feat(s3-deployment): support securityGroups in BucketDeploymentProps

[drduhe]

Issue 33229

closes #33229

Reason for this change

The BucketDeployment construct in AWS CDK allows deploying assets to S3 buckets, often requiring a Lambda function to perform the deployment. Currently, users can specify a custom VPC via BucketDeploymentProps, ensuring the deployment happens within a restricted network.

However, many organizations require more granular network security control. While specifying a VPC is helpful, allowing custom security groups would enable teams to define specific ingress/egress rules, meeting stricter compliance and security requirements.

Description of changes

• Updated BucketDeploymentProps to include an optional securityGroups?: ec2.ISecurityGroup[] property.
• Modified BucketDeployment constructor to pass securityGroups to the Lambda function.
• Ensured backward compatibility by keeping securityGroups optional.
• Updated README to include guidance on setting vpc, vpcSubnets, and securityGroups parameters.
• Testing has been implemented at a unit test and integration test level for all new logic..
• Improved unit testing patterns through all other unit tests in this module.

Describe any new or updated permissions being added

N/A

Description of how you validated changes

Added unit tests to the relevant code modules to cover feature usage.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

[drduhe]

This now has integration tests and documentation for the new feature and the missing tests/documentation for the related VPC feature previously implemented.

[drduhe]

Any traction on getting this one looked at reviewed? I can't see the build logs as to why it is failing.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.84%. Comparing base (fd9462c) to head (e70acf6).
Report is 26 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #33233   +/-   ##
=======================================
  Coverage   80.84%   80.84%           
=======================================
  Files         236      236           
  Lines       14230    14230           
  Branches     2487     2487           
=======================================
  Hits        11504    11504           
  Misses       2442     2442           
  Partials      284      284           

Flag	Coverage Δ
suite.unit	80.84% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
packages/aws-cdk	79.64% <ø> (ø)
packages/aws-cdk-lib/core	82.14% <ø> (ø)

[pahud]

Any traction on getting this one looked at reviewed? I can't see the build logs as to why it is failing.

The CI is still failing. Looks like this is the start of the failing point

aws-cdk-lib: FAIL aws-s3-deployment/test/bucket-deployment.test.ts (20.454 s)
aws-cdk-lib:   â—� different security groups create different Lambdas and single CLI
aws-cdk-lib:     Cannot find asset at /codebuild/output/src1875233622/src/github.com/aws/aws-cdk/packages/aws-cdk-lib/aws-s3-deployment/test/my-website-2
aws-cdk-lib:       173 |
aws-cdk-lib:       174 |     if (!fs.existsSync(this.sourcePath)) {
aws-cdk-lib:     > 175 |       throw new Error(`Cannot find asset at ${this.sourcePath}`);
aws-cdk-lib:           |             ^
aws-cdk-lib:       176 |     }
aws-cdk-lib:       177 |
aws-cdk-lib:       178 |     this.sourceStats = fs.statSync(this.sourcePath);
aws-cdk-lib:       at new AssetStaging (core/lib/asset-staging.ts:175:13)
aws-cdk-lib:       at new Asset (aws-s3-assets/lib/asset.ts:153:21)
aws-cdk-lib:       at Object.bind (aws-s3-deployment/lib/source.ts:132:23)
aws-cdk-lib:       at bind (aws-s3-deployment/lib/bucket-deployment.ts:395:66)
aws-cdk-lib:           at Array.map (<anonymous>)
aws-cdk-lib:       at new map (aws-s3-deployment/lib/bucket-deployment.ts:395:34)
aws-cdk-lib:       at Object.<anonymous> (aws-s3-deployment/test/bucket-deployment.test.ts:1175:3)

[aaythapa]

Thank you for the PR! The integration tests for this construct is included in this this dir. Could you add integ tests with assertions there? For more info about integ tests you can use this doc

[aws-cdk-automation]

This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. Note that PRs with failing linting check or builds are not reviewed, please ensure your build is passing

To prevent automatic closure:

• Resume work on the PR
• OR request an exemption by adding a comment containing 'Exemption Request' with justification e.x "Exemption Request: "
• OR request clarification by adding a comment containing 'Clarification Request' with a question e.x "Clarification Request: "

This PR will automatically close in 7 days if no action is taken.

[Abogical]

@Mergifyio rebase

[mergify]

rebase

✅ Branch has been successfully rebased

[drduhe]

Any traction on getting this one looked at reviewed? I can't see the build logs as to why it is failing.

