Merge remote-tracking branch 'origin/master' into cfn-init

CONTRIBUTING.md

@@ -93,10 +93,9 @@ $ yarn install
 $ yarn build
 ```
 
-If you get compiler errors when building, a common cause is globally installed tools like tslint and typescript. Try uninstalling them.
+If you get compiler errors when building, a common cause is a globally installed typescript. Try uninstalling it.
 
 ```
-npm uninstall -g tslint
 npm uninstall -g typescript
 ```
 
@@ -277,7 +276,7 @@ However, in many cases, you can probably get away with just building a portion o
 want to work on.
 
 We recommend that you use [Visual Studio Code](https://code.visualstudio.com/) to work on the CDK. Be sure to install
-the [tslint extension](https://marketplace.visualstudio.com/items?itemName=eg2.tslint) for it as well, since we have
+the [eslint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) for it as well, since we have
 strict linting rules that will prevent your code from compiling, but with VSCode and this extension can be automatically
 fixed for you by hitting `Ctrl-.` when your cursor is on a red underline.
 
@@ -332,9 +331,6 @@ The following linters are used -
 
 #### eslint
 
-Historically, the CDK has used tslint for linting its typescript source code. With [tslint's deprecation in
-2019](https://medium.com/palantir/tslint-in-2019-1a144c2317a9), we are slowly moving over to using eslint.
-
 All packages in the repo use a standard base configuration found at [eslintrc.js](tools/cdk-build-tools/config/eslintrc.js).
 This can be customized for any package by modifying the `.eslintrc` file found at its root.
 

package.json

@@ -20,8 +20,9 @@
     "jsii-diff": "^1.8.0",
     "jsii-pacmak": "^1.8.0",
     "jsii-rosetta": "^1.8.0",
+    "jest-junit": "^11.0.1",
     "lerna": "^3.22.1",
-    "standard-version": "^8.0.0",
+    "standard-version": "^8.0.2",
     "typescript": "~3.9.6"
   },
   "resolutions-comment": "should be removed or reviewed when nodeunit dependency is dropped or adjusted",

packages/@aws-cdk/assert/package.json

@@ -21,11 +21,11 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@types/jest": "^26.0.3",
+    "@types/jest": "^26.0.4",
     "cdk-build-tools": "0.0.0",
     "jest": "^25.5.4",
     "pkglint": "0.0.0",
-    "ts-jest": "^26.1.1"
+    "ts-jest": "^26.1.2"
   },
   "dependencies": {
     "@aws-cdk/cloudformation-diff": "0.0.0",

packages/@aws-cdk/aws-ce/.gitignore

@@ -2,7 +2,6 @@
 *.js.map
 *.d.ts
 tsconfig.json
-tslint.json
 node_modules
 *.generated.ts
 dist
@@ -18,4 +17,4 @@ nyc.config.js
 !.eslintrc.js
 !jest.config.js
 
-junit.xml
+junit.xml

packages/@aws-cdk/aws-certificatemanager/suffixes/build-map.py

@@ -31,5 +31,5 @@
 
 with open('../lib/public-suffixes.ts', 'w') as o:
   o.write('// This file has been generated using ../suffixes/build-map.py\n')
-  o.write('// tslint:disable:no-trailing-whitespace object-literal-key-quotes\n')
+  o.write('/* eslint-disable no-trailing-spaces, quote-props */\n')
   o.write('export const publicSuffixes = %s;' % json.dumps(trie, indent=2))

packages/@aws-cdk/aws-codepipeline-actions/lib/bitbucket/source-action.ts

@@ -59,7 +59,6 @@ export interface BitBucketSourceActionProps extends codepipeline.CommonAwsAction
    * @see https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html#action-reference-CodestarConnectionSource-config
    */
   readonly codeBuildCloneOutput?: boolean;
-  // tslint:enable:max-line-length
 }
 
 /**

packages/@aws-cdk/aws-codepipeline-actions/lib/cloudformation/pipeline-actions.ts

@@ -234,7 +234,6 @@ interface CloudFormationDeployActionProps extends CloudFormationActionProps {
    */
   readonly extraInputs?: codepipeline.Artifact[];
 }
-// tslint:enable:max-line-length
 
 /**
  * Base class for all CloudFormation actions that execute or stage deployments.

packages/@aws-cdk/aws-codepipeline-actions/lib/custom-action-registration.ts

@@ -36,8 +36,6 @@ export interface CustomActionProperty {
    */
   queryable?: boolean;
 
-  // tslint:enable:max-line-length
-
   /**
    * Whether this property is required.
    */

packages/@aws-cdk/aws-codepipeline-actions/lib/lambda/invoke-action.ts

@@ -38,8 +38,6 @@ export interface LambdaInvokeActionProps extends codepipeline.CommonAwsActionPro
    */
   readonly userParameters?: { [key: string]: any };
 
-  // tslint:enable:max-line-length
-
   /**
    * The lambda function to invoke.
    */

packages/@aws-cdk/aws-cognito/lib/user-pool-attr.ts

@@ -153,7 +153,6 @@ export interface CustomAttributeConfig {
    * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html#CognitoUserPools-Type-SchemaAttributeType-AttributeDataType
    */
   readonly dataType: string;
-  // tslint:enable:max-line-length
 
   /**
    * The constraints for a custom attribute of 'String' data type.

packages/@aws-cdk/aws-cognito/lib/user-pool-client.ts

@@ -136,7 +136,6 @@ export class OAuthScope {
    * The name of this scope as recognized by CloudFormation.
    * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-allowedoauthscopes
    */
-  // tslint:enable:max-line-length
   public readonly scopeName: string;
 
   private constructor(scopeName: string) {

packages/@aws-cdk/aws-detective/.gitignore

@@ -2,7 +2,6 @@
 *.js.map
 *.d.ts
 tsconfig.json
-tslint.json
 node_modules
 *.generated.ts
 dist
@@ -18,4 +17,4 @@ nyc.config.js
 !.eslintrc.js
 !jest.config.js
 
-junit.xml
+junit.xml

packages/@aws-cdk/aws-docdb/lib/instance.ts

@@ -155,7 +155,6 @@ export interface DatabaseInstanceProps {
    * time for each AWS Region, occurring on a random day of the week. To see
    * the time blocks available, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-maintain.html#maintenance-window
    */
-  // tslint:enable:max-line-length
   readonly preferredMaintenanceWindow?: string;
 
   /**

packages/@aws-cdk/aws-dynamodb/package.json

@@ -64,7 +64,7 @@
   "license": "Apache-2.0",
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
-    "@types/jest": "^26.0.3",
+    "@types/jest": "^26.0.4",
     "aws-sdk": "^2.713.0",
     "aws-sdk-mock": "^5.1.0",
     "cdk-build-tools": "0.0.0",
@@ -73,7 +73,7 @@
     "jest": "^25.5.4",
     "pkglint": "0.0.0",
     "sinon": "^9.0.2",
-    "ts-jest": "^26.1.1"
+    "ts-jest": "^26.1.2"
   },
   "dependencies": {
     "@aws-cdk/aws-applicationautoscaling": "0.0.0",

packages/@aws-cdk/aws-ecr/README.md

@@ -22,7 +22,7 @@ const repository = new ecr.Repository(this, 'Repository');
 
 ### Image scanning
 
-Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new reposity to scan on push, simply enable `imageScanOnPush` in the properties
+Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable `imageScanOnPush` in the properties
 
