From ea087aa02ec091eed4dc7240f546bc443e1afd6e Mon Sep 17 00:00:00 2001 From: Lorenz Vanthillo Date: Sat, 4 Apr 2026 20:36:59 +0200 Subject: [PATCH 1/4] feat(codebuild): add CodeConnections auth support for GitHub source --- .../aws-cdk-lib/aws-codebuild/lib/source.ts | 31 ++++ .../aws-codebuild/test/project.test.ts | 132 ++++++++++++++++++ 2 files changed, 163 insertions(+) diff --git a/packages/aws-cdk-lib/aws-codebuild/lib/source.ts b/packages/aws-cdk-lib/aws-codebuild/lib/source.ts index 06c788622f2c3..54e6ee75d832d 100644 --- a/packages/aws-cdk-lib/aws-codebuild/lib/source.ts +++ b/packages/aws-cdk-lib/aws-codebuild/lib/source.ts @@ -762,6 +762,20 @@ export interface GitHubSourceProps extends CommonGithubSourceProps { * @default undefined will create an organization webhook */ readonly repo?: string; + + /** + * The ARN of the CodeConnections connection to use for authentication. + * + * When provided, the source will use CodeConnections (GitHub App) authentication + * instead of the default OAuth or personal access token credentials. + * + * The required IAM permissions for the connection will be automatically granted + * to the project's role. + * + * @see https://docs.aws.amazon.com/codebuild/latest/userguide/connections-github-app.html + * @default - the source will use the default credentials configured for GitHub in the account + */ + readonly connectionArn?: string; } /** @@ -771,20 +785,37 @@ class GitHubSource extends CommonGithubSource { public readonly type = GITHUB_SOURCE_TYPE; private readonly sourceLocation: string; private readonly organization?: string; + private readonly connectionArn?: string; protected readonly webhookFilters: FilterGroup[]; constructor(props: GitHubSourceProps) { super(props); this.organization = props.repo === undefined ? props.owner : undefined; this.webhookFilters = props.webhookFilters ?? (this.organization ? [FilterGroup.inEventOf(EventAction.WORKFLOW_JOB_QUEUED)] : []); this.sourceLocation = this.organization ? 'CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION' : `https://github.com/${props.owner}/${props.repo}.git`; + this.connectionArn = props.connectionArn; } public bind(_scope: Construct, project: IProject): SourceConfig { + if (this.connectionArn) { + project.addToRolePolicy(new iam.PolicyStatement({ + actions: [ + 'codeconnections:UseConnection', + 'codeconnections:GetConnectionToken', + 'codeconnections:GetConnection', + ], + resources: [this.connectionArn], + })); + } + const superConfig = super.bind(_scope, project); return { sourceProperty: { ...superConfig.sourceProperty, location: this.sourceLocation, + auth: this.connectionArn ? { + type: 'CODECONNECTIONS', + resource: this.connectionArn, + } : undefined, }, sourceVersion: superConfig.sourceVersion, buildTriggers: this.organization diff --git a/packages/aws-cdk-lib/aws-codebuild/test/project.test.ts b/packages/aws-cdk-lib/aws-codebuild/test/project.test.ts index 036748bd16de4..c8de22f348374 100644 --- a/packages/aws-cdk-lib/aws-codebuild/test/project.test.ts +++ b/packages/aws-cdk-lib/aws-codebuild/test/project.test.ts @@ -252,6 +252,138 @@ describe('GitHub source', () => { }); }); + test('can create GitHub source with CodeConnections auth', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new codebuild.Project(stack, 'Project', { + source: codebuild.Source.gitHub({ + owner: 'testowner', + repo: 'testrepo', + connectionArn: 'arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id', + webhookFilters: [ + codebuild.FilterGroup.inEventOf(codebuild.EventAction.WORKFLOW_JOB_QUEUED), + ], + }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + Type: 'GITHUB', + Location: 'https://github.com/testowner/testrepo.git', + Auth: { + Type: 'CODECONNECTIONS', + Resource: 'arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id', + }, + }, + Triggers: { + Webhook: true, + FilterGroups: [ + [ + { + Type: 'EVENT', + Pattern: 'WORKFLOW_JOB_QUEUED', + }, + ], + ], + }, + }); + }); + + test('can create organizational webhook with CodeConnections auth', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new codebuild.Project(stack, 'Project', { + source: codebuild.Source.gitHub({ + owner: 'testowner', + connectionArn: 'arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id', + }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + Type: 'GITHUB', + Location: 'CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION', + Auth: { + Type: 'CODECONNECTIONS', + Resource: 'arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id', + }, + }, + Triggers: { + Webhook: true, + ScopeConfiguration: { + Name: 'testowner', + }, + FilterGroups: [ + [ + { + Type: 'EVENT', + Pattern: 'WORKFLOW_JOB_QUEUED', + }, + ], + ], + }, + }); + }); + + test('CodeConnections auth grants required IAM permissions', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new codebuild.Project(stack, 'Project', { + source: codebuild.Source.gitHub({ + owner: 'testowner', + repo: 'testrepo', + connectionArn: 'arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id', + }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ + Match.objectLike({ + Action: [ + 'codeconnections:UseConnection', + 'codeconnections:GetConnectionToken', + 'codeconnections:GetConnection', + ], + Effect: 'Allow', + Resource: 'arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id', + }), + ]), + }, + }); + }); + + test('GitHub source without connectionArn does not set auth', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new codebuild.Project(stack, 'Project', { + source: codebuild.Source.gitHub({ + owner: 'testowner', + repo: 'testrepo', + }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::CodeBuild::Project', { + Source: { + Type: 'GITHUB', + Location: 'https://github.com/testowner/testrepo.git', + Auth: Match.absent(), + }, + }); + }); + test('can be added to a CodePipeline', () => { const stack = new cdk.Stack(); const project = new codebuild.Project(stack, 'Project', { From 19fb110d431bcb7e91762a3f862719722330ddb6 Mon Sep 17 00:00:00 2001 From: Lorenz Vanthillo Date: Sat, 4 Apr 2026 21:02:22 +0200 Subject: [PATCH 2/4] feat(codebuild): tweak permissions + add doc --- packages/aws-cdk-lib/aws-codebuild/README.md | 18 ++++++++++++++++++ .../aws-cdk-lib/aws-codebuild/lib/source.ts | 2 -- .../aws-codebuild/test/project.test.ts | 6 +----- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/packages/aws-cdk-lib/aws-codebuild/README.md b/packages/aws-cdk-lib/aws-codebuild/README.md index 9e06119f06c48..9ab27a6eedbbd 100644 --- a/packages/aws-cdk-lib/aws-codebuild/README.md +++ b/packages/aws-cdk-lib/aws-codebuild/README.md @@ -99,6 +99,24 @@ Example: aws codebuild import-source-credentials --server-type GITHUB --auth-type PERSONAL_ACCESS_TOKEN --token ``` +Alternatively, you can use a CodeConnections connection for GitHub App authentication: + +```ts +const gitHubSource = codebuild.Source.gitHub({ + owner: 'awslabs', + repo: 'aws-cdk', + connectionArn: 'arn:aws:codeconnections:us-east-1:123456789012:connection/your-connection-id', + webhookFilters: [ + codebuild.FilterGroup + .inEventOf(codebuild.EventAction.WORKFLOW_JOB_QUEUED), + ], +}); +``` + +When `connectionArn` is provided, the source uses CodeConnections (GitHub App) authentication +instead of OAuth or personal access token credentials. The required IAM permissions +for the connection are automatically granted to the project's role. + ### `BitBucketSource` This source type can be used to build code from a BitBucket repository. diff --git a/packages/aws-cdk-lib/aws-codebuild/lib/source.ts b/packages/aws-cdk-lib/aws-codebuild/lib/source.ts index 54e6ee75d832d..99c853ca44c85 100644 --- a/packages/aws-cdk-lib/aws-codebuild/lib/source.ts +++ b/packages/aws-cdk-lib/aws-codebuild/lib/source.ts @@ -800,8 +800,6 @@ class GitHubSource extends CommonGithubSource { project.addToRolePolicy(new iam.PolicyStatement({ actions: [ 'codeconnections:UseConnection', - 'codeconnections:GetConnectionToken', - 'codeconnections:GetConnection', ], resources: [this.connectionArn], })); diff --git a/packages/aws-cdk-lib/aws-codebuild/test/project.test.ts b/packages/aws-cdk-lib/aws-codebuild/test/project.test.ts index c8de22f348374..04f47d67cb464 100644 --- a/packages/aws-cdk-lib/aws-codebuild/test/project.test.ts +++ b/packages/aws-cdk-lib/aws-codebuild/test/project.test.ts @@ -349,11 +349,7 @@ describe('GitHub source', () => { PolicyDocument: { Statement: Match.arrayWith([ Match.objectLike({ - Action: [ - 'codeconnections:UseConnection', - 'codeconnections:GetConnectionToken', - 'codeconnections:GetConnection', - ], + Action: 'codeconnections:UseConnection', Effect: 'Allow', Resource: 'arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id', }), From d44a529438ca429d6d3fb358b549ec7487cb07d9 Mon Sep 17 00:00:00 2001 From: Lorenz Vanthillo Date: Sat, 4 Apr 2026 21:20:27 +0200 Subject: [PATCH 3/4] feat(codebuild): add integration tests snapshots --- .../cdk.out | 1 + ...ld-github-codeconnections-auth.assets.json | 20 + ...-github-codeconnections-auth.metadata.json | 62 ++ ...-github-codeconnections-auth.template.json | 683 ++++++++++++++++++ .../integ.json | 13 + .../manifest.json | 481 ++++++++++++ .../tree.json | 1 + .../test/integ.github-codeconnections-auth.ts | 34 + 8 files changed, 1295 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.metadata.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/cdk.out new file mode 100644 index 0000000000000..60aa68e157090 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"53.