystem.env.region : Stack.of(this).region), + region: destinationFileSystem ? destinationFileSystem.env.region : (region ?? Stack.of(this).region) availabilityZoneName: availabilityZone, }, ], From 41dcee4f8caed175a7ad986fbe8e54418e0bca3c Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Wed, 6 Mar 2024 04:02:55 +0900 Subject: [PATCH 15/50] feat: remove `enable` property --- .../aws-efs/lib/efs-file-system.ts | 21 +++---- .../aws-efs/test/efs-file-system.test.ts | 60 +++---------------- 2 files changed, 16 insertions(+), 65 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 5c7811aa3f139..95bd3db05dda6 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -361,13 +361,6 @@ export interface FileSystemAttributes { * Replication configuration for the file system. */ export interface ReplicationConfiguration { - /** - * Whether to enable automatic replication. - * - * Other replication settings(`destinationFileSystem`, `kmsKey`, `region`, `az`) cannot be set if this is set to false. - */ - readonly enable: boolean; - /** * The existing destination file system for the replication. * @@ -606,8 +599,8 @@ export class FileSystem extends FileSystemBase { throw new Error('ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO'); } - const { destinationFileSystem, region, availabilityZone, kmsKey, enable } = props.replicationConfiguration ?? {}; - if (enable) { + const { destinationFileSystem, region, availabilityZone, kmsKey } = props.replicationConfiguration ?? {}; + if (props.replicationConfiguration) { if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); } @@ -619,10 +612,10 @@ export class FileSystem extends FileSystemBase { if (region && !Token.isUnresolved(region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(region)) { throw new Error('`replicationConfiguration.region` is invalid.'); } - } - if (enable === false && (destinationFileSystem || region || availabilityZone || kmsKey)) { - throw new Error('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); + if (availabilityZone && !Token.isUnresolved(availabilityZone) && !region) { + throw new Error('`replicationConfiguration.availabilityZone` cannot be specified without `replicationConfiguration.region`'); + } } // we explictly use 'undefined' to represent 'false' to maintain backwards compatibility since @@ -651,12 +644,12 @@ export class FileSystem extends FileSystemBase { replicationOverwriteProtection: props.replicationOverwriteProtection, } : undefined; - const replicationConfiguration = enable ? { + const replicationConfiguration = props.replicationConfiguration ? { destinations: [ { fileSystemId: destinationFileSystem?.fileSystemId, kmsKeyId: kmsKey?.keyArn, - region: destinationFileSystem ? destinationFileSystem.env.region : (region ?? Stack.of(this).region) + region: destinationFileSystem ? destinationFileSystem.env.region : (region ?? Stack.of(this).region), availabilityZoneName: availabilityZone, }, ], diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index fc3381cd828ba..2d65149667a18 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -964,9 +964,7 @@ describe('replication configuration', () => { // WHEN new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { - enable: true, - }, + replicationConfiguration: {}, }); // THEN @@ -993,7 +991,6 @@ describe('replication configuration', () => { vpc, replicationConfiguration: { destinationFileSystem: destination, - enable: true, }, }); @@ -1016,7 +1013,6 @@ describe('replication configuration', () => { new FileSystem(stack, 'EfsFileSystem', { vpc, replicationConfiguration: { - enable: true, kmsKey: new kms.Key(stack, 'customKey'), region: 'us-east-1', availabilityZone: 'us-east-1a', @@ -1048,7 +1044,7 @@ describe('replication configuration', () => { new FileSystem(stack, 'EfsFileSystem', { vpc, replicationConfiguration: { - enable: true, + region: 'us-east-1', }, replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, }); @@ -1071,7 +1067,6 @@ describe('replication configuration', () => { vpc, replicationConfiguration: { destinationFileSystem: destination, - enable: true, ...config, }, }); @@ -1091,71 +1086,34 @@ describe('replication configuration', () => { vpc, replicationConfiguration: { destinationFileSystem: destination, - enable: true, kmsKey: new kms.Key(stack, 'customKey'), }, }); }).toThrow('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); }); - test.each([ - { region: 'us-east-1' }, - { availabilityZone: 'us-east-1a' }, - ])('throw error when configure replication settings for replication disabled file system', (config) => { - // THEN - expect(() => { - new FileSystem(stack, 'EfsFileSystem', { - vpc, - replicationConfiguration: { - enable: false, - ...config, - }, - }); - }).toThrow('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); - }); - - test('throw error when configure kmsKey for replication disabled file system', () => { - // THEN - expect(() => { - new FileSystem(stack, 'EfsFileSystem', { - vpc, - replicationConfiguration: { - enable: false, - kmsKey: new kms.Key(stack, 'customKey'), - }, - }); - }).toThrow('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); - }); - - test('throw error when configure destinationFileSystem for replication disabled file system', () => { - // WHEN - const destination = new FileSystem(stack, 'DestinationFileSystem', { - vpc, - replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, - }); - + test('throw error for invalid region', () => { // THEN expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, replicationConfiguration: { - enable: false, - destinationFileSystem: destination, + enable: true, + region: 'invalid-region', }, }); - }).toThrow('Cannot configure replication when `replicationConfiguration.enableReplication` is set to `false`'); + }).toThrow('`replicationConfiguration.region` is invalid.'); }); - test('throw error for invalid region', () => { + test('throw error for specifying availabilityZone without region', () => { // THEN expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, replicationConfiguration: { - enable: true, - region: 'invalid-region', + availabilityZone: 'us-east-1a', }, }); - }).toThrow('`replicationConfiguration.region` is invalid.'); + }).toThrow('`replicationConfiguration.availabilityZone` cannot be specified without `replicationConfiguration.region`'); }); }); From f77fb2c5280e17f964e8bfba56137fa219473609 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Wed, 6 Mar 2024 04:17:41 +0900 Subject: [PATCH 16/50] feat: replicationConfiguration is to be array --- .../aws-efs/lib/efs-file-system.ts | 43 +++++++++--------- .../aws-efs/test/efs-file-system.test.ts | 45 ++++++++++++------- 2 files changed, 51 insertions(+), 37 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 95bd3db05dda6..c5b30f17881e9 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -330,7 +330,7 @@ export interface FileSystemProps { * * @default - no replication */ - readonly replicationConfiguration?: ReplicationConfiguration; + readonly replicationConfiguration?: ReplicationConfiguration[]; } /** @@ -599,23 +599,27 @@ export class FileSystem extends FileSystemBase { throw new Error('ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO'); } - const { destinationFileSystem, region, availabilityZone, kmsKey } = props.replicationConfiguration ?? {}; if (props.replicationConfiguration) { if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); } - - if (destinationFileSystem && (region || availabilityZone || kmsKey)) { - throw new Error('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); - } - - if (region && !Token.isUnresolved(region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(region)) { - throw new Error('`replicationConfiguration.region` is invalid.'); + if (props.replicationConfiguration.length !== 1) { + throw new Error('`replicationConfiguration` must contain exactly one destination'); } - if (availabilityZone && !Token.isUnresolved(availabilityZone) && !region) { - throw new Error('`replicationConfiguration.availabilityZone` cannot be specified without `replicationConfiguration.region`'); - } + props.replicationConfiguration.forEach((config) => { + const { destinationFileSystem, region, availabilityZone, kmsKey } = config; + + if (destinationFileSystem && (region || availabilityZone || kmsKey)) { + throw new Error('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); + } + if (region && !Token.isUnresolved(region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(region)) { + throw new Error('`replicationConfiguration.region` is invalid.'); + } + if (availabilityZone && !Token.isUnresolved(availabilityZone) && !region) { + throw new Error('`replicationConfiguration.availabilityZone` cannot be specified without `replicationConfiguration.region`'); + } + }); } // we explictly use 'undefined' to represent 'false' to maintain backwards compatibility since @@ -645,14 +649,13 @@ export class FileSystem extends FileSystemBase { } : undefined; const replicationConfiguration = props.replicationConfiguration ? { - destinations: [ - { - fileSystemId: destinationFileSystem?.fileSystemId, - kmsKeyId: kmsKey?.keyArn, - region: destinationFileSystem ? destinationFileSystem.env.region : (region ?? Stack.of(this).region), - availabilityZoneName: availabilityZone, - }, - ], + destinations: props.replicationConfiguration.map( + (config) => ({ + fileSystemId: config.destinationFileSystem?.fileSystemId, + kmsKeyId: config.kmsKey?.keyArn, + region: config.destinationFileSystem ? config.destinationFileSystem.env.region : (config.region ?? Stack.of(this).region), + availabilityZoneName: config.availabilityZone, + })), } : undefined; this._resource = new CfnFileSystem(this, 'Resource', { diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index 2d65149667a18..2db8944c9070e 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -4,7 +4,7 @@ import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; import { App, RemovalPolicy, Size, Stack, Tags } from '../../core'; import * as cxapi from '../../cx-api'; -import { FileSystem, LifecyclePolicy, PerformanceMode, ThroughputMode, OutOfInfrequentAccessPolicy, ReplicationOverwriteProtection } from '../lib'; +import { FileSystem, LifecyclePolicy, PerformanceMode, ThroughputMode, OutOfInfrequentAccessPolicy, ReplicationOverwriteProtection, ReplicationConfiguration } from '../lib'; let stack = new Stack(); let vpc = new ec2.Vpc(stack, 'VPC'); @@ -964,7 +964,7 @@ describe('replication configuration', () => { // WHEN new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: {}, + replicationConfiguration: [{}], }); // THEN @@ -989,9 +989,9 @@ describe('replication configuration', () => { }); new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { + replicationConfiguration: [{ destinationFileSystem: destination, - }, + }], }); // THEN @@ -1012,11 +1012,11 @@ describe('replication configuration', () => { // WHEN new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { + replicationConfiguration: [{ kmsKey: new kms.Key(stack, 'customKey'), region: 'us-east-1', availabilityZone: 'us-east-1a', - }, + }], }); // THEN @@ -1043,9 +1043,9 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { + replicationConfiguration: [{ region: 'us-east-1', - }, + }], replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, }); }).toThrow('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); @@ -1065,10 +1065,10 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { + replicationConfiguration: [{ destinationFileSystem: destination, ...config, - }, + }], }); }).toThrow('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); }); @@ -1084,10 +1084,10 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { + replicationConfiguration: [{ destinationFileSystem: destination, kmsKey: new kms.Key(stack, 'customKey'), - }, + }], }); }).toThrow('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); }); @@ -1097,10 +1097,9 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { - enable: true, + replicationConfiguration: [{ region: 'invalid-region', - }, + }], }); }).toThrow('`replicationConfiguration.region` is invalid.'); }); @@ -1110,10 +1109,22 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { + replicationConfiguration: [{ availabilityZone: 'us-east-1a', - }, + }], }); }).toThrow('`replicationConfiguration.availabilityZone` cannot be specified without `replicationConfiguration.region`'); }); + + test.each([ + [[]], [[{ region: 'us-east-1' }, { region: 'ap-northeast-1' }]], + ])('throw error for invalid length of replicationConfiguration', (replicationConfiguration) => { + // THEN + expect(() => { + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration, + }); + }).toThrow('`replicationConfiguration` must contain exactly one destination'); + }); }); From 6be43425e14aca8578e30f55315ef033d83573a6 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Wed, 6 Mar 2024 04:21:18 +0900 Subject: [PATCH 17/50] test: remove integ test files --- .../__entrypoint__.js | 156 --- .../index.js | 1 - .../cdk.out | 1 - .../efsReplication.assets.json | 32 - .../efsReplication.template.json | 795 ----------- ...efaultTestDeployAssert2C078280.assets.json | 19 - ...aultTestDeployAssert2C078280.template.json | 36 - .../integ.json | 12 - .../manifest.json | 305 ----- .../tree.json | 1172 ----------------- .../test/integ.efs-filesystem-replication.ts | 10 +- packages/aws-cdk-lib/aws-efs/README.md | 16 +- 12 files changed, 11 insertions(+), 2544 deletions(-) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js deleted file mode 100644 index 9271364bb7e49..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js +++ /dev/null @@ -1,156 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.withRetries = exports.handler = exports.external = void 0; -const https = require("https"); -const url = require("url"); -// for unit tests -exports.external = { - sendHttpRequest: defaultSendHttpRequest, - log: defaultLog, - includeStackTraces: true, - userHandlerIndex: './index', -}; -const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; -const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; -async function handler(event, context) { - const sanitizedEvent = { ...event, ResponseURL: '...' }; - exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); - // ignore DELETE event when the physical resource ID is the marker that - // indicates that this DELETE is a subsequent DELETE to a failed CREATE - // operation. - if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { - exports.external.log('ignoring DELETE event caused by a failed CREATE event'); - await submitResponse('SUCCESS', event); - return; - } - try { - // invoke the user handler. this is intentionally inside the try-catch to - // ensure that if there is an error it's reported as a failure to - // cloudformation (otherwise cfn waits). - // eslint-disable-next-line @typescript-eslint/no-require-imports - const userHandler = require(exports.external.userHandlerIndex).handler; - const result = await userHandler(sanitizedEvent, context); - // validate user response and create the combined event - const responseEvent = renderResponse(event, result); - // submit to cfn as success - await submitResponse('SUCCESS', responseEvent); - } - catch (e) { - const resp = { - ...event, - Reason: exports.external.includeStackTraces ? e.stack : e.message, - }; - if (!resp.PhysicalResourceId) { - // special case: if CREATE fails, which usually implies, we usually don't - // have a physical resource id. in this case, the subsequent DELETE - // operation does not have any meaning, and will likely fail as well. to - // address this, we use a marker so the provider framework can simply - // ignore the subsequent DELETE. - if (event.RequestType === 'Create') { - exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); - resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; - } - else { - // otherwise, if PhysicalResourceId is not specified, something is - // terribly wrong because all other events should have an ID. - exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); - } - } - // this is an actual error, fail the activity altogether and exist. - await submitResponse('FAILED', resp); - } -} -exports.handler = handler; -function renderResponse(cfnRequest, handlerResponse = {}) { - // if physical ID is not returned, we have some defaults for you based - // on the request type. - const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; - // if we are in DELETE and physical ID was changed, it's an error. - if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { - throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); - } - // merge request event and result event (result prevails). - return { - ...cfnRequest, - ...handlerResponse, - PhysicalResourceId: physicalResourceId, - }; -} -async function submitResponse(status, event) { - const json = { - Status: status, - Reason: event.Reason ?? status, - StackId: event.StackId, - RequestId: event.RequestId, - PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, - LogicalResourceId: event.LogicalResourceId, - NoEcho: event.NoEcho, - Data: event.Data, - }; - const parsedUrl = url.parse(event.ResponseURL); - const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; - exports.external.log('submit response to cloudformation', loggingSafeUrl, json); - const responseBody = JSON.stringify(json); - const req = { - hostname: parsedUrl.hostname, - path: parsedUrl.path, - method: 'PUT', - headers: { - 'content-type': '', - 'content-length': Buffer.byteLength(responseBody, 'utf8'), - }, - }; - const retryOptions = { - attempts: 5, - sleep: 1000, - }; - await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); -} -async function defaultSendHttpRequest(options, requestBody) { - return new Promise((resolve, reject) => { - try { - const request = https.request(options, (response) => { - response.resume(); // Consume the response but don't care about it - if (!response.statusCode || response.statusCode >= 400) { - reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); - } - else { - resolve(); - } - }); - request.on('error', reject); - request.write(requestBody); - request.end(); - } - catch (e) { - reject(e); - } - }); -} -function defaultLog(fmt, ...params) { - // eslint-disable-next-line no-console - console.log(fmt, ...params); -} -function withRetries(options, fn) { - return async (...xs) => { - let attempts = options.attempts; - let ms = options.sleep; - while (true) { - try { - return await fn(...xs); - } - catch (e) { - if (attempts-- <= 0) { - throw e; - } - await sleep(Math.floor(Math.random() * ms)); - ms *= 2; - } - } - }; -} -exports.withRetries = withRetries; -async function sleep(ms) { - return new Promise((ok) => setTimeout(ok, ms)); -} -//# sourceMappingURL=data:application/json;base64, \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js deleted file mode 100644 index 013bcaffd8fe5..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json deleted file mode 100644 index 1abac9d0b3912..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da": { - "source": { - "path": "asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029": { - "source": { - "path": "efsReplication.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json deleted file mode 100644 index 36a35b7baa356..