chore(release): 2.30.0 (#20949)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.30.0/CHANGELOG.md)

Author: mergify[bot]

CHANGELOG.v2.alpha.md

@@ -2,6 +2,8 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.30.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.29.1-alpha.0...v2.30.0-alpha.0) (2022-07-01)
+
 ## [2.29.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.29.0-alpha.0...v2.29.1-alpha.0) (2022-06-24)
 
 ## [2.29.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.28.1-alpha.0...v2.29.0-alpha.0) (2022-06-22)

CHANGELOG.v2.md

@@ -2,6 +2,24 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.30.0](https://github.com/aws/aws-cdk/compare/v2.29.1...v2.30.0) (2022-07-01)
+
+### Features
+
+* **appmesh:** ipv6 support for app mesh ([#20766](https://github.com/aws/aws-cdk/issues/20766)) ([b1e6d62](https://github.com/aws/aws-cdk/commit/b1e6d62ed6b6ede0362d0a68d804660e84efe5cb)), closes [#20737](https://github.com/aws/aws-cdk/issues/20737)
+* **cognito:** make `grant()` available on `IUserPool` ([#20799](https://github.com/aws/aws-cdk/issues/20799)) ([a1df570](https://github.com/aws/aws-cdk/commit/a1df570b89c6d456077bb934e0bf08217677ef1f)), closes [#20285](https://github.com/aws/aws-cdk/issues/20285)
+* **iam:** PolicyStatements can be frozen ([#20911](https://github.com/aws/aws-cdk/issues/20911)) ([3bf737b](https://github.com/aws/aws-cdk/commit/3bf737bd172eda016d2e9bb7c5f40c001399fd23))
+* **lambda:** grant function permissions to an AWS organization ([#19975](https://github.com/aws/aws-cdk/issues/19975)) ([2566017](https://github.com/aws/aws-cdk/commit/2566017a83ec4f9c2c5cefda4585a3f71e3516e7)), closes [#19538](https://github.com/aws/aws-cdk/issues/19538) [#20146](https://github.com/aws/aws-cdk/issues/20146)
+* **rds:** add missing aurora postgres versions ([#20830](https://github.com/aws/aws-cdk/issues/20830)) ([2151a0e](https://github.com/aws/aws-cdk/commit/2151a0e9b988723e050e6f37ed1780cced16c519))
+
+
+### Bug Fixes
+
+* **apigateway:** Explicitly test for undefined instead of falsey for stage default options ([#20868](https://github.com/aws/aws-cdk/issues/20868)) ([b368a31](https://github.com/aws/aws-cdk/commit/b368a315cab0cedf03298083f5f1fb809bd1d1f2))
+* **eks:** revert shell=True and allow public ecr to work ([#20724](https://github.com/aws/aws-cdk/issues/20724)) ([de153fc](https://github.com/aws/aws-cdk/commit/de153fcdd47a4cdcd1d156d5e19684969d990c8e))
+* **pipelines:** 'ConfirmPermissionsBroadening' uses wrong node version ([#20861](https://github.com/aws/aws-cdk/issues/20861)) ([bac965e](https://github.com/aws/aws-cdk/commit/bac965e9c4d435ae45d5cf16aa809f33bbb05a0f))
+* **secretsmanager:** SecretRotation app does not set DeletionPolicy ([#20901](https://github.com/aws/aws-cdk/issues/20901)) ([f2b4eff](https://github.com/aws/aws-cdk/commit/f2b4effc903ab3a36dc925516f3329f236d03a70))
+
 ## [2.29.1](https://github.com/aws/aws-cdk/compare/v2.29.0...v2.29.1) (2022-06-24)
 
 

README.md

@@ -9,6 +9,8 @@
 [![Go Reference](https://pkg.go.dev/badge/github.com/aws/aws-cdk-go/awscdk.svg)](https://pkg.go.dev/github.com/aws/aws-cdk-go/awscdk)
 [![Mergify](https://img.shields.io/endpoint.svg?url=https://gh.mergify.io/badges/aws/aws-cdk&style=flat)](https://mergify.io)
 
+[![View on Construct Hub](https://constructs.dev/badge?package=aws-cdk-lib)](https://constructs.dev/packages/aws-cdk-lib)
+
 The **AWS Cloud Development Kit (AWS CDK)** is an open-source software development
 framework to define cloud infrastructure in code and provision it through AWS CloudFormation.
 

packages/@aws-cdk/aws-apigateway/lib/stage.ts

@@ -310,7 +310,7 @@ export class Stage extends Resource implements IStage {
     };
 