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.assets.json new file mode 100644 index 0000000000000..bdcca324bef7b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.assets.json @@ -0,0 +1,20 @@ +{ + "version": "53.0.0", + "files": { + "b995985c1658db9952258b0841faec3eeaa0be91e70d925f0ba4598ac241c687": { + "displayName": "codebuild-github-codeconnections-auth Template", + "source": { + "path": "codebuild-github-codeconnections-auth.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region-c218c7ac": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "b995985c1658db9952258b0841faec3eeaa0be91e70d925f0ba4598ac241c687.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.metadata.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.metadata.json new file mode 100644 index 0000000000000..cca66c3db3923 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.metadata.json @@ -0,0 +1,62 @@ +{ + "/codebuild-github-codeconnections-auth/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/codebuild-github-codeconnections-auth/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ], + "/codebuild-github-codeconnections-auth/RepoProject/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RepoProject357CCC8C" + } + ], + "/codebuild-github-codeconnections-auth/OrgProject/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "OrgProject840F54CB" + } + ], + "/codebuild-github-codeconnections-auth/CDKMetadata/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "CDKMetadata" + } + ], + "/codebuild-github-codeconnections-auth/CDKMetadata/Condition": [ + { + "type": "aws:cdk:logicalId", + "data": "CDKMetadataAvailable" + } + ], + "/codebuild-github-codeconnections-auth/RepoProject/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RepoProjectRoleF3B93008" + } + ], + "/codebuild-github-codeconnections-auth/OrgProject/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "OrgProjectRole16B85CF7" + } + ], + "/codebuild-github-codeconnections-auth/RepoProject/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RepoProjectRoleDefaultPolicy90FE5835" + } + ], + "/codebuild-github-codeconnections-auth/OrgProject/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "OrgProjectRoleDefaultPolicy6774B495" + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.template.json new file mode 100644 index 0000000000000..e6283028e26fe --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.template.json @@ -0,0 +1,683 @@ +{ + "Resources": { + "RepoProjectRoleF3B93008": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + }, + "Metadata": { + "aws:cdk:path": "codebuild-github-codeconnections-auth/RepoProject/Role/Resource" + } + }, + "RepoProjectRoleDefaultPolicy90FE5835": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "codeconnections:UseConnection", + "Effect": "Allow", + "Resource": "arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id" + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "RepoProject357CCC8C" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "RepoProject357CCC8C" + }, + ":*" + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:CreateReportGroup", + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + "codebuild:BatchPutCodeCoverages" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", + { + "Ref": "RepoProject357CCC8C" + }, + "-*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "RepoProjectRoleDefaultPolicy90FE5835", + "Roles": [ + { + "Ref": "RepoProjectRoleF3B93008" + } + ] + }, + "Metadata": { + "aws:cdk:path": "codebuild-github-codeconnections-auth/RepoProject/Role/DefaultPolicy/Resource" + } + }, + "RepoProject357CCC8C": { + "Type": "AWS::CodeBuild::Project", + "Properties": { + "Artifacts": { + "Type": "NO_ARTIFACTS" + }, + "Cache": { + "Type": "NO_CACHE" + }, + "EncryptionKey": "alias/aws/s3", + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/standard:7.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "RepoProjectRoleF3B93008", + "Arn" + ] + }, + "Source": { + "Auth": { + "Resource": "arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id", + "Type": "CODECONNECTIONS" + }, + "Location": "https://github.com/awslabs/aws-cdk.git", + "ReportBuildStatus": true, + "Type": "GITHUB" + }, + "Triggers": { + "FilterGroups": [ + [ + { + "Pattern": "WORKFLOW_JOB_QUEUED", + "Type": "EVENT" + } + ] + ], + "Webhook": true + } + }, + "Metadata": { + "aws:cdk:path": "codebuild-github-codeconnections-auth/RepoProject/Resource" + } + }, + "OrgProjectRole16B85CF7": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + }, + "Metadata": { + "aws:cdk:path": "codebuild-github-codeconnections-auth/OrgProject/Role/Resource" + } + }, + "OrgProjectRoleDefaultPolicy6774B495": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "codeconnections:UseConnection", + "Effect": "Allow", + "Resource": "arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id" + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "OrgProject840F54CB" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "OrgProject840F54CB" + }, + ":*" + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:CreateReportGroup", + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + "codebuild:BatchPutCodeCoverages" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", + { + "Ref": "OrgProject840F54CB" + }, + "-*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "OrgProjectRoleDefaultPolicy6774B495", + "Roles": [ + { + "Ref": "OrgProjectRole16B85CF7" + } + ] + }, + "Metadata": { + "aws:cdk:path": "codebuild-github-codeconnections-auth/OrgProject/Role/DefaultPolicy/Resource" + } + }, + "OrgProject840F54CB": { + "Type": "AWS::CodeBuild::Project", + "Properties": { + "Artifacts": { + "Type": "NO_ARTIFACTS" + }, + "Cache": { + "Type": "NO_CACHE" + }, + "EncryptionKey": "alias/aws/s3", + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/standard:7.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "OrgProjectRole16B85CF7", + "Arn" + ] + }, + "Source": { + "Auth": { + "Resource": "arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id", + "Type": "CODECONNECTIONS" + }, + "Location": "CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION", + "ReportBuildStatus": true, + "Type": "GITHUB" + }, + "Triggers": { + "FilterGroups": [ + [ + { + "Pattern": "WORKFLOW_JOB_QUEUED", + "Type": "EVENT" + } + ] + ], + "ScopeConfiguration": { + "Name": "awslabs" + }, + "Webhook": true + } + }, + "Metadata": { + "aws:cdk:path": "codebuild-github-codeconnections-auth/OrgProject/Resource" + } + }, + "CDKMetadata": { + "Type": "AWS::CDK::Metadata", + "Properties": { + "Analytics": "v2:deflate64:H4sIAAAAAAAA/8vLT0nVyyrWLzMy1bPQM1LMKs7M1C0qzSvJzE3VC4LQAOJoAOokAAAA" + }, + "Metadata": { + "aws:cdk:path": "codebuild-github-codeconnections-auth/CDKMetadata/Default" + }, + "Condition": "CDKMetadataAvailable" + } + }, + "Conditions": { + "CDKMetadataAvailable": { + "Fn::Or": [ + { + "Fn::Or": [ + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "af-south-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ap-east-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ap-northeast-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ap-northeast-2" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ap-northeast-3" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ap-south-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ap-south-2" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ap-southeast-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ap-southeast-2" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ap-southeast-3" + ] + } + ] + }, + { + "Fn::Or": [ + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ap-southeast-4" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ca-central-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "ca-west-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "cn-north-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "cn-northwest-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "eu-central-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "eu-central-2" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "eu-north-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "eu-south-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "eu-south-2" + ] + } + ] + }, + { + "Fn::Or": [ + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "eu-west-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "eu-west-2" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "eu-west-3" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "il-central-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "me-central-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "me-south-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "sa-east-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "us-east-1" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "us-east-2" + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "us-west-1" + ] + } + ] + }, + { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "us-west-2" + ] + } + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/integ.json new file mode 100644 index 0000000000000..62dd5313572f7 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "38.0.1", + "testCases": { + "codebuild-github-codeconnections-auth-integ/DefaultTest": { + "stacks": [ + "codebuild-github-codeconnections-auth" + ], + "stackUpdateWorkflow": true, + "assertionStack": "codebuild-github-codeconnections-auth-integ/DefaultTest/DeployAssert", + "assertionStackName": "codebuildgithubcodeconnectionsauthintegDefaultTestDeployAssert4D14EB29" + } + } +} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/manifest.json new file mode 100644 index 0000000000000..013c1d4a45726 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/manifest.json @@ -0,0 +1,481 @@ +{ + "version": "53.0.0", + "artifacts": { + "codebuild-github-codeconnections-auth.