From 9a71d6d29c0445c7a90557b1bd79c2ad68b38db7 Mon Sep 17 00:00:00 2001 From: Tatsuya Mori Date: Wed, 20 Sep 2023 14:55:00 +0000 Subject: [PATCH] fix(autoscaling): ssmSessionPermissions does not add managed policy to role specified in launch template --- .../aws-cdk-asg-integ.assets.json | 6 +- .../aws-cdk-asg-integ.template.json | 176 ++++--- .../test/integ.asg-lt.js.snapshot/cdk.out | 2 +- .../test/integ.asg-lt.js.snapshot/integ.json | 2 +- .../integ.asg-lt.js.snapshot/manifest.json | 25 +- .../test/integ.asg-lt.js.snapshot/tree.json | 471 +++++++++++------- .../test/aws-autoscaling/test/integ.asg-lt.ts | 8 + .../aws-autoscaling/lib/auto-scaling-group.ts | 8 +- .../test/auto-scaling-group.test.ts | 77 +++ 9 files changed, 508 insertions(+), 267 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/aws-cdk-asg-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/aws-cdk-asg-integ.assets.json index e80fed88b37c8..501840aa00d98 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/aws-cdk-asg-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/aws-cdk-asg-integ.assets.json @@ -1,7 +1,7 @@ { - "version": "32.0.0", + "version": "34.0.0", "files": { - "a423d4fff781844206367e6e7467d7c38befc7540334ef730ae4a8a17de4a454": { + "afcd88ec191e5005dcb0a7186d4d6529b8b2b1b467fb4ac395664efda42a794e": { "source": { "path": "aws-cdk-asg-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "a423d4fff781844206367e6e7467d7c38befc7540334ef730ae4a8a17de4a454.json", + "objectKey": "afcd88ec191e5005dcb0a7186d4d6529b8b2b1b467fb4ac395664efda42a794e.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/aws-cdk-asg-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/aws-cdk-asg-integ.template.json index 81c590b36c152..2504e9f5600ee 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/aws-cdk-asg-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/aws-cdk-asg-integ.template.json @@ -1,9 +1,58 @@ { "Resources": { + "roleC7B7E775": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonSSMManagedInstanceCore" + ] + ] + } + ] + } + }, + "MainLTProfile89E5D1D1": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "roleC7B7E775" + } + ] + } + }, "MainLT4FC09097": { "Type": "AWS::EC2::LaunchTemplate", "Properties": { "LaunchTemplateData": { + "IamInstanceProfile": { + "Arn": { + "Fn::GetAtt": [ + "MainLTProfile89E5D1D1", + "Arn" + ] + } + }, "ImageId": { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" }, @@ -43,7 +92,10 @@ ] } ] - } + }, + "DependsOn": [ + "roleC7B7E775" + ] }, "T4gLT8FF7D308": { "Type": "AWS::EC2::LaunchTemplate", @@ -108,9 +160,6 @@ "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -134,21 +183,24 @@ "Key": "Name", "Value": "aws-cdk-asg-integ/VPC/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPublicSubnet1RouteTableFEE4B781": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "Tags": [ { "Key": "Name", "Value": "aws-cdk-asg-integ/VPC/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPublicSubnet1RouteTableAssociation0B0896DC": { @@ -165,12 +217,12 @@ "VPCPublicSubnet1DefaultRoute91CEF279": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet1RouteTableFEE4B781" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" } }, "DependsOn": [ @@ -192,15 +244,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "Tags": [ { "Key": "Name", @@ -216,9 +268,6 @@ "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -242,21 +291,24 @@ "Key": "Name", "Value": "aws-cdk-asg-integ/VPC/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPublicSubnet2RouteTable6F1A15F1": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "Tags": [ { "Key": "Name", "Value": "aws-cdk-asg-integ/VPC/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPublicSubnet2RouteTableAssociation5A808732": { @@ -273,12 +325,12 @@ "VPCPublicSubnet2DefaultRouteB7481BBA": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" } }, "DependsOn": [ @@ -300,15 +352,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "Tags": [ { "Key": "Name", @@ -324,9 +376,6 @@ "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -350,21 +399,24 @@ "Key": "Name", "Value": "aws-cdk-asg-integ/VPC/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPrivateSubnet1RouteTableBE8A6027": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "Tags": [ { "Key": "Name", "Value": "aws-cdk-asg-integ/VPC/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPrivateSubnet1RouteTableAssociation347902D1": { @@ -381,21 +433,18 @@ "VPCPrivateSubnet1DefaultRouteAE1D6490": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" } } }, "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -419,21 +468,24 @@ "Key": "Name", "Value": "aws-cdk-asg-integ/VPC/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPrivateSubnet2RouteTable0A19E10E": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "Tags": [ { "Key": "Name", "Value": "aws-cdk-asg-integ/VPC/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "VPCPrivateSubnet2RouteTableAssociation0C73D413": { @@ -450,12 +502,12 @@ "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" } } }, @@ -473,19 +525,17 @@ "VPCVPCGW99B986DC": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, "InternetGatewayId": { "Ref": "VPCIGWB7E252D3" + }, + "VpcId": { + "Ref": "VPCB9E5F0B4" } } }, "AsgFromLTASG089B7C3A": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { - "MaxSize": "10", - "MinSize": "0", "DesiredCapacity": "5", "LaunchTemplate": { "LaunchTemplateId": { @@ -498,6 +548,8 @@ ] } }, + "MaxSize": "10", + "MinSize": "0", "VPCZoneIdentifier": [ { "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" @@ -516,8 +568,6 @@ "AsgWithDefaultInstanceWarmupASG7A481C66": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { - "MaxSize": "1", - "MinSize": "1", "DefaultInstanceWarmup": 5, "LaunchTemplate": { "LaunchTemplateId": { @@ -530,6 +580,8 @@ ] } }, + "MaxSize": "1", + "MinSize": "1", "VPCZoneIdentifier": [ { "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" @@ -548,9 +600,9 @@ "AsgFromMipASG9EFCE2FC": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { + "DesiredCapacity": "5", "MaxSize": "10", "MinSize": "0", - "DesiredCapacity": "5", "MixedInstancesPolicy": { "InstancesDistribution": { "OnDemandPercentageAboveBaseCapacity": 50 @@ -609,9 +661,9 @@ "AsgFromMipWithoutDistributionASG4BF292F9": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { + "DesiredCapacity": "5", "MaxSize": "10", "MinSize": "0", - "DesiredCapacity": "5", "MixedInstancesPolicy": { "LaunchTemplate": { "LaunchTemplateSpecification": { @@ -801,8 +853,6 @@ "AsgWithGp3BlockdeviceASGE82AA487": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { - "MaxSize": "10", - "MinSize": "0", "DesiredCapacity": "5", "LaunchTemplate": { "LaunchTemplateId": { @@ -815,6 +865,8 @@ ] } }, + "MaxSize": "10", + "MinSize": "0", "Tags": [ { "Key": "Name", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/cdk.out index f0b901e7c06e5..2313ab5436501 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"32.0.0"} \ No newline at end of file +{"version":"34.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/integ.json index 9cbbe53ca495d..c14907a26af33 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "34.0.0", "testCases": { "integ.asg-lt": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/manifest.json index 322131bec0fee..851eee1ce9a3d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "34.0.0", "artifacts": { "aws-cdk-asg-integ.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-cdk-asg-integ.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a423d4fff781844206367e6e7467d7c38befc7540334ef730ae4a8a17de4a454.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/afcd88ec191e5005dcb0a7186d4d6529b8b2b1b467fb4ac395664efda42a794e.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -33,6 +34,18 @@ "aws-cdk-asg-integ.assets" ], "metadata": { + "/aws-cdk-asg-integ/role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "roleC7B7E775" + } + ], + "/aws-cdk-asg-integ/MainLT/Profile": [ + { + "type": "aws:cdk:logicalId", + "data": "MainLTProfile89E5D1D1" + } + ], "/aws-cdk-asg-integ/MainLT/Resource": [ { "type": "aws:cdk:logicalId", @@ -198,7 +211,7 @@ "/aws-cdk-asg-integ/AsgFromLT": [ { "type": "aws:cdk:warning", - "data": "desiredCapacity has been configured. Be aware this will reset the size of your AutoScalingGroup on every deployment. See https://github.com/aws/aws-cdk/issues/5215" + "data": "desiredCapacity has been configured. Be aware this will reset the size of your AutoScalingGroup on every deployment. See https://github.com/aws/aws-cdk/issues/5215 [ack: @aws-cdk/aws-autoscaling:desiredCapacitySet]" } ], "/aws-cdk-asg-integ/AsgFromLT/ASG": [ @@ -216,7 +229,7 @@ "/aws-cdk-asg-integ/AsgFromMip": [ { "type": "aws:cdk:warning", - "data": "desiredCapacity