Manage GitHub resources like repositories, teams, members, integrations and workflows with the AWS CDK as Custom Resources in CloudFormation.

Overview

GitHub npm (scoped) PyPI Nuget Sonatype Nexus (Releases) GitHub Workflow Status (branch) GitHub release (latest SemVer) Gitpod ready-to-code

CDK Github

Manage GitHub resources like repositories, teams, members, integrations and workflows with the AWS CDK as Custom Resources in CloudFormation with cdk-github.

You configure the endpoint, method and parameters documented by @octokit/rest and AWS CloudFormation runs them anytime you create, update (if you changed the custom resource), or delete stacks. When CloudFormation sends a lifecycle event notification, then your custom resource sends the request to the GitHub REST API.

Install

TypeScript
npm install @pepperize/cdk-github

or

yarn add @pepperize/cdk-github
Python
pip install pepperize.cdk-github
C#
dotnet add package Pepperize.CDK.Github
Java
<dependency>
  <groupId>com.pepperize</groupId>
  <artifactId>cdk-github</artifactId>
  <version>${cdkGithub.version}</version>
</dependency>

Contributing

Contributions of all kinds are welcome 🚀 Check out our contributor's guide.

For a quick start, fork and check out a development environment:

git clone [email protected]:pepperize/cdk-github
cd cdk-github
# install dependencies
yarn
# build with projen
yarn build

Getting Started

  1. Creating a GitHub App

  2. Installing GitHub Apps

  3. Create an AWS Secrets Manager secret

    {
      "appId": "123456",
      "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nExample==\n-----END RSA PRIVATE KEY-----",
      "installationId": "12345678"
    }
  4. Add @pepperize/cdk-github to your project dependencies

    yarn add @pepperize/cdk-github
  5. Add your main.ts

    const app = new App();
    const stack = new Stack(app, "GithubCustomResources");

    Just for simplicity, it's up to you how to organize your app 😉

  6. Import your secret

    const secret = secrets_manager.Secret.fromSecretNameV2(stack, "Auth", "cdk-github/test");
  7. Configure GitHub App authenticate as an installation

    const authOptions = AuthOptions.appAuth(secret);
  8. Add your first GitHub Custom Resource with the AWS CDK

    new GithubCustomResource(stack, "GithubRepo", {
      onCreate: {
        // 👇The endpoint of the GitHub API.
        endpoint: "repos",
        // 👇The method of the GitHub API.
        method: "createInOrg",
        // https://octokit.github.io/rest.js/v19/#repos-create-in-org
        parameters: {
          // 👇The request parameters to send.
          org: "pepperize",
          name: "cdk-github",
        },
        // 👇The object keys from the GitHub API response to return to CFN.
        outputPaths: ["id", "full_name"],
        // 👇This becomes the CFN Physical ID visible in the Console.
        physicalResourceId: custom_resources.PhysicalResourceId.fromResponse("full_name"),
        // 👇Don't throw an error if message matching this regex.
        ignoreErrorCodesMatching: "name already exists on this account",
      },
      // 👇The implemented authentication strategy.
      authOptions: AuthOptions.appAuth(secret),
    });
  9. Deploy your first GitHub Custom Resource

    npx cdk deploy

Authentication

GitHub App or installation authentication

Configure the AWS SecretsManager Secret with the AuthOptions that will be passed to octokit.auth. i.e. as an installation:

{
  "appId": "123456",
  "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nExample==\n-----END RSA PRIVATE KEY-----",
  "installationId": "12345678"
}

Lookup the secret in your AWS CDK app:

// 👇Lookup your secret containing the AuthOptions
const secret = secrets_manager.Secret.fromSecretNameV2(stack, "Auth", "cdk-github/test");
// 👇This will send the secret arn to the custom resource handler
const authOptions = AuthOptions.appAuth(secret);

The custom resource handler will configure octokit.js with the createAppAuth:

const getSecretValueResponse = await SSM.getSecretValue({ SecretId: secret }).promise();
const octokitOptions: OctokitOptions = {
  authStrategy: createAppAuth,
  auth: (auth = JSON.parse(getSecretValueResponse.SecretString)),
};

Supported through @octokit/auth-app

Personal Access Token authentication

Just add your PAT to an SSM StringParameter

// 👇Lookup your parameter containing the TOKEN
const parameter = ssm.StringParameter.fromStringParameterName(stack, "Auth", "cdk-github/test");
// 👇This will send the parameter arn to the custom resource handler
const authOptions = AuthOptions.tokenAuth(parameter);

