release version 1.0.2

Author: hu-jin-aws

CHANGELOG.md

@@ -16,3 +16,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 - Allow s3 domain name without region in the Content Security Policy for pre-signed url
+
+## [1.0.2] - 2022-10-05
+
+### Changed
+- Upgrade `aws-cdk-lib` and `@aws-cdk/aws-lambda-python-alpha` to 2.41.0 to fix python bundling issue
+- Remove IAM role self-assuming code due to IAM service behavior change ([Issue 11](https://github.com/aws-solutions/automated-data-analytics-on-aws/issues/11))
+- Fix Lambda policy size limit growing when creating data products
+- Fix custom transform validation issue
+- Fix security vulnerabilities found by yarn audit and Dependabot 
+- Misc documentation fixes
+

THIRDPARTY_LICENSES.txt

@@ -7828,9 +7828,27 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 -----
 
-The following software may be included in this product: d3-color, d3-interpolate, d3-time. A copy of the source code may be downloaded from https://github.com/d3/d3-color.git (d3-color), https://github.com/d3/d3-interpolate.git (d3-interpolate), https://github.com/d3/d3-time.git (d3-time). This software contains the following license and notice below:
+The following software may be included in this product: d3-color. A copy of the source code may be downloaded from https://github.com/d3/d3-color.git. This software contains the following license and notice below:
 
-Copyright 2010-2016 Mike Bostock
+Copyright 2010-2022 Mike Bostock
+
+Permission to use, copy, modify, and/or distribute this software for any purpose
+with or without fee is hereby granted, provided that the above copyright notice
+and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
+THIS SOFTWARE.
+
+-----
+
+The following software may be included in this product: d3-format, d3-scale, d3-shape. A copy of the source code may be downloaded from https://github.com/d3/d3-format.git (d3-format), https://github.com/d3/d3-scale.git (d3-scale), https://github.com/d3/d3-shape.git (d3-shape). This software contains the following license and notice below:
+
+Copyright 2010-2015 Mike Bostock
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -7860,9 +7878,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 -----
 
-The following software may be included in this product: d3-format, d3-scale, d3-shape. A copy of the source code may be downloaded from https://github.com/d3/d3-format.git (d3-format), https://github.com/d3/d3-scale.git (d3-scale), https://github.com/d3/d3-shape.git (d3-shape). This software contains the following license and notice below:
+The following software may be included in this product: d3-interpolate, d3-time. A copy of the source code may be downloaded from https://github.com/d3/d3-interpolate.git (d3-interpolate), https://github.com/d3/d3-time.git (d3-time). This software contains the following license and notice below:
 
-Copyright 2010-2015 Mike Bostock
+Copyright 2010-2016 Mike Bostock
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -11314,6 +11332,32 @@ THE SOFTWARE.
 
 -----
 
+The following software may be included in this product: parse-path, parse-url, protocols. A copy of the source code may be downloaded from git+https://github.com/IonicaBizau/parse-path.git (parse-path), git+https://github.com/IonicaBizau/parse-url.git (parse-url), git@github.com:IonicaBizau/protocols.git (protocols). This software contains the following license and notice below:
+
+The MIT License (MIT)
+
+Copyright (c) 2015-22 Ionică Bizău <bizauionica@gmail.com> (https://ionicabizau.net)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+-----
+
 The following software may be included in this product: parse5. A copy of the source code may be downloaded from git://github.com/inikulin/parse5.git. This software contains the following license and notice below:
 
 Copyright (c) 2013-2019 Ivan Nikulin (ifaaan@gmail.com, https://github.com/inikulin)