has been configured. Be aware this will reset the size of your AutoScalingGroup on every deployment. See https://github.com/aws/aws-cdk/issues/5215" + "data": "desiredCapacity has been configured. Be aware this will reset the size of your AutoScalingGroup on every deployment. See https://github.com/aws/aws-cdk/issues/5215 [ack: @aws-cdk/aws-autoscaling:desiredCapacitySet]" } ], "/aws-cdk-asg-integ/AsgFromMip/ASG": [ @@ -228,7 +241,7 @@ "/aws-cdk-asg-integ/AsgFromMipWithoutDistribution": [ { "type": "aws:cdk:warning", - "data": "desiredCapacity has been configured. Be aware this will reset the size of your AutoScalingGroup on every deployment. See https://github.com/aws/aws-cdk/issues/5215" + "data": "desiredCapacity has been configured. Be aware this will reset the size of your AutoScalingGroup on every deployment. See https://github.com/aws/aws-cdk/issues/5215 [ack: @aws-cdk/aws-autoscaling:desiredCapacitySet]" } ], "/aws-cdk-asg-integ/AsgFromMipWithoutDistribution/ASG": [ @@ -240,7 +253,7 @@ "/aws-cdk-asg-integ/AsgWithGp3Blockdevice": [ { "type": "aws:cdk:warning", - "data": "desiredCapacity has been configured. Be aware this will reset the size of your AutoScalingGroup on every deployment. See https://github.com/aws/aws-cdk/issues/5215" + "data": "desiredCapacity has been configured. Be aware this will reset the size of your AutoScalingGroup on every deployment. See https://github.com/aws/aws-cdk/issues/5215 [ack: @aws-cdk/aws-autoscaling:desiredCapacitySet]" } ], "/aws-cdk-asg-integ/AsgWithGp3Blockdevice/InstanceSecurityGroup/Resource": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/tree.json index 60b3bba660c87..7439fd0c00c96 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.js.snapshot/tree.json @@ -8,10 +8,85 @@ "id": "aws-cdk-asg-integ", "path": "aws-cdk-asg-integ", "children": { + "role": { + "id": "role", + "path": "aws-cdk-asg-integ/role", + "children": { + "Importrole": { + "id": "Importrole", + "path": "aws-cdk-asg-integ/role/Importrole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-asg-integ/role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonSSMManagedInstanceCore" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, "MainLT": { "id": "MainLT", "path": "aws-cdk-asg-integ/MainLT", "children": { + "Profile": { + "id": "Profile", + "path": "aws-cdk-asg-integ/MainLT/Profile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "roleC7B7E775" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, "Resource": { "id": "Resource", "path": "aws-cdk-asg-integ/MainLT/Resource", @@ -19,6 +94,14 @@ "aws:cdk:cloudformation:type": "AWS::EC2::LaunchTemplate", "aws:cdk:cloudformation:props": { "launchTemplateData": { + "iamInstanceProfile": { + "arn": { + "Fn::GetAtt": [ + "MainLTProfile89E5D1D1", + "Arn" + ] + } + }, "imageId": { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" }, @@ -61,30 +144,30 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnLaunchTemplate", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.LaunchTemplate", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", "path": "aws-cdk-asg-integ/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118": { "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", "path": "aws-cdk-asg-integ/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "T4gLT": { @@ -140,30 +223,30 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnLaunchTemplate", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.LaunchTemplate", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-arm64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-arm64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", "path": "aws-cdk-asg-integ/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-arm64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-arm64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118": { "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-arm64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", "path": "aws-cdk-asg-integ/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-arm64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "VPC": { @@ -189,8 +272,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "PublicSubnet1": { @@ -203,9 +286,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "VPCB9E5F0B4" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -229,20 +309,23 @@ "key": "Name", "value": "aws-cdk-asg-integ/VPC/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Acl": { "id": "Acl", "path": "aws-cdk-asg-integ/VPC/PublicSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RouteTable": { @@ -251,20 +334,20 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "VPCB9E5F0B4" - }, "tags": [ { "key": "Name", "value": "aws-cdk-asg-integ/VPC/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RouteTableAssociation": { @@ -282,8 +365,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultRoute": { @@ -292,18 +375,18 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VPCPublicSubnet1RouteTableFEE4B781" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "EIP": { @@ -322,8 +405,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "NATGateway": { @@ -332,15 +415,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "allocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "tags": [ { "key": "Name", @@ -350,14 +433,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "PublicSubnet2": { @@ -370,9 +453,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "VPCB9E5F0B4" - }, "availabilityZone": { "Fn::Select": [ 1, @@ -396,20 +476,23 @@ "key": "Name", "value": "aws-cdk-asg-integ/VPC/PublicSubnet2" } - ] + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Acl": { "id": "Acl", "path": "aws-cdk-asg-integ/VPC/PublicSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RouteTable": { @@ -418,20 +501,20 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "VPCB9E5F0B4" - }, "tags": [ { "key": "Name", "value": "aws-cdk-asg-integ/VPC/PublicSubnet2" } - ] + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RouteTableAssociation": { @@ -449,8 +532,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultRoute": { @@ -459,18 +542,18 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "EIP": { @@ -489,8 +572,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "NATGateway": { @@ -499,15 +582,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "allocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "tags": [ { "key": "Name", @@ -517,14 +600,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "PrivateSubnet1": { @@ -537,9 +620,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "VPCB9E5F0B4" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -563,20 +643,23 @@ "key": "Name", "value": "aws-cdk-asg-integ/VPC/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Acl": { "id": "Acl", "path": "aws-cdk-asg-integ/VPC/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RouteTable": { @@ -585,20 +668,20 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "VPCB9E5F0B4" - }, "tags": [ { "key": "Name", "value": "aws-cdk-asg-integ/VPC/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RouteTableAssociation": { @@ -616,8 +699,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultRoute": { @@ -626,24 +709,24 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "PrivateSubnet2": { @@ -656,9 +739,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "VPCB9E5F0B4" - }, "availabilityZone": { "Fn::Select": [ 1, @@ -682,20 +762,23 @@ "key": "Name", "value": "aws-cdk-asg-integ/VPC/PrivateSubnet2" } - ] + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Acl": { "id": "Acl", "path": "aws-cdk-asg-integ/VPC/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RouteTable": { @@ -704,20 +787,20 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "VPCB9E5F0B4" - }, "tags": [ { "key": "Name", "value": "aws-cdk-asg-integ/VPC/PrivateSubnet2" } - ] + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RouteTableAssociation": { @@ -735,8 +818,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultRoute": { @@ -745,24 +828,24 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "IGW": { @@ -780,8 +863,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "VPCGW": { @@ -790,23 +873,23 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "VPCB9E5F0B4" - }, "internetGatewayId": { "Ref": "VPCIGWB7E252D3" + }, + "vpcId": { + "Ref": "VPCB9E5F0B4" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.Vpc", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AsgFromLT": { @@ -819,8 +902,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::AutoScaling::AutoScalingGroup", "aws:cdk:cloudformation:props": { - "maxSize": "10", - "minSize": "0", "desiredCapacity": "5", "launchTemplate": { "launchTemplateId": { @@ -833,6 +914,8 @@ ] } }, + "maxSize": "10", + "minSize": "0", "vpcZoneIdentifier": [ { "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" @@ -844,14 +927,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.CfnAutoScalingGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.AutoScalingGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AsgWithDefaultInstanceWarmup": { @@ -864,8 +947,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::AutoScaling::AutoScalingGroup", "aws:cdk:cloudformation:props": { - "maxSize": "1", - "minSize": "1", "defaultInstanceWarmup": 5, "launchTemplate": { "launchTemplateId": { @@ -878,6 +959,8 @@ ] } }, + "maxSize": "1", + "minSize": "1", "vpcZoneIdentifier": [ { "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" @@ -889,14 +972,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.CfnAutoScalingGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.AutoScalingGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AsgFromMip": { @@ -909,9 +992,9 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::AutoScaling::AutoScalingGroup", "aws:cdk:cloudformation:props": { + "desiredCapacity": "5", "maxSize": "10", "minSize": "0", - "desiredCapacity": "5", "mixedInstancesPolicy": { "instancesDistribution": { "onDemandPercentageAboveBaseCapacity": 50 @@ -963,14 +1046,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.CfnAutoScalingGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.AutoScalingGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AsgFromMipWithoutDistribution": { @@ -983,9 +1066,9 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::AutoScaling::AutoScalingGroup", "aws:cdk:cloudformation:props": { + "desiredCapacity": "5", "maxSize": "10", "minSize": "0", - "desiredCapacity": "5", "mixedInstancesPolicy": { "launchTemplate": { "launchTemplateSpecification": { @@ -1034,14 +1117,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.CfnAutoScalingGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.AutoScalingGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AsgWithGp3Blockdevice": { @@ -1078,14 +1161,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "InstanceRole": { @@ -1096,8 +1179,8 @@ "id": "ImportInstanceRole", "path": "aws-cdk-asg-integ/AsgWithGp3Blockdevice/InstanceRole/ImportInstanceRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -1127,14 +1210,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "InstanceProfile": { @@ -1151,8 +1234,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "ImportedInstanceProfile": { + "id": "ImportedInstanceProfile", + "path": "aws-cdk-asg-integ/AsgWithGp3Blockdevice/ImportedInstanceProfile", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "LaunchTemplate": { @@ -1239,14 +1330,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnLaunchTemplate", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.LaunchTemplate", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "ASG": { @@ -1255,8 +1346,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::AutoScaling::AutoScalingGroup", "aws:cdk:cloudformation:props": { - "maxSize": "10", - "minSize": "0", "desiredCapacity": "5", "launchTemplate": { "launchTemplateId": { @@ -1269,6 +1358,8 @@ ] } }, + "maxSize": "10", + "minSize": "0", "tags": [ { "key": "Name", @@ -1287,52 +1378,52 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.CfnAutoScalingGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_autoscaling.AutoScalingGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", "path": "aws-cdk-asg-integ/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118": { "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", "path": "aws-cdk-asg-integ/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-asg-integ/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-cdk-asg-integ/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Tree": { @@ -1340,13 +1431,13 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.55" + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.ts index 0a47632d90612..ef74155fafb38 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling/test/integ.asg-lt.ts @@ -1,17 +1,23 @@ #!