diff --git a/CHANGELOG.md b/CHANGELOG.md index c7b6e709b..08be1d1d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.61.0] - 2020-08-27 + +### Changed +- Upgraded all patterns to CDK v1.61.0 +- [All *-lambda-* and *-apigateway-* patterns] Enable X-Ray tracing ([#36](https://github.com/awslabs/aws-solutions-constructs/issues/36)) + ## [1.60.0] - 2020-08-24 ### Changed diff --git a/source/lerna.json b/source/lerna.json index 874a601de..b2b85f8ec 100644 --- a/source/lerna.json +++ b/source/lerna.json @@ -6,5 +6,5 @@ "./patterns/@aws-solutions-constructs/*" ], "rejectCycles": "true", - "version": "1.60.0" + "version": "1.61.0" } diff --git a/source/package.json b/source/package.json index 0af8cd6a7..0afba23aa 100644 --- a/source/package.json +++ b/source/package.json @@ -1,6 +1,6 @@ { "name": "aws-solutions-constructs", - "version": "1.60.0", + "version": "1.61.0", "description": "AWS Solutions Constructs Library", "repository": { "type": "git", @@ -23,10 +23,10 @@ "eslint-plugin-license-header": "^0.2.0", "fs-extra": "^8.1.0", "jest": "^24.9.0", - "jsii": "^1.7.0", - "jsii-pacmak": "^1.7.0", + "jsii": "^1.11.0", + "jsii-pacmak": "^1.11.0", "tslint": "^5.20.1", - "typescript": "~3.9.5" + "typescript": "~3.9.7" }, "devDependencies": { "lerna": "^3.22.1" diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/README.md b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/README.md index 485437e10..68bdcbeab 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/README.md @@ -81,6 +81,7 @@ Out of the box implementation of the Construct without any override will set the * Enable CloudWatch logging for API Gateway * Configure least privilege access IAM role for API Gateway * Set the default authorizationType for all API methods to IAM +* Enable X-Ray Tracing ### Amazon DynamoDB Table * Set the billing mode for DynamoDB Table to On-Demand (Pay per request) diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/package.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/package.json index e0c0155a5..d18546354 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-apigateway-dynamodb", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS API Gateway and Amazon DynamoDB integration.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,16 +53,16 @@ } }, "dependencies": { - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -72,12 +72,12 @@ ] }, "peerDependencies": { - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-logs": "~1.60.0" + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-logs": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/__snapshots__/apigateway-dynamodb.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/__snapshots__/apigateway-dynamodb.test.js.snap index 2c0eceeb5..ede2015a5 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/__snapshots__/apigateway-dynamodb.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/__snapshots__/apigateway-dynamodb.test.js.snap @@ -191,6 +191,7 @@ Object { "Ref": "testapigatewaydynamodbdefaultRestApi9102FDF9", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/integ.apigateway-dynamodb-CRUD.expected.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/integ.apigateway-dynamodb-CRUD.expected.json index 61bd419ec..ebd0d2035 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/integ.apigateway-dynamodb-CRUD.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/integ.apigateway-dynamodb-CRUD.expected.json @@ -95,7 +95,8 @@ "ResourcePath": "/*" } ], - "StageName": "prod" + "StageName": "prod", + "TracingEnabled": true } }, "testapigatewaydynamodbRestApiid78018D34": { diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/integ.no-arguments.expected.json index 27de1430e..78ba4bd0e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/integ.no-arguments.expected.json @@ -92,7 +92,8 @@ "ResourcePath": "/*" } ], - "StageName": "prod" + "StageName": "prod", + "TracingEnabled": true } }, "testapigatewaydynamodbdefaultRestApiidFD6A9E91": { diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/README.md index e00267b59..04ce76e35 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/README.md @@ -79,10 +79,12 @@ Out of the box implementation of the Construct without any override will set the * Enable CloudWatch logging for API Gateway * Configure least privilege access IAM role for API Gateway * Set the default authorizationType for all API methods to IAM +* Enable X-Ray Tracing ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/package.json index bb2e2f6bd..9a31ca051 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-apigateway-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK constructs for defining an interaction between an API Gateway and a Lambda function.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,16 +53,16 @@ } }, "dependencies": { - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -72,12 +72,12 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-iam": "~1.60.0" + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-iam": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap index fdceec1f4..8761431eb 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap @@ -375,6 +375,7 @@ Object { "Ref": "testapigatewaylambdaLambdaRestApiE957E944", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, @@ -594,6 +595,7 @@ Object { }, "testapigatewaylambdaLambdaFunction18FF222F": Object { "DependsOn": Array [ + "testapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyA5D0BE32", "testapigatewaylambdaLambdaFunctionServiceRole5CD2E9F7", ], "Metadata": Object { @@ -658,6 +660,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -712,6 +717,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "testapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyA5D0BE32": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "testapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyA5D0BE32", + "Roles": Array [ + Object { + "Ref": "testapigatewaylambdaLambdaFunctionServiceRole5CD2E9F7", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "testapigatewaylambdaLambdaRestApiANY1FACA749": Object { "Properties": Object { "AuthorizationType": "AWS_IAM", @@ -952,6 +991,7 @@ Object { "Ref": "testapigatewaylambdaLambdaRestApiE957E944", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, @@ -1197,6 +1237,7 @@ Object { }, "pattern1LambdaFunction4AE2BC2A": Object { "DependsOn": Array [ + "pattern1LambdaFunctionServiceRoleDefaultPolicy3DAB9197", "pattern1LambdaFunctionServiceRoleEEE9B913", ], "Metadata": Object { @@ -1261,9 +1302,46 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, + "pattern1LambdaFunctionServiceRoleDefaultPolicy3DAB9197": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "pattern1LambdaFunctionServiceRoleDefaultPolicy3DAB9197", + "Roles": Array [ + Object { + "Ref": "pattern1LambdaFunctionServiceRoleEEE9B913", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "pattern1LambdaFunctionServiceRoleEEE9B913": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { @@ -1566,6 +1644,7 @@ Object { "Ref": "pattern1LambdaRestApi6083801A", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, @@ -1725,6 +1804,7 @@ Object { }, "pattern2LambdaFunction20E7E90C": Object { "DependsOn": Array [ + "pattern2LambdaFunctionServiceRoleDefaultPolicyB413F001", "pattern2LambdaFunctionServiceRoleF8D0D0F1", ], "Metadata": Object { @@ -1789,9 +1869,46 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, + "pattern2LambdaFunctionServiceRoleDefaultPolicyB413F001": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "pattern2LambdaFunctionServiceRoleDefaultPolicyB413F001", + "Roles": Array [ + Object { + "Ref": "pattern2LambdaFunctionServiceRoleF8D0D0F1", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "pattern2LambdaFunctionServiceRoleF8D0D0F1": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { @@ -2094,6 +2211,7 @@ Object { "Ref": "pattern2LambdaRestApi7106C394", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.deployFunction.expected.json index 4adc6b950..23cbe33df 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.deployFunction.expected.json @@ -52,6 +52,40 @@ ] } }, + "testapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyA5D0BE32": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyA5D0BE32", + "Roles": [ + { + "Ref": "testapigatewaylambdaLambdaFunctionServiceRole5CD2E9F7" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testapigatewaylambdaLambdaFunction18FF222F": { "Type": "AWS::Lambda::Function", "Properties": { @@ -105,9 +139,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "testapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyA5D0BE32", "testapigatewaylambdaLambdaFunctionServiceRole5CD2E9F7" ], "Metadata": { @@ -187,7 +225,8 @@ "ResourcePath": "/*" } ], - "StageName": "prod" + "StageName": "prod", + "TracingEnabled": true } }, "testapigatewaylambdaLambdaRestApiproxy2C2C544E": { diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.existingFunction.expected.json index 537702bee..a59eff98f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/integ.existingFunction.expected.json @@ -52,6 +52,40 @@ ] } }, + "LambdaFunctionServiceRoleDefaultPolicy126C8897": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", + "Roles": [ + { + "Ref": "LambdaFunctionServiceRole0C4CDE0B" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "LambdaFunctionBF21E41F": { "Type": "AWS::Lambda::Function", "Properties": { @@ -105,9 +139,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "LambdaFunctionServiceRoleDefaultPolicy126C8897", "LambdaFunctionServiceRole0C4CDE0B" ], "Metadata": { @@ -187,7 +225,8 @@ "ResourcePath": "/*" } ], - "StageName": "prod" + "StageName": "prod", + "TracingEnabled": true } }, "testapigatewaylambdaLambdaRestApiproxy2C2C544E": { diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/README.md b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/README.md index dfeb276c8..ddb36efa9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/README.md @@ -93,6 +93,7 @@ Out of the box implementation of the Construct without any override will set the * Enable CloudWatch logging for API Gateway * Configure least privilege access IAM role for API Gateway * Set the default authorizationType for all API methods to IAM +* Enable X-Ray Tracing ### Amazon SQS Queue * Deploy SQS dead-letter queue for the source SQS Queue diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/package.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/package.json index d530ad251..277463744 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-apigateway-sqs", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK constructs for defining an interaction between an AWS Lambda function and an Amazon S3 bucket.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,17 +53,17 @@ } }, "dependencies": { - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-sqs": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-sqs": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -73,13 +73,13 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-sqs": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-logs": "~1.60.0" + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-sqs": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-logs": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/__snapshots__/apigateway-sqs.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/__snapshots__/apigateway-sqs.test.js.snap index 18429c013..5fcc7a086 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/__snapshots__/apigateway-sqs.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/__snapshots__/apigateway-sqs.test.js.snap @@ -167,6 +167,7 @@ Object { "Ref": "apigatewaysqsRestApi03BFD711", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, @@ -846,6 +847,7 @@ Object { "Ref": "apigatewaysqsRestApi03BFD711", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, @@ -1523,6 +1525,7 @@ Object { "Ref": "apigatewaysqsRestApi03BFD711", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.apigateway-sqs-crud.expected.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.apigateway-sqs-crud.expected.json index d6e727cf4..512671e1e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.apigateway-sqs-crud.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.apigateway-sqs-crud.expected.json @@ -227,7 +227,8 @@ "ResourcePath": "/*" } ], - "StageName": "prod" + "StageName": "prod", + "TracingEnabled": true } }, "testapigatewaysqsRestApimessage6D62B7B0": { diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.no-arguments.expected.json index fb49a57a5..db4a20ae1 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.no-arguments.expected.json @@ -225,7 +225,8 @@ "ResourcePath": "/*" } ], - "StageName": "prod" + "StageName": "prod", + "TracingEnabled": true } }, "testapigatewaysqsdefaultRestApimessage41073D7F": { diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/README.md index 4c9d87c99..361c3c748 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/README.md @@ -90,10 +90,12 @@ Out of the box implementation of the Construct without any override will set the * Enable CloudWatch logging for API Gateway * Configure least privilege access IAM role for API Gateway * Set the default authorizationType for all API methods to NONE +* Enable X-Ray Tracing ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/package.json index 6d619fccd..0cd9d5b73 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-cloudfront-apigateway-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS Cloudfront to AWS API Gateway to AWS Lambda integration.