Merge branch 'main' into vkukreja/oidc-provider-fix

.github/workflows/auto-approve.yml

@@ -12,6 +12,6 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-    - uses: hmarr/auto-approve-action@v3.0.0
+    - uses: hmarr/auto-approve-action@v3.1.0
       with:
         github-token: "${{ secrets.GITHUB_TOKEN }}"

packages/@aws-cdk/aws-apigateway/README.md

@@ -1128,8 +1128,8 @@ Access logging creates logs every time an API method is accessed. Access logs ca
 who has accessed the API, how the caller accessed the API and what responses were generated.
 Access logs are configured on a Stage of the RestApi.
 Access logs can be expressed in a format of your choosing, and can contain any access details, with a
-minimum that it must include the 'requestId'. The list of  variables that can be expressed in the access
-log can be found
+minimum that it must include either 'requestId' or 'extendedRequestId'. The list of  variables that
+can be expressed in the access log can be found
 [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference).
 Read more at [Setting Up CloudWatch API Logging in API
 Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html)
@@ -1140,9 +1140,9 @@ const prdLogGroup = new logs.LogGroup(this, "PrdLogs");
 const api = new apigateway.RestApi(this, 'books', {
   deployOptions: {
     accessLogDestination: new apigateway.LogGroupLogDestination(prdLogGroup),
-    accessLogFormat: apigateway.AccessLogFormat.jsonWithStandardFields()
-  }
-})
+    accessLogFormat: apigateway.AccessLogFormat.jsonWithStandardFields(),
+  },
+});
 const deployment = new apigateway.Deployment(this, 'Deployment', {api});
 