/usr/bin/env node import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as iam from 'aws-cdk-lib/aws-iam'; import * as cdk from 'aws-cdk-lib'; import * as autoscaling from 'aws-cdk-lib/aws-autoscaling'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-cdk-asg-integ'); +const role = new iam.Role(stack, 'role', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), +}); + const lt = new ec2.LaunchTemplate(stack, 'MainLT', { instanceType: new ec2.InstanceType('t3.micro'), machineImage: new ec2.AmazonLinuxImage({ generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2, cpuType: ec2.AmazonLinuxCpuType.X86_64, }), + role: role, }); const ltOverrideT4g = new ec2.LaunchTemplate(stack, 'T4gLT', { @@ -33,6 +39,7 @@ new autoscaling.AutoScalingGroup(stack, 'AsgFromLT', { minCapacity: 0, maxCapacity: 10, desiredCapacity: 5, + ssmSessionPermissions: true, }); new autoscaling.AutoScalingGroup(stack, 'AsgWithDefaultInstanceWarmup', { @@ -57,6 +64,7 @@ new autoscaling.AutoScalingGroup(stack, 'AsgFromMip', { minCapacity: 0, maxCapacity: 10, desiredCapacity: 5, + ssmSessionPermissions: true, }); new autoscaling.AutoScalingGroup(stack, 'AsgFromMipWithoutDistribution', { diff --git a/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts b/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts index c803fd5f2349e..5d7faa17dbf79 100644 --- a/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts +++ b/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts @@ -1295,10 +1295,6 @@ export class AutoScalingGroup extends AutoScalingGroupBase implements }); this.grantPrincipal = this._role; - if (props.ssmSessionPermissions) { - this.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore')); - } - const iamProfile = new iam.CfnInstanceProfile(this, 'InstanceProfile', { roles: [this.role.roleName], }); @@ -1354,6 +1350,10 @@ export class AutoScalingGroup extends AutoScalingGroupBase implements } } + if (props.ssmSessionPermissions && this._role) { + this._role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore')); + } + // desiredCapacity just reflects what the user has supplied. const desiredCapacity = props.desiredCapacity; const minCapacity = props.minCapacity ?? 1; diff --git a/packages/aws-cdk-lib/aws-autoscaling/test/auto-scaling-group.test.ts b/packages/aws-cdk-lib/aws-autoscaling/test/auto-scaling-group.test.ts index 5ab8dc9cb1c97..e658973fc5c57 100644 --- a/packages/aws-cdk-lib/aws-autoscaling/test/auto-scaling-group.test.ts +++ b/packages/aws-cdk-lib/aws-autoscaling/test/auto-scaling-group.test.ts @@ -2302,6 +2302,83 @@ test('ssm permissions adds right managed policy', () => { }); }); +test('ssm permissions adds right managed policy with launch template', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const role = new iam.Role(stack, 'role', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + }); + + const lt = new LaunchTemplate(stack, 'launch-template', { + machineImage: ec2.MachineImage.latestAmazonLinux2(), + instanceType: InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.LARGE), + role: role, + }); + + new autoscaling.AutoScalingGroup(stack, 'mip-asg', { + vpc: mockVpc(stack), + launchTemplate: lt, + ssmSessionPermissions: true, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { + ManagedPolicyArns: [ + { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::aws:policy/AmazonSSMManagedInstanceCore', + ]], + }, + ], + }); +}); + +test('ssm permissions adds right managed policy with mixed instance policy', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const role = new iam.Role(stack, 'role', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + }); + + const lt = new LaunchTemplate(stack, 'launch-template', { + machineImage: ec2.MachineImage.latestAmazonLinux2(), + instanceType: InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.LARGE), + role: role, + }); + + new autoscaling.AutoScalingGroup(stack, 'mip-asg', { + vpc: mockVpc(stack), + mixedInstancesPolicy: { + instancesDistribution: { + onDemandPercentageAboveBaseCapacity: 50, + }, + launchTemplate: lt, + launchTemplateOverrides: [ + { instanceType: new ec2.InstanceType('t3.micro') }, + { instanceType: new ec2.InstanceType('t3a.micro') }, + ], + }, + ssmSessionPermissions: true, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { + ManagedPolicyArns: [ + { + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iam::aws:policy/AmazonSSMManagedInstanceCore', + ]], + }, + ], + }); +}); + function mockSecurityGroup(stack: cdk.Stack) { return ec2.SecurityGroup.fromSecurityGroupId(stack, 'MySG', 'most-secure'); }