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,19 +53,19 @@ } }, "dependencies": { - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-solutions-constructs/aws-cloudfront-apigateway": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-solutions-constructs/aws-cloudfront-apigateway": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -75,15 +75,15 @@ ] }, "peerDependencies": { - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-solutions-constructs/aws-cloudfront-apigateway": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0" + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-solutions-constructs/aws-cloudfront-apigateway": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap index afa63cba9..52a5872c5 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap @@ -259,6 +259,7 @@ Object { }, "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A": Object { "DependsOn": Array [ + "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy2016F196", "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleCA39BFFF", ], "Metadata": Object { @@ -283,6 +284,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -344,6 +348,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy2016F196": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy2016F196", + "Roles": Array [ + Object { + "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleCA39BFFF", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersVersion1946ABC2": Object { "Properties": Object { "FunctionName": Object { @@ -354,6 +392,7 @@ Object { }, "testcloudfrontapigatewaylambdaLambdaFunction17A55E65": Object { "DependsOn": Array [ + "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB", "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F", ], "Metadata": Object { @@ -418,6 +457,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -472,6 +514,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB", + "Roles": Array [ + Object { + "Ref": "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44": Object { "Properties": Object { "EndpointConfiguration": Object { @@ -733,6 +809,7 @@ Object { "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json index c1e7cc7ca..50947e395 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json @@ -52,6 +52,40 @@ ] } }, + "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB", + "Roles": [ + { + "Ref": "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testcloudfrontapigatewaylambdaLambdaFunction17A55E65": { "Type": "AWS::Lambda::Function", "Properties": { @@ -105,9 +139,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB", "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F" ], "Metadata": { @@ -187,7 +225,8 @@ "ResourcePath": "/*" } ], - "StageName": "prod" + "StageName": "prod", + "TracingEnabled": true } }, "testcloudfrontapigatewaylambdaLambdaRestApiproxyBC09D86F": { @@ -607,6 +646,40 @@ ] } }, + "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy2016F196": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy2016F196", + "Roles": [ + { + "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleCA39BFFF" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A": { "Type": "AWS::Lambda::Function", "Properties": { @@ -620,9 +693,13 @@ "Arn" ] }, - "Runtime": "nodejs12.x" + "Runtime": "nodejs12.x", + "TracingConfig": { + "Mode": "Active" + } }, "DependsOn": [ + "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy2016F196", "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeadersServiceRoleCA39BFFF" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/README.md b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/README.md index 930a5f8ed..cfaeb8cb2 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/README.md @@ -96,6 +96,7 @@ Out of the box implementation of the Construct without any override will set the ### Amazon API Gateway * User provided API Gateway object is used as-is +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/package.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/package.json index f1dcf4b03..8b1356bad 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-cloudfront-apigateway", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS Cloudfront to AWS API Gateway integration.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,17 +53,17 @@ } }, "dependencies": { - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -73,13 +73,13 @@ ] }, "peerDependencies": { - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-s3": "~1.60.0" + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-s3": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap index ec57e2fd6..7a4551ac3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap @@ -52,6 +52,7 @@ Object { }, "LambdaFunctionBF21E41F": Object { "DependsOn": Array [ + "LambdaFunctionServiceRoleDefaultPolicy126C8897", "LambdaFunctionServiceRole0C4CDE0B", ], "Metadata": Object { @@ -116,6 +117,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -170,6 +174,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", + "Roles": Array [ + Object { + "Ref": "LambdaFunctionServiceRole0C4CDE0B", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "LambdaRestApi95870433": Object { "Properties": Object { "EndpointConfiguration": Object { @@ -421,6 +459,7 @@ Object { "Ref": "LambdaRestApi95870433", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, @@ -782,6 +821,7 @@ Object { }, "testcloudfrontapigatewaySetHttpSecurityHeadersD8DBA642": Object { "DependsOn": Array [ + "testcloudfrontapigatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy928E5642", "testcloudfrontapigatewaySetHttpSecurityHeadersServiceRole20BDDF39", ], "Metadata": Object { @@ -806,6 +846,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -867,6 +910,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "testcloudfrontapigatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy928E5642": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "testcloudfrontapigatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy928E5642", + "Roles": Array [ + Object { + "Ref": "testcloudfrontapigatewaySetHttpSecurityHeadersServiceRole20BDDF39", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "testcloudfrontapigatewaySetHttpSecurityHeadersVersion7F8815E1": Object { "Properties": Object { "FunctionName": Object { diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json index c80c10a3d..48d471a38 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json @@ -52,6 +52,40 @@ ] } }, + "LambdaFunctionServiceRoleDefaultPolicy126C8897": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", + "Roles": [ + { + "Ref": "LambdaFunctionServiceRole0C4CDE0B" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "LambdaFunctionBF21E41F": { "Type": "AWS::Lambda::Function", "Properties": { @@ -105,9 +139,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "LambdaFunctionServiceRoleDefaultPolicy126C8897", "LambdaFunctionServiceRole0C4CDE0B" ], "Metadata": { @@ -187,7 +225,8 @@ "ResourcePath": "/*" } ], - "StageName": "prod" + "StageName": "prod", + "TracingEnabled": true } }, "LambdaRestApiproxy9F99E187": { @@ -607,6 +646,40 @@ ] } }, + "testcloudfrontapigatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy928E5642": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testcloudfrontapigatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy928E5642", + "Roles": [ + { + "Ref": "testcloudfrontapigatewaySetHttpSecurityHeadersServiceRole20BDDF39" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testcloudfrontapigatewaySetHttpSecurityHeadersD8DBA642": { "Type": "AWS::Lambda::Function", "Properties": { @@ -620,9 +693,13 @@ "Arn" ] }, - "Runtime": "nodejs12.x" + "Runtime": "nodejs12.x", + "TracingConfig": { + "Mode": "Active" + } }, "DependsOn": [ + "testcloudfrontapigatewaySetHttpSecurityHeadersServiceRoleDefaultPolicy928E5642", "testcloudfrontapigatewaySetHttpSecurityHeadersServiceRole20BDDF39" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/package.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/package.json index b30ea48b7..548e489d8 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-cloudfront-s3", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS Cloudfront to AWS S3 integration.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,15 +53,15 @@ } }, "dependencies": { - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -71,11 +71,11 @@ ] }, "peerDependencies": { - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-lambda": "~1.60.0" + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-lambda": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap index 19b68c0e9..df3ac2a27 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap @@ -399,6 +399,7 @@ Object { }, "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": Object { "DependsOn": Array [ + "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A", "testcloudfronts3SetHttpSecurityHeadersServiceRole74D1E252", ], "Metadata": Object { @@ -423,6 +424,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -484,6 +488,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A", + "Roles": Array [ + Object { + "Ref": "testcloudfronts3SetHttpSecurityHeadersServiceRole74D1E252", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "testcloudfronts3SetHttpSecurityHeadersVersionF1C744BB": Object { "Properties": Object { "FunctionName": Object { diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json index 5223c4abe..dd587721b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json @@ -291,6 +291,40 @@ ] } }, + "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A", + "Roles": [ + { + "Ref": "testcloudfronts3SetHttpSecurityHeadersServiceRole74D1E252" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": { "Type": "AWS::Lambda::Function", "Properties": { @@ -304,9 +338,13 @@ "Arn" ] }, - "Runtime": "nodejs12.x" + "Runtime": "nodejs12.x", + "TracingConfig": { + "Mode": "Active" + } }, "DependsOn": [ + "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A", "testcloudfronts3SetHttpSecurityHeadersServiceRole74D1E252" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json index b07eb7c84..b7fffa933 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json @@ -292,6 +292,40 @@ ] } }, + "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A", + "Roles": [ + { + "Ref": "testcloudfronts3SetHttpSecurityHeadersServiceRole74D1E252" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": { "Type": "AWS::Lambda::Function", "Properties": { @@ -305,9 +339,13 @@ "Arn" ] }, - "Runtime": "nodejs12.x" + "Runtime": "nodejs12.x", + "TracingConfig": { + "Mode": "Active" + } }, "DependsOn": [ + "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A", "testcloudfronts3SetHttpSecurityHeadersServiceRole74D1E252" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/README.md index c4f47ec91..61685b5fe 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/README.md @@ -89,10 +89,12 @@ Out of the box implementation of the Construct without any override will set the * Enable CloudWatch logging for API Gateway * Configure least privilege access IAM role for API Gateway * Set the default authorizationType for all API methods to IAM +* Enable X-Ray Tracing ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/package.json index b5b609d13..26962acc8 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-cognito-apigateway-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS Cognito to AWS API Gateway to AWS Lambda integration", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,17 +53,17 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cognito": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cognito": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -73,13 +73,13 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cognito": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cognito": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap index 140d63f27..9b6ded872 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap @@ -129,6 +129,7 @@ Object { }, "testcognitoapigatewaylambdaLambdaFunction0C8EAC23": Object { "DependsOn": Array [ + "testcognitoapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyED0AF2CF", "testcognitoapigatewaylambdaLambdaFunctionServiceRole943D8510", ], "Metadata": Object { @@ -193,6 +194,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -247,6 +251,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "testcognitoapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyED0AF2CF": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "testcognitoapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyED0AF2CF", + "Roles": Array [ + Object { + "Ref": "testcognitoapigatewaylambdaLambdaFunctionServiceRole943D8510", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "testcognitoapigatewaylambdaLambdaRestApi2E272431": Object { "Properties": Object { "EndpointConfiguration": Object { @@ -501,6 +539,7 @@ Object { "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, diff --git a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/integ.no-arguments.expected.json index 61406ce63..e7d176af0 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/integ.no-arguments.expected.json @@ -51,6 +51,40 @@ ] } }, + "testcognitoapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyED0AF2CF": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testcognitoapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyED0AF2CF", + "Roles": [ + { + "Ref": "testcognitoapigatewaylambdaLambdaFunctionServiceRole943D8510" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testcognitoapigatewaylambdaLambdaFunction0C8EAC23": { "Type": "AWS::Lambda::Function", "Properties": { @@ -104,9 +138,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "testcognitoapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyED0AF2CF", "testcognitoapigatewaylambdaLambdaFunctionServiceRole943D8510" ], "Metadata": { @@ -186,7 +224,8 @@ "ResourcePath": "/*" } ], - "StageName": "prod" + "StageName": "prod", + "TracingEnabled": true } }, "testcognitoapigatewaylambdaLambdaRestApiproxy23E1DA20": { diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/README.md b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/README.md index 04c46aeb6..20dbebb14 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/README.md @@ -92,6 +92,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ### Amazon Cognito * Set password policy for User Pools diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/package.json b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/package.json index 907027e57..efff80ffc 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for Amazon Dynamodb stream to AWS Lambda to AWS Elasticsearch with Kibana integration", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,21 +53,21 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cognito": "~1.60.0", - "@aws-cdk/aws-elasticsearch": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-dynamodb-stream-lambda": "~1.60.0", - "@aws-solutions-constructs/aws-lambda-elasticsearch-kibana": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cognito": "~1.61.0", + "@aws-cdk/aws-elasticsearch": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-dynamodb-stream-lambda": "~1.61.0", + "@aws-solutions-constructs/aws-lambda-elasticsearch-kibana": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -77,17 +77,17 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cognito": "~1.60.0", - "@aws-cdk/aws-elasticsearch": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-dynamodb-stream-lambda": "~1.60.0", - "@aws-solutions-constructs/aws-lambda-elasticsearch-kibana": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-iam": "~1.60.0" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cognito": "~1.61.0", + "@aws-cdk/aws-elasticsearch": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-dynamodb-stream-lambda": "~1.61.0", + "@aws-solutions-constructs/aws-lambda-elasticsearch-kibana": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-iam": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap index fbd84b013..702ead0a9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap @@ -119,6 +119,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -190,9 +193,27 @@ Object { "Type": "AWS::IAM::Role", }, "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamToLambdaLambdaFunctionServiceRoleDefaultPolicyF8F69900": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": "dynamodb:ListStreams", "Effect": "Allow", diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json index 2acfe00d9..1fa20e5c2 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json @@ -56,6 +56,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": "dynamodb:ListStreams", "Effect": "Allow", @@ -97,6 +105,16 @@ "Ref": "testdynamodbstreamlambdaelasticsearchkibanaDynamoDBStreamToLambdaLambdaFunctionServiceRole7284FB59" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testdynamodbstreamlambdaelasticsearchkibanaDynamoDBStreamToLambdaLambdaFunctionE4694B84": { @@ -158,6 +176,9 @@ ] } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/README.md index 0c8b1db0a..7631da807 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/README.md @@ -84,6 +84,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/package.json index cac25e52e..0d89aeb19 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-dynamodb-stream-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS DynamoDB Stream to AWS Lambda integration.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,16 +53,16 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -72,12 +72,12 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-iam": "~1.60.0" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-iam": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap index da5b5f0f9..f48a3e278 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap @@ -113,6 +113,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -184,9 +187,27 @@ Object { "Type": "AWS::IAM::Role", }, "testlambdadynamodbstackLambdaFunctionServiceRoleDefaultPolicy547FB7F4": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": "dynamodb:ListStreams", "Effect": "Allow", diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts index 656a3ac4c..6ecd8435e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts @@ -93,6 +93,14 @@ test('check lambda permission to read dynamodb stream', () => { expect(stack).toHaveResource('AWS::IAM::Policy', { PolicyDocument: { Statement: [ + { + Action: [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + Effect: "Allow", + Resource: "*" + }, { Action: "dynamodb:ListStreams", Effect: "Allow", @@ -127,13 +135,7 @@ test('check lambda permission to read dynamodb stream', () => { } ], Version: "2012-10-17" - }, - PolicyName: "testlambdadynamodbstackLambdaFunctionServiceRoleDefaultPolicy547FB7F4", - Roles: [ - { - Ref: "testlambdadynamodbstackLambdaFunctionServiceRole758347A1" - } - ] + } }); }); diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/integ.no-arguments.expected.json index 55ee475bf..6fbb77718 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/integ.no-arguments.expected.json @@ -56,6 +56,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": "dynamodb:ListStreams", "Effect": "Allow", @@ -97,6 +105,16 @@ "Ref": "testdynamodbstreamlambdaLambdaFunctionServiceRole034E525C" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testdynamodbstreamlambdaLambdaFunction99034597": { @@ -152,6 +170,9 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/README.md index 76a82eb76..1e2985782 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/README.md @@ -80,6 +80,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/package.json index c479170e7..31f301c5b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-events-rule-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for deploying AWS Events Rule that inveokes AWS Lambda", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,15 +53,15 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-events": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-events": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -71,11 +71,11 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-events": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-events": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap index 7a12a5628..e25bc22fd 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap @@ -37,6 +37,7 @@ Object { }, "testeventsrulelambdaLambdaFunction1A3B9577": Object { "DependsOn": Array [ + "testeventsrulelambdaLambdaFunctionServiceRoleDefaultPolicyFC5ACEAE", "testeventsrulelambdaLambdaFunctionServiceRole61DEA405", ], "Metadata": Object { @@ -101,6 +102,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -174,6 +178,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "testeventsrulelambdaLambdaFunctionServiceRoleDefaultPolicyFC5ACEAE": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "testeventsrulelambdaLambdaFunctionServiceRoleDefaultPolicyFC5ACEAE", + "Roles": Array [ + Object { + "Ref": "testeventsrulelambdaLambdaFunctionServiceRole61DEA405", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, }, } `; diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/integ.events-rule-no-argument.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/integ.events-rule-no-argument.expected.json index c387f37a9..8ae189a85 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/integ.events-rule-no-argument.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/integ.events-rule-no-argument.expected.json @@ -51,6 +51,40 @@ ] } }, + "testeventsrulelambdaLambdaFunctionServiceRoleDefaultPolicyFC5ACEAE": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testeventsrulelambdaLambdaFunctionServiceRoleDefaultPolicyFC5ACEAE", + "Roles": [ + { + "Ref": "testeventsrulelambdaLambdaFunctionServiceRole61DEA405" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testeventsrulelambdaLambdaFunction1A3B9577": { "Type": "AWS::Lambda::Function", "Properties": { @@ -104,9 +138,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "testeventsrulelambdaLambdaFunctionServiceRoleDefaultPolicyFC5ACEAE", "testeventsrulelambdaLambdaFunctionServiceRole61DEA405" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/package.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/package.json index 52ccd7fd0..27ef05810 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-events-rule-step-function", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for deploying AWS Events Rule that invokes AWS Step Function", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,19 +53,19 @@ } }, "dependencies": { - "@aws-cdk/aws-stepfunctions": "~1.60.0", - "@aws-cdk/aws-stepfunctions-tasks": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-events": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-stepfunctions": "~1.61.0", + "@aws-cdk/aws-stepfunctions-tasks": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-events": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -75,15 +75,15 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-stepfunctions": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-events": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-cdk/aws-stepfunctions-tasks": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0" + "@aws-cdk/aws-stepfunctions": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-events": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-cdk/aws-stepfunctions-tasks": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-no-argument.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-no-argument.expected.json index 5708e457d..4aece8baf 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-no-argument.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-no-argument.expected.json @@ -97,13 +97,13 @@ "testeventsrulestepfunctionstackStateMachine48534048": { "Type": "AWS::StepFunctions::StateMachine", "Properties": { - "DefinitionString": "{\"StartAt\":\"StartState\",\"States\":{\"StartState\":{\"Type\":\"Pass\",\"End\":true}}}", "RoleArn": { "Fn::GetAtt": [ "testeventsrulestepfunctionstackStateMachineRoleA5C98F35", "Arn" ] }, + "DefinitionString": "{\"StartAt\":\"StartState\",\"States\":{\"StartState\":{\"Type\":\"Pass\",\"End\":true}}}", "LoggingConfiguration": { "Destinations": [ { diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-with-lambda.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-with-lambda.expected.json index dc5c18bde..28095fa7d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-with-lambda.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/integ.events-rule-step-function-with-lambda.expected.json @@ -51,6 +51,40 @@ ] } }, + "LambdaFunctionServiceRoleDefaultPolicy126C8897": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", + "Roles": [ + { + "Ref": "LambdaFunctionServiceRole0C4CDE0B" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "LambdaFunctionBF21E41F": { "Type": "AWS::Lambda::Function", "Properties": { @@ -104,9 +138,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "LambdaFunctionServiceRoleDefaultPolicy126C8897", "LambdaFunctionServiceRole0C4CDE0B" ], "Metadata": { @@ -227,6 +265,12 @@ "testeventsrulestepfunctionandlambdastackStateMachine3BC6D432": { "Type": "AWS::StepFunctions::StateMachine", "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "testeventsrulestepfunctionandlambdastackStateMachineRole77040795", + "Arn" + ] + }, "DefinitionString": { "Fn::Join": [ "", @@ -243,12 +287,6 @@ ] ] }, - "RoleArn": { - "Fn::GetAtt": [ - "testeventsrulestepfunctionandlambdastackStateMachineRole77040795", - "Arn" - ] - }, "LoggingConfiguration": { "Destinations": [ { diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/package.json b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/package.json index 2d68349f0..7f509a626 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-iot-kinesisfirehose-s3", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS IoT to AWS Kinesis Firehose to AWS S3 integration.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,18 +53,18 @@ } }, "dependencies": { - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-kinesisfirehose": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-iot": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-kinesisfirehose-s3": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-kinesisfirehose": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-iot": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-kinesisfirehose-s3": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -74,14 +74,14 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-kinesisfirehose": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-iot": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-kinesisfirehose-s3": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-logs": "~1.60.0" + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-kinesisfirehose": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-iot": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-kinesisfirehose-s3": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-logs": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/README.md b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/README.md index 2d42efc89..9c2c15267 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/README.md @@ -89,6 +89,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ### Amazon DynamoDB Table * Set the billing mode for DynamoDB Table to On-Demand (Pay per request) diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/package.json b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/package.json index 53eabdef2..580b9be8f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-iot-lambda-dynamodb", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS IoT to AWS Lambda to AWS DyanmoDB integration.