The CI is still failing. Looks like this is the start of the failing point

aws-cdk-lib: FAIL aws-s3-deployment/test/bucket-deployment.test.ts (20.454 s)
aws-cdk-lib:   â—� different security groups create different Lambdas and single CLI
aws-cdk-lib:     Cannot find asset at /codebuild/output/src1875233622/src/github.com/aws/aws-cdk/packages/aws-cdk-lib/aws-s3-deployment/test/my-website-2
aws-cdk-lib:       173 |
aws-cdk-lib:       174 |     if (!fs.existsSync(this.sourcePath)) {
aws-cdk-lib:     > 175 |       throw new Error(`Cannot find asset at ${this.sourcePath}`);
aws-cdk-lib:           |             ^
aws-cdk-lib:       176 |     }
aws-cdk-lib:       177 |
aws-cdk-lib:       178 |     this.sourceStats = fs.statSync(this.sourcePath);
aws-cdk-lib:       at new AssetStaging (core/lib/asset-staging.ts:175:13)
aws-cdk-lib:       at new Asset (aws-s3-assets/lib/asset.ts:153:21)
aws-cdk-lib:       at Object.bind (aws-s3-deployment/lib/source.ts:132:23)
aws-cdk-lib:       at bind (aws-s3-deployment/lib/bucket-deployment.ts:395:66)
aws-cdk-lib:           at Array.map (<anonymous>)
aws-cdk-lib:       at new map (aws-s3-deployment/lib/bucket-deployment.ts:395:34)
aws-cdk-lib:       at Object.<anonymous> (aws-s3-deployment/test/bucket-deployment.test.ts:1175:3)

I think this piece has been resolved

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[drduhe]

I have added comprehensive integration tests for this new feature as well as the ones that were missing for the VPC feature. The tests are working when I run them locally against my dev account but they seem to be failing when running in the pipeline the package has set up and I can't find much details around the failures in the logs. Could some one step in and help point me in the right direction?

Pull request has been modified.

[drduhe]

Seems that my latest baseline is up-to-date with the snapshots if you can test them?

`(base) 5ce91e835887:aws-cdk drduhe$ yarn integ-runner --directory packages/@aws-cdk --dry-run --update-on-failed
yarn run v1.22.22
$ /Users/drduhe/Github/pr/aws-cdk/node_modules/.bin/integ-runner --directory packages/@aws-cdk --dry-run --update-on-failed

Verifying integration test snapshots...