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "codebuild-github-codeconnections-auth.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "codebuild-github-codeconnections-auth": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "codebuild-github-codeconnections-auth.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b995985c1658db9952258b0841faec3eeaa0be91e70d925f0ba4598ac241c687.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "codebuild-github-codeconnections-auth.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "codebuild-github-codeconnections-auth.assets" + ], + "additionalMetadataFile": "codebuild-github-codeconnections-auth.metadata.json", + "displayName": "codebuild-github-codeconnections-auth" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-lib/feature-flag-report": { + "type": "cdk:feature-flag-report", + "properties": { + "module": "aws-cdk-lib", + "flags": { + "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "recommendedValue": true, + "explanation": "Pass signingProfileName to CfnSigningProfile" + }, + "@aws-cdk/core:newStyleStackSynthesis": { + "recommendedValue": true, + "explanation": "Switch to new stack synthesis method which enables CI/CD", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:stackRelativeExports": { + "recommendedValue": true, + "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "recommendedValue": true, + "explanation": "Disable implicit openListener when custom security groups are provided" + }, + "@aws-cdk/aws-rds:lowercaseDbIdentifier": { + "recommendedValue": true, + "explanation": "Force lowercasing of RDS Cluster names in CDK", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { + "recommendedValue": true, + "explanation": "Allow adding/removing multiple UsagePlanKeys independently", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeVersionProps": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-lambda:recognizeLayerVersion": { + "recommendedValue": true, + "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." + }, + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:checkSecretUsage": { + "recommendedValue": true, + "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" + }, + "@aws-cdk/core:target-partitions": { + "recommendedValue": [ + "aws", + "aws-cn" + ], + "explanation": "What regions to include in lookup tables of environment agnostic stacks" + }, + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { + "recommendedValue": true, + "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" + }, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { + "recommendedValue": true, + "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." + }, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { + "recommendedValue": true, + "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." + }, + "@aws-cdk/aws-iam:minimizePolicies": { + "recommendedValue": true, + "explanation": "Minimize IAM policies by combining Statements" + }, + "@aws-cdk/core:validateSnapshotRemovalPolicy": { + "recommendedValue": true, + "explanation": "Error on snapshot removal policies on resources that do not support it." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { + "recommendedValue": true, + "explanation": "Generate key aliases that include the stack name" + }, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { + "recommendedValue": true, + "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." + }, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { + "recommendedValue": true, + "explanation": "Restrict KMS key policy for encrypted Queues a bit more" + }, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": { + "recommendedValue": true, + "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" + }, + "@aws-cdk/core:enablePartitionLiterals": { + "recommendedValue": true, + "explanation": "Make ARNs concrete if AWS partition is known" + }, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { + "recommendedValue": true, + "explanation": "Event Rules may only push to encrypted SQS queues in the same account" + }, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { + "recommendedValue": true, + "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" + }, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { + "recommendedValue": true, + "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in." + }, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { + "recommendedValue": true, + "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" + }, + "@aws-cdk/aws-route53-patters:useCertificate": { + "recommendedValue": true, + "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" + }, + "@aws-cdk/customresources:installLatestAwsSdkDefault": { + "recommendedValue": false, + "explanation": "Whether to install the latest SDK by default in AwsCustomResource" + }, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { + "recommendedValue": true, + "explanation": "Use unique resource name for Database Proxy" + }, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { + "recommendedValue": true, + "explanation": "Remove CloudWatch alarms from deployment group" + }, + "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { + "recommendedValue": true, + "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." + }, + "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { + "recommendedValue": true, + "explanation": "Define user data for a launch template by default when a machine image is provided." + }, + "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { + "recommendedValue": true, + "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." + }, + "@aws-cdk/aws-redshift:columnId": { + "recommendedValue": true, + "explanation": "Whether to use an ID to track Redshift column changes" + }, + "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { + "recommendedValue": true, + "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" + }, + "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { + "recommendedValue": true, + "explanation": "Restrict access to the VPC default security group" + }, + "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { + "recommendedValue": true, + "explanation": "Generate a unique id for each RequestValidator added to a method" + }, + "@aws-cdk/aws-kms:aliasNameRef": { + "recommendedValue": true, + "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" + }, + "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { + "recommendedValue": true, + "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" + }, + "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { + "recommendedValue": true, + "explanation": "Generate a launch template when creating an AutoScalingGroup" + }, + "@aws-cdk/core:includePrefixInUniqueNameGeneration": { + "recommendedValue": true, + "explanation": "Include the stack prefix in the stack name generation process" + }, + "@aws-cdk/aws-efs:denyAnonymousAccess": { + "recommendedValue": true, + "explanation": "EFS denies anonymous clients accesses" + }, + "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { + "recommendedValue": true, + "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" + }, + "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { + "recommendedValue": true, + "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" + }, + "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { + "recommendedValue": true, + "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." + }, + "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { + "recommendedValue": true, + "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." + }, + "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { + "recommendedValue": true, + "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." + }, + "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { + "recommendedValue": true, + "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." + }, + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { + "recommendedValue": true, + "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." + }, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { + "recommendedValue": true, + "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." + }, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." + }, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { + "recommendedValue": true, + "explanation": "Enables Pipeline to set the default pipeline type to V2." + }, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { + "recommendedValue": true, + "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." + }, + "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-eks:nodegroupNameAttribute": { + "recommendedValue": true, + "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." + }, + "@aws-cdk/aws-eks:useNativeOidcProvider": { + "recommendedValue": true, + "explanation": "When enabled, EKS V2 clusters will use the native OIDC provider resource AWS::IAM::OIDCProvider instead of creating the OIDCProvider with a custom resource (iam.OpenIDConnectProvider)." + }, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { + "recommendedValue": true, + "explanation": "When enabled, the default volume type of the EBS volume will be GP3" + }, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { + "recommendedValue": true, + "explanation": "When enabled, remove default deployment alarm settings" + }, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { + "recommendedValue": false, + "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" + }, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { + "recommendedValue": false, + "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." + }, + "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { + "recommendedValue": true, + "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/core:explicitStackTags": { + "recommendedValue": true, + "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." + }, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { + "recommendedValue": true, + "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" + }, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { + "recommendedValue": true, + "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" + }, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { + "recommendedValue": true, + "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." + }, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { + "recommendedValue": true, + "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." + }, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { + "recommendedValue": true, + "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" + }, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { + "recommendedValue": true, + "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." + }, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { + "recommendedValue": true, + "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." + }, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { + "recommendedValue": true, + "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." + }, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { + "recommendedValue": true, + "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." + }, + "@aws-cdk/core:aspectStabilization": { + "recommendedValue": true, + "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { + "recommendedValue": true, + "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." + }, + "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { + "recommendedValue": true, + "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" + }, + "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { + "recommendedValue": true, + "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" + }, + "@aws-cdk/core:enableAdditionalMetadataCollection": { + "recommendedValue": true, + "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." + }, + "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { + "recommendedValue": false, + "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" + }, + "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { + "recommendedValue": true, + "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." + }, + "@aws-cdk/pipelines:reduceStageRoleTrustScope": { + "recommendedValue": true, + "explanation": "Remove the root account principal from Stage addActions trust policy", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-events:requireEventBusPolicySid": { + "recommendedValue": true, + "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." + }, + "@aws-cdk/core:aspectPrioritiesMutating": { + "recommendedValue": true, + "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." + }, + "@aws-cdk/aws-dynamodb:retainTableReplica": { + "recommendedValue": true, + "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." + }, + "@aws-cdk/cognito:logUserPoolClientSecretValue": { + "recommendedValue": false, + "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." + }, + "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { + "recommendedValue": true, + "explanation": "When enabled, scopes down the trust policy for the cross-account action role", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { + "recommendedValue": true, + "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" + }, + "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { + "recommendedValue": true, + "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." + }, + "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { + "recommendedValue": true, + "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." + }, + "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { + "recommendedValue": false, + "explanation": "When enabled, use resource IDs for VPC V2 migration" + }, + "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { + "recommendedValue": true, + "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." + }, + "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { + "recommendedValue": true, + "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + }, + "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { + "recommendedValue": true, + "explanation": "When enabled, Network Load Balancer will be created with a security group by default." + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { + "recommendedValue": true, + "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" + }, + "@aws-cdk/aws-route53-patterns:useDistribution": { + "recommendedValue": true, + "explanation": "Use the `Distribution` resource instead of `CloudFrontWebDistribution`" + }, + "@aws-cdk/aws-cloudfront:defaultFunctionRuntimeV2_0": { + "recommendedValue": true, + "explanation": "Use cloudfront-js-2.0 as the default runtime for CloudFront Functions" + }, + "@aws-cdk/aws-elasticloadbalancingv2:usePostQuantumTlsPolicy": { + "recommendedValue": true, + "explanation": "When enabled, HTTPS/TLS listeners use post-quantum TLS policy by default" + }, + "@aws-cdk/core:automaticL1Traits": { + "recommendedValue": true, + "explanation": "Automatically use the default L1 traits for L1 constructs`", + "unconfiguredBehavesLike": { + "v2": true + } + } + } + } + } + }, + "minimumCliVersion": "2.1108.0" +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/tree.json new file mode 100644 index 0000000000000..7e7ecf82ef156 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/tree.json @@ -0,0 +1 @@ +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"codebuild-github-codeconnections-auth":{"id":"codebuild-github-codeconnections-auth","path":"codebuild-github-codeconnections-auth","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"RepoProject":{"id":"RepoProject","path":"codebuild-github-codeconnections-auth/RepoProject","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Role":{"id":"Role","path":"codebuild-github-codeconnections-auth/RepoProject/Role","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/RepoProject/Role/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"codebuild.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"codebuild-github-codeconnections-auth/RepoProject/Role/DefaultPolicy","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/RepoProject/Role/DefaultPolicy/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"codeconnections:UseConnection","Effect":"Allow","Resource":"arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id"},{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/codebuild/",{"Ref":"RepoProject357CCC8C"}]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/codebuild/",{"Ref":"RepoProject357CCC8C"},":*"]]}]},{"Action":["codebuild:CreateReportGroup","codebuild:CreateReport","codebuild:UpdateReport","codebuild:BatchPutTestCases","codebuild:BatchPutCodeCoverages"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":codebuild:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":report-group/",{"Ref":"RepoProject357CCC8C"},"-*"]]}}],"Version":"2012-10-17"},"policyName":"RepoProjectRoleDefaultPolicy90FE5835","roles":[{"Ref":"RepoProjectRoleF3B93008"}]}}}}}}},"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/RepoProject/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CodeBuild::Project","aws:cdk:cloudformation:props":{"artifacts":{"type":"NO_ARTIFACTS"},"cache":{"type":"NO_CACHE"},"encryptionKey":"alias/aws/s3","environment":{"type":"LINUX_CONTAINER","image":"aws/codebuild/standard:7.0","imagePullCredentialsType":"CODEBUILD","privilegedMode":false,"computeType":"BUILD_GENERAL1_SMALL"},"serviceRole":{"Fn::GetAtt":["RepoProjectRoleF3B93008","Arn"]},"source":{"type":"GITHUB","reportBuildStatus":true,"location":"https://github.com/awslabs/aws-cdk.git","auth":{"type":"CODECONNECTIONS","resource":"arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id"}},"triggers":{"webhook":true,"filterGroups":[[{"type":"EVENT","pattern":"WORKFLOW_JOB_QUEUED"}]]}}}}}},"OrgProject":{"id":"OrgProject","path":"codebuild-github-codeconnections-auth/OrgProject","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Role":{"id":"Role","path":"codebuild-github-codeconnections-auth/OrgProject/Role","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/OrgProject/Role/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"codebuild.