source/package.json

@@ -2,10 +2,10 @@
   "name": "ada",
   "title": "Automated Data Analytics on AWS",
   "description": "Automated Data Analytics on AWS simplifies the management and analysis of data, providing an end-to-end platform used for ingesting, transforming, governing, and querying datasets through a standalone user interface",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "author": "Amazon Web Services",
   "awsSolutionId": "SO0190",
-  "awsSolutionVersion": "v1.0.1",
+  "awsSolutionVersion": "v1.0.2",
   "private": true,
   "license": "Apache-2.0",
   "engines": {
@@ -48,15 +48,15 @@
     "*.{ts,tsx}": "eslint --cache --fix --quiet"
   },
   "dependencies": {
-    "aws-cdk-lib": "^2.33.0",
+    "aws-cdk-lib": "^2.41.0",
     "constructs": "^10.1.54",
     "@aws-cdk/aws-apigatewayv2-alpha": "^2.33.0-alpha.0",
     "@aws-cdk/aws-apigatewayv2-authorizers-alpha": "^2.33.0-alpha.0",
     "@aws-cdk/aws-apigatewayv2-integrations-alpha": "^2.33.0-alpha.0",
     "@aws-cdk/aws-glue-alpha": "^2.33.0-alpha.0",
     "@aws-cdk/aws-kinesisfirehose-alpha": "^2.33.0-alpha.0",
     "@aws-cdk/aws-kinesisfirehose-destinations-alpha": "^2.33.0-alpha.0",
-    "@aws-cdk/aws-lambda-python-alpha": "^2.33.0-alpha.0",
+    "@aws-cdk/aws-lambda-python-alpha": "^2.41.0-alpha.0",
     "find-up": "^6.0.0",
     "json5": "^2.2.0",
     "lodash": "^4.17.21",
@@ -84,7 +84,7 @@
     "@typescript-eslint/eslint-plugin": "^4.31.0",
     "@typescript-eslint/parser": "^4.31.0",
     "@aws-cdk/cloudformation-diff": "^2.33.0",
-    "aws-cdk": "^2.33.0",
+    "aws-cdk": "^2.41.0",
     "aws-sdk": "^2.1181.0",
     "babel-eslint": "^10.0.3",
     "copyfiles": "^2.4.1",
@@ -135,21 +135,23 @@
   "resolutions": {
     "**/prismjs": ">=1.27.0",
     "**/minimist": ">=1.2.6",
-    "vm2": "^3.9.6",
+    "vm2": "^3.9.11",
     "**/react-table": "^7.7.0",
     "**/@types/react-table": "^7.7.8",
     "lerna/**/trim-newlines": "^3.0.1",
     "lerna/**/normalize-url": "^4.5.1",
     "lerna/**/tar": "^6.1.9",
     "lerna/**/json-schema": "^0.4.0",
+    "lerna/**/parse-url": "^8.1.0",
     "**/ansi-regex": "^5.0.1",
     "@pact-foundation/**/tar": "^6.1.9",
     "**/dynamodb-local/**/tar": "^4.4.18",
     "**/react-scripts/**/browserslist": "^4.16.5",
     "**/react-scripts/**/glob-parent": "^5.1.2",
     "**/node-fetch": "^2.6.7",
     "**/follow-redirects": "^1.14.8",
-    "**/nth-check": "^2.0.1"
+    "**/nth-check": "^2.0.1",
+    "d3-color":"^3.1.0"
   },
   "workspaces": {
     "packages": [

source/packages/@ada/api/package.json

@@ -28,8 +28,8 @@
     "@types/node": "*",
     "@types/node-fetch": "^2.5.7",
     "@types/pluralize": "^0.0.29",
-    "aws-cdk": "^2.33.0",
-    "aws-cdk-lib": "^2.33.0",
+    "aws-cdk": "^2.41.0",
+    "aws-cdk-lib": "^2.41.0",
     "constructs": "^10.1.54",
     "btoa": "^1.2.1",
     "es6-promise": "^4.2.4",

source/packages/@ada/api/spec.yaml

@@ -4,7 +4,7 @@ info:
     of data, providing an end-to-end platform used for ingesting, transforming, governing,
     and querying datasets through a standalone user interface
   title: Automated Data Analytics on AWS API
-  version: 1.0.1
+  version: 1.0.2
 servers:
 - url: https://{apigId}.execute-api.{region}.amazonaws.com/{stage}
   variables:

source/packages/@ada/cdk-core/package.json

@@ -14,13 +14,13 @@
   },
   "dependencies": {
     "@ada/common": "*",
-    "aws-cdk-lib": "^2.33.0",
+    "aws-cdk-lib": "^2.41.0",
     "constructs": "^10.1.54",
     "truncate-middle": "^1.0.6"
   },
   "devDependencies": {
     "@types/truncate-middle": "^1.0.1",
-    "aws-cdk": "^2.33.0",
+    "aws-cdk": "^2.41.0",
     "aws-sdk": "^2.1181.0",
     "cross-env": "^7.0.2",
     "module-alias": "^2.2.2",

source/packages/@ada/infra/package.json

@@ -71,7 +71,7 @@
     "@ada/transforms": "*",
     "@aws-sdk/util-arn-parser": "^3.55.0",
     "await-spawn": "^4.0.2",
-    "aws-cdk-lib": "^2.33.0",
+    "aws-cdk-lib": "^2.41.0",
     "aws-lambda-router": "0.11.0",
     "aws-xray-sdk": "^3.3.6",
     "aws4": "1.11.0",
@@ -107,7 +107,7 @@
     "@types/string-hash": "^1.1.1",
     "@types/uglify-js": "^3.13.1",
     "@types/verror": "^1.10.5",
-    "aws-cdk": "^2.33.0",
+    "aws-cdk": "^2.41.0",
     "aws-sdk": "^2.1181.0",
     "cdk-assets": "^2.33.0",
     "cross-env": "^7.0.2",

