aws
diff --git a/‎CHANGELOG.v2.alpha.md
Lines changed: 7 additions & 0 deletions b/‎CHANGELOG.v2.alpha.md
Lines changed: 7 additions & 0 deletions
diff --git a/‎CHANGELOG.v2.md
Lines changed: 22 additions & 0 deletions b/‎CHANGELOG.v2.md
Lines changed: 22 additions & 0 deletions
diff --git a/‎CONTRIBUTING.md
Lines changed: 5 additions & 0 deletions b/‎CONTRIBUTING.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎docs/DESIGN_GUIDELINES.md
Lines changed: 5 additions & 5 deletions b/‎docs/DESIGN_GUIDELINES.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎packages/@aws-cdk/aws-autoscaling/lib/step-scaling-policy.ts
Lines changed: 2 additions & 0 deletions b/‎packages/@aws-cdk/aws-autoscaling/lib/step-scaling-policy.ts
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-autoscaling/test/aspects/require-imdsv2-aspect.test.ts
Lines changed: 4 additions & 10 deletions b/‎packages/@aws-cdk/aws-autoscaling/test/aspects/require-imdsv2-aspect.test.ts
Lines changed: 4 additions & 10 deletions
diff --git a/‎packages/@aws-cdk/aws-autoscaling/test/scaling.test.ts
Lines changed: 2 additions & 0 deletions b/‎packages/@aws-cdk/aws-autoscaling/test/scaling.test.ts
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-batch/README.md
Lines changed: 17 additions & 0 deletions b/‎packages/@aws-cdk/aws-batch/README.md
Lines changed: 17 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-batch/lib/job-definition.ts
Lines changed: 23 additions & 0 deletions b/‎packages/@aws-cdk/aws-batch/lib/job-definition.ts
Lines changed: 23 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-batch/rosetta/default.ts-fixture
Lines changed: 1 addition & 0 deletions b/‎packages/@aws-cdk/aws-batch/rosetta/default.ts-fixture
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.assets.json
Lines changed: 19 additions & 0 deletions b/‎packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.assets.json
Lines changed: 19 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json
Lines changed: 42 additions & 0 deletions b/‎packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json
Lines changed: 42 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/cdk.out
Lines changed: 1 addition & 1 deletion b/‎packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/cdk.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/integ.json
Lines changed: 2 additions & 2 deletions b/‎packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/integ.json
Lines changed: 2 additions & 2 deletions
diff --git a/‎packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/manifest.json
Lines changed: 13 additions & 1 deletion b/‎packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/manifest.json
Lines changed: 13 additions & 1 deletion
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.31.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.30.0-alpha.0...v2.31.0-alpha.0) (2022-07-06)
+
+
+### Features
+
+* **batch:** add secrets props to job definition ([#20871](https://github.com/aws/aws-cdk/issues/20871)) ([9b1051f](https://github.com/aws/aws-cdk/commit/9b1051f86abdfa6448b14cdae8e1ef9acb1e6688)), closes [#19506](https://github.com/aws/aws-cdk/issues/19506) [#10976](https://github.com/aws/aws-cdk/issues/10976)
+
 ## [2.30.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.29.1-alpha.0...v2.30.0-alpha.0) (2022-07-01)
 