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"codebuild-github-codeconnections-auth/OrgProject/Role/DefaultPolicy","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/OrgProject/Role/DefaultPolicy/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"codeconnections:UseConnection","Effect":"Allow","Resource":"arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id"},{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/codebuild/",{"Ref":"OrgProject840F54CB"}]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/codebuild/",{"Ref":"OrgProject840F54CB"},":*"]]}]},{"Action":["codebuild:CreateReportGroup","codebuild:CreateReport","codebuild:UpdateReport","codebuild:BatchPutTestCases","codebuild:BatchPutCodeCoverages"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":codebuild:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":report-group/",{"Ref":"OrgProject840F54CB"},"-*"]]}}],"Version":"2012-10-17"},"policyName":"OrgProjectRoleDefaultPolicy6774B495","roles":[{"Ref":"OrgProjectRole16B85CF7"}]}}}}}}},"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/OrgProject/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CodeBuild::Project","aws:cdk:cloudformation:props":{"artifacts":{"type":"NO_ARTIFACTS"},"cache":{"type":"NO_CACHE"},"encryptionKey":"alias/aws/s3","environment":{"type":"LINUX_CONTAINER","image":"aws/codebuild/standard:7.0","imagePullCredentialsType":"CODEBUILD","privilegedMode":false,"computeType":"BUILD_GENERAL1_SMALL"},"serviceRole":{"Fn::GetAtt":["OrgProjectRole16B85CF7","Arn"]},"source":{"type":"GITHUB","reportBuildStatus":true,"location":"CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION","auth":{"type":"CODECONNECTIONS","resource":"arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id"}},"triggers":{"webhook":true,"filterGroups":[[{"type":"EVENT","pattern":"WORKFLOW_JOB_QUEUED"}]],"scopeConfiguration":{"name":"awslabs"}}}}}}},"CDKMetadata":{"id":"CDKMetadata","path":"codebuild-github-codeconnections-auth/CDKMetadata","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Default":{"id":"Default","path":"codebuild-github-codeconnections-auth/CDKMetadata/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}},"Condition":{"id":"Condition","path":"codebuild-github-codeconnections-auth/CDKMetadata/Condition","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"codebuild-github-codeconnections-auth/BootstrapVersion","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"codebuild-github-codeconnections-auth/CheckBootstrapVersion","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.ts new file mode 100644 index 0000000000000..ef4f7bff673e3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.ts @@ -0,0 +1,34 @@ +import * as cdk from 'aws-cdk-lib'; +import * as codebuild from 'aws-cdk-lib/aws-codebuild'; + +class GitHubCodeConnectionsAuthTestStack extends cdk.Stack { + constructor(scope: cdk.App, id: string) { + super(scope, id); + + // Repository-level source with CodeConnections auth + new codebuild.Project(this, 'RepoProject', { + source: codebuild.Source.gitHub({ + owner: 'awslabs', + repo: 'aws-cdk', + connectionArn: 'arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id', + webhookFilters: [ + codebuild.FilterGroup.inEventOf(codebuild.EventAction.WORKFLOW_JOB_QUEUED), + ], + }), + }); + + // Organization-level source with CodeConnections auth + new codebuild.Project(this, 'OrgProject', { + source: codebuild.Source.gitHub({ + owner: 'awslabs', + connectionArn: 'arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id', + }), + }); + } +} + +const app = new cdk.App(); + +new GitHubCodeConnectionsAuthTestStack(app, 'codebuild-github-codeconnections-auth'); + +app.synth(); From 8408146a99294352de9fd59b5aeb94df0e3fdbc3 Mon Sep 17 00:00:00 2001 From: Lorenz Vanthillo Date: Sat, 4 Apr 2026 22:02:29 +0200 Subject: [PATCH 4/4] feat(codebuild): remove snapshots --- .../cdk.out | 1 - ...ld-github-codeconnections-auth.assets.json | 20 - ...-github-codeconnections-auth.metadata.json | 62 -- ...-github-codeconnections-auth.template.json | 683 ------------------ .../integ.json | 13 - .../manifest.json | 481 ------------ .../tree.json | 1 - 7 files changed, 1261 deletions(-) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.assets.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.metadata.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.template.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/tree.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/cdk.out deleted file mode 100644 index 60aa68e157090..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"53.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.assets.json deleted file mode 100644 index bdcca324bef7b..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.assets.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "version": "53.0.0", - "files": { - "b995985c1658db9952258b0841faec3eeaa0be91e70d925f0ba4598ac241c687": { - "displayName": "codebuild-github-codeconnections-auth Template", - "source": { - "path": "codebuild-github-codeconnections-auth.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region-c218c7ac": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b995985c1658db9952258b0841faec3eeaa0be91e70d925f0ba4598ac241c687.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.metadata.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.metadata.json deleted file mode 100644 index cca66c3db3923..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.metadata.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "/codebuild-github-codeconnections-auth/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/codebuild-github-codeconnections-auth/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ], - "/codebuild-github-codeconnections-auth/RepoProject/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "RepoProject357CCC8C" - } - ], - "/codebuild-github-codeconnections-auth/OrgProject/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "OrgProject840F54CB" - } - ], - "/codebuild-github-codeconnections-auth/CDKMetadata/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "CDKMetadata" - } - ], - "/codebuild-github-codeconnections-auth/CDKMetadata/Condition": [ - { - "type": "aws:cdk:logicalId", - "data": "CDKMetadataAvailable" - } - ], - "/codebuild-github-codeconnections-auth/RepoProject/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "RepoProjectRoleF3B93008" - } - ], - "/codebuild-github-codeconnections-auth/OrgProject/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "OrgProjectRole16B85CF7" - } - ], - "/codebuild-github-codeconnections-auth/RepoProject/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "RepoProjectRoleDefaultPolicy90FE5835" - } - ], - "/codebuild-github-codeconnections-auth/OrgProject/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "OrgProjectRoleDefaultPolicy6774B495" - } - ] -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.template.json deleted file mode 100644 index e6283028e26fe..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/codebuild-github-codeconnections-auth.template.json +++ /dev/null @@ -1,683 +0,0 @@ -{ - "Resources": { - "RepoProjectRoleF3B93008": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - }, - "Metadata": { - "aws:cdk:path": "codebuild-github-codeconnections-auth/RepoProject/Role/Resource" - } - }, - "RepoProjectRoleDefaultPolicy90FE5835": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "codeconnections:UseConnection", - "Effect": "Allow", - "Resource": "arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "RepoProject357CCC8C" - } - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "RepoProject357CCC8C" - }, - ":*" - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", - "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "RepoProject357CCC8C" - }, - "-*" - ] - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "RepoProjectRoleDefaultPolicy90FE5835", - "Roles": [ - { - "Ref": "RepoProjectRoleF3B93008" - } - ] - }, - "Metadata": { - "aws:cdk:path": "codebuild-github-codeconnections-auth/RepoProject/Role/DefaultPolicy/Resource" - } - }, - "RepoProject357CCC8C": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "NO_ARTIFACTS" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": "alias/aws/s3", - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "RepoProjectRoleF3B93008", - "Arn" - ] - }, - "Source": { - "Auth": { - "Resource": "arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id", - "Type": "CODECONNECTIONS" - }, - "Location": "https://github.com/awslabs/aws-cdk.git", - "ReportBuildStatus": true, - "Type": "GITHUB" - }, - "Triggers": { - "FilterGroups": [ - [ - { - "Pattern": "WORKFLOW_JOB_QUEUED", - "Type": "EVENT" - } - ] - ], - "Webhook": true - } - }, - "Metadata": { - "aws:cdk:path": "codebuild-github-codeconnections-auth/RepoProject/Resource" - } - }, - "OrgProjectRole16B85CF7": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - }, - "Metadata": { - "aws:cdk:path": "codebuild-github-codeconnections-auth/OrgProject/Role/Resource" - } - }, - "OrgProjectRoleDefaultPolicy6774B495": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "codeconnections:UseConnection", - "Effect": "Allow", - "Resource": "arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "OrgProject840F54CB" - } - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":logs:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":log-group:/aws/codebuild/", - { - "Ref": "OrgProject840F54CB" - }, - ":*" - ] - ] - } - ] - }, - { - "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", - "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":codebuild:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":report-group/", - { - "Ref": "OrgProject840F54CB" - }, - "-*" - ] - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "OrgProjectRoleDefaultPolicy6774B495", - "Roles": [ - { - "Ref": "OrgProjectRole16B85CF7" - } - ] - }, - "Metadata": { - "aws:cdk:path": "codebuild-github-codeconnections-auth/OrgProject/Role/DefaultPolicy/Resource" - } - }, - "OrgProject840F54CB": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Artifacts": { - "Type": "NO_ARTIFACTS" - }, - "Cache": { - "Type": "NO_CACHE" - }, - "EncryptionKey": "alias/aws/s3", - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER" - }, - "ServiceRole": { - "Fn::GetAtt": [ - "OrgProjectRole16B85CF7", - "Arn" - ] - }, - "Source": { - "Auth": { - "Resource": "arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id", - "Type": "CODECONNECTIONS" - }, - "Location": "CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION", - "ReportBuildStatus": true, - "Type": "GITHUB" - }, - "Triggers": { - "FilterGroups": [ - [ - { - "Pattern": "WORKFLOW_JOB_QUEUED", - "Type": "EVENT" - } - ] - ], - "ScopeConfiguration": { - "Name": "awslabs" - }, - "Webhook": true - } - }, - "Metadata": { - "aws:cdk:path": "codebuild-github-codeconnections-auth/OrgProject/Resource" - } - }, - "CDKMetadata": { - "Type": "AWS::CDK::Metadata", - "Properties": { - "Analytics": "v2:deflate64:H4sIAAAAAAAA/8vLT0nVyyrWLzMy1bPQM1LMKs7M1C0qzSvJzE3VC4LQAOJoAOokAAAA" - }, - "Metadata": { - "aws:cdk:path": "codebuild-github-codeconnections-auth/CDKMetadata/Default" - }, - "Condition": "CDKMetadataAvailable" - } - }, - "Conditions": { - "CDKMetadataAvailable": { - "Fn::Or": [ - { - "Fn::Or": [ - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "af-south-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ap-east-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ap-northeast-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ap-northeast-2" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ap-northeast-3" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ap-south-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ap-south-2" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ap-southeast-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ap-southeast-2" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ap-southeast-3" - ] - } - ] - }, - { - "Fn::Or": [ - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ap-southeast-4" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ca-central-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "ca-west-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "cn-north-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "cn-northwest-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "eu-central-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "eu-central-2" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "eu-north-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "eu-south-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "eu-south-2" - ] - } - ] - }, - { - "Fn::Or": [ - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "eu-west-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "eu-west-2" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "eu-west-3" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "il-central-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "me-central-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "me-south-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "sa-east-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "us-east-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "us-east-2" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "us-west-1" - ] - } - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "us-west-2" - ] - } - ] - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/integ.json deleted file mode 100644 index 62dd5313572f7..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/integ.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "version": "38.0.1", - "testCases": { - "codebuild-github-codeconnections-auth-integ/DefaultTest": { - "stacks": [ - "codebuild-github-codeconnections-auth" - ], - "stackUpdateWorkflow": true, - "assertionStack": "codebuild-github-codeconnections-auth-integ/DefaultTest/DeployAssert", - "assertionStackName": "codebuildgithubcodeconnectionsauthintegDefaultTestDeployAssert4D14EB29" - } - } -} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/manifest.json deleted file mode 100644 index 013c1d4a45726..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/manifest.json +++ /dev/null @@ -1,481 +0,0 @@ -{ - "version": "53.0.0", - "artifacts": { - "codebuild-github-codeconnections-auth.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "codebuild-github-codeconnections-auth.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "codebuild-github-codeconnections-auth": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "codebuild-github-codeconnections-auth.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b995985c1658db9952258b0841faec3eeaa0be91e70d925f0ba4598ac241c687.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "codebuild-github-codeconnections-auth.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "codebuild-github-codeconnections-auth.assets" - ], - "additionalMetadataFile": "codebuild-github-codeconnections-auth.metadata.json", - "displayName": "codebuild-github-codeconnections-auth" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "aws-cdk-lib/feature-flag-report": { - "type": "cdk:feature-flag-report", - "properties": { - "module": "aws-cdk-lib", - "flags": { - "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { - "recommendedValue": true, - "explanation": "Pass signingProfileName to CfnSigningProfile" - }, - "@aws-cdk/core:newStyleStackSynthesis": { - "recommendedValue": true, - "explanation": "Switch to new stack synthesis method which enables CI/CD", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/core:stackRelativeExports": { - "recommendedValue": true, - "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { - "recommendedValue": true, - "explanation": "Disable implicit openListener when custom security groups are provided" - }, - "@aws-cdk/aws-rds:lowercaseDbIdentifier": { - "recommendedValue": true, - "explanation": "Force lowercasing of RDS Cluster names in CDK", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": { - "recommendedValue": true, - "explanation": "Allow adding/removing multiple UsagePlanKeys independently", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/aws-lambda:recognizeVersionProps": { - "recommendedValue": true, - "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/aws-lambda:recognizeLayerVersion": { - "recommendedValue": true, - "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`." - }, - "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": { - "recommendedValue": true, - "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/core:checkSecretUsage": { - "recommendedValue": true, - "explanation": "Enable this flag to make it impossible to accidentally use SecretValues in unsafe locations" - }, - "@aws-cdk/core:target-partitions": { - "recommendedValue": [ - "aws", - "aws-cn" - ], - "explanation": "What regions to include in lookup tables of environment agnostic stacks" - }, - "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": { - "recommendedValue": true, - "explanation": "ECS extensions will automatically add an `awslogs` driver if no logging is specified" - }, - "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": { - "recommendedValue": true, - "explanation": "Enable this feature flag to have Launch Templates generated by the `InstanceRequireImdsv2Aspect` use unique names." - }, - "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": { - "recommendedValue": true, - "explanation": "ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID." - }, - "@aws-cdk/aws-iam:minimizePolicies": { - "recommendedValue": true, - "explanation": "Minimize IAM policies by combining Statements" - }, - "@aws-cdk/core:validateSnapshotRemovalPolicy": { - "recommendedValue": true, - "explanation": "Error on snapshot removal policies on resources that do not support it." - }, - "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": { - "recommendedValue": true, - "explanation": "Generate key aliases that include the stack name" - }, - "@aws-cdk/aws-s3:createDefaultLoggingPolicy": { - "recommendedValue": true, - "explanation": "Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist." - }, - "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": { - "recommendedValue": true, - "explanation": "Restrict KMS key policy for encrypted Queues a bit more" - }, - "@aws-cdk/aws-apigateway:disableCloudWatchRole": { - "recommendedValue": true, - "explanation": "Make default CloudWatch Role behavior safe for multiple API Gateways in one environment" - }, - "@aws-cdk/core:enablePartitionLiterals": { - "recommendedValue": true, - "explanation": "Make ARNs concrete if AWS partition is known" - }, - "@aws-cdk/aws-events:eventsTargetQueueSameAccount": { - "recommendedValue": true, - "explanation": "Event Rules may only push to encrypted SQS queues in the same account" - }, - "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": { - "recommendedValue": true, - "explanation": "Avoid setting the \"ECS\" deployment controller when adding a circuit breaker" - }, - "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { - "recommendedValue": true, - "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in." - }, - "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { - "recommendedValue": true, - "explanation": "Use S3 Bucket Policy instead of ACLs for Server Access Logging" - }, - "@aws-cdk/aws-route53-patters:useCertificate": { - "recommendedValue": true, - "explanation": "Use the official `Certificate` resource instead of `DnsValidatedCertificate`" - }, - "@aws-cdk/customresources:installLatestAwsSdkDefault": { - "recommendedValue": false, - "explanation": "Whether to install the latest SDK by default in AwsCustomResource" - }, - "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": { - "recommendedValue": true, - "explanation": "Use unique resource name for Database Proxy" - }, - "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": { - "recommendedValue": true, - "explanation": "Remove CloudWatch alarms from deployment group" - }, - "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": { - "recommendedValue": true, - "explanation": "Include authorizer configuration in the calculation of the API deployment logical ID." - }, - "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": { - "recommendedValue": true, - "explanation": "Define user data for a launch template by default when a machine image is provided." - }, - "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": { - "recommendedValue": true, - "explanation": "SecretTargetAttachments uses the ResourcePolicy of the attached Secret." - }, - "@aws-cdk/aws-redshift:columnId": { - "recommendedValue": true, - "explanation": "Whether to use an ID to track Redshift column changes" - }, - "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": { - "recommendedValue": true, - "explanation": "Enable AmazonEMRServicePolicy_v2 managed policies" - }, - "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": { - "recommendedValue": true, - "explanation": "Restrict access to the VPC default security group" - }, - "@aws-cdk/aws-apigateway:requestValidatorUniqueId": { - "recommendedValue": true, - "explanation": "Generate a unique id for each RequestValidator added to a method" - }, - "@aws-cdk/aws-kms:aliasNameRef": { - "recommendedValue": true, - "explanation": "KMS Alias name and keyArn will have implicit reference to KMS Key" - }, - "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": { - "recommendedValue": true, - "explanation": "Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition" - }, - "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": { - "recommendedValue": true, - "explanation": "Generate a launch template when creating an AutoScalingGroup" - }, - "@aws-cdk/core:includePrefixInUniqueNameGeneration": { - "recommendedValue": true, - "explanation": "Include the stack prefix in the stack name generation process" - }, - "@aws-cdk/aws-efs:denyAnonymousAccess": { - "recommendedValue": true, - "explanation": "EFS denies anonymous clients accesses" - }, - "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": { - "recommendedValue": true, - "explanation": "Enables support for Multi-AZ with Standby deployment for opensearch domains" - }, - "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": { - "recommendedValue": true, - "explanation": "Enables aws-lambda-nodejs.Function to use the latest available NodeJs runtime as the default" - }, - "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": { - "recommendedValue": true, - "explanation": "When enabled, mount targets will have a stable logicalId that is linked to the associated subnet." - }, - "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": { - "recommendedValue": true, - "explanation": "When enabled, a scope of InstanceParameterGroup for AuroraClusterInstance with each parameters will change." - }, - "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": { - "recommendedValue": true, - "explanation": "When enabled, will always use the arn for identifiers for CfnSourceApiAssociation in the GraphqlApi construct rather than id." - }, - "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": { - "recommendedValue": true, - "explanation": "When enabled, creating an RDS database cluster from a snapshot will only render credentials for snapshot credentials." - }, - "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": { - "recommendedValue": true, - "explanation": "When enabled, the CodeCommit source action is using the default branch name 'main'." - }, - "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": { - "recommendedValue": true, - "explanation": "When enabled, the logical ID of a Lambda permission for a Lambda action includes an alarm ID." - }, - "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": { - "recommendedValue": true, - "explanation": "Enables Pipeline to set the default value for crossAccountKeys to false." - }, - "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": { - "recommendedValue": true, - "explanation": "Enables Pipeline to set the default pipeline type to V2." - }, - "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": { - "recommendedValue": true, - "explanation": "When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only." - }, - "@aws-cdk/pipelines:reduceAssetRoleTrustScope": { - "recommendedValue": true, - "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/aws-eks:nodegroupNameAttribute": { - "recommendedValue": true, - "explanation": "When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix." - }, - "@aws-cdk/aws-eks:useNativeOidcProvider": { - "recommendedValue": true, - "explanation": "When enabled, EKS V2 clusters will use the native OIDC provider resource AWS::IAM::OIDCProvider instead of creating the OIDCProvider with a custom resource (iam.OpenIDConnectProvider)." - }, - "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": { - "recommendedValue": true, - "explanation": "When enabled, the default volume type of the EBS volume will be GP3" - }, - "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": { - "recommendedValue": true, - "explanation": "When enabled, remove default deployment alarm settings" - }, - "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": { - "recommendedValue": false, - "explanation": "When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default" - }, - "@aws-cdk/aws-s3:keepNotificationInImportedBucket": { - "recommendedValue": false, - "explanation": "When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack." - }, - "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": { - "recommendedValue": true, - "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/core:explicitStackTags": { - "recommendedValue": true, - "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack." - }, - "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": { - "recommendedValue": true, - "explanation": "When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration" - }, - "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": { - "recommendedValue": true, - "explanation": "When enabled will allow you to specify a resource policy per replica, and not copy the source table policy to all replicas" - }, - "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": { - "recommendedValue": true, - "explanation": "When enabled, initOptions.timeout and resourceSignalTimeout values will be summed together." - }, - "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": { - "recommendedValue": true, - "explanation": "When enabled, a Lambda authorizer Permission created when using GraphqlApi will be properly scoped with a SourceArn." - }, - "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": { - "recommendedValue": true, - "explanation": "When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn`" - }, - "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": { - "recommendedValue": true, - "explanation": "When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values." - }, - "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": { - "recommendedValue": true, - "explanation": "When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications." - }, - "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": { - "recommendedValue": true, - "explanation": "When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN." - }, - "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": { - "recommendedValue": true, - "explanation": "When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2." - }, - "@aws-cdk/core:aspectStabilization": { - "recommendedValue": true, - "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": { - "recommendedValue": true, - "explanation": "When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource." - }, - "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": { - "recommendedValue": true, - "explanation": "When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere" - }, - "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": { - "recommendedValue": true, - "explanation": "When enabled, the default behaviour of OIDC provider will reject unauthorized connections" - }, - "@aws-cdk/core:enableAdditionalMetadataCollection": { - "recommendedValue": true, - "explanation": "When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues." - }, - "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": { - "recommendedValue": false, - "explanation": "[Deprecated] When enabled, Lambda will create new inline policies with AddToRolePolicy instead of adding to the Default Policy Statement" - }, - "@aws-cdk/aws-s3:setUniqueReplicationRoleName": { - "recommendedValue": true, - "explanation": "When