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,17 +53,17 @@ } }, "dependencies": { - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-iot": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-iot-lambda": "~1.60.0", - "@aws-solutions-constructs/aws-lambda-dynamodb": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-iot": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-iot-lambda": "~1.61.0", + "@aws-solutions-constructs/aws-lambda-dynamodb": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -73,13 +73,13 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-iot": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-iot-lambda": "~1.60.0", - "@aws-solutions-constructs/aws-lambda-dynamodb": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-iot": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-iot-lambda": "~1.61.0", + "@aws-solutions-constructs/aws-lambda-dynamodb": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap index e4c1b19ec..05a7eae73 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap @@ -109,6 +109,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -183,9 +186,27 @@ Object { "Type": "AWS::IAM::Role", }, "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleDefaultPolicyB43AD823": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "dynamodb:BatchGetItem", diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/integ.iot-lambda-dynamodb.expected.json b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/integ.iot-lambda-dynamodb.expected.json index 4327dd589..201aff9de 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/integ.iot-lambda-dynamodb.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/integ.iot-lambda-dynamodb.expected.json @@ -56,6 +56,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "dynamodb:BatchGetItem", @@ -91,6 +99,16 @@ "Ref": "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleC57F7FDA" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testiotlambdadynamodbstackIotToLambdaLambdaFunctionDFEAF894": { @@ -149,6 +167,9 @@ "Ref": "testiotlambdadynamodbstackLambdaToDynamoDBDynamoTableE17E5733" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts index bda1c8652..cac7e7ce2 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts @@ -206,6 +206,14 @@ test('check lambda function policy ', () => { expect(stack).toHaveResource('AWS::IAM::Policy', { PolicyDocument: { Statement: [ + { + Action: [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + Effect: "Allow", + Resource: "*" + }, { Action: [ "dynamodb:BatchGetItem", diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/README.md index 4b9f20829..db6f034ea 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/README.md @@ -85,6 +85,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/package.json index 1c4713c14..b7b968e60 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-iot-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS IoT to AWS Lambda integration", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,15 +53,15 @@ } }, "dependencies": { - "@aws-cdk/aws-iot": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-iot": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -71,11 +71,11 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-iot": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-iot": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap index 8a87bcf0a..6d21636f2 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap @@ -41,6 +41,7 @@ Object { }, "testiotlambdaintegrationLambdaFunctionC5329DBA": Object { "DependsOn": Array [ + "testiotlambdaintegrationLambdaFunctionServiceRoleDefaultPolicy0FB2AE4D", "testiotlambdaintegrationLambdaFunctionServiceRole27C3EE41", ], "Metadata": Object { @@ -105,6 +106,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -178,6 +182,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "testiotlambdaintegrationLambdaFunctionServiceRoleDefaultPolicy0FB2AE4D": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "testiotlambdaintegrationLambdaFunctionServiceRoleDefaultPolicy0FB2AE4D", + "Roles": Array [ + Object { + "Ref": "testiotlambdaintegrationLambdaFunctionServiceRole27C3EE41", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, }, } `; diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-new-func.expected.json b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-new-func.expected.json index a5b94e05e..24f53fc09 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-new-func.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-new-func.expected.json @@ -51,6 +51,40 @@ ] } }, + "testiotlambdaintegrationLambdaFunctionServiceRoleDefaultPolicy0FB2AE4D": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testiotlambdaintegrationLambdaFunctionServiceRoleDefaultPolicy0FB2AE4D", + "Roles": [ + { + "Ref": "testiotlambdaintegrationLambdaFunctionServiceRole27C3EE41" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testiotlambdaintegrationLambdaFunctionC5329DBA": { "Type": "AWS::Lambda::Function", "Properties": { @@ -104,9 +138,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "testiotlambdaintegrationLambdaFunctionServiceRoleDefaultPolicy0FB2AE4D", "testiotlambdaintegrationLambdaFunctionServiceRole27C3EE41" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-use-existing-func.expected.json b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-use-existing-func.expected.json index d91fca779..76d5072a5 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-use-existing-func.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/integ.iot-lambda-use-existing-func.expected.json @@ -51,6 +51,40 @@ ] } }, + "LambdaFunctionServiceRoleDefaultPolicy126C8897": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", + "Roles": [ + { + "Ref": "LambdaFunctionServiceRole0C4CDE0B" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "LambdaFunctionBF21E41F": { "Type": "AWS::Lambda::Function", "Properties": { @@ -104,9 +138,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "LambdaFunctionServiceRoleDefaultPolicy126C8897", "LambdaFunctionServiceRole0C4CDE0B" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/package.json b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/package.json index 7b8d062ab..a07b1c4ca 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK constructs for defining an interaction between an Amazon Kinesis Data Firehose delivery stream and (1) an Amazon S3 bucket, and (2) an Amazon Kinesis Data Analytics application.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,19 +53,19 @@ } }, "dependencies": { - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-kinesis": "~1.60.0", - "@aws-cdk/aws-kinesisanalytics": "~1.60.0", - "@aws-cdk/aws-kinesisfirehose": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-kinesisfirehose-s3": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-kinesis": "~1.61.0", + "@aws-cdk/aws-kinesisanalytics": "~1.61.0", + "@aws-cdk/aws-kinesisfirehose": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-kinesisfirehose-s3": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -75,15 +75,15 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-kinesis": "~1.60.0", - "@aws-cdk/aws-kinesisanalytics": "~1.60.0", - "@aws-cdk/aws-kinesisfirehose": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-kinesisfirehose-s3": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-logs": "~1.60.0" + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-kinesis": "~1.61.0", + "@aws-cdk/aws-kinesisanalytics": "~1.61.0", + "@aws-cdk/aws-kinesisfirehose": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-kinesisfirehose-s3": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-logs": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/package.json b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/package.json index d85a9b1b8..c71d94da8 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-kinesisfirehose-s3", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK constructs for defining an interaction between an Amazon Kinesis Data Firehose delivery stream and an Amazon S3 bucket.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,16 +53,16 @@ } }, "dependencies": { - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-kinesisfirehose": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-kinesisfirehose": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -72,12 +72,12 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-kinesisfirehose": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-kinesisfirehose": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/README.md index b665503a2..9575cdced 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/README.md @@ -83,6 +83,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/package.json index 0e8010296..d0bd793c4 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-kinesisstreams-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK constructs for defining an interaction between an Amazon Kinesis Data Stream and an AWS Lambda function.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,16 +53,16 @@ } }, "dependencies": { - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-kinesis": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-kinesis": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -72,12 +72,12 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-kinesis": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-kinesis": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap index 6c176da95..a223bf081 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap @@ -95,6 +95,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -209,9 +212,27 @@ Object { "Type": "AWS::IAM::Role", }, "testkinesisstreamslambdaLambdaFunctionServiceRoleDefaultPolicyE2BE8F65": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "kinesis:DescribeStreamSummary", diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/integ.deployFunction.expected.json index 4bace5dc4..178b598ef 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/integ.deployFunction.expected.json @@ -68,6 +68,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "kinesis:DescribeStreamSummary", @@ -93,6 +101,16 @@ "Ref": "testkslambdaLambdaFunctionServiceRole329F6464" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testkslambdaLambdaFunction995A7276": { @@ -148,6 +166,9 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/README.md index 3796b39cb..537f6c48d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/README.md @@ -77,6 +77,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ### Amazon DynamoDB Table * Set the billing mode for DynamoDB Table to On-Demand (Pay per request) diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/package.json b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/package.json index 603921bd7..9d5889a29 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-lambda-dynamodb", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS Lambda to AWS DynamoDB integration.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,14 +53,14 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -70,10 +70,10 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap index 65437e826..e9503ab61 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap @@ -113,6 +113,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -168,9 +171,27 @@ Object { "Type": "AWS::IAM::Role", }, "testlambdadynamodbstackLambdaFunctionServiceRoleDefaultPolicy547FB7F4": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "dynamodb:BatchGetItem", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.add-secondary-index.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.add-secondary-index.expected.json index a51349a8e..5f92cf2c3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.add-secondary-index.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.add-secondary-index.expected.json @@ -56,6 +56,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "dynamodb:BatchGetItem", @@ -102,6 +110,16 @@ "Ref": "testlambdadynamodbstackLambdaFunctionServiceRole758347A1" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdadynamodbstackLambdaFunction5DDB3E8D": { @@ -160,6 +178,9 @@ "Ref": "testlambdadynamodbstackDynamoTable8138E93B" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.no-arguments.expected.json index 1d8e21204..24d052f1b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.no-arguments.expected.json @@ -56,6 +56,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "dynamodb:BatchGetItem", @@ -91,6 +99,16 @@ "Ref": "testlambdadynamodbstackLambdaFunctionServiceRole758347A1" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdadynamodbstackLambdaFunction5DDB3E8D": { @@ -149,6 +167,9 @@ "Ref": "testlambdadynamodbstackDynamoTable8138E93B" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.set-billing-mode.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.set-billing-mode.expected.json index e8e1a8054..3838be087 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.set-billing-mode.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.set-billing-mode.expected.json @@ -56,6 +56,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "dynamodb:BatchGetItem", @@ -91,6 +99,16 @@ "Ref": "testlambdadynamodbstackLambdaFunctionServiceRole758347A1" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdadynamodbstackLambdaFunction5DDB3E8D": { @@ -149,6 +167,9 @@ "Ref": "testlambdadynamodbstackDynamoTable8138E93B" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.use-existing-func.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.use-existing-func.expected.json index e966905fc..6fdce8e22 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.use-existing-func.