daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

agent-claw: automated task changes

Browse Source
This commit is contained in:
daniel
2026-05-06 18:55:16 -05:00
parent 38905bb1e9
commit 732b00fb66
8494 changed files with 2018127 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cdk/node_modules/aws-cdk-lib/cx-api/.jsiirc.json generated vendored Normal file
View File

@@ -0,0 +1,13 @@
{
"targets": {
"java": {
"package": "software.amazon.awscdk.cxapi"
},
"dotnet": {
"namespace": "Amazon.CDK.CXAPI"
},
"python": {
"module": "aws_cdk.cx_api"
}
}
}

2439
cdk/node_modules/aws-cdk-lib/cx-api/FEATURE_FLAGS.md generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

796
cdk/node_modules/aws-cdk-lib/cx-api/README.md generated vendored Normal file
View File

@@ -0,0 +1,796 @@
# Cloud Executable API
This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
## V2 Feature Flags
* `@aws-cdk/aws-s3:createDefaultLoggingPolicy`
Enable this feature flag to create an S3 bucket policy by default in cases where
an AWS service would automatically create the Policy if one does not exist.
For example, in order to send VPC flow logs to an S3 bucket, there is a specific Bucket Policy
that needs to be attached to the bucket. If you create the bucket without a policy and then add the
bucket as the flow log destination, the service will automatically create the bucket policy with the
necessary permissions. If you were to then try and add your own bucket policy CloudFormation will throw
and error indicating that a bucket policy already exists.
In cases where we know what the required policy is we can go ahead and create the policy so we can
remain in control of it.
<https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3>
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-s3:createDefaultLoggingPolicy": true
}
}
```
* `@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption`
Enable this feature flag to restrict the decryption of a SQS queue, which is subscribed to a SNS topic, to
only the topic which it is subscribed to and not the whole SNS service of an account.
Previously the decryption was only restricted to the SNS service principal. To make the SQS subscription more
secure, it is a good practice to restrict the decryption further and only allow the connected SNS topic to decryption
the subscribed queue.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true
}
}
```
* @aws-cdk/aws-apigateway:disableCloudWatchRole
Enable this feature flag to change the default behavior for aws-apigateway.RestApi and aws-apigateway.SpecRestApi
to _not_ create a CloudWatch role and Account. There is only a single ApiGateway account per AWS
environment which means that each time you create a RestApi in your account the ApiGateway account
is overwritten. If at some point the newest RestApi is deleted, the ApiGateway Account and CloudWatch
role will also be deleted, breaking any existing ApiGateways that were depending on them.
When this flag is enabled you should either create the ApiGateway account and CloudWatch role
separately _or_ only enable the cloudWatchRole on a single RestApi.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-apigateway:disableCloudWatchRole": true
}
}
```
* `@aws-cdk/core:enablePartitionLiterals`
Enable this feature flag to have `Stack.partition` return a literal string for a stack's partition
when the stack has a known region configured. If the region is undefined, or set to an unknown value, the
`Stack.partition` will be the CloudFormation intrinsic value `AWS::Partition`. Without this feature flag,
`Stack.partition` always returns the CloudFormation intrinsic value `AWS::Partition`.
This feature will often simplify ARN strings in CDK generated templates, for example:
```yaml
Principal:
AWS:
Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- :iam::123456789876:root
```
becomes:
```yaml
Principal:
AWS: "arn:aws:iam::123456789876:root"
```
* `@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker`
Enable this feature flag to avoid setting the "ECS" deployment controller when adding a circuit breaker to an
ECS Service, as this will trigger a full replacement which fails to deploy when using set service names.
This does not change any behaviour as the default deployment controller when it is not defined is ECS.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true
}
}
```
* `@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy`
Enable this feature flag to use S3 Bucket Policy for granting permission fo Server Access Logging
rather than using the canned \`LogDeliveryWrite\` ACL. ACLs do not work when Object Ownership is
enabled on the bucket.
This flag uses a Bucket Policy statement to allow Server Access Log delivery, following best
practices for S3.
<https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html>
```json
{
"context": {
"@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true
}
}
```
* `@aws-cdk/aws-rds:databaseProxyUniqueResourceName`
Enable this feature flag to use unique resource names for each `DatabaseProxy`.
Previously, the default behavior for `DatabaseProxy` was to use `id` of the constructor for `dbProxyName`.
In this case, users couldn't deploy `DatabaseProxy`s that have the same `id` in the same region.
This is a feature flag as the old behavior was technically incorrect, but users may have come to depend on it.
```json
{
"context": {
"@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true
}
}
```
* `@aws-cdk/aws-redshift:columnId`
Enable this feature flag to allow the CDK to track changes in Redshift columns through their `id` attribute. This is a breaking change, as the `name` attribute was currently being used to track changes to Redshift columns.
Enabling this feature flag comes at a risk for existing Redshift columns, as the `name` attribute of a redshift column was currently being used. Therefore, to change a Redshift columns' `name` will essentially create a new column and delete the old one. This will cause data loss. If you choose to enable this flag, ensure that upon intial deployment (the first deployment after setting this feature flag), the `name` attribute of every column is not changed. After the intial deployment, you can freely change the `name` attribute of a column.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-redshift:columnId": true
}
}
```
* `@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2`
Enable this feature flag to use the \`AmazonEMRServicePolicy_v2\` managed policies for the EMR service role.
This is a feature flag as the old behavior will be deprecated, but some resources may require manual
intervention since they might not have the appropriate tags propagated automatically.
<https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html>
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true
}
}
```
* `@aws-cdk/core:includePrefixInUniqueNameGeneration`
Enable this feature flag to include the stack's prefixes to the name generation process.
Not doing so can cause the name of stack to exceed 128 characters:
* The name generation ensures it doesn't exceed 128 characters
* Without this feature flag, the prefix is prepended to the generated name, which result can exceed 128 characters
This is a feature flag as it changes the name generated for stacks. Any CDK application deployed prior this fix will
most likely be generated with a new name, causing the stack to be recreated with the new name, and then deleting the old one.
For applications running on production environments this can be unmanageable.
_cdk.json_
```json
{
"context": {
"@aws-cdk/core:includePrefixInUniqueNameGeneration": true
}
}
```
* `@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion`
Enable this feature flag to automatically use the latest available NodeJS version in the aws-lambda-nodejs.Function construct.
This allows creation of new functions using a version that will automatically stay up to date without breaking bundling of existing functions that externalize packages included in their environment such as `aws-sdk`.
Functions defined previously will continue to function correctly as long as they pass an explicit runtime version, or do not exclude packages during bundling.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true
}
}
```
* `@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource`
Enable this feature flag to update the default branch for CodeCommit source actions to `main`.
Previously, the default branch for CodeCommit source actions was set to `master`.
However, this convention is no longer supported, and repositories created after March 2021 now have `main` as
their default branch.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true
}
}
```
* `@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction`
Enable this feature flag to change the logical ID of the `LambdaPermission` for the `LambdaAction` to include an alarm ID.
Previously, only one alarm with the `LambdaAction` could be created per Lambda.
This flag allows multiple alarms with the `LambdaAction` for the same Lambda to be created.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true
}
}
```
* `@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse`
Enables Pipeline to set the default value for `crossAccountKeys` to false.
When this feature flag is enabled, and the `crossAccountKeys` property is not provided in a `Pipeline`
construct, the construct automatically defaults the value of this property to false.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true
}
}
```
* `@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2`
Enables Pipeline to set the default pipeline type to V2.
When this feature flag is enabled, and the `pipelineType` property is not provided in a `Pipeline`
construct, the construct automatically defaults the value of this property to `PipelineType.V2`.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true
}
}
```
* `@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope`
Reduce resource scope of the IAM Policy created from KMS key grant to granting key only.
When this feature flag is enabled and calling KMS key grant method, the created IAM policy will reduce the resource scope from
'*' to this specific granting KMS key.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true
}
}
```
* `@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal`
Enable grant methods on imported KMS Aliases to apply permissions scoped by the alias using the `kms:ResourceAliases` condition key. When this flag is disabled, grant* methods on `Alias.fromAliasName` remain no-ops to preserve existing behavior.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": true
}
}
```
* `@aws-cdk/aws-eks:nodegroupNameAttribute`
When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix.
When this feature flag is enabled, the nodegroupName attribute will be exactly the name of the nodegroup
without any prefix.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-eks:nodegroupNameAttribute": true
}
}
```
* `@aws-cdk/aws-ec2:ebsDefaultGp3Volume`
When enabled, the default volume type of the EBS volume will be GP3.
When this featuer flag is enabled, the default volume type of the EBS volume will be `EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3`
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true
}
}
```
* `@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm`
When enabled, remove default deployment alarm settings.
When this featuer flag is enabled, remove the default deployment alarm settings when creating a AWS ECS service.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true
}
}
```
* `@aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions`
When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
When this feature flag is enabled, the IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
The revision ARN is more specific than the task definition ARN. See <https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html>
for more details.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions": true
}
}
```
* `@aws-cdk/aws-stepfunctions-taks:useNewS3UriParametersForBedrockInvokeModelTask`
When enabled, use new props for S3 URI under `input` and `output` fields in task definition of state machine for bedrock invoke model.
When this feature flag is enabled, use newly introduced props `s3InputUri` and `s3OutputUri` to populate S3 uri under input and output fields in state machine task definition for Bedrock invoke model.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": true
}
}
```
* `@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions`
Currently, we will automatically add a number of cloudwatch permissions to the task role when no cloudwatch log group is
specified as logConfiguration and it will grant 'Resources': ['*'] to the task role.
When this feature flag is enabled, we will only grant the necessary permissions when users specify cloudwatch log group.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true
}
}
```
* `@aws-cdk/aws-ec2:ec2SumTImeoutEnabled`
Currently is both initOptions.timeout and resourceSignalTimeout are both specified in the options for creating an EC2 Instance, only the value from 'resourceSignalTimeout' will be used.