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json +++ /dev/null @@ -1,795 +0,0 @@ -{ - "Resources": { - "Vpc8378EB38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc" - } - ] - } - }, - "VpcPublicSubnet1Subnet5C2D37C4": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "efsReplication/Vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcPublicSubnet1RouteTable6C95E38E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcPublicSubnet1RouteTableAssociation97140677": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - } - } - }, - "VpcPublicSubnet1DefaultRoute3DA9E72A": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "RouteTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - } - }, - "DependsOn": [ - "VpcVPCGWBF912B6E" - ] - }, - "VpcPublicSubnet2Subnet691E08A3": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "efsReplication/Vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcPublicSubnet2RouteTable94F7E489": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcPublicSubnet2RouteTableAssociationDD5762D8": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - } - } - }, - "VpcPublicSubnet2DefaultRoute97F91067": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "RouteTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - } - }, - "DependsOn": [ - "VpcVPCGWBF912B6E" - ] - }, - "VpcIsolatedSubnet1SubnetE48C5737": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Isolated" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated" - }, - { - "Key": "Name", - "Value": "efsReplication/Vpc/IsolatedSubnet1" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcIsolatedSubnet1RouteTable4771E3E5": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc/IsolatedSubnet1" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcIsolatedSubnet1RouteTableAssociationD300FCBB": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" - }, - "SubnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "VpcIsolatedSubnet2Subnet16364B91": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Isolated" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated" - }, - { - "Key": "Name", - "Value": "efsReplication/Vpc/IsolatedSubnet2" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcIsolatedSubnet2RouteTable1D30AF7D": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc/IsolatedSubnet2" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" - }, - "SubnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "VpcIGWD7BA715C": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc" - } - ] - } - }, - "VpcVPCGWBF912B6E": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "InternetGatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": { - "Type": "Custom::VpcRestrictDefaultSG", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", - "Arn" - ] - }, - "DefaultSecurityGroupId": { - "Fn::GetAtt": [ - "Vpc8378EB38", - "DefaultSecurityGroup" - ] - }, - "Account": { - "Ref": "AWS::AccountId" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ], - "Policies": [ - { - "PolicyName": "Inline", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:RevokeSecurityGroupEgress" - ], - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":ec2:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":security-group/", - { - "Fn::GetAtt": [ - "Vpc8378EB38", - "DefaultSecurityGroup" - ] - } - ] - ] - } - ] - } - ] - } - } - ] - } - }, - "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "__entrypoint__.handler", - "Role": { - "Fn::GetAtt": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", - "Arn" - ] - }, - "Runtime": "nodejs18.x", - "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" - }, - "DependsOn": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" - ] - }, - "Key961B73FD": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "oneZoneReplicationFileSystem0A6BB0D2": { - "Type": "AWS::EFS::FileSystem", - "Properties": { - "Encrypted": true, - "FileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "FileSystemTags": [ - { - "Key": "Name", - "Value": "efsReplication/oneZoneReplicationFileSystem" - } - ], - "ReplicationConfiguration": { - "Destinations": [ - { - "AvailabilityZoneName": "us-east-1a", - "KmsKeyId": { - "Fn::GetAtt": [ - "Key961B73FD", - "Arn" - ] - }, - "Region": "us-east-1" - } - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/oneZoneReplicationFileSystem" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "oneZoneReplicationFileSystem0A6BB0D2" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "oneZoneReplicationFileSystem0A6BB0D2" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "destinationFileSystem0FAD62DA": { - "Type": "AWS::EFS::FileSystem", - "Properties": { - "Encrypted": true, - "FileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "FileSystemProtection": { - "ReplicationOverwriteProtection": "DISABLED" - }, - "FileSystemTags": [ - { - "Key": "Name", - "Value": "efsReplication/destinationFileSystem" - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "destinationFileSystemEfsSecurityGroupB67C2699": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/destinationFileSystem" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "destinationFileSystemEfsSecurityGroupB67C2699", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "destinationFileSystemEfsSecurityGroupB67C2699", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "existFileSystemReplication3C6768D0": { - "Type": "AWS::EFS::FileSystem", - "Properties": { - "Encrypted": true, - "FileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "FileSystemTags": [ - { - "Key": "Name", - "Value": "efsReplication/existFileSystemReplication" - } - ], - "ReplicationConfiguration": { - "Destinations": [ - { - "FileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "Region": { - "Ref": "AWS::Region" - } - } - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "existFileSystemReplicationEfsSecurityGroup516080B0": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/existFileSystemReplication" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "existFileSystemReplication3C6768D0" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "existFileSystemReplicationEfsSecurityGroup516080B0", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "existFileSystemReplication3C6768D0" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "existFileSystemReplicationEfsSecurityGroup516080B0", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json deleted file mode 100644 index 9f023624023ad..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json deleted file mode 100644 index 3baa48f7b8fa2..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "version": "36.0.0", - "testCases": { - "efsReplicationIntegTest/DefaultTest": { - "stacks": [ - "efsReplication" - ], - "assertionStack": "efsReplicationIntegTest/DefaultTest/DeployAssert", - "assertionStackName": "efsReplicationIntegTestDefaultTestDeployAssert2C078280" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json deleted file mode 100644 index 644b0f1650db6..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json +++ /dev/null @@ -1,305 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "efsReplication.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "efsReplication.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "efsReplication": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "efsReplication.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "efsReplication.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "efsReplication.assets" - ], - "metadata": { - "/efsReplication/Vpc/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Vpc8378EB38" - } - ], - "/efsReplication/Vpc/PublicSubnet1/Subnet": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet1Subnet5C2D37C4" - } - ], - "/efsReplication/Vpc/PublicSubnet1/RouteTable": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet1RouteTable6C95E38E" - } - ], - "/efsReplication/Vpc/PublicSubnet1/RouteTableAssociation": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet1RouteTableAssociation97140677" - } - ], - "/efsReplication/Vpc/PublicSubnet1/DefaultRoute": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" - } - ], - "/efsReplication/Vpc/PublicSubnet2/Subnet": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet2Subnet691E08A3" - } - ], - "/efsReplication/Vpc/PublicSubnet2/RouteTable": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet2RouteTable94F7E489" - } - ], - "/efsReplication/Vpc/PublicSubnet2/RouteTableAssociation": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" - } - ], - "/efsReplication/Vpc/PublicSubnet2/DefaultRoute": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet2DefaultRoute97F91067" - } - ], - "/efsReplication/Vpc/IsolatedSubnet1/Subnet": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet1SubnetE48C5737" - } - ], - "/efsReplication/Vpc/IsolatedSubnet1/RouteTable": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet1RouteTable4771E3E5" - } - ], - "/efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet1RouteTableAssociationD300FCBB" - } - ], - "/efsReplication/Vpc/IsolatedSubnet2/Subnet": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet2Subnet16364B91" - } - ], - "/efsReplication/Vpc/IsolatedSubnet2/RouteTable": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet2RouteTable1D30AF7D" - } - ], - "/efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA" - } - ], - "/efsReplication/Vpc/IGW": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIGWD7BA715C" - } - ], - "/efsReplication/Vpc/VPCGW": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcVPCGWBF912B6E" - } - ], - "/efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE" - } - ], - "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" - } - ], - "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" - } - ], - "/efsReplication/Key/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Key961B73FD" - } - ], - "/efsReplication/oneZoneReplicationFileSystem/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "oneZoneReplicationFileSystem0A6BB0D2" - } - ], - "/efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27" - } - ], - "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1": [ - { - "type": "aws:cdk:logicalId", - "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA" - } - ], - "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2": [ - { - "type": "aws:cdk:logicalId", - "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8" - } - ], - "/efsReplication/destinationFileSystem/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "destinationFileSystem0FAD62DA" - } - ], - "/efsReplication/destinationFileSystem/EfsSecurityGroup/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "destinationFileSystemEfsSecurityGroupB67C2699" - } - ], - "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1": [ - { - "type": "aws:cdk:logicalId", - "data": "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3" - } - ], - "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2": [ - { - "type": "aws:cdk:logicalId", - "data": "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46" - } - ], - "/efsReplication/existFileSystemReplication/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "existFileSystemReplication3C6768D0" - } - ], - "/efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "existFileSystemReplicationEfsSecurityGroup516080B0" - } - ], - "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1": [ - { - "type": "aws:cdk:logicalId", - "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF" - } - ], - "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2": [ - { - "type": "aws:cdk:logicalId", - "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C" - } - ], - "/efsReplication/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/efsReplication/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "efsReplication" - }, - "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "efsReplicationIntegTestDefaultTestDeployAssert2C078280": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" - ], - "metadata": { - "/efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "efsReplicationIntegTest/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json deleted file mode 100644 index 03e953816327e..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json +++ /dev/null @@ -1,1172 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "efsReplication": { - "id": "efsReplication", - "path": "efsReplication", - "children": { - "Vpc": { - "id": "Vpc", - "path": "efsReplication/Vpc", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/Vpc/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPC", - "aws:cdk:cloudformation:props": { - "cidrBlock": "10.0.0.0/16", - "enableDnsHostnames": true, - "enableDnsSupport": true, - "instanceTenancy": "default", - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", - "version": "0.0.0" - } - }, - "PublicSubnet1": { - "id": "PublicSubnet1", - "path": "efsReplication/Vpc/PublicSubnet1", - "children": { - "Subnet": { - "id": "Subnet", - "path": "efsReplication/Vpc/PublicSubnet1/Subnet", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", - "aws:cdk:cloudformation:props": { - "availabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "cidrBlock": "10.0.0.0/18", - "mapPublicIpOnLaunch": true, - "tags": [ - { - "key": "aws-cdk:subnet-name", - "value": "Public" - }, - { - "key": "aws-cdk:subnet-type", - "value": "Public" - }, - { - "key": "Name", - "value": "efsReplication/Vpc/PublicSubnet1" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" - } - }, - "Acl": { - "id": "Acl", - "path": "efsReplication/Vpc/PublicSubnet1/Acl", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "RouteTable": { - "id": "RouteTable", - "path": "efsReplication/Vpc/PublicSubnet1/RouteTable", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc/PublicSubnet1" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" - } - }, - "RouteTableAssociation": { - "id": "RouteTableAssociation", - "path": "efsReplication/Vpc/PublicSubnet1/RouteTableAssociation", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", - "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, - "subnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" - } - }, - "DefaultRoute": { - "id": "DefaultRoute", - "path": "efsReplication/Vpc/PublicSubnet1/DefaultRoute", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Route", - "aws:cdk:cloudformation:props": { - "destinationCidrBlock": "0.0.0.0/0", - "gatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "routeTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" - } - }, - "PublicSubnet2": { - "id": "PublicSubnet2", - "path": "efsReplication/Vpc/PublicSubnet2", - "children": { - "Subnet": { - "id": "Subnet", - "path": "efsReplication/Vpc/PublicSubnet2/Subnet", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", - "aws:cdk:cloudformation:props": { - "availabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "cidrBlock": "10.0.64.0/18", - "mapPublicIpOnLaunch": true, - "tags": [ - { - "key": "aws-cdk:subnet-name", - "value": "Public" - }, - { - "key": "aws-cdk:subnet-type", - "value": "Public" - }, - { - "key": "Name", - "value": "efsReplication/Vpc/PublicSubnet2" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" - } - }, - "Acl": { - "id": "Acl", - "path": "efsReplication/Vpc/PublicSubnet2/Acl", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "RouteTable": { - "id": "RouteTable", - "path": "efsReplication/Vpc/PublicSubnet2/RouteTable", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc/PublicSubnet2" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" - } - }, - "RouteTableAssociation": { - "id": "RouteTableAssociation", - "path": "efsReplication/Vpc/PublicSubnet2/RouteTableAssociation", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", - "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, - "subnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" - } - }, - "DefaultRoute": { - "id": "DefaultRoute", - "path": "efsReplication/Vpc/PublicSubnet2/DefaultRoute", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Route", - "aws:cdk:cloudformation:props": { - "destinationCidrBlock": "0.0.0.0/0", - "gatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "routeTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" - } - }, - "IsolatedSubnet1": { - "id": "IsolatedSubnet1", - "path": "efsReplication/Vpc/IsolatedSubnet1", - "children": { - "Subnet": { - "id": "Subnet", - "path": "efsReplication/Vpc/IsolatedSubnet1/Subnet", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", - "aws:cdk:cloudformation:props": { - "availabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "cidrBlock": "10.0.128.0/18", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "key": "aws-cdk:subnet-name", - "value": "Isolated" - }, - { - "key": "aws-cdk:subnet-type", - "value": "Isolated" - }, - { - "key": "Name", - "value": "efsReplication/Vpc/IsolatedSubnet1" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" - } - }, - "Acl": { - "id": "Acl", - "path": "efsReplication/Vpc/IsolatedSubnet1/Acl", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "RouteTable": { - "id": "RouteTable", - "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTable", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc/IsolatedSubnet1" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" - } - }, - "RouteTableAssociation": { - "id": "RouteTableAssociation", - "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", - "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" - }, - "subnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" - } - }, - "IsolatedSubnet2": { - "id": "IsolatedSubnet2", - "path": "efsReplication/Vpc/IsolatedSubnet2", - "children": { - "Subnet": { - "id": "Subnet", - "path": "efsReplication/Vpc/IsolatedSubnet2/Subnet", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", - "aws:cdk:cloudformation:props": { - "availabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "cidrBlock": "10.0.192.0/18", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "key": "aws-cdk:subnet-name", - "value": "Isolated" - }, - { - "key": "aws-cdk:subnet-type", - "value": "Isolated" - }, - { - "key": "Name", - "value": "efsReplication/Vpc/IsolatedSubnet2" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" - } - }, - "Acl": { - "id": "Acl", - "path": "efsReplication/Vpc/IsolatedSubnet2/Acl", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "RouteTable": { - "id": "RouteTable", - "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTable", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc/IsolatedSubnet2" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" - } - }, - "RouteTableAssociation": { - "id": "RouteTableAssociation", - "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", - "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" - }, - "subnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" - } - }, - "IGW": { - "id": "IGW", - "path": "efsReplication/Vpc/IGW", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", - "version": "0.0.0" - } - }, - "VPCGW": { - "id": "VPCGW", - "path": "efsReplication/Vpc/VPCGW", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", - "aws:cdk:cloudformation:props": { - "internetGatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" - } - }, - "RestrictDefaultSecurityGroupCustomResource": { - "id": "RestrictDefaultSecurityGroupCustomResource", - "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource", - "children": { - "Default": { - "id": "Default", - "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.Vpc", - "version": "0.0.0" - } - }, - "Custom::VpcRestrictDefaultSGCustomResourceProvider": { - "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", - "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider", - "children": { - "Staging": { - "id": "Staging", - "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "Handler": { - "id": "Handler", - "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProviderBase", - "version": "0.0.0" - } - }, - "Key": { - "id": "Key", - "path": "efsReplication/Key", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/Key/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KMS::Key", - "aws:cdk:cloudformation:props": { - "keyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" - } - }, - "oneZoneReplicationFileSystem": { - "id": "oneZoneReplicationFileSystem", - "path": "efsReplication/oneZoneReplicationFileSystem", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/oneZoneReplicationFileSystem/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", - "aws:cdk:cloudformation:props": { - "encrypted": true, - "fileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "replicationConfiguration": { - "destinations": [ - { - "kmsKeyId": { - "Fn::GetAtt": [ - "Key961B73FD", - "Arn" - ] - }, - "region": "us-east-1", - "availabilityZoneName": "us-east-1a" - } - ] - }, - "fileSystemTags": [ - { - "key": "Name", - "value": "efsReplication/oneZoneReplicationFileSystem" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", - "version": "0.0.0" - } - }, - "EfsSecurityGroup": { - "id": "EfsSecurityGroup", - "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "tags": [ - { - "key": "Name", - "value": "efsReplication/oneZoneReplicationFileSystem" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet1": { - "id": "EfsMountTarget-IsolatedSubnet1", - "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "oneZoneReplicationFileSystem0A6BB0D2" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet2": { - "id": "EfsMountTarget-IsolatedSubnet2", - "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "oneZoneReplicationFileSystem0A6BB0D2" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.FileSystem", - "version": "0.0.0" - } - }, - "destinationFileSystem": { - "id": "destinationFileSystem", - "path": "efsReplication/destinationFileSystem", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/destinationFileSystem/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", - "aws:cdk:cloudformation:props": { - "encrypted": true, - "fileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "fileSystemProtection": { - "replicationOverwriteProtection": "DISABLED" - }, - "fileSystemTags": [ - { - "key": "Name", - "value": "efsReplication/destinationFileSystem" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", - "version": "0.0.0" - } - }, - "EfsSecurityGroup": { - "id": "EfsSecurityGroup", - "path": "efsReplication/destinationFileSystem/EfsSecurityGroup", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/destinationFileSystem/EfsSecurityGroup/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "tags": [ - { - "key": "Name", - "value": "efsReplication/destinationFileSystem" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet1": { - "id": "EfsMountTarget-IsolatedSubnet1", - "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "destinationFileSystemEfsSecurityGroupB67C2699", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet2": { - "id": "EfsMountTarget-IsolatedSubnet2", - "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "destinationFileSystemEfsSecurityGroupB67C2699", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.FileSystem", - "version": "0.0.0" - } - }, - "existFileSystemReplication": { - "id": "existFileSystemReplication", - "path": "efsReplication/existFileSystemReplication", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/existFileSystemReplication/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", - "aws:cdk:cloudformation:props": { - "encrypted": true, - "fileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "replicationConfiguration": { - "destinations": [ - { - "fileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "region": { - "Ref": "AWS::Region" - } - } - ] - }, - "fileSystemTags": [ - { - "key": "Name", - "value": "efsReplication/existFileSystemReplication" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", - "version": "0.0.0" - } - }, - "EfsSecurityGroup": { - "id": "EfsSecurityGroup", - "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "tags": [ - { - "key": "Name", - "value": "efsReplication/existFileSystemReplication" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet1": { - "id": "EfsMountTarget-IsolatedSubnet1", - "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "existFileSystemReplication3C6768D0" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "existFileSystemReplicationEfsSecurityGroup516080B0", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet2": { - "id": "EfsMountTarget-IsolatedSubnet2", - "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "existFileSystemReplication3C6768D0" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "existFileSystemReplicationEfsSecurityGroup516080B0", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.FileSystem", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "efsReplication/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "efsReplication/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "efsReplicationIntegTest": { - "id": "efsReplicationIntegTest", - "path": "efsReplicationIntegTest", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "efsReplicationIntegTest/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "efsReplicationIntegTest/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "efsReplicationIntegTest/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts index f1b5456d382a4..7059f42bfafcb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts @@ -18,12 +18,11 @@ const kmsKey = new kms.Key(stack, 'Key', { new efs.FileSystem(stack, 'oneZoneReplicationFileSystem', { vpc, removalPolicy: cdk.RemovalPolicy.DESTROY, - replicationConfiguration: { - enable: true, + replicationConfiguration: [{ kmsKey, region: 'us-east-1', availabilityZone: 'us-east-1a', - }, + }], }); const destination = new efs.FileSystem(stack, 'destinationFileSystem', { @@ -35,10 +34,9 @@ const destination = new efs.FileSystem(stack, 'destinationFileSystem', { new efs.FileSystem(stack, 'existFileSystemReplication', { vpc, removalPolicy: cdk.RemovalPolicy.DESTROY, - replicationConfiguration: { + replicationConfiguration: [{ destinationFileSystem: destination, - enable: true, - }, + }], }); new integ.IntegTest(app, 'efsReplicationIntegTest', { diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index 3dcc00e5d462f..d647a995dd8f6 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -89,12 +89,11 @@ declare const kmsKey: kms.Key; // auto generate a replication destination file system new efs.FileSystem(this, 'ReplicationSourceFileSystem1', { vpc, - replicationConfiguration: { - enable: true, - kmsKey, // optional - region: 'us-east-1', // optional - availabilityZone: 'us-east-1a', // optional, Specifing the AZ means creating a One Zone file system as the replication destination - } + replicationConfiguration: [{ + kmsKey, + region: 'us-east-1', + availabilityZone: 'us-east-1a', // Specifing the AZ means creating a One Zone file system as the replication destination + }] }); // specify the replication destination file system @@ -106,11 +105,10 @@ const destinationFileSystem = new efs.FileSystem(this, 'DestinationFileSystem', new efs.FileSystem(this, 'ReplicationSourceFileSystem2', { vpc, - replicationConfiguration: { - enable: true, + replicationConfiguration: [{ destinationFileSystem, // cannot configure other properties when destinationFileSystem is specified - } + }] }); ``` From 0fd10b04615734342b43699d02bd3f72677dc514 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Wed, 6 Mar 2024 04:55:52 +0900 Subject: [PATCH 18/50] test: add integ test files --- .../__entrypoint__.js | 156 +++ .../index.js | 1 + .../cdk.out | 1 + .../efsReplication.assets.json | 32 + .../efsReplication.template.json | 795 +++++++++++ ...efaultTestDeployAssert2C078280.assets.json | 19 + ...aultTestDeployAssert2C078280.template.json | 36 + .../integ.json | 12 + .../manifest.json | 305 +++++ .../tree.json | 1172 +++++++++++++++++ 10 files changed, 2529 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js new file mode 100644 index 0000000000000..9271364bb7e49 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js @@ -0,0 +1,156 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} +//# sourceMappingURL=data:application/json;base64, \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json new file mode 100644 index 0000000000000..1abac9d0b3912 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.0", + "files": { + "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da": { + "source": { + "path": "asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029": { + "source": { + "path": "efsReplication.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json new file mode 100644 index 0000000000000..36a35b7baa356 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json @@ -0,0 +1,795 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcIsolatedSubnet1SubnetE48C5737": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet1RouteTable4771E3E5": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet1RouteTableAssociationD300FCBB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" + }, + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "VpcIsolatedSubnet2Subnet16364B91": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet2RouteTable1D30AF7D": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" + }, + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "Key961B73FD": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "oneZoneReplicationFileSystem0A6BB0D2": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "ReplicationConfiguration": { + "Destinations": [ + { + "AvailabilityZoneName": "us-east-1a", + "KmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "Region": "us-east-1" + } + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "destinationFileSystem0FAD62DA": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemProtection": { + "ReplicationOverwriteProtection": "DISABLED" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/destinationFileSystem" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "destinationFileSystemEfsSecurityGroupB67C2699": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/destinationFileSystem" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "existFileSystemReplication3C6768D0": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/existFileSystemReplication" + } + ], + "ReplicationConfiguration": { + "Destinations": [ + { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "Region": { + "Ref": "AWS::Region" + } + } + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "existFileSystemReplicationEfsSecurityGroup516080B0": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/existFileSystemReplication" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json new file mode 100644 index 0000000000000..9f023624023ad --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json new file mode 100644 index 0000000000000..3baa48f7b8fa2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "efsReplicationIntegTest/DefaultTest": { + "stacks": [ + "efsReplication" + ], + "assertionStack": "efsReplicationIntegTest/DefaultTest/DeployAssert", + "assertionStackName": "efsReplicationIntegTestDefaultTestDeployAssert2C078280" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json new file mode 100644 index 0000000000000..644b0f1650db6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json @@ -0,0 +1,305 @@ +{ + "version": "36.0.0", + "artifacts": { + "efsReplication.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "efsReplication.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "efsReplication": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "efsReplication.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "efsReplication.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "efsReplication.assets" + ], + "metadata": { + "/efsReplication/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/efsReplication/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/efsReplication/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/efsReplication/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/efsReplication/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/efsReplication/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/efsReplication/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/efsReplication/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/efsReplication/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1SubnetE48C5737" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1RouteTable4771E3E5" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1RouteTableAssociationD300FCBB" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2Subnet16364B91" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2RouteTable1D30AF7D" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA" + } + ], + "/efsReplication/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/efsReplication/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE" + } + ], + "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/efsReplication/Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Key961B73FD" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystem0A6BB0D2" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8" + } + ], + "/efsReplication/destinationFileSystem/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystem0FAD62DA" + } + ], + "/efsReplication/destinationFileSystem/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsSecurityGroupB67C2699" + } + ], + "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3" + } + ], + "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46" + } + ], + "/efsReplication/existFileSystemReplication/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplication3C6768D0" + } + ], + "/efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsSecurityGroup516080B0" + } + ], + "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF" + } + ], + "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C" + } + ], + "/efsReplication/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/efsReplication/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "efsReplication" + }, + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "efsReplicationIntegTestDefaultTestDeployAssert2C078280": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" + ], + "metadata": { + "/efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "efsReplicationIntegTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json new file mode 100644 index 0000000000000..03e953816327e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json @@ -0,0 +1,1172 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "efsReplication": { + "id": "efsReplication", + "path": "efsReplication", + "children": { + "Vpc": { + "id": "Vpc", + "path": "efsReplication/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "efsReplication/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "efsReplication/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "efsReplication/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "efsReplication/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "IsolatedSubnet1": { + "id": "IsolatedSubnet1", + "path": "efsReplication/Vpc/IsolatedSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/IsolatedSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Isolated" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Isolated" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/IsolatedSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" + }, + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IsolatedSubnet2": { + "id": "IsolatedSubnet2", + "path": "efsReplication/Vpc/IsolatedSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/IsolatedSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Isolated" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Isolated" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/IsolatedSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" + }, + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "efsReplication/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "efsReplication/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "Key": { + "id": "Key", + "path": "efsReplication/Key", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "oneZoneReplicationFileSystem": { + "id": "oneZoneReplicationFileSystem", + "path": "efsReplication/oneZoneReplicationFileSystem", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/oneZoneReplicationFileSystem/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "replicationConfiguration": { + "destinations": [ + { + "kmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "region": "us-east-1", + "availabilityZoneName": "us-east-1a" + } + ] + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/oneZoneReplicationFileSystem" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "destinationFileSystem": { + "id": "destinationFileSystem", + "path": "efsReplication/destinationFileSystem", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/destinationFileSystem/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "fileSystemProtection": { + "replicationOverwriteProtection": "DISABLED" + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/destinationFileSystem" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/destinationFileSystem/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/destinationFileSystem" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "existFileSystemReplication": { + "id": "existFileSystemReplication", + "path": "efsReplication/existFileSystemReplication", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/existFileSystemReplication/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "replicationConfiguration": { + "destinations": [ + { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "region": { + "Ref": "AWS::Region" + } + } + ] + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/existFileSystemReplication" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/existFileSystemReplication" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "efsReplication/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "efsReplication/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "efsReplicationIntegTest": { + "id": "efsReplicationIntegTest", + "path": "efsReplicationIntegTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "efsReplicationIntegTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "efsReplicationIntegTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file From 6914efd41b94b595f1dffd04dbca040fb56ba9e6 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Thu, 7 Mar 2024 12:33:28 +0900 Subject: [PATCH 19/50] Revert "test: add integ test files" This reverts commit 0fd10b04615734342b43699d02bd3f72677dc514. --- .../__entrypoint__.js | 156 --- .../index.js | 1 - .../cdk.out | 1 - .../efsReplication.assets.json | 32 - .../efsReplication.template.json | 795 ----------- ...efaultTestDeployAssert2C078280.assets.json | 19 - ...aultTestDeployAssert2C078280.template.json | 36 - .../integ.json | 12 - .../manifest.json | 305 ----- .../tree.json | 1172 ----------------- 10 files changed, 2529 deletions(-) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js deleted file mode 100644 index 9271364bb7e49..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js +++ /dev/null @@ -1,156 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.withRetries = exports.handler = exports.external = void 0; -const https = require("https"); -const url = require("url"); -// for unit tests -exports.external = { - sendHttpRequest: defaultSendHttpRequest, - log: defaultLog, - includeStackTraces: true, - userHandlerIndex: './index', -}; -const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; -const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; -async function handler(event, context) { - const sanitizedEvent = { ...event, ResponseURL: '...' }; - exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); - // ignore DELETE event when the physical resource ID is the marker that - // indicates that this DELETE is a subsequent DELETE to a failed CREATE - // operation. - if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { - exports.external.log('ignoring DELETE event caused by a failed CREATE event'); - await submitResponse('SUCCESS', event); - return; - } - try { - // invoke the user handler. this is intentionally inside the try-catch to - // ensure that if there is an error it's reported as a failure to - // cloudformation (otherwise cfn waits). - // eslint-disable-next-line @typescript-eslint/no-require-imports - const userHandler = require(exports.external.userHandlerIndex).handler; - const result = await userHandler(sanitizedEvent, context); - // validate user response and create the combined event - const responseEvent = renderResponse(event, result); - // submit to cfn as success - await submitResponse('SUCCESS', responseEvent); - } - catch (e) { - const resp = { - ...event, - Reason: exports.external.includeStackTraces ? e.stack : e.message, - }; - if (!resp.PhysicalResourceId) { - // special case: if CREATE fails, which usually implies, we usually don't - // have a physical resource id. in this case, the subsequent DELETE - // operation does not have any meaning, and will likely fail as well. to - // address this, we use a marker so the provider framework can simply - // ignore the subsequent DELETE. - if (event.RequestType === 'Create') { - exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); - resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; - } - else { - // otherwise, if PhysicalResourceId is not specified, something is - // terribly wrong because all other events should have an ID. - exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); - } - } - // this is an actual error, fail the activity altogether and exist. - await submitResponse('FAILED', resp); - } -} -exports.handler = handler; -function renderResponse(cfnRequest, handlerResponse = {}) { - // if physical ID is not returned, we have some defaults for you based - // on the request type. - const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; - // if we are in DELETE and physical ID was changed, it's an error. - if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { - throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); - } - // merge request event and result event (result prevails). - return { - ...cfnRequest, - ...handlerResponse, - PhysicalResourceId: physicalResourceId, - }; -} -async function submitResponse(status, event) { - const json = { - Status: status, - Reason: event.Reason ?? status, - StackId: event.StackId, - RequestId: event.RequestId, - PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, - LogicalResourceId: event.LogicalResourceId, - NoEcho: event.NoEcho, - Data: event.Data, - }; - const parsedUrl = url.parse(event.ResponseURL); - const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; - exports.external.log('submit response to cloudformation', loggingSafeUrl, json); - const responseBody = JSON.stringify(json); - const req = { - hostname: parsedUrl.hostname, - path: parsedUrl.path, - method: 'PUT', - headers: { - 'content-type': '', - 'content-length': Buffer.byteLength(responseBody, 'utf8'), - }, - }; - const retryOptions = { - attempts: 5, - sleep: 1000, - }; - await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); -} -async function defaultSendHttpRequest(options, requestBody) { - return new Promise((resolve, reject) => { - try { - const request = https.request(options, (response) => { - response.resume(); // Consume the response but don't care about it - if (!response.statusCode || response.statusCode >= 400) { - reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); - } - else { - resolve(); - } - }); - request.on('error', reject); - request.write(requestBody); - request.end(); - } - catch (e) { - reject(e); - } - }); -} -function defaultLog(fmt, ...params) { - // eslint-disable-next-line no-console - console.log(fmt, ...params); -} -function withRetries(options, fn) { - return async (...xs) => { - let attempts = options.attempts; - let ms = options.sleep; - while (true) { - try { - return await fn(...xs); - } - catch (e) { - if (attempts-- <= 0) { - throw e; - } - await sleep(Math.floor(Math.random() * ms)); - ms *= 2; - } - } - }; -} -exports.withRetries = withRetries; -async function sleep(ms) { - return new Promise((ok) => setTimeout(ok, ms)); -} -//# sourceMappingURL=data:application/json;base64, \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js deleted file mode 100644 index 013bcaffd8fe5..