Merge branch 'master' into v2/forward-merge-20220329

Author: madeline-k

packages/@aws-cdk/assert-internal/package.json

@@ -28,7 +28,7 @@
     "@aws-cdk/pkglint": "0.0.0",
     "@types/jest": "^27.4.1",
     "jest": "^27.5.1",
-    "ts-jest": "^27.1.3"
+    "ts-jest": "^27.1.4"
   },
   "dependencies": {
     "@aws-cdk/cloud-assembly-schema": "0.0.0",

packages/@aws-cdk/assert/package.json

@@ -42,7 +42,7 @@
     "aws-cdk-migration": "0.0.0",
     "constructs": "^10.0.0",
     "jest": "^27.3.1",
-    "ts-jest": "^27.1.3"
+    "ts-jest": "^27.1.4"
   },
   "dependencies": {
     "@aws-cdk/cloudformation-diff": "0.0.0"

packages/@aws-cdk/assertions/package.json

@@ -68,7 +68,7 @@
     "@types/jest": "^27.4.1",
     "jest": "^27.5.1",
     "constructs": "^10.0.0",
-    "ts-jest": "^27.1.3"
+    "ts-jest": "^27.1.4"
   },
   "dependencies": {
     "@aws-cdk/cloud-assembly-schema": "0.0.0",

packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json

@@ -44,6 +44,6 @@
     "lambda-tester": "^3.6.0",
     "sinon": "^9.2.4",
     "nock": "^13.2.4",
-    "ts-jest": "^27.1.3"
+    "ts-jest": "^27.1.4"
   }
 }

packages/@aws-cdk/aws-codepipeline-actions/package.json

@@ -85,7 +85,7 @@
     "@aws-cdk/cx-api": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",
     "@types/jest": "^27.4.1",
-    "@types/lodash": "^4.14.180",
+    "@types/lodash": "^4.14.181",
     "jest": "^27.5.1",
     "lodash": "^4.17.21"
   },

packages/@aws-cdk/aws-dynamodb/package.json

@@ -92,7 +92,7 @@
     "aws-sdk-mock": "5.6.0",
     "jest": "^27.5.1",
     "sinon": "^9.2.4",
-    "ts-jest": "^27.1.3"
+    "ts-jest": "^27.1.4"
   },
   "dependencies": {
     "@aws-cdk/aws-applicationautoscaling": "0.0.0",

packages/@aws-cdk/aws-ec2/README.md

@@ -199,15 +199,16 @@ MachineImage.genericLinux({ ... })` and configure the right AMI ID for the
 regions you want to deploy to.
 