Supported through @octokit/auth-token

Unauthenticated

// 👇This will configure octokit without authentication
const authOptions = AuthOptions.unauthenticated();

Example

@octokit/plugin-rest-endpoint-methods

const secret = secrets_manager.Secret.fromSecretNameV2(stack, "Auth", "cdk-github/test");

new GithubCustomResource(stack, "GithubRepo", {
  onCreate: {
    // https://octokit.github.io/rest.js/v19/#repos-create-in-org
    endpoint: "repos",
    method: "createInOrg",
    parameters: {
      org: "pepperize",
      name: "cdk-github",
    },
    outputPaths: ["id", "full_name"],
    physicalResourceId: custom_resources.PhysicalResourceId.fromResponse("full_name"),
    ignoreErrorCodesMatching: "name already exists on this account",
  },
  onUpdate: {
    // https://octokit.github.io/rest.js/v19#repos-get
    endpoint: "repos",
    method: "get",
    parameters: {
      owner: "pepperize",
      repo: "cdk-github",
    },
    outputPaths: ["id", "full_name"],
    physicalResourceId: custom_resources.PhysicalResourceId.fromResponse("full_name"),
  },
  onDelete: {
    // https://octokit.github.io/rest.js/v19#repos-delete
    endpoint: "repos",
    method: "delete",
    parameters: {
      owner: "pepperize",
      repo: "cdk-github",
    },
    outputPaths: [],
  },
  authOptions: AuthOptions.appAuth(secret),
});
Comments
  • chore(deps-dev): bump @pepperize/projen-awscdk-construct from 0.0.283 to 0.0.287

    chore(deps-dev): bump @pepperize/projen-awscdk-construct from 0.0.283 to 0.0.287

    Bumps @pepperize/projen-awscdk-construct from 0.0.283 to 0.0.287.

    Release notes

    Sourced from @​pepperize/projen-awscdk-construct's releases.

    v0.0.287

    0.0.287 (2022-10-28)

    v0.0.286

    0.0.286 (2022-10-27)

    v0.0.285

    0.0.285 (2022-10-27)

    v0.0.284

    0.0.284 (2022-10-26)

    Commits
    • a9c4e6d chore(deps-dev): Bump jsii-docgen from 7.0.130 to 7.0.131 (#275)
    • 6bd8496 chore(deps-dev): Bump @​types/node from 14.18.32 to 14.18.33 (#274)
    • 2410df1 chore(deps-dev): Bump jsii-docgen from 7.0.127 to 7.0.130 (#273)
    • 4f8be58 chore(deps-dev): Bump jsii-docgen from 7.0.126 to 7.0.127 (#272)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 4
  • chore(deps-dev): bump jsii-docgen from 7.0.126 to 7.0.131

    chore(deps-dev): bump jsii-docgen from 7.0.126 to 7.0.131

    Bumps jsii-docgen from 7.0.126 to 7.0.131.

    Release notes

    Sourced from jsii-docgen's releases.

    v7.0.131

    7.0.131 (2022-10-28)

    v7.0.130

    7.0.130 (2022-10-27)

    v7.0.129

    7.0.129 (2022-10-26)

    v7.0.128

    7.0.128 (2022-10-26)

    v7.0.127

    7.0.127 (2022-10-26)

    Commits
    • e979acb chore(deps): upgrade dependencies (#820)
    • 7134367 chore(deps): upgrade dependencies (#819)
    • c4630d1 chore: upgrade minimatch in test fixture (#818)
    • 062ef6f chore(deps): bump @​xmldom/xmldom from 0.7.5 to 0.7.6 in /test/fixtures/li...
    • 348e772 chore(deps): upgrade dependencies (#816)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 2
  • chore(deps-dev): bump @types/node from 14.18.32 to 14.18.33

    chore(deps-dev): bump @types/node from 14.18.32 to 14.18.33

    Bumps @types/node from 14.18.32 to 14.18.33.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 2
  • chore(deps-dev): bump aws-sdk from 2.1242.0 to 2.1243.0

    chore(deps-dev): bump aws-sdk from 2.1242.0 to 2.1243.0

    Bumps aws-sdk from 2.1242.0 to 2.1243.0.

    Release notes

    Sourced from aws-sdk's releases.

    Release v2.1243.0

    See changelog for more information.

    Changelog

    Sourced from aws-sdk's changelog.