     // if any of them are defined, add an entry for '/*/*'.
-    const hasCommonOptions = Object.keys(commonMethodOptions).map(v => (commonMethodOptions as any)[v]).filter(x => x).length > 0;
+    const hasCommonOptions = Object.keys(commonMethodOptions).map(v => (commonMethodOptions as any)[v]).filter(x => x !== undefined).length > 0;
     if (hasCommonOptions) {
       settings.push(renderEntry('/*/*', commonMethodOptions));
     }

packages/@aws-cdk/aws-apigateway/test/stage.test.ts

@@ -2,6 +2,7 @@ import { Template } from '@aws-cdk/assertions';
 import * as logs from '@aws-cdk/aws-logs';
 import * as cdk from '@aws-cdk/core';
 import * as apigateway from '../lib';
+import { ApiDefinition } from '../lib';
 
 describe('stage', () => {
   test('minimal setup', () => {
@@ -396,4 +397,30 @@ describe('stage', () => {
       accessLogFormat: testFormat,
     })).toThrow(/Access log format is specified without a destination/);
   });
+
+  test('default throttling settings', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    new apigateway.SpecRestApi(stack, 'testapi', {
+      apiDefinition: ApiDefinition.fromInline({
+        openapi: '3.0.2',
+      }),
+      deployOptions: {
+        throttlingBurstLimit: 0,
+        throttlingRateLimit: 0,
+        metricsEnabled: false,
+      },
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::Stage', {
+      MethodSettings: [{
+        DataTraceEnabled: false,
+        HttpMethod: '*',
+        ResourcePath: '/*',
+        ThrottlingBurstLimit: 0,
+        ThrottlingRateLimit: 0,
+      }],
+    });
+  });
 });

packages/@aws-cdk/aws-appmesh/README.md

@@ -49,6 +49,17 @@ const mesh = new appmesh.Mesh(this, 'AppMesh', {
 });
 ```
 
+A mesh with an IP preference can be created by providing the property `serviceDiscovery` that specifes an `ipPreference`.
+
+```ts
+const mesh = new appmesh.Mesh(this, 'AppMesh', {
+  meshName: 'myAwsMesh',
+  serviceDiscovery: {
+    ipPreference: appmesh.IpPreference.IPV4_ONLY,
+  },
+});
+```
+
 ## Adding VirtualRouters
 
 A _mesh_ uses  _virtual routers_ as logical units to route requests to _virtual nodes_.
@@ -425,6 +436,48 @@ const gateway = new appmesh.VirtualGateway(this, 'gateway', {
 });
 ```
 
+### Adding an IP Preference to a Virtual Node
+
+An `ipPreference` can be specified as part of a Virtual Node's service discovery. An IP preference defines how clients for this Virtual Node will interact with it.
+
+There a four different IP preferences available to use which each specify what IP versions this Virtual Node will use and prefer.
+
+- `IPv4_ONLY` - Only use IPv4. For CloudMap service discovery, only IPv4 addresses returned from CloudMap will be used. For DNS service discovery, Envoy's DNS resolver will only resolve DNS queries for IPv4.
+
+- `IPv4_PREFERRED` - Prefer IPv4 and fall back to IPv6. For CloudMap service discovery, an IPv4 address will be used if returned from CloudMap. Otherwise, an IPv6 address will be used if available. For DNS service discovery, Envoy's DNS resolver will first attempt to resolve DNS queries using IPv4 and fall back to IPv6.
+
+- `IPv6_ONLY` - Only use IPv6. For CloudMap service discovery, only IPv6 addresses returned from CloudMap will be used. For DNS service discovery, Envoy's DNS resolver will only resolve DNS queries for IPv6.
+
+- `IPv6_PREFERRED` - Prefer IPv6 and fall back to IPv4. For CloudMap service discovery, an IPv6 address will be used if returned from CloudMap. Otherwise, an IPv4 address will be used if available. For DNS service discovery, Envoy's DNS resolver will first attempt to resolve DNS queries using IPv6 and fall back to IPv4.
+
+```ts
+const mesh = new appmesh.Mesh(stack, 'mesh', {
+  meshName: 'mesh-with-preference',
+});
+
+// Virtual Node with DNS service discovery and an IP preference
+const dnsNode = new appmesh.VirtualNode(stack, 'dns-node', {
+  mesh,
+  serviceDiscovery: appmesh.ServiceDiscovery.dns('test', appmesh.DnsResponseType.LOAD_BALANCER, appmesh.IpPreference.IPV4_ONLY),
+});
+
+// Virtual Node with CloudMap service discovery and an IP preference
+const vpc = new ec2.Vpc(stack, 'vpc');
+const namespace = new cloudmap.PrivateDnsNamespace(stack, 'test-namespace', {
+  vpc,
+  name: 'domain.local',
+});
+const service = namespace.createService('Svc');
+
+const instanceAttribute : { [key: string]: string} = {};
+instanceAttribute.testKey = 'testValue';
+
+const cloudmapNode = new appmesh.VirtualNode(stack, 'cloudmap-node', {
+  mesh,
+  serviceDiscovery: appmesh.ServiceDiscovery.cloudMap(service, instanceAttribute, appmesh.IpPreference.IPV4_ONLY),
+});
+```
+
 ## Adding a Route
 
