Merge branch 'Issue305' of github.com:awslabs/aws-solutions-constructs into Issue305

Author: biffgaut

.viperlightignore

@@ -26,6 +26,7 @@ source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-
 source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts:129
 source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/lambda-stepfunctions.test.ts:129
 source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/events-rule-sns-topic.test.ts:243
+source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/eventbridge-sns-topic.test.ts:243
 source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/events-rule-sqs-queue.test.ts:131
 source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts:105
 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/README.md:39

source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/.eslintignore

@@ -0,0 +1,4 @@
+lib/*.js
+test/*.js
+*.d.ts
+coverage

source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/.gitignore

@@ -0,0 +1,15 @@
+lib/*.js
+test/*.js
+*.js.map
+*.d.ts
+node_modules
+*.generated.ts
+dist
+.jsii
+
+.LAST_BUILD
+.nyc_output
+coverage
+.nycrc
+.LAST_PACKAGE
+*.snk

source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/.npmignore

@@ -0,0 +1,21 @@
+# Exclude typescript source and config
+*.ts
+tsconfig.json
+coverage
+.nyc_output
+*.tgz
+*.