    2.1243.0

    • feature: AppRunner: AWS App Runner adds .NET 6, Go 1, PHP 8.1 and Ruby 3.1 runtimes.
    • feature: AppStream: This release includes CertificateBasedAuthProperties in CreateDirectoryConfig and UpdateDirectoryConfig.
    • feature: CloudFormation: This release adds more fields to improves visibility of AWS CloudFormation StackSets information in following APIs: ListStackInstances, DescribeStackInstance, ListStackSetOperationResults, ListStackSetOperations, DescribeStackSetOperation.
    • feature: GameSparks: Add LATEST as a possible GameSDK Version on snapshot
    • feature: MediaTailor: This release introduces support for SCTE-35 segmentation descriptor messages which can be sent within time signal messages.
    • feature: PrivateNetworks: Fix incorrect endpoint-prefix in endpoint ruleset.
    • feature: SupportApp: Fix incorrect endpoint-prefix in endpoint ruleset.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 2
  • chore(deps-dev): Bump @typescript-eslint/parser from 5.44.0 to 5.45.0

    chore(deps-dev): Bump @typescript-eslint/parser from 5.44.0 to 5.45.0

    Bumps @typescript-eslint/parser from 5.44.0 to 5.45.0.

    Release notes

    Sourced from @​typescript-eslint/parser's releases.

    v5.45.0

    5.45.0 (2022-11-28)

    Bug Fixes

    • eslint-plugin: [array-type] --fix flag removes parentheses from type (#5997) (42b33af)
    • eslint-plugin: [keyword-spacing] prevent crash on no options (#6073) (1f19998)
    • eslint-plugin: [member-ordering] support private fields (#5859) (f02761a)
    • eslint-plugin: [prefer-readonly] report if a member's property is reassigned (#6043) (6e079eb)
    • scope-manager: add support for TS4.9 satisfies expression (#6059) (44027db)
    • typescript-estree: stub out ts.SatisfiesExpression on old TS versions (#6076) (1302b30)

    Features

    • eslint-plugin: [member-ordering] add a required option for required vs. optional member ordering (#5965) (2abadc6)
    • support Auto Accessor syntax (#5926) (becd1f8)
    Changelog

    Sourced from @​typescript-eslint/parser's changelog.

    5.45.0 (2022-11-28)

    Note: Version bump only for package @​typescript-eslint/parser

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 0
  • chore(deps-dev): Bump @pepperize/projen-awscdk-construct from 0.0.321 to 0.0.324

    chore(deps-dev): Bump @pepperize/projen-awscdk-construct from 0.0.321 to 0.0.324

    Bumps @pepperize/projen-awscdk-construct from 0.0.321 to 0.0.324.

    Release notes

    Sourced from @​pepperize/projen-awscdk-construct's releases.

    v0.0.324

    0.0.324 (2022-11-29)

    v0.0.323

    0.0.323 (2022-11-29)

    v0.0.322

    0.0.322 (2022-11-28)

    Commits
    • 5ea84b8 chore(deps-dev): Bump @​typescript-eslint/parser from 5.44.0 to 5.45.0 (#310)
    • 42449ac chore(deps-dev): Bump @​typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0 ...
    • b08bee4 chore(deps-dev): Bump jsii-docgen from 7.0.160 to 7.0.163 (#308)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 0
  • chore(deps-dev): Bump aws-sdk from 2.1261.0 to 2.1264.0

    chore(deps-dev): Bump aws-sdk from 2.1261.0 to 2.1264.0

    Bumps aws-sdk from 2.1261.0 to 2.1264.0.

    Release notes

    Sourced from aws-sdk's releases.

    Release v2.1264.0

    See changelog for more information.

    Release v2.1263.0

    See changelog for more information.

    Release v2.1262.0

    See changelog for more information.

    Changelog

    Sourced from aws-sdk's changelog.

    2.1264.0

    • bugfix: Token: Export Token types from core.d.ts
    • feature: EC2: This release adds support for AWS Verified Access and the Hpc6id Amazon EC2 compute optimized instance type, which features 3rd generation Intel Xeon Scalable processors.
    • feature: Firehose: Allow support for the Serverless offering for Amazon OpenSearch Service as a Kinesis Data Firehose delivery destination.
    • feature: KMS: AWS KMS introduces the External Key Store (XKS), a new feature for customers who want to protect their data with encryption keys stored in an external key management system under their control.
    • feature: Omics: Amazon Omics is a new, purpose-built service that can be used by healthcare and life science organizations to store, query, and analyze omics data. The insights from that data can be used to accelerate scientific discoveries and improve healthcare.
    • feature: OpenSearchServerless: Publish SDK for Amazon OpenSearch Serverless
    • feature: SecurityLake: Amazon Security Lake automatically centralizes security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in your account. Security Lake makes it easier to analyze security data, so you can improve the protection of your workloads, applications, and data
    • feature: SimSpaceWeaver: AWS SimSpace Weaver is a new service that helps customers build spatial simulations at new levels of scale - resulting in virtual worlds with millions of dynamic entities. See the AWS SimSpace Weaver developer guide for more details on how to get started. https://docs.aws.amazon.com/simspaceweaver

