diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json index 883741e07b733..815de3a514d83 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json @@ -1,253 +1,253 @@ { - "Resources": { - "GlueJobRole1CD031E0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "glue" - } + "Resources": { + "GlueJobRole1CD031E0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "glue.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSGlueServiceRole" + ] + ] + } + ] } - ], - "Version": "2012-10-17" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" + "GlueJobRoleDefaultPolicy3D94D6F1": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + } + ], + "Version": "2012-10-17" }, - ":iam::aws:policy/service-role/AWSGlueServiceRole" - ] - ] - } - ] - } - }, - "GlueJobRoleDefaultPolicy3D94D6F1": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "/*" - ] - ] + "PolicyName": "GlueJobRoleDefaultPolicy3D94D6F1", + "Roles": [ + { + "Ref": "GlueJobRole1CD031E0" + } + ] + } + }, + "GlueJob": { + "Type": "AWS::Glue::Job", + "Properties": { + "Command": { + "Name": "glueetl", + "PythonVersion": "3", + "ScriptLocation": { + "Fn::Join": [ + "", + [ + "s3://", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/d030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0d.py" + ] + ] + } }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - } + "Role": { + "Fn::GetAtt": [ + "GlueJobRole1CD031E0", + "Arn" ] - ] + }, + "GlueVersion": "1.0", + "Name": "My Glue Job" + } + }, + "StateMachineRole543B9670": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ], + "Version": "2012-10-17" } - ] } - ], - "Version": "2012-10-17" }, - "PolicyName": "GlueJobRoleDefaultPolicy3D94D6F1", - "Roles": [ - { - "Ref": "GlueJobRole1CD031E0" - } - ] - } - }, - "GlueJob": { - "Type": "AWS::Glue::Job", - "Properties": { - "Command": { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": { - "Fn::Join": [ - "", - [ - "s3://", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + "StateMachineRoleDefaultPolicyDA5F7DA8": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "glue:BatchStopJobRun", + "glue:GetJobRun", + "glue:GetJobRuns", + "glue:StartJobRun" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":glue:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":job/My Glue Job" + ] + ] + } + } + ], + "Version": "2012-10-17" }, - "/d030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0d.py" - ] - ] - } - }, - "Role": { - "Fn::GetAtt": [ - "GlueJobRole1CD031E0", - "Arn" - ] - }, - "GlueVersion": "1.0", - "Name": "My Glue Job" - } - }, - "StateMachineRole543B9670": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "states.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "StateMachineRoleDefaultPolicyDA5F7DA8": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "glue:BatchStopJobRun", - "glue:GetJobRun", - "glue:GetJobRuns", - "glue:StartJobRun" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", + "PolicyName": "StateMachineRoleDefaultPolicyDA5F7DA8", + "Roles": [ { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":job/My Glue Job" - ] + "Ref": "StateMachineRole543B9670" + } ] - } } - ], - "Version": "2012-10-17" }, - "PolicyName": "StateMachineRoleDefaultPolicyDA5F7DA8", - "Roles": [ - { - "Ref": "StateMachineRole543B9670" - } - ] - } + "StateMachine81935E76": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole543B9670", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Start Task\",\"States\":{\"Start Task\":{\"Type\":\"Pass\",\"Next\":\"Glue Job Task\"},\"Glue Job Task\":{\"Next\":\"End Task\",\"Parameters\":{\"JobName\":\"My Glue Job\",\"Arguments\":{\"--enable-metrics\":\"true\"}},\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::glue:startJobRun.sync\"},\"End Task\":{\"Type\":\"Pass\",\"End\":true}}}" + ] + ] + } + }, + "DependsOn": [ + "StateMachineRoleDefaultPolicyDA5F7DA8", + "StateMachineRole543B9670" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } }, - "StateMachine81935E76": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "StateMachineRole543B9670", - "Arn" - ] - }, - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"Start Task\",\"States\":{\"Start Task\":{\"Type\":\"Pass\",\"Next\":\"Glue Job Task\"},\"Glue Job Task\":{\"Next\":\"End Task\",\"Parameters\":{\"JobName\":\"My Glue Job\",\"Arguments\":{\"--enable-metrics\":\"true\"}},\"Type\":\"Task\",\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::glue:startJobRun.sync\"},\"End Task\":{\"Type\":\"Pass\",\"End\":true}}}" - ] - ] + "Outputs": { + "StateMachineARNOutput": { + "Value": { + "Ref": "StateMachine81935E76" + } } - }, - "DependsOn": [ - "StateMachineRoleDefaultPolicyDA5F7DA8", - "StateMachineRole543B9670" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - } - }, - "Outputs": { - "StateMachineARNOutput": { - "Value": { - "Ref": "StateMachine81935E76" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } - ] } - } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json index e054ff5a5c807..badcc4da61922 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json @@ -1,253 +1,253 @@ { - "Resources": { - "GlueJobRole1CD031E0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "glue" - } + "Resources": { + "GlueJobRole1CD031E0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "glue.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSGlueServiceRole" + ] + ] + } + ] } - ], - "Version": "2012-10-17" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" + "GlueJobRoleDefaultPolicy3D94D6F1": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + ] + } + ], + "Version": "2012-10-17" }, - ":iam::aws:policy/service-role/AWSGlueServiceRole" - ] - ] - } - ] - } - }, - "GlueJobRoleDefaultPolicy3D94D6F1": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "/*" - ] - ] + "PolicyName": "GlueJobRoleDefaultPolicy3D94D6F1", + "Roles": [ + { + "Ref": "GlueJobRole1CD031E0" + } + ] + } + }, + "GlueJob": { + "Type": "AWS::Glue::Job", + "Properties": { + "Command": { + "Name": "glueetl", + "PythonVersion": "3", + "ScriptLocation": { + "Fn::Join": [ + "", + [ + "s3://", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/d030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0d.py" + ] + ] + } }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - } + "Role": { + "Fn::GetAtt": [ + "GlueJobRole1CD031E0", + "Arn" ] - ] + }, + "GlueVersion": "1.0", + "Name": "My Glue Job" + } + }, + "StateMachineRole543B9670": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ], + "Version": "2012-10-17" } - ] } - ], - "Version": "2012-10-17" }, - "PolicyName": "GlueJobRoleDefaultPolicy3D94D6F1", - "Roles": [ - { - "Ref": "GlueJobRole1CD031E0" - } - ] - } - }, - "GlueJob": { - "Type": "AWS::Glue::Job", - "Properties": { - "Command": { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": { - "Fn::Join": [ - "", - [ - "s3://", - { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + "StateMachineRoleDefaultPolicyDA5F7DA8": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "glue:BatchStopJobRun", + "glue:GetJobRun", + "glue:GetJobRuns", + "glue:StartJobRun" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":glue:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":job/My Glue Job" + ] + ] + } + } + ], + "Version": "2012-10-17" }, - "/d030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0d.py" - ] - ] - } - }, - "Role": { - "Fn::GetAtt": [ - "GlueJobRole1CD031E0", - "Arn" - ] - }, - "GlueVersion": "1.0", - "Name": "My Glue Job" - } - }, - "StateMachineRole543B9670": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "states.