UNCHANGED aws-amplify-alpha/test/integ.app-cache-config 3.002s
UNCHANGED aws-amplify-alpha/test/integ.app-compute-role 2.96s
UNCHANGED aws-apprunner-alpha/test/integ.service-auto-scaling-configuration 3.028s
UNCHANGED aws-amplify-alpha/test/integ.branch-skew-protection 3.422s
UNCHANGED aws-amplify-alpha/test/integ.branch-compute-role 3.382s
UNCHANGED aws-amplify-alpha/test/integ.app-monorepo-custom-headers 3.511s
UNCHANGED aws-amplify-alpha/test/integ.app 3.468s
UNCHANGED aws-amplify-alpha/test/integ.app-custom-domain 3.617s
UNCHANGED aws-amplify-alpha/test/integ.app-build-compute-type 3.959s
UNCHANGED aws-applicationsignals-alpha/test/integ.ecs-enablement-daemon 3.798s
UNCHANGED app-staging-synthesizer-alpha/test/integ.synth-default-encryption 3.974s
UNCHANGED aws-applicationsignals-alpha/test/integ.ecs-enablement-sidecar 4.056s
UNCHANGED app-staging-synthesizer-alpha/test/integ.synth-default-resources 5.217s
UNCHANGED aws-applicationsignals-alpha/test/integ.ecs-enablement-replica 5.706s
UNCHANGED aws-amplify-alpha/test/integ.app-codecommit 5.808s
UNCHANGED aws-apprunner-alpha/test/integ.service-encryption 3.019s
UNCHANGED aws-amplify-alpha/test/integ.app-asset-deployment 6.394s
UNCHANGED aws-apprunner-alpha/test/integ.service-health-check-configuration 3.003s
UNCHANGED aws-apprunner-alpha/test/integ.service-ip-address-type 3.029s
UNCHANGED aws-apprunner-alpha/test/integ.service-observability-configuration 2.907s
UNCHANGED aws-apprunner-alpha/test/integ.service-later-secrets-env-vars 3.065s
UNCHANGED aws-apprunner-alpha/test/integ.service-ecr 3.843s
UNCHANGED aws-apprunner-alpha/test/integ.service-secrets-manager 3.028s
UNCHANGED aws-apprunner-alpha/test/integ.service-ecr-public 4.642s
UNCHANGED aws-apprunner-alpha/test/integ.service-vpc-ingress-connection 4.189s
UNCHANGED aws-apprunner-alpha/test/integ.service-github 5.042s
UNCHANGED aws-bedrock-agentcore-alpha/test/agentcore/memory/integ.memory 4.707s
UNCHANGED aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito 3.901s
UNCHANGED aws-apprunner-alpha/test/integ.service-vpc-connector 5.424s
UNCHANGED aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role 3.76s
UNCHANGED aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.code-interpreter 3.102s
UNCHANGED aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint 3.912s
UNCHANGED aws-bedrock-alpha/test/bedrock/agents/integ.agent-existing-role 3.223s
UNCHANGED aws-bedrock-alpha/test/bedrock/agents/integ.agent-guardrail 3.288s
UNCHANGED aws-bedrock-alpha/test/bedrock/agents/integ.agent-collaborator 3.396s
UNCHANGED aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime 3.974s
UNCHANGED aws-bedrock-alpha/test/bedrock/agents/integ.action-group 3.526s
UNCHANGED aws-bedrock-alpha/test/bedrock/agents/integ.agent 3.416s
UNCHANGED aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser 3.913s
UNCHANGED aws-bedrock-alpha/test/bedrock/guardrails/integ.guardrails 2.696s
UNCHANGED aws-bedrock-alpha/test/bedrock/agents/integ.memory 3.688s
UNCHANGED aws-bedrock-alpha/test/bedrock/agents/integ.orchestration 3.251s
UNCHANGED aws-bedrock-alpha/test/bedrock/agents/integ.api-schema 5.146s
UNCHANGED aws-bedrock-alpha/test/bedrock/agents/integ.prompt-override 3.56s
UNCHANGED aws-bedrock-alpha/test/bedrock/inference-profiles/integ.inference-profiles 3.289s
UNCHANGED aws-bedrock-alpha/test/bedrock/prompts/integ.prompt-variants 3.062s
UNCHANGED aws-bedrock-alpha/test/bedrock/prompts/integ.prompt-version 3.041s
UNCHANGED aws-cloud9-alpha/test/integ.automatic-stop 2.812s
UNCHANGED aws-ec2-alpha/test/integ.byoip-ipv6 2.495s
UNCHANGED aws-cloud9-alpha/test/integ.image-id 2.796s
UNCHANGED aws-bedrock-alpha/test/bedrock/prompts/integ.prompt 3.203s
UNCHANGED aws-cloud9-alpha/test/integ.connection-type 2.864s
UNCHANGED aws-ec2-alpha/test/integ.ipam 2.564s
UNCHANGED aws-cloud9-alpha/test/integ.owner 2.906s
UNCHANGED aws-cloud9-alpha/test/integ.cloud9 4.608s
UNCHANGED aws-ec2-alpha/test/integ.peering-cross-account 3.118s
UNCHANGED aws-ec2-alpha/test/integ.subnet-map-public-ip 3.192s