    2.1263.0

    • bugfix: event_listeners: differentiate identity type in VALIDATE_CREDENTIALS listener
    • bugfix: region_config: Set signatureVersion to bearer explcitly when defined in service API
    • feature: ARCZonalShift: Amazon Route 53 Application Recovery Controller Zonal Shift is a new service that makes it easy to shift traffic away from an Availability Zone in a Region. See the developer guide for more information: https://docs.aws.amazon.com/r53recovery/latest/dg/what-is-route53-recovery.html
    • feature: ComputeOptimizer: Adds support for a new recommendation preference that makes it possible for customers to optimize their EC2 recommendations by utilizing an external metrics ingestion service to provide metrics.
    • feature: ConfigService: With this release, you can use AWS Config to evaluate your resources for compliance with Config rules before they are created or updated. Using Config rules in proactive mode enables you to test and build compliant resource templates or check resource configurations at the time they are provisioned.
    • feature: EC2: Introduces ENA Express, which uses AWS SRD and dynamic routing to increase throughput and minimize latency, adds support for trust relationships between Reachability Analyzer and AWS Organizations to enable cross-account analysis, and adds support for Infrastructure Performance metric subscriptions.
    • feature: EKS: Adds support for additional EKS add-ons metadata and filtering fields
    • feature: FSx: This release adds support for 4GB/s / 160K PIOPS FSx for ONTAP file systems and 10GB/s / 350K PIOPS FSx for OpenZFS file systems (Single_AZ_2). For FSx for ONTAP, this also adds support for DP volumes, snapshot policy, copy tags to backups, and Multi-AZ route table updates.
    • feature: Glue: This release allows the creation of Custom Visual Transforms (Dynamic Transforms) to be created via AWS Glue CLI/SDK.
    • feature: Inspector2: This release adds support for Inspector to scan AWS Lambda.
    • feature: Lambda: Adds support for Lambda SnapStart, which helps improve the startup performance of functions. Customers can now manage SnapStart based functions via CreateFunction and UpdateFunctionConfiguration APIs
    • feature: LicenseManagerUserSubscriptions: AWS now offers fully-compliant, Amazon-provided licenses for Microsoft Office Professional Plus 2021 Amazon Machine Images (AMIs) on Amazon EC2. These AMIs are now available on the Amazon EC2 console and on AWS Marketplace to launch instances on-demand without any long-term licensing commitments.
    • feature: Macie2: Added support for configuring Macie to continually sample objects from S3 buckets and inspect them for sensitive data. Results appear in statistics, findings, and other data that Macie provides.
    • feature: QuickSight: This release adds new Describe APIs and updates Create and Update APIs to support the data model for Dashboards, Analyses, and Templates.
    • feature: S3Control: Added two new APIs to support Amazon S3 Multi-Region Access Point failover controls: GetMultiRegionAccessPointRoutes and SubmitMultiRegionAccessPointRoutes. The failover control APIs are supported in the following Regions: us-east-1, us-west-2, eu-west-1, ap-southeast-2, and ap-northeast-1.
    • feature: SecurityHub: Adding StandardsManagedBy field to DescribeStandards API response