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "StateMachineRoleDefaultPolicyDA5F7DA8": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "glue:BatchStopJobRun", - "glue:GetJobRun", - "glue:GetJobRuns", - "glue:StartJobRun" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", + "PolicyName": "StateMachineRoleDefaultPolicyDA5F7DA8", + "Roles": [ { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":job/My Glue Job" - ] + "Ref": "StateMachineRole543B9670" + } ] - } } - ], - "Version": "2012-10-17" }, - "PolicyName": "StateMachineRoleDefaultPolicyDA5F7DA8", - "Roles": [ - { - "Ref": "StateMachineRole543B9670" - } - ] - } + "StateMachine81935E76": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole543B9670", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Start Task\",\"States\":{\"Start Task\":{\"Type\":\"Pass\",\"Next\":\"Glue Job Task\"},\"Glue Job Task\":{\"Next\":\"End Task\",\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::glue:startJobRun.sync\",\"Parameters\":{\"JobName\":\"My Glue Job\",\"Arguments\":{\"--enable-metrics\":\"true\"}}},\"End Task\":{\"Type\":\"Pass\",\"End\":true}}}" + ] + ] + } + }, + "DependsOn": [ + "StateMachineRoleDefaultPolicyDA5F7DA8", + "StateMachineRole543B9670" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } }, - "StateMachine81935E76": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "StateMachineRole543B9670", - "Arn" - ] - }, - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"Start Task\",\"States\":{\"Start Task\":{\"Type\":\"Pass\",\"Next\":\"Glue Job Task\"},\"Glue Job Task\":{\"Next\":\"End Task\",\"Type\":\"Task\",\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::glue:startJobRun.sync\",\"Parameters\":{\"JobName\":\"My Glue Job\",\"Arguments\":{\"--enable-metrics\":\"true\"}}},\"End Task\":{\"Type\":\"Pass\",\"End\":true}}}" - ] - ] + "Outputs": { + "StateMachineARNOutput": { + "Value": { + "Ref": "StateMachine81935E76" + } } - }, - "DependsOn": [ - "StateMachineRoleDefaultPolicyDA5F7DA8", - "StateMachineRole543B9670" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - } - }, - "Outputs": { - "StateMachineARNOutput": { - "Value": { - "Ref": "StateMachine81935E76" - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } - ] } - } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-pipes-enrichments-alpha/test/__snapshots__/stepfunctions.test.ts.snap b/packages/@aws-cdk/aws-pipes-enrichments-alpha/test/__snapshots__/stepfunctions.test.ts.snap index 641c4506ff287..826d1b8ca419c 100644 --- a/packages/@aws-cdk/aws-pipes-enrichments-alpha/test/__snapshots__/stepfunctions.test.ts.snap +++ b/packages/@aws-cdk/aws-pipes-enrichments-alpha/test/__snapshots__/stepfunctions.test.ts.snap @@ -10,15 +10,7 @@ exports[`stepfunctions should grant pipe role invoke access 1`] = ` "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region", - }, - "states", - ], - }, + "Service": "states.amazonaws.com", }, }, ], diff --git a/packages/@aws-cdk/aws-pipes-targets-alpha/test/__snapshots__/stepfunctions.test.ts.snap b/packages/@aws-cdk/aws-pipes-targets-alpha/test/__snapshots__/stepfunctions.test.ts.snap index c58ce2f47f055..ab4bac868cfbe 100644 --- a/packages/@aws-cdk/aws-pipes-targets-alpha/test/__snapshots__/stepfunctions.test.ts.snap +++ b/packages/@aws-cdk/aws-pipes-targets-alpha/test/__snapshots__/stepfunctions.test.ts.snap @@ -27,15 +27,7 @@ exports[`step-function should grant pipe role push access (StartAsyncExecution) "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region", - }, - "states", - ], - }, + "Service": "states.amazonaws.com", }, }, ], @@ -74,15 +66,7 @@ exports[`step-function should grant pipe role push access (StartAsyncExecution) "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region", - }, - "states", - ], - }, + "Service": "states.amazonaws.com", }, }, ], @@ -121,15 +105,7 @@ exports[`step-function should grant pipe role push access (StartSyncExecution) w "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": { - "Fn::FindInMap": [ - "ServiceprincipalMap", - { - "Ref": "AWS::Region", - }, - "states", - ], - }, + "Service": "states.amazonaws.com", }, }, ], diff --git a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md index ced7faaa3adef..be8cfb6c4d69c 100644 --- a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md +++ b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md @@ -38,7 +38,6 @@ Flags come in three types: | [@aws-cdk/core:enablePartitionLiterals](#aws-cdkcoreenablepartitionliterals) | Make ARNs concrete if AWS partition is known | 2.38.0 | (fix) | | [@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker](#aws-cdkaws-ecsdisableexplicitdeploymentcontrollerforcircuitbreaker) | Avoid setting the "ECS" deployment controller when adding a circuit breaker | 2.51.0 | (fix) | | [@aws-cdk/aws-events:eventsTargetQueueSameAccount](#aws-cdkaws-eventseventstargetqueuesameaccount) | Event Rules may only push to encrypted SQS queues in the same account | 2.51.0 | (fix) | -| [@aws-cdk/aws-iam:standardizedServicePrincipals](#aws-cdkaws-iamstandardizedserviceprincipals) | Use standardized (global) service principals everywhere | 2.51.0 | (fix) | | [@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName](#aws-cdkaws-iamimportedrolestacksafedefaultpolicyname) | Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in. | 2.60.0 | (fix) | | [@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy](#aws-cdkaws-s3serveraccesslogsusebucketpolicy) | Use S3 Bucket Policy instead of ACLs for Server Access Logging | 2.60.0 | (fix) | | [@aws-cdk/customresources:installLatestAwsSdkDefault](#aws-cdkcustomresourcesinstalllatestawssdkdefault) | Whether to install the latest SDK by default in AwsCustomResource | 2.60.0 | (default) | @@ -72,7 +71,7 @@ Flags come in three types: | [@aws-cdk/pipelines:reduceAssetRoleTrustScope](#aws-cdkpipelinesreduceassetroletrustscope) | Remove the root account principal from PipelineAssetsFileRole trust policy | 2.141.0 | (default) | | [@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm](#aws-cdkaws-ecsremovedefaultdeploymentalarm) | When enabled, remove default deployment alarm settings | 2.143.0 | (default) | | [@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault](#aws-cdkcustom-resourceslogapiresponsedatapropertytruedefault) | When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default | 2.145.0 | (fix) | -| [@aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions](#aws-cdkaws-stepfunctions-tasksecsreduceruntaskpermissions) | When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN. | V2NEXT | (fix) | +| [@aws-cdk/aws-stepfunctions-tasks:ecsReduceRunTaskPermissions](#aws-cdkaws-stepfunctions-tasksecsreduceruntaskpermissions) | When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN. | 2.148.0 | (fix) | @@ -101,7 +100,6 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-apigateway:disableCloudWatchRole": true, "@aws-cdk/core:enablePartitionLiterals": true, "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true, - "@aws-cdk/aws-iam:standardizedServicePrincipals": true, "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true, "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true, @@ -748,22 +746,6 @@ always apply, regardless of the value of this flag. | 2.51.0 | `false` | `true` | -### @aws-cdk/aws-iam:standardizedServicePrincipals - -*Use standardized (global) service principals everywhere* (fix) - -We used to maintain a database of exceptions to Service Principal names in various regions. This database -is no longer necessary: all service principals names have been standardized to their global form (`SERVICE.amazonaws.com`). - -This flag disables use of that exceptions database and always uses the global service principal. - - -| Since | Default | Recommended | -| ----- | ----- | ----- | -| (not in v1) | | | -| 2.51.0 | `false` | `true` | - - ### @aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName *Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in.* (fix) @@ -1370,7 +1352,7 @@ for more details. | Since | Default | Recommended | | ----- | ----- | ----- | | (not in v1) | | | -| V2NEXT | `false` | `true` | +| 2.148.0 | `false` | `true` | diff --git a/packages/aws-cdk-lib/aws-codedeploy/test/ecs/deployment-group.test.ts b/packages/aws-cdk-lib/aws-codedeploy/test/ecs/deployment-group.test.ts index ff244b80f66fc..68ff197fdb09d 100644 --- a/packages/aws-cdk-lib/aws-codedeploy/test/ecs/deployment-group.test.ts +++ b/packages/aws-cdk-lib/aws-codedeploy/test/ecs/deployment-group.test.ts @@ -140,15 +140,7 @@ describe('CodeDeploy ECS DeploymentGroup', () => { Action: 'sts:AssumeRole', Effect: 'Allow', Principal: { - Service: { - 'Fn::FindInMap': [ - 'ServiceprincipalMap', - { - Ref: 'AWS::Region', - }, - 'codedeploy', - ], - }, + Service: 'codedeploy.amazonaws.com', }, }], Version: '2012-10-17', diff --git a/packages/aws-cdk-lib/aws-codedeploy/test/lambda/deployment-group.test.ts b/packages/aws-cdk-lib/aws-codedeploy/test/lambda/deployment-group.test.ts index c3a7c5110fa00..ed88b27c178e9 100644 --- a/packages/aws-cdk-lib/aws-codedeploy/test/lambda/deployment-group.test.ts +++ b/packages/aws-cdk-lib/aws-codedeploy/test/lambda/deployment-group.test.ts @@ -94,15 +94,7 @@ describe('CodeDeploy Lambda DeploymentGroup', () => { Action: 'sts:AssumeRole', Effect: 'Allow', Principal: { - Service: { - 'Fn::FindInMap': [ - 'ServiceprincipalMap', - { - Ref: 'AWS::Region', - }, - 'codedeploy', - ], - }, + Service: 'codedeploy.amazonaws.com', }, }], Version: '2012-10-17', diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts index d609f417cd227..0e611adc996cc 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts @@ -2,7 +2,7 @@ import { Construct } from 'constructs'; import { CfnVPCEndpointService, CfnVPCEndpointServicePermissions } from './ec2.generated'; import { ArnPrincipal } from '../../aws-iam'; import { Aws, Fn, IResource, Resource, Stack, Token } from '../../core'; -import { Default, RegionInfo } from '../../region-info'; +import { RegionInfo } from '../../region-info'; /** * A load balancer that can host a VPC Endpoint Service @@ -46,6 +46,13 @@ export interface IVpcEndpointService extends IResource { */ export class VpcEndpointService extends Resource implements IVpcEndpointService { + /** + * The default value for a VPC Endpoint Service name prefix, useful if you do + * not have a synthesize-time region literal available (all you have is + * `{ "Ref": "AWS::Region" }`) + */ + public static readonly DEFAULT_PREFIX = 'com.amazonaws.vpce'; + /** * One or more network load balancers to host the service. * @attribute @@ -119,8 +126,8 @@ export class VpcEndpointService extends Resource implements IVpcEndpointService const { region } = Stack.of(this); const serviceNamePrefix = !Token.isUnresolved(region) ? - (RegionInfo.get(region).vpcEndpointServiceNamePrefix ?? Default.VPC_ENDPOINT_SERVICE_NAME_PREFIX) : - Default.VPC_ENDPOINT_SERVICE_NAME_PREFIX; + (RegionInfo.get(region).vpcEndpointServiceNamePrefix ?? VpcEndpointService.DEFAULT_PREFIX) : + VpcEndpointService.DEFAULT_PREFIX; this.vpcEndpointServiceName = Fn.join('.', [serviceNamePrefix, Aws.REGION, this.vpcEndpointServiceId]); if (this.allowedPrincipals.length > 0) { diff --git a/packages/aws-cdk-lib/aws-iam/lib/principals.ts b/packages/aws-cdk-lib/aws-iam/lib/principals.ts index 6833334fcbf3d..a45853aff1de9 100644 --- a/packages/aws-cdk-lib/aws-iam/lib/principals.ts +++ b/packages/aws-cdk-lib/aws-iam/lib/principals.ts @@ -6,8 +6,7 @@ import { defaultAddPrincipalToAssumeRole } from './private/assume-role-policy'; import { LITERAL_STRING_KEY, mergePrincipal } from './private/util'; import { ISamlProvider } from './saml-provider'; import * as cdk from '../../core'; -import * as cxapi from '../../cx-api'; -import { Default, FactName, RegionInfo } from '../../region-info'; +import { RegionInfo } from '../../region-info'; /** * Any object that has an associated principal that a permission can be granted to @@ -541,11 +540,13 @@ export class ServicePrincipal extends PrincipalBase { * These days all service principal names are standardized, and they are all * of the form `.amazonaws.com`. * - * If the feature flag `@aws-cdk/aws-iam:standardizedServicePrincipals` is set, this - * method will always return its input. If this feature flag is not set, this - * method will perform the legacy behavior, which appends the region-specific - * domain suffix for some select services (for example, it would append `.cn` - * to some service principal names). + * To avoid breaking changes, handling is provided for services added with the formats below, + * however, no additional handling will be added for new regions or partitions. + * - s3 + * - s3.amazonaws.com + * - s3.amazonaws.com.cn + * - s3.c2s.ic.gov + * - s3.sc2s.sgov.gov * * @example * const principalName = iam.ServicePrincipal.servicePrincipalName('ec2.amazonaws.com'); @@ -942,11 +943,7 @@ class ServicePrincipalToken implements cdk.IResolvable { } public resolve(ctx: cdk.IResolveContext) { - return cdk.FeatureFlags.of(ctx.scope).isEnabled(cxapi.IAM_STANDARDIZED_SERVICE_PRINCIPALS) - ? this.newStandardizedBehavior(ctx) - : this.legacyBehavior(ctx); - - // The correct behavior is to always use the global service principal + return this.newStandardizedBehavior(ctx); } /** @@ -954,32 +951,20 @@ class ServicePrincipalToken implements cdk.IResolvable { */ private newStandardizedBehavior(ctx: cdk.IResolveContext) { const stack = cdk.Stack.of(ctx.scope); + + // If the user had previously set the feature flag to `false` we would allow them to provide only the service name instead of the + // entire service principal. We can't break them so now everyone gets to do it! + const match = this.service.match(/^([^.]