UNCHANGED aws-ec2-alpha/test/integ.subnet-v2 2.943s
UNCHANGED aws-ec2-alpha/test/integ.transit-gateway 2.561s
UNCHANGED aws-ec2-alpha/test/integ.test-import 2.74s
UNCHANGED aws-ec2-alpha/test/integ.vpc-migration-feature-flag 2.663s
UNCHANGED aws-ec2-alpha/test/integ.vpc-v2-alpha 2.821s
UNCHANGED aws-ec2-alpha/test/integ.route-v2 3.957s
UNCHANGED aws-ec2-alpha/test/integ.vpc-peering 3.061s
UNCHANGED aws-ec2-alpha/test/integ.vpc-add-gateways 3.355s
UNCHANGED aws-ec2-alpha/test/integ.vpc-shared-route-table 3.222s
UNCHANGED aws-ec2-alpha/test/integ.vpc-v2-tagging 3.31s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-oidc-provider 3.061s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-addon 6.009s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup 6.038s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint 4.937s
UNCHANGED aws-elasticache-alpha/test/integ.serverless-cache 3.911s
UNCHANGED aws-eks-v2-alpha/test/integ.alb-controller 7.263s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-helm-asset 6.259s
UNCHANGED aws-gamelift-alpha/test/integ.alias 3.176s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-standard-access-entry 6.003s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-subnet-updates 5.951s
UNCHANGED aws-eks-v2-alpha/test/integ.fargate-cluster 6.208s
UNCHANGED aws-eks-v2-alpha/test/integ.helm-chart-logging 6.224s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-windows-ng 6.633s
UNCHANGED aws-gamelift-alpha/test/integ.build-fleet 3.474s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-cluster-imported 7.727s
UNCHANGED aws-gamelift-alpha/test/integ.build 3.502s
UNCHANGED aws-gamelift-alpha/test/integ.matchmaking-ruleset 2.584s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-inference-nodegroup 7.666s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-auto 8.566s
UNCHANGED aws-gamelift-alpha/test/integ.game-server-group 3.377s
UNCHANGED aws-gamelift-alpha/test/integ.game-session-queue 3.743s
UNCHANGED aws-gamelift-alpha/test/integ.standalone-matchmaking-configuration 2.701s
UNCHANGED aws-gamelift-alpha/test/integ.queued-matchmaking-configuration 3.472s
UNCHANGED aws-glue-alpha/test/integ.external-table 2.852s
UNCHANGED aws-gamelift-alpha/test/integ.script 3.505s
UNCHANGED aws-glue-alpha/test/integ.data-quality-ruleset 2.901s
UNCHANGED aws-eks-v2-alpha/test/integ.eks-cluster 10.38s
UNCHANGED aws-glue-alpha/test/integ.job-pyspark-etl 3.659s
UNCHANGED aws-glue-alpha/test/integ.job-pyspark-flex-etl 3.696s
UNCHANGED aws-glue-alpha/test/integ.job-pyspark-streaming 3.733s
UNCHANGED aws-glue-alpha/test/integ.job-metrics-disabled 4.023s
UNCHANGED aws-glue-alpha/test/integ.job-python-shell 3.862s
UNCHANGED aws-glue-alpha/test/integ.job-scalaspark-etl 3.833s
UNCHANGED aws-glue-alpha/test/integ.connection 5.264s
UNCHANGED aws-glue-alpha/test/integ.job-scalaspark-flex-etl 3.828s
UNCHANGED aws-glue-alpha/test/integ.job-scalaspark-streaming 3.725s
UNCHANGED aws-glue-alpha/test/integ.ray-job 3.573s
UNCHANGED aws-glue-alpha/test/integ.table 3.228s
UNCHANGED aws-glue-alpha/test/integ.workflow 3.542s
UNCHANGED aws-iot-actions-alpha/test/https/integ.https-action 2.642s
UNCHANGED aws-iot-actions-alpha/test/dynamodbv2/integ.dynamodbv2-put-item-action 2.841s
UNCHANGED aws-iot-actions-alpha/test/iot/integ.iotevents-put-message-action 2.886s
UNCHANGED aws-glue-alpha/test/integ.security-configuration 4.806s
UNCHANGED aws-iot-actions-alpha/test/cloudwatch/integ.cloudwatch-logs-action 4.709s
UNCHANGED aws-iot-actions-alpha/test/cloudwatch/integ.cloudwatch-put-metric-action 4.547s
UNCHANGED aws-glue-alpha/test/integ.partition-index 6.58s
UNCHANGED aws-iot-actions-alpha/test/cloudwatch/integ.cloudwatch-set-alarm-state-action 4.713s
UNCHANGED aws-iot-actions-alpha/test/iot/integ.iot-republish-action 4.49s
UNCHANGED aws-iot-actions-alpha/test/opensearch/integ.open-search-action 4.012s
UNCHANGED aws-iot-alpha/test/integ.audit-configuration 2.725s
UNCHANGED aws-iot-actions-alpha/test/kinesis-stream/integ.kinesis-put-record-action 4.842s