When this feature flag is enabled, if both initOptions.timeout and resourceSignalTimeout are specified, the values will to be summed together.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true
}
}
```
* `@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission`
Currently, when using a Lambda authorizer with an AppSync GraphQL API, the AWS CDK automatically generates the necessary AWS::Lambda::Permission to allow the AppSync API to invoke the Lambda authorizer. This permission is overly permissive because it lacks a SourceArn, meaning it allows invocations from any source.
When this feature flag is enabled, the AWS::Lambda::Permission will be properly scoped with the SourceArn corresponding to the specific AppSync GraphQL API.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-ec2:appSyncGraphQLAPIScopeLambdaPermission": true
}
}
```
* `@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId`
When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`* (fix)
When this feature flag is enabled, the value of that property will be as expected set to `DbiResourceId` attribute, and that will fix the grantConnect method.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true
}
}
```
* `@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages`
Currently, when bundling Lambda functions with the non-latest runtime that supports AWS SDK JavaScript (v3), only the `@aws-sdk/*` packages are excluded by default.
However, this can cause version mismatches between the `@aws-sdk/*` and `@smithy/*` packages, as they are tightly coupled dependencies in AWS SDK v3.
When this feature flag is enabled, both `@aws-sdk/*` and `@smithy/*` packages will be excluded during the bundling process. This ensures that no mismatches
occur between these tightly coupled dependencies when using the AWS SDK v3 in Lambda functions.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true
}
}
```
* `@aws-cdk/aws-dynamodb:resourcePolicyPerReplica`
If this flag is not set, the default behavior for \`TableV2\` is to use a different \`resourcePolicy\` for each replica.
If this flag is set to false, the behavior is that each replica shares the same \`resourcePolicy\` as the source table.
This will prevent you from creating a new table which has an additional replica and a resource policy.
This is a feature flag as the old behavior was technically incorrect but users may have come to depend on it.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": false,
},
}
```
* `@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource`
When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource.
When this feature flag is enabled, a new method will be used to get the DNS Name of the user pool domain target. The old method
creates a custom resource internally, but the new method doesn't need a custom resource.
If the flag is set to false then a custom resource will be created when using `UserPoolDomainTarget`.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true
}
}
```
* `@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault`
When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere,
For internet facing ALBs with `dualstack-without-public-ipv4` IP address type, the default security group rules
will allow IPv6 ingress from anywhere (::/0). Previously, the default security group rules would only allow IPv4 ingress.
Using a feature flag to make sure existing customers who might be relying
on the overly restrictive permissions are not broken.,
If the flag is set to false then the default security group rules will only allow IPv4 ingress.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true
}
}
```
* `@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections`
When this feature flag is enabled, the default behaviour of OIDC Provider's custom resource handler will
default to reject unauthorized connections when downloading CA Certificates.
When this feature flag is disabled, the behaviour will be the same as current and will allow downloading
thumbprints from insecure connections.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true
}
}
```
* `@aws-cdk/core:enableAdditionalMetadataCollection`
When this feature flag is enabled, CDK expands the scope of usage data collection to include the:
* L2 construct property keys - Collect which property keys you use from the L2 constructs in your app. This includes property keys nested in dictionary objects.
* L2 construct property values of BOOL and ENUM types - Collect property key values of only BOOL and ENUM types. All other types, such as string values or construct references will be redacted.
* L2 construct method usage - Collection method name, parameter keys and parameter values of BOOL and ENUM type.
_cdk.json_
```json
{
"context": {
"@aws-cdk/core:enableAdditionalMetadataCollection": true
}
}
```
* `@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy`
[Deprecated default feature] When this feature flag is enabled, Lambda will create new inline policies with AddToRolePolicy.
The purpose of this is to prevent lambda from creating a dependency on the Default Policy Statement.
This solves an issue where a circular dependency could occur if adding lambda to something like a Cognito Trigger, then adding the User Pool to the lambda execution role permissions.
However in the current implementation, we have removed a dependency of the lambda function on the policy. In addition to this, a Role will be attached to the Policy instead of an inline policy being attached to the role.
This will create a data race condition in the CloudFormation template because the creation of the Lambda function no longer waits for the policy to be created. Having said that, we are not deprecating the feature (we are defaulting the feature flag to false for new stacks) since this feature can still be used to get around the circular dependency issue (issue-7016) particularly in cases where the lambda resource creation doesnt need to depend on the policy resource creation.
We recommend to unset the feature flag if already set which will restore the original behavior.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": false
}
}
```
* `@aws-cdk/aws-s3:setUniqueReplicationRoleName`
When this feature flag is enabled, a unique role name is specified only when performing cross-account replication.
When disabled, 'CDKReplicationRole' is always specified.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-s3:setUniqueReplicationRoleName": true
}
}
```
* `@aws-cdk/pipelines:reduceStageRoleTrustScope`
When this feature flag is enabled, the root account principal will not be added to the trust policy of stage role.
When this feature flag is disabled, it will keep the root account principal in the trust policy.
_cdk.json_
```json
{
"context": {
"@aws-cdk/pipelines:reduceStageRoleTrustScope": true
}
}
```
* `@aws-cdk/aws-events:requireEventBusPolicySid`
When this flag is enabled:
- Resource policies will be created with Statement IDs for service principals
- The operation will succeed as expected
When this flag is disabled:
- A warning will be emitted
- The grant operation will be dropped
- No permissions will be added
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-events:requireEventBusPolicySid": true
}
}
```
* `@aws-cdk/aws-dynamodb:retainTableReplica`
Currently, table replica will always be deleted when stack deletes regardless of source table's deletion policy.
When enabled, table replica will be default to the removal policy of source table unless specified otherwise.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-dynamodb:retainTableReplica": true
}
}
```
* `@aws-cdk/cognito:logUserPoolClientSecretValue`
When this feature flag is enabled, the SDK API call response to desribe user pool client values will be logged in the custom
resource lambda function logs.
When this feature flag is disabled, the SDK API call response to describe user pool client values will not be logged in the custom
resource lambda function logs.
_cdk.json_
```json
{
"context": {
"@aws-cdk/cognito:logUserPoolClientSecretValue": true
}
}
```
* `@aws-cdk/aws-s3:publicAccessBlockedByDefault`
When BlockPublicAccess is not set at all, s3's default behavior will be to set all options to true in aws console.
The previous behavior in cdk before this feature was; if only some of the BlockPublicAccessOptions were set (not all 4), then the ones undefined would default to false.
This is counter intuitive to the console behavior where the options would start in true state and a user would uncheck the boxes as needed.
The new behavior from this feature will allow a user, for example, to set 1 of the 4 BlockPublicAccessOpsions to false, and on deployment the other 3 will remain true.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-s3:publicAccessBlockedByDefault": true
}
}
```
* `@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway`
When this feature flag is enabled, EgressOnlyGateway is created only for dual-stack VPC with private subnets
When this feature flag is disabled, EgressOnlyGateway resource is created for all dual-stack VPC regardless of subnet type
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": true
}
}
```
* `@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint`
When this feature flag is enabled, the JSONPath apiEndpoint value will be resolved dynamically at runtime, while slightly increasing the size of the state machine definition.
When disabled, the JSONPath apiEndpoint property will only support a static string value.
_cdk.json
```json
{
"context": {
"@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": true
}
}
```
* `@aws-cdk/aws-signer:signingProfileNamePassedToCfn`
When this feature flag is enabled, the `signingProfileName` property is passed to the L1 `CfnSigningProfile` construct,
which ensures that the AWS Signer profile is created with the specified name.
When this feature flag is disabled, the `signingProfileName` is not passed to CloudFormation, maintaining backward
compatibility with existing deployments where CloudFormation auto-generated profile names.
This feature flag is needed because enabling it can cause existing signing profiles to be
replaced during deployment if a `signingProfileName` was specified but not previously used
in the CloudFormation template.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-signer:signingProfileNamePassedToCfn": true
}
}
```
* `@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId`
When enabled, ECS patterns will generate unique target group IDs that include the load balancer name and type (public/private). This prevents CloudFormation conflicts when switching between public and private load balancers.
Without this flag, switching an ApplicationLoadBalancedFargateService from public to private (or vice versa) fails with "target group cannot be associated with more than one load balancer" error.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": true
}
}
```
* `@aws-cdk/aws-batch:defaultToAL2023`
When enabled, EC2 Batch compute environments (both ECS and EKS) that do not specify an `imageType`
will default to `ECS_AL2023` or `EKS_AL2023` instead of the deprecated `ECS_AL2` or `EKS_AL2`
(Amazon Linux 2, reaching EOL June 2026 for ECS; already EOL for EKS).
For EKS compute environments with a launch template, `userdataType` will automatically be set
to `EKS_NODEADM` when an AL2023 image type is used, as required by the AWS Batch API.
When disabled, the default `imageType` remains `ECS_AL2` / `EKS_AL2` for backward compatibility.
_cdk.json_
```json
{
"context": {
"@aws-cdk/aws-batch:defaultToAL2023": true
}
}
```

93
cdk/node_modules/aws-cdk-lib/cx-api/design/NESTED_ASSEMBLIES.md generated vendored Normal file
View File

@@ -0,0 +1,93 @@
# Nested Assemblies
For the CI/CD project we need to be able to a final, authoritative, immutable
rendition of part of the construct tree. This is a part of the application
that we can ask the CI/CD system to deploy as a unit, and have it get a fighting
chance of getting it right. This is because:
- The stacks will be known.
- Their interdependencies will be known, and won't change anymore.
To that end, we're introducing the concept of an "nested cloud assembly".
This is a part of the construct tree that is finalized independently of the
rest, so that other constructs can reflect on it.
Constructs of type `Stage` will produce nested cloud assemblies.
## Restrictions
### Assets
Right now, if the same asset is used in multiple cloud assemblies, it will
be staged independently in ever Cloud Assembly (making it take up more
space than necessary).
This is unfortunate. We can think about sharing the staging directories
between Stages, should be an easy optimization that can be applied later.