+)(?:(?:\.amazonaws\.com(?:\.cn)?)|(?:\.c2s\.ic\.gov)|(?:\.sc2s\.sgov\.gov))?$/); + const service = match ? `${match[1]}.amazonaws.com` : this.service; if ( this.opts.region && !cdk.Token.isUnresolved(this.opts.region) && stack.region !== this.opts.region && RegionInfo.get(this.opts.region).isOptInRegion ) { - return this.service.replace(/\.amazonaws\.com$/, `.${this.opts.region}.amazonaws.com`); - } - return this.service; - } - - /** - * Do a single lookup - */ - private legacyBehavior(ctx: cdk.IResolveContext) { - if (this.opts.region) { - // Special case, handle it separately to not break legacy behavior. - return RegionInfo.get(this.opts.region).servicePrincipal(this.service) ?? - Default.servicePrincipal(this.service, this.opts.region, cdk.Aws.URL_SUFFIX); + return service.replace(/\.amazonaws\.com$/, `.${this.opts.region}.amazonaws.com`); } - - const stack = cdk.Stack.of(ctx.scope); - return stack.regionalFact( - FactName.servicePrincipal(this.service), - Default.servicePrincipal(this.service, stack.region, cdk.Aws.URL_SUFFIX), - ); + return service; } public toString() { diff --git a/packages/aws-cdk-lib/aws-iam/test/policy-document.test.ts b/packages/aws-cdk-lib/aws-iam/test/policy-document.test.ts index 09af35f469636..2cf20950bab70 100644 --- a/packages/aws-cdk-lib/aws-iam/test/policy-document.test.ts +++ b/packages/aws-cdk-lib/aws-iam/test/policy-document.test.ts @@ -1,4 +1,3 @@ -import { testDeprecated } from '@aws-cdk/cdk-build-tools'; import { Template } from '../../assertions'; import { Lazy, Stack, Token } from '../../core'; import { @@ -464,21 +463,7 @@ describe('IAM policy document', () => { expect(stack.resolve(s.toStatementJson())).toEqual({ Effect: 'Allow', Action: 'test:Action', - Principal: { Service: 'codedeploy.cn-north-1.amazonaws.com.cn' }, - }); - }); - - // Deprecated: 'region' parameter to ServicePrincipal shouldn't be used. - testDeprecated('regional service principals resolve appropriately (with user-set region)', () => { - const stack = new Stack(undefined, undefined, { env: { region: 'cn-northeast-1' } }); - const s = new PolicyStatement(); - s.addActions('test:Action'); - s.addServicePrincipal('codedeploy.amazonaws.com', { region: 'cn-north-1' }); - - expect(stack.resolve(s.toStatementJson())).toEqual({ - Effect: 'Allow', - Action: 'test:Action', - Principal: { Service: 'codedeploy.cn-north-1.amazonaws.com.cn' }, + Principal: { Service: 'codedeploy.amazonaws.com' }, }); }); diff --git a/packages/aws-cdk-lib/aws-iam/test/principals.test.ts b/packages/aws-cdk-lib/aws-iam/test/principals.test.ts index 67cdb361ee257..43fb71da6005a 100644 --- a/packages/aws-cdk-lib/aws-iam/test/principals.test.ts +++ b/packages/aws-cdk-lib/aws-iam/test/principals.test.ts @@ -364,29 +364,13 @@ describe('deprecated ServicePrincipal behavior', () => { const afSouthStack = new Stack(undefined, undefined, { env: { region: 'af-south-1' } }); const principalName = iam.ServicePrincipal.servicePrincipalName('states.amazonaws.com'); - expect(usEastStack.resolve(principalName)).toEqual('states.us-east-1.amazonaws.com'); - expect(afSouthStack.resolve(principalName)).toEqual('states.af-south-1.amazonaws.com'); + expect(usEastStack.resolve(principalName)).toEqual('states.amazonaws.com'); + expect(afSouthStack.resolve(principalName)).toEqual('states.amazonaws.com'); }); test('Passing non-string as accountId parameter in AccountPrincipal constructor should throw error', () => { expect(() => new iam.AccountPrincipal(1234)).toThrowError('accountId should be of type string'); }); - - test('ServicePrincipal in agnostic stack generates lookup table', () => { - // GIVEN - const stack = new Stack(); - - // WHEN - new iam.Role(stack, 'Role', { - assumedBy: new iam.ServicePrincipal('states.amazonaws.com'), - }); - - // THEN - const template = Template.fromStack(stack); - const mappings = template.findMappings('ServiceprincipalMap'); - expect(mappings.ServiceprincipalMap['af-south-1']?.states).toEqual('states.af-south-1.amazonaws.com'); - expect(mappings.ServiceprincipalMap['us-east-1']?.states).toEqual('states.us-east-1.amazonaws.com'); - }); }); describe('standardized Service Principal behavior', () => { @@ -396,9 +380,7 @@ describe('standardized Service Principal behavior', () => { let app: App; beforeEach(() => { - app = new App({ - postCliContext: { [cxapi.IAM_STANDARDIZED_SERVICE_PRINCIPALS]: true }, - }); + app = new App(); }); test('no more regional service principals by default', () => { diff --git a/packages/aws-cdk-lib/aws-logs-destinations/test/kinesis.test.ts b/packages/aws-cdk-lib/aws-logs-destinations/test/kinesis.test.ts index 2062168fa3ee8..cd773f9d8d3da 100644 --- a/packages/aws-cdk-lib/aws-logs-destinations/test/kinesis.test.ts +++ b/packages/aws-cdk-lib/aws-logs-destinations/test/kinesis.test.ts @@ -32,14 +32,7 @@ test('stream can be subscription destination', () => { Action: 'sts:AssumeRole', Effect: 'Allow', Principal: { - Service: { - 'Fn::Join': ['', [ - 'logs.', - { Ref: 'AWS::Region' }, - '.', - { Ref: 'AWS::URLSuffix' }, - ]], - }, + Service: 'logs.amazonaws.com', }, }], }, @@ -102,14 +95,7 @@ test('stream can be subscription destination twice, without duplicating permissi Action: 'sts:AssumeRole', Effect: 'Allow', Principal: { - Service: { - 'Fn::Join': ['', [ - 'logs.', - { Ref: 'AWS::Region' }, - '.', - { Ref: 'AWS::URLSuffix' }, - ]], - }, + Service: 'logs.amazonaws.com', }, }], }, diff --git a/packages/aws-cdk-lib/custom-resources/test/provider-framework/waiter-state-machine.test.ts b/packages/aws-cdk-lib/custom-resources/test/provider-framework/waiter-state-machine.test.ts index d77ebdc94fa60..907a18e5d24f5 100644 --- a/packages/aws-cdk-lib/custom-resources/test/provider-framework/waiter-state-machine.test.ts +++ b/packages/aws-cdk-lib/custom-resources/test/provider-framework/waiter-state-machine.test.ts @@ -88,16 +88,7 @@ describe('state machine', () => { Action: 'sts:AssumeRole', Effect: 'Allow', Principal: { - Service: { - 'Fn::Join': [ - '', - [ - 'states.', - stack.resolve(stack.region), - '.amazonaws.com', - ], - ], - }, + Service: 'states.amazonaws.com', }, }, ], diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index 77e2f43760b24..be8cfb6c4d69c 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -38,7 +38,6 @@ Flags come in three types: | [@aws-cdk/core:enablePartitionLiterals](#aws-cdkcoreenablepartitionliterals) | Make ARNs concrete if AWS partition is known | 2.38.0 | (fix) | | [@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker](#aws-cdkaws-ecsdisableexplicitdeploymentcontrollerforcircuitbreaker) | Avoid setting the "ECS" deployment controller when adding a circuit breaker | 2.51.0 | (fix) | | [@aws-cdk/aws-events:eventsTargetQueueSameAccount](#aws-cdkaws-eventseventstargetqueuesameaccount) | Event Rules may only push to encrypted SQS queues in the same account | 2.51.0 | (fix) | -| [@aws-cdk/aws-iam:standardizedServicePrincipals](#aws-cdkaws-iamstandardizedserviceprincipals) | Use standardized (global) service principals everywhere | 2.51.0 | (fix) | | [@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName](#aws-cdkaws-iamimportedrolestacksafedefaultpolicyname) | Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in. | 2.60.0 | (fix) | | [@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy](#aws-cdkaws-s3serveraccesslogsusebucketpolicy) | Use S3 Bucket Policy instead of ACLs for Server Access Logging | 2.60.0 | (fix) | | [@aws-cdk/customresources:installLatestAwsSdkDefault](#aws-cdkcustomresourcesinstalllatestawssdkdefault) | Whether to install the latest SDK by default in AwsCustomResource | 2.60.0 | (default) | @@ -101,7 +100,6 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-apigateway:disableCloudWatchRole": true, "@aws-cdk/core:enablePartitionLiterals": true, "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true, - "@aws-cdk/aws-iam:standardizedServicePrincipals": true, "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true, "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true, @@ -748,22 +746,6 @@ always apply, regardless of the value of this flag. | 2.51.0 | `false` | `true` | -### @aws-cdk/aws-iam:standardizedServicePrincipals - -*Use standardized (global) service principals everywhere* (fix) - -We used to maintain a database of exceptions to Service Principal names in various regions. This database -is no longer necessary: all service principals names have been standardized to their global form (`SERVICE.amazonaws.com`). - -This flag disables use of that exceptions database and always uses the global service principal. - - -| Since | Default | Recommended | -| ----- | ----- | ----- | -| (not in v1) | | | -| 2.51.0 | `false` | `true` | - - ### @aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName *Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in.* (fix) diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index e7fef1bdf9e82..ba01e8b9a0e6f 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -72,7 +72,6 @@ export const SNS_SUBSCRIPTIONS_SQS_DECRYPTION_POLICY = '@aws-cdk/aws-sns-subscri export const APIGATEWAY_DISABLE_CLOUDWATCH_ROLE = '@aws-cdk/aws-apigateway:disableCloudWatchRole'; export const ENABLE_PARTITION_LITERALS = '@aws-cdk/core:enablePartitionLiterals'; export const EVENTS_TARGET_QUEUE_SAME_ACCOUNT = '@aws-cdk/aws-events:eventsTargetQueueSameAccount'; -export const IAM_STANDARDIZED_SERVICE_PRINCIPALS = '@aws-cdk/aws-iam:standardizedServicePrincipals'; export const ECS_DISABLE_EXPLICIT_DEPLOYMENT_CONTROLLER_FOR_CIRCUIT_BREAKER = '@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker'; export const S3_SERVER_ACCESS_LOGS_USE_BUCKET_POLICY = '@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy'; export const ROUTE53_PATTERNS_USE_CERTIFICATE = '@aws-cdk/aws-route53-patters:useCertificate'; @@ -564,20 +563,6 @@ export const FLAGS: Record = { recommendedValue: true, }, - ////////////////////////////////////////////////////////////////////// - [IAM_STANDARDIZED_SERVICE_PRINCIPALS]: { - type: FlagType.BugFix, - summary: 'Use standardized (global) service principals everywhere', - detailsMd: ` - We used to maintain a database of exceptions to Service Principal names in various regions. This database - is no longer necessary: all service principals names have been standardized to their global form (\`SERVICE.amazonaws.com\`). - - This flag disables use of that exceptions database and always uses the global service principal. - `, - introducedIn: { v2: '2.51.0' }, - recommendedValue: true, - }, - ////////////////////////////////////////////////////////////////////// [ECS_DISABLE_EXPLICIT_DEPLOYMENT_CONTROLLER_FOR_CIRCUIT_BREAKER]: { type: FlagType.BugFix, diff --git a/packages/aws-cdk-lib/region-info/README.md b/packages/aws-cdk-lib/region-info/README.md index fcbbeeeceda26..c173e62bf2761 100644 --- a/packages/aws-cdk-lib/region-info/README.md +++ b/packages/aws-cdk-lib/region-info/README.md @@ -1,6 +1,5 @@ # AWS Region-Specific Information Directory - ## Usage Some information used in CDK Applications differs from one AWS region to @@ -19,7 +18,6 @@ const region = regionInfo.RegionInfo.get('eu-west-1'); // Access attributes: region.s3StaticWebsiteEndpoint; // s3-website-eu-west-1.amazonaws.com -region.servicePrincipal('logs.amazonaws.com'); // logs.eu-west-1.amazonaws.com ``` The `RegionInfo` layer is built on top of the Low-Level API, which is described @@ -34,10 +32,10 @@ a list of known fact names, which can then be used with the `RegionInfo` to retrieve a particular value: ```ts -const codeDeployPrincipal = regionInfo.Fact.find('us-east-1', regionInfo.FactName.servicePrincipal('codedeploy.amazonaws.com')); -// => codedeploy.us-east-1.amazonaws.com - -const staticWebsite = regionInfo.Fact.find('ap-northeast-1', regionInfo.FactName.S3_STATIC_WEBSITE_ENDPOINT); +const staticWebsite = regionInfo.Fact.find( + 'ap-northeast-1', + regionInfo.FactName.S3_STATIC_WEBSITE_ENDPOINT +); // => s3-website-ap-northeast-1.amazonaws.com ``` @@ -50,7 +48,7 @@ to inject FactName into the database: ```ts class MyFact implements regionInfo.IFact { public readonly region = 'bermuda-triangle-1'; - public readonly name = regionInfo.FactName.servicePrincipal('s3.amazonaws.com'); + public readonly name = regionInfo.FactName.S3_STATIC_WEBSITE_ENDPOINT; public readonly value = 's3-website.bermuda-triangle-1.nowhere.com'; } @@ -66,8 +64,8 @@ adding an extra boolean argument: ```ts class MyFact implements regionInfo.IFact { public readonly region = 'us-east-1'; - public readonly name = regionInfo.FactName.servicePrincipal('service.amazonaws.com'); - public readonly value = 'the-correct-principal.amazonaws.com'; + public readonly name = regionInfo.FactName.S3_STATIC_WEBSITE_ENDPOINT; + public readonly value = 'the-correct-endpoint.amazonaws.com'; } regionInfo.Fact.register(new MyFact(), true /* Allow overriding information */); diff --git a/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts b/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts index 7e6e9c6eeceda..041108dd6390b 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts @@ -18,12 +18,10 @@ import { import { AWS_CDK_METADATA } from './metadata'; import { AWS_REGIONS, - AWS_SERVICES, before, RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN, RULE_CLASSIC_PARTITION_BECOMES_OPT_IN, } from '../lib/aws-entities'; -import { Default } from '../lib/default'; export async function main(): Promise { checkRegions(APPMESH_ECR_ACCOUNTS); @@ -98,10 +96,6 @@ export async function main(): Promise { const vpcEndpointServiceNamePrefix = `${domainSuffix.split('.').reverse().join('.')