Update to v1.3.0

CHANGELOG.md

@@ -4,6 +4,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.3.0] - 2023-6-1
+### Added
+- cdk-nag rule suppressions
+- Updated deployment/build-s3-dist.sh to output cdk nag errors
+- Added CloudWatch logs permissions to CustomResource component in cdk
+
+### Changed
+- Upgraded to cdk v2
+- Added region name and account ID to AppRegistry Application name
+- Changed AppRegistry Attribute Group name to Region-StackName
+- Updated AppRegistry attribute and tag names
+- Upgraded Lambda runtimes to node 16
+- Removed application insights
+- Use logs bucket for cloudfront distribution logging
+
 ## [1.2.1] - 2023-4-17
 ### Changed
 - Updated object ownership configuration on Logs bucket and CloudFront Logging bucket
@@ -14,8 +29,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Application Insights in AppRegistry
 - SonarQube properties file: sonar-project.properties
 - Added unit tests with 80% code coverage
+
 ### Changed
 - Changed deployment/run-unit-tests.sh to generate unit test coverage reports
+
 ### Contributors
 * @sandimciin
 * @eggoynes
@@ -39,6 +56,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Contributors
 * @eggoynes
+
 ## [1.0.0] - 2020-11-05
 ### Added
 - All files, initial version

README.md

@@ -81,4 +81,4 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 
-This solution collects anonymous operational metrics to help AWS improve the quality of features of the solution. For more information, including how to disable this capability, please see the implementation guide.
+This solution collects anonymized operational metrics to help AWS improve the quality of features of the solution. For more information, including how to disable this capability, please see the implementation guide.

deployment/build-s3-dist.sh

@@ -24,9 +24,6 @@
 [ "$DEBUG" == 'true' ] && set -x
 set -e
 
-# Important: CDK global version number
-cdk_version=1.63.0
-
 # Check to see if input has been provided:
 if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
     echo "Please provide all required parameters for the build script"
@@ -57,26 +54,24 @@ mkdir -p $build_dist_dir
 rm -rf $staging_dist_dir
 mkdir -p $staging_dist_dir
 
-echo "------------------------------------------------------------------------------"
-echo "[Init] Update local CDK CLI for building"
-echo "------------------------------------------------------------------------------"
-npm install -g aws-cdk@latest
-
-echo "------------------------------------------------------------------------------"
-echo "[Init] Install dependencies for the cdk-solution-helper"
-echo "------------------------------------------------------------------------------"
-cd $template_dir/cdk-solution-helper
-npm install --production
-
 echo "------------------------------------------------------------------------------"
 echo "[Synth] CDK Project"
 echo "------------------------------------------------------------------------------"
-# Make sure user has the newest CDK version
-npm uninstall -g aws-cdk && npm install -g aws-cdk@1
 
 cd $source_dir/cdk
 npm install
-cdk synth --output=$staging_dist_dir
+
+npm run cdk -- context --clear
+npm run synth -- --output=$staging_dist_dir
+
+if [ $? -ne 0 ]
+then
+    echo "******************************************************************************"
+    echo "cdk-nag found errors"
+    echo "******************************************************************************"
+    exit 1
+fi
+
 cd $staging_dist_dir
 rm tree.json manifest.json cdk.out
 

deployment/cdk-solution-helper/index.js

@@ -13,49 +13,55 @@
 
 // Imports
 const fs = require('fs');
+const _regex = /[\w]*AssetParameters/g; //this regular express also takes into account lambda functions defined in nested stacks
 
 // Paths
 const global_s3_assets = '../global-s3-assets';
 
+const getAllAssetParameterKeys = (parameters) =>
+    Object.keys(parameters).filter((key) => key.search(_regex) > -1);
+
 // For each template in global_s3_assets ...
-fs.readdirSync(global_s3_assets).forEach(file => {
+fs.readdirSync(global_s3_assets).forEach((file) => {
     // Import and parse template file
     const raw_template = fs.readFileSync(`${global_s3_assets}/${file}`);
     let template = JSON.parse(raw_template);
 