    2.1262.0

    • bugfix: ResourceExplorer2: Add dualstack by default for FIPS
    • bugfix: Signer: Set Authorization header correctly in Bearer Signer
    • bugfix: Signer: Read identity type from service.api.signatureVersion
    • feature: Backup: AWS Backup introduces support for legal hold and application stack backups. AWS Backup Audit Manager introduces support for cross-Region, cross-account reports.
    • feature: CloudWatch: Adds cross-account support to the GetMetricData API. Adds cross-account support to the ListMetrics API through the usage of the IncludeLinkedAccounts flag and the new OwningAccounts field.
    • feature: CloudWatchLogs: Updates to support CloudWatch Logs data protection and CloudWatch cross-account observability
    • feature: Drs: Non breaking changes to existing APIs, and additional APIs added to support in-AWS failing back using AWS Elastic Disaster Recovery.
    • feature: ECS: This release adds support for ECS Service Connect, a new capability that simplifies writing and operating resilient distributed applications. This release updates the TaskDefinition, Cluster, Service mutation APIs with Service connect constructs and also adds a new ListServicesByNamespace API.
    • feature: EFS: This release adds elastic as a new ThroughputMode value for EFS file systems and adds AFTER_1_DAY as a value for TransitionToIARules.
    • feature: Endpoint: Add pattern global dualstack by default
    • feature: IoTWireless: This release includes a new feature for customers to calculate the position of their devices by adding three new APIs: UpdateResourcePosition, GetResourcePosition, and GetPositionEstimate.
    • feature: Iot: Job scheduling enables the scheduled rollout of a Job with start and end times and a customizable end behavior when end time is reached. This is available for continuous and snapshot jobs. Added support for MQTT5 properties to AWS IoT TopicRule Republish Action.
    • feature: IotData: This release adds support for MQTT5 properties to AWS IoT HTTP Publish API.
    • feature: Kendra: Amazon Kendra now supports preview of table information from HTML tables in the search results. The most relevant cells with their corresponding rows, columns are displayed as a preview in the search result. The most relevant table cell or cells are also highlighted in table preview.
    • feature: Mgn: This release adds support for Application and Wave management. We also now support custom post-launch actions.
    • feature: OAM: Amazon CloudWatch Observability Access Manager is a new service that allows configuration of the CloudWatch cross-account observability feature.
    • feature: Organizations: This release introduces delegated administrator for AWS Organizations, a new feature to help you delegate the management of your Organizations policies, enabling you to govern your AWS organization in a decentralized way. You can now allow member accounts to manage Organizations policies.
    • feature: RDS: This release enables new Aurora and RDS feature called Blue/Green Deployments that makes updates to databases safer, simpler and faster.
    • feature: Textract: This release adds support for classifying and splitting lending documents by type, and extracting information by using the Analyze Lending APIs. This release also includes support for summarized information of the processed lending document package, in addition to per document results.
    • feature: TranscribeService: This release adds support for 'inputType' for post-call and real-time (streaming) Call Analytics within Amazon Transcribe.
    Commits
    • 5c1852a Updates SDK to v2.1264.0
    • 221156e Export Token types from core.d.ts (#4292)
    • 2783931 Updates SDK to v2.1263.0
    • c6c5aab fix(region_config): remove mutation of global signatureVersion (#4288)
    • b168eaa fix(event_listeners): check identity type in VALIDATE_CREDENTIALS (#4287)
    • 44bf65a Updates SDK to v2.1262.0
    • 856a238 fix(service): use service signatureVersion as default (#4284)
    • 6323e8d Update readme message about v2 support (#4282)
    • 282e61d add readme message regarding v2 support (#4281)
    • 845c0ea Add pattern dualstack global by default (#4277)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 0
  • chore(deps-dev): Bump esbuild from 0.15.15 to 0.15.16

    chore(deps-dev): Bump esbuild from 0.15.15 to 0.15.16

    Bumps esbuild from 0.15.15 to 0.15.16.

    Release notes

    Sourced from esbuild's releases.

    v0.15.16

    • Add a package alias feature (#2191)

      With this release, you can now easily substitute one package for another at build time with the new alias feature. For example, --alias:oldpkg=newpkg replaces all imports of oldpkg with newpkg. One use case for this is easily replacing a node-only package with a browser-friendly package in 3rd-party code that you don't control. These new substitutions happen first before all of esbuild's existing path resolution logic.

      Note that when an import path is substituted using an alias, the resulting import path is resolved in the working directory instead of in the directory containing the source file with the import path. If needed, the working directory can be set with the cd command when using the CLI or with the absWorkingDir setting when using the JS or Go APIs.

    • Fix crash when pretty-printing minified JSX with object spread of object literal with computed property (#2697)

      JSX elements are translated to JavaScript function calls and JSX element attributes are translated to properties on a JavaScript object literal. These properties are always either strings (e.g. in <x y />, y is a string) or an object spread (e.g. in <x {...y} />, y is an object spread) because JSX doesn't provide syntax for directly passing a computed property as a JSX attribute. However, esbuild's minifier has a rule that tries to inline object spread with an inline object literal in JavaScript. For example, x = { ...{ y } } is minified to x={y} when minification is enabled. This means that there is a way to generate a non-string non-spread JSX attribute in esbuild's internal representation. One example is with <x {...{ [y]: z }} />. When minification is enabled, esbuild's internal representation of this is something like <x [y]={z} /> due to object spread inlining, which is not valid JSX syntax. If this internal representation is then pretty-printed as JSX using --minify --jsx=preserve, esbuild previously crashed when trying to print this invalid syntax. With this release, esbuild will now print <x {...{[y]:z}}/> in this scenario instead of crashing.