 A _route_ matches requests with an associated virtual router and distributes traffic to its associated virtual nodes. 

packages/@aws-cdk/aws-appmesh/lib/mesh.ts

@@ -1,6 +1,7 @@
 import * as cdk from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import { CfnMesh } from './appmesh.generated';
+import { MeshServiceDiscovery } from './service-discovery';
 import { VirtualGateway, VirtualGatewayBaseProps } from './virtual-gateway';
 import { VirtualNode, VirtualNodeBaseProps } from './virtual-node';
 import { VirtualRouter, VirtualRouterBaseProps } from './virtual-router';
@@ -124,6 +125,13 @@ export interface MeshProps {
    * @default DROP_ALL
    */
   readonly egressFilter?: MeshFilterType;
+
+  /**
+   * Defines how upstream clients will discover VirtualNodes in the Mesh
+   *
+   * @default - No Service Discovery
+   */
+  readonly serviceDiscovery?: MeshServiceDiscovery;
 }
 
 /**
@@ -187,6 +195,7 @@ export class Mesh extends MeshBase {
         egressFilter: props.egressFilter ? {
           type: props.egressFilter,
         } : undefined,
+        serviceDiscovery: props.serviceDiscovery,
       },
     });
 

packages/@aws-cdk/aws-appmesh/lib/service-discovery.ts

@@ -2,6 +2,52 @@ import * as cloudmap from '@aws-cdk/aws-servicediscovery';
 import { Construct } from 'constructs';
 import { CfnVirtualNode } from './appmesh.generated';
 
+/**
+ * Enum of supported IP preferences.
+ * Used to dictate the IP version for mesh wide and virtual node service discovery.
+ * Also used to specify the IP version that a sidecar Envoy uses when sending traffic to a local application.
+ */
+
+export enum IpPreference {
+  /**
+   * Use IPv4 when sending traffic to a local application.
+   * Only use IPv4 for service discovery.
+   */
+  IPV4_ONLY = 'IPv4_ONLY',
+  /**
+   * Use IPv4 when sending traffic to a local application.
+   * First attempt to use IPv4 and fall back to IPv6 for service discovery.
+   */
+  IPV4_PREFERRED = 'IPv4_PREFERRED',
+  /**
+   * Use IPv6 when sending traffic to a local application.
+   * Only use IPv6 for service discovery.
+   */
+  IPV6_ONLY = 'IPv6_ONLY',
+  /**
+   * Use IPv6 when sending traffic to a local application.
+   * First attempt to use IPv6 and fall back to IPv4 for service discovery.
+   */
+  IPV6_PREFERRED = 'IPv6_PREFERRED'
+}
+
+/**
+ * Properties for Mesh Service Discovery
+ */
+export interface MeshServiceDiscovery {
+  /**
+   * IP preference applied to all Virtual Nodes in the Mesh
+   *
+   * @default - No IP preference is applied to any of the Virtual Nodes in the Mesh.
+   *  Virtual Nodes without an IP preference will have the following configured.
+   *  Envoy listeners are configured to bind only to IPv4.
+   *  Envoy will use IPv4 when sending traffic to a local application.
+   *  For DNS service discovery, the Envoy DNS resolver to prefer using IPv6 and fall back to IPv4.
+   *  For CloudMap service discovery, App Mesh will prefer using IPv4 and fall back to IPv6 for IPs returned by CloudMap.
+   */
+  readonly ipPreference?: IpPreference;
+}
+
 /**
  * Properties for VirtualNode Service Discovery
  */
@@ -48,9 +94,10 @@ export abstract class ServiceDiscovery {
    * @param hostname
    * @param responseType Specifies the DNS response type for the virtual node.
    *  The default is `DnsResponseType.LOAD_BALANCER`.
+   * @param ipPreference No IP preference is applied to the Virtual Node.
    */
-  public static dns(hostname: string, responseType?: DnsResponseType): ServiceDiscovery {
-    return new DnsServiceDiscovery(hostname, responseType);
+  public static dns(hostname: string, responseType?: DnsResponseType, ipPreference?: IpPreference): ServiceDiscovery {
+    return new DnsServiceDiscovery(hostname, responseType, ipPreference);
   }
 