### Dependencies
It seems that it might be desirable to have dependencies that reach outside
a single `Stage`. Consider the case where we have shared resources that
may be shared between Stages. A typical example would be a VPC:
```
┌───────────────┐
│ │
│ VpcStack │
│ │
└───────────────┘
┌─────────────┴─────────────┐
│ │
┌───────────────┼──────────┐ ┌──────────┼───────────────┐
│Stage │ │ │ │ Stage│
│ │ │ │ │ │
│ ┌───────────────┐ │ │ ┌───────────────┐ │
│ │ │ │ │ │ │ │
│ │ App1Stack │ │ │ │ App2Stack │ │
│ │ │ │ │ │ │ │
│ └───────────────┘ │ │ └───────────────┘ │
│ │ │ │
└──────────────────────────┘ └──────────────────────────┘
```
This seems like a reasonable thing to want to be able to do.
Right now, for practical reasons we're disallowing dependencies outside
nested assemblies. That is not to say that this can never be made to work,
but as it's really rather a significant chunk of work it has not been
implemented yet. Things to consider:
- Do artifact identifiers need to be globally unique? (Does that destroy
local assumptions around naming that constructs can make?)
- How are artifacts addressed across assembly boundaries? Are they just the
absolute name, wherever in the Cloud Assembly tree the artifact is? Do they
represent a path from the top-level cloud assembly
(`SubAsm/SubAsm/Artifact`)? Are they relative paths (`../SubAsm/Artifact`)?
- Can there be cyclic dependencies between nested assemblies? Is it okay to
have both dependencies `AsmA/Stack1 -> AsmB/Stack1`, and `AsmB/Stack2 ->
AsmA/Stack2`? Why, or why not? How will we ensure that?
Even if we can make the addressing work at the artifact level, at the
construct tree level we'd be giving up the guarantees we are getting from
having `Stage` constructs produce isolated Cloud Assemblies by having
dependencies outside them. Consider having two stages, `StageA` with `StackA`
and `StageB` with `StackB`. We must `synth()` them in some order, either A or
B first. Let's say A goes first (but the same argument obviously holds in
reverse). What if during the `synth()` of `StageB`, we discover `StackB`
introduces a dependency on `StackA`? By that point, `StageA` has already
synthesized and `StackA` has produced a (so-called "immutable") template.
Obviously we can't change that anymore, so we can't introduce that dependency
anymore.
Seems like we should be calling `synth()` on multiple stages consumer-first!
The problem is that we are generally building a Pipeline *producer*-first, since
we are modeling and building it in deployment order, which is the reverse order
the pipeline would `synth()` each of the stages in, in order to build itself.
Since this is all very tricky, let's consider it out of scope for now.

1
cdk/node_modules/aws-cdk-lib/cx-api/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1 @@
export * from './lib';

1
cdk/node_modules/aws-cdk-lib/cx-api/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

46
cdk/node_modules/aws-cdk-lib/cx-api/lib/app.d.ts generated vendored Normal file
View File

@@ -0,0 +1,46 @@
/**
* Enables the embedding of the "aws:cdk:path" in CloudFormation template metadata.
*/
export declare const PATH_METADATA_ENABLE_CONTEXT = "aws:cdk:enable-path-metadata";
/**
* Enable the collection and reporting of version information.
*/
export declare const ANALYTICS_REPORTING_ENABLED_CONTEXT = "aws:cdk:version-reporting";
/**
* Disable asset staging (for use with SAM CLI).
*
* Disabling asset staging means that copyable assets will not be copied to the
* output directory and will be referenced with absolute paths.
*
* Not copied to the output directory: this is so users can iterate on the
* Lambda source and run SAM CLI without having to re-run CDK (note: we
* cannot achieve this for bundled assets, if assets are bundled they
* will have to re-run CDK CLI to re-bundle updated versions).
*
* Absolute path: SAM CLI expects `cwd`-relative paths in a resource's
* `aws:asset:path` metadata. In order to be predictable, we will always output
* absolute paths.
*/
export declare const DISABLE_ASSET_STAGING_CONTEXT = "aws:cdk:disable-asset-staging";
/**
* If this context key is set, the CDK will stage assets under the specified
* directory. Otherwise, assets will not be staged.
* Omits stack traces from construct metadata entries.
*/
export declare const DISABLE_METADATA_STACK_TRACE = "aws:cdk:disable-stack-trace";
/**
* If this context key is set, the CDK will not store logical ID
* metadata in the manifest.
*/
export declare const DISABLE_LOGICAL_ID_METADATA = "aws:cdk:disable-logicalId-metadata";
/**
* If this context key is set, construct stack traces will not be captured upon creation
*
* You should only need to set this for performance reasons, and `--debug` mode will
* turn it this back on unconditionally
*/
export declare const DISABLE_CREATION_STACK_TRACES = "aws:cdk:disable-creation-stack-traces";
/**
* Run bundling for stacks specified in this context key
*/
export declare const BUNDLING_STACKS = "aws:cdk:bundling-stacks";

1
cdk/node_modules/aws-cdk-lib/cx-api/lib/app.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.BUNDLING_STACKS=exports.DISABLE_CREATION_STACK_TRACES=exports.DISABLE_LOGICAL_ID_METADATA=exports.DISABLE_METADATA_STACK_TRACE=exports.DISABLE_ASSET_STAGING_CONTEXT=exports.ANALYTICS_REPORTING_ENABLED_CONTEXT=exports.PATH_METADATA_ENABLE_CONTEXT=void 0,exports.PATH_METADATA_ENABLE_CONTEXT="aws:cdk:enable-path-metadata",exports.ANALYTICS_REPORTING_ENABLED_CONTEXT="aws:cdk:version-reporting",exports.DISABLE_ASSET_STAGING_CONTEXT="aws:cdk:disable-asset-staging",exports.DISABLE_METADATA_STACK_TRACE="aws:cdk:disable-stack-trace",exports.DISABLE_LOGICAL_ID_METADATA="aws:cdk:disable-logicalId-metadata",exports.DISABLE_CREATION_STACK_TRACES="aws:cdk:disable-creation-stack-traces",exports.BUNDLING_STACKS="aws:cdk:bundling-stacks";

39
cdk/node_modules/aws-cdk-lib/cx-api/lib/cxapi.d.ts generated vendored Normal file
View File

@@ -0,0 +1,39 @@
export declare const OUTDIR_ENV = "CDK_OUTDIR";
export declare const CONTEXT_ENV = "CDK_CONTEXT_JSON";
/**
* If this environment variable is set, error codes of CDK-specific errors will be written to it.
*/
export declare const ERRORFILE_ENV = "CDK_ERROR_FILE";
/**
* The name of the temporary file where the context is stored.
*/
export declare const CONTEXT_OVERFLOW_LOCATION_ENV = "CONTEXT_OVERFLOW_LOCATION_ENV";
/**
* Environment variable set by the CDK CLI with the default AWS account ID.
*/
export declare const DEFAULT_ACCOUNT_ENV = "CDK_DEFAULT_ACCOUNT";
/**
* Environment variable set by the CDK CLI with the default AWS region.
*/
export declare const DEFAULT_REGION_ENV = "CDK_DEFAULT_REGION";
/**
* Version of Cloud Assembly expected by CDK Toolkit.
*
* Despite its name, this value applies to all version of the CDK Toolkit, not just the CLI.
*
* CLI started emitting this at 1.10.1
*/
export declare const CLI_ASM_VERSION_ENV = "CDK_CLI_ASM_VERSION";
/**
* Version of the CLI currently running.
*
* CLI started emitting this at 1.10.1
* Will not be present if the CDK app is run by any Toolkit variation other than the CLI.
*/
export declare const CLI_VERSION_ENV = "CDK_CLI_VERSION";
/**
* Package & version of the CDK Toolkit running the app.