 ## [2.29.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.29.0-alpha.0...v2.29.1-alpha.0) (2022-06-24)
 
@@ -2,6 +2,28 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.31.0](https://github.com/aws/aws-cdk/compare/v2.30.0...v2.31.0) (2022-07-06)
+
+
+### Features
+
+* **autoscaling:** step scaling policy supports estimatedInstanceWarmup property ([#20936](https://github.com/aws/aws-cdk/issues/20936)) ([e4c7b97](https://github.com/aws/aws-cdk/commit/e4c7b9770573e3c102e4be0c2ba0378a0b2b8767))
+* **aws-s3:** create default bucket policy when required (under feature flag) ([#20765](https://github.com/aws/aws-cdk/issues/20765)) ([cefa453](https://github.com/aws/aws-cdk/commit/cefa453bb3f98eb9c3f894c308ae703522de8f22)), closes [/docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3](https://github.com/aws//docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html/issues/AWS-logs-infrastructure-S3) [#18816](https://github.com/aws/aws-cdk/issues/18816)
+* **cfnspec:** cloudformation spec v78.1.0 ([#20952](https://github.com/aws/aws-cdk/issues/20952)) ([20d6e09](https://github.com/aws/aws-cdk/commit/20d6e0980ba9483fb0187a8cf5a256f5b59a7ba8))
+* **dynamodb:** imported tables always grant permissions for indexes ([#20682](https://github.com/aws/aws-cdk/issues/20682)) ([4d003a5](https://github.com/aws/aws-cdk/commit/4d003a50ae96a6c2be915edc2f6ca09eeb747fd5)), closes [#13703](https://github.com/aws/aws-cdk/issues/13703)
+* **ec2:** add additional instance type classes ([#20972](https://github.com/aws/aws-cdk/issues/20972)) ([400ad91](https://github.com/aws/aws-cdk/commit/400ad91cb926fb0a6d71039f8eba3bb63e7c8ca8)), closes [#20924](https://github.com/aws/aws-cdk/issues/20924)
+* **s3:** Event Bridge notification can be enabled after the bucket is created ([#20913](https://github.com/aws/aws-cdk/issues/20913)) ([b0b7a32](https://github.com/aws/aws-cdk/commit/b0b7a3217b1c110bcbe4580addf1ae2865ebfdf5))
+
+
+### Bug Fixes
+
+* **cli:** standard log messages are sent to stderr when CI=true ([#20957](https://github.com/aws/aws-cdk/issues/20957)) ([277340d](https://github.com/aws/aws-cdk/commit/277340d4a67f81d3b80907e1899001d091780698)), closes [#7717](https://github.com/aws/aws-cdk/issues/7717)
+* **cloudfront:** fromOriginAccessIdentityName is a misnomer ([#20772](https://github.com/aws/aws-cdk/issues/20772)) ([3e58e5a](https://github.com/aws/aws-cdk/commit/3e58e5a3c5e12a859e4076b867444980d4b1e8e9)), closes [#20141](https://github.com/aws/aws-cdk/issues/20141)
+* **eks:** latest `AlbController` version isn't compatible with the chart version  ([#20826](https://github.com/aws/aws-cdk/issues/20826)) ([43a0cec](https://github.com/aws/aws-cdk/commit/43a0cec380f39618f18f15da8c60cb0a4a769d37))
+* **route53:** cannot delete existing alias record ([#20858](https://github.com/aws/aws-cdk/issues/20858)) ([22681b1](https://github.com/aws/aws-cdk/commit/22681b1bc29ee48b3092d60cfc22726912ae607a)), closes [#20847](https://github.com/aws/aws-cdk/issues/20847)
+* **stepfunctions-tasks:** SqsSendMessage is missing KMS permissions ([#20990](https://github.com/aws/aws-cdk/issues/20990)) ([52b7019](https://github.com/aws/aws-cdk/commit/52b70194c946c3074b0205318564775be10f29a8))
+* custom resources log sensitive `ResponseURL` field ([#20899](https://github.com/aws/aws-cdk/issues/20899)) ([6b4f92f](https://github.com/aws/aws-cdk/commit/6b4f92f2437c7ff782c88ce23925a04168728d7c))
+
 ## [2.30.0](https://github.com/aws/aws-cdk/compare/v2.29.1...v2.30.0) (2022-07-01)
 
 ### Features
 
@@ -329,6 +329,11 @@ $ yarn watch & # runs in the background
   [conventionalcommits](https://www.conventionalcommits.org).
   * The title must begin with `feat(module): title`, `fix(module): title`, `refactor(module): title` or
     `chore(module): title`.
+    * `feat`: indicates a feature added (requires tests and README updates in principle, but can be suppressed)
+    * `fix`: indicates a bug fixes (requires tests in principle, but can be suppressed)
+    * `docs`: indicates updated documentation (docstrings or Markdown files)
+    * `refactor`: indicates a feature-preserving refactoring
+    * `chore`: something without directly visible user benefit (does not end up in the CHANGELOG). Typically used for build scripts, config, or changes so minor they don't warrant showing up the CHANGELOG.
   * Titles for `feat` and `fix` PRs end up in the change log. Think about what makes most sense for users reading the changelog while writing them.
     * `feat`: describe the feature (not the action of creating the commit or PR, for example, avoid words like "added" or "changed")
     * `fix`: describe the bug (not the solution)
 
@@ -126,8 +126,8 @@ The AWS Construct Library, which is shipped as part of the AWS CDK constructs
 representing AWS resources.
 
 The AWS Construct Library has multiple layers of constructs, beginning
-with low-level constructs, which we call _CFN Resources_ (or L1, short for
-"level 1") or CFN Resources (short for CloudFormation). These constructs
+with low-level constructs, which we call _CFN Resources_ (short for
+CloudFormation resources), or L1 (short for "level 1"). These constructs
 directly represent all resources available in AWS CloudFormation. CFN Resources
 are periodically generated from the AWS CloudFormation Resource
 Specification. They are named **Cfn**_Xyz_, where _Xyz_ is name of the
@@ -456,7 +456,7 @@ A prop should be *required* only if there is no possible sensible default value
 that can be provided *or calculated*.
 