UNCHANGED aws-iot-actions-alpha/test/step-functions/integ.step-functions-start-state-machine 2.954s
UNCHANGED aws-iot-actions-alpha/test/lambda/integ.lambda-function-action 4.877s
UNCHANGED aws-iot-alpha/test/integ.logging 2.565s
UNCHANGED aws-iot-alpha/test/integ.topic-rule 2.395s
UNCHANGED aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action 5.475s
UNCHANGED aws-iotevents-actions-alpha/test/iot/integ.timer-actions 2.543s
UNCHANGED aws-iot-actions-alpha/test/s3/integ.s3-put-object-action 4.613s
UNCHANGED aws-iot-actions-alpha/test/sns/integ.sns-topic-action 4.644s
UNCHANGED aws-iot-actions-alpha/test/sqs/integ.sqs-queue-action 4.52s
UNCHANGED aws-iotevents-alpha/test/integ.detector-model 2.425s
UNCHANGED aws-ivs-alpha/test/integ.ivs-insecure-ingest 2.239s
UNCHANGED aws-ivs-alpha/test/integ.ivs-channel-advanced 2.95s
UNCHANGED aws-ivs-alpha/test/integ.ivs-multitrack-video 2.147s
UNCHANGED aws-iotevents-actions-alpha/test/iot/integ.set-variable-action 4.151s
UNCHANGED aws-ivs-alpha/test/integ.ivs 2.165s
UNCHANGED aws-ivs-alpha/test/integ.ivs-recording-configuration 2.83s
UNCHANGED aws-iotevents-actions-alpha/test/lambda/integ.lambda-invoke-action 4.297s
UNCHANGED aws-kinesisanalytics-flink-alpha/test/integ.vpc-application 3.301s
UNCHANGED aws-kinesisanalytics-flink-alpha/test/integ.application-code-from-bucket.lit 4.18s
UNCHANGED aws-kinesisanalytics-flink-alpha/test/integ.application.lit 4.335s
UNCHANGED aws-lambda-python-alpha/test/integ.function.nodeps 14.582s
UNCHANGED aws-lambda-python-alpha/test/integ.function.sub 14.038s
UNCHANGED aws-location-alpha/test/integ.api-key 1.61s
UNCHANGED aws-location-alpha/test/integ.geofence-collection 1.618s
UNCHANGED aws-location-alpha/test/integ.map 1.464s
UNCHANGED aws-location-alpha/test/integ.place-index 1.55s
UNCHANGED aws-location-alpha/test/integ.route-calculator 1.691s
UNCHANGED aws-location-alpha/test/integ.tracker 2.323s
UNCHANGED aws-msk-alpha/test/integ.cluster-authentication 2.273s
UNCHANGED aws-msk-alpha/test/integ.add-cluster-user 3.534s
UNCHANGED aws-msk-alpha/test/integ.cluster-storage-mode 2.346s
UNCHANGED aws-msk-alpha/test/integ.cluster-express 3.761s
UNCHANGED aws-msk-alpha/test/integ.cluster-version 2.507s
UNCHANGED aws-msk-alpha/test/integ.cluster-zookeeper 2.684s
UNCHANGED aws-msk-alpha/test/integ.serverless-cluster 2.599s
UNCHANGED aws-msk-alpha/test/integ.cluster 4.494s
UNCHANGED aws-lambda-python-alpha/test/integ.function.dockercopy 33.881s
UNCHANGED aws-neptune-alpha/test/integ.cluster-copy-tags-to-snapshot 2.238s
UNCHANGED aws-lambda-python-alpha/test/integ.function.custom-build 35.138s
UNCHANGED aws-neptune-alpha/test/integ.cluster-ev12 2.548s
UNCHANGED aws-neptune-alpha/test/integ.cluster-ev13 2.487s
UNCHANGED aws-neptune-alpha/test/integ.cluster-ev14 2.489s
UNCHANGED aws-neptune-alpha/test/integ.cluster-serverless 2.375s
UNCHANGED aws-neptune-alpha/test/integ.cluster-port 2.755s
UNCHANGED aws-neptune-alpha/test/integ.cluster 3.119s
UNCHANGED aws-neptune-alpha/test/integ.instance-auto-minor-version-upgrade 2.881s
UNCHANGED aws-pipes-alpha/test/integ.pipe-kmskey 2.734s
UNCHANGED aws-pipes-alpha/test/integ.logs 3.397s
UNCHANGED aws-lambda-python-alpha/test/integ.bundling.user 42.39s
UNCHANGED aws-pipes-alpha/test/integ.pipe 3.264s
UNCHANGED aws-pipes-enrichments-alpha/test/integ.api-destination 3.351s
UNCHANGED aws-pipes-enrichments-alpha/test/integ.api-gateway 2.976s
UNCHANGED aws-pipes-enrichments-alpha/test/integ.lambda 2.619s
UNCHANGED aws-pipes-enrichments-alpha/test/integ.stepfunctions 2.205s
UNCHANGED aws-pipes-sources-alpha/test/integ.dynamodb 2.181s
UNCHANGED aws-pipes-sources-alpha/test/integ.kinesis 1.967s
UNCHANGED aws-pipes-sources-alpha/test/integ.sqs 1.917s
UNCHANGED aws-pipes-targets-alpha/test/integ.api-destination 3.126s
UNCHANGED aws-pipes-targets-alpha/test/integ.api-gateway 3.065s
UNCHANGED aws-pipes-targets-alpha/test/integ.cloudwatch-logs 2.513s
UNCHANGED aws-pipes-targets-alpha/test/integ.event-bridge 2.66s
