diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json index b016e8fe026ce..3efb2af23a810 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json @@ -1,13 +1,14 @@ { - "version": "36.0.0", + "version": "48.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "displayName": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9 Template", "source": { "path": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region": { + "current_account-current_region-d8d86b35": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json index 8283986c144e7..262419beddf9f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json @@ -1,15 +1,16 @@ { - "version": "36.0.0", + "version": "48.0.0", "files": { - "4c3d1a4b2e322a4753eb4eaf49c45451cc6a8bd2662a6d2c740c369f3e55d10f": { + "5884b9ddea03cd5fb1b10d061feb1df00ddf0b1aab1c8001f1aecf0f6329f96d": { + "displayName": "Stack Template", "source": { "path": "Stack.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region": { + "current_account-current_region-adde0917": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "4c3d1a4b2e322a4753eb4eaf49c45451cc6a8bd2662a6d2c740c369f3e55d10f.json", + "objectKey": "5884b9ddea03cd5fb1b10d061feb1df00ddf0b1aab1c8001f1aecf0f6329f96d.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json index 0ca0b5065f5e4..b6507765660b2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json @@ -5,6 +5,25 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, + "EventBusRole24766622": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Description": "Role for accessing EventBus", + "RoleName": "EventBusAccessRole" + } + }, "BusEA82B648": { "Type": "AWS::Events::EventBus", "Properties": { @@ -17,6 +36,10 @@ } }, "Description": "myEventBus", + "LogConfig": { + "IncludeDetail": "FULL", + "Level": "ERROR" + }, "Name": "StackBusAA0A1E4B" } }, @@ -31,19 +54,9 @@ "Effect": "Allow", "Principal": { "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] + "Fn::GetAtt": [ + "EventBusRole24766622", + "Arn" ] } }, @@ -69,19 +82,9 @@ "Effect": "Allow", "Principal": { "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] + "Fn::GetAtt": [ + "EventBusRole24766622", + "Arn" ] } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out index 1f0068d32659a..523a9aac37cbf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"48.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json index c5e97be0cb324..e858a42398d1b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "48.0.0", "testCases": { "IntegTest-EventBusStack/DefaultTest": { "stacks": [ @@ -8,5 +8,6 @@ "assertionStack": "IntegTest-EventBusStack/DefaultTest/DeployAssert", "assertionStackName": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9" } - } + }, + "minimumCliVersion": "2.1023.0" } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json index bf76759facbc8..0ae723547bceb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "48.0.0", "artifacts": { "Stack.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/4c3d1a4b2e322a4753eb4eaf49c45451cc6a8bd2662a6d2c740c369f3e55d10f.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5884b9ddea03cd5fb1b10d061feb1df00ddf0b1aab1c8001f1aecf0f6329f96d.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -34,24 +34,97 @@ "Stack.assets" ], "metadata": { + "/Stack/DLQ": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], "/Stack/DLQ/Resource": [ { "type": "aws:cdk:logicalId", "data": "DLQ581697C4" } ], + "/Stack/EventBusRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "description": "*", + "roleName": "*" + } + } + ], + "/Stack/EventBusRole/ImportEventBusRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/Stack/EventBusRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "EventBusRole24766622" + } + ], + "/Stack/Bus": [ + { + "type": "aws:cdk:analytics:construct", + "data": {} + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToResourcePolicy": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToResourcePolicy": [ + {} + ] + } + } + ], "/Stack/Bus/Resource": [ { "type": "aws:cdk:logicalId", "data": "BusEA82B648" } ], + "/Stack/Bus/cdk-Statement1": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "eventBus": "*", + "statement": "*", + "statementId": "*" + } + } + ], "/Stack/Bus/cdk-Statement1/Resource": [ { "type": "aws:cdk:logicalId", "data": "BuscdkStatement1D7D87B9D" } ], + "/Stack/Bus/cdk-Statement2": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "eventBus": "*", + "statement": "*", + "statementId": "*" + } + } + ], "/Stack/Bus/cdk-Statement2/Resource": [ { "type": "aws:cdk:logicalId", @@ -126,6 +199,477 @@ "properties": { "file": "tree.json" } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "userValue": true, + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "userValue": true, + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "userValue": true, + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "userValue": true, + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "userValue": true, + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "userValue": true, + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "userValue": true, + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "userValue": true, + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "userValue": true, + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "userValue": true, + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "userValue": true, + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "userValue": true, + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "userValue": true, + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "userValue": false, + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": { + "userValue": false, + "recommendedValue": false, + "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**" + }, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**" + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "userValue": false, + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "userValue": true, + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "userValue": true, + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "userValue": true, + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + } + } + } } - } + }, + "minimumCliVersion": "2.1023.0" } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json index 05f7895c8c043..9e5f93f79ed59 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json @@ -1,268 +1 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "Stack": { - "id": "Stack", - "path": "Stack", - "children": { - "DLQ": { - "id": "DLQ", - "path": "Stack/DLQ", - "children": { - "Resource": { - "id": "Resource", - "path": "Stack/DLQ/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::SQS::Queue", - "aws:cdk:cloudformation:props": {} - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "Bus": { - "id": "Bus", - "path": "Stack/Bus", - "children": { - "Resource": { - "id": "Resource", - "path": "Stack/Bus/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Events::EventBus", - "aws:cdk:cloudformation:props": { - "deadLetterConfig": { - "arn": { - "Fn::GetAtt": [ - "DLQ581697C4", - "Arn" - ] - } - }, - "description": "myEventBus", - "name": "StackBusAA0A1E4B" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "cdk-Statement1": { - "id": "cdk-Statement1", - "path": "Stack/Bus/cdk-Statement1", - "children": { - "Resource": { - "id": "Resource", - "path": "Stack/Bus/cdk-Statement1/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Events::EventBusPolicy", - "aws:cdk:cloudformation:props": { - "eventBusName": { - "Ref": "BusEA82B648" - }, - "statement": { - "Action": "events:PutEvents", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": { - "Fn::GetAtt": [ - "BusEA82B648", - "Arn" - ] - }, - "Sid": "cdk-Statement1" - }, - "statementId": "cdk-Statement1" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "cdk-Statement2": { - "id": "cdk-Statement2", - "path": "Stack/Bus/cdk-Statement2", - "children": { - "Resource": { - "id": "Resource", - "path": "Stack/Bus/cdk-Statement2/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Events::EventBusPolicy", - "aws:cdk:cloudformation:props": { - "eventBusName": { - "Ref": "BusEA82B648" - }, - "statement": { - "Action": "events:PutRule", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": { - "Fn::GetAtt": [ - "BusEA82B648", - "Arn" - ] - }, - "Sid": "cdk-Statement2" - }, - "statementId": "cdk-Statement2" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "Stack/BootstrapVersion", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "Stack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "IntegTest-EventBusStack": { - "id": "IntegTest-EventBusStack", - "path": "IntegTest-EventBusStack", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "IntegTest-EventBusStack/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "IntegTest-EventBusStack/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "IntegTest-EventBusStack/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "IntegTest-EventBusStack/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "IntegTest-EventBusStack/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - } -} \ No newline at end of file +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"Stack":{"id":"Stack","path":"Stack","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"DLQ":{"id":"DLQ","path":"Stack/DLQ","constructInfo":{"fqn":"aws-cdk-lib.aws_sqs.Queue","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"Stack/DLQ/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_sqs.CfnQueue","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::SQS::Queue","aws:cdk:cloudformation:props":{}}}}},"EventBusRole":{"id":"EventBusRole","path":"Stack/EventBusRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"description":"*","roleName":"*"}]},"children":{"ImportEventBusRole":{"id":"ImportEventBusRole","path":"Stack/EventBusRole/ImportEventBusRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"Stack/EventBusRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"description":"Role