 By default, the NAT instances will route all traffic. To control what traffic
-gets routed, pass `allowAllTraffic: false` and access the
-`NatInstanceProvider.connections` member after having passed it to the VPC:
+gets routed, pass a custom value for `defaultAllowedTraffic` and access the
+`NatInstanceProvider.connections` member after having passed the NAT provider to
+the VPC:
 
 ```ts
 declare const instanceType: ec2.InstanceType;
 
 const provider = ec2.NatProvider.instance({
   instanceType,
-  allowAllTraffic: false,
+  defaultAllowedTraffic: ec2.NatTrafficDirection.OUTBOUND_ONLY,
 });
 new ec2.Vpc(this, 'TheVPC', {
   natGatewayProvider: provider,

packages/@aws-cdk/aws-eks/package.json

@@ -90,8 +90,8 @@
     "@types/sinon": "^9.0.11",
     "@types/yaml": "1.9.6",
     "aws-sdk": "^2.848.0",
-    "cdk8s": "^1.5.48",
-    "cdk8s-plus-21": "^1.0.0-beta.117",
+    "cdk8s": "^1.5.56",
+    "cdk8s-plus-21": "^1.0.0-beta.124",
     "jest": "^27.5.1",
     "sinon": "^9.2.4"
   },

packages/@aws-cdk/aws-lambda-nodejs/package.json

@@ -79,7 +79,7 @@
     "@aws-cdk/pkglint": "0.0.0",
     "@types/jest": "^27.4.1",
     "delay": "5.0.0",
-    "esbuild": "^0.14.27"
+    "esbuild": "^0.14.29"
   },
   "dependencies": {
     "@aws-cdk/aws-lambda": "0.0.0",

packages/@aws-cdk/aws-lambda/package.json

@@ -92,7 +92,7 @@
     "@aws-cdk/pkglint": "0.0.0",
     "@types/aws-lambda": "^8.10.93",
     "@types/jest": "^27.4.1",
-    "@types/lodash": "^4.14.180",
+    "@types/lodash": "^4.14.181",
     "jest": "^27.5.1",
     "lodash": "^4.17.21"
   },

packages/@aws-cdk/aws-sam/package.json

@@ -87,7 +87,7 @@
     "@aws-cdk/pkglint": "0.0.0",
     "@types/jest": "^27.4.1",
     "jest": "^27.5.1",
-    "ts-jest": "^27.1.3"
+    "ts-jest": "^27.1.4"
   },
   "dependencies": {
     "@aws-cdk/core": "0.0.0",

packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json

@@ -1,3 +1,4 @@
 export * from './cloud-assembly';
 export * from './assets';
 export * from './manifest';
+export * from './integ-tests';

packages/@aws-cdk/cloud-assembly-schema/lib/index.ts

@@ -0,0 +1,202 @@
+/**
+ * In what scenarios should the CLI ask for approval
+ */
+export enum RequireApproval {
+  /**
+   * Never ask for approval
+   */
+  NEVER = 'never',
+
+  /**
+   * Prompt for approval for any type  of change to the stack
+   */
+  ANYCHANGE = 'any-change',
+
+  /**
+   * Only prompt for approval if there are security related changes
+   */
+  BROADENING = 'broadening'
+}
+
+/**
+ * Default CDK CLI options that apply to all commands
+ */
+export interface DefaultCdkOptions {
+  /**
+   * List of stacks to deploy
+   *
+   * Requried if `all` is not set
+   *
+   * @default - []
+   */
+  readonly stacks?: string[];
+
+  /**
+   * Deploy all stacks
+   *
+   * Requried if `stacks` is not set
+   *
+   * @default - false
+   */
+  readonly all?: boolean;
+
+  /**
+   * command-line for executing your app or a cloud assembly directory
+   * e.g. "node bin/my-app.js"
+   * or
+   * "cdk.out"
+   *
+   * @default - read from cdk.json
+   */
+  readonly app?: string;
+
+
+  /**
+   * Role to pass to CloudFormation for deployment
+   *
+   * @default - use the bootstrap cfn-exec role
+   */
+  readonly roleArn?: string;
+
+  /**
+   * Additional context
+   *
+   * @default - no additional context
+   */
+  readonly context?: { [name: string]: string };
+
+  /**
+   * Print trace for stack warnings
+   *
+   * @default false
+   */
+  readonly trace?: boolean;
+
+  /**
+   * Do not construct stacks with warnings
+   *
+   * @default false
+   */
+  readonly strict?: boolean;
+
+  /**
+   * Perform context lookups.
+   *
+   * Synthesis fails if this is disabled and context lookups need
+   * to be performed
+   *
+   * @default true
+   */
+  readonly lookups?: boolean;
+
+  /**
+    * Ignores synthesis errors, which will likely produce an invalid output
+   *
+   * @default false
+   */
+  readonly ignoreErrors?: boolean;
+
+  /**
+   * Use JSON output instead of YAML when templates are printed
+   * to STDOUT
+   *
+   * @default false
+   */
+  readonly json?: boolean;
+
+  /**
+   * show debug logs
+   *
+   * @default false
+   */
+  readonly verbose?: boolean;
+
+  /**
+   * enable emission of additional debugging information, such as creation stack
+   * traces of tokens
+   *
+   * @default false
+   */
+  readonly debug?: boolean;
+
+  /**
+   * Use the indicated AWS profile as the default environment
+   *
+   * @default - no profile is used
+   */
+  readonly profile?: string;
+
+  /**
+   * Use the indicated proxy. Will read from
+   * HTTPS_PROXY environment if specified
+   *
+   * @default - no proxy
+   */
+  readonly proxy?: string;
+
+  /**
+   * Path to CA certificate to use when validating HTTPS
+   * requests.
+   *
+   * @default - read from AWS_CA_BUNDLE environment variable
+   */
+  readonly caBundlePath?: string;
+
+  /**
+   * Force trying to fetch EC2 instance credentials
+   *
+   * @default - guess EC2 instance status
+   */
+  readonly ec2Creds?: boolean;
+
+  /**
+   * Include "AWS::CDK::Metadata" resource in synthesized templates
+   *
+   * @default true
+   */
+  readonly versionReporting?: boolean;
+
+  /**
+   * Include "aws:cdk:path" CloudFormation metadata for each resource
+   *
+   * @default true
+   */
+  readonly pathMetadata?: boolean;
+
+  /**
+   * Include "aws:asset:*" CloudFormation metadata for resources that use assets
+   *
+   * @default true
+   */
+  readonly assetMetadata?: boolean;
+
+  /**
+   * Copy assets to the output directory
+   *
+   * Needed for local debugging the source files with SAM CLI
+   *
+   * @default false
+   */
+  readonly staging?: boolean;
+
+  /**
+   * Emits the synthesized cloud assembly into a directory
+   *
+   * @default cdk.out
+   */
+  readonly output?: string;
+
+  /**
+   * Show relevant notices
+   *
+   * @default true
+   */
+  readonly notices?: boolean;
+
+  /**
+   * Show colors and other style from console output
+   *
+   * @default true
+   */
+  readonly color?: boolean;
+}