}.vpce`; registerFact(region, 'VPC_ENDPOINT_SERVICE_NAME_PREFIX', vpcEndpointServiceNamePrefix); - for (const service of AWS_SERVICES) { - registerFact(region, ['servicePrincipal', service], Default.servicePrincipal(service, region, domainSuffix)); - } - for (const version in CLOUDWATCH_LAMBDA_INSIGHTS_ARNS) { for (const arch in CLOUDWATCH_LAMBDA_INSIGHTS_ARNS[version]) { registerFact(region, ['cloudwatchLambdaInsightsVersion', version, arch], CLOUDWATCH_LAMBDA_INSIGHTS_ARNS[version][arch][region]); diff --git a/packages/aws-cdk-lib/region-info/lib/aws-entities.ts b/packages/aws-cdk-lib/region-info/lib/aws-entities.ts index d291d46bc1d41..f6e2d8125f24d 100644 --- a/packages/aws-cdk-lib/region-info/lib/aws-entities.ts +++ b/packages/aws-cdk-lib/region-info/lib/aws-entities.ts @@ -78,26 +78,6 @@ export const AWS_REGIONS = AWS_REGIONS_AND_RULES .filter((x) => typeof x === 'string') .sort() as readonly string[]; -/** - * Possibly non-exhaustive list of all service names, used to locate service principals. - * - * Not in the list ==> default service principal mappings. - */ -export const AWS_SERVICES: readonly string[] = [ - 'application-autoscaling', - 'autoscaling', - 'codedeploy', - 'ec2', - 'events', - 'lambda', - 'logs', - 's3', - 'ssm', - 'sns', - 'sqs', - 'states', -].sort(); - /** * Whether or not a region predates a given rule (or region). * diff --git a/packages/aws-cdk-lib/region-info/lib/default.ts b/packages/aws-cdk-lib/region-info/lib/default.ts index ded4f1d36551b..f763884bfccaf 100644 --- a/packages/aws-cdk-lib/region-info/lib/default.ts +++ b/packages/aws-cdk-lib/region-info/lib/default.ts @@ -1,5 +1,8 @@ /** * Provides default values for certain regional information points. + * This class is no longer needed because service principals are no longer needed except in very specific cases + * that are handled in the IAM ServicePrincipal class. + * @deprecated - Service principals are now globally `.amazonaws.com`, use iam.ServicePrincipal instead. */ export class Default { @@ -7,6 +10,8 @@ export class Default { * The default value for a VPC Endpoint Service name prefix, useful if you do * not have a synthesize-time region literal available (all you have is * `{ "Ref": "AWS::Region" }`) + * + * @deprecated - Use VpceEndpointService.DEFAULT_PREFIX instead */ public static readonly VPC_ENDPOINT_SERVICE_NAME_PREFIX = 'com.amazonaws.vpce'; @@ -19,6 +24,8 @@ export class Default { * @param serviceFqn the name of the service (s3, s3.amazonaws.com, ...) * @param region the region in which the service principal is needed. * @param urlSuffix deprecated and ignored. + * + * @deprecated - Service principals are now globally `.amazonaws.com`, use iam.ServicePrincipal instead. */ public static servicePrincipal(serviceFqn: string, region: string, urlSuffix: string): string { // NOTE: this whole method is deprecated, and should not be used or updated anymore. The global service @@ -26,8 +33,6 @@ export class Default { // (As a note, regional principals (`..amazonaws.com`) are required in // case of a cross-region reference to an opt-in region, but that's the only case, and that is not // controlled here). - // - // (It cannot be actually @deprecated since many of our tests use it :D) const serviceName = extractSimpleName(serviceFqn); if (!serviceName) { diff --git a/packages/aws-cdk-lib/region-info/lib/fact.ts b/packages/aws-cdk-lib/region-info/lib/fact.ts index 1657743343c87..2f98b31b7f149 100644 --- a/packages/aws-cdk-lib/region-info/lib/fact.ts +++ b/packages/aws-cdk-lib/region-info/lib/fact.ts @@ -226,9 +226,11 @@ export class FactName { * @param service the service name, either simple (e.g: `s3`, `codedeploy`) or qualified (e.g: `s3.amazonaws.com`). * The `.amazonaws.com` and `.amazonaws.com.cn` domains are stripped from service names, so they are * canonicalized in that respect. + * + * @deprecated - Use `iam.ServicePrincipal.servicePrincipalName()` instead. */ public static servicePrincipal(service: string): string { - return `service-principal:${service.replace(/\.amazonaws\.com(\.cn)?$/, '')}`; + return `${service.replace(/\.amazonaws\.com(\.cn)?$/, '')}.amazonaws.com`; } /** diff --git a/packages/aws-cdk-lib/region-info/lib/region-info.ts b/packages/aws-cdk-lib/region-info/lib/region-info.ts index 5f360f206bd0a..9b932c0c22f3b 100644 --- a/packages/aws-cdk-lib/region-info/lib/region-info.ts +++ b/packages/aws-cdk-lib/region-info/lib/region-info.ts @@ -124,9 +124,11 @@ export class RegionInfo { /** * The name of the service principal for a given service in this region. * @param service the service name (e.g: s3.amazonaws.com) + * + * @deprecated - Use `iam.ServicePrincipal.servicePrincipalName()` instead. */ public servicePrincipal(service: string): string | undefined { - return Fact.find(this.name, FactName.servicePrincipal(service)); + return `${service.replace(/\.amazonaws\.com(\.cn)?$/, '')}.amazonaws.com`; } /** diff --git a/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.ts.snap b/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.ts.snap index 72c4a87d888e9..43c20a5f9364d 100644 --- a/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.ts.snap +++ b/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.ts.snap @@ -45,20 +45,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.af-south-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.af-south-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.af-south-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.af-south-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-east-1": { @@ -104,20 +90,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-east-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-east-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-east-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-east-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-northeast-1": { @@ -163,20 +135,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-ap-northeast-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-northeast-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-northeast-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-northeast-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-northeast-2": { @@ -222,20 +180,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-northeast-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-northeast-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-northeast-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-northeast-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-northeast-3": { @@ -281,20 +225,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-northeast-3.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-northeast-3.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-northeast-3.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-northeast-3.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-south-1": { @@ -340,20 +270,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-south-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-south-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-south-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-south-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-south-2": { @@ -399,20 +315,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-south-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-south-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-south-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-south-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-1": { @@ -458,20 +360,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-ap-southeast-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-2": { @@ -517,20 +405,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-ap-southeast-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-3": { @@ -576,20 +450,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-southeast-3.