*
* In the format "<package>@x.y.z", e.g "aws-cdk@2.1006.0" or "@aws-cdk/toolkit-lib@1.0.0"
*/
export declare const TOOLKIT_VERSION_ENV = "CDK_TOOLKIT_VERSION";

1
cdk/node_modules/aws-cdk-lib/cx-api/lib/cxapi.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.TOOLKIT_VERSION_ENV=exports.CLI_VERSION_ENV=exports.CLI_ASM_VERSION_ENV=exports.DEFAULT_REGION_ENV=exports.DEFAULT_ACCOUNT_ENV=exports.CONTEXT_OVERFLOW_LOCATION_ENV=exports.ERRORFILE_ENV=exports.CONTEXT_ENV=exports.OUTDIR_ENV=void 0,exports.OUTDIR_ENV="CDK_OUTDIR",exports.CONTEXT_ENV="CDK_CONTEXT_JSON",exports.ERRORFILE_ENV="CDK_ERROR_FILE",exports.CONTEXT_OVERFLOW_LOCATION_ENV="CONTEXT_OVERFLOW_LOCATION_ENV",exports.DEFAULT_ACCOUNT_ENV="CDK_DEFAULT_ACCOUNT",exports.DEFAULT_REGION_ENV="CDK_DEFAULT_REGION",exports.CLI_ASM_VERSION_ENV="CDK_CLI_ASM_VERSION",exports.CLI_VERSION_ENV="CDK_CLI_VERSION",exports.TOOLKIT_VERSION_ENV="CDK_TOOLKIT_VERSION";

150
cdk/node_modules/aws-cdk-lib/cx-api/lib/features.d.ts generated vendored Normal file
View File

@@ -0,0 +1,150 @@
import type { FlagInfo } from './private/flag-modeling';
export declare const ENABLE_STACK_NAME_DUPLICATES_CONTEXT = "@aws-cdk/core:enableStackNameDuplicates";
export declare const ENABLE_DIFF_NO_FAIL_CONTEXT = "aws-cdk:enableDiffNoFail";
/** @deprecated use `ENABLE_DIFF_NO_FAIL_CONTEXT` */
export declare const ENABLE_DIFF_NO_FAIL = "aws-cdk:enableDiffNoFail";
export declare const NEW_STYLE_STACK_SYNTHESIS_CONTEXT = "@aws-cdk/core:newStyleStackSynthesis";
export declare const STACK_RELATIVE_EXPORTS_CONTEXT = "@aws-cdk/core:stackRelativeExports";
export declare const DOCKER_IGNORE_SUPPORT = "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport";
export declare const SECRETS_MANAGER_PARSE_OWNED_SECRET_NAME = "@aws-cdk/aws-secretsmanager:parseOwnedSecretName";
export declare const KMS_DEFAULT_KEY_POLICIES = "@aws-cdk/aws-kms:defaultKeyPolicies";
export declare const S3_GRANT_WRITE_WITHOUT_ACL = "@aws-cdk/aws-s3:grantWriteWithoutAcl";
export declare const ECS_REMOVE_DEFAULT_DESIRED_COUNT = "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount";
export declare const RDS_LOWERCASE_DB_IDENTIFIER = "@aws-cdk/aws-rds:lowercaseDbIdentifier";
export declare const APIGATEWAY_USAGEPLANKEY_ORDERINSENSITIVE_ID = "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId";
export declare const EFS_DEFAULT_ENCRYPTION_AT_REST = "@aws-cdk/aws-efs:defaultEncryptionAtRest";
export declare const LAMBDA_RECOGNIZE_VERSION_PROPS = "@aws-cdk/aws-lambda:recognizeVersionProps";
export declare const LAMBDA_RECOGNIZE_LAYER_VERSION = "@aws-cdk/aws-lambda:recognizeLayerVersion";
export declare const CLOUDFRONT_DEFAULT_SECURITY_POLICY_TLS_V1_2_2021 = "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021";
export declare const CHECK_SECRET_USAGE = "@aws-cdk/core:checkSecretUsage";
export declare const TARGET_PARTITIONS = "@aws-cdk/core:target-partitions";
export declare const ECS_SERVICE_EXTENSIONS_ENABLE_DEFAULT_LOG_DRIVER = "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver";
export declare const EC2_UNIQUE_IMDSV2_LAUNCH_TEMPLATE_NAME = "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName";
export declare const ECS_ARN_FORMAT_INCLUDES_CLUSTER_NAME = "@aws-cdk/aws-ecs:arnFormatIncludesClusterName";
export declare const IAM_MINIMIZE_POLICIES = "@aws-cdk/aws-iam:minimizePolicies";
export declare const IAM_IMPORTED_ROLE_STACK_SAFE_DEFAULT_POLICY_NAME = "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName";
export declare const VALIDATE_SNAPSHOT_REMOVAL_POLICY = "@aws-cdk/core:validateSnapshotRemovalPolicy";
export declare const CODEPIPELINE_CROSS_ACCOUNT_KEY_ALIAS_STACK_SAFE_RESOURCE_NAME = "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName";
export declare const S3_CREATE_DEFAULT_LOGGING_POLICY = "@aws-cdk/aws-s3:createDefaultLoggingPolicy";
export declare const SNS_SUBSCRIPTIONS_SQS_DECRYPTION_POLICY = "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption";
export declare const APIGATEWAY_DISABLE_CLOUDWATCH_ROLE = "@aws-cdk/aws-apigateway:disableCloudWatchRole";
export declare const ENABLE_PARTITION_LITERALS = "@aws-cdk/core:enablePartitionLiterals";
export declare const EVENTS_TARGET_QUEUE_SAME_ACCOUNT = "@aws-cdk/aws-events:eventsTargetQueueSameAccount";
export declare const ECS_DISABLE_EXPLICIT_DEPLOYMENT_CONTROLLER_FOR_CIRCUIT_BREAKER = "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker";
export declare const ECS_PATTERNS_SEC_GROUPS_DISABLES_IMPLICIT_OPEN_LISTENER = "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener";
export declare const S3_SERVER_ACCESS_LOGS_USE_BUCKET_POLICY = "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy";
export declare const ROUTE53_PATTERNS_USE_CERTIFICATE = "@aws-cdk/aws-route53-patters:useCertificate";
export declare const ROUTE53_PATTERNS_USE_DISTRIBUTION = "@aws-cdk/aws-route53-patterns:useDistribution";
export declare const AWS_CUSTOM_RESOURCE_LATEST_SDK_DEFAULT = "@aws-cdk/customresources:installLatestAwsSdkDefault";
export declare const DATABASE_PROXY_UNIQUE_RESOURCE_NAME = "@aws-cdk/aws-rds:databaseProxyUniqueResourceName";
export declare const CODEDEPLOY_REMOVE_ALARMS_FROM_DEPLOYMENT_GROUP = "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup";
export declare const APIGATEWAY_AUTHORIZER_CHANGE_DEPLOYMENT_LOGICAL_ID = "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId";
export declare const EC2_LAUNCH_TEMPLATE_DEFAULT_USER_DATA = "@aws-cdk/aws-ec2:launchTemplateDefaultUserData";
export declare const SECRETS_MANAGER_TARGET_ATTACHMENT_RESOURCE_POLICY = "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments";
export declare const REDSHIFT_COLUMN_ID = "@aws-cdk/aws-redshift:columnId";
export declare const ENABLE_EMR_SERVICE_POLICY_V2 = "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2";
export declare const EC2_RESTRICT_DEFAULT_SECURITY_GROUP = "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup";
export declare const APIGATEWAY_REQUEST_VALIDATOR_UNIQUE_ID = "@aws-cdk/aws-apigateway:requestValidatorUniqueId";
export declare const INCLUDE_PREFIX_IN_UNIQUE_NAME_GENERATION = "@aws-cdk/core:includePrefixInUniqueNameGeneration";
export declare const KMS_ALIAS_NAME_REF = "@aws-cdk/aws-kms:aliasNameRef";
export declare const KMS_APPLY_IMPORTED_ALIAS_PERMISSIONS_TO_PRINCIPAL = "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal";
export declare const EFS_DENY_ANONYMOUS_ACCESS = "@aws-cdk/aws-efs:denyAnonymousAccess";
export declare const EFS_MOUNTTARGET_ORDERINSENSITIVE_LOGICAL_ID = "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId";
export declare const AUTOSCALING_GENERATE_LAUNCH_TEMPLATE = "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig";
export declare const ENABLE_OPENSEARCH_MULTIAZ_WITH_STANDBY = "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby";
export declare const LAMBDA_NODEJS_USE_LATEST_RUNTIME = "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion";
export declare const RDS_PREVENT_RENDERING_DEPRECATED_CREDENTIALS = "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials";
export declare const AURORA_CLUSTER_CHANGE_SCOPE_OF_INSTANCE_PARAMETER_GROUP_WITH_EACH_PARAMETERS = "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters";
export declare const APPSYNC_ENABLE_USE_ARN_IDENTIFIER_SOURCE_API_ASSOCIATION = "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier";
export declare const CODECOMMIT_SOURCE_ACTION_DEFAULT_BRANCH_NAME = "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource";
export declare const LAMBDA_PERMISSION_LOGICAL_ID_FOR_LAMBDA_ACTION = "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction";
export declare const CODEPIPELINE_CROSS_ACCOUNT_KEYS_DEFAULT_VALUE_TO_FALSE = "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse";
export declare const CODEPIPELINE_DEFAULT_PIPELINE_TYPE_TO_V2 = "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2";
export declare const KMS_REDUCE_CROSS_ACCOUNT_REGION_POLICY_SCOPE = "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope";
export declare const PIPELINE_REDUCE_ASSET_ROLE_TRUST_SCOPE = "@aws-cdk/pipelines:reduceAssetRoleTrustScope";
export declare const EKS_NODEGROUP_NAME = "@aws-cdk/aws-eks:nodegroupNameAttribute";
export declare const EKS_USE_NATIVE_OIDC_PROVIDER = "@aws-cdk/aws-eks:useNativeOidcProvider";
export declare const ECS_PATTERNS_UNIQUE_TARGET_GROUP_ID = "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId";
export declare const EBS_DEFAULT_GP3 = "@aws-cdk/aws-ec2:ebsDefaultGp3Volume";
export declare const ECS_REMOVE_DEFAULT_DEPLOYMENT_ALARM = "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm";
export declare const LOG_API_RESPONSE_DATA_PROPERTY_TRUE_DEFAULT = "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault";
export declare const S3_KEEP_NOTIFICATION_IN_IMPORTED_BUCKET = "@aws-cdk/aws-s3:keepNotificationInImportedBucket";
export declare const USE_NEW_S3URI_PARAMETERS_FOR_BEDROCK_INVOKE_MODEL_TASK = "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask";
export declare const EXPLICIT_STACK_TAGS = "@aws-cdk/core:explicitStackTags";
export declare const REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS = "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions";
export declare const DYNAMODB_TABLEV2_RESOURCE_POLICY_PER_REPLICA = "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica";
export declare const EC2_SUM_TIMEOUT_ENABLED = "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled";
export declare const APPSYNC_GRAPHQLAPI_SCOPE_LAMBDA_FUNCTION_PERMISSION = "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission";