for accessing EventBus","roleName":"EventBusAccessRole"}}}}},"Bus":{"id":"Bus","path":"Stack/Bus","constructInfo":{"fqn":"aws-cdk-lib.aws_events.EventBus","version":"0.0.0","metadata":[{},{"addToResourcePolicy":[{}]},{"addToResourcePolicy":[{}]}]},"children":{"Resource":{"id":"Resource","path":"Stack/Bus/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_events.CfnEventBus","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Events::EventBus","aws:cdk:cloudformation:props":{"deadLetterConfig":{"arn":{"Fn::GetAtt":["DLQ581697C4","Arn"]}},"description":"myEventBus","logConfig":{"includeDetail":"FULL","level":"ERROR"},"name":"StackBusAA0A1E4B"}}},"cdk-Statement1":{"id":"cdk-Statement1","path":"Stack/Bus/cdk-Statement1","constructInfo":{"fqn":"aws-cdk-lib.aws_events.EventBusPolicy","version":"0.0.0","metadata":[{"eventBus":"*","statement":"*","statementId":"*"}]},"children":{"Resource":{"id":"Resource","path":"Stack/Bus/cdk-Statement1/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_events.CfnEventBusPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Events::EventBusPolicy","aws:cdk:cloudformation:props":{"eventBusName":{"Ref":"BusEA82B648"},"statement":{"Action":"events:PutEvents","Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["EventBusRole24766622","Arn"]}},"Resource":{"Fn::GetAtt":["BusEA82B648","Arn"]},"Sid":"cdk-Statement1"},"statementId":"cdk-Statement1"}}}}},"cdk-Statement2":{"id":"cdk-Statement2","path":"Stack/Bus/cdk-Statement2","constructInfo":{"fqn":"aws-cdk-lib.aws_events.EventBusPolicy","version":"0.0.0","metadata":[{"eventBus":"*","statement":"*","statementId":"*"}]},"children":{"Resource":{"id":"Resource","path":"Stack/Bus/cdk-Statement2/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_events.CfnEventBusPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Events::EventBusPolicy","aws:cdk:cloudformation:props":{"eventBusName":{"Ref":"BusEA82B648"},"statement":{"Action":"events:PutRule","Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["EventBusRole24766622","Arn"]}},"Resource":{"Fn::GetAtt":["BusEA82B648","Arn"]},"Sid":"cdk-Statement2"},"statementId":"cdk-Statement2"}}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"Stack/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"Stack/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"IntegTest-EventBusStack":{"id":"IntegTest-EventBusStack","path":"IntegTest-EventBusStack","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"IntegTest-EventBusStack/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"IntegTest-EventBusStack/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"IntegTest-EventBusStack/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"IntegTest-EventBusStack/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"IntegTest-EventBusStack/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts index 331dec2c9bb63..19ba678b19bd4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts @@ -2,21 +2,31 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import * as sqs from 'aws-cdk-lib/aws-sqs'; import { App, Stack } from 'aws-cdk-lib'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; -import { EventBus } from 'aws-cdk-lib/aws-events'; +import { EventBus, IncludeDetail, Level } from 'aws-cdk-lib/aws-events'; const app = new App(); const stack = new Stack(app, 'Stack'); const dlq = new sqs.Queue(stack, 'DLQ'); +const eventBusRole = new iam.Role(stack, 'EventBusRole', { + assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'), + description: 'Role for accessing EventBus', + roleName: 'EventBusAccessRole', +}); + const bus = new EventBus(stack, 'Bus', { deadLetterQueue: dlq, description: 'myEventBus', + logConfig: { + includeDetail: IncludeDetail.FULL, + level: Level.ERROR, + }, }); bus.addToResourcePolicy(new iam.PolicyStatement({ effect: iam.Effect.ALLOW, - principals: [new iam.AccountPrincipal(stack.account)], + principals: [eventBusRole], actions: ['events:PutEvents'], sid: 'Statement1', resources: [bus.eventBusArn], @@ -24,7 +34,7 @@ bus.addToResourcePolicy(new iam.PolicyStatement({ bus.addToResourcePolicy(new iam.PolicyStatement({ effect: iam.Effect.ALLOW, - principals: [new iam.AccountPrincipal(stack.account)], + principals: [eventBusRole], actions: ['events:PutRule'], sid: 'Statement2', resources: [bus.eventBusArn], diff --git a/packages/aws-cdk-lib/aws-events/README.md b/packages/aws-cdk-lib/aws-events/README.md index cb30c23c23d21..6c171d130fa96 100644 --- a/packages/aws-cdk-lib/aws-events/README.md +++ b/packages/aws-cdk-lib/aws-events/README.md @@ -356,4 +356,21 @@ const archive = new Archive(stack, 'Archive', { ``` To enable archives or schema discovery on an event bus, customers has the choice of using either an AWS owned key or a customer managed key. -For more information, see [KMS key options for event bus encryption](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-at-rest-key-options.html). \ No newline at end of file +For more information, see [KMS key options for event bus encryption](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-at-rest-key-options.html). + +## Configuring logging + +To configure logging for an Event Bus, leverage the LogConfig property. It allows different level of logging (NONE, INFO, TRACE, ERROR) and wether to include details or not. + +```ts +import { EventBus, IncludeDetail, Level } from 'aws-cdk-lib/aws-events'; + +const bus = new EventBus(this, 'Bus', { + logConfig: { + includeDetail: IncludeDetail.FULL, + level: Level.TRACE, + }, + }); +``` + +See more [Specifying event bus log level](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-bus-logs.html#eb-event-bus-logs-level) diff --git a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts index 2fae5fe1ea8db..79f4b47630999 100644 --- a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts +++ b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts @@ -9,6 +9,61 @@ import { addConstructMetadata, MethodMetadata } from '../../core/lib/metadata-re import { propertyInjectable } from '../../core/lib/prop-injectable'; import * as cxapi from '../../cx-api'; +/** + * Whether EventBridge include detailed event information in the records it generates. + * Detailed data can be useful for troubleshooting and debugging. + * This information includes details of the event itself, as well as target details. + */ +export enum IncludeDetail { + /** + * FULL: Include all details related to event itself and the request EventBridge sends to the target. + * Detailed data can be useful for troubleshooting and debugging. + */ + FULL = 'FULL', + /** + * NONE: Does not include any details. + */ + NONE = 'NONE', +} + +/** + * The level of logging detail to include. This applies to all log destinations for the event bus. + */ +export enum Level { + /** + * INFO: EventBridge sends any logs related to errors, as well as major steps performed during event processing + */ + INFO = 'INFO', + /** + * ERROR: EventBridge sends any logs related to errors generated during event processing and target delivery. + */ + ERROR = 'ERROR', + /** + * TRACE: EventBridge sends any logs generated during all steps in the event processing. + */ + TRACE = 'TRACE', + /** + * OFF: EventBridge does not send any logs. This is the default. + */ + OFF = 'OFF', +} + +/** + * Interface for Logging Configuration of the Event Bus + */ +export interface LogConfig { + /** + * Whether EventBridge include detailed event information in the records it generates. + * @default no details + */ + readonly includeDetail?: IncludeDetail; + /** + * Logging level + * @default OFF + */ + readonly level?: Level; +} + /** * Interface which all EventBus based classes MUST implement */ @@ -112,6 +167,11 @@ export interface EventBusProps { * @default - Use an AWS managed key */ readonly kmsKey?: kms.IKey; + /** + * The Logging Configuration of the Ăˆvent Bus. + * @default - no logging + */ + readonly logConfig?: LogConfig; } /** @@ -405,6 +465,7 @@ export class EventBus extends EventBusBase { } : undefined, description: props?.description, kmsKeyIdentifier: props?.kmsKey?.keyArn, + logConfig: props?.logConfig, }); this.eventBusArn = this.getResourceArnAttribute(eventBus.attrArn, { diff --git a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts index 0e35b84240bf2..98ecedda80b4f 100644 --- a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts +++ b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts @@ -4,7 +4,7 @@ import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; import * as sqs from '../../aws-sqs'; import { Aws, CfnResource, Stack, Arn, App, PhysicalName, CfnOutput } from '../../core'; -import { EventBus } from '../lib'; +import { EventBus, IncludeDetail, Level } from '../lib'; describe('event bus', () => { test('default event bus', () => { @@ -20,6 +20,28 @@ describe('event bus', () => { }); }); + test('default event bus with logConfig', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + new EventBus(stack, 'Bus', { + logConfig: { + includeDetail: IncludeDetail.FULL, + level: Level.TRACE, + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Events::EventBus', { + Name: 'Bus', + LogConfig: { + IncludeDetail: 'FULL', + Level: 'TRACE', + }, + }); + }); + test('default event bus with empty props object', () => { // GIVEN const stack = new Stack();