source/packages/@ada/infra/src/common/constructs/api/federated-api/base.ts

@@ -1,17 +1,20 @@
 /*! Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 SPDX-License-Identifier: Apache-2.0 */
+import * as iam from 'aws-cdk-lib/aws-iam'
 import { ApiDeployStack } from './deployment';
 import { ApiError } from '../common';
-import { Aspects, Duration } from 'aws-cdk-lib';
+import { Aspects, Duration, RemovalPolicy } from 'aws-cdk-lib';
 import {
   AuthorizationType,
+  CfnAccount,
+  CfnRestApi,
   Cors,
   RequestAuthorizer,
   Resource,
   ResourceOptions,
   ResponseType,
   RestApi,
-  RestApiProps,
+  RestApiProps
 } from 'aws-cdk-lib/aws-apigateway';
 import { Bucket } from '../../../constructs/s3/bucket';
 import { Construct } from 'constructs';
@@ -115,8 +118,12 @@ export class BaseRestApi extends RestApi implements IDecoratedRestApi {
       // https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigateway-readme.html#breaking-up-methods-and-resources-across-stacks
       deploy: false,
       deployOptions: undefined,
+      cloudWatchRole: false
     });
 
+    // configure destroyable CfnAccount and APIGateway CloudWatchRole
+    this.configureCloudWatchRole((this.node.defaultChild) as CfnRestApi)
+
     const rootStack = getRootStack(this);
 
     // create api reference at root stack level to decouople services and deployment
@@ -181,6 +188,20 @@ export class BaseRestApi extends RestApi implements IDecoratedRestApi {
     return this.decoratedRoot.addResource(pathPart, options);
   }
 
+  protected configureCloudWatchRole(apiResource: CfnRestApi): void {
+    const role = new iam.Role(this, 'CloudWatchRole', {
+      assumedBy: new iam.ServicePrincipal('apigateway.amazonaws.com'),
+      managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonAPIGatewayPushToCloudWatchLogs')],
+    });
+    role.applyRemovalPolicy(RemovalPolicy.DESTROY);
+
+    this.cloudWatchAccount = new CfnAccount(this, 'Account', {
+      cloudWatchRoleArn: role.roleArn,
+    });
+    this.cloudWatchAccount.applyRemovalPolicy(RemovalPolicy.DESTROY);
+    this.cloudWatchAccount.node.addDependency(apiResource);
+  }
+
   protected decorateResource(resource: Resource): IDecoratedResource {
     return DecoratedResource(this, resource);
   }

source/packages/@ada/infra/src/common/constructs/lambda/lambda-event-target.ts

@@ -0,0 +1,46 @@
+/*! Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: Apache-2.0 */
+
+import * as events from 'aws-cdk-lib/aws-events';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import { TargetBaseProps, bindBaseTargetConfig } from 'aws-cdk-lib/aws-events-targets';
+
+/**
+ * Customize the Lambda Event Target
+ */
+interface LambdaFunctionProps extends TargetBaseProps {
+    /**
+     * The event to send to the Lambda
+     *
+     * This will be the payload sent to the Lambda Function.
+     *
+     * @default the entire EventBridge event
+     */
+    readonly event?: events.RuleTargetInput;
+}
+
+/**
+ * Use an AWS Lambda function as an event rule target.
+ * Modification of LambdaFunction from 'aws-events-targets' to not add a permission on 
+ * the target lambda function for every Data Product created, in order to not overload 
+ * the lambda policy size limit of the target Lambda Function. 
+ */
+export class EventLambdaTargetFunction implements events.IRuleTarget {
+    // eslint-disable-next-line no-empty-function
+    constructor(private readonly handler: lambda.IFunction, private readonly props: LambdaFunctionProps = {}) {
+    }
+
+    /**
+     * Returns a RuleTarget that can be used to trigger this Lambda as a
+     * result from an EventBridge event.
+     */
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    public bind(rule: events.IRule, _id?: string): events.RuleTargetConfig {
+        return {
+            ...bindBaseTargetConfig(this.props),
+            arn: this.handler.functionArn,
+            input: this.props.event,
+            targetResource: this.handler,
+        };
+    }
+}

source/packages/@ada/infra/src/nested-stacks/__snapshots__/cognito-auth-stack.test.ts.snap

@@ -2,7 +2,7 @@
 
 exports[`stack snapshots 1`] = `
 Object {
-  "Description": "(SO0190-CognitoAuth) - Automated Data Analytics on AWS. Version v1.0.1",
+  "Description": "(SO0190-CognitoAuth) - Automated Data Analytics on AWS. Version v1.0.2",
   "Outputs": Object {
     "AdaCognitoAuthUserPoolBD7CD0F7Arn": Object {
       "Value": Object {