export declare const USE_CORRECT_VALUE_FOR_INSTANCE_RESOURCE_ID_PROPERTY = "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId";
export declare const CFN_INCLUDE_REJECT_COMPLEX_RESOURCE_UPDATE_CREATE_POLICY_INTRINSICS = "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics";
export declare const LAMBDA_NODEJS_SDK_V3_EXCLUDE_SMITHY_PACKAGES = "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages";
export declare const STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY = "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy";
export declare const STEPFUNCTIONS_USE_DISTRIBUTED_MAP_RESULT_WRITER_V2 = "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2";
export declare const BASTION_HOST_USE_AMAZON_LINUX_2023_BY_DEFAULT = "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault";
export declare const ASPECT_STABILIZATION = "@aws-cdk/core:aspectStabilization";
export declare const SIGNER_PROFILE_NAME_PASSED_TO_CFN = "@aws-cdk/aws-signer:signingProfileNamePassedToCfn";
export declare const USER_POOL_DOMAIN_NAME_METHOD_WITHOUT_CUSTOM_RESOURCE = "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource";
export declare const ALB_DUALSTACK_WITHOUT_PUBLIC_IPV4_SECURITY_GROUP_RULES_DEFAULT = "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault";
export declare const IAM_OIDC_REJECT_UNAUTHORIZED_CONNECTIONS = "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections";
export declare const ENABLE_ADDITIONAL_METADATA_COLLECTION = "@aws-cdk/core:enableAdditionalMetadataCollection";
export declare const LAMBDA_CREATE_NEW_POLICIES_WITH_ADDTOROLEPOLICY = "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy";
export declare const SET_UNIQUE_REPLICATION_ROLE_NAME = "@aws-cdk/aws-s3:setUniqueReplicationRoleName";
export declare const PIPELINE_REDUCE_STAGE_ROLE_TRUST_SCOPE = "@aws-cdk/pipelines:reduceStageRoleTrustScope";
export declare const EVENTBUS_POLICY_SID_REQUIRED = "@aws-cdk/aws-events:requireEventBusPolicySid";
export declare const ASPECT_PRIORITIES_MUTATING = "@aws-cdk/core:aspectPrioritiesMutating";
export declare const DYNAMODB_TABLE_RETAIN_TABLE_REPLICA = "@aws-cdk/aws-dynamodb:retainTableReplica";
export declare const LOG_USER_POOL_CLIENT_SECRET_VALUE = "@aws-cdk/cognito:logUserPoolClientSecretValue";
export declare const PIPELINE_REDUCE_CROSS_ACCOUNT_ACTION_ROLE_TRUST_SCOPE = "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope";
export declare const S3_TRUST_KEY_POLICY_FOR_SNS_SUBSCRIPTIONS = "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions";
export declare const EC2_REQUIRE_PRIVATE_SUBNETS_FOR_EGRESSONLYINTERNETGATEWAY = "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway";
export declare const USE_RESOURCEID_FOR_VPCV2_MIGRATION = "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration";
export declare const S3_PUBLIC_ACCESS_BLOCKED_BY_DEFAULT = "@aws-cdk/aws-s3:publicAccessBlockedByDefault";
export declare const USE_CDK_MANAGED_LAMBDA_LOGGROUP = "@aws-cdk/aws-lambda:useCdkManagedLogGroup";
export declare const NETWORK_LOAD_BALANCER_WITH_SECURITY_GROUP_BY_DEFAULT = "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault";
export declare const STEPFUNCTIONS_TASKS_HTTPINVOKE_DYNAMIC_JSONPATH_ENDPOINT = "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint";
export declare const CLOUDFRONT_FUNCTION_DEFAULT_RUNTIME_V2_0 = "@aws-cdk/aws-cloudfront:defaultFunctionRuntimeV2_0";
export declare const ELB_USE_POST_QUANTUM_TLS_POLICY = "@aws-cdk/aws-elasticloadbalancingv2:usePostQuantumTlsPolicy";
export declare const AUTOMATIC_L1_TRAITS = "@aws-cdk/core:automaticL1Traits";
export declare const BATCH_DEFAULT_AL2023 = "@aws-cdk/aws-batch:defaultToAL2023";
export declare const FLAGS: Record<string, FlagInfo>;
export declare const CURRENT_MV = "v2";
/**
* The list of future flags that are now expired. This is going to be used to identify
* and block usages of old feature flags in the new major version of CDK.
*/
export declare const CURRENT_VERSION_EXPIRED_FLAGS: string[];
/**
* Flag values that should apply for new projects
*
* This contains flags that satisfy both criteria of:
*
* - They are configurable for the current major version line.
* - The recommended value is different from the unconfigured value (i.e.,
* configuring a flag is useful)
*/
export declare const CURRENTLY_RECOMMENDED_FLAGS: {
[k: string]: any;
};
/**
* The default values of each of these flags in the current major version.
*
* This is the effective value of the flag, unless it's overridden via
* context.
*
* Adding new flags here is only allowed during the pre-release period of a new
* major version!
*/
export declare const CURRENT_VERSION_FLAG_DEFAULTS: {
[k: string]: any;
};
export declare function futureFlagDefault(flag: string): boolean;
/** @deprecated use CURRENT_VERSION_EXPIRED_FLAGS instead */
export declare const FUTURE_FLAGS_EXPIRED: string[];
/** @deprecated do not use at all! */
export declare const FUTURE_FLAGS: {
[k: string]: any;
};
/** @deprecated do not use at all! */
export declare const NEW_PROJECT_DEFAULT_CONTEXT: {
[k: string]: any;
};

555
cdk/node_modules/aws-cdk-lib/cx-api/lib/features.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

4
cdk/node_modules/aws-cdk-lib/cx-api/lib/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,4 @@
export * from './legacy-moved';
export * from './cxapi';
export * from './features';
export * from './app';

1
cdk/node_modules/aws-cdk-lib/cx-api/lib/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

949
cdk/node_modules/aws-cdk-lib/cx-api/lib/legacy-moved.d.ts generated vendored Normal file
View File

@@ -0,0 +1,949 @@
/**
* Re-exports of members and types that historically used to live here, but have been moved to a more apt package.
*
* Re-exported here for backwards compatibility.
*
* To satisfy the (jsii) use of these types in the public API of this package, we do the following:
*
* - Re-declare the types that we use in this assembly here (`declare class ...`).
* - Copy the implementation from the upstream library.
*
* That way we satisfy the jsii and backwards compatibility checker, while keeping the implementation
* centralized in a single place.
*/
import { ASSET_PREFIX_SEPARATOR, ASSET_RESOURCE_METADATA_DOCKER_BUILD_ARGS_KEY, ASSET_RESOURCE_METADATA_DOCKER_BUILD_CONTEXTS_KEY, ASSET_RESOURCE_METADATA_DOCKER_BUILD_SECRETS_KEY, ASSET_RESOURCE_METADATA_DOCKER_BUILD_SSH_KEY, ASSET_RESOURCE_METADATA_DOCKER_BUILD_TARGET_KEY, ASSET_RESOURCE_METADATA_DOCKER_CACHE_DISABLED_KEY, ASSET_RESOURCE_METADATA_DOCKER_CACHE_FROM_KEY, ASSET_RESOURCE_METADATA_DOCKER_CACHE_TO_KEY, ASSET_RESOURCE_METADATA_DOCKER_OUTPUTS_KEY, ASSET_RESOURCE_METADATA_DOCKERFILE_PATH_KEY, ASSET_RESOURCE_METADATA_ENABLED_CONTEXT, ASSET_RESOURCE_METADATA_IS_BUNDLED_KEY, ASSET_RESOURCE_METADATA_PATH_KEY, ASSET_RESOURCE_METADATA_PROPERTY_KEY, AVAILABILITY_ZONE_FALLBACK_CONTEXT_KEY, CloudAssembly as CloudAssembly_, CloudAssemblyBuilder as CloudAssemblyBuilder_, ENDPOINT_SERVICE_AVAILABILITY_ZONE_PROVIDER, PATH_METADATA_KEY, PROVIDER_ERROR_KEY, SSMPARAM_NO_INVALIDATE, UNKNOWN_ACCOUNT, UNKNOWN_REGION, type AmiContextResponse, type AvailabilityZonesContextResponse, type EndpointServiceAvailabilityZonesContextResponse, type StackMetadata } from '@aws-cdk/cloud-assembly-api';
import type * as cxschema from '@aws-cdk/cloud-assembly-schema';
export { ASSET_PREFIX_SEPARATOR, ASSET_RESOURCE_METADATA_DOCKER_BUILD_ARGS_KEY, ASSET_RESOURCE_METADATA_DOCKER_BUILD_CONTEXTS_KEY, ASSET_RESOURCE_METADATA_DOCKER_BUILD_SECRETS_KEY, ASSET_RESOURCE_METADATA_DOCKER_BUILD_SSH_KEY, ASSET_RESOURCE_METADATA_DOCKER_BUILD_TARGET_KEY, ASSET_RESOURCE_METADATA_DOCKER_CACHE_DISABLED_KEY, ASSET_RESOURCE_METADATA_DOCKER_CACHE_FROM_KEY, ASSET_RESOURCE_METADATA_DOCKER_CACHE_TO_KEY, ASSET_RESOURCE_METADATA_DOCKER_OUTPUTS_KEY, ASSET_RESOURCE_METADATA_DOCKERFILE_PATH_KEY, ASSET_RESOURCE_METADATA_ENABLED_CONTEXT, ASSET_RESOURCE_METADATA_IS_BUNDLED_KEY, ASSET_RESOURCE_METADATA_PATH_KEY, ASSET_RESOURCE_METADATA_PROPERTY_KEY, AVAILABILITY_ZONE_FALLBACK_CONTEXT_KEY, ENDPOINT_SERVICE_AVAILABILITY_ZONE_PROVIDER, PATH_METADATA_KEY, PROVIDER_ERROR_KEY, SSMPARAM_NO_INVALIDATE, UNKNOWN_ACCOUNT, UNKNOWN_REGION, AmiContextResponse, AvailabilityZonesContextResponse, EndpointServiceAvailabilityZonesContextResponse, StackMetadata, };
/**
* @deprecated The official definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface SynthesisMessage {
readonly level: SynthesisMessageLevel;
readonly id: string;
readonly entry: cxschema.MetadataEntry;
}
/**
* @deprecated The official definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export declare enum SynthesisMessageLevel {
INFO = "info",
WARNING = "warning",
ERROR = "error"
}
/**
* Represents a deployable cloud application.
*/
export declare class CloudAssembly implements cxschema.ICloudAssembly {
/**
* Return whether the given object is a CloudAssembly.
*
* We do attribute detection since we can't reliably use 'instanceof'.
*/
static isCloudAssembly(x: any): x is CloudAssembly;
/**
* Cleans up any temporary assembly directories that got created in this process
*
* If a Cloud Assembly is emitted to a temporary directory, its directory gets
* added to a list. This function iterates over that list and deletes each
* directory in it, to free up disk space.
*
* This function will normally be called automatically during Node process
* exit and so you don't need to call this. However, some test environments do
* not properly trigger Node's `exit` event. Notably: Jest does not trigger
* the `exit` event (<https://github.com/jestjs/jest/issues/10927>).