UNCHANGED aws-pipes-targets-alpha/test/integ.firehose 3.083s
UNCHANGED aws-pipes-targets-alpha/test/integ.kinesis 2.187s
UNCHANGED aws-lambda-python-alpha/test/integ.function.py 48.895s
UNCHANGED aws-pipes-targets-alpha/test/integ.lambda 2.931s
UNCHANGED aws-pipes-targets-alpha/test/integ.sagemaker 2.877s
UNCHANGED aws-pipes-targets-alpha/test/integ.sns 2.657s
UNCHANGED aws-pipes-targets-alpha/test/integ.sqs 2.486s
UNCHANGED aws-lambda-python-alpha/test/integ.function.vpc 49.004s
UNCHANGED aws-pipes-targets-alpha/test/integ.stepfunctions 3.074s
UNCHANGED aws-redshift-alpha/test/integ.cluster-az-relocation 2.451s
UNCHANGED aws-redshift-alpha/test/integ.cluster-elasticip 2.626s
UNCHANGED aws-redshift-alpha/test/integ.cluster-enhancedvpcrouting 2.494s
UNCHANGED aws-redshift-alpha/test/integ.cluster-defaultiamrole 3.888s
UNCHANGED aws-redshift-alpha/test/integ.cluster-distkey 4.96s
UNCHANGED aws-redshift-alpha/test/integ.cluster-loggingbucket 2.595s
UNCHANGED aws-redshift-alpha/test/integ.cluster-exclude-characters 4.131s
UNCHANGED aws-redshift-alpha/test/integ.cluster-multi-az 3.065s
UNCHANGED aws-redshift-alpha/test/integ.cluster-nodetype 2.812s
UNCHANGED aws-redshift-alpha/test/integ.cluster-maintenance-track-name 4.035s
UNCHANGED aws-redshift-alpha/test/integ.cluster-iamrole 5.553s
UNCHANGED aws-redshift-alpha/test/integ.cluster-resource-action 3.134s
UNCHANGED aws-redshift-alpha/test/integ.cluster-reboot 5.099s
UNCHANGED aws-redshift-alpha/test/integ.database-columnid 4.926s
UNCHANGED aws-s3tables-alpha/test/integration/integ.namespace 3.214s
UNCHANGED aws-s3tables-alpha/test/integration/integ.table-bucket-encryption 2.742s
UNCHANGED aws-s3objectlambda-alpha/test/integ.s3objectlambda 4.974s
UNCHANGED aws-route53resolver-alpha/test/integ.firewall 5.462s
UNCHANGED aws-redshift-alpha/test/integ.database 6.176s
UNCHANGED aws-s3tables-alpha/test/integration/integ.table-bucket 2.713s
UNCHANGED aws-s3tables-alpha/test/integration/integ.table 2.662s
UNCHANGED aws-s3tables-alpha/test/integration/integ.table-with-grants 3.231s
UNCHANGED aws-s3tables-alpha/test/integration/integ.table-bucket-with-grants 3.923s
UNCHANGED aws-sagemaker-alpha/test/integ.endpoint.alarms 3.149s
UNCHANGED aws-sagemaker-alpha/test/integ.endpoint-config 3.509s
UNCHANGED aws-servicecatalogappregistry-alpha/test/integ.application-associator.all-stacks-association 1.567s
UNCHANGED aws-servicecatalogappregistry-alpha/test/integ.application-associator.all-stacks-association-no-stack-id-or-name 1.92s
UNCHANGED aws-sagemaker-alpha/test/integ.endpoint 3.294s
UNCHANGED aws-servicecatalogappregistry-alpha/test/integ.application-associator.cross-account-stack-association-enabled 1.912s
UNCHANGED aws-servicecatalogappregistry-alpha/test/integ.application-associator.disable-url 2.499s
UNCHANGED aws-sagemaker-alpha/test/integ.model 4.885s
UNCHANGED integ-tests-alpha/test/assertions/providers/integ.assertions 2.848s
UNCHANGED example-construct-library/test/integ.example-resource 3.683s
UNCHANGED integ-tests-alpha/test/assertions/providers/integ.http-api-call-assertions 3.313s
UNCHANGED aws-servicecatalogappregistry-alpha/test/integ.attribute-group 3.805s
UNCHANGED aws-servicecatalogappregistry-alpha/test/integ.application 3.872s
UNCHANGED integ-tests-alpha/test/assertions/providers/integ.invoke-function-assertions 1.97s
UNCHANGED aws-lambda-python-alpha/test/integ.function.project 71.61s
UNCHANGED aws-lambda-go-alpha/test/integ.function 94.721s
UNCHANGED aws-lambda-go-alpha/test/integ.function.bundling.user 95.829s
UNCHANGED aws-lambda-python-alpha/test/integ.function.uv 96.096s
UNCHANGED aws-lambda-go-alpha/test/integ.function.provided.runtimes 100.641s
UNCHANGED aws-lambda-python-alpha/test/integ.function 100.777s
UNCHANGED aws-lambda-python-alpha/test/integ.python.build.images 109.192s
UNCHANGED aws-lambda-python-alpha/test/integ.function.pipenv 124.275s
Waiting for 1 more (aws-lambda-python-alpha/test/integ.function.poetry)
UNCHANGED aws-lambda-python-alpha/test/integ.function.poetry 275.443s

