chore(cdk-lib): fix most of the Rosetta example compilation failures (#25030)

Many a compilation error has slipped into our examples. Turn Rosetta strict mode back on for `aws-cdk-lib`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: rix0rrr

packages/aws-cdk-lib/README.md

@@ -27,7 +27,7 @@ According to the kind of project you are developing:
 
 You can use a classic import to get access to each service namespaces:
 
-```ts
+```ts nofixture
 import { Stack, App, aws_s3 as s3 } from 'aws-cdk-lib';
 
 const app = new App();
@@ -40,7 +40,7 @@ new s3.Bucket(stack, 'TestBucket');
 
 Alternatively, you can use "barrel" imports:
 
-```ts
+```ts nofixture
 import { App, Stack } from 'aws-cdk-lib';
 import { Bucket } from 'aws-cdk-lib/aws-s3';
 
@@ -684,13 +684,13 @@ exports.handler = async (e) => {
 `sum.ts`:
 
 ```ts nofixture
+import { Construct } from 'constructs';
 import {
-  Construct,
   CustomResource,
   CustomResourceProvider,
   CustomResourceProviderRuntime,
   Token,
-} from '@aws-cdk/core';
+} from 'aws-cdk-lib';
 
 export interface SumProps {
   readonly lhs: number;
@@ -911,7 +911,7 @@ a property of the creationPolicy on the resource options. Setting it to true wil
 resources that depend on the fleet resource.
 
 ```ts
-const fleet = new CfnFleet(stack, 'Fleet', {
+const fleet = new appstream.CfnFleet(this, 'Fleet', {
   instanceType: 'stream.standard.small',
   name: 'Fleet',
   computeCapacity: {
@@ -930,14 +930,18 @@ The properties passed to the level 2 constructs `AutoScalingGroup` and `Instance
 
 The CfnWaitCondition resource from the `aws-cloudformation` module suppports the `resourceSignal`.
 The format of the timeout is `PT#H#M#S`. In the example below AWS Cloudformation will wait for
-3 success signals to occur within 15 minutes before the status of the resource will be set to 
+3 success signals to occur within 15 minutes before the status of the resource will be set to
 `CREATE_COMPLETE`.
 
 ```ts
-resource.cfnOptions.resourceSignal = {
-  count: 3,
-  timeout: 'PR15M',
-}
+declare const resource: CfnResource;
+
+resource.cfnOptions.creationPolicy = {
+  resourceSignal: {
+    count: 3,
+    timeout: 'PR15M',
+  }
+};
 ```
 
 [creation-policy]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-creationpolicy.html
@@ -1290,8 +1294,6 @@ to all roles within a specific construct scope. The most common use case would
 be to apply a permissions boundary at the `Stage` level.
 
 ```ts
-declare const app: App;
-
 const prodStage = new Stage(app, 'ProdStage', {
   permissionsBoundary: PermissionsBoundary.fromName('cdk-${Qualifier}-PermissionsBoundary'),
 });
@@ -1323,19 +1325,21 @@ will be printed to the console or to a file (see below).
 To use one or more validation plugins in your application, use the
 `policyValidationBeta1` property of `Stage`:
 
-```ts
+```ts fixture=validation-plugin
 // globally for the entire app (an app is a stage)
 const app = new App({
   policyValidationBeta1: [
-    // These hypothetical classes implement IValidationPlugin:
-    new ThirdPartyPluginX(), 
+    // These hypothetical classes implement IPolicyValidationPluginBeta1:
+    new ThirdPartyPluginX(),
     new ThirdPartyPluginY(),
   ],
 });
 
 // only apply to a particular stage
 const prodStage = new Stage(app, 'ProdStage', {
-  policyValidationBeta1: [...],
+  policyValidationBeta1: [
+    new ThirdPartyPluginX(),
+  ],
 });
 ```
 
@@ -1351,12 +1355,12 @@ validation.
 > secure to use.
 
 By default, the report will be printed in a human readable format. If you want a
-report in JSON format, enable it using the `@aws-cdk/core:validationReportJson` 
+report in JSON format, enable it using the `@aws-cdk/core:validationReportJson`
 context passing it directly to the application:
 
 ```ts
-const app = new App({ 
-  context: { '@aws-cdk/core:validationReportJson': true }, 
+const app = new App({
+  context: { '@aws-cdk/core:validationReportJson': true },
 });
 ```
 
@@ -1372,35 +1376,39 @@ the standard output.
 ### For plugin authors
 
 The communication protocol between the CDK core module and your policy tool is
-defined by the `IValidationPluginBeta1` interface. To create a new plugin you must
+defined by the `IPolicyValidationPluginBeta1` interface. To create a new plugin you must
 write a class that implements this interface. There are two things you need to
 implement: the plugin name (by overriding the `name` property), and the
 `validate()` method.
 
-The framework will call `validate()`, passing an `IValidationContextBeta1` object.
+The framework will call `validate()`, passing an `IPolicyValidationContextBeta1` object.
 The location of the templates to be validated is given by `templatePaths`. The
-plugin should return an instance of `ValidationPluginReportBeta1`. This object
+plugin should return an instance of `PolicyValidationPluginReportBeta1`. This object
 represents the report that the user wil receive at the end of the synthesis.
 
