diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts index cb7c73fa4134c..73c35a90c84aa 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts @@ -1067,6 +1067,8 @@ export class Cluster extends ClusterBase { private readonly _kubectlProvider?: IKubectlProvider; + private readonly _clusterAdminAccess?: AccessEntry; + /** * Initiates an EKS Cluster with the supplied arguments * @@ -1279,11 +1281,7 @@ export class Cluster extends ClusterBase { // give the handler role admin access to the cluster // so it can deploy/query any resource. - this.grantAccess('ClusterAdminRoleAccess', this._kubectlProvider?.role!.roleArn, [ - AccessPolicy.fromAccessPolicyName('AmazonEKSClusterAdminPolicy', { - accessScopeType: AccessScopeType.CLUSTER, - }), - ]); + this._clusterAdminAccess = this.grantClusterAdmin('ClusterAdminRoleAccess', this._kubectlProvider?.role!.roleArn); } // do not create a masters role if one is not provided. Trusting the accountRootPrincipal() is too permissive. @@ -1351,6 +1349,32 @@ export class Cluster extends ClusterBase { this.addToAccessEntry(id, principal, accessPolicies); } + /** + * Grants the specified IAM principal cluster admin access to the EKS cluster. + * + * This method creates an `AccessEntry` construct that grants the specified IAM principal the cluster admin + * access permissions. This allows the IAM principal to perform the actions permitted + * by the cluster admin acces. + * + * @param id - The ID of the `AccessEntry` construct to be created. + * @param principal - The IAM principal (role or user) to be granted access to the EKS cluster. + * @returns the access entry construct + */ + @MethodMetadata() + public grantClusterAdmin(id: string, principal: string): AccessEntry { + const newEntry = new AccessEntry(this, id, { + principal, + cluster: this, + accessPolicies: [ + AccessPolicy.fromAccessPolicyName('AmazonEKSClusterAdminPolicy', { + accessScopeType: AccessScopeType.CLUSTER, + }), + ], + }); + this.accessEntries.set(principal, newEntry); + return newEntry; + } + /** * Fetch the load balancer address of a service of type 'LoadBalancer'. * @@ -1730,13 +1754,19 @@ export class Cluster extends ClusterBase { }, }); - new KubernetesPatch(this, 'CoreDnsComputeTypePatch', { + const k8sPatch = new KubernetesPatch(this, 'CoreDnsComputeTypePatch', { cluster: this, resourceName: 'deployment/coredns', resourceNamespace: 'kube-system', applyPatch: renderPatch(CoreDnsComputeType.FARGATE), restorePatch: renderPatch(CoreDnsComputeType.EC2), }); + + // In Patch deletion, it needs to apply the restore patch to the cluster + // So the cluster admin access can only be deleted after the patch + if (this._clusterAdminAccess) { + k8sPatch.node.addDependency(this._clusterAdminAccess); + } } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip deleted file mode 100644 index 3075cb9cf9d6b..0000000000000 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a1ed5f76941f23885a2e2a3991022df194a6c8c4b407b8aeca46728fbbea8f63 -size 34441651 diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.assets.json index 5583acc476803..ae7d36bba1bc2 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.assets.json @@ -66,7 +66,7 @@ } } }, - "7a6bcbf9eeec018eed54563f9ef3fbfa3e3b143620fc5ffd4a32ee78d50755f5": { + "8b7b53b9cd096ccff13a9caf40262c9390394ee8566dea00713f23eeccdf7304": { "source": { "path": "eks-fargate-cluster-test-stack.template.json", "packaging": "file" @@ -74,7 +74,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "7a6bcbf9eeec018eed54563f9ef3fbfa3e3b143620fc5ffd4a32ee78d50755f5.json", + "objectKey": "8b7b53b9cd096ccff13a9caf40262c9390394ee8566dea00713f23eeccdf7304.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.template.json index 59168d9da6cec..da8a10387c57e 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.template.json @@ -1046,6 +1046,7 @@ "PatchType": "strategic" }, "DependsOn": [ + "FargateTestClusterClusterAdminRoleAccess9EFE9888", "FargateTestClusterKubectlReadyBarrier724731D5" ], "UpdateReplacePolicy": "Delete", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/manifest.json index 757d5489f8973..8025b419d3658 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7a6bcbf9eeec018eed54563f9ef3fbfa3e3b143620fc5ffd4a32ee78d50755f5.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/8b7b53b9cd096ccff13a9caf40262c9390394ee8566dea00713f23eeccdf7304.