 Sensible defaults have a tremendous impact on the developer experience. They
-offer a quick way to get started with minimal cognitive, but do not limit users
+offer a quick way to get started with minimal cognitive load, but do not limit users
 from harnessing the full power of the resource, and customizing its behavior.
 
 > A good way to determine what's the right sensible default is to refer to the
@@ -754,10 +754,10 @@ interface IFoo extends IConstruct {
 class Foo extends Construct implements IFoo {
   public bar() { }
 
-  /** @mutating */
+  @config
   public goo() { }
 
-  public mutateMe() { } // ERROR! missing "@mutating" or missing on IFoo
+  public mutateMe() { } // ERROR! missing "@config" or missing on IFoo
 }
 ```
 
 
@@ -108,6 +108,7 @@ export class StepScalingPolicy extends Construct {
       this.lowerAction = new StepScalingAction(this, 'LowerPolicy', {
         adjustmentType: props.adjustmentType,
         cooldown: props.cooldown,
+        estimatedInstanceWarmup: props.estimatedInstanceWarmup,
         metricAggregationType: props.metricAggregationType ?? aggregationTypeFromMetric(props.metric),
         minAdjustmentMagnitude: props.minAdjustmentMagnitude,
         autoScalingGroup: props.autoScalingGroup,
@@ -138,6 +139,7 @@ export class StepScalingPolicy extends Construct {
       this.upperAction = new StepScalingAction(this, 'UpperPolicy', {
         adjustmentType: props.adjustmentType,
         cooldown: props.cooldown,
+        estimatedInstanceWarmup: props.estimatedInstanceWarmup,
         metricAggregationType: props.metricAggregationType ?? aggregationTypeFromMetric(props.metric),
         minAdjustmentMagnitude: props.minAdjustmentMagnitude,
         autoScalingGroup: props.autoScalingGroup,
 
@@ -26,7 +26,9 @@ describe('AutoScalingGroupRequireImdsv2Aspect', () => {
       machineImage: ec2.MachineImage.latestAmazonLinux(),
     });
     const launchConfig = asg.node.tryFindChild('LaunchConfig') as CfnLaunchConfiguration;
-    launchConfig.metadataOptions = fakeToken();
+    launchConfig.metadataOptions = cdk.Token.asAny({
+      httpEndpoint: 'https://bla.com',
+    } as CfnLaunchConfiguration.MetadataOptionsProperty);
     const aspect = new AutoScalingGroupRequireImdsv2Aspect();
 
     // WHEN
@@ -61,12 +63,4 @@ describe('AutoScalingGroupRequireImdsv2Aspect', () => {
       },
     });
   });
-});
-
-function fakeToken(): cdk.IResolvable {
-  return {
-    creationStack: [],
-    resolve: (_c) => {},
-    toString: () => '',
-  };
-}
+});
@@ -205,6 +205,7 @@ describe('scaling', () => {
         namespace: 'Henk',
         dimensionsMap: { Mustache: 'Bushy' },
       }),
+      estimatedInstanceWarmup: cdk.Duration.seconds(150),
       // Adjust the number of legs to be closer to 2
       scalingSteps: [
         { lower: 0, upper: 2, change: +1 },
@@ -241,6 +242,7 @@ describe('scaling', () => {
     Template.fromStack(stack).hasResourceProperties('AWS::AutoScaling::ScalingPolicy', {
       MetricAggregationType: 'Average',
       PolicyType: 'StepScaling',
+      EstimatedInstanceWarmup: 150,
       StepAdjustments: [
         {
           MetricIntervalUpperBound: 0,
 
@@ -300,6 +300,23 @@ new batch.JobDefinition(this, 'job-def', {
 });
 ```
 
+### Using the secret on secrets manager
+
+You can set the environment variables from secrets manager.
+
+```ts
+const dbSecret = new secretsmanager.Secret(this, 'secret');
+
+new batch.JobDefinition(this, 'batch-job-def-secrets', {
+  container: {
+    image: ecs.EcrImage.fromRegistry('docker/whalesay'),
+    secrets: {
+      PASSWORD: ecs.Secret.fromSecretsManager(dbSecret, 'password'),
+    },
+  },
+});
+```
+
 ### Importing an existing Job Definition
 
 #### From ARN
 
@@ -112,6 +112,13 @@ export interface JobDefinitionContainer {
    */
   readonly environment?: { [key: string]: string };
 
+  /**
+   * The environment variables from secrets manager or ssm parameter store
+   *
+   * @default none
+   */
+  readonly secrets?: { [key: string]: ecs.Secret };
+
   /**
    * The image used to start a container.
    */
@@ -453,6 +460,14 @@ export class JobDefinition extends Resource implements IJobDefinition {
       platformCapabilities: props.platformCapabilities ?? [PlatformCapabilities.EC2],
     });
 