 // development stage
@@ -1159,8 +1159,8 @@ new apigateway.Stage(this, 'dev', {
     resourcePath: true,
     responseLength: true,
     status: true,
-    user: true
-  })
+    user: true,
+  }),
 });
 ```
 

packages/@aws-cdk/aws-apigateway/lib/stage.ts

@@ -48,7 +48,9 @@ export interface StageOptions extends MethodDeploymentOptions {
 
   /**
    * A single line format of access logs of data, as specified by selected $content variables.
-   * The format must include at least `AccessLogFormat.contextRequestId()`.
+   * The format must include either `AccessLogFormat.contextRequestId()`
+   * or `AccessLogFormat.contextExtendedRequestId()`.
+   *
    * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference
    *
    * @default - Common Log Format
@@ -387,9 +389,9 @@ export class Stage extends StageBase {
     } else {
       if (accessLogFormat !== undefined &&
         !Token.isUnresolved(accessLogFormat.toString()) &&
-        !/.*\$context.requestId.*/.test(accessLogFormat.toString())) {
+        !/.*\$context.(requestId|extendedRequestId)\b.*/.test(accessLogFormat.toString())) {
 
-        throw new Error('Access log must include at least `AccessLogFormat.contextRequestId()`');
+        throw new Error('Access log must include either `AccessLogFormat.contextRequestId()` or `AccessLogFormat.contextExtendedRequestId()`');
       }
       if (accessLogFormat !== undefined && accessLogDestination === undefined) {
         throw new Error('Access log format is specified without a destination');

packages/@aws-cdk/aws-apigateway/test/stage.test.ts

@@ -343,59 +343,146 @@ describe('stage', () => {
     });
   });
 
-  test('fails when access log format does not contain `AccessLogFormat.contextRequestId()`', () => {
-    // GIVEN
-    const stack = new cdk.Stack();
-    const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
-    const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
-    api.root.addMethod('GET');
+  describe('access log check', () => {
+    test('fails when access log format does not contain `contextRequestId()` or `contextExtendedRequestId()', () => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
+      const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
+      api.root.addMethod('GET');
 
-    // WHEN
-    const testLogGroup = new logs.LogGroup(stack, 'LogGroup');
-    const testFormat = apigateway.AccessLogFormat.custom('');
+      // WHEN
+      const testLogGroup = new logs.LogGroup(stack, 'LogGroup');
+      const testFormat = apigateway.AccessLogFormat.custom('');
 
-    // THEN
-    expect(() => new apigateway.Stage(stack, 'my-stage', {
-      deployment,
-      accessLogDestination: new apigateway.LogGroupLogDestination(testLogGroup),
-      accessLogFormat: testFormat,
-    })).toThrow(/Access log must include at least `AccessLogFormat.contextRequestId\(\)`/);
-  });
+      // THEN
+      expect(() => new apigateway.Stage(stack, 'my-stage', {
+        deployment,
+        accessLogDestination: new apigateway.LogGroupLogDestination(testLogGroup),
+        accessLogFormat: testFormat,
+      })).toThrow('Access log must include either `AccessLogFormat.contextRequestId()` or `AccessLogFormat.contextExtendedRequestId()`');
+    });
+
+    test('succeeds when access log format contains `contextRequestId()`', () => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
+      const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
+      api.root.addMethod('GET');
+
+      // WHEN
+      const testLogGroup = new logs.LogGroup(stack, 'LogGroup');
+      const testFormat = apigateway.AccessLogFormat.custom(JSON.stringify({
+        requestId: apigateway.AccessLogField.contextRequestId(),
+      }));
+
+      // THEN
+      expect(() => new apigateway.Stage(stack, 'my-stage', {
+        deployment,
+        accessLogDestination: new apigateway.LogGroupLogDestination(testLogGroup),
+        accessLogFormat: testFormat,
+      })).not.toThrow();
+    });
+
+    test('succeeds when access log format contains `contextExtendedRequestId()`', () => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
+      const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
+      api.root.addMethod('GET');
+
+      // WHEN
+      const testLogGroup = new logs.LogGroup(stack, 'LogGroup');
+      const testFormat = apigateway.AccessLogFormat.custom(JSON.stringify({
+        extendedRequestId: apigateway.AccessLogField.contextExtendedRequestId(),
+      }));
+
+      // THEN
+      expect(() => new apigateway.Stage(stack, 'my-stage', {
+        deployment,
+        accessLogDestination: new apigateway.LogGroupLogDestination(testLogGroup),
+        accessLogFormat: testFormat,
+      })).not.toThrow();
+    });
+
+    test('succeeds when access log format contains both `contextRequestId()` and `contextExtendedRequestId`', () => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
+      const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
+      api.root.addMethod('GET');
+
+      // WHEN
+      const testLogGroup = new logs.LogGroup(stack, 'LogGroup');
+      const testFormat = apigateway.AccessLogFormat.custom(JSON.stringify({
+        requestId: apigateway.AccessLogField.contextRequestId(),
+        extendedRequestId: apigateway.AccessLogField.contextExtendedRequestId(),
+      }));
+
+      // THEN
+      expect(() => new apigateway.Stage(stack, 'my-stage', {
+        deployment,
+        accessLogDestination: new apigateway.LogGroupLogDestination(testLogGroup),
+        accessLogFormat: testFormat,
+      })).not.toThrow();
+    });
+
+    test('fails when access log format contains `contextRequestIdXxx`', () => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
+      const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