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/integ.use-existing-func.expected.json @@ -56,6 +56,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "dynamodb:BatchGetItem", @@ -91,6 +99,16 @@ "Ref": "LambdaFunctionServiceRole0C4CDE0B" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "LambdaFunctionBF21E41F": { @@ -149,6 +167,9 @@ "Ref": "testlambdadynamodbstackDynamoTable8138E93B" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts index d6b9975d3..5e22ff3c8 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts @@ -172,6 +172,14 @@ test('check lambda function policy default table permissions', () => { expect(stack).toHaveResource('AWS::IAM::Policy', { PolicyDocument: { Statement: [ + { + Action: [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + Effect: "Allow", + Resource: "*" + }, { Action: [ "dynamodb:BatchGetItem", @@ -327,6 +335,14 @@ test('check lambda function policy ReadOnly table permissions', () => { expectCDK(stack).to(haveResource('AWS::IAM::Policy', { PolicyDocument: { Statement: [ + { + Action: [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + Effect: "Allow", + Resource: "*" + }, { Action: [ "dynamodb:BatchGetItem", @@ -373,6 +389,14 @@ test('check lambda function policy WriteOnly table permissions', () => { expectCDK(stack).to(haveResource('AWS::IAM::Policy', { PolicyDocument: { Statement: [ + { + Action: [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + Effect: "Allow", + Resource: "*" + }, { Action: [ "dynamodb:BatchWriteItem", @@ -417,6 +441,14 @@ test('check lambda function policy ReadWrite table permissions', () => { expectCDK(stack).to(haveResource('AWS::IAM::Policy', { PolicyDocument: { Statement: [ + { + Action: [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + Effect: "Allow", + Resource: "*" + }, { Action: [ "dynamodb:BatchGetItem", @@ -467,6 +499,14 @@ test('check lambda function policy All table permissions', () => { expectCDK(stack).to(haveResource('AWS::IAM::Policy', { PolicyDocument: { Statement: [ + { + Action: [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + Effect: "Allow", + Resource: "*" + }, { Action: "dynamodb:*", Effect: "Allow", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/README.md index ccc282f72..447fac11a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/README.md @@ -82,6 +82,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ### Amazon Cognito * Set password policy for User Pools diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/package.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/package.json index 66c3d9ed7..bbbbb7fe6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-lambda-elasticsearch-kibana", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS Lambda to AWS Elasticsearch with Kibana integration", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,17 +53,17 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cognito": "~1.60.0", - "@aws-cdk/aws-elasticsearch": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cognito": "~1.61.0", + "@aws-cdk/aws-elasticsearch": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -73,13 +73,13 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-cognito": "~1.60.0", - "@aws-cdk/aws-elasticsearch": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-cognito": "~1.61.0", + "@aws-cdk/aws-elasticsearch": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap index 93ca590dd..7456f3ad4 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap @@ -438,6 +438,7 @@ Object { }, "testlambdaelasticsearchstackLambdaFunction5CA5683F": Object { "DependsOn": Array [ + "testlambdaelasticsearchstackLambdaFunctionServiceRoleDefaultPolicy5EFA0073", "testlambdaelasticsearchstackLambdaFunctionServiceRoleEB1E3355", ], "Metadata": Object { @@ -508,9 +509,46 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, + "testlambdaelasticsearchstackLambdaFunctionServiceRoleDefaultPolicy5EFA0073": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "testlambdaelasticsearchstackLambdaFunctionServiceRoleDefaultPolicy5EFA0073", + "Roles": Array [ + Object { + "Ref": "testlambdaelasticsearchstackLambdaFunctionServiceRoleEB1E3355", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "testlambdaelasticsearchstackLambdaFunctionServiceRoleEB1E3355": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json index 3b185ed81..9ee9dbc8e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json @@ -51,6 +51,40 @@ ] } }, + "testlambdaelasticsearchkibanaLambdaFunctionServiceRoleDefaultPolicy199413EB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testlambdaelasticsearchkibanaLambdaFunctionServiceRoleDefaultPolicy199413EB", + "Roles": [ + { + "Ref": "testlambdaelasticsearchkibanaLambdaFunctionServiceRole3AFFEAA2" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testlambdaelasticsearchkibanaLambdaFunction601D26D3": { "Type": "AWS::Lambda::Function", "Properties": { @@ -110,9 +144,13 @@ ] } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "testlambdaelasticsearchkibanaLambdaFunctionServiceRoleDefaultPolicy199413EB", "testlambdaelasticsearchkibanaLambdaFunctionServiceRole3AFFEAA2" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/README.md index 65f48a7d7..a081a9aae 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/README.md @@ -76,6 +76,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ### Amazon S3 Bucket * Configure Access logging for S3 Bucket diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/package.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/package.json index 87c664b77..72bd88080 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-lambda-s3", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK constructs for defining an interaction between an AWS Lambda function and an Amazon S3 bucket.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,14 +53,14 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -70,10 +70,10 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap index 3b5740c55..7530da28d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap @@ -87,6 +87,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -142,9 +145,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": "s3:DeleteObject*", "Effect": "Allow", @@ -438,6 +459,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -493,9 +517,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": "s3:DeleteObject*", "Effect": "Allow", @@ -759,6 +801,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -814,9 +859,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "s3:PutObject*", @@ -1083,6 +1146,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -1138,9 +1204,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "s3:GetObject*", @@ -1416,6 +1500,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -1471,9 +1558,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "s3:GetObject*", @@ -1752,6 +1857,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -1807,9 +1915,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "s3:DeleteObject*", @@ -2085,6 +2211,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -2140,9 +2269,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "s3:GetObject*", @@ -2421,6 +2568,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -2476,9 +2626,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "s3:GetObject*", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json index 7645e450b..cfd101f8b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "s3:GetObject*", @@ -99,6 +107,16 @@ "Ref": "testlambdas3LambdaFunctionServiceRole72E20379" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdas3LambdaFunction1B8788C9": { @@ -157,6 +175,9 @@ "Ref": "testlambdas3S3Bucket179A52E6" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json index 4ab723ccc..08bac4bfc 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "s3:GetObject*", @@ -99,6 +107,16 @@ "Ref": "LambdaFunctionServiceRole0C4CDE0B" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "LambdaFunctionBF21E41F": { @@ -157,6 +175,9 @@ "Ref": "testlambdas3S3Bucket179A52E6" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.pre-existing-bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.pre-existing-bucket.expected.json index 602bb5757..78df9861b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.pre-existing-bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.pre-existing-bucket.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "s3:GetObject*", @@ -103,6 +111,16 @@ "Ref": "testlambdas3preexistingbucketLambdaFunctionServiceRole9AC7CED0" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdas3preexistingbucketLambdaFunctionA56FB2C7": { @@ -159,6 +177,9 @@ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "S3_BUCKET_NAME": "cdktoolkit-stagingbucket-1cjqz1mn5psg3" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/README.md index bf51fbe83..1c2bbb646 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/README.md @@ -76,6 +76,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ### Amazon SNS Topic * Configure least privilege access permissions for SNS Topic diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/package.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/package.json index 01021ec50..cae62442d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-lambda-sns", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK constructs for defining an interaction between an AWS Lambda function and an Amazon SNS topic.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,15 +53,15 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-sns": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-sns": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -71,11 +71,11 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-sns": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-sns": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap index 86a1318a4..27f5add90 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap @@ -146,6 +146,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -201,9 +204,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatosnsstackLambdaFunctionServiceRoleDefaultPolicy787D809F": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": "sns:Publish", "Effect": "Allow", @@ -463,6 +484,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -518,9 +542,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatosnsstackLambdaFunctionServiceRoleDefaultPolicy787D809F": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": "sns:Publish", "Effect": "Allow", @@ -780,6 +822,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -835,9 +880,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatosnsstackLambdaFunctionServiceRoleDefaultPolicy787D809F": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": "sns:Publish", "Effect": "Allow", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.deployFunction.expected.json index ce654d3c9..6394ef3b2 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.deployFunction.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": "sns:Publish", "Effect": "Allow", @@ -73,6 +81,16 @@ "Ref": "testlambdasnsLambdaFunctionServiceRole9C412F74" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdasnsLambdaFunctionD8BC8ABA": { @@ -137,6 +155,9 @@ "Ref": "testlambdasnsSnsTopic57DFED98" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.existingFunction.expected.json index 35cfed045..28146c3f3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/integ.existingFunction.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": "sns:Publish", "Effect": "Allow", @@ -73,6 +81,16 @@ "Ref": "LambdaFunctionServiceRole0C4CDE0B" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "LambdaFunctionBF21E41F": { @@ -137,6 +155,9 @@ "Ref": "testlambdasnsSnsTopic57DFED98" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/README.md index a476c1bc3..f327d012b 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/README.md @@ -86,6 +86,7 @@ Out-of-the-box implementation of this Construct (without any overridden properti ### AWS Lambda Functions * Configure least privilege access IAM role for Lambda functions. * Enable reusing connections with Keep-Alive for NodeJs Lambda functions. +* Enable X-Ray Tracing ### Amazon SQS Queue * Deploy a dead letter queue for the primary queue. diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/package.json index 1c1bcc37d..c76603ac2 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-lambda-sqs-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK construct that provisions (1) an AWS Lambda function that is configured to send messages to a queue; (2) an Amazon SQS queue; and (3) an AWS Lambda function configured to consume messages from the queue.