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out deleted file mode 100644 index 1f0068d32659a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json deleted file mode 100644 index 1abac9d0b3912..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da": { - "source": { - "path": "asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da", - "packaging": "zip" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - }, - "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029": { - "source": { - "path": "efsReplication.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json deleted file mode 100644 index 36a35b7baa356..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json +++ /dev/null @@ -1,795 +0,0 @@ -{ - "Resources": { - "Vpc8378EB38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc" - } - ] - } - }, - "VpcPublicSubnet1Subnet5C2D37C4": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "efsReplication/Vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcPublicSubnet1RouteTable6C95E38E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcPublicSubnet1RouteTableAssociation97140677": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - } - } - }, - "VpcPublicSubnet1DefaultRoute3DA9E72A": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "RouteTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - } - }, - "DependsOn": [ - "VpcVPCGWBF912B6E" - ] - }, - "VpcPublicSubnet2Subnet691E08A3": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "efsReplication/Vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcPublicSubnet2RouteTable94F7E489": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcPublicSubnet2RouteTableAssociationDD5762D8": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - } - } - }, - "VpcPublicSubnet2DefaultRoute97F91067": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "RouteTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - } - }, - "DependsOn": [ - "VpcVPCGWBF912B6E" - ] - }, - "VpcIsolatedSubnet1SubnetE48C5737": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Isolated" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated" - }, - { - "Key": "Name", - "Value": "efsReplication/Vpc/IsolatedSubnet1" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcIsolatedSubnet1RouteTable4771E3E5": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc/IsolatedSubnet1" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcIsolatedSubnet1RouteTableAssociationD300FCBB": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" - }, - "SubnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "VpcIsolatedSubnet2Subnet16364B91": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Isolated" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated" - }, - { - "Key": "Name", - "Value": "efsReplication/Vpc/IsolatedSubnet2" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcIsolatedSubnet2RouteTable1D30AF7D": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc/IsolatedSubnet2" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" - }, - "SubnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "VpcIGWD7BA715C": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/Vpc" - } - ] - } - }, - "VpcVPCGWBF912B6E": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "InternetGatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": { - "Type": "Custom::VpcRestrictDefaultSG", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", - "Arn" - ] - }, - "DefaultSecurityGroupId": { - "Fn::GetAtt": [ - "Vpc8378EB38", - "DefaultSecurityGroup" - ] - }, - "Account": { - "Ref": "AWS::AccountId" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ], - "Policies": [ - { - "PolicyName": "Inline", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:RevokeSecurityGroupEgress" - ], - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":ec2:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":security-group/", - { - "Fn::GetAtt": [ - "Vpc8378EB38", - "DefaultSecurityGroup" - ] - } - ] - ] - } - ] - } - ] - } - } - ] - } - }, - "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "__entrypoint__.handler", - "Role": { - "Fn::GetAtt": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", - "Arn" - ] - }, - "Runtime": "nodejs18.x", - "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" - }, - "DependsOn": [ - "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" - ] - }, - "Key961B73FD": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "oneZoneReplicationFileSystem0A6BB0D2": { - "Type": "AWS::EFS::FileSystem", - "Properties": { - "Encrypted": true, - "FileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "FileSystemTags": [ - { - "Key": "Name", - "Value": "efsReplication/oneZoneReplicationFileSystem" - } - ], - "ReplicationConfiguration": { - "Destinations": [ - { - "AvailabilityZoneName": "us-east-1a", - "KmsKeyId": { - "Fn::GetAtt": [ - "Key961B73FD", - "Arn" - ] - }, - "Region": "us-east-1" - } - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/oneZoneReplicationFileSystem" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "oneZoneReplicationFileSystem0A6BB0D2" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "oneZoneReplicationFileSystem0A6BB0D2" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "destinationFileSystem0FAD62DA": { - "Type": "AWS::EFS::FileSystem", - "Properties": { - "Encrypted": true, - "FileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "FileSystemProtection": { - "ReplicationOverwriteProtection": "DISABLED" - }, - "FileSystemTags": [ - { - "Key": "Name", - "Value": "efsReplication/destinationFileSystem" - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "destinationFileSystemEfsSecurityGroupB67C2699": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/destinationFileSystem" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "destinationFileSystemEfsSecurityGroupB67C2699", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "destinationFileSystemEfsSecurityGroupB67C2699", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "existFileSystemReplication3C6768D0": { - "Type": "AWS::EFS::FileSystem", - "Properties": { - "Encrypted": true, - "FileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "FileSystemTags": [ - { - "Key": "Name", - "Value": "efsReplication/existFileSystemReplication" - } - ], - "ReplicationConfiguration": { - "Destinations": [ - { - "FileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "Region": { - "Ref": "AWS::Region" - } - } - ] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "existFileSystemReplicationEfsSecurityGroup516080B0": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "efsReplication/existFileSystemReplication" - } - ], - "VpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "existFileSystemReplication3C6768D0" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "existFileSystemReplicationEfsSecurityGroup516080B0", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C": { - "Type": "AWS::EFS::MountTarget", - "Properties": { - "FileSystemId": { - "Ref": "existFileSystemReplication3C6768D0" - }, - "SecurityGroups": [ - { - "Fn::GetAtt": [ - "existFileSystemReplicationEfsSecurityGroup516080B0", - "GroupId" - ] - } - ], - "SubnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json deleted file mode 100644 index 9f023624023ad..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json deleted file mode 100644 index 3baa48f7b8fa2..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "version": "36.0.0", - "testCases": { - "efsReplicationIntegTest/DefaultTest": { - "stacks": [ - "efsReplication" - ], - "assertionStack": "efsReplicationIntegTest/DefaultTest/DeployAssert", - "assertionStackName": "efsReplicationIntegTestDefaultTestDeployAssert2C078280" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json deleted file mode 100644 index 644b0f1650db6..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json +++ /dev/null @@ -1,305 +0,0 @@ -{ - "version": "36.0.0", - "artifacts": { - "efsReplication.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "efsReplication.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "efsReplication": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "efsReplication.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "efsReplication.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "efsReplication.assets" - ], - "metadata": { - "/efsReplication/Vpc/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Vpc8378EB38" - } - ], - "/efsReplication/Vpc/PublicSubnet1/Subnet": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet1Subnet5C2D37C4" - } - ], - "/efsReplication/Vpc/PublicSubnet1/RouteTable": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet1RouteTable6C95E38E" - } - ], - "/efsReplication/Vpc/PublicSubnet1/RouteTableAssociation": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet1RouteTableAssociation97140677" - } - ], - "/efsReplication/Vpc/PublicSubnet1/DefaultRoute": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" - } - ], - "/efsReplication/Vpc/PublicSubnet2/Subnet": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet2Subnet691E08A3" - } - ], - "/efsReplication/Vpc/PublicSubnet2/RouteTable": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet2RouteTable94F7E489" - } - ], - "/efsReplication/Vpc/PublicSubnet2/RouteTableAssociation": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" - } - ], - "/efsReplication/Vpc/PublicSubnet2/DefaultRoute": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcPublicSubnet2DefaultRoute97F91067" - } - ], - "/efsReplication/Vpc/IsolatedSubnet1/Subnet": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet1SubnetE48C5737" - } - ], - "/efsReplication/Vpc/IsolatedSubnet1/RouteTable": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet1RouteTable4771E3E5" - } - ], - "/efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet1RouteTableAssociationD300FCBB" - } - ], - "/efsReplication/Vpc/IsolatedSubnet2/Subnet": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet2Subnet16364B91" - } - ], - "/efsReplication/Vpc/IsolatedSubnet2/RouteTable": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet2RouteTable1D30AF7D" - } - ], - "/efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA" - } - ], - "/efsReplication/Vpc/IGW": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcIGWD7BA715C" - } - ], - "/efsReplication/Vpc/VPCGW": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcVPCGWBF912B6E" - } - ], - "/efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE" - } - ], - "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" - } - ], - "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ - { - "type": "aws:cdk:logicalId", - "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" - } - ], - "/efsReplication/Key/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "Key961B73FD" - } - ], - "/efsReplication/oneZoneReplicationFileSystem/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "oneZoneReplicationFileSystem0A6BB0D2" - } - ], - "/efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27" - } - ], - "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1": [ - { - "type": "aws:cdk:logicalId", - "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA" - } - ], - "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2": [ - { - "type": "aws:cdk:logicalId", - "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8" - } - ], - "/efsReplication/destinationFileSystem/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "destinationFileSystem0FAD62DA" - } - ], - "/efsReplication/destinationFileSystem/EfsSecurityGroup/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "destinationFileSystemEfsSecurityGroupB67C2699" - } - ], - "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1": [ - { - "type": "aws:cdk:logicalId", - "data": "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3" - } - ], - "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2": [ - { - "type": "aws:cdk:logicalId", - "data": "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46" - } - ], - "/efsReplication/existFileSystemReplication/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "existFileSystemReplication3C6768D0" - } - ], - "/efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "existFileSystemReplicationEfsSecurityGroup516080B0" - } - ], - "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1": [ - { - "type": "aws:cdk:logicalId", - "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF" - } - ], - "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2": [ - { - "type": "aws:cdk:logicalId", - "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C" - } - ], - "/efsReplication/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/efsReplication/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "efsReplication" - }, - "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "efsReplicationIntegTestDefaultTestDeployAssert2C078280": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" - ], - "metadata": { - "/efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "efsReplicationIntegTest/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json deleted file mode 100644 index 03e953816327e..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json +++ /dev/null @@ -1,1172 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "efsReplication": { - "id": "efsReplication", - "path": "efsReplication", - "children": { - "Vpc": { - "id": "Vpc", - "path": "efsReplication/Vpc", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/Vpc/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPC", - "aws:cdk:cloudformation:props": { - "cidrBlock": "10.0.0.0/16", - "enableDnsHostnames": true, - "enableDnsSupport": true, - "instanceTenancy": "default", - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", - "version": "0.0.0" - } - }, - "PublicSubnet1": { - "id": "PublicSubnet1", - "path": "efsReplication/Vpc/PublicSubnet1", - "children": { - "Subnet": { - "id": "Subnet", - "path": "efsReplication/Vpc/PublicSubnet1/Subnet", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", - "aws:cdk:cloudformation:props": { - "availabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "cidrBlock": "10.0.0.0/18", - "mapPublicIpOnLaunch": true, - "tags": [ - { - "key": "aws-cdk:subnet-name", - "value": "Public" - }, - { - "key": "aws-cdk:subnet-type", - "value": "Public" - }, - { - "key": "Name", - "value": "efsReplication/Vpc/PublicSubnet1" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" - } - }, - "Acl": { - "id": "Acl", - "path": "efsReplication/Vpc/PublicSubnet1/Acl", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "RouteTable": { - "id": "RouteTable", - "path": "efsReplication/Vpc/PublicSubnet1/RouteTable", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc/PublicSubnet1" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" - } - }, - "RouteTableAssociation": { - "id": "RouteTableAssociation", - "path": "efsReplication/Vpc/PublicSubnet1/RouteTableAssociation", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", - "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, - "subnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" - } - }, - "DefaultRoute": { - "id": "DefaultRoute", - "path": "efsReplication/Vpc/PublicSubnet1/DefaultRoute", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Route", - "aws:cdk:cloudformation:props": { - "destinationCidrBlock": "0.0.0.0/0", - "gatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "routeTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" - } - }, - "PublicSubnet2": { - "id": "PublicSubnet2", - "path": "efsReplication/Vpc/PublicSubnet2", - "children": { - "Subnet": { - "id": "Subnet", - "path": "efsReplication/Vpc/PublicSubnet2/Subnet", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", - "aws:cdk:cloudformation:props": { - "availabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "cidrBlock": "10.0.64.0/18", - "mapPublicIpOnLaunch": true, - "tags": [ - { - "key": "aws-cdk:subnet-name", - "value": "Public" - }, - { - "key": "aws-cdk:subnet-type", - "value": "Public" - }, - { - "key": "Name", - "value": "efsReplication/Vpc/PublicSubnet2" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" - } - }, - "Acl": { - "id": "Acl", - "path": "efsReplication/Vpc/PublicSubnet2/Acl", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "RouteTable": { - "id": "RouteTable", - "path": "efsReplication/Vpc/PublicSubnet2/RouteTable", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc/PublicSubnet2" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" - } - }, - "RouteTableAssociation": { - "id": "RouteTableAssociation", - "path": "efsReplication/Vpc/PublicSubnet2/RouteTableAssociation", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", - "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - }, - "subnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" - } - }, - "DefaultRoute": { - "id": "DefaultRoute", - "path": "efsReplication/Vpc/PublicSubnet2/DefaultRoute", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Route", - "aws:cdk:cloudformation:props": { - "destinationCidrBlock": "0.0.0.0/0", - "gatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "routeTableId": { - "Ref": "VpcPublicSubnet2RouteTable94F7E489" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" - } - }, - "IsolatedSubnet1": { - "id": "IsolatedSubnet1", - "path": "efsReplication/Vpc/IsolatedSubnet1", - "children": { - "Subnet": { - "id": "Subnet", - "path": "efsReplication/Vpc/IsolatedSubnet1/Subnet", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", - "aws:cdk:cloudformation:props": { - "availabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "cidrBlock": "10.0.128.0/18", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "key": "aws-cdk:subnet-name", - "value": "Isolated" - }, - { - "key": "aws-cdk:subnet-type", - "value": "Isolated" - }, - { - "key": "Name", - "value": "efsReplication/Vpc/IsolatedSubnet1" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" - } - }, - "Acl": { - "id": "Acl", - "path": "efsReplication/Vpc/IsolatedSubnet1/Acl", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "RouteTable": { - "id": "RouteTable", - "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTable", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc/IsolatedSubnet1" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" - } - }, - "RouteTableAssociation": { - "id": "RouteTableAssociation", - "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", - "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" - }, - "subnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" - } - }, - "IsolatedSubnet2": { - "id": "IsolatedSubnet2", - "path": "efsReplication/Vpc/IsolatedSubnet2", - "children": { - "Subnet": { - "id": "Subnet", - "path": "efsReplication/Vpc/IsolatedSubnet2/Subnet", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", - "aws:cdk:cloudformation:props": { - "availabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "cidrBlock": "10.0.192.0/18", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "key": "aws-cdk:subnet-name", - "value": "Isolated" - }, - { - "key": "aws-cdk:subnet-type", - "value": "Isolated" - }, - { - "key": "Name", - "value": "efsReplication/Vpc/IsolatedSubnet2" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" - } - }, - "Acl": { - "id": "Acl", - "path": "efsReplication/Vpc/IsolatedSubnet2/Acl", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "RouteTable": { - "id": "RouteTable", - "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTable", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc/IsolatedSubnet2" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" - } - }, - "RouteTableAssociation": { - "id": "RouteTableAssociation", - "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", - "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" - }, - "subnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" - } - }, - "IGW": { - "id": "IGW", - "path": "efsReplication/Vpc/IGW", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "Name", - "value": "efsReplication/Vpc" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", - "version": "0.0.0" - } - }, - "VPCGW": { - "id": "VPCGW", - "path": "efsReplication/Vpc/VPCGW", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", - "aws:cdk:cloudformation:props": { - "internetGatewayId": { - "Ref": "VpcIGWD7BA715C" - }, - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" - } - }, - "RestrictDefaultSecurityGroupCustomResource": { - "id": "RestrictDefaultSecurityGroupCustomResource", - "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource", - "children": { - "Default": { - "id": "Default", - "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.Vpc", - "version": "0.0.0" - } - }, - "Custom::VpcRestrictDefaultSGCustomResourceProvider": { - "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", - "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider", - "children": { - "Staging": { - "id": "Staging", - "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "Handler": { - "id": "Handler", - "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProviderBase", - "version": "0.0.0" - } - }, - "Key": { - "id": "Key", - "path": "efsReplication/Key", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/Key/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::KMS::Key", - "aws:cdk:cloudformation:props": { - "keyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" - } - }, - "oneZoneReplicationFileSystem": { - "id": "oneZoneReplicationFileSystem", - "path": "efsReplication/oneZoneReplicationFileSystem", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/oneZoneReplicationFileSystem/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", - "aws:cdk:cloudformation:props": { - "encrypted": true, - "fileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "replicationConfiguration": { - "destinations": [ - { - "kmsKeyId": { - "Fn::GetAtt": [ - "Key961B73FD", - "Arn" - ] - }, - "region": "us-east-1", - "availabilityZoneName": "us-east-1a" - } - ] - }, - "fileSystemTags": [ - { - "key": "Name", - "value": "efsReplication/oneZoneReplicationFileSystem" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", - "version": "0.0.0" - } - }, - "EfsSecurityGroup": { - "id": "EfsSecurityGroup", - "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "tags": [ - { - "key": "Name", - "value": "efsReplication/oneZoneReplicationFileSystem" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet1": { - "id": "EfsMountTarget-IsolatedSubnet1", - "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "oneZoneReplicationFileSystem0A6BB0D2" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet2": { - "id": "EfsMountTarget-IsolatedSubnet2", - "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "oneZoneReplicationFileSystem0A6BB0D2" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.FileSystem", - "version": "0.0.0" - } - }, - "destinationFileSystem": { - "id": "destinationFileSystem", - "path": "efsReplication/destinationFileSystem", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/destinationFileSystem/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", - "aws:cdk:cloudformation:props": { - "encrypted": true, - "fileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "fileSystemProtection": { - "replicationOverwriteProtection": "DISABLED" - }, - "fileSystemTags": [ - { - "key": "Name", - "value": "efsReplication/destinationFileSystem" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", - "version": "0.0.0" - } - }, - "EfsSecurityGroup": { - "id": "EfsSecurityGroup", - "path": "efsReplication/destinationFileSystem/EfsSecurityGroup", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/destinationFileSystem/EfsSecurityGroup/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "tags": [ - { - "key": "Name", - "value": "efsReplication/destinationFileSystem" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet1": { - "id": "EfsMountTarget-IsolatedSubnet1", - "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "destinationFileSystemEfsSecurityGroupB67C2699", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet2": { - "id": "EfsMountTarget-IsolatedSubnet2", - "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "destinationFileSystemEfsSecurityGroupB67C2699", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.FileSystem", - "version": "0.0.0" - } - }, - "existFileSystemReplication": { - "id": "existFileSystemReplication", - "path": "efsReplication/existFileSystemReplication", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/existFileSystemReplication/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", - "aws:cdk:cloudformation:props": { - "encrypted": true, - "fileSystemPolicy": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite" - ], - "Condition": { - "Bool": { - "elasticfilesystem:AccessedViaMountTarget": "true" - } - }, - "Effect": "Allow", - "Principal": { - "AWS": "*" - } - } - ], - "Version": "2012-10-17" - }, - "replicationConfiguration": { - "destinations": [ - { - "fileSystemId": { - "Ref": "destinationFileSystem0FAD62DA" - }, - "region": { - "Ref": "AWS::Region" - } - } - ] - }, - "fileSystemTags": [ - { - "key": "Name", - "value": "efsReplication/existFileSystemReplication" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", - "version": "0.0.0" - } - }, - "EfsSecurityGroup": { - "id": "EfsSecurityGroup", - "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup", - "children": { - "Resource": { - "id": "Resource", - "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", - "aws:cdk:cloudformation:props": { - "groupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", - "securityGroupEgress": [ - { - "cidrIp": "0.0.0.0/0", - "description": "Allow all outbound traffic by default", - "ipProtocol": "-1" - } - ], - "tags": [ - { - "key": "Name", - "value": "efsReplication/existFileSystemReplication" - } - ], - "vpcId": { - "Ref": "Vpc8378EB38" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet1": { - "id": "EfsMountTarget-IsolatedSubnet1", - "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "existFileSystemReplication3C6768D0" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "existFileSystemReplicationEfsSecurityGroup516080B0", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet1SubnetE48C5737" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - }, - "EfsMountTarget-IsolatedSubnet2": { - "id": "EfsMountTarget-IsolatedSubnet2", - "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", - "aws:cdk:cloudformation:props": { - "fileSystemId": { - "Ref": "existFileSystemReplication3C6768D0" - }, - "securityGroups": [ - { - "Fn::GetAtt": [ - "existFileSystemReplicationEfsSecurityGroup516080B0", - "GroupId" - ] - } - ], - "subnetId": { - "Ref": "VpcIsolatedSubnet2Subnet16364B91" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_efs.FileSystem", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "efsReplication/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "efsReplication/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "efsReplicationIntegTest": { - "id": "efsReplicationIntegTest", - "path": "efsReplicationIntegTest", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "efsReplicationIntegTest/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "efsReplicationIntegTest/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "efsReplicationIntegTest/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" - } - } -} \ No newline at end of file From ee9b0693773a190e7cef132c4c1a8bd0c18f9786 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Thu, 7 Mar 2024 12:33:34 +0900 Subject: [PATCH 20/50] Revert "test: remove integ test files" This reverts commit 6be43425e14aca8578e30f55315ef033d83573a6. --- .../__entrypoint__.js | 156 +++ .../index.js | 1 + .../cdk.out | 1 + .../efsReplication.assets.json | 32 + .../efsReplication.template.json | 795 +++++++++++ ...efaultTestDeployAssert2C078280.assets.json | 19 + ...aultTestDeployAssert2C078280.template.json | 36 + .../integ.json | 12 + .../manifest.json | 305 +++++ .../tree.json | 1172 +++++++++++++++++ .../test/integ.efs-filesystem-replication.ts | 10 +- packages/aws-cdk-lib/aws-efs/README.md | 16 +- 12 files changed, 2544 insertions(+), 11 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js new file mode 100644 index 0000000000000..9271364bb7e49 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/__entrypoint__.js @@ -0,0 +1,156 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} +//# sourceMappingURL=data:application/json;base64, \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json new file mode 100644 index 0000000000000..1abac9d0b3912 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.0", + "files": { + "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da": { + "source": { + "path": "asset.e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029": { + "source": { + "path": "efsReplication.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json new file mode 100644 index 0000000000000..36a35b7baa356 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplication.template.json @@ -0,0 +1,795 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcIsolatedSubnet1SubnetE48C5737": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet1RouteTable4771E3E5": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet1RouteTableAssociationD300FCBB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" + }, + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "VpcIsolatedSubnet2Subnet16364B91": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet2RouteTable1D30AF7D": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" + }, + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "e978ad4ad0dca7e1c6be5f49cbbd1c5a150ee050c24052fedfe5a42f835d55da.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "Key961B73FD": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "oneZoneReplicationFileSystem0A6BB0D2": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "ReplicationConfiguration": { + "Destinations": [ + { + "AvailabilityZoneName": "us-east-1a", + "KmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "Region": "us-east-1" + } + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "destinationFileSystem0FAD62DA": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemProtection": { + "ReplicationOverwriteProtection": "DISABLED" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/destinationFileSystem" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "destinationFileSystemEfsSecurityGroupB67C2699": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/destinationFileSystem" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "existFileSystemReplication3C6768D0": { + "Type": "AWS::EFS::FileSystem", + "Properties": { + "Encrypted": true, + "FileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "FileSystemTags": [ + { + "Key": "Name", + "Value": "efsReplication/existFileSystemReplication" + } + ], + "ReplicationConfiguration": { + "Destinations": [ + { + "FileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "Region": { + "Ref": "AWS::Region" + } + } + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "existFileSystemReplicationEfsSecurityGroup516080B0": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "efsReplication/existFileSystemReplication" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C": { + "Type": "AWS::EFS::MountTarget", + "Properties": { + "FileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json new file mode 100644 index 0000000000000..9f023624023ad --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json new file mode 100644 index 0000000000000..3baa48f7b8fa2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "efsReplicationIntegTest/DefaultTest": { + "stacks": [ + "efsReplication" + ], + "assertionStack": "efsReplicationIntegTest/DefaultTest/DeployAssert", + "assertionStackName": "efsReplicationIntegTestDefaultTestDeployAssert2C078280" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json new file mode 100644 index 0000000000000..644b0f1650db6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/manifest.json @@ -0,0 +1,305 @@ +{ + "version": "36.0.0", + "artifacts": { + "efsReplication.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "efsReplication.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "efsReplication": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "efsReplication.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c31996307f297958181f87818952a751d2618a7f99fae95d1a42f5f152f24029.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "efsReplication.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "efsReplication.assets" + ], + "metadata": { + "/efsReplication/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/efsReplication/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/efsReplication/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/efsReplication/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/efsReplication/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/efsReplication/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/efsReplication/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/efsReplication/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/efsReplication/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1SubnetE48C5737" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1RouteTable4771E3E5" + } + ], + "/efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet1RouteTableAssociationD300FCBB" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2Subnet16364B91" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2RouteTable1D30AF7D" + } + ], + "/efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIsolatedSubnet2RouteTableAssociationF7B18CCA" + } + ], + "/efsReplication/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/efsReplication/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE" + } + ], + "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/efsReplication/Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Key961B73FD" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystem0A6BB0D2" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet1A6BB6EFA" + } + ], + "/efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "oneZoneReplicationFileSystemEfsMountTargetIsolatedSubnet2B23FA1A8" + } + ], + "/efsReplication/destinationFileSystem/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystem0FAD62DA" + } + ], + "/efsReplication/destinationFileSystem/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsSecurityGroupB67C2699" + } + ], + "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsMountTargetIsolatedSubnet12CF3C2E3" + } + ], + "/efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "destinationFileSystemEfsMountTargetIsolatedSubnet20E3F4B46" + } + ], + "/efsReplication/existFileSystemReplication/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplication3C6768D0" + } + ], + "/efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsSecurityGroup516080B0" + } + ], + "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet18F68C5DF" + } + ], + "/efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2": [ + { + "type": "aws:cdk:logicalId", + "data": "existFileSystemReplicationEfsMountTargetIsolatedSubnet230C85F8C" + } + ], + "/efsReplication/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/efsReplication/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "efsReplication" + }, + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "efsReplicationIntegTestDefaultTestDeployAssert2C078280": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "efsReplicationIntegTestDefaultTestDeployAssert2C078280.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "efsReplicationIntegTestDefaultTestDeployAssert2C078280.assets" + ], + "metadata": { + "/efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "efsReplicationIntegTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json new file mode 100644 index 0000000000000..03e953816327e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.js.snapshot/tree.json @@ -0,0 +1,1172 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "efsReplication": { + "id": "efsReplication", + "path": "efsReplication", + "children": { + "Vpc": { + "id": "Vpc", + "path": "efsReplication/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "efsReplication/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "efsReplication/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "efsReplication/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "efsReplication/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "IsolatedSubnet1": { + "id": "IsolatedSubnet1", + "path": "efsReplication/Vpc/IsolatedSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/IsolatedSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Isolated" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Isolated" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/IsolatedSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/IsolatedSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcIsolatedSubnet1RouteTable4771E3E5" + }, + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IsolatedSubnet2": { + "id": "IsolatedSubnet2", + "path": "efsReplication/Vpc/IsolatedSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "efsReplication/Vpc/IsolatedSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Isolated" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Isolated" + }, + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "efsReplication/Vpc/IsolatedSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc/IsolatedSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "efsReplication/Vpc/IsolatedSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcIsolatedSubnet2RouteTable1D30AF7D" + }, + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "efsReplication/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "efsReplication/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "efsReplication/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "efsReplication/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "efsReplication/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "Key": { + "id": "Key", + "path": "efsReplication/Key", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "oneZoneReplicationFileSystem": { + "id": "oneZoneReplicationFileSystem", + "path": "efsReplication/oneZoneReplicationFileSystem", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/oneZoneReplicationFileSystem/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "replicationConfiguration": { + "destinations": [ + { + "kmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "region": "us-east-1", + "availabilityZoneName": "us-east-1a" + } + ] + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/oneZoneReplicationFileSystem" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/oneZoneReplicationFileSystem/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/oneZoneReplicationFileSystem" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/oneZoneReplicationFileSystem/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "oneZoneReplicationFileSystem0A6BB0D2" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "oneZoneReplicationFileSystemEfsSecurityGroupD1C9EA27", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "destinationFileSystem": { + "id": "destinationFileSystem", + "path": "efsReplication/destinationFileSystem", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/destinationFileSystem/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "fileSystemProtection": { + "replicationOverwriteProtection": "DISABLED" + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/destinationFileSystem" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/destinationFileSystem/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/destinationFileSystem/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/destinationFileSystem" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/destinationFileSystem/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "destinationFileSystemEfsSecurityGroupB67C2699", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "existFileSystemReplication": { + "id": "existFileSystemReplication", + "path": "efsReplication/existFileSystemReplication", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/existFileSystemReplication/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::FileSystem", + "aws:cdk:cloudformation:props": { + "encrypted": true, + "fileSystemPolicy": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite" + ], + "Condition": { + "Bool": { + "elasticfilesystem:AccessedViaMountTarget": "true" + } + }, + "Effect": "Allow", + "Principal": { + "AWS": "*" + } + } + ], + "Version": "2012-10-17" + }, + "replicationConfiguration": { + "destinations": [ + { + "fileSystemId": { + "Ref": "destinationFileSystem0FAD62DA" + }, + "region": { + "Ref": "AWS::Region" + } + } + ] + }, + "fileSystemTags": [ + { + "key": "Name", + "value": "efsReplication/existFileSystemReplication" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnFileSystem", + "version": "0.0.0" + } + }, + "EfsSecurityGroup": { + "id": "EfsSecurityGroup", + "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "efsReplication/existFileSystemReplication/EfsSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "efsReplication/existFileSystemReplication/EfsSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "efsReplication/existFileSystemReplication" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet1": { + "id": "EfsMountTarget-IsolatedSubnet1", + "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet1SubnetE48C5737" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + }, + "EfsMountTarget-IsolatedSubnet2": { + "id": "EfsMountTarget-IsolatedSubnet2", + "path": "efsReplication/existFileSystemReplication/EfsMountTarget-IsolatedSubnet2", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EFS::MountTarget", + "aws:cdk:cloudformation:props": { + "fileSystemId": { + "Ref": "existFileSystemReplication3C6768D0" + }, + "securityGroups": [ + { + "Fn::GetAtt": [ + "existFileSystemReplicationEfsSecurityGroup516080B0", + "GroupId" + ] + } + ], + "subnetId": { + "Ref": "VpcIsolatedSubnet2Subnet16364B91" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.CfnMountTarget", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_efs.FileSystem", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "efsReplication/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "efsReplication/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "efsReplicationIntegTest": { + "id": "efsReplicationIntegTest", + "path": "efsReplicationIntegTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "efsReplicationIntegTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "efsReplicationIntegTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "efsReplicationIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts index 7059f42bfafcb..f1b5456d382a4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts @@ -18,11 +18,12 @@ const kmsKey = new kms.Key(stack, 'Key', { new efs.FileSystem(stack, 'oneZoneReplicationFileSystem', { vpc, removalPolicy: cdk.RemovalPolicy.DESTROY, - replicationConfiguration: [{ + replicationConfiguration: { + enable: true, kmsKey, region: 'us-east-1', availabilityZone: 'us-east-1a', - }], + }, }); const destination = new efs.FileSystem(stack, 'destinationFileSystem', { @@ -34,9 +35,10 @@ const destination = new efs.FileSystem(stack, 'destinationFileSystem', { new efs.FileSystem(stack, 'existFileSystemReplication', { vpc, removalPolicy: cdk.RemovalPolicy.DESTROY, - replicationConfiguration: [{ + replicationConfiguration: { destinationFileSystem: destination, - }], + enable: true, + }, }); new integ.IntegTest(app, 'efsReplicationIntegTest', { diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index d647a995dd8f6..3dcc00e5d462f 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -89,11 +89,12 @@ declare const kmsKey: kms.Key; // auto generate a replication destination file system new efs.FileSystem(this, 'ReplicationSourceFileSystem1', { vpc, - replicationConfiguration: [{ - kmsKey, - region: 'us-east-1', - availabilityZone: 'us-east-1a', // Specifing the AZ means creating a One Zone file system as the replication destination - }] + replicationConfiguration: { + enable: true, + kmsKey, // optional + region: 'us-east-1', // optional + availabilityZone: 'us-east-1a', // optional, Specifing the AZ means creating a One Zone file system as the replication destination + } }); // specify the replication destination file system @@ -105,10 +106,11 @@ const destinationFileSystem = new efs.FileSystem(this, 'DestinationFileSystem', new efs.FileSystem(this, 'ReplicationSourceFileSystem2', { vpc, - replicationConfiguration: [{ + replicationConfiguration: { + enable: true, destinationFileSystem, // cannot configure other properties when destinationFileSystem is specified - }] + } }); ``` From 67e4a9040918a0cee609c7eeb8d742afa90966d2 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Thu, 7 Mar 2024 12:33:40 +0900 Subject: [PATCH 21/50] Revert "feat: replicationConfiguration is to be array" This reverts commit f77fb2c5280e17f964e8bfba56137fa219473609. --- .../aws-efs/lib/efs-file-system.ts | 43 +++++++++--------- .../aws-efs/test/efs-file-system.test.ts | 45 +++++++------------ 2 files changed, 37 insertions(+), 51 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index c5b30f17881e9..95bd3db05dda6 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -330,7 +330,7 @@ export interface FileSystemProps { * * @default - no replication */ - readonly replicationConfiguration?: ReplicationConfiguration[]; + readonly replicationConfiguration?: ReplicationConfiguration; } /** @@ -599,27 +599,23 @@ export class FileSystem extends FileSystemBase { throw new Error('ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO'); } + const { destinationFileSystem, region, availabilityZone, kmsKey } = props.replicationConfiguration ?? {}; if (props.replicationConfiguration) { if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); } - if (props.replicationConfiguration.length !== 1) { - throw new Error('`replicationConfiguration` must contain exactly one destination'); + + if (destinationFileSystem && (region || availabilityZone || kmsKey)) { + throw new Error('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); } - props.replicationConfiguration.forEach((config) => { - const { destinationFileSystem, region, availabilityZone, kmsKey } = config; - - if (destinationFileSystem && (region || availabilityZone || kmsKey)) { - throw new Error('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); - } - if (region && !Token.isUnresolved(region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(region)) { - throw new Error('`replicationConfiguration.region` is invalid.'); - } - if (availabilityZone && !Token.isUnresolved(availabilityZone) && !region) { - throw new Error('`replicationConfiguration.availabilityZone` cannot be specified without `replicationConfiguration.region`'); - } - }); + if (region && !Token.isUnresolved(region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(region)) { + throw new Error('`replicationConfiguration.region` is invalid.'); + } + + if (availabilityZone && !Token.isUnresolved(availabilityZone) && !region) { + throw new Error('`replicationConfiguration.availabilityZone` cannot be specified without `replicationConfiguration.region`'); + } } // we explictly use 'undefined' to represent 'false' to maintain backwards compatibility since @@ -649,13 +645,14 @@ export class FileSystem extends FileSystemBase { } : undefined; const replicationConfiguration = props.replicationConfiguration ? { - destinations: props.replicationConfiguration.map( - (config) => ({ - fileSystemId: config.destinationFileSystem?.fileSystemId, - kmsKeyId: config.kmsKey?.keyArn, - region: config.destinationFileSystem ? config.destinationFileSystem.env.region : (config.region ?? Stack.of(this).region), - availabilityZoneName: config.availabilityZone, - })), + destinations: [ + { + fileSystemId: destinationFileSystem?.fileSystemId, + kmsKeyId: kmsKey?.keyArn, + region: destinationFileSystem ? destinationFileSystem.env.region : (region ?? Stack.of(this).region), + availabilityZoneName: availabilityZone, + }, + ], } : undefined; this._resource = new CfnFileSystem(this, 'Resource', { diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index 2db8944c9070e..2d65149667a18 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -4,7 +4,7 @@ import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; import { App, RemovalPolicy, Size, Stack, Tags } from '../../core'; import * as cxapi from '../../cx-api'; -import { FileSystem, LifecyclePolicy, PerformanceMode, ThroughputMode, OutOfInfrequentAccessPolicy, ReplicationOverwriteProtection, ReplicationConfiguration } from '../lib'; +import { FileSystem, LifecyclePolicy, PerformanceMode, ThroughputMode, OutOfInfrequentAccessPolicy, ReplicationOverwriteProtection } from '../lib'; let stack = new Stack(); let vpc = new ec2.Vpc(stack, 'VPC'); @@ -964,7 +964,7 @@ describe('replication configuration', () => { // WHEN new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: [{}], + replicationConfiguration: {}, }); // THEN @@ -989,9 +989,9 @@ describe('replication configuration', () => { }); new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: [{ + replicationConfiguration: { destinationFileSystem: destination, - }], + }, }); // THEN @@ -1012,11 +1012,11 @@ describe('replication configuration', () => { // WHEN new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: [{ + replicationConfiguration: { kmsKey: new kms.Key(stack, 'customKey'), region: 'us-east-1', availabilityZone: 'us-east-1a', - }], + }, }); // THEN @@ -1043,9 +1043,9 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: [{ + replicationConfiguration: { region: 'us-east-1', - }], + }, replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, }); }).toThrow('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); @@ -1065,10 +1065,10 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: [{ + replicationConfiguration: { destinationFileSystem: destination, ...config, - }], + }, }); }).toThrow('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); }); @@ -1084,10 +1084,10 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: [{ + replicationConfiguration: { destinationFileSystem: destination, kmsKey: new kms.Key(stack, 'customKey'), - }], + }, }); }).toThrow('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); }); @@ -1097,9 +1097,10 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: [{ + replicationConfiguration: { + enable: true, region: 'invalid-region', - }], + }, }); }).toThrow('`replicationConfiguration.region` is invalid.'); }); @@ -1109,22 +1110,10 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: [{ + replicationConfiguration: { availabilityZone: 'us-east-1a', - }], + }, }); }).toThrow('`replicationConfiguration.availabilityZone` cannot be specified without `replicationConfiguration.region`'); }); - - test.each([ - [[]], [[{ region: 'us-east-1' }, { region: 'ap-northeast-1' }]], - ])('throw error for invalid length of replicationConfiguration', (replicationConfiguration) => { - // THEN - expect(() => { - new FileSystem(stack, 'EfsFileSystem', { - vpc, - replicationConfiguration, - }); - }).toThrow('`replicationConfiguration` must contain exactly one destination'); - }); }); From 8cff88a6286cd080a4edeae71c74f5188654b154 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Thu, 7 Mar 2024 12:44:58 +0900 Subject: [PATCH 22/50] docs: update README.md --- packages/aws-cdk-lib/aws-efs/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index 3dcc00e5d462f..1c339ad430d56 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -114,6 +114,8 @@ new efs.FileSystem(this, 'ReplicationSourceFileSystem2', { }); ``` +**Note**: EFS now supports only one replication destination and thus allows specifying just one `replicationConfiguration` for each file system. + ### IAM to control file system data access You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access. From 3bf07131466a8bcdb5aa6735f1c9a53a4fba1ce4 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Thu, 7 Mar 2024 13:01:23 +0900 Subject: [PATCH 23/50] fix: readme --- packages/aws-cdk-lib/aws-efs/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index 1c339ad430d56..d33315dc7c6ea 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -90,7 +90,6 @@ declare const kmsKey: kms.Key; new efs.FileSystem(this, 'ReplicationSourceFileSystem1', { vpc, replicationConfiguration: { - enable: true, kmsKey, // optional region: 'us-east-1', // optional availabilityZone: 'us-east-1a', // optional, Specifing the AZ means creating a One Zone file system as the replication destination @@ -107,7 +106,6 @@ const destinationFileSystem = new efs.FileSystem(this, 'DestinationFileSystem', new efs.FileSystem(this, 'ReplicationSourceFileSystem2', { vpc, replicationConfiguration: { - enable: true, destinationFileSystem, // cannot configure other properties when destinationFileSystem is specified } From e666eebd5a923111c1b9fa3f3b5b8f879d9c58e8 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Thu, 7 Mar 2024 13:52:33 +0900 Subject: [PATCH 24/50] fix: integ test --- .../test/aws-efs/test/integ.efs-filesystem-replication.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts index f1b5456d382a4..9de5fae7edfd2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts @@ -19,7 +19,6 @@ new efs.FileSystem(stack, 'oneZoneReplicationFileSystem', { vpc, removalPolicy: cdk.RemovalPolicy.DESTROY, replicationConfiguration: { - enable: true, kmsKey, region: 'us-east-1', availabilityZone: 'us-east-1a', @@ -37,7 +36,6 @@ new efs.FileSystem(stack, 'existFileSystemReplication', { removalPolicy: cdk.RemovalPolicy.DESTROY, replicationConfiguration: { destinationFileSystem: destination, - enable: true, }, }); From 0db02bb3583825c54c5bd42f6ca12a65983788bf Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Sat, 9 Mar 2024 01:20:25 +0900 Subject: [PATCH 25/50] Update packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts Co-authored-by: Luca Pizzini --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 95bd3db05dda6..fff02d83bb713 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -599,8 +599,8 @@ export class FileSystem extends FileSystemBase { throw new Error('ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO'); } - const { destinationFileSystem, region, availabilityZone, kmsKey } = props.replicationConfiguration ?? {}; if (props.replicationConfiguration) { + const { destinationFileSystem, region, availabilityZone, kmsKey } = props.replicationConfiguration; if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); } From f9f7879b81d6575e73bddad09b62263442ff7844 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Sat, 9 Mar 2024 01:20:47 +0900 Subject: [PATCH 26/50] Update packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts Co-authored-by: Luca Pizzini --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index fff02d83bb713..2a40b0acff775 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -602,7 +602,7 @@ export class FileSystem extends FileSystemBase { if (props.replicationConfiguration) { const { destinationFileSystem, region, availabilityZone, kmsKey } = props.replicationConfiguration; if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { - throw new Error('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); + throw new Error('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); } if (destinationFileSystem && (region || availabilityZone || kmsKey)) { From 831b22feb05f3ee6b7421ea12e33ded98a16fdb6 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Sat, 9 Mar 2024 01:21:09 +0900 Subject: [PATCH 27/50] Update packages/aws-cdk-lib/aws-efs/README.md Co-authored-by: Luca Pizzini --- packages/aws-cdk-lib/aws-efs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index d33315dc7c6ea..420fd56ca72ae 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -76,7 +76,7 @@ This is to prevent deployment failures due to cross-AZ configurations. ⚠️ When `oneZone` is enabled, `vpcSubnets` cannot be specified. -### [Replicating file systems](https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html) +### Replicating file systems You can create a replica of your EFS file system in the AWS Region of your preference. From ad40a5cf9ab6c50727a935197adac02a27b7227c Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Sat, 9 Mar 2024 01:21:18 +0900 Subject: [PATCH 28/50] Update packages/aws-cdk-lib/aws-efs/README.md Co-authored-by: Luca Pizzini --- packages/aws-cdk-lib/aws-efs/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index 420fd56ca72ae..d7ba3b89cb74f 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -114,6 +114,8 @@ new efs.FileSystem(this, 'ReplicationSourceFileSystem2', { **Note**: EFS now supports only one replication destination and thus allows specifying just one `replicationConfiguration` for each file system. +> Visit [Replicating file systems](https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html) for more details. + ### IAM to control file system data access You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access. From 14d52561d61aacc92caec3d66c1fc23b8daa6dc4 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sat, 9 Mar 2024 01:37:27 +0900 Subject: [PATCH 29/50] feat: validate whether to specify region or destinationFileSystem --- .../aws-efs/lib/efs-file-system.ts | 22 ++++++++++------ .../aws-efs/test/efs-file-system.test.ts | 25 +++++++++++++------ 2 files changed, 32 insertions(+), 15 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 2a40b0acff775..4a6a1e1467131 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -600,21 +600,25 @@ export class FileSystem extends FileSystemBase { } if (props.replicationConfiguration) { - const { destinationFileSystem, region, availabilityZone, kmsKey } = props.replicationConfiguration; + const { destinationFileSystem, region, availabilityZone, kmsKey } = props.replicationConfiguration; if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { throw new Error('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); } + if (!destinationFileSystem && !region) { + throw new Error('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required'); + } + if (destinationFileSystem && (region || availabilityZone || kmsKey)) { - throw new Error('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); + throw new Error('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); } if (region && !Token.isUnresolved(region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(region)) { - throw new Error('`replicationConfiguration.region` is invalid.'); + throw new Error('\'replicationConfiguration.region\' is invalid.'); } if (availabilityZone && !Token.isUnresolved(availabilityZone) && !region) { - throw new Error('`replicationConfiguration.availabilityZone` cannot be specified without `replicationConfiguration.region`'); + throw new Error('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); } } @@ -647,10 +651,12 @@ export class FileSystem extends FileSystemBase { const replicationConfiguration = props.replicationConfiguration ? { destinations: [ { - fileSystemId: destinationFileSystem?.fileSystemId, - kmsKeyId: kmsKey?.keyArn, - region: destinationFileSystem ? destinationFileSystem.env.region : (region ?? Stack.of(this).region), - availabilityZoneName: availabilityZone, + fileSystemId: props.replicationConfiguration.destinationFileSystem?.fileSystemId, + kmsKeyId: props.replicationConfiguration.kmsKey?.keyArn, + region: props.replicationConfiguration.destinationFileSystem ? + props.replicationConfiguration.destinationFileSystem.env.region : + (props.replicationConfiguration.region ?? Stack.of(this).region), + availabilityZoneName: props.replicationConfiguration.availabilityZone, }, ], } : undefined; diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index 2d65149667a18..6ea47992aac39 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -964,7 +964,9 @@ describe('replication configuration', () => { // WHEN new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: {}, + replicationConfiguration: { + region: 'ap-northeast-1', + }, }); // THEN @@ -1048,7 +1050,7 @@ describe('replication configuration', () => { }, replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, }); - }).toThrow('Cannot configure `replicationConfiguration` when `replicationOverwriteProtection` is set to `DISABLED`'); + }).toThrow('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); }); test.each([ @@ -1070,7 +1072,7 @@ describe('replication configuration', () => { ...config, }, }); - }).toThrow('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); + }).toThrow('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); }); test('throw error for specifing both destinationFileSystem and kmsKey', () => { @@ -1089,7 +1091,17 @@ describe('replication configuration', () => { kmsKey: new kms.Key(stack, 'customKey'), }, }); - }).toThrow('Cannot configure `replicationConfiguration.region`, `replicationConfiguration.az` or `replicationConfiguration.kmsKey` when `replicationConfiguration.destinationFileSystem` is set'); + }).toThrow('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); + }); + + test('throw error for specifying neither region nor destinationFileSystem', () => { + // THEN + expect(() => { + new FileSystem(stack, 'EfsFileSystem', { + vpc, + replicationConfiguration: {}, + }); + }).toThrow('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required.'); }); test('throw error for invalid region', () => { @@ -1098,11 +1110,10 @@ describe('replication configuration', () => { new FileSystem(stack, 'EfsFileSystem', { vpc, replicationConfiguration: { - enable: true, region: 'invalid-region', }, }); - }).toThrow('`replicationConfiguration.region` is invalid.'); + }).toThrow('\'replicationConfiguration.region\' is invalid.'); }); test('throw error for specifying availabilityZone without region', () => { @@ -1114,6 +1125,6 @@ describe('replication configuration', () => { availabilityZone: 'us-east-1a', }, }); - }).toThrow('`replicationConfiguration.availabilityZone` cannot be specified without `replicationConfiguration.region`'); + }).toThrow('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); }); }); From 9cdb6eba0e0cb79ef5e259904d1a87826830187f Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sat, 9 Mar 2024 01:41:50 +0900 Subject: [PATCH 30/50] docs: udpate readme --- packages/aws-cdk-lib/aws-efs/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index d7ba3b89cb74f..3e1cb83aa9526 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -116,6 +116,8 @@ new efs.FileSystem(this, 'ReplicationSourceFileSystem2', { > Visit [Replicating file systems](https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html) for more details. +**Note**: You have to specify either `region` or `destinationFileSystem` when creating a replication destination file system. + ### IAM to control file system data access You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access. From 9b6bba7bd65444fce0910e9dcbe5e48f8276b94e Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sat, 9 Mar 2024 02:14:25 +0900 Subject: [PATCH 31/50] fix: unit test --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 8 ++++---- .../aws-efs/test/efs-file-system.test.ts | 13 ++++--------- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 4a6a1e1467131..c02185cfdc2c5 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -605,6 +605,10 @@ export class FileSystem extends FileSystemBase { throw new Error('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); } + if (availabilityZone && !Token.isUnresolved(availabilityZone) && !region) { + throw new Error('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); + } + if (!destinationFileSystem && !region) { throw new Error('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required'); } @@ -616,10 +620,6 @@ export class FileSystem extends FileSystemBase { if (region && !Token.isUnresolved(region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(region)) { throw new Error('\'replicationConfiguration.region\' is invalid.'); } - - if (availabilityZone && !Token.isUnresolved(availabilityZone) && !region) { - throw new Error('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); - } } // we explictly use 'undefined' to represent 'false' to maintain backwards compatibility since diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index 6ea47992aac39..ba570fd7d87ee 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -974,9 +974,7 @@ describe('replication configuration', () => { ReplicationConfiguration: { Destinations: [ { - Region: { - Ref: 'AWS::Region', - }, + Region: 'ap-northeast-1', }, ], }, @@ -1053,10 +1051,7 @@ describe('replication configuration', () => { }).toThrow('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); }); - test.each([ - { region: 'us-east-1' }, - { availabilityZone: 'us-east-1a' }, - ])('throw error for specifing both destinationFileSystem and other parameters', (config) => { + test('throw error for specifing both destinationFileSystem and other parameters', () => { // WHEN const destination = new FileSystem(stack, 'DestinationFileSystem', { vpc, @@ -1069,7 +1064,7 @@ describe('replication configuration', () => { vpc, replicationConfiguration: { destinationFileSystem: destination, - ...config, + region: 'us-east-1', }, }); }).toThrow('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); @@ -1101,7 +1096,7 @@ describe('replication configuration', () => { vpc, replicationConfiguration: {}, }); - }).toThrow('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required.'); + }).toThrow('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required'); }); test('throw error for invalid region', () => { From dba033ba67bfd5e531fe7be2430ecd2171c06769 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Sun, 10 Mar 2024 03:12:38 +0900 Subject: [PATCH 32/50] Update README.md Co-authored-by: Luca Pizzini --- packages/aws-cdk-lib/aws-efs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index 3e1cb83aa9526..d99c135576015 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -91,7 +91,7 @@ new efs.FileSystem(this, 'ReplicationSourceFileSystem1', { vpc, replicationConfiguration: { kmsKey, // optional - region: 'us-east-1', // optional + region: 'us-east-1', availabilityZone: 'us-east-1a', // optional, Specifing the AZ means creating a One Zone file system as the replication destination } }); From aeeaae85ad3d3fe0aacd13b29736e6fde9e4baec Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sun, 10 Mar 2024 07:32:37 +0900 Subject: [PATCH 33/50] docs: update readme --- packages/aws-cdk-lib/aws-efs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index d99c135576015..a23b4a563267d 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -114,10 +114,10 @@ new efs.FileSystem(this, 'ReplicationSourceFileSystem2', { **Note**: EFS now supports only one replication destination and thus allows specifying just one `replicationConfiguration` for each file system. -> Visit [Replicating file systems](https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html) for more details. - **Note**: You have to specify either `region` or `destinationFileSystem` when creating a replication destination file system. +> Visit [Replicating file systems](https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html) for more details. + ### IAM to control file system data access You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access. From ef15ab17529da47e054fe664789100faf2fdce0b Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Sat, 16 Mar 2024 10:54:57 +0900 Subject: [PATCH 34/50] Update README.md Co-authored-by: Grace Luo <54298030+gracelu0@users.noreply.github.com> --- packages/aws-cdk-lib/aws-efs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index a23b4a563267d..8c040370a4f48 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -92,7 +92,7 @@ new efs.FileSystem(this, 'ReplicationSourceFileSystem1', { replicationConfiguration: { kmsKey, // optional region: 'us-east-1', - availabilityZone: 'us-east-1a', // optional, Specifing the AZ means creating a One Zone file system as the replication destination + availabilityZone: 'us-east-1a', // optional, Specifying the AZ means creating a One Zone file system as the replication destination } }); From a3f177f1c8e329099cda06374246423802183209 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Sat, 16 Mar 2024 10:55:09 +0900 Subject: [PATCH 35/50] Update efs-file-system.ts Co-authored-by: Grace Luo <54298030+gracelu0@users.noreply.github.com> --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index c02185cfdc2c5..d85bb8be1c7f5 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -364,7 +364,7 @@ export interface ReplicationConfiguration { /** * The existing destination file system for the replication. * - * You cannot configure `kmsKey`, `region` and `az` when `destinationFileSystem` is set. + * You cannot configure `kmsKey`, `region` and `availabilityZone` when `destinationFileSystem` is set. * * @default - create a new file system for the replication destination */ From 1d9092c2dd47e97a3802cc97486528629271d786 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Sat, 16 Mar 2024 10:55:16 +0900 Subject: [PATCH 36/50] Update efs-file-system.test.ts Co-authored-by: Grace Luo <54298030+gracelu0@users.noreply.github.com> --- packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index ba570fd7d87ee..e890cd433993f 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -1051,7 +1051,7 @@ describe('replication configuration', () => { }).toThrow('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); }); - test('throw error for specifing both destinationFileSystem and other parameters', () => { + test('throw error for specifying both destinationFileSystem and other parameters', () => { // WHEN const destination = new FileSystem(stack, 'DestinationFileSystem', { vpc, From 17000754c6b899e9e41f48a89976eb2cb4c5084f Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Sat, 16 Mar 2024 10:55:21 +0900 Subject: [PATCH 37/50] Update efs-file-system.test.ts Co-authored-by: Grace Luo <54298030+gracelu0@users.noreply.github.com> --- packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index e890cd433993f..6e4f3358e5e59 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -1070,7 +1070,7 @@ describe('replication configuration', () => { }).toThrow('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); }); - test('throw error for specifing both destinationFileSystem and kmsKey', () => { + test('throw error for specifying both destinationFileSystem and kmsKey', () => { // WHEN const destination = new FileSystem(stack, 'DestinationFileSystem', { vpc, From ffb634f3a398604ce6eb50bf9185ff3ba619a4b4 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sun, 31 Mar 2024 14:24:12 +0900 Subject: [PATCH 38/50] refactor: create ReplicationConfiguration class --- .../aws-efs/lib/efs-file-system.ts | 99 +++++++++++-------- .../aws-efs/test/efs-file-system.test.ts | 47 ++++----- 2 files changed, 80 insertions(+), 66 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index d85bb8be1c7f5..4188ba993e04f 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -357,42 +357,82 @@ export interface FileSystemAttributes { readonly fileSystemArn?: string; } -/** - * Replication configuration for the file system. - */ -export interface ReplicationConfiguration { +export class ReplicationConfiguration { + /** + * Specify the existing destination file system for the replication. + * + * @param destinationFileSystem The existing destination file system for the replication + */ + public static destinationFileSystem(destinationFileSystem: IFileSystem): ReplicationConfiguration { + return new ReplicationConfiguration({ destinationFileSystem }); + } + + /** + * Create a new regional destination file system for the replication. + * + * @param region The AWS Region in which the destination file system is located. Default is the region of the stack. + * @param kmsKey AWS KMS key used to protect the encrypted file system. Default is service-managed KMS key for Amazon EFS. + */ + public static regionalFileSystem(region?: string, kmsKey?: kms.IKey): ReplicationConfiguration { + return new ReplicationConfiguration({ region, kmsKey }); + } + + /** + * Create a new one zone destination file system for the replication. + * + * @param region The AWS Region in which the destination file system is located. + * @param availabilityZone The availability zone name of the destination file system. You have to specify the `region` property for the region that the specified availability zone belongs to. + * @param kmsKey AWS KMS key used to protect the encrypted file system. Default is service-managed KMS key for Amazon EFS. + */ + public static oneZoneFileSystem(region: string, availabilityZone: string, kmsKey?: kms.IKey): ReplicationConfiguration { + return new ReplicationConfiguration({ region, availabilityZone, kmsKey }); + } + /** * The existing destination file system for the replication. * * You cannot configure `kmsKey`, `region` and `availabilityZone` when `destinationFileSystem` is set. - * - * @default - create a new file system for the replication destination */ - readonly destinationFileSystem?: IFileSystem; + public readonly destinationFileSystem?: IFileSystem; /** * AWS KMS key used to protect the encrypted file system. - * - * @default - service-managed KMS key for Amazon EFS is used */ - readonly kmsKey?: kms.IKey; + public readonly kmsKey?: kms.IKey; /** * The AWS Region in which the destination file system is located. - * - * @default - the region of the stack */ - readonly region?: string; + public readonly region?: string; /** * The availability zone name of the destination file system. * One zone file system is used as the destination file system when this property is set. - * - * You have to specify the `region` property for the region that the specified availability zone belongs to. - * - * @default - create regional file system for the replication destination */ - readonly availabilityZone?: string; + public readonly availabilityZone?: string; + + constructor(props: ReplicationConfiguration) { + if (props.availabilityZone && !Token.isUnresolved(props.availabilityZone) && !props.region) { + throw new Error('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); + } + + if (!props.destinationFileSystem && !props.region) { + throw new Error('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required'); + } + + if (props.destinationFileSystem && (props.region || props.availabilityZone || props.kmsKey)) { + throw new Error('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); + } + + if (props.region && !Token.isUnresolved(props.region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(props.region)) { + throw new Error('\'replicationConfiguration.region\' is invalid.'); + } + + this.destinationFileSystem = props.destinationFileSystem; + this.kmsKey = props.kmsKey; + this.region = props.region; + this.availabilityZone = props.availabilityZone; + } } enum ClientAction { @@ -599,27 +639,8 @@ export class FileSystem extends FileSystemBase { throw new Error('ThroughputMode ELASTIC is not supported for file systems with performanceMode MAX_IO'); } - if (props.replicationConfiguration) { - const { destinationFileSystem, region, availabilityZone, kmsKey } = props.replicationConfiguration; - if (props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { - throw new Error('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); - } - - if (availabilityZone && !Token.isUnresolved(availabilityZone) && !region) { - throw new Error('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); - } - - if (!destinationFileSystem && !region) { - throw new Error('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required'); - } - - if (destinationFileSystem && (region || availabilityZone || kmsKey)) { - throw new Error('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); - } - - if (region && !Token.isUnresolved(region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(region)) { - throw new Error('\'replicationConfiguration.region\' is invalid.'); - } + if (props.replicationConfiguration && props.replicationOverwriteProtection === ReplicationOverwriteProtection.DISABLED) { + throw new Error('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); } // we explictly use 'undefined' to represent 'false' to maintain backwards compatibility since diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index 6e4f3358e5e59..797ff86d303ca 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -5,6 +5,7 @@ import * as kms from '../../aws-kms'; import { App, RemovalPolicy, Size, Stack, Tags } from '../../core'; import * as cxapi from '../../cx-api'; import { FileSystem, LifecyclePolicy, PerformanceMode, ThroughputMode, OutOfInfrequentAccessPolicy, ReplicationOverwriteProtection } from '../lib'; +import { ReplicationConfiguration } from '../lib/efs-file-system'; let stack = new Stack(); let vpc = new ec2.Vpc(stack, 'VPC'); @@ -960,13 +961,11 @@ test.each([ }); describe('replication configuration', () => { - test('default settings', () => { + test('regional file system', () => { // WHEN new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { - region: 'ap-northeast-1', - }, + replicationConfiguration: ReplicationConfiguration.regionalFileSystem('ap-northeast-1'), }); // THEN @@ -981,7 +980,7 @@ describe('replication configuration', () => { }); }); - test('with destination file system', () => { + test('specify destination file system', () => { // WHEN const destination = new FileSystem(stack, 'DestinationFileSystem', { vpc, @@ -989,9 +988,7 @@ describe('replication configuration', () => { }); new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { - destinationFileSystem: destination, - }, + replicationConfiguration: ReplicationConfiguration.destinationFileSystem(destination), }); // THEN @@ -1008,15 +1005,15 @@ describe('replication configuration', () => { }); }); - test('with full settings', () => { + test('one zone file system', () => { // WHEN new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { - kmsKey: new kms.Key(stack, 'customKey'), - region: 'us-east-1', - availabilityZone: 'us-east-1a', - }, + replicationConfiguration: ReplicationConfiguration.oneZoneFileSystem( + 'us-east-1', + 'us-east-1a', + new kms.Key(stack, 'customKey'), + ), }); // THEN @@ -1043,9 +1040,7 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { - region: 'us-east-1', - }, + replicationConfiguration: ReplicationConfiguration.regionalFileSystem('ap-northeast-1'), replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, }); }).toThrow('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); @@ -1062,10 +1057,10 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { + replicationConfiguration: new ReplicationConfiguration({ destinationFileSystem: destination, region: 'us-east-1', - }, + }), }); }).toThrow('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); }); @@ -1081,10 +1076,10 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { + replicationConfiguration: new ReplicationConfiguration({ destinationFileSystem: destination, kmsKey: new kms.Key(stack, 'customKey'), - }, + }), }); }).toThrow('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); }); @@ -1094,7 +1089,7 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: {}, + replicationConfiguration: new ReplicationConfiguration({}), }); }).toThrow('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required'); }); @@ -1104,9 +1099,7 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { - region: 'invalid-region', - }, + replicationConfiguration: ReplicationConfiguration.regionalFileSystem('invalid-region'), }); }).toThrow('\'replicationConfiguration.region\' is invalid.'); }); @@ -1116,9 +1109,9 @@ describe('replication configuration', () => { expect(() => { new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: { + replicationConfiguration: new ReplicationConfiguration({ availabilityZone: 'us-east-1a', - }, + }), }); }).toThrow('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); }); From 786643b709c2eae56744598b8df198a984929526 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sun, 31 Mar 2024 14:27:08 +0900 Subject: [PATCH 39/50] test: update integ test --- .../aws-efs/test/integ.efs-filesystem-replication.ts | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts index 9de5fae7edfd2..2eadaafbd4839 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts @@ -18,11 +18,7 @@ const kmsKey = new kms.Key(stack, 'Key', { new efs.FileSystem(stack, 'oneZoneReplicationFileSystem', { vpc, removalPolicy: cdk.RemovalPolicy.DESTROY, - replicationConfiguration: { - kmsKey, - region: 'us-east-1', - availabilityZone: 'us-east-1a', - }, + replicationConfiguration: efs.ReplicationConfiguration.oneZoneFileSystem('us-east-1', 'us-east-1a', kmsKey), }); const destination = new efs.FileSystem(stack, 'destinationFileSystem', { @@ -34,12 +30,9 @@ const destination = new efs.FileSystem(stack, 'destinationFileSystem', { new efs.FileSystem(stack, 'existFileSystemReplication', { vpc, removalPolicy: cdk.RemovalPolicy.DESTROY, - replicationConfiguration: { - destinationFileSystem: destination, - }, + replicationConfiguration: efs.ReplicationConfiguration.destinationFileSystem(destination), }); new integ.IntegTest(app, 'efsReplicationIntegTest', { testCases: [stack], }); -app.synth(); From 37cea2b3c6f27df55a9723009dd47b087045e281 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sun, 31 Mar 2024 14:45:13 +0900 Subject: [PATCH 40/50] refactor --- .../aws-efs/lib/efs-file-system.ts | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 4188ba993e04f..9a6c47b462ec9 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -411,27 +411,32 @@ export class ReplicationConfiguration { */ public readonly availabilityZone?: string; - constructor(props: ReplicationConfiguration) { - if (props.availabilityZone && !Token.isUnresolved(props.availabilityZone) && !props.region) { + constructor(options: { + destinationFileSystem?: IFileSystem; + kmsKey?: kms.IKey; + region?: string; + availabilityZone?: string; + } = {}) { + if (options.availabilityZone && !Token.isUnresolved(options.availabilityZone) && !options.region) { throw new Error('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); } - if (!props.destinationFileSystem && !props.region) { + if (!options.destinationFileSystem && !options.region) { throw new Error('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required'); } - if (props.destinationFileSystem && (props.region || props.availabilityZone || props.kmsKey)) { + if (options.destinationFileSystem && (options.region || options.availabilityZone || options.kmsKey)) { throw new Error('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); } - if (props.region && !Token.isUnresolved(props.region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(props.region)) { + if (options.region && !Token.isUnresolved(options.region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(options.region)) { throw new Error('\'replicationConfiguration.region\' is invalid.'); } - this.destinationFileSystem = props.destinationFileSystem; - this.kmsKey = props.kmsKey; - this.region = props.region; - this.availabilityZone = props.availabilityZone; + this.destinationFileSystem = options.destinationFileSystem; + this.kmsKey = options.kmsKey; + this.region = options.region; + this.availabilityZone = options.availabilityZone; } } From 6f1c6dd79bb57737a64453582bf773933558a7cd Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sun, 31 Mar 2024 14:48:54 +0900 Subject: [PATCH 41/50] fix: rename --- .../test/aws-efs/test/integ.efs-filesystem-replication.ts | 2 +- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 2 +- packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts index 2eadaafbd4839..9afaa24da6b30 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-efs/test/integ.efs-filesystem-replication.ts @@ -30,7 +30,7 @@ const destination = new efs.FileSystem(stack, 'destinationFileSystem', { new efs.FileSystem(stack, 'existFileSystemReplication', { vpc, removalPolicy: cdk.RemovalPolicy.DESTROY, - replicationConfiguration: efs.ReplicationConfiguration.destinationFileSystem(destination), + replicationConfiguration: efs.ReplicationConfiguration.existingFileSystem(destination), }); new integ.IntegTest(app, 'efsReplicationIntegTest', { diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 9a6c47b462ec9..897b7bd8c47fc 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -363,7 +363,7 @@ export class ReplicationConfiguration { * * @param destinationFileSystem The existing destination file system