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-3.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-3.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-3.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-4": { @@ -635,20 +495,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-southeast-4.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-4.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-4.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-4.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-5": { @@ -694,20 +540,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-southeast-5.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-5.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-5.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-5.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ap-southeast-7": { @@ -753,20 +585,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ap-southeast-7.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ap-southeast-7.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ap-southeast-7.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ap-southeast-7.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ca-central-1": { @@ -812,20 +630,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ca-central-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ca-central-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ca-central-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ca-central-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "ca-west-1": { @@ -871,20 +675,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.ca-west-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.ca-west-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.ca-west-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.ca-west-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "cn-north-1": { @@ -930,20 +720,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-cn", "s3StaticWebsiteEndpoint": "s3-website.cn-north-1.amazonaws.com.cn", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.cn-north-1.amazonaws.com.cn", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.cn-north-1.amazonaws.com.cn", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.cn-north-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "cn.com.amazonaws.vpce", }, "cn-northwest-1": { @@ -989,20 +765,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-cn", "s3StaticWebsiteEndpoint": "s3-website.cn-northwest-1.amazonaws.com.cn", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.cn-northwest-1.amazonaws.com.cn", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.cn-northwest-1.amazonaws.com.cn", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.cn-northwest-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "cn.com.amazonaws.vpce", }, "eu-central-1": { @@ -1048,20 +810,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-central-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-central-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-central-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-central-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-central-2": { @@ -1107,20 +855,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-central-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-central-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-central-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-central-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-isoe-west-1": { @@ -1166,20 +900,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-iso-e", "s3StaticWebsiteEndpoint": "s3-website.eu-isoe-west-1.cloud.adc-e.uk", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-isoe-west-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-isoe-west-1.cloud.adc-e.uk", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-isoe-west-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "uk.adc-e.cloud.vpce", }, "eu-north-1": { @@ -1225,20 +945,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-north-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-north-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-north-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-north-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-south-1": { @@ -1284,20 +990,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-south-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-south-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-south-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-south-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-south-2": { @@ -1343,20 +1035,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-south-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-south-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-south-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-south-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-west-1": { @@ -1402,20 +1080,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-eu-west-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-west-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-west-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-west-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-west-2": { @@ -1461,20 +1125,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-west-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-west-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-west-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-west-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "eu-west-3": { @@ -1520,20 +1170,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.eu-west-3.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.eu-west-3.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.eu-west-3.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.eu-west-3.