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,16 +53,16 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-sqs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-lambda-sqs": "~1.60.0", - "@aws-solutions-constructs/aws-sqs-lambda": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-sqs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-lambda-sqs": "~1.61.0", + "@aws-solutions-constructs/aws-sqs-lambda": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -72,12 +72,12 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-sqs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-lambda-sqs": "~1.60.0", - "@aws-solutions-constructs/aws-sqs-lambda": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-sqs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-lambda-sqs": "~1.61.0", + "@aws-solutions-constructs/aws-sqs-lambda": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap index f2dac04ae..9d9756aa2 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap @@ -99,6 +99,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -154,9 +157,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:SendMessage", @@ -325,6 +346,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -380,9 +404,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:ReceiveMessage", @@ -528,6 +570,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -583,9 +628,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:SendMessage", @@ -838,6 +901,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -893,9 +959,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:ReceiveMessage", @@ -1039,6 +1123,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -1094,9 +1181,27 @@ Object { "Type": "AWS::IAM::Role", }, "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:ReceiveMessage", @@ -1210,6 +1315,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -1265,9 +1373,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:SendMessage", @@ -1557,6 +1683,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -1612,9 +1741,27 @@ Object { "Type": "AWS::IAM::Role", }, "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:SendMessage", @@ -1868,6 +2015,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -1923,9 +2073,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:ReceiveMessage", @@ -2148,6 +2316,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -2203,9 +2374,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:SendMessage", @@ -2375,6 +2564,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -2430,9 +2622,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:ReceiveMessage", @@ -2579,6 +2789,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -2634,9 +2847,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:SendMessage", @@ -2890,6 +3121,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -2945,9 +3179,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:ReceiveMessage", @@ -3094,6 +3346,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -3149,9 +3404,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:SendMessage", @@ -3405,6 +3678,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -3460,9 +3736,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:ReceiveMessage", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.defaultDeployment.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.defaultDeployment.expected.json index a81bc2e49..a3d7c177c 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.defaultDeployment.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.defaultDeployment.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:SendMessage", @@ -80,6 +88,16 @@ "Ref": "testlambdasqslambdalambdatosqsLambdaFunctionServiceRoleAE4A8DCD" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdasqslambdalambdatosqsLambdaFunction8CCC2F0B": { @@ -138,6 +156,9 @@ "Ref": "testlambdasqslambdalambdatosqsqueueF2ED40D2" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ @@ -370,6 +391,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:ReceiveMessage", @@ -395,6 +424,16 @@ "Ref": "testlambdasqslambdasqstolambdaLambdaFunctionServiceRole785979D2" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdasqslambdasqstolambdaLambdaFunction81308327": { @@ -450,6 +489,9 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingConsumerFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingConsumerFunction.expected.json index 31772a766..700697b89 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingConsumerFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingConsumerFunction.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:ReceiveMessage", @@ -82,6 +90,16 @@ "Ref": "LambdaFunctionServiceRole0C4CDE0B" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "LambdaFunctionBF21E41F": { @@ -137,6 +155,9 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ @@ -224,6 +245,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:SendMessage", @@ -247,6 +276,16 @@ "Ref": "testlambdasqslambdalambdatosqsLambdaFunctionServiceRoleAE4A8DCD" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdasqslambdalambdatosqsLambdaFunction8CCC2F0B": { @@ -305,6 +344,9 @@ "Ref": "testlambdasqslambdalambdatosqsqueueF2ED40D2" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingProducerFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingProducerFunction.expected.json index fe8794a1a..a9f1cf2fc 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingProducerFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingProducerFunction.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:SendMessage", @@ -80,6 +88,16 @@ "Ref": "LambdaFunctionServiceRole0C4CDE0B" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "LambdaFunctionBF21E41F": { @@ -138,6 +156,9 @@ "Ref": "testlambdasqslambdalambdatosqsqueueF2ED40D2" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ @@ -370,6 +391,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:ReceiveMessage", @@ -395,6 +424,16 @@ "Ref": "testlambdasqslambdasqstolambdaLambdaFunctionServiceRole785979D2" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdasqslambdasqstolambdaLambdaFunction81308327": { @@ -450,6 +489,9 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingQueue.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingQueue.expected.json index 064ccbca3..1060a4792 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingQueue.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/integ.existingQueue.expected.json @@ -132,6 +132,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:SendMessage", @@ -155,6 +163,16 @@ "Ref": "testlambdasqslambdalambdatosqsLambdaFunctionServiceRoleAE4A8DCD" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdasqslambdalambdatosqsLambdaFunction8CCC2F0B": { @@ -213,6 +231,9 @@ "Ref": "existingsqsqueue6AE880F4" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ @@ -361,6 +382,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:ReceiveMessage", @@ -386,6 +415,16 @@ "Ref": "testlambdasqslambdasqstolambdaLambdaFunctionServiceRole785979D2" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdasqslambdasqstolambdaLambdaFunction81308327": { @@ -441,6 +480,9 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts index 0cd505c5c..0c2cb8bca 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts @@ -57,27 +57,63 @@ test('Test minimal deployment', () => { expect(stack).toHaveResourceLike('AWS::IAM::Policy', { PolicyDocument: { Statement: [ - { Action: [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" - ]} - ] + { + Action: [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + Effect: "Allow", + Resource: "*" + }, + { + Action: [ + "sqs:SendMessage", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl" + ], + Effect: "Allow", + Resource: { + "Fn::GetAtt": [ + "lambdasqslambdalambdatosqsqueue49588D68", + "Arn" + ] + } + } + ], + Version: "2012-10-17" } }); // Assertion 6: test for consume-message permissions (only) on the consumer function expect(stack).toHaveResourceLike('AWS::IAM::Policy', { PolicyDocument: { Statement: [ - { Action: [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes" - ]} - ] - } + { + Action: [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + Effect: "Allow", + Resource: "*" + }, + { + Action: [ + "sqs:ReceiveMessage", + "sqs:ChangeMessageVisibility", + "sqs:GetQueueUrl", + "sqs:DeleteMessage", + "sqs:GetQueueAttributes" + ], + Effect: "Allow", + Resource: { + "Fn::GetAtt": [ + "lambdasqslambdalambdatosqsqueue49588D68", + "Arn" + ] + } + } + ], + Version: "2012-10-17" + }, }); }); diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/README.md index 6bb14c0b5..8f65ecb95 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/README.md @@ -80,6 +80,7 @@ Out of the box implementation of the Construct without any override will set the * Configure least privilege access IAM role for Lambda function. * Enable reusing connections with Keep-Alive for NodeJs Lambda function. * Allow the function to send messages only to the queue (purging can be enabled using the `enableQueuePurge` property). +* Enable X-Ray Tracing ### Amazon SQS Queue * Deploy SQS dead-letter queue for the source SQS Queue. diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/package.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/package.json index d7b7ff6fb..2942ca5c0 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-lambda-sqs", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK constructs for defining an interaction between an AWS Lambda function and an Amazon SQS queue.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,14 +53,14 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-sqs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-sqs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -70,10 +70,10 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-sqs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-sqs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap index 65621ca60..584a0b8df 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap @@ -87,6 +87,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -142,9 +145,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:PurgeQueue", @@ -435,6 +456,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -490,9 +514,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:PurgeQueue", @@ -706,6 +748,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -761,9 +806,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:PurgeQueue", @@ -895,6 +958,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -950,9 +1016,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:SendMessage", @@ -1229,6 +1313,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -1284,9 +1371,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:SendMessage", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json index 833a7c735..5bdc5712a 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:SendMessage", @@ -80,6 +88,16 @@ "Ref": "testlambdasqsLambdaFunctionServiceRoleC0430CA8" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdasqsLambdaFunction28E890A1": { @@ -138,6 +156,9 @@ "Ref": "testlambdasqsqueueDD178B7C" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json index 2c7ba668e..2a7c3ccb4 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:SendMessage", @@ -80,6 +88,16 @@ "Ref": "LambdaFunctionServiceRole0C4CDE0B" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "LambdaFunctionBF21E41F": { @@ -138,6 +156,9 @@ "Ref": "testlambdasqsqueueDD178B7C" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/README.md index cbb80d358..08ed8d6a9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/README.md @@ -78,6 +78,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ### AWS Step Function * Enable CloudWatch logging for API Gateway diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/package.json b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/package.json index d5bed6de5..bc542d00d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-lambda-step-function", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK constructs for defining an interaction between an AWS Lambda function and an AWS Step Function.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,16 +53,16 @@ } }, "dependencies": { - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-stepfunctions": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-stepfunctions": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0", "eslint-plugin-import": "^2.22.0" @@ -73,12 +73,12 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-stepfunctions": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-logs": "~1.60.0" + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-stepfunctions": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-logs": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap index 761b9582f..1390904a9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap @@ -88,6 +88,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -143,9 +146,27 @@ Object { "Type": "AWS::IAM::Role", }, "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": "states:StartExecution", "Effect": "Allow", @@ -508,6 +529,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -563,9 +587,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatostepfunctionstackLambdaFunctionServiceRoleDefaultPolicyFF90D87F": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": "states:StartExecution", "Effect": "Allow", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.deploy-lambda.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.deploy-lambda.expected.json index 51894432f..4a052686e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.deploy-lambda.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.deploy-lambda.expected.json @@ -181,6 +181,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": "states:StartExecution", "Effect": "Allow", @@ -197,6 +205,16 @@ "Ref": "testlambdastepfunctionstackLambdaFunctionServiceRoleA27C24DF" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testlambdastepfunctionstackLambdaFunctionF3ADF992": { @@ -255,6 +273,9 @@ "Ref": "testlambdastepfunctionstackStateMachine373C0BB9" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.existing-function.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.existing-function.expected.json index 2fdf9793d..2e17b8599 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.existing-function.