 ```ts
 const repository = new ecr.Repository(stack, 'Repo', {

packages/@aws-cdk/aws-eks/lib/cluster.ts

@@ -1,10 +1,10 @@
+import * as fs from 'fs';
+import * as path from 'path';
 import * as autoscaling from '@aws-cdk/aws-autoscaling';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as iam from '@aws-cdk/aws-iam';
 import * as ssm from '@aws-cdk/aws-ssm';
 import { CfnOutput, CfnResource, Construct, IResource, Resource, Stack, Tag, Token } from '@aws-cdk/core';
-import * as fs from 'fs';
-import * as path from 'path';
 import * as YAML from 'yaml';
 import { AwsAuth } from './aws-auth';
 import { clusterArnComponents, ClusterResource } from './cluster-resource';
@@ -492,6 +492,16 @@ export class Cluster extends Resource implements ICluster {
       resource = new ClusterResource(this, 'Resource', clusterProps);
       this._clusterResource = resource;
 
+      // see https://github.com/aws/aws-cdk/issues/9027
+      this._clusterResource.creationRole.addToPolicy(new iam.PolicyStatement({
+        actions: ['ec2:DescribeVpcs'],
+        resources: [ stack.formatArn({
+          service: 'ec2',
+          resource: 'vpc',
+          resourceName: this.vpc.vpcId,
+        })],
+      }));
+
       // we use an SSM parameter as a barrier because it's free and fast.
       this._kubectlReadyBarrier = new CfnResource(this, 'KubectlReadyBarrier', {
         type: 'AWS::SSM::Parameter',

packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json

@@ -768,6 +768,25 @@
               "Effect": "Allow",
               "Resource": "*"
             },
+            {
+              "Action": "ec2:DescribeVpcs",
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    "arn:",
+                    {
+                      "Ref": "AWS::Partition"
+                    },
+                    ":ec2:test-region:12345678:vpc/",
+                    {
+                      "Ref": "Vpc8378EB38"
+                    }
+                  ]
+                ]
+              }
+            },
             {
               "Action": "iam:PassRole",
               "Effect": "Allow",