-```ts
-validate(context: ValidationContextBeta1): ValidationReportBeta1 {
-  // First read the templates using context.templatePaths...
-
-  // ...then perform the validation, and then compose and return the report.
-  // Using hard-coded values here for better clarity:
-  return {
-    success: false,
-    violations: [{
-      ruleName: 'CKV_AWS_117',
-      recommendation: 'Ensure that AWS Lambda function is configured inside a VPC',
-      fix: 'https://docs.bridgecrew.io/docs/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1',
-      violatingResources: [{
-        resourceName: 'MyFunction3BAA72D1',
-        templatePath: '/home/johndoe/myapp/cdk.out/MyService.template.json',
-        locations: 'Properties/VpcConfig',
+```ts fixture=validation-plugin
+class MyPlugin implements IPolicyValidationPluginBeta1 {
+  public readonly name = 'MyPlugin';
+
+  public validate(context: IPolicyValidationContextBeta1): PolicyValidationPluginReportBeta1 {
+    // First read the templates using context.templatePaths...
+
+    // ...then perform the validation, and then compose and return the report.
+    // Using hard-coded values here for better clarity:
+    return {
+      success: false,
+      violations: [{
+        ruleName: 'CKV_AWS_117',
+        description: 'Ensure that AWS Lambda function is configured inside a VPC',
+        fix: 'https://docs.bridgecrew.io/docs/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1',
+        violatingResources: [{
+          resourceLogicalId: 'MyFunction3BAA72D1',
+          templatePath: '/home/johndoe/myapp/cdk.out/MyService.template.json',
+          locations: ['Properties/VpcConfig'],
+        }],
       }],
-    }],
-  };
+    };
+  }
 }
 ```
 

packages/aws-cdk-lib/aws-apigateway/README.md

@@ -730,50 +730,54 @@ books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), {
 
 A full working example is shown below.
 
-```ts
+```ts nofixture
 import * as path from 'path';
 import * as lambda from 'aws-cdk-lib/aws-lambda';
+import { Construct } from 'constructs';
 import { App, Stack } from 'aws-cdk-lib';
-import { MockIntegration, PassthroughBehavior, RestApi, TokenAuthorizer, Cors } from '../../lib';
+import { MockIntegration, PassthroughBehavior, RestApi, TokenAuthorizer, Cors } from 'aws-cdk-lib/aws-apigateway';
 
 /// !show
-const app = new App();
-const stack = new Stack(app, 'TokenAuthorizerInteg');
-
-const authorizerFn = new lambda.Function(stack, 'MyAuthorizerFunction', {
-  runtime: lambda.Runtime.NODEJS_14_X,
-  handler: 'index.handler',
-  code: lambda.AssetCode.fromAsset(path.join(__dirname, 'integ.token-authorizer.handler')),
-});
-
-const authorizer = new TokenAuthorizer(stack, 'MyAuthorizer', {
-  handler: authorizerFn,
-});
-
-const restapi = new RestApi(stack, 'MyRestApi', {
-  cloudWatchRole: true,
-  defaultMethodOptions: {
-    authorizer,
-  },
-  defaultCorsPreflightOptions: {
-    allowOrigins: Cors.ALL_ORIGINS,
-  },
-});
+class MyStack extends Stack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+
+    const authorizerFn = new lambda.Function(this, 'MyAuthorizerFunction', {
+      runtime: lambda.Runtime.NODEJS_14_X,
+      handler: 'index.handler',
+      code: lambda.AssetCode.fromAsset(path.join(__dirname, 'integ.token-authorizer.handler')),
+    });
+
+    const authorizer = new TokenAuthorizer(this, 'MyAuthorizer', {
+      handler: authorizerFn,
+    });
+
+    const restapi = new RestApi(this, 'MyRestApi', {
+      cloudWatchRole: true,
+      defaultMethodOptions: {
+        authorizer,
+      },
+      defaultCorsPreflightOptions: {
+        allowOrigins: Cors.ALL_ORIGINS,
+      },
+    });
 
 
-restapi.root.addMethod('ANY', new MockIntegration({
-  integrationResponses: [
-    { statusCode: '200' },
-  ],
-  passthroughBehavior: PassthroughBehavior.NEVER,
-  requestTemplates: {
-    'application/json': '{ "statusCode": 200 }',
-  },
-}), {
-  methodResponses: [
-    { statusCode: '200' },
-  ],
-});
+    restapi.root.addMethod('ANY', new MockIntegration({
+      integrationResponses: [
+        { statusCode: '200' },
+      ],
+      passthroughBehavior: PassthroughBehavior.NEVER,
+      requestTemplates: {
+        'application/json': '{ "statusCode": 200 }',
+      },
+    }), {
+      methodResponses: [
+        { statusCode: '200' },
+      ],
+    });
+  }
+}
 ```
 
 By default, the `TokenAuthorizer` looks for the authorization token in the request header with the key 'Authorization'. This can,