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/integ.existing-function.expected.json @@ -56,6 +56,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": "states:StartExecution", "Effect": "Allow", @@ -72,6 +80,16 @@ "Ref": "LambdaFunctionServiceRole0C4CDE0B" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "LambdaFunctionBF21E41F": { @@ -130,6 +148,9 @@ "Ref": "testlambdastepfunctionstackStateMachine373C0BB9" } } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts index aa01919d0..3657d74e3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts @@ -117,11 +117,23 @@ test('Test invocation permissions', () => { expect(stack).toHaveResourceLike("AWS::IAM::Policy", { PolicyDocument: { Statement: [ + { + Action: [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + Effect: "Allow", + Resource: "*" + }, { Action: "states:StartExecution", - Effect: "Allow" + Effect: "Allow", + Resource: { + Ref: "testlambdastepfunctionstackStateMachine373C0BB9" + } } - ] + ], + Version: "2012-10-17" } }); }); diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/README.md index 46c12ed9f..7b7b5e1cf 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/README.md @@ -88,6 +88,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/package.json index 9790ab70c..77a680246 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-s3-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS S3 to AWS Lambda integration", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,17 +53,17 @@ } }, "dependencies": { - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-s3-notifications": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-s3-notifications": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -73,13 +73,13 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "@aws-cdk/aws-s3-notifications": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "@aws-cdk/aws-s3-notifications": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap index e5b59370d..83c000577 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap @@ -199,6 +199,7 @@ Object { }, "tests3lambdaLambdaFunctionB56B7023": Object { "DependsOn": Array [ + "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5", "tests3lambdaLambdaFunctionServiceRoleA74F4427", ], "Metadata": Object { @@ -263,6 +264,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -317,6 +321,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5", + "Roles": Array [ + Object { + "Ref": "tests3lambdaLambdaFunctionServiceRoleA74F4427", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "tests3lambdaS3BucketBE7C1B8E": Object { "DeletionPolicy": "Retain", "Properties": Object { diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.existing-s3-bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.existing-s3-bucket.expected.json index 19eafba84..26281f5c4 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.existing-s3-bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.existing-s3-bucket.expected.json @@ -225,6 +225,40 @@ ] } }, + "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5", + "Roles": [ + { + "Ref": "tests3lambdaLambdaFunctionServiceRoleA74F4427" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "tests3lambdaLambdaFunctionB56B7023": { "Type": "AWS::Lambda::Function", "Properties": { @@ -278,9 +312,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5", "tests3lambdaLambdaFunctionServiceRoleA74F4427" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json index 4773f053c..49d270910 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json @@ -51,6 +51,40 @@ ] } }, + "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5", + "Roles": [ + { + "Ref": "tests3lambdaLambdaFunctionServiceRoleA74F4427" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "tests3lambdaLambdaFunctionB56B7023": { "Type": "AWS::Lambda::Function", "Properties": { @@ -104,9 +138,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5", "tests3lambdaLambdaFunctionServiceRoleA74F4427" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-step-function/package.json b/source/patterns/@aws-solutions-constructs/aws-s3-step-function/package.json index e33377208..ffa8586eb 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-step-function/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-step-function/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-s3-step-function", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS S3 to AWS Step Function integration", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,22 +53,22 @@ } }, "dependencies": { - "@aws-cdk/aws-stepfunctions": "~1.60.0", - "@aws-cdk/aws-stepfunctions-tasks": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-cdk/aws-cloudtrail": "~1.60.0", - "@aws-cdk/aws-events": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-events-rule-step-function": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-stepfunctions": "~1.61.0", + "@aws-cdk/aws-stepfunctions-tasks": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-cdk/aws-cloudtrail": "~1.61.0", + "@aws-cdk/aws-events": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-events-rule-step-function": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -78,18 +78,18 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-stepfunctions": "~1.60.0", - "@aws-cdk/aws-stepfunctions-tasks": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-cdk/aws-cloudtrail": "~1.60.0", - "@aws-cdk/aws-events": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-solutions-constructs/aws-events-rule-step-function": "~1.60.0", - "constructs": "^3.0.2", - "@aws-cdk/aws-logs": "~1.60.0" + "@aws-cdk/aws-stepfunctions": "~1.61.0", + "@aws-cdk/aws-stepfunctions-tasks": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-cdk/aws-cloudtrail": "~1.61.0", + "@aws-cdk/aws-events": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-solutions-constructs/aws-events-rule-step-function": "~1.61.0", + "constructs": "^3.0.4", + "@aws-cdk/aws-logs": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/README.md index 3b53721f9..c92b5764d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/README.md @@ -86,6 +86,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/package.json index d1e0bde7d..130efc4bd 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-sns-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK Constructs for AWS SNS to AWS Lambda integration", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,17 +53,17 @@ } }, "dependencies": { - "@aws-cdk/aws-sns": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-sns": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -73,13 +73,13 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-sns": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-sns": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap index 1fd9991ad..9f38e5f00 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap @@ -87,6 +87,7 @@ Object { }, "testsnslambdaLambdaFunctionEE9A249B": Object { "DependsOn": Array [ + "testsnslambdaLambdaFunctionServiceRoleDefaultPolicy3E6745ED", "testsnslambdaLambdaFunctionServiceRole23794781", ], "Metadata": Object { @@ -151,6 +152,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -205,6 +209,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "testsnslambdaLambdaFunctionServiceRoleDefaultPolicy3E6745ED": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "testsnslambdaLambdaFunctionServiceRoleDefaultPolicy3E6745ED", + "Roles": Array [ + Object { + "Ref": "testsnslambdaLambdaFunctionServiceRole23794781", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "testsnslambdaLambdaFunctionSnsTopic9C14F333": Object { "Properties": Object { "Endpoint": Object { diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/integ.no-arguments.expected.json index dada89c1c..cb54c2575 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/integ.no-arguments.expected.json @@ -52,6 +52,40 @@ ] } }, + "testsnslambdaLambdaFunctionServiceRoleDefaultPolicy3E6745ED": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testsnslambdaLambdaFunctionServiceRoleDefaultPolicy3E6745ED", + "Roles": [ + { + "Ref": "testsnslambdaLambdaFunctionServiceRole23794781" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } + } + }, "testsnslambdaLambdaFunctionEE9A249B": { "Type": "AWS::Lambda::Function", "Properties": { @@ -105,9 +139,13 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ + "testsnslambdaLambdaFunctionServiceRoleDefaultPolicy3E6745ED", "testsnslambdaLambdaFunctionServiceRole23794781" ], "Metadata": { diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/README.md index 110c64f58..fcf11e137 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/README.md @@ -83,6 +83,7 @@ Out of the box implementation of the Construct without any override will set the ### AWS Lambda Function * Configure least privilege access IAM role for Lambda function * Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/package.json b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/package.json index a4d512c35..aa896d35d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/package.json +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-sqs-lambda", - "version": "1.60.0", + "version": "1.61.0", "description": "CDK constructs for defining an interaction between an Amazon SQS queue and an AWS Lambda function.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,16 +53,16 @@ } }, "dependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "@aws-cdk/aws-sqs": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "@aws-cdk/aws-sqs": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -72,12 +72,12 @@ ] }, "peerDependencies": { - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "@aws-cdk/aws-sqs": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "constructs": "^3.0.2" + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "@aws-cdk/aws-sqs": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "constructs": "^3.0.4" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap index ce433365e..9b8850f0c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap @@ -312,13 +312,34 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, "testsqslambdaLambdaFunctionServiceRoleDefaultPolicy380B065C": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:ReceiveMessage", @@ -665,6 +686,9 @@ Object { ], }, "Runtime": "nodejs10.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -720,9 +744,27 @@ Object { "Type": "AWS::IAM::Role", }, "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, Object { "Action": Array [ "sqs:ReceiveMessage", diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFifoQueue.expected.json b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFifoQueue.expected.json index e06de1fdd..ff13640d6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFifoQueue.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFifoQueue.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:ReceiveMessage", @@ -82,6 +90,16 @@ "Ref": "testsqslambdafifoLambdaFunctionServiceRole74463822" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testsqslambdafifoLambdaFunction0F3AE705": { @@ -137,6 +155,9 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFunction.expected.json index be3b68705..9a8a09a2c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.deployFunction.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:ReceiveMessage", @@ -82,6 +90,16 @@ "Ref": "testsqslambdaLambdaFunctionServiceRoleF623B438" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "testsqslambdaLambdaFunction58720146": { @@ -137,6 +155,9 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.existingFunction.expected.json index 406ba3636..9ee4c693c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/integ.existingFunction.expected.json @@ -57,6 +57,14 @@ "Properties": { "PolicyDocument": { "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "sqs:ReceiveMessage", @@ -82,6 +90,16 @@ "Ref": "LambdaFunctionServiceRole0C4CDE0B" } ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." + } + ] + } } }, "LambdaFunctionBF21E41F": { @@ -137,6 +155,9 @@ "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" } + }, + "TracingConfig": { + "Mode": "Active" } }, "DependsOn": [ diff --git a/source/patterns/@aws-solutions-constructs/core/lib/apigateway-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/apigateway-defaults.ts index bc46c37ac..63f0c5275 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/apigateway-defaults.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/apigateway-defaults.ts @@ -32,7 +32,8 @@ function DefaultRestApiProps(_endpointType: api.EndpointType[], _logGroup: LogGr accessLogDestination: new api.LogGroupLogDestination(_logGroup), accessLogFormat: api.AccessLogFormat.jsonWithStandardFields(), loggingLevel: api.MethodLoggingLevel.INFO, - dataTraceEnabled: true + dataTraceEnabled: true, + tracingEnabled: true }, defaultMethodOptions: { authorizationType: api.AuthorizationType.IAM diff --git a/source/patterns/@aws-solutions-constructs/core/lib/lambda-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/lambda-defaults.ts index 443d5a0b8..660353758 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/lambda-defaults.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/lambda-defaults.ts @@ -17,7 +17,8 @@ import * as iam from '@aws-cdk/aws-iam'; export function DefaultLambdaFunctionProps(lambdaServiceRole: iam.Role): lambda.FunctionProps | any { const lambdaFunctionProps: lambda.FunctionProps | any = { - role: lambdaServiceRole + role: lambdaServiceRole, + tracing: lambda.Tracing.ACTIVE }; return lambdaFunctionProps; diff --git a/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts index 87e41bbca..ac61aa349 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts @@ -90,5 +90,18 @@ export function deployLambdaFunction(scope: cdk.Construct, } }; + // Find the X-Ray IAM Policy + const cfnLambdafunctionDefPolicy = lambdafunction.role?.node.tryFindChild('DefaultPolicy')?.node.findChild('Resource') as iam.CfnPolicy; + + // Add the CFN NAG suppress to allow for "Resource": "*" for AWS X-Ray + cfnLambdafunctionDefPolicy.cfnOptions.metadata = { + cfn_nag: { + rules_to_suppress: [{ + id: 'W12', + reason: `Lambda needs the following minimum required permissions to send trace data to X-Ray.