    Changelog

    Sourced from esbuild's changelog.

    0.15.16

    • Add a package alias feature (#2191)

      With this release, you can now easily substitute one package for another at build time with the new alias feature. For example, --alias:oldpkg=newpkg replaces all imports of oldpkg with newpkg. One use case for this is easily replacing a node-only package with a browser-friendly package in 3rd-party code that you don't control. These new substitutions happen first before all of esbuild's existing path resolution logic.

      Note that when an import path is substituted using an alias, the resulting import path is resolved in the working directory instead of in the directory containing the source file with the import path. If needed, the working directory can be set with the cd command when using the CLI or with the absWorkingDir setting when using the JS or Go APIs.

    • Fix crash when pretty-printing minified JSX with object spread of object literal with computed property (#2697)

      JSX elements are translated to JavaScript function calls and JSX element attributes are translated to properties on a JavaScript object literal. These properties are always either strings (e.g. in <x y />, y is a string) or an object spread (e.g. in <x {...y} />, y is an object spread) because JSX doesn't provide syntax for directly passing a computed property as a JSX attribute. However, esbuild's minifier has a rule that tries to inline object spread with an inline object literal in JavaScript. For example, x = { ...{ y } } is minified to x={y} when minification is enabled. This means that there is a way to generate a non-string non-spread JSX attribute in esbuild's internal representation. One example is with <x {...{ [y]: z }} />. When minification is enabled, esbuild's internal representation of this is something like <x [y]={z} /> due to object spread inlining, which is not valid JSX syntax. If this internal representation is then pretty-printed as JSX using --minify --jsx=preserve, esbuild previously crashed when trying to print this invalid syntax. With this release, esbuild will now print <x {...{[y]:z}}/> in this scenario instead of crashing.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 0
  • chore(deps-dev): Bump @typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0

    chore(deps-dev): Bump @typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0

    Bumps @typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0.

    Release notes

    Sourced from @​typescript-eslint/eslint-plugin's releases.

    v5.45.0

    5.45.0 (2022-11-28)

    Bug Fixes

    • eslint-plugin: [array-type] --fix flag removes parentheses from type (#5997) (42b33af)
    • eslint-plugin: [keyword-spacing] prevent crash on no options (#6073) (1f19998)
    • eslint-plugin: [member-ordering] support private fields (#5859) (f02761a)
    • eslint-plugin: [prefer-readonly] report if a member's property is reassigned (#6043) (6e079eb)
    • scope-manager: add support for TS4.9 satisfies expression (#6059) (44027db)
    • typescript-estree: stub out ts.SatisfiesExpression on old TS versions (#6076) (1302b30)

    Features

    • eslint-plugin: [member-ordering] add a required option for required vs. optional member ordering (#5965) (2abadc6)
    • support Auto Accessor syntax (#5926) (becd1f8)
    Changelog

    Sourced from @​typescript-eslint/eslint-plugin's changelog.

    5.45.0 (2022-11-28)

    Bug Fixes

    • eslint-plugin: [array-type] --fix flag removes parentheses from type (#5997) (42b33af)
    • eslint-plugin: [keyword-spacing] prevent crash on no options (#6073) (1f19998)
    • eslint-plugin: [member-ordering] support private fields (#5859) (f02761a)
    • eslint-plugin: [prefer-readonly] report if a member's property is reassigned (#6043) (6e079eb)

    Features

    • eslint-plugin: [member-ordering] add a required option for required vs. optional member ordering (#5965) (2abadc6)
    Commits
    • 267da4e chore: publish v5.45.0
    • 2abadc6 feat(eslint-plugin): [member-ordering] add a required option for required vs....
    • 6e079eb fix(eslint-plugin): [prefer-readonly] report if a member's property is reassi...
    • f02761a fix(eslint-plugin): [member-ordering] support private fields (#5859)
    • ee62b0b chore: use no-restricted-syntax to enforce created options in rules (#6074)
    • 1f19998 fix(eslint-plugin): [keyword-spacing] prevent crash on no options (#6073)
    • 42b33af fix(eslint-plugin): [array-type] --fix flag removes parentheses from type (#5...
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 0
  • chore(deps-dev): Bump jsii-docgen from 7.0.159 to 7.0.160

    chore(deps-dev): Bump jsii-docgen from 7.0.159 to 7.0.160

    Bumps jsii-docgen from 7.0.159 to 7.0.160.