*
* ## Cleaning up temporary directories in jest
*
* For Jest, you have to make sure this function is called at the end of the
* test suite instead:
*
* ```js
* import { CloudAssembly } from 'aws-cdk-lib/cx-api';
*
* afterAll(CloudAssembly.cleanupTemporaryDirectories);
* ```
*
* Alternatively, you can use the `setupFilesAfterEnv` feature and use a
* provided helper script to automatically inject the above into every
* test file, so you don't have to do it by hand.
*
* ```
* $ npx jest --setupFilesAfterEnv aws-cdk-lib/testhelpers/jest-autoclean
* ```
*
* Or put the following into `jest.config.js`:
*
* ```js
* module.exports = {
* // ...
* setupFilesAfterEnv: ['aws-cdk-lib/testhelpers/jest-cleanup'],
* };
* ```
*/
static cleanupTemporaryDirectories(): void;
/**
* The root directory of the cloud assembly.
*/
readonly directory: string;
/**
* The schema version of the assembly manifest.
*/
readonly version: string;
/**
* All artifacts included in this assembly.
*/
readonly artifacts: CloudArtifact[];
/**
* Runtime information such as module versions used to synthesize this assembly.
*/
readonly runtime: cxschema.RuntimeInfo;
/**
* The raw assembly manifest.
*/
readonly manifest: cxschema.AssemblyManifest;
/**
* Reads a cloud assembly from the specified directory.
* @param directory - The root directory of the assembly.
*/
constructor(directory: string, loadOptions?: cxschema.LoadManifestOptions);
/**
* Attempts to find an artifact with a specific identity.
* @returns A `CloudArtifact` object or `undefined` if the artifact does not exist in this assembly.
* @param id - The artifact ID
*/
tryGetArtifact(id: string): CloudArtifact | undefined;
/**
* Returns a CloudFormation stack artifact from this assembly.
*
* Will only search the current assembly.
*
* @param stackName - the name of the CloudFormation stack.
* @throws if there is no stack artifact by that name
* @throws if there is more than one stack with the same stack name. You can
* use `getStackArtifact(stack.artifactId)` instead.
* @returns a `CloudFormationStackArtifact` object.
*/
getStackByName(stackName: string): CloudFormationStackArtifact;
/**
* Returns a CloudFormation stack artifact from this assembly.
*
* @param artifactId - the artifact id of the stack (can be obtained through `stack.artifactId`).
* @throws if there is no stack artifact with that id
* @returns a `CloudFormationStackArtifact` object.
*/
getStackArtifact(artifactId: string): CloudFormationStackArtifact;
private tryGetArtifactRecursively;
/**
* Returns all the stacks, including the ones in nested assemblies
*/
get stacksRecursively(): CloudFormationStackArtifact[];
/**
* Returns a nested assembly artifact.
*
* @param artifactId - The artifact ID of the nested assembly
*/
getNestedAssemblyArtifact(artifactId: string): NestedCloudAssemblyArtifact;
/**
* Returns a nested assembly.
*
* @param artifactId - The artifact ID of the nested assembly
*/
getNestedAssembly(artifactId: string): CloudAssembly;
/**
* Returns the tree metadata artifact from this assembly.
* @throws if there is no metadata artifact by that name
* @returns a `TreeCloudArtifact` object if there is one defined in the manifest, `undefined` otherwise.
*/
tree(): TreeCloudArtifact | undefined;
/**
* @returns all the CloudFormation stack artifacts that are included in this assembly.
*/
get stacks(): CloudFormationStackArtifact[];
/**
* The nested assembly artifacts in this assembly
*/
get nestedAssemblies(): NestedCloudAssemblyArtifact[];
private validateDeps;
private renderArtifacts;
}
/**
* Represents an artifact within a cloud assembly.
*/
export declare class CloudArtifact {
readonly assembly: CloudAssembly;
readonly id: string;
/**
* Returns a subclass of `CloudArtifact` based on the artifact type defined in the artifact manifest.
*
* @param assembly - The cloud assembly from which to load the artifact
* @param id - The artifact ID
* @param artifact - The artifact manifest
* @returns the `CloudArtifact` that matches the artifact type or `undefined` if it's an artifact type that is unrecognized by this module.
*/
static fromManifest(assembly: CloudAssembly, id: string, artifact: cxschema.ArtifactManifest): CloudArtifact | undefined;
/**
* The artifact's manifest
*/
readonly manifest: cxschema.ArtifactManifest;
/**
* The set of messages extracted from the artifact's metadata.
*/
readonly messages: SynthesisMessage[];
/**
* Cache of resolved dependencies.
*/
private _deps?;
protected constructor(assembly: CloudAssembly, id: string, manifest: cxschema.ArtifactManifest);
/**
* Returns all the artifacts that this artifact depends on.
*/
get dependencies(): CloudArtifact[];
/**
* @returns all the metadata entries of a specific type in this artifact.
*/
findMetadataByType(type: string): MetadataEntryResult[];
private renderMessages;
/**
* An identifier that shows where this artifact is located in the tree
* of nested assemblies, based on their manifests. Defaults to the normal
* id. Should only be used in user interfaces.
*/
get hierarchicalId(): string;
/**
* Returns the metadata associated with this Cloud Artifact
*/
get metadata(): Record<string, cxschema.MetadataEntry[]>;
}
export declare class CloudFormationStackArtifact extends CloudArtifact {
/**
* Checks if `art` is an instance of this class.
*
* Use this method instead of `instanceof` to properly detect `CloudFormationStackArtifact`
* instances, even when the construct library is symlinked.
*
* Explanation: in JavaScript, multiple copies of the `cx-api` library on
* disk are seen as independent, completely different libraries. As a
* consequence, the class `CloudFormationStackArtifact` in each copy of the `cx-api` library
* is seen as a different class, and an instance of one class will not test as
* `instanceof` the other class. `npm install` will not create installations
* like this, but users may manually symlink construct libraries together or
* use a monorepo tool: in those cases, multiple copies of the `cx-api`
* library can be accidentally installed, and `instanceof` will behave
* unpredictably. It is safest to avoid using `instanceof`, and using
* this type-testing method instead.
*/
static isCloudFormationStackArtifact(art: any): art is CloudFormationStackArtifact;
/**
* The file name of the template.
*/
readonly templateFile: string;
/**
* The original name as defined in the CDK app.
*/
readonly originalName: string;
/**
* Any assets associated with this stack.
*/
readonly assets: cxschema.AssetMetadataEntry[];
/**
* CloudFormation parameters to pass to the stack.
*/
readonly parameters: {
[id: string]: string;
};
/**
* CloudFormation tags to pass to the stack.
*/
readonly tags: {
[id: string]: string;
};
/**
* SNS Topics that will receive stack events.
*/
readonly notificationArns?: string[];
/**
* The physical name of this stack.
*/
readonly stackName: string;
/**
* A string that represents this stack. Should only be used in user
* interfaces. If the stackName has not been set explicitly, or has been set
* to artifactId, it will return the hierarchicalId of the stack. Otherwise,
* it will return something like "<hierarchicalId> (<stackName>)"
*/
readonly displayName: string;
/**
* The environment into which to deploy this artifact.
*/
readonly environment: Environment;
/**
* The role that needs to be assumed to deploy the stack
*
* @default - No role is assumed (current credentials are used)
*/
readonly assumeRoleArn?: string;
/**
* External ID to use when assuming role for cloudformation deployments
*
* @default - No external ID
*/
readonly assumeRoleExternalId?: string;
/**
* Additional options to pass to STS when assuming the role for cloudformation deployments.
*
* - `RoleArn` should not be used. Use the dedicated `assumeRoleArn` property instead.
* - `ExternalId` should not be used. Use the dedicated `assumeRoleExternalId` instead.
* - `TransitiveTagKeys` defaults to use all keys (if any) specified in `Tags`. E.g, all tags are transitive by default.
*
* @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
* @default - No additional options.
*/
readonly assumeRoleAdditionalOptions?: {
[key: string]: any;
};
/**
* The role that is passed to CloudFormation to execute the change set
*
* @default - No role is passed (currently assumed role/credentials are used)
*/
readonly cloudFormationExecutionRoleArn?: string;
/**
* The role to use to look up values from the target AWS account
*
* @default - No role is assumed (current credentials are used)
*/
readonly lookupRole?: cxschema.BootstrapRole;
/**
* If the stack template has already been included in the asset manifest, its asset URL
*
* @default - Not uploaded yet, upload just before deploying
*/
readonly stackTemplateAssetObjectUrl?: string;
/**
* Version of bootstrap stack required to deploy this stack
*
* @default - No bootstrap stack required
*/
readonly requiresBootstrapStackVersion?: number;
/**
* Name of SSM parameter with bootstrap stack version
*
* @default - Discover SSM parameter by reading stack
*/
readonly bootstrapStackVersionSsmParameter?: string;
/**
* Whether termination protection is enabled for this stack.
*/
readonly terminationProtection?: boolean;
/**
* Whether this stack should be validated by the CLI after synthesis
*
* @default - false
*/
readonly validateOnSynth?: boolean;
private _template;
constructor(assembly: CloudAssembly, artifactId: string, artifact: cxschema.ArtifactManifest);
/**
* Full path to the template file
*/
get templateFullPath(): string;
/**
* The CloudFormation template for this stack.
*/
get template(): any;
}
/**
* Asset manifest is a description of a set of assets which need to be built and published
*/
export declare class AssetManifestArtifact extends CloudArtifact {
/**
* Checks if `art` is an instance of this class.
*
* Use this method instead of `instanceof` to properly detect `AssetManifestArtifact`
* instances, even when the construct library is symlinked.
*
* Explanation: in JavaScript, multiple copies of the `cx-api` library on
* disk are seen as independent, completely different libraries. As a
* consequence, the class `AssetManifestArtifact` in each copy of the `cx-api` library
* is seen as a different class, and an instance of one class will not test as
* `instanceof` the other class. `npm install` will not create installations
* like this, but users may manually symlink construct libraries together or
* use a monorepo tool: in those cases, multiple copies of the `cx-api`
* library can be accidentally installed, and `instanceof` will behave
* unpredictably. It is safest to avoid using `instanceof`, and using
* this type-testing method instead.