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -34,84 +34,18 @@ "eks-fargate-cluster-test-stack.assets" ], "metadata": { - "/eks-fargate-cluster-test-stack/kubectlLayer": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/eks-fargate-cluster-test-stack/kubectlLayer/Resource": [ { "type": "aws:cdk:logicalId", "data": "kubectlLayer44321E08" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - }, - { - "type": "aws:cdk:analytics:method", - "data": "*" - }, - { - "type": "aws:cdk:analytics:construct", - "data": "*" - }, - { - "type": "aws:cdk:analytics:method", - "data": "*" - } - ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/Resource": [ { "type": "aws:cdk:logicalId", "data": "FargateTestClusterDefaultVpcEA353EBF" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/PublicSubnet1": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": true, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - } - }, - { - "type": "aws:cdk:analytics:construct", - "data": { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": true, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - } - }, - { - "type": "aws:cdk:analytics:method", - "data": {} - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addNatGateway": [ - "*" - ] - } - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/PublicSubnet1/Subnet": [ { "type": "aws:cdk:logicalId", @@ -148,42 +82,6 @@ "data": "FargateTestClusterDefaultVpcPublicSubnet1NATGatewayC7755095" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/PublicSubnet2": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": true, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - } - }, - { - "type": "aws:cdk:analytics:construct", - "data": { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": true, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - } - }, - { - "type": "aws:cdk:analytics:method", - "data": {} - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addNatGateway": [ - "*" - ] - } - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/PublicSubnet2/Subnet": [ { "type": "aws:cdk:logicalId", @@ -220,34 +118,6 @@ "data": "FargateTestClusterDefaultVpcPublicSubnet2NATGatewayB1FD6513" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/PrivateSubnet1": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": false, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - } - }, - { - "type": "aws:cdk:analytics:construct", - "data": { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": false, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - } - }, - { - "type": "aws:cdk:analytics:method", - "data": {} - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/PrivateSubnet1/Subnet": [ { "type": "aws:cdk:logicalId", @@ -272,34 +142,6 @@ "data": "FargateTestClusterDefaultVpcPrivateSubnet1DefaultRoute35B62A47" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/PrivateSubnet2": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": false, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - } - }, - { - "type": "aws:cdk:analytics:construct", - "data": { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": false, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - } - }, - { - "type": "aws:cdk:analytics:method", - "data": {} - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/PrivateSubnet2/Subnet": [ { "type": "aws:cdk:logicalId", @@ -336,55 +178,18 @@ "data": "FargateTestClusterDefaultVpcVPCGWAB7FFCE3" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/RestrictDefaultSecurityGroupCustomResource": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/DefaultVpc/RestrictDefaultSecurityGroupCustomResource/Default": [ { "type": "aws:cdk:logicalId", "data": "FargateTestClusterDefaultVpcRestrictDefaultSecurityGroupCustomResource6DC9344A" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/Role": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - }, - "managedPolicies": [ - { - "managedPolicyArn": "*" - } - ] - } - } - ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/Role/ImportRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/Role/Resource": [ { "type": "aws:cdk:logicalId", "data": "FargateTestClusterRoleCB15D0DE" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/ControlPlaneSecurityGroup": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "vpc": "*", - "description": "*" - } - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/ControlPlaneSecurityGroup/Resource": [ { "type": "aws:cdk:logicalId", @@ -394,10 +199,7 @@ "/eks-fargate-cluster-test-stack/FargateTestCluster/Resource": [ { "type": "aws:cdk:logicalId", - "data": "FargateTestClusterCAF9262D", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" - ] + "data": "FargateTestClusterCAF9262D" } ], "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlReadyBarrier": [ @@ -406,169 +208,12 @@ "data": "FargateTestClusterKubectlReadyBarrier724731D5" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Handler": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "timeout": "*", - "description": "*", - "memorySize": "*", - "environment": "*", - "role": "*", - "code": "*", - "handler": "*", - "runtime": "*", - "vpc": "*", - "securityGroups": [ - "*" - ], - "vpcSubnets": { - "subnets": [ - "*", - "*" - ] - } - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addEnvironment": [ - "*", - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addLayers": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addLayers": [ - "*" - ] - } - } - ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Handler/ServiceRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - }, - "managedPolicies": [ - { - "managedPolicyArn": "*" - }, - { - "managedPolicyArn": "*" - } - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPrincipalPolicy": [ - {} - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachInlinePolicy": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachInlinePolicy": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - "*" - ] - } - } - ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Handler/ServiceRole/ImportServiceRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Handler/ServiceRole/Resource": [ { "type": "aws:cdk:logicalId", "data": "FargateTestClusterKubectlProviderHandlerServiceRoleB8FACFEE" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Handler/ServiceRole/DefaultPolicy": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addStatements": [ - {} - ] - } - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Handler/ServiceRole/DefaultPolicy/Resource": [ { "type": "aws:cdk:logicalId", @@ -587,154 +232,18 @@ "data": "FargateTestClusterKubectlProviderHandlerHasEcrPublicD54723EB" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/AwsCliLayer": [ - { - "type": "aws:cdk:analytics:construct", - "data": {} - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/AwsCliLayer/Resource": [ { "type": "aws:cdk:logicalId", "data": "FargateTestClusterKubectlProviderAwsCliLayer89D35680" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Provider/framework-onEvent": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "code": "*", - "description": "*", - "runtime": "*", - "handler": "*", - "timeout": "*", - "logGroup": "*", - "vpc": "*", - "vpcSubnets": { - "subnets": [ - "*", - "*" - ] - }, - "securityGroups": [ - "*" - ], - "role": "*", - "functionName": "*", - "environmentEncryption": "*" - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addEnvironment": [ - "*", - "*" - ] - } - } - ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Provider/framework-onEvent/ServiceRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - }, - "managedPolicies": [ - { - "managedPolicyArn": "*" - }, - { - "managedPolicyArn": "*" - } - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPrincipalPolicy": [ - {} - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachInlinePolicy": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachInlinePolicy": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachInlinePolicy": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachInlinePolicy": [ - "*" - ] - } - } - ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Provider/framework-onEvent/ServiceRole/ImportServiceRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Provider/framework-onEvent/ServiceRole/Resource": [ { "type": "aws:cdk:logicalId", "data": "FargateTestClusterKubectlProviderframeworkonEventServiceRole7B0EE1EE" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addStatements": [ - {} - ] - } - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource": [ { "type": "aws:cdk:logicalId", @@ -747,63 +256,16 @@ "data": "FargateTestClusterKubectlProviderframeworkonEvent76159DCE" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Provider/framework-onEvent/inlinePolicyAddedToExecutionRole-0": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "statements": "*" - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addStatements": [ - {} - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlProvider/Provider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource": [ { "type": "aws:cdk:logicalId", "data": "FargateTestClusterKubectlProviderframeworkonEventinlinePolicyAddedToExecutionRole0885AE23E" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/ClusterAdminRoleAccess": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/ClusterAdminRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "FargateTestClusterClusterAdminRoleAccess9EFE9888", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" - ] - } - ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/CoreDnsComputeTypePatch/Resource": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" + "data": "FargateTestClusterClusterAdminRoleAccess9EFE9888" } ], "/eks-fargate-cluster-test-stack/FargateTestCluster/CoreDnsComputeTypePatch/Resource/Default": [ @@ -812,28 +274,6 @@ "data": "FargateTestClusterCoreDnsComputeTypePatch423C0C1E" } ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/fargate-profile-default/PodExecutionRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - }, - "managedPolicies": [ - { - "managedPolicyArn": "*" - } - ] - } - } - ], - "/eks-fargate-cluster-test-stack/FargateTestCluster/fargate-profile-default/PodExecutionRole/ImportPodExecutionRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/eks-fargate-cluster-test-stack/FargateTestCluster/fargate-profile-default/PodExecutionRole/Resource": [ { "type": "aws:cdk:logicalId", @@ -843,10 +283,7 @@ "/eks-fargate-cluster-test-stack/FargateTestCluster/fargate-profile-default/Resource": [ { "type": "aws:cdk:logicalId", - "data": "FargateTestClusterfargateprofiledefault120EDDF6", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" - ] + "data": "FargateTestClusterfargateprofiledefault120EDDF6" } ], "/eks-fargate-cluster-test-stack/LatestNodeRuntimeMap": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/tree.json index 4686d29f4e7a6..9d87319dc242e 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/tree.json @@ -64,9 +64,7 @@ "constructInfo": { "fqn": "@aws-cdk/lambda-layer-kubectl-v32.KubectlV32Layer", "version": "2.0.2", - "metadata": [ - "*" - ] + "metadata": [] } }, "FargateTestCluster": { @@ -282,30 +280,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", "version": "0.0.0", - "metadata": [ - { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": true, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - }, - { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": true, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - }, - {}, - { - "addNatGateway": [ - "*" - ] - } - ] + "metadata": [] } }, "PublicSubnet2": { @@ -490,30 +465,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", "version": "0.0.0", - "metadata": [ - { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": true, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - }, - { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": true, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - }, - {}, - { - "addNatGateway": [ - "*" - ] - } - ] + "metadata": [] } }, "PrivateSubnet1": { @@ -642,25 +594,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", "version": "0.0.0", - "metadata": [ - { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": false, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - }, - { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": false, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - }, - {} - ] + "metadata": [] } }, "PrivateSubnet2": { @@ -789,25 +723,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", "version": "0.0.0", - "metadata": [ - { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": false, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - }, - { - "availabilityZone": "*", - "vpcId": "*", - "cidrBlock": "*", - "mapPublicIpOnLaunch": false, - "ipv6CidrBlock": "*", - "assignIpv6AddressOnCreation": "*" - }, - {} - ] + "metadata": [] } }, "IGW": { @@ -864,18 +780,14 @@ "constructInfo": { "fqn": "aws-cdk-lib.CustomResource", "version": "0.0.0", - "metadata": [ - "*" - ] + "metadata": [] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_ec2.Vpc", "version": "0.0.0", - "metadata": [ - "*" - ] + "metadata": [] } }, "Role": { @@ -888,9 +800,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.Resource", "version": "0.0.0", - "metadata": [ - "*" - ] + "metadata": [] } }, "Resource": { @@ -936,19 +846,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - }, - "managedPolicies": [ - { - "managedPolicyArn": "*" - } - ] - } - ] + "metadata": [] } }, "ControlPlaneSecurityGroup": { @@ -983,12 +881,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", "version": "0.0.0", - "metadata": [ - { - "vpc": "*", - "description": "*" - } - ] + "metadata": [] } }, "Resource": { @@ -1089,9 +982,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.Resource", "version": "0.0.0", - "metadata": [ - "*" - ] + "metadata": [] } }, "Resource": { @@ -1219,80 +1110,14 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0", - "metadata": [ - "*", - { - "attachToRole": [ - "*" - ] - }, - { - "attachToRole": [ - "*" - ] - }, - { - "addStatements": [ - {} - ] - } - ] + "metadata": [] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - }, - "managedPolicies": [ - { - "managedPolicyArn": "*" - }, - { - "managedPolicyArn": "*" - } - ] - }, - { - "addToPrincipalPolicy": [ - {} - ] - }, - { - "attachInlinePolicy": [ - "*" - ] - }, - { - "attachInlinePolicy": [ - "*" - ] - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - }, - { - "addManagedPolicy": [ - "*" - ] - } - ] + "metadata": [] } }, "Code": { @@ -1395,44 +1220,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_lambda.Function", "version": "0.0.0", - "metadata": [ - { - "timeout": "*", - "description": "*", - "memorySize": "*", - "environment": "*", - "role": "*", - "code": "*", - "handler": "*", - "runtime": "*", - "vpc": "*", - "securityGroups": [ - "*" - ], - "vpcSubnets": { - "subnets": [ - "*", - "*" - ] - } - }, - { - "addEnvironment": [ - "*", - "*" - ] - }, - { - "addLayers": [ - "*" - ] - }, - { - "addLayers": [ - "*" - ] - } - ] + "metadata": [] } }, "AwsCliLayer": { @@ -1490,9 +1278,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.lambda_layer_awscli.AwsCliLayer", "version": "0.0.0", - "metadata": [ - {} - ] + "metadata": [] } }, "ConditionalPolicyArn": { @@ -1531,9 +1317,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.Resource", "version": "0.0.0", - "metadata": [ - "*" - ] + "metadata": [] } }, "Resource": { @@ -1645,71 +1429,14 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0", - "metadata": [ - "*", - { - "attachToRole": [ - "*" - ] - }, - { - "attachToRole": [ - "*" - ] - }, - { - "addStatements": [ - {} - ] - } - ] + "metadata": [] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - }, - "managedPolicies": [ - { - "managedPolicyArn": "*" - }, - { - "managedPolicyArn": "*" - } - ] - }, - { - "addToPrincipalPolicy": [ - {} - ] - }, - { - "attachInlinePolicy": [ - "*" - ] - }, - { - "attachInlinePolicy": [ - "*" - ] - }, - { - "attachInlinePolicy": [ - "*" - ] - }, - { - "attachInlinePolicy": [ - "*" - ] - } - ] + "metadata": [] } }, "Code": { @@ -1846,61 +1573,14 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0", - "metadata": [ - { - "statements": "*" - }, - { - "addStatements": [ - {} - ] - }, - { - "attachToRole": [ - "*" - ] - }, - { - "attachToRole": [ - "*" - ] - } - ] + "metadata": [] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_lambda.Function", "version": "0.0.0", - "metadata": [ - { - "code": "*", - "description": "*", - "runtime": "*", - "handler": "*", - "timeout": "*", - "logGroup": "*", - "vpc": "*", - "vpcSubnets": { - "subnets": [ - "*", - "*" - ] - }, - "securityGroups": [ - "*" - ], - "role": "*", - "functionName": "*", - "environmentEncryption": "*" - }, - { - "addEnvironment": [ - "*", - "*" - ] - } - ] + "metadata": [] } } }, @@ -1964,9 +1644,7 @@ "constructInfo": { "fqn": "@aws-cdk/aws-eks-v2-alpha.AccessEntry", "version": "0.0.0", - "metadata": [ - "*" - ] + "metadata": [] } }, "CoreDnsComputeTypePatch": { @@ -1989,9 +1667,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.CustomResource", "version": "0.0.0", - "metadata": [ - "*" - ] + "metadata": [] } } }, @@ -2014,9 +1690,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.Resource", "version": "0.0.0", - "metadata": [ - "*" - ] + "metadata": [] } }, "Resource": { @@ -2062,19 +1736,7 @@ "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - }, - "managedPolicies": [ - { - "managedPolicyArn": "*" - } - ] - } - ] + "metadata": [] } }, "Resource": { @@ -2119,12 +1781,7 @@ "constructInfo": { "fqn": "@aws-cdk/aws-eks-v2-alpha.FargateCluster", "version": "0.0.0", - "metadata": [ - "*", - "*", - "*", - "*" - ] + "metadata": [] } }, "LatestNodeRuntimeMap": {