for the replication */ - public static destinationFileSystem(destinationFileSystem: IFileSystem): ReplicationConfiguration { + public static existingFileSystem(destinationFileSystem: IFileSystem): ReplicationConfiguration { return new ReplicationConfiguration({ destinationFileSystem }); } diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index 797ff86d303ca..5cd5f498db17a 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -988,7 +988,7 @@ describe('replication configuration', () => { }); new FileSystem(stack, 'EfsFileSystem', { vpc, - replicationConfiguration: ReplicationConfiguration.destinationFileSystem(destination), + replicationConfiguration: ReplicationConfiguration.existingFileSystem(destination), }); // THEN From 163b45a0b1e0795ca262f8b83fa20558e2ee93d5 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Sun, 31 Mar 2024 20:26:14 +0900 Subject: [PATCH 42/50] fix: build --- packages/@aws-cdk/cx-api/FEATURE_FLAGS.md | 4 ++-- .../aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 17 +++++++++++------ 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md index 0c39405d31b7e..e3688ae4b55ae 100644 --- a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md +++ b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md @@ -66,7 +66,7 @@ Flags come in three types: | [@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction](#aws-cdkaws-cloudwatch-actionschangelambdapermissionlogicalidforlambdaaction) | When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID. | 2.124.0 | (fix) | | [@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse](#aws-cdkaws-codepipelinecrossaccountkeysdefaultvaluetofalse) | Enables Pipeline to set the default value for crossAccountKeys to false. | 2.127.0 | (default) | | [@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2](#aws-cdkaws-codepipelinedefaultpipelinetypetov2) | Enables Pipeline to set the default pipeline type to V2. | 2.133.0 | (default) | -| [@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope](#aws-cdkaws-kmsreducecrossaccountregionpolicyscope) | When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only. | V2NEXT | (fix) | +| [@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope](#aws-cdkaws-kmsreducecrossaccountregionpolicyscope) | When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only. | 2.134.0 | (fix) | @@ -1262,7 +1262,7 @@ When this feature flag is enabled and calling KMS key grant method, the created | Since | Default | Recommended | | ----- | ----- | ----- | | (not in v1) | | | -| V2NEXT | `false` | `true` | +| 2.134.0 | `false` | `true` | diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 897b7bd8c47fc..da2cd12a8a927 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -357,6 +357,16 @@ export interface FileSystemAttributes { readonly fileSystemArn?: string; } +interface ReplicationConfigurationProps { + destinationFileSystem?: IFileSystem; + kmsKey?: kms.IKey; + region?: string; + availabilityZone?: string; +} + +/** + * EFS Replication Configuration + */ export class ReplicationConfiguration { /** * Specify the existing destination file system for the replication. @@ -411,12 +421,7 @@ export class ReplicationConfiguration { */ public readonly availabilityZone?: string; - constructor(options: { - destinationFileSystem?: IFileSystem; - kmsKey?: kms.IKey; - region?: string; - availabilityZone?: string; - } = {}) { + constructor(options: ReplicationConfigurationProps) { if (options.availabilityZone && !Token.isUnresolved(options.availabilityZone) && !options.region) { throw new Error('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); } From 1ac2a5eee8396fc64b1d2310f9924a87cf19f1a7 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 1 Apr 2024 08:28:14 +0900 Subject: [PATCH 43/50] chore: update comments --- .../aws-efs/lib/efs-file-system.ts | 33 +++++++++++++++---- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index da2cd12a8a927..309d5fbc06adf 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -357,11 +357,32 @@ export interface FileSystemAttributes { readonly fileSystemArn?: string; } -interface ReplicationConfigurationProps { - destinationFileSystem?: IFileSystem; - kmsKey?: kms.IKey; - region?: string; - availabilityZone?: string; +/** + * Properties for the ReplicationConfiguration. + */ +export interface ReplicationConfigurationProps { + /** + * The existing destination file system for the replication. + * + * You cannot configure `kmsKey`, `region` and `availabilityZone` when `destinationFileSystem` is set. + */ + readonly destinationFileSystem?: IFileSystem; + + /** + * AWS KMS key used to protect the encrypted file system. + */ + readonly kmsKey?: kms.IKey; + + /** + * The AWS Region in which the destination file system is located. + */ + readonly region?: string; + + /** + * The availability zone name of the destination file system. + * One zone file system is used as the destination file system when this property is set. + */ + readonly availabilityZone?: string; } /** @@ -400,8 +421,6 @@ export class ReplicationConfiguration { /** * The existing destination file system for the replication. - * - * You cannot configure `kmsKey`, `region` and `availabilityZone` when `destinationFileSystem` is set. */ public readonly destinationFileSystem?: IFileSystem; From e41e3f3db64033b7639c3d71d35482861776e18b Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 1 Apr 2024 12:16:09 +0900 Subject: [PATCH 44/50] chore: update comments --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 309d5fbc06adf..c9078b66f42b4 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -365,22 +365,30 @@ export interface ReplicationConfigurationProps { * The existing destination file system for the replication. * * You cannot configure `kmsKey`, `region` and `availabilityZone` when `destinationFileSystem` is set. + * + * @default - create a new file system for the replication */ readonly destinationFileSystem?: IFileSystem; /** * AWS KMS key used to protect the encrypted file system. + * + * @default - use service-managed KMS key for Amazon EFS */ readonly kmsKey?: kms.IKey; /** * The AWS Region in which the destination file system is located. + * + * @default - the region of the stack */ readonly region?: string; /** * The availability zone name of the destination file system. * One zone file system is used as the destination file system when this property is set. + * + * @default - create regional file system when `destinationFileSystem` is not set */ readonly availabilityZone?: string; } From 85c33eb504af416b511a50a6ee16a77666f82643 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Tue, 2 Apr 2024 22:28:38 +0900 Subject: [PATCH 45/50] docs: udpate readme --- packages/aws-cdk-lib/aws-efs/README.md | 31 ++++++++++---------------- 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/README.md b/packages/aws-cdk-lib/aws-efs/README.md index 8c040370a4f48..9bf804c804648 100644 --- a/packages/aws-cdk-lib/aws-efs/README.md +++ b/packages/aws-cdk-lib/aws-efs/README.md @@ -81,41 +81,34 @@ This is to prevent deployment failures due to cross-AZ configurations. You can create a replica of your EFS file system in the AWS Region of your preference. ```ts -import * as kms from 'aws-cdk-lib/aws-kms'; - declare const vpc: ec2.Vpc; -declare const kmsKey: kms.Key; -// auto generate a replication destination file system -new efs.FileSystem(this, 'ReplicationSourceFileSystem1', { +// auto generate a regional replication destination file system +new efs.FileSystem(this, 'RegionalReplicationFileSystem', { vpc, - replicationConfiguration: { - kmsKey, // optional - region: 'us-east-1', - availabilityZone: 'us-east-1a', // optional, Specifying the AZ means creating a One Zone file system as the replication destination - } + replicationConfiguration: efs.ReplicationConfiguration.regionalFileSystem('us-west-2'), +}); + +// auto generate a one zone replication destination file system +new efs.FileSystem(this, 'OneZoneReplicationFileSystem', { + vpc, + replicationConfiguration: efs.ReplicationConfiguration.oneZoneFileSystem('us-east-1', 'us-east-1a'), }); -// specify the replication destination file system const destinationFileSystem = new efs.FileSystem(this, 'DestinationFileSystem', { vpc, // set as the read-only file system for use as a replication destination replicationOverwriteProtection: efs.ReplicationOverwriteProtection.DISABLED, }); - -new efs.FileSystem(this, 'ReplicationSourceFileSystem2', { +// specify the replication destination file system +new efs.FileSystem(this, 'ReplicationFileSystem', { vpc, - replicationConfiguration: { - destinationFileSystem, - // cannot configure other properties when destinationFileSystem is specified - } + replicationConfiguration: efs.ReplicationConfiguration.existingFileSystem(destinationFileSystem), }); ``` **Note**: EFS now supports only one replication destination and thus allows specifying just one `replicationConfiguration` for each file system. -**Note**: You have to specify either `region` or `destinationFileSystem` when creating a replication destination file system. - > Visit [Replicating file systems](https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html) for more details. ### IAM to control file system data access From edf0c08b570fe306ee61890f882c16549a2fd1b4 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 22 Apr 2024 18:21:42 +0900 Subject: [PATCH 46/50] chore: refactor --- .../aws-efs/lib/efs-file-system.ts | 117 ++++++++++++++---- .../aws-efs/test/efs-file-system.test.ts | 70 ----------- 2 files changed, 92 insertions(+), 95 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index c9078b66f42b4..e692b4db7e3dc 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -360,12 +360,10 @@ export interface FileSystemAttributes { /** * Properties for the ReplicationConfiguration. */ -export interface ReplicationConfigurationProps { +interface ReplicationConfigurationProps { /** * The existing destination file system for the replication. * - * You cannot configure `kmsKey`, `region` and `availabilityZone` when `destinationFileSystem` is set. - * * @default - create a new file system for the replication */ readonly destinationFileSystem?: IFileSystem; @@ -393,17 +391,72 @@ export interface ReplicationConfigurationProps { readonly availabilityZone?: string; } +/** + * Properties for configuring ReplicationConfiguration to replicate + * to a new One Zone file system. + */ +export interface OneZoneFileSystemProps { + /** + * AWS KMS key used to protect the encrypted file system. + * + * @default - use service-managed KMS key for Amazon EFS + */ + readonly kmsKey?: kms.IKey; + + /** + * The AWS Region in which the destination file system is located. + */ + readonly region: string; + + /** + * The availability zone name of the destination file system. + * One zone file system is used as the destination file system when this property is set. + */ + readonly availabilityZone: string; +} + +/** + * Properties for configuring ReplicationConfiguration to replicate + * to a new Regional file system. + */ +export interface RegionalFileSystemProps { + /** + * AWS KMS key used to protect the encrypted file system. + * + * @default - use service-managed KMS key for Amazon EFS + */ + readonly kmsKey?: kms.IKey; + + /** + * The AWS Region in which the destination file system is located. + * + * @default - the region of the stack + */ + readonly region?: string; +} + +/** + * Properties for configuring ReplicationConfiguration to replicate + * to an existing file system. + */ +export interface ExistingFileSystemProps { + /** + * The existing destination file system for the replication. + */ + readonly destinationFileSystem?: IFileSystem; +} + /** * EFS Replication Configuration */ -export class ReplicationConfiguration { +export abstract class ReplicationConfiguration { /** * Specify the existing destination file system for the replication. * * @param destinationFileSystem The existing destination file system for the replication */ public static existingFileSystem(destinationFileSystem: IFileSystem): ReplicationConfiguration { - return new ReplicationConfiguration({ destinationFileSystem }); + return new ExistingFileSystem({ destinationFileSystem }); } /** @@ -413,18 +466,18 @@ export class ReplicationConfiguration { * @param kmsKey AWS KMS key used to protect the encrypted file system. Default is service-managed KMS key for Amazon EFS. */ public static regionalFileSystem(region?: string, kmsKey?: kms.IKey): ReplicationConfiguration { - return new ReplicationConfiguration({ region, kmsKey }); + return new RegionalFileSystem({ region, kmsKey }); } /** * Create a new one zone destination file system for the replication. * - * @param region The AWS Region in which the destination file system is located. - * @param availabilityZone The availability zone name of the destination file system. You have to specify the `region` property for the region that the specified availability zone belongs to. + * @param region The AWS Region in which the specified availability zone belongs to. + * @param availabilityZone The availability zone name of the destination file system. * @param kmsKey AWS KMS key used to protect the encrypted file system. Default is service-managed KMS key for Amazon EFS. */ public static oneZoneFileSystem(region: string, availabilityZone: string, kmsKey?: kms.IKey): ReplicationConfiguration { - return new ReplicationConfiguration({ region, availabilityZone, kmsKey }); + return new OneZoneFileSystem({ region, availabilityZone, kmsKey }); } /** @@ -449,22 +502,6 @@ export class ReplicationConfiguration { public readonly availabilityZone?: string; constructor(options: ReplicationConfigurationProps) { - if (options.availabilityZone && !Token.isUnresolved(options.availabilityZone) && !options.region) { - throw new Error('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); - } - - if (!options.destinationFileSystem && !options.region) { - throw new Error('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required'); - } - - if (options.destinationFileSystem && (options.region || options.availabilityZone || options.kmsKey)) { - throw new Error('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); - } - - if (options.region && !Token.isUnresolved(options.region) && !/^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$/.test(options.region)) { - throw new Error('\'replicationConfiguration.region\' is invalid.'); - } - this.destinationFileSystem = options.destinationFileSystem; this.kmsKey = options.kmsKey; this.region = options.region; @@ -472,6 +509,36 @@ export class ReplicationConfiguration { } } +/** + * Represents an existing file system used as the destination file system + * for ReplicationConfiguration. + */ +class ExistingFileSystem extends ReplicationConfiguration { + constructor(props: ExistingFileSystemProps) { + super(props); + } +} + +/** + * Represents a new Regional file system used as the + * destination file system for ReplicationConfiguration. + */ +class RegionalFileSystem extends ReplicationConfiguration { + constructor(props: RegionalFileSystemProps) { + super(props); + } +} + +/** + * Represents a new One Zone file system used as the + * destination file system for ReplicationConfiguration. + */ +class OneZoneFileSystem extends ReplicationConfiguration { + constructor(props: OneZoneFileSystemProps) { + super(props); + } +} + enum ClientAction { MOUNT = 'elasticfilesystem:ClientMount', WRITE = 'elasticfilesystem:ClientWrite', diff --git a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts index 5cd5f498db17a..a162d95fc0801 100644 --- a/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts +++ b/packages/aws-cdk-lib/aws-efs/test/efs-file-system.test.ts @@ -1045,74 +1045,4 @@ describe('replication configuration', () => { }); }).toThrow('Cannot configure \'replicationConfiguration\' when \'replicationOverwriteProtection\' is set to \'DISABLED\''); }); - - test('throw error for specifying both destinationFileSystem and other parameters', () => { - // WHEN - const destination = new FileSystem(stack, 'DestinationFileSystem', { - vpc, - replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, - }); - - // THEN - expect(() => { - new FileSystem(stack, 'EfsFileSystem', { - vpc, - replicationConfiguration: new ReplicationConfiguration({ - destinationFileSystem: destination, - region: 'us-east-1', - }), - }); - }).toThrow('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); - }); - - test('throw error for specifying both destinationFileSystem and kmsKey', () => { - // WHEN - const destination = new FileSystem(stack, 'DestinationFileSystem', { - vpc, - replicationOverwriteProtection: ReplicationOverwriteProtection.DISABLED, - }); - - // THEN - expect(() => { - new FileSystem(stack, 'EfsFileSystem', { - vpc, - replicationConfiguration: new ReplicationConfiguration({ - destinationFileSystem: destination, - kmsKey: new kms.Key(stack, 'customKey'), - }), - }); - }).toThrow('Cannot configure \'replicationConfiguration.region\', \'replicationConfiguration.availabilityZone\' or \'replicationConfiguration.kmsKey\' when \'replicationConfiguration.destinationFileSystem\' is set'); - }); - - test('throw error for specifying neither region nor destinationFileSystem', () => { - // THEN - expect(() => { - new FileSystem(stack, 'EfsFileSystem', { - vpc, - replicationConfiguration: new ReplicationConfiguration({}), - }); - }).toThrow('\'replicationConfiguration.region\' or \'replicationConfiguration.destinationFileSystem\' is required'); - }); - - test('throw error for invalid region', () => { - // THEN - expect(() => { - new FileSystem(stack, 'EfsFileSystem', { - vpc, - replicationConfiguration: ReplicationConfiguration.regionalFileSystem('invalid-region'), - }); - }).toThrow('\'replicationConfiguration.region\' is invalid.'); - }); - - test('throw error for specifying availabilityZone without region', () => { - // THEN - expect(() => { - new FileSystem(stack, 'EfsFileSystem', { - vpc, - replicationConfiguration: new ReplicationConfiguration({ - availabilityZone: 'us-east-1a', - }), - }); - }).toThrow('\'replicationConfiguration.availabilityZone\' cannot be specified without \'replicationConfiguration.region\''); - }); }); From 7c04a230c7fa805b7460944bb8e0c4d3247e86f5 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 22 Apr 2024 22:23:12 +0900 Subject: [PATCH 47/50] fix: add export --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index e692b4db7e3dc..699eeac99efb1 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -4,7 +4,7 @@ import { CfnFileSystem, CfnMountTarget } from './efs.generated'; import * as ec2 from '../../aws-ec2'; import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; -import { ArnFormat, FeatureFlags, Lazy, RemovalPolicy, Resource, Size, Stack, Tags, Token } from '../../core'; +import { ArnFormat, FeatureFlags, Lazy, RemovalPolicy, Resource, Size, Stack, Tags } from '../../core'; import * as cxapi from '../../cx-api'; /** @@ -360,7 +360,7 @@ export interface FileSystemAttributes { /** * Properties for the ReplicationConfiguration. */ -interface ReplicationConfigurationProps { +export interface ReplicationConfigurationProps { /** * The existing destination file system for the replication. * From c26a21fe829722e18f89d32dfaa1792700009df8 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Mon, 22 Apr 2024 22:41:31 +0900 Subject: [PATCH 48/50] fix: optional --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 699eeac99efb1..3574abb58ec70 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -443,7 +443,7 @@ export interface ExistingFileSystemProps { /** * The existing destination file system for the replication. */ - readonly destinationFileSystem?: IFileSystem; + readonly destinationFileSystem: IFileSystem; } /** From b806c5e8b88c65524e8ebdbd08291803ef11c8a1 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Wed, 24 Apr 2024 10:32:43 +0900 Subject: [PATCH 49/50] Update packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts Co-authored-by: Grace Luo <54298030+gracelu0@users.noreply.github.com> --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 3574abb58ec70..7cd75f30e2603 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -386,7 +386,7 @@ export interface ReplicationConfigurationProps { * The availability zone name of the destination file system. * One zone file system is used as the destination file system when this property is set. * - * @default - create regional file system when `destinationFileSystem` is not set + * @default - no availability zone is set */ readonly availabilityZone?: string; } From 7e3380f26d05be0b7a639b801209a1420a8a3906 Mon Sep 17 00:00:00 2001 From: Kazuho CryerShinozuka Date: Thu, 25 Apr 2024 01:48:16 +0900 Subject: [PATCH 50/50] chore: update comments --- packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts index 7cd75f30e2603..c83560cc431b3 100644 --- a/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts +++ b/packages/aws-cdk-lib/aws-efs/lib/efs-file-system.ts @@ -364,7 +364,7 @@ export interface ReplicationConfigurationProps { /** * The existing destination file system for the replication. * - * @default - create a new file system for the replication + * @default - None */ readonly destinationFileSystem?: IFileSystem;