Snapshot Results:

Tests: 234 passed, 234 total

Running integration tests for failed tests...

Running in parallel across regions: us-east-1, us-east-2, us-west-2

Test Results:

Tests: 0 passed, 0 total
✨ Done in 312.00s.`

[Abogical]

@Mergifyio update

[mergify]

update

✅ Branch has been successfully updated

[drduhe]

Looking through the build failures it seems that some of the earlier unrelated tests passed - but something failed to clean up cleanly? I am not sure how to triage that to make an update on my end? As to my failures - can I get specific logs pertaining to why these failed:

@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3027840808/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-security-groups-efs.js
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3027840808/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-security-groups-empty.js
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3027840808/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-security-groups-multiple.js
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3027840808/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-security-groups-single.js
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3027840808/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-vpc-basic.js
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3027840808/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-vpc-config.js
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3027840808/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-vpc-custom-subnets.js
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3027840808/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-vpc-efs.js
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3027840808/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-vpc-security-groups.js
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3027840808/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-vpc-subnet-selection.js

Edit: Ok - update - the integration tests are failing with the following error ( at least on my end )

Resource handler returned message: "The maximum number of addresses has been reached. (Service: Ec2, Status Code: 400, Request ID: fe09656f-be72-4659-96f0-bd6b62b1f7c8) (SDK Attempt Count: 1)" (RequestToken: 95624994-c887-b506-1884-17ce9d0b1723, HandlerErrorCode: GeneralServiceException)

It seems these tests can't be run in parallel because the accounts run out of addresses to assign the VPC subnets - please advise, can I make these tests run sequentially - or scope down their testing range? This PR implemented tests for the previously merged VPC feature which is causing this headache - and mine was an attempt to add coverage for that feature per the PR feedback.

What I will try next is limiting each of the test deployment VPC configurations to natGateways: 0, where I can and hopefully that keeps the addresses under control enough for parallel testing in the account.

[Abogical]

@drduhe Yes, you can make them run sequentially by using the --parallel-regions option. You can use --parallel-regions us-east-1 which will only use us-east-1 region to deploy, effectively making the process sequential.

[drduhe]

@drduhe Yes, you can make them run sequentially by using the --parallel-regions option. You can use --parallel-regions us-east-1 which will only use us-east-1 region to deploy, effectively making the process sequential.

But this will just make it run sequentially in my local dev deployment right? How would we enforce they get run sequentially as part of the production build that happens in the Github pipeline?

[Abogical]

@drduhe The Github pipeline currently only checks that the snapshots are matching. It doesn't currently deploy the snapshots automatically.