    Release notes

    Sourced from jsii-docgen's releases.

    v7.0.160

    7.0.160 (2022-11-25)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 0
  • chore(deps-dev): Bump @pepperize/projen-awscdk-construct from 0.0.320 to 0.0.321

    chore(deps-dev): Bump @pepperize/projen-awscdk-construct from 0.0.320 to 0.0.321

    Bumps @pepperize/projen-awscdk-construct from 0.0.320 to 0.0.321.

    Release notes

    Sourced from @​pepperize/projen-awscdk-construct's releases.

    v0.0.321

    0.0.321 (2022-11-25)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 0
  • feat: support github actions secrets

    feat: support github actions secrets

    Usage:

    new GithubCustomResource(stack, "ActionsSecret", {
      onCreate: {
        endpoint: "actions",
        method: "createOrUpdateRepoSecret",
        parameters: {
          owner: "pepperize",
          repo: "cdk-github",
          secret_name: "any-name",
          value: ActionsSecret.fromSecretsManager(secret, "any-field"),
        },
        outputPaths: [],
        physicalResourceId: custom_resources.PhysicalResourceId.of("any-id"),
      },
      authOptions: AuthOptions.appAuth(authSecret),
    });
    

    Fixes #7

    opened by pflorek 0
  • Get rid of eslint hints

    Get rid of eslint hints

    Use type hinting from @types/aws-lambda in the handler

    https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/types/aws-lambda/trigger/cdk-custom-resource.d.ts

    bug good first issue 
    opened by pflorek 0
  • Octokit requests vs. plugin rest endpoint methods

    Octokit requests vs. plugin rest endpoint methods

    Document the decision for rest over requests

    There are two ways of using the GitHub REST API, the octokit.rest.* endpoint methods and octokit.request. Both act the same way, the octokit.rest.* methods are just added for convenience, they use octokit.request internally.

    https://github.com/octokit/octokit.js#rest-api

    With https://github.com/octokit/plugin-rest-endpoint-methods.js/ one can send all the request parameters as a single object, no matter if it's a route, query or body parameter

    documentation 
    opened by pflorek 0
  • GithubCustomResource vs. Github CFN Registry vs. TF Github CFN Registry

    GithubCustomResource vs. Github CFN Registry vs. TF Github CFN Registry

    There are already Custom Resources in the public CloudFormation Registry cloudformation-github-resource-providers and cdk-cloudformation.

    My understanding is they are complementary to our library. They are really good for regular use cases and can be used complementary with this custom construct.

    This more flexible custom construct fills then the gap what is not implemented and also the ability to use a Github app or unauthenticated instead a PAT.

    We may skip on higher constructs and refer to such libraries. Additional we can give some quickstart hint and an example for interop.

    thx Konstantin

    documentation question 
    opened by pflorek 0
  • Configure auth strategies from SecretsManager and SSM ParameterStore for each AuthStrategy

    Configure auth strategies from SecretsManager and SSM ParameterStore for each AuthStrategy

    The current implementation offers the ability to fully configure the GitHub AuthStrategies either by SecretsManager or SSM ParameterStore for GitHub App (with installationId), a PAT or unauthenticated

    https://github.com/octokit/authentication-strategies.js/#authentication-strategiesjs

    See also https://github.com/pepperize/cdk-github/blob/main/API.md#static-functions--1

    auth strategy | description -- | -- appAuth | GitHub App or installation authentication. tokenAuth | Personal Access Token authentication. unauthenticated | unauthenticated.

    Do we have to support additional AuthStrategies. Or by different AWS Service i.e. AuthOptions.tokenAuthFromSecret(secret: ISecret), AuthOptions.tokenAuthFromParameter(parameter: IParameter)

    enhancement help wanted question 
    opened by pflorek 0
Releases(v0.0.66)
Owner
Pepperize
Pepperize
Learn Web 2.0 and Web 3.0 Development using Next.js, Typescript, AWS CDK, AWS Serverless, Ethereum and AWS Aurora Serverless

Learn Web 2.0 Cloud and Web 3.0 Development in Baby Steps In this course repo we will learn Web 2.0 cloud development using the latest state of the ar

Panacloud Multi-Cloud Internet-Scale Modern Global Apps 77 Nov 14, 2022
Under the Sea is an official AWS workshop delivered by AWS SAs and AWS Partners to help customers and partners to learn about AIOps with serverless architectures on AWS.