*/
static isAssetManifestArtifact(this: void, art: any): art is AssetManifestArtifact;
/**
* The file name of the asset manifest
*/
readonly file: string;
/**
* Version of bootstrap stack required to deploy this stack
*/
readonly requiresBootstrapStackVersion: number | undefined;
/**
* Name of SSM parameter with bootstrap stack version
*
* @default - Discover SSM parameter by reading stack
*/
readonly bootstrapStackVersionSsmParameter?: string;
private _contents?;
constructor(assembly: CloudAssembly, name: string, artifact: cxschema.ArtifactManifest);
/**
* The Asset Manifest contents
*/
get contents(): cxschema.AssetManifest;
}
/**
* Asset manifest is a description of a set of assets which need to be built and published
*/
export declare class NestedCloudAssemblyArtifact extends CloudArtifact {
/**
* Checks if `art` is an instance of this class.
*
* Use this method instead of `instanceof` to properly detect `NestedCloudAssemblyArtifact`
* instances, even when the construct library is symlinked.
*
* Explanation: in JavaScript, multiple copies of the `cx-api` library on
* disk are seen as independent, completely different libraries. As a
* consequence, the class `NestedCloudAssemblyArtifact` in each copy of the `cx-api` library
* is seen as a different class, and an instance of one class will not test as
* `instanceof` the other class. `npm install` will not create installations
* like this, but users may manually symlink construct libraries together or
* use a monorepo tool: in those cases, multiple copies of the `cx-api`
* library can be accidentally installed, and `instanceof` will behave
* unpredictably. It is safest to avoid using `instanceof`, and using
* this type-testing method instead.
*/
static isNestedCloudAssemblyArtifact(art: any): art is NestedCloudAssemblyArtifact;
/**
* The relative directory name of the asset manifest
*/
readonly directoryName: string;
/**
* Display name
*/
readonly displayName: string;
/**
* The nested Assembly
*/
readonly nestedAssembly: CloudAssembly;
constructor(assembly: CloudAssembly, name: string, artifact: cxschema.ArtifactManifest);
/**
* Full path to the nested assembly directory
*/
get fullPath(): string;
}
export declare class TreeCloudArtifact extends CloudArtifact {
/**
* Checks if `art` is an instance of this class.
*
* Use this method instead of `instanceof` to properly detect `TreeCloudArtifact`
* instances, even when the construct library is symlinked.
*
* Explanation: in JavaScript, multiple copies of the `cx-api` library on
* disk are seen as independent, completely different libraries. As a
* consequence, the class `TreeCloudArtifact` in each copy of the `cx-api` library
* is seen as a different class, and an instance of one class will not test as
* `instanceof` the other class. `npm install` will not create installations
* like this, but users may manually symlink construct libraries together or
* use a monorepo tool: in those cases, multiple copies of the `cx-api`
* library can be accidentally installed, and `instanceof` will behave
* unpredictably. It is safest to avoid using `instanceof`, and using
* this type-testing method instead.
*/
static isTreeCloudArtifact(art: any): art is TreeCloudArtifact;
readonly file: string;
constructor(assembly: CloudAssembly, name: string, artifact: cxschema.ArtifactManifest);
}
/**
* @deprecated The official definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface MetadataEntryResult extends cxschema.MetadataEntry {
/**
* The path in which this entry was defined.
*/
readonly path: string;
}
/**
* Models an AWS execution environment, for use within the CDK toolkit.
*
* @deprecated The official definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface Environment {
/** The arbitrary name of this environment (user-set, or at least user-meaningful) */
readonly name: string;
/** The AWS account this environment deploys into */
readonly account: string;
/** The AWS region name where this environment deploys into */
readonly region: string;
}
/**
* Can be used to build a cloud assembly.
*/
export declare class CloudAssemblyBuilder {
/**
* The root directory of the resulting cloud assembly.
*/
readonly outdir: string;
/**
* The directory where assets of this Cloud Assembly should be stored
*/
readonly assetOutdir: string;
private readonly artifacts;
private readonly missing;
private readonly parentBuilder?;
/**
* Initializes a cloud assembly builder.
* @param outdir - The output directory, uses temporary directory if undefined
*/
constructor(outdir?: string, props?: CloudAssemblyBuilderProps);
/**
* Adds an artifact into the cloud assembly.
* @param id - The ID of the artifact.
* @param manifest - The artifact manifest
*/
addArtifact(id: string, manifest: cxschema.ArtifactManifest): void;
/**
* Reports that some context is missing in order for this cloud assembly to be fully synthesized.
* @param missing - Missing context information.
*/
addMissing(missing: cxschema.MissingContext): void;
/**
* Finalizes the cloud assembly into the output directory returns a
* `CloudAssembly` object that can be used to inspect the assembly.
*/
buildAssembly(options?: AssemblyBuildOptions): CloudAssembly;
/**
* Creates a nested cloud assembly
*/
createNestedAssembly(artifactId: string, displayName: string): CloudAssemblyBuilder;
/**
* Delete the cloud assembly directory
*/
delete(): void;
}
/**
* Convert one CloudAssembly type to another (public to private and vice-versa)
*
* @internal
*/
export declare function _convertCloudAssembly(x: CloudAssembly_): CloudAssembly;
export declare function _convertCloudAssembly(x: CloudAssembly): CloudAssembly_;
/**
* Convert one CloudAssemblyBuilder type to another (public to private and vice-versa)
*
* @internal
*/
export declare function _convertCloudAssemblyBuilder(x: CloudAssemblyBuilder_): CloudAssemblyBuilder;
export declare function _convertCloudAssemblyBuilder(x: CloudAssemblyBuilder): CloudAssemblyBuilder_;
/**
* Construction properties for CloudAssemblyBuilder
*/
export interface CloudAssemblyBuilderProps {
/**
* Use the given asset output directory
*
* @default - Same as the manifest outdir
*/
readonly assetOutdir?: string;
/**
* If this builder is for a nested assembly, the parent assembly builder
*
* @default - This is a root assembly
*/
readonly parentBuilder?: CloudAssemblyBuilder;
}
export interface AssemblyBuildOptions {
}
/**
* Placeholders which can be used manifests
*
* These can occur both in the Asset Manifest as well as the general
* Cloud Assembly manifest.
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export declare class EnvironmentPlaceholders {
/**
* Insert this into the destination fields to be replaced with the current region
*/
static readonly CURRENT_REGION = "${AWS::Region}";
/**
* Insert this into the destination fields to be replaced with the current account
*/
static readonly CURRENT_ACCOUNT = "${AWS::AccountId}";
/**
* Insert this into the destination fields to be replaced with the current partition
*/
static readonly CURRENT_PARTITION = "${AWS::Partition}";
/**
* Replace the environment placeholders in all strings found in a complex object.
*
* Duplicated between cdk-assets and aws-cdk CLI because we don't have a good single place to put it
* (they're nominally independent tools).
*/
static replace(object: any, values: EnvironmentPlaceholderValues): any;
/**
* Like 'replace', but asynchronous
*/
static replaceAsync(object: any, provider: IEnvironmentPlaceholderProvider): Promise<any>;
private static recurse;
}
/**
* Return the appropriate values for the environment placeholders
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface EnvironmentPlaceholderValues {
/**
* Return the region
*/
readonly region: string;
/**
* Return the account
*/
readonly accountId: string;
/**
* Return the partition
*/
readonly partition: string;
}
/**
* Return the appropriate values for the environment placeholders
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface IEnvironmentPlaceholderProvider {
/**
* Return the region
*/
region(): Promise<string>;
/**
* Return the account
*/
accountId(): Promise<string>;
/**
* Return the partition
*/
partition(): Promise<string>;
}
/**
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export declare class EnvironmentUtils {
static parse(environment: string): Environment;
/**
* Build an environment object from an account and region
*/
static make(account: string, region: string): Environment;
/**
* Format an environment string from an account and region
*/
static format(account: string, region: string): string;
}
/**
* Properties of a discovered SecurityGroup.
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface SecurityGroupContextResponse {
/**
* The security group's id.
*/
readonly securityGroupId: string;
/**
* Whether the security group allows all outbound traffic. This will be true
* when the security group has all-protocol egress permissions to access both
* `0.0.0.0/0` and `::/0`.
*/
readonly allowAllOutbound: boolean;
}
/**
* The type of subnet group.
* Same as SubnetType in the aws-cdk-lib/aws-ec2 package,
* but we can't use that because of cyclical dependencies.
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export declare enum VpcSubnetGroupType {
/** Public subnet group type. */
PUBLIC = "Public",
/** Private subnet group type. */
PRIVATE = "Private",
/** Isolated subnet group type. */
ISOLATED = "Isolated"
}
/**
* A subnet representation that the VPC provider uses.
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface VpcSubnet {
/** The identifier of the subnet. */
readonly subnetId: string;
/**
* The code of the availability zone this subnet is in
* (for example, 'us-west-2a').
*/
readonly availabilityZone: string;
/** The identifier of the route table for this subnet. */
readonly routeTableId: string;
/**
* CIDR range of the subnet
*
* @default - CIDR information not available
*/
readonly cidr?: string;
}
/**
* A group of subnets returned by the VPC provider.
* The included subnets do NOT have to be symmetric!
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface VpcSubnetGroup {
/**
* The name of the subnet group,
* determined by looking at the tags of of the subnets
* that belong to it.
*/
readonly name: string;
/** The type of the subnet group. */
readonly type: VpcSubnetGroupType;
/**
* The subnets that are part of this group.
* There is no condition that the subnets have to be symmetric
* in the group.
*/
readonly subnets: VpcSubnet[];
}
/**
* Properties of a discovered VPC
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface VpcContextResponse {
/**
* VPC id
*/
readonly vpcId: string;
/**
* VPC cidr
*
* @default - CIDR information not available
*/
readonly vpcCidrBlock?: string;
/**
* AZs
*/
readonly availabilityZones: string[];
/**
* IDs of all public subnets
*
* Element count: #(availabilityZones) · #(publicGroups)
*/
readonly publicSubnetIds?: string[];
/**
* Name of public subnet groups
*
* Element count: #(publicGroups)
*/
readonly publicSubnetNames?: string[];
/**
* Route Table IDs of public subnet groups.