     // Clean-up Lambda function code dependencies
-    const resources = (template.Resources) ? template.Resources : {};
+    const resources = template.Resources ? template.Resources : {};
     const lambdaFunctions = Object.keys(resources).filter(function (key) {
         return resources[key].Type === 'AWS::Lambda::Function';
     });
-
     lambdaFunctions.forEach(function (f) {
-        const fn = template.Resources[f];
+        const fn = resources[f];
         if (fn.Properties.Code.hasOwnProperty('S3Bucket')) {
             // Set the S3 key reference
-            let artifactHash = Object.assign(fn.Properties.Code.S3Bucket.Ref);
-            artifactHash = artifactHash.replace('AssetParameters', '');
-            artifactHash = artifactHash.substring(0, artifactHash.indexOf('S3Bucket'));
+            let artifactHash = Object.assign(fn.Properties.Code.S3Key);
+            artifactHash = artifactHash.replace(_regex, '');
+            artifactHash = artifactHash.substring(
+                0,
+                artifactHash.indexOf('.zip')
+            );
             const assetPath = `asset${artifactHash}`;
             fn.Properties.Code.S3Key = `%%SOLUTION_NAME%%/%%VERSION%%/${assetPath}.zip`;
-
             // Set the S3 bucket reference
             fn.Properties.Code.S3Bucket = {
-                'Fn::Sub': '%%BUCKET_NAME%%-${AWS::Region}'
+                'Fn::Sub': '%%BUCKET_NAME%%-${AWS::Region}',
             };
+            // Set the handler
+            const handler = fn.Properties.Handler;
+            fn.Properties.Handler = `${assetPath}/${handler}`;
         }
     });
 
     // Clean-up parameters section
-    const parameters = (template.Parameters) ? template.Parameters : {};
-    const assetParameters = Object.keys(parameters).filter(function (key) {
-        return key.includes('AssetParameters');
-    });
+    const parameters = template.Parameters ? template.Parameters : {};
+    const assetParameters = getAllAssetParameterKeys(parameters);
     assetParameters.forEach(function (a) {
         template.Parameters[a] = undefined;
     });
 
     // Output modified template file
     const output_template = JSON.stringify(template, null, 2);
     fs.writeFileSync(`${global_s3_assets}/${file}`, output_template);
-});
+});

deployment/cdk-solution-helper/package.json

@@ -1,7 +1,10 @@
 {
   "name": "cdk-solution-helper",
+  "description": "CDK Generated template post processor",
+  "license": "Apache-2.0",
   "version": "0.1.0",
-  "dependencies": {
-    "fs": "0.0.1-security"
+  "author": {
+    "name": "Amazon Web Services",
+    "url": "https://aws.amazon.com/solutions"
   }
 }

source/cdk/bin/vod-foundation.ts

@@ -1,7 +1,21 @@
 #!/usr/bin/env node
 import 'source-map-support/register';
-import * as cdk from '@aws-cdk/core';
+import * as cdk from 'aws-cdk-lib';
+import { DefaultStackSynthesizer } from 'aws-cdk-lib';
+import { AwsSolutionsChecks } from 'cdk-nag';
 import { VodFoundation } from '../lib/vod-foundation-stack';
 
+function createVodFoundationApp(app: cdk.App) {
+  return new VodFoundation(app, 'VodFoundation', {
+    synthesizer: new DefaultStackSynthesizer({
+      generateBootstrapVersionRule: false
+    })
+  });
+}
+
 const app = new cdk.App();
-new VodFoundation(app, 'VodFoundation'); // NOSONAR
+
+createVodFoundationApp(app);
+
+//cdk nag
+cdk.Aspects.of(app).add(new AwsSolutionsChecks({ verbose: true }));

source/cdk/cdk.json

@@ -1,7 +1,6 @@
 {
   "app": "npx ts-node bin/vod-foundation.ts",
   "context": {
-    "@aws-cdk/core:enableStackNameDuplicates": "true",
     "aws-cdk:enableDiffNoFail": "true",
     "@aws-cdk/core:stackRelativeExports": "true"
   }