+      api.root.addMethod('GET');
+
+      // WHEN
+      const testLogGroup = new logs.LogGroup(stack, 'LogGroup');
+      const testFormat = apigateway.AccessLogFormat.custom(JSON.stringify({
+        requestIdXxx: '$context.requestIdXxx',
+      }));
+
+      // THEN
+      expect(() => new apigateway.Stage(stack, 'my-stage', {
+        deployment,
+        accessLogDestination: new apigateway.LogGroupLogDestination(testLogGroup),
+        accessLogFormat: testFormat,
+      })).toThrow('Access log must include either `AccessLogFormat.contextRequestId()` or `AccessLogFormat.contextExtendedRequestId()`');
+    });
 
-  test('does not fail when access log format is a token', () => {
+    test('does not fail when access log format is a token', () => {
     // GIVEN
-    const stack = new cdk.Stack();
-    const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
-    const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
-    api.root.addMethod('GET');
+      const stack = new cdk.Stack();
+      const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
+      const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
+      api.root.addMethod('GET');
 
-    // WHEN
-    const testLogGroup = new logs.LogGroup(stack, 'LogGroup');
-    const testFormat = apigateway.AccessLogFormat.custom(cdk.Lazy.string({ produce: () => 'test' }));
+      // WHEN
+      const testLogGroup = new logs.LogGroup(stack, 'LogGroup');
+      const testFormat = apigateway.AccessLogFormat.custom(cdk.Lazy.string({ produce: () => 'test' }));
 
-    // THEN
-    expect(() => new apigateway.Stage(stack, 'my-stage', {
-      deployment,
-      accessLogDestination: new apigateway.LogGroupLogDestination(testLogGroup),
-      accessLogFormat: testFormat,
-    })).not.toThrow();
-  });
+      // THEN
+      expect(() => new apigateway.Stage(stack, 'my-stage', {
+        deployment,
+        accessLogDestination: new apigateway.LogGroupLogDestination(testLogGroup),
+        accessLogFormat: testFormat,
+      })).not.toThrow();
+    });
 
-  test('fails when access log destination is empty', () => {
+    test('fails when access log destination is empty', () => {
     // GIVEN
-    const stack = new cdk.Stack();
-    const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
-    const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
-    api.root.addMethod('GET');
+      const stack = new cdk.Stack();
+      const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
+      const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
+      api.root.addMethod('GET');
 
-    // WHEN
-    const testFormat = apigateway.AccessLogFormat.jsonWithStandardFields();
+      // WHEN
+      const testFormat = apigateway.AccessLogFormat.jsonWithStandardFields();
 
-    // THEN
-    expect(() => new apigateway.Stage(stack, 'my-stage', {
-      deployment,
-      accessLogFormat: testFormat,
-    })).toThrow(/Access log format is specified without a destination/);
+      // THEN
+      expect(() => new apigateway.Stage(stack, 'my-stage', {
+        deployment,
+        accessLogFormat: testFormat,
+      })).toThrow(/Access log format is specified without a destination/);
+    });
   });
 
   test('default throttling settings', () => {

packages/@aws-cdk/aws-ec2/lib/vpc.ts

@@ -1162,7 +1162,7 @@ export class Vpc extends VpcBase {
   }
 
   /**
-   * Import an existing VPC from by querying the AWS environment this stack is deployed to.
+   * Import an existing VPC by querying the AWS environment this stack is deployed to.
    *
    * This function only needs to be used to use VPCs not defined in your CDK
    * application. If you are looking to share a VPC between stacks, you can

packages/@aws-cdk/aws-ecs-patterns/lib/base/fargate-service-base.ts

@@ -26,6 +26,10 @@ export interface FargateServiceBaseProps {
    *
    * 4096 (4 vCPU) - Available memory values: Between 8GB and 30GB in 1GB increments
    *
+   * 8192 (8 vCPU) - Available memory values: Between 16GB and 60GB in 4GB increments
+   *
+   * 16384 (16 vCPU) - Available memory values: Between 32GB and 120GB in 8GB increments
+   *
    * This default is set in the underlying FargateTaskDefinition construct.
    *
    * @default 256
@@ -48,6 +52,10 @@ export interface FargateServiceBaseProps {
     *
     * Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU)
     *
+    * Between 16384 (16 GB) and 61440 (60 GB) in increments of 4096 (4 GB) - Available cpu values: 8192 (8 vCPU)
+    *
+    * Between 32768 (32 GB) and 122880 (120 GB) in increments of 8192 (8 GB) - Available cpu values: 16384 (16 vCPU)
+    *
     * This default is set in the underlying FargateTaskDefinition construct.
     *
     * @default 512

packages/@aws-cdk/aws-ecs-patterns/test/fargate/scheduled-fargate-task.test.ts

@@ -288,6 +288,30 @@ test('Scheduled Fargate Task - with subnetSelection defined', () => {
   });
 });
 
+test('Scheduled Fargate Task - can take 8 vCpu and 60GB memory sizes', () => {
+  // GIVEN
+  const stack = new cdk.Stack();
+  const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 1 });
+  const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+
+  new ScheduledFargateTask(stack, 'ScheduledFargateTask', {
+    cluster,
+    scheduledFargateTaskImageOptions: {
+      image: ecs.ContainerImage.fromRegistry('henk'),
+      memoryLimitMiB: 61440,
+      cpu: 8192,
+    },
+    schedule: events.Schedule.expression('rate(1 minute)'),
+  });
+
+  // THEN
+  Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', Match.objectLike({
+    Cpu: '8192',
+    Memory: '61440',
+  }),
+  );
+});
+
 test('Scheduled Fargate Task - with platformVersion defined', () => {
   // GIVEN
   const stack = new cdk.Stack();