*
* Element count: #(availabilityZones) · #(publicGroups)
*/
readonly publicSubnetRouteTableIds?: string[];
/**
* IDs of all private subnets
*
* Element count: #(availabilityZones) · #(privateGroups)
*/
readonly privateSubnetIds?: string[];
/**
* Name of private subnet groups
*
* Element count: #(privateGroups)
*/
readonly privateSubnetNames?: string[];
/**
* Route Table IDs of private subnet groups.
*
* Element count: #(availabilityZones) · #(privateGroups)
*/
readonly privateSubnetRouteTableIds?: string[];
/**
* IDs of all isolated subnets
*
* Element count: #(availabilityZones) · #(isolatedGroups)
*/
readonly isolatedSubnetIds?: string[];
/**
* Name of isolated subnet groups
*
* Element count: #(isolatedGroups)
*/
readonly isolatedSubnetNames?: string[];
/**
* Route Table IDs of isolated subnet groups.
*
* Element count: #(availabilityZones) · #(isolatedGroups)
*/
readonly isolatedSubnetRouteTableIds?: string[];
/**
* The VPN gateway ID
*/
readonly vpnGatewayId?: string;
/**
* The subnet groups discovered for the given VPC.
* Unlike the above properties, this will include asymmetric subnets,
* if the VPC has any.
* This property will only be populated if `VpcContextQuery.returnAsymmetricSubnets`
* is true.
*
* @default - no subnet groups will be returned unless `VpcContextQuery.returnAsymmetricSubnets` is true
*/
readonly subnetGroups?: VpcSubnetGroup[];
/**
* The region in which the VPC is in.
*
* @default - Region of the parent stack
*/
readonly region?: string;
/**
* The ID of the AWS account that owns the VPC.
*
* @default the account id of the parent stack
*/
readonly ownerAccountId?: string;
}
/**
* Load balancer ip address type.
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export declare enum LoadBalancerIpAddressType {
/**
* IPV4 ip address
*/
IPV4 = "ipv4",
/**
* Dual stack address
*/
DUAL_STACK = "dualstack",
/**
* IPv6 only public addresses, with private IPv4 and IPv6 addresses
*/
DUAL_STACK_WITHOUT_PUBLIC_IPV4 = "dualstack-without-public-ipv4"
}
/**
* Properties of a discovered load balancer
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface LoadBalancerContextResponse {
/**
* The ARN of the load balancer.
*/
readonly loadBalancerArn: string;
/**
* The hosted zone ID of the load balancer's name.
*/
readonly loadBalancerCanonicalHostedZoneId: string;
/**
* Load balancer's DNS name
*/
readonly loadBalancerDnsName: string;
/**
* Type of IP address
*/
readonly ipAddressType: LoadBalancerIpAddressType;
/**
* Load balancer's security groups
*/
readonly securityGroupIds: string[];
/**
* Load balancer's VPC
*/
readonly vpcId: string;
}
/**
* Properties of a discovered load balancer listener.
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface LoadBalancerListenerContextResponse {
/**
* The ARN of the listener.
*/
readonly listenerArn: string;
/**
* The port the listener is listening on.
*/
readonly listenerPort: number;
/**
* The security groups of the load balancer.
*/
readonly securityGroupIds: string[];
}
/**
* Properties of a discovered key
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface KeyContextResponse {
/**
* Id of the key
*/
readonly keyId: string;
}
/**
* Query to hosted zone context provider
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface EndpointServiceAvailabilityZonesContextQuery {
/**
* Query account
*/
readonly account?: string;
/**
* Query region
*/
readonly region?: string;
/**
* Query service name
*/
readonly serviceName?: string;
}
/**
* Artifact properties for CloudFormation stacks.
*
* @deprecated The definition of this type has moved to `@aws-cdk/cloud-assembly-api`.
*/
export interface AwsCloudFormationStackProperties {
/**
* A file relative to the assembly root which contains the CloudFormation template for this stack.
*/
readonly templateFile: string;
/**
* Values for CloudFormation stack parameters that should be passed when the stack is deployed.
*/
readonly parameters?: {
[id: string]: string;
};
/**
* The name to use for the CloudFormation stack.
* @default - name derived from artifact ID
*/
readonly stackName?: string;
/**
* Whether to enable termination protection for this stack.
*
* @default false
*/
readonly terminationProtection?: boolean;
}

1
cdk/node_modules/aws-cdk-lib/cx-api/lib/legacy-moved.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

18
cdk/node_modules/aws-cdk-lib/cx-api/lib/private/error.d.ts generated vendored Normal file
View File

@@ -0,0 +1,18 @@
/**
* A CloudAssemblyError is thrown for issues with the synthesized CloudAssembly.
*
* These are typically exceptions that are unexpected for end-users,
* and should only occur during abnormal operation, e.g. when the synthesis
* didn't fully complete.
*
* @internal
*/
export declare class CloudAssemblyError extends Error {
#private;
/**
* The time the error was thrown.
*/
get time(): string;
get type(): 'assembly';
constructor(msg: string);
}

1
cdk/node_modules/aws-cdk-lib/cx-api/lib/private/error.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CloudAssemblyError=void 0;const ASSEMBLY_ERROR_SYMBOL=Symbol.for("@aws-cdk/cx-api.CloudAssemblyError");class CloudAssemblyError extends Error{#time;get time(){return this.#time}get type(){return"assembly"}constructor(msg){super(msg),Object.setPrototypeOf(this,CloudAssemblyError.prototype),Object.defineProperty(this,ASSEMBLY_ERROR_SYMBOL,{value:!0}),this.name=new.target.name,this.#time=new Date().toISOString()}}exports.CloudAssemblyError=CloudAssemblyError;

91
cdk/node_modules/aws-cdk-lib/cx-api/lib/private/flag-modeling.d.ts generated vendored Normal file
View File

@@ -0,0 +1,91 @@
export declare enum FlagType {
/**
* Change the default behavior of the API
*
* The old behavior is still valid, and possible to achieve with source
* code changes, but we recommend the new behavior instead.
*
* Also valid for changes that don't affect CloudFormation, but the CXAPI
* contract.
*/
ApiDefault = 0,
/**
* Address a bug in a way that requires contract breaking or has availability implications for existing infrastructure
*
* The old behavior is not recommended, and shouldn't have been possible in the first place.
* We only have this flag because we can't roll out the fix to everyone
* automatically for fear of breakage.
*/
BugFix = 1,
/**
* Advertise the presence of this context option in `cdk.json`
*/
VisibleContext = 2,
/**
* Use this type for flags that are to be removed on a set date
*/
Temporary = 3
}
export interface FlagInfoBase {
/** Single-line description for the flag */
readonly summary: string;
/** Detailed description for the flag (Markdown) */
readonly detailsMd: string;
/**
* Version number the flag was introduced in each version line.
*
* `undefined` means flag is not configurable in that line; but if
* `unconfiguredBehavesLike` is set for that line, we will document the default
* behavior (even though it's not configurable).
*/
readonly introducedIn: {
v1?: string;
v2?: string;
};
/** What you would like new users to set this flag to (default in new projects) */
readonly recommendedValue: any;
/**
* If this flag is not set, the CLI library will behave as if the flag was set to <this>.
*
* If this flag is not set, we will assume you meant `false`, and the `recommendedValue` is `true`.
*
* This value is most useful for flags that allow opting out of undesirable behavior. To avoid having
* to word our flag name like `skipUndesirableBehavior` and people having to do boolean gymnastics in
* their head, we will name the flag `doUndesirableBehavior`, set
* `unconfiguredBehavesLike: true`, and `recommendedValue: false`.
*
* Again: the value you put here should describe whatever value gets us the
* legacy behavior, from before this flag was introduced.
*/
readonly unconfiguredBehavesLike?: {
v1?: any;
v2?: any;
};
}
/** Flag information, adding required fields if present */
export type FlagInfo = FlagInfoBase & ({
readonly type: FlagType.ApiDefault;
/** Describe how to use the API to achieve pre-flag behavior, if the flag is set (Markdown) */
readonly compatibilityWithOldBehaviorMd: string;
} | {
readonly type: FlagType.BugFix;
/** Describe how to deal with the change if the flag is set (Markdown) */
readonly compatibilityWithOldBehaviorMd?: string;
} | {
readonly type: FlagType.VisibleContext;
} | {
readonly type: FlagType.Temporary;
readonly compatibilityWithOldBehaviorMd?: string;
});
/**
* The magic value that will be substituted at version bump time with the actual
* new V2 version.
*
* Do not import this constant in the `features.ts` file, or the substitution
* process won't work.
*/
export declare const MAGIC_V2NEXT = "V2NEXT";
/**
* Compare two versions, returning -1, 0, or 1.
*/
export declare function compareVersions(a: string | undefined, b: string | undefined): number;

1
cdk/node_modules/aws-cdk-lib/cx-api/lib/private/flag-modeling.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.MAGIC_V2NEXT=exports.FlagType=void 0,exports.compareVersions=compareVersions;var FlagType;(function(FlagType2){FlagType2[FlagType2.ApiDefault=0]="ApiDefault",FlagType2[FlagType2.BugFix=1]="BugFix",FlagType2[FlagType2.VisibleContext=2]="VisibleContext",FlagType2[FlagType2.Temporary=3]="Temporary"})(FlagType||(exports.FlagType=FlagType={})),exports.MAGIC_V2NEXT="V2NEXT";function compareVersions(a,b){if(a===b)return 0;if(a===void 0)return-1;if(b===void 0)return 1;const as=a.split(".").map(x=>parseInt(x,10)),bs=b.split(".").map(x=>parseInt(x,10));if(a===exports.MAGIC_V2NEXT)return bs[0]<=2?1:-1;if(b===exports.MAGIC_V2NEXT)return as[0]<=2?-1:1;for(let i=0;i<Math.min(as.length,bs.length);i++){if(as[i]<bs[i])return-1;if(as[i]>bs[i])return 1}return as.length-bs.length}