[drduhe]

Ack - running sequentially now

[drduhe]

Ok, sorry for the delay but it took like 8+ hours to run all the tests sequentially but they all this passed when I ran it them this final time - I cleaned up the other integration tests the grouping as well with this PR. See results below from my final deployment / tests this evening:

(base) 5ce91e835887:framework-integ drduhe$ yarn integ --directory test/aws-s3-deployment/test --update-on-failed --parallel-regions us-east-1
yarn run v1.22.22
(node:4686) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
(Use `node --trace-deprecation ...` to show where the warning was created)
$ integ-runner --unstable=toolkit-lib-engine --language javascript --directory test/aws-s3-deployment/test --update-on-failed --parallel-regions us-east-1

Verifying integration test snapshots...

  UNCHANGED  integ.bucket-deployment-signcontent 4.005s
  UNCHANGED  integ.bucket-deployment-loggroup 4.13s
  UNCHANGED  integ.bucket-deployment-cloudfront 4.25s
  UNCHANGED  integ.bucket-deployment-substitution-with-role 4.301s
  UNCHANGED  integ.bucket-deployment-cross-nested-stack-source 4.318s
  UNCHANGED  integ.bucket-deployment-substitution-with-destination-key 4.375s
  UNCHANGED  integ.bucket-deployment-deployed-bucket 4.396s
  UNCHANGED  integ.bucket-deployment-security-groups-single 4.617s
  UNCHANGED  integ.bucket-deployment-cross-stack-source 5.016s
  UNCHANGED  integ.bucket-deployment-security-groups-empty 5.234s
  UNCHANGED  integ.bucket-deployment-security-groups-efs 5.363s
  UNCHANGED  integ.bucket-deployment-cross-stack-ssm-source 5.28s
  UNCHANGED  integ.bucket-deployment-security-groups-multiple 5.45s
  UNCHANGED  integ.bucket-deployment-data 5.942s
  UNCHANGED  integ.bucket-deployment-large-file 6.444s
  UNCHANGED  integ.bucket-deployment-substitution 3.526s
  UNCHANGED  integ.bucket-deployment-vpc-config 3.798s
  UNCHANGED  integ.bucket-deployment-vpc-custom-subnets 3.775s
  UNCHANGED  integ.bucket-deployment-vpc-basic 4.041s
  UNCHANGED  integ.bucket-deployment-vpc-subnet-selection 3.56s
  UNCHANGED  integ.bucket-deployment-vpc-security-groups 3.692s
  UNCHANGED  integ.bucket-deployment-vpc-efs 4.104s
  UNCHANGED  integ.bucket-deployment 4.457s
  UNCHANGED  integ.bucket-deployment-big-response 9.301s

Snapshot Results: 

Tests:    24 passed, 24 total

Running integration tests for failed tests...

Running in parallel across regions: us-east-1

Test Results: 

Tests:    0 passed, 0 total
✨  Done in 10.82s.

[Abogical]

LGTM. Thanks!

Pull request has been modified.

[drduhe]

Fixed Rosetta README.md errors. Not sure why the request-cli-integ-test / cli-changes (pull_request_target)](https://github.com/aws/aws-cdk/actions/runs/19072300010/job/54478171302?pr=33233) is failing now.

[drduhe]

Lemme know if I need to do anything specific - happy to work this down today so it doesn't lose traction again.

[Abogical]

request-cli-integ-test is not a required workflow to pass atm.

Appreciate your efforts on this @drduhe , I want to see this PR done as well. 😅

[Abogical]

@drduhe Please don't force push commits. Its hard to see what changes you made since last review when you do this.

[drduhe]

@drduhe Please don't force push commits. Its hard to see what changes you made since last review when you do this.

@Abogical - Ah, I won't do this moving forward, I realize now you support squashing on the merge and I should have left my changes as atomic commits. Pushing another commit now targeting the remaining failures in the README.md reported by Rosetta.

---

Update: It seems to be passing the Rosetta linting workflow now.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

This pull request has been removed from the queue for the following reason: pull request branch update failed.

The pull request can't be updated

For security reasons, Mergify can't update this pull request. Try updating locally.
GitHub response: refusing to allow a GitHub App to create or update workflow .github/workflows/codecov-upload.yml without workflows permission.

You should update or rebase your pull request manually. If you do, this pull request will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue, you can requeue the pull request, without updating it, by posting a @mergifyio requeue comment.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.