Under the Sea - AIOps with Serverless Workshop Under the Sea is an exciting MMORPG developed by the famous entrepreneur behind Wild Rydes, the most po

AWS Samples 3 Oct 16, 2022
An Amazon Kendra REST API CDK example with an API Gateway, including authentication with AWS Cognito and AWS X-Ray Tracing

Amazon Kendra Web Service CDK Sample Amazon Kendra has a robust JSON API for use with the AWS SDK (software development kit), but does not expose endp

AWS Samples 7 Sep 28, 2022
Windmill: Open-source platform and runtime to turn any scripts into internal apps, integrations and workflows

. Open-source and self-hostable alternative to Airplane, Pipedream, Superblocks and a simplified Temporal with autogenerated UIs to trigger flows and

Windmill Labs, Inc 1.5k Nov 25, 2022
Sample code for resizing Images with [email protected] using the Custom Origin. You can deploy using AWS CDK.

Resizing Images with [email protected] using the Custom Origin You can resize the images and convert the image format by query parameters. This [email protected]

AWS Samples 15 Nov 24, 2022
☁ ⚡ Serverless v2/v3 plugin to add custom dependsOn to CloudFormation resouces.

serverless-custom-depends-on Serverless v2/v3 plugin to add custom dependsOn to CloudFormation resouces. What it does It helps you to add the "Depends

Alexsandro G Bezerra 5 Sep 21, 2022
MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are still part of a flow in the AWS cloud remote.

MerLoc MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are

Thundra 162 Nov 28, 2022
AWS Lambda & Serverless - Developer Guide with Hands-on Labs. Develop thousands line of aws lambda functions interact to aws serverless services with real-world hands-on labs

AWS Lambda & Serverless - Developer Guide with Hands-on Labs UDEMY COURSE WITH DISCOUNTED - Step by Step Development of this Repository -> https://www

awsrun 30 Nov 21, 2022
AWS Step Functions Workflows Collection

AWS Step Functions Workflows Collection This repo contains Step Functions workflows that shows how to orchestrate multiple services into business-crit

AWS Samples 62 Nov 28, 2022
A GitHub Action that allows to debug GitHub workflows using VS Code.

VS Code Server Action A GitHub Action that allows to debug GitHub workflows using VS Code. Failing CI builds can be annoying especially since we don't

stateful 7 Nov 16, 2022
Example Serverless DynamoDB integration tests using Jest, TypeScript and the AWS CDK

serverless dynamodb integration tests ?? Example Serverless DynamoDB integration tests using Jest, TypeScript and the AWS CDK Introduction How to inte

Lee Gilmore 8 Nov 4, 2022
AWS CDK compiled for web (and Node!)

cdk-web ?? DEMO ?? AWS CDK compiled for web (and Node!) cdk-web and aws-cdk-web are functionally identical packages on npm. read about the differences

Sepehr Laal 43 Jul 19, 2022
A sample CICD Deployment Pipeline for your Alexa Skills, using AWS CDK, CodeBuild and CodePipeline

Alexa Skils - CI/CD CDK Pipeline This repository will help you setting up a CI/CD pipeline for your Alexa Skills. This pipeline is powered by AWS Clou

null 5 Nov 23, 2022
An AWS Cloud Native application using CDK that defines a Serverless Event Driven application for interacting with Twitter and utilising Machine Learning / AI as a Service.

AWS Serverless Event Driven Twitter Bot An AWS Cloud Native application using CDK (Written in TypeScript) that defines a Serverless Event Driven appli

null 5 Sep 25, 2022
This project provides a CDK construct creating AWS organizations.

AWS Organizations This project provides a CDK construct creating AWS organizations. Currently, there is no @aws-cdk/aws-organizations available. See t

Pepperize 99 Nov 7, 2022
Sample AWS microservices app with service discovery defined using the CDK. Uses Docker + Fargate & ELB.

AWS Microservices Demo with CDK and Fargate About Simple AWS microservice-based app. Consists of two Spring Boot based services: Name Service GET /nam

Nick Klaene 6 Nov 10, 2022
Easy-to-use CDK constructs for monitoring your AWS infrastructure

CDK Monitoring Constructs Easy-to-use CDK constructs for monitoring your AWS infrastructure. Easily add commonly-used alarms using predefined properti

CDK Labs at AWS 188 Nov 22, 2022
A sample code that implements a simple Web app using AWS CDK v2

A sample code that implements a simple Web app using AWS CDK v2. This code will be introduced in a live coding session at AWS Summit Online Japan 2022 Developer Zone in 2022/5/25.

AWS Samples 27 Oct 28, 2022