enabled, CDK will automatically generate a unique role name that is used for s3 object replication." - }, - "@aws-cdk/pipelines:reduceStageRoleTrustScope": { - "recommendedValue": true, - "explanation": "Remove the root account principal from Stage addActions trust policy", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/aws-events:requireEventBusPolicySid": { - "recommendedValue": true, - "explanation": "When enabled, grantPutEventsTo() will use resource policies with Statement IDs for service principals." - }, - "@aws-cdk/core:aspectPrioritiesMutating": { - "recommendedValue": true, - "explanation": "When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING." - }, - "@aws-cdk/aws-dynamodb:retainTableReplica": { - "recommendedValue": true, - "explanation": "When enabled, table replica will be default to the removal policy of source table unless specified otherwise." - }, - "@aws-cdk/cognito:logUserPoolClientSecretValue": { - "recommendedValue": false, - "explanation": "When disabled, the value of the user pool client secret will not be logged in the custom resource lambda function logs." - }, - "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": { - "recommendedValue": true, - "explanation": "When enabled, scopes down the trust policy for the cross-account action role", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": { - "recommendedValue": true, - "explanation": "When enabled, the resultWriterV2 property of DistributedMap will be used insted of resultWriter" - }, - "@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions": { - "recommendedValue": true, - "explanation": "Add an S3 trust policy to a KMS key resource policy for SNS subscriptions." - }, - "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": { - "recommendedValue": true, - "explanation": "When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC." - }, - "@aws-cdk/aws-ec2-alpha:useResourceIdForVpcV2Migration": { - "recommendedValue": false, - "explanation": "When enabled, use resource IDs for VPC V2 migration" - }, - "@aws-cdk/aws-s3:publicAccessBlockedByDefault": { - "recommendedValue": true, - "explanation": "When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined." - }, - "@aws-cdk/aws-lambda:useCdkManagedLogGroup": { - "recommendedValue": true, - "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" - }, - "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { - "recommendedValue": true, - "explanation": "When enabled, Network Load Balancer will be created with a security group by default." - }, - "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { - "recommendedValue": true, - "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", - "unconfiguredBehavesLike": { - "v2": true - } - }, - "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { - "recommendedValue": true, - "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" - }, - "@aws-cdk/aws-route53-patterns:useDistribution": { - "recommendedValue": true, - "explanation": "Use the `Distribution` resource instead of `CloudFrontWebDistribution`" - }, - "@aws-cdk/aws-cloudfront:defaultFunctionRuntimeV2_0": { - "recommendedValue": true, - "explanation": "Use cloudfront-js-2.0 as the default runtime for CloudFront Functions" - }, - "@aws-cdk/aws-elasticloadbalancingv2:usePostQuantumTlsPolicy": { - "recommendedValue": true, - "explanation": "When enabled, HTTPS/TLS listeners use post-quantum TLS policy by default" - }, - "@aws-cdk/core:automaticL1Traits": { - "recommendedValue": true, - "explanation": "Automatically use the default L1 traits for L1 constructs`", - "unconfiguredBehavesLike": { - "v2": true - } - } - } - } - } - }, - "minimumCliVersion": "2.1108.0" -} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/tree.json deleted file mode 100644 index 7e7ecf82ef156..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.github-codeconnections-auth.js.snapshot/tree.json +++ /dev/null @@ -1 +0,0 @@ -{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"codebuild-github-codeconnections-auth":{"id":"codebuild-github-codeconnections-auth","path":"codebuild-github-codeconnections-auth","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"RepoProject":{"id":"RepoProject","path":"codebuild-github-codeconnections-auth/RepoProject","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Role":{"id":"Role","path":"codebuild-github-codeconnections-auth/RepoProject/Role","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/RepoProject/Role/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"codebuild.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"codebuild-github-codeconnections-auth/RepoProject/Role/DefaultPolicy","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/RepoProject/Role/DefaultPolicy/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"codeconnections:UseConnection","Effect":"Allow","Resource":"arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id"},{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/codebuild/",{"Ref":"RepoProject357CCC8C"}]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/codebuild/",{"Ref":"RepoProject357CCC8C"},":*"]]}]},{"Action":["codebuild:CreateReportGroup","codebuild:CreateReport","codebuild:UpdateReport","codebuild:BatchPutTestCases","codebuild:BatchPutCodeCoverages"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":codebuild:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":report-group/",{"Ref":"RepoProject357CCC8C"},"-*"]]}}],"Version":"2012-10-17"},"policyName":"RepoProjectRoleDefaultPolicy90FE5835","roles":[{"Ref":"RepoProjectRoleF3B93008"}]}}}}}}},"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/RepoProject/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CodeBuild::Project","aws:cdk:cloudformation:props":{"artifacts":{"type":"NO_ARTIFACTS"},"cache":{"type":"NO_CACHE"},"encryptionKey":"alias/aws/s3","environment":{"type":"LINUX_CONTAINER","image":"aws/codebuild/standard:7.0","imagePullCredentialsType":"CODEBUILD","privilegedMode":false,"computeType":"BUILD_GENERAL1_SMALL"},"serviceRole":{"Fn::GetAtt":["RepoProjectRoleF3B93008","Arn"]},"source":{"type":"GITHUB","reportBuildStatus":true,"location":"https://github.com/awslabs/aws-cdk.git","auth":{"type":"CODECONNECTIONS","resource":"arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id"}},"triggers":{"webhook":true,"filterGroups":[[{"type":"EVENT","pattern":"WORKFLOW_JOB_QUEUED"}]]}}}}}},"OrgProject":{"id":"OrgProject","path":"codebuild-github-codeconnections-auth/OrgProject","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Role":{"id":"Role","path":"codebuild-github-codeconnections-auth/OrgProject/Role","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/OrgProject/Role/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"codebuild.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"codebuild-github-codeconnections-auth/OrgProject/Role/DefaultPolicy","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/OrgProject/Role/DefaultPolicy/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"codeconnections:UseConnection","Effect":"Allow","Resource":"arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id"},{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/codebuild/",{"Ref":"OrgProject840F54CB"}]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/codebuild/",{"Ref":"OrgProject840F54CB"},":*"]]}]},{"Action":["codebuild:CreateReportGroup","codebuild:CreateReport","codebuild:UpdateReport","codebuild:BatchPutTestCases","codebuild:BatchPutCodeCoverages"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":codebuild:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":report-group/",{"Ref":"OrgProject840F54CB"},"-*"]]}}],"Version":"2012-10-17"},"policyName":"OrgProjectRoleDefaultPolicy6774B495","roles":[{"Ref":"OrgProjectRole16B85CF7"}]}}}}}}},"Resource":{"id":"Resource","path":"codebuild-github-codeconnections-auth/OrgProject/Resource","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CodeBuild::Project","aws:cdk:cloudformation:props":{"artifacts":{"type":"NO_ARTIFACTS"},"cache":{"type":"NO_CACHE"},"encryptionKey":"alias/aws/s3","environment":{"type":"LINUX_CONTAINER","image":"aws/codebuild/standard:7.0","imagePullCredentialsType":"CODEBUILD","privilegedMode":false,"computeType":"BUILD_GENERAL1_SMALL"},"serviceRole":{"Fn::GetAtt":["OrgProjectRole16B85CF7","Arn"]},"source":{"type":"GITHUB","reportBuildStatus":true,"location":"CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION","auth":{"type":"CODECONNECTIONS","resource":"arn:aws:codeconnections:us-east-1:123456789012:connection/test-connection-id"}},"triggers":{"webhook":true,"filterGroups":[[{"type":"EVENT","pattern":"WORKFLOW_JOB_QUEUED"}]],"scopeConfiguration":{"name":"awslabs"}}}}}}},"CDKMetadata":{"id":"CDKMetadata","path":"codebuild-github-codeconnections-auth/CDKMetadata","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"},"children":{"Default":{"id":"Default","path":"codebuild-github-codeconnections-auth/CDKMetadata/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}},"Condition":{"id":"Condition","path":"codebuild-github-codeconnections-auth/CDKMetadata/Condition","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"codebuild-github-codeconnections-auth/BootstrapVersion","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"codebuild-github-codeconnections-auth/CheckBootstrapVersion","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.5.1"}}}}} \ No newline at end of file