+    // add read secrets permission to execution role
+    if ( props.container.secrets && props.container.executionRole ) {
+      const executionRole = props.container.executionRole;
+      Object.values(props.container.secrets).forEach((secret) => {
+        secret.grantRead(executionRole);
+      });
+    }
+
     this.jobDefinitionArn = this.getResourceArnAttribute(jobDef.ref, {
       service: 'batch',
       resource: 'job-definition',
@@ -507,6 +522,14 @@ export class JobDefinition extends Resource implements IJobDefinition {
     return {
       command: container.command,
       environment: this.deserializeEnvVariables(container.environment),
+      secrets: container.secrets
+        ? Object.entries(container.secrets).map(([key, value]) => {
+          return {
+            name: key,
+            valueFrom: value.arn,
+          };
+        })
+        : undefined,
       image: this.imageConfig.imageName,
       instanceType: container.instanceType && container.instanceType.toString(),
       jobRoleArn: container.jobRole && container.jobRole.roleArn,
 
@@ -4,6 +4,7 @@ import { Stack } from '@aws-cdk/core';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as batch from '@aws-cdk/aws-batch';
 import * as ecs from '@aws-cdk/aws-ecs';
+import * as secretsmanager from '@aws-cdk/aws-secretsmanager';
 
 class Fixture extends Stack {
   constructor(scope: Construct, id: string) {
 
@@ -0,0 +1,19 @@
+{
+  "version": "20.0.0",
+  "files": {
+    "d3685c79f9ec67f5dd6fda839a136b079f201b3d72695fe0ea3b3788c3471cc8": {
+      "source": {
+        "path": "batch-stack.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "d3685c79f9ec67f5dd6fda839a136b079f201b3d72695fe0ea3b3788c3471cc8.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}
@@ -1365,6 +1365,14 @@
    "UpdateReplacePolicy": "Retain",
    "DeletionPolicy": "Retain"
   },
+  "batchsecret7CD5E4C6": {
+   "Type": "AWS::SecretsManager::Secret",
+   "Properties": {
+    "GenerateSecretString": {}
+   },
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
+  },
   "batchjobdeffromecrE0E30DAD": {
    "Type": "AWS::Batch::JobDefinition",
    "Properties": {
@@ -1486,6 +1494,32 @@
     }
    }
   },
+  "executionroleDefaultPolicy497F11A3": {
+   "Type": "AWS::IAM::Policy",
+   "Properties": {
+    "PolicyDocument": {
+     "Statement": [
+      {
+       "Action": [
+        "secretsmanager:DescribeSecret",
+        "secretsmanager:GetSecretValue"
+       ],
+       "Effect": "Allow",
+       "Resource": {
+        "Ref": "batchsecret7CD5E4C6"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "PolicyName": "executionroleDefaultPolicy497F11A3",
+    "Roles": [
+     {
+      "Ref": "executionroleD9A39BE6"
+     }
+    ]
+   }
+  },
   "batchjobdeffargate7FE30059": {
    "Type": "AWS::Batch::JobDefinition",
    "Properties": {
@@ -1509,6 +1543,14 @@
        "Type": "MEMORY",
        "Value": "512"
       }
+     ],
+     "Secrets": [
+      {
+       "Name": "SECRET",
+       "ValueFrom": {
+        "Ref": "batchsecret7CD5E4C6"
+       }
+      }
      ]
     },
     "PlatformCapabilities": [
 
@@ -1 +1 @@
-{"version":"17.0.0"}
+{"version":"20.0.0"}
@@ -1,7 +1,7 @@
 {
-  "version": "18.0.0",
+  "version": "20.0.0",
   "testCases": {
-    "aws-batch/test/integ.batch": {
+    "integ.batch": {
       "stacks": [
         "batch-stack"
       ],
 
@@ -1,5 +1,5 @@
 {
-  "version": "17.0.0",
+  "version": "20.0.0",
   "artifacts": {
     "Tree": {
       "type": "cdk:tree",
@@ -285,6 +285,12 @@
             "data": "batchjobrepo4C508C51"
           }
         ],
+        "/batch-stack/batch-secret/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "batchsecret7CD5E4C6"
+          }
+        ],
         "/batch-stack/batch-job-def-from-ecr/Resource": [
           {
             "type": "aws:cdk:logicalId",
@@ -303,6 +309,12 @@
             "data": "executionroleD9A39BE6"
           }
         ],
+        "/batch-stack/execution-role/DefaultPolicy/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "executionroleDefaultPolicy497F11A3"
+          }
+        ],
         "/batch-stack/batch-job-def-fargate/Resource": [
           {
             "type": "aws:cdk:logicalId",
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-{"version":"17.0.0"}`
	`1`	`+{"version":"20.0.0"}`