` + }] + } + }; + return lambdafunction; } diff --git a/source/patterns/@aws-solutions-constructs/core/package.json b/source/patterns/@aws-solutions-constructs/core/package.json index 2ce785050..c5a1e68db 100644 --- a/source/patterns/@aws-solutions-constructs/core/package.json +++ b/source/patterns/@aws-solutions-constructs/core/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/core", - "version": "1.60.0", + "version": "1.61.0", "description": "Core CDK Construct for patterns library", "main": "index.js", "types": "index.ts", @@ -52,28 +52,28 @@ } }, "dependencies": { - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-cloudfront-origins": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/aws-iot": "~1.60.0", - "@aws-cdk/aws-kinesis": "~1.60.0", - "@aws-cdk/aws-kinesisanalytics": "~1.60.0", - "@aws-cdk/aws-kinesisfirehose": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-sns": "~1.60.0", - "@aws-cdk/aws-sqs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/aws-events": "~1.60.0", - "@aws-cdk/aws-cognito": "~1.60.0", - "@aws-cdk/aws-elasticsearch": "~1.60.0", - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-cdk/aws-stepfunctions": "~1.60.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-cloudfront-origins": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/aws-iot": "~1.61.0", + "@aws-cdk/aws-kinesis": "~1.61.0", + "@aws-cdk/aws-kinesisanalytics": "~1.61.0", + "@aws-cdk/aws-kinesisfirehose": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-sns": "~1.61.0", + "@aws-cdk/aws-sqs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/aws-events": "~1.61.0", + "@aws-cdk/aws-cognito": "~1.61.0", + "@aws-cdk/aws-elasticsearch": "~1.61.0", + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-cdk/aws-stepfunctions": "~1.61.0", "@types/deep-diff": "^1.0.0", "@types/npmlog": "^4.1.2", "deep-diff": "^1.0.2", @@ -81,7 +81,7 @@ "npmlog": "^4.1.2" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -98,27 +98,27 @@ "@types/deep-diff" ], "peerDependencies": { - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-cdk/aws-iot": "~1.60.0", - "@aws-cdk/aws-kinesis": "~1.60.0", - "@aws-cdk/aws-kinesisanalytics": "~1.60.0", - "@aws-cdk/aws-kinesisfirehose": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-lambda-event-sources": "~1.60.0", - "@aws-cdk/aws-logs": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/aws-sns": "~1.60.0", - "@aws-cdk/aws-sqs": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-kms": "~1.60.0", - "@aws-cdk/aws-events": "~1.60.0", - "@aws-cdk/aws-cognito": "~1.60.0", - "@aws-cdk/aws-elasticsearch": "~1.60.0", - "@aws-cdk/aws-cloudwatch": "~1.60.0", - "@aws-cdk/aws-stepfunctions": "~1.60.0", - "@aws-cdk/aws-cloudfront-origins": "~1.60.0" + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-cdk/aws-iot": "~1.61.0", + "@aws-cdk/aws-kinesis": "~1.61.0", + "@aws-cdk/aws-kinesisanalytics": "~1.61.0", + "@aws-cdk/aws-kinesisfirehose": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-lambda-event-sources": "~1.61.0", + "@aws-cdk/aws-logs": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/aws-sns": "~1.61.0", + "@aws-cdk/aws-sqs": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-kms": "~1.61.0", + "@aws-cdk/aws-events": "~1.61.0", + "@aws-cdk/aws-cognito": "~1.61.0", + "@aws-cdk/aws-elasticsearch": "~1.61.0", + "@aws-cdk/aws-cloudwatch": "~1.61.0", + "@aws-cdk/aws-stepfunctions": "~1.61.0", + "@aws-cdk/aws-cloudfront-origins": "~1.61.0" } } diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap index 265442330..458459e0a 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap @@ -166,6 +166,7 @@ Object { "Ref": "RestApi0C43BF4B", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, @@ -530,6 +531,7 @@ Object { "Ref": "RestApi0C43BF4B", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, @@ -805,6 +807,7 @@ Object { "Ref": "RestApi0C43BF4B", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, @@ -967,6 +970,7 @@ Object { }, "LambdaFunctionBF21E41F": Object { "DependsOn": Array [ + "LambdaFunctionServiceRoleDefaultPolicy126C8897", "LambdaFunctionServiceRole0C4CDE0B", ], "Metadata": Object { @@ -1031,6 +1035,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -1085,6 +1092,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", + "Roles": Array [ + Object { + "Ref": "LambdaFunctionServiceRole0C4CDE0B", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "LambdaRestApi95870433": Object { "Properties": Object { "EndpointConfiguration": Object { @@ -1336,6 +1377,7 @@ Object { "Ref": "LambdaRestApi95870433", }, "StageName": "prod", + "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap index a1da1d76d..b2e7065c0 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap @@ -670,6 +670,7 @@ Object { }, "SetHttpSecurityHeadersEE936115": Object { "DependsOn": Array [ + "SetHttpSecurityHeadersServiceRoleDefaultPolicyD336F67B", "SetHttpSecurityHeadersServiceRoleAF063E32", ], "Metadata": Object { @@ -694,6 +695,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -755,6 +759,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "SetHttpSecurityHeadersServiceRoleDefaultPolicyD336F67B": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "SetHttpSecurityHeadersServiceRoleDefaultPolicyD336F67B", + "Roles": Array [ + Object { + "Ref": "SetHttpSecurityHeadersServiceRoleAF063E32", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "SetHttpSecurityHeadersVersion660E2F72": Object { "Properties": Object { "FunctionName": Object { diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap index 5a6f71751..fe21db617 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap @@ -399,6 +399,7 @@ Object { }, "SetHttpSecurityHeadersEE936115": Object { "DependsOn": Array [ + "SetHttpSecurityHeadersServiceRoleDefaultPolicyD336F67B", "SetHttpSecurityHeadersServiceRoleAF063E32", ], "Metadata": Object { @@ -423,6 +424,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -484,6 +488,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "SetHttpSecurityHeadersServiceRoleDefaultPolicyD336F67B": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "SetHttpSecurityHeadersServiceRoleDefaultPolicyD336F67B", + "Roles": Array [ + Object { + "Ref": "SetHttpSecurityHeadersServiceRoleAF063E32", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "SetHttpSecurityHeadersVersion660E2F72": Object { "Properties": Object { "FunctionName": Object { diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap index fff00aaeb..94094088e 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap @@ -37,6 +37,7 @@ Object { }, "LambdaFunctionBF21E41F": Object { "DependsOn": Array [ + "LambdaFunctionServiceRoleDefaultPolicy126C8897", "LambdaFunctionServiceRole0C4CDE0B", ], "Metadata": Object { @@ -101,6 +102,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -155,6 +159,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", + "Roles": Array [ + Object { + "Ref": "LambdaFunctionServiceRole0C4CDE0B", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, }, } `; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-func.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-func.test.js.snap index b05adba85..a6dd81ecd 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-func.test.js.snap +++ b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-func.test.js.snap @@ -19,6 +19,7 @@ Object { "Resources": Object { "LambdaFunctionBF21E41F": Object { "DependsOn": Array [ + "LambdaFunctionServiceRoleDefaultPolicy126C8897", "LambdaFunctionServiceRole0C4CDE0B", ], "Metadata": Object { @@ -83,6 +84,9 @@ Object { ], }, "Runtime": "nodejs12.x", + "TracingConfig": Object { + "Mode": "Active", + }, }, "Type": "AWS::Lambda::Function", }, @@ -137,6 +141,40 @@ Object { }, "Type": "AWS::IAM::Role", }, + "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { + "Metadata": Object { + "cfn_nag": Object { + "rules_to_suppress": Array [ + Object { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray.", + }, + ], + }, + }, + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", + "Roles": Array [ + Object { + "Ref": "LambdaFunctionServiceRole0C4CDE0B", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, }, } `; diff --git a/source/patterns/@aws-solutions-constructs/core/test/lambda-func.test.ts b/source/patterns/@aws-solutions-constructs/core/test/lambda-func.test.ts index 8c1d6ebf2..089e22e2e 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/lambda-func.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/lambda-func.test.ts @@ -168,9 +168,13 @@ test('test FunctionProps for no envrionment variable when runtime = PYTHON', () "Arn" ] }, - Runtime: "python3.6" + Runtime: "python3.6", + TracingConfig: { + Mode: "Active" + } }, DependsOn: [ + "LambdaFunctionServiceRoleDefaultPolicy126C8897", "LambdaFunctionServiceRole0C4CDE0B" ] }, ResourcePart.CompleteDefinition); diff --git a/source/tools/cdk-integ-tools/package.json b/source/tools/cdk-integ-tools/package.json index 75d4ed372..40c835339 100644 --- a/source/tools/cdk-integ-tools/package.json +++ b/source/tools/cdk-integ-tools/package.json @@ -31,9 +31,9 @@ "typescript": "~3.7.4" }, "dependencies": { - "@aws-cdk/cloudformation-diff": "~1.60.0", - "@aws-cdk/cx-api": "~1.60.0", - "aws-cdk": "~1.60.0", + "@aws-cdk/cloudformation-diff": "~1.61.0", + "@aws-cdk/cx-api": "~1.61.0", + "aws-cdk": "~1.61.0", "fs-extra": "^8.1.0", "yargs": "^15.1.0" }, diff --git a/source/use_cases/aws-s3-static-website/package.json b/source/use_cases/aws-s3-static-website/package.json index 531d94512..599416494 100644 --- a/source/use_cases/aws-s3-static-website/package.json +++ b/source/use_cases/aws-s3-static-website/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-s3-static-website", - "version": "1.60.0", + "version": "1.61.0", "description": "Use case pattern for deploying a S3 static website.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -28,19 +28,19 @@ "build+lint+test": "npm run build && npm run lint && npm test && npm run integ-assert" }, "dependencies": { - "@aws-solutions-constructs/aws-cloudfront-s3": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/custom-resources": "~1.60.0", - "@aws-cdk/aws-cloudformation": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", + "@aws-solutions-constructs/aws-cloudfront-s3": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/custom-resources": "~1.61.0", + "@aws-cdk/aws-cloudformation": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", "source-map-support": "^0.5.16" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, diff --git a/source/use_cases/aws-serverless-image-handler/package.json b/source/use_cases/aws-serverless-image-handler/package.json index cf15fb05d..5c62ba0c8 100644 --- a/source/use_cases/aws-serverless-image-handler/package.json +++ b/source/use_cases/aws-serverless-image-handler/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-serverless-image-handler", - "version": "1.60.0", + "version": "1.61.0", "description": "Use case pattern for deploying a serverless image handler API.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -53,18 +53,18 @@ } }, "dependencies": { - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-solutions-constructs/aws-cloudfront-apigateway-lambda": "~1.60.0", - "@aws-solutions-constructs/aws-lambda-s3": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0" + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-solutions-constructs/aws-cloudfront-apigateway-lambda": "~1.61.0", + "@aws-solutions-constructs/aws-lambda-s3": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" }, @@ -74,14 +74,14 @@ ] }, "peerDependencies": { - "@aws-solutions-constructs/aws-cloudfront-apigateway-lambda": "~1.60.0", - "@aws-solutions-constructs/aws-lambda-s3": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0" + "@aws-solutions-constructs/aws-cloudfront-apigateway-lambda": "~1.61.0", + "@aws-solutions-constructs/aws-lambda-s3": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0" } } diff --git a/source/use_cases/aws-serverless-web-app/package.json b/source/use_cases/aws-serverless-web-app/package.json index 561df2d06..0e96c9678 100644 --- a/source/use_cases/aws-serverless-web-app/package.json +++ b/source/use_cases/aws-serverless-web-app/package.json @@ -1,6 +1,6 @@ { "name": "@aws-solutions-constructs/aws-serverless-web-app", - "version": "1.60.0", + "version": "1.61.0", "description": "Use case pattern for deploying a serverless web app.", "main": "lib/index.js", "types": "lib/index.d.ts", @@ -28,24 +28,24 @@ "build+lint+test": "npm run build && npm run lint && npm test && npm run integ-assert" }, "dependencies": { - "@aws-solutions-constructs/aws-cloudfront-s3": "~1.60.0", - "@aws-solutions-constructs/aws-cognito-apigateway-lambda": "~1.60.0", - "@aws-solutions-constructs/aws-lambda-dynamodb": "~1.60.0", - "@aws-cdk/core": "~1.60.0", - "@aws-cdk/aws-lambda": "~1.60.0", - "@aws-cdk/aws-cloudfront": "~1.60.0", - "@aws-cdk/aws-s3": "~1.60.0", - "@aws-cdk/custom-resources": "~1.60.0", - "@aws-cdk/aws-cloudformation": "~1.60.0", - "@aws-cdk/aws-iam": "~1.60.0", - "@aws-cdk/aws-cognito": "~1.60.0", - "@aws-cdk/aws-apigateway": "~1.60.0", - "@aws-cdk/aws-dynamodb": "~1.60.0", - "@aws-solutions-constructs/core": "~1.60.0", + "@aws-solutions-constructs/aws-cloudfront-s3": "~1.61.0", + "@aws-solutions-constructs/aws-cognito-apigateway-lambda": "~1.61.0", + "@aws-solutions-constructs/aws-lambda-dynamodb": "~1.61.0", + "@aws-cdk/core": "~1.61.0", + "@aws-cdk/aws-lambda": "~1.61.0", + "@aws-cdk/aws-cloudfront": "~1.61.0", + "@aws-cdk/aws-s3": "~1.61.0", + "@aws-cdk/custom-resources": "~1.61.0", + "@aws-cdk/aws-cloudformation": "~1.61.0", + "@aws-cdk/aws-iam": "~1.61.0", + "@aws-cdk/aws-cognito": "~1.61.0", + "@aws-cdk/aws-apigateway": "~1.61.0", + "@aws-cdk/aws-dynamodb": "~1.61.0", + "@aws-solutions-constructs/core": "~1.61.0", "source-map-support": "^0.5.16" }, "devDependencies": { - "@aws-cdk/assert": "~1.60.0", + "@aws-cdk/assert": "~1.61.0", "@types/jest": "^24.0.23", "@types/node": "^10.3.0" },