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "il-central-1": { @@ -1579,20 +1215,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.il-central-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.il-central-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.il-central-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.il-central-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "me-central-1": { @@ -1638,20 +1260,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.me-central-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.me-central-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.me-central-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.me-central-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "me-south-1": { @@ -1697,20 +1305,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.me-south-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.me-south-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.me-south-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.me-south-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "mx-central-1": { @@ -1756,20 +1350,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.mx-central-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.mx-central-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.mx-central-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.mx-central-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "sa-east-1": { @@ -1815,20 +1395,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-sa-east-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.sa-east-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.sa-east-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.sa-east-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-east-1": { @@ -1874,20 +1440,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-us-east-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-east-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-east-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-east-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-east-2": { @@ -1933,20 +1485,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website.us-east-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-east-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-east-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-east-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-gov-east-1": { @@ -1992,20 +1530,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-us-gov", "s3StaticWebsiteEndpoint": "s3-website.us-gov-east-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-gov-east-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-gov-east-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-gov-east-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-gov-west-1": { @@ -2051,20 +1575,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-us-gov", "s3StaticWebsiteEndpoint": "s3-website-us-gov-west-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-gov-west-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-gov-west-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-gov-west-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-iso-east-1": { @@ -2110,20 +1620,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-iso", "s3StaticWebsiteEndpoint": "s3-website.us-iso-east-1.c2s.ic.gov", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-iso-east-1.c2s.ic.gov", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "gov.ic.c2s.vpce", }, "us-iso-west-1": { @@ -2169,20 +1665,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-iso", "s3StaticWebsiteEndpoint": "s3-website.us-iso-west-1.c2s.ic.gov", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-iso-west-1.c2s.ic.gov", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "gov.ic.c2s.vpce", }, "us-isob-east-1": { @@ -2228,20 +1710,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws-iso-b", "s3StaticWebsiteEndpoint": "s3-website.us-isob-east-1.sc2s.sgov.gov", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-isob-east-1.sc2s.sgov.gov", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "gov.sgov.sc2s.vpce", }, "us-west-1": { @@ -2287,20 +1755,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-us-west-1.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-west-1.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-west-1.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-west-1.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, "us-west-2": { @@ -2346,20 +1800,6 @@ exports[`built-in data is correct 1`] = ` }, "partition": "aws", "s3StaticWebsiteEndpoint": "s3-website-us-west-2.amazonaws.com", - "servicePrincipals": { - "application-autoscaling": "application-autoscaling.amazonaws.com", - "autoscaling": "autoscaling.amazonaws.com", - "codedeploy": "codedeploy.us-west-2.amazonaws.com", - "ec2": "ec2.amazonaws.com", - "events": "events.amazonaws.com", - "lambda": "lambda.amazonaws.com", - "logs": "logs.us-west-2.amazonaws.com", - "s3": "s3.amazonaws.com", - "sns": "sns.amazonaws.com", - "sqs": "sqs.amazonaws.com", - "ssm": "ssm.amazonaws.com", - "states": "states.us-west-2.amazonaws.com", - }, "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce", }, } diff --git a/packages/aws-cdk-lib/region-info/test/region-info.test.ts b/packages/aws-cdk-lib/region-info/test/region-info.test.ts index e32147ab020a4..8adc82b0d6b0b 100644 --- a/packages/aws-cdk-lib/region-info/test/region-info.test.ts +++ b/packages/aws-cdk-lib/region-info/test/region-info.test.ts @@ -1,20 +1,17 @@ import { APPCONFIG_LAMBDA_LAYER_ARNS, CLOUDWATCH_LAMBDA_INSIGHTS_ARNS } from '../build-tools/fact-tables'; import { FactName, RegionInfo } from '../lib'; -import { AWS_REGIONS, AWS_SERVICES } from '../lib/aws-entities'; +import { AWS_REGIONS } from '../lib/aws-entities'; test('built-in data is correct', () => { const snapshot: any = {}; for (const name of AWS_REGIONS) { const region = RegionInfo.get(name); - const servicePrincipals: { [service: string]: string | undefined } = {}; const lambdaInsightsVersions: { [service: string]: string | undefined } = {}; const lambdaInsightsArmVersions: { [service: string]: string | undefined } = {}; const appConfigLayerVersions: { [service: string]: string | undefined } = {}; const appConfigLayerArmVersions: { [service: string]: string | undefined } = {}; - AWS_SERVICES.forEach(service => servicePrincipals[service] = region.servicePrincipal(service)); - for (const version in CLOUDWATCH_LAMBDA_INSIGHTS_ARNS) { lambdaInsightsVersions[version] = region.cloudwatchLambdaInsightsArn(version); @@ -36,7 +33,6 @@ test('built-in data is correct', () => { partition: region.partition, s3StaticWebsiteEndpoint: region.s3StaticWebsiteEndpoint, vpcEndPointServiceNamePrefix: region.vpcEndpointServiceNamePrefix, - servicePrincipals, lambdaInsightsVersions, lambdaInsightsArmVersions, appConfigLayerVersions, diff --git a/scripts/check-region-info-compatibility.ts b/scripts/check-region-info-compatibility.ts index 175c82b8e215a..f9886c09c615b 100644 --- a/scripts/check-region-info-compatibility.ts +++ b/scripts/check-region-info-compatibility.ts @@ -21,6 +21,14 @@ function main(oldPackage: string, newPackage: string) { const disappearedFacts = oldFacts .filter((oldFact) => !newFacts.some((newFact) => factEq(oldFact, newFact))) .map((fact) => ({ fact, key: `${fact[0]}:${fact[1]}` })) + // This mapping is generated dynamically at build time and the values in the mapping + // aren't accessed directly by users. + // This change updates the handling and generation of service principals but does not + // remove the ability of users to utilize them. The mapping is unnecessary. + // While we could have just added these to the file tracking allowed breaking changes, + // that seemed like it would clutter that file excessively rather than adding this check. + // We can remove this after the next release, if we feel so inclined. + .filter(({ key }) => !key.includes('service-principal')) .filter(({ key }) => !allowedBreaks.has(key)); if (disappearedFacts.length > 0) {