   /**
@@ -61,9 +108,10 @@ export abstract class ServiceDiscovery {
    *  filter instances by any custom attribute that you specified when you
    *  registered the instance. Only instances that match all of the specified
    *  key/value pairs will be returned.
+   * @param ipPreference No IP preference is applied to the Virtual Node.
    */
-  public static cloudMap(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}): ServiceDiscovery {
-    return new CloudMapServiceDiscovery(service, instanceAttributes);
+  public static cloudMap(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}, ipPreference?: IpPreference): ServiceDiscovery {
+    return new CloudMapServiceDiscovery(service, instanceAttributes, ipPreference);
   }
 
   /**
@@ -75,18 +123,21 @@ export abstract class ServiceDiscovery {
 class DnsServiceDiscovery extends ServiceDiscovery {
   private readonly hostname: string;
   private readonly responseType?: DnsResponseType;
+  private readonly ipPreference?: IpPreference;
 
-  constructor(hostname: string, responseType?: DnsResponseType) {
+  constructor(hostname: string, responseType?: DnsResponseType, ipPreference?: IpPreference) {
     super();
     this.hostname = hostname;
     this.responseType = responseType;
+    this.ipPreference = ipPreference;
   }
 
   public bind(_scope: Construct): ServiceDiscoveryConfig {
     return {
       dns: {
         hostname: this.hostname,
         responseType: this.responseType,
+        ipPreference: this.ipPreference,
       },
     };
   }
@@ -95,11 +146,13 @@ class DnsServiceDiscovery extends ServiceDiscovery {
 class CloudMapServiceDiscovery extends ServiceDiscovery {
   private readonly service: cloudmap.IService;
   private readonly instanceAttributes?: {[key: string]: string};
+  private readonly ipPreference?: IpPreference;
 
-  constructor(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}) {
+  constructor(service: cloudmap.IService, instanceAttributes?: {[key: string]: string}, ipPreference?: IpPreference) {
     super();
     this.service = service;
     this.instanceAttributes = instanceAttributes;
+    this.ipPreference = ipPreference;
   }
 
   public bind(_scope: Construct): ServiceDiscoveryConfig {
@@ -108,6 +161,7 @@ class CloudMapServiceDiscovery extends ServiceDiscovery {
         namespaceName: this.service.namespace.namespaceName,
         serviceName: this.service.serviceName,
         attributes: renderAttributes(this.instanceAttributes),
+        ipPreference: this.ipPreference,
       },
     };
   }

packages/@aws-cdk/aws-appmesh/test/integ.mesh.ts

@@ -17,6 +17,11 @@ const namespace = new cloudmap.PrivateDnsNamespace(stack, 'test-namespace', {
 });
 
 const mesh = new appmesh.Mesh(stack, 'mesh');
+new appmesh.Mesh(stack, 'mesh-with-preference', {
+  serviceDiscovery: {
+    ipPreference: appmesh.IpPreference.IPV4_ONLY,
+  },
+});
 const router = mesh.addVirtualRouter('router', {
   listeners: [
     appmesh.VirtualRouterListener.http(),
@@ -29,7 +34,7 @@ const virtualService = new appmesh.VirtualService(stack, 'service', {
 });
 
 const node = mesh.addVirtualNode('node', {
-  serviceDiscovery: appmesh.ServiceDiscovery.dns(`node1.${namespace.namespaceName}`),
+  serviceDiscovery: appmesh.ServiceDiscovery.dns(`node1.${namespace.namespaceName}`, undefined, appmesh.IpPreference.IPV4_ONLY),
   listeners: [appmesh.VirtualNodeListener.http({
     healthCheck: appmesh.HealthCheck.http({
       healthyThreshold: 3,

packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/cdk.out

@@ -1 +1 @@
-{"version":"17.0.0"}
+{"version":"20.0.0"}

packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/integ.json

@@ -1,7 +1,7 @@
 {
-  "version": "18.0.0",
+  "version": "20.0.0",
   "testCases": {
-    "aws-appmesh/test/integ.mesh": {
+    "integ.mesh": {
       "stacks": [
         "mesh-stack"
       ],

packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "17.0.0",
+  "version": "20.0.0",
   "artifacts": {
     "Tree": {
       "type": "cdk:tree",
@@ -291,6 +291,12 @@
             "data": "meshgateway1gateway1routegrpc2FAC1FF36"
           }
         ],
+        "/mesh-stack/mesh-with-preference/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "meshwithpreferenceCC9682C9"
+          }
+        ],
         "/mesh-stack/service/Resource": [
           {
             "type": "aws:cdk:logicalId",

packages/@aws-cdk/aws-appmesh/test/mesh.integ.snapshot/mesh-stack.assets.json

@@ -0,0 +1,19 @@
+{
+  "version": "20.0.0",
+  "files": {
+    "be244c434fce5ce2d030a96121c147910d423314d1807320ddf66a562a53550d": {
+      "source": {
+        "path": "mesh-stack.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "be244c434fce5ce2d030a96121c147910d423314d1807320ddf66a562a53550d.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}