packages/@aws-cdk/aws-eks/test/test.cluster.ts

@@ -1,10 +1,10 @@
 import * as fs from 'fs';
+import * as path from 'path';
 import { countResources, expect, haveResource, haveResourceLike, not } from '@aws-cdk/assert';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as iam from '@aws-cdk/aws-iam';
 import * as cdk from '@aws-cdk/core';
 import { Test } from 'nodeunit';
-import * as path from 'path';
 import * as YAML from 'yaml';
 import * as eks from '../lib';
 import { KubectlLayer } from '../lib/kubectl-layer';
@@ -1040,6 +1040,29 @@ export = {
               Effect: 'Allow',
               Resource: '*',
             },
+            {
+              Action: 'ec2:DescribeVpcs',
+              Effect: 'Allow',
+              Resource: {
+                'Fn::Join': [
+                  '',
+                  [
+                    'arn:',
+                    {
+                      Ref: 'AWS::Partition',
+                    },
+                    ':ec2:us-east-1:',
+                    {
+                      Ref: 'AWS::AccountId',
+                    },
+                    ':vpc/',
+                    {
+                      Ref: 'MyClusterDefaultVpc76C24A38',
+                    },
+                  ],
+                ],
+              },
+            },
           ],
           Version: '2012-10-17',
         },
@@ -1109,6 +1132,29 @@ export = {
               Effect: 'Allow',
               Resource: '*',
             },
+            {
+              Action: 'ec2:DescribeVpcs',
+              Effect: 'Allow',
+              Resource: {
+                'Fn::Join': [
+                  '',
+                  [
+                    'arn:',
+                    {
+                      Ref: 'AWS::Partition',
+                    },
+                    ':ec2:us-east-1:',
+                    {
+                      Ref: 'AWS::AccountId',
+                    },
+                    ':vpc/',
+                    {
+                      Ref: 'MyClusterDefaultVpc76C24A38',
+                    },
+                  ],
+                ],
+              },
+            },
           ],
           Version: '2012-10-17',
         },

packages/@aws-cdk/aws-eks/test/test.fargate.ts

@@ -405,6 +405,33 @@ export = {
             Effect: 'Allow',
             Resource: '*',
           },
+          {
+            Action: 'ec2:DescribeVpcs',
+            Effect: 'Allow',
+            Resource: {
+              'Fn::Join': [
+                '',
+                [
+                  'arn:',
+                  {
+                    Ref: 'AWS::Partition',
+                  },
+                  ':ec2:',
+                  {
+                    Ref: 'AWS::Region',
+                  },
+                  ':',
+                  {
+                    Ref: 'AWS::AccountId',
+                  },
+                  ':vpc/',
+                  {
+                    Ref: 'FargateClusterDefaultVpcE69D3A13',
+                  },
+                ],
+              ],
+            },
+          },
           {
             Action: 'iam:PassRole',
             Effect: 'Allow',

packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts

@@ -2,6 +2,7 @@ import * as ec2 from '@aws-cdk/aws-ec2';
 import * as iam from '@aws-cdk/aws-iam';
 import * as s3 from '@aws-cdk/aws-s3';
 import { Construct, IResource, Lazy, Resource, Stack, Token } from '@aws-cdk/core';
+import { RegionInfo } from '@aws-cdk/region-info';
 import { CfnLoadBalancer } from '../elasticloadbalancingv2.generated';
 import { Attributes, ifUndefined, renderAttributes } from './util';
 
@@ -170,7 +171,7 @@ export abstract class BaseLoadBalancer extends Resource {
       throw new Error('Region is required to enable ELBv2 access logging');
     }
 
-    const account = ELBV2_ACCOUNTS[region];
+    const account = RegionInfo.get(region).elbv2Account;
     if (!account) {
       throw new Error(`Cannot enable access logging; don't know ELBv2 account for region ${region}`);
     }
@@ -198,32 +199,3 @@ export abstract class BaseLoadBalancer extends Resource {
     this.setAttribute(key, undefined);
   }
 }
-
-// https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions
-const ELBV2_ACCOUNTS: { [region: string]: string } = {
-  'us-east-1': '127311923021',
-  'us-east-2': '033677994240',
-  'us-west-1': '027434742980',
-  'us-west-2': '797873946194',
-  'af-south-1': '098369216593',
-  'ca-central-1': '985666609251',
-  'eu-central-1': '054676820928',
-  'eu-west-1': '156460612806',
-  'eu-west-2': '652711504416',
-  'eu-west-3': '009996457667',
-  'eu-south-1': '635631232127',
-  'eu-north-1': '897822967062',
-  'ap-east-1': '754344448648',
-  'ap-northeast-1': '582318560864',
-  'ap-northeast-2': '600734575887',
-  'ap-northeast-3': '383597477331',
-  'ap-southeast-1': '114774131450',
-  'ap-southeast-2': '783225319266',
-  'ap-south-1': '718504428378',
-  'me-south-1': '076674570225',
-  'sa-east-1': '507241528517',
-  'us-gov-west-1': '048591011584',
-  'us-gov-east-1': '190560391635',
-  'cn-north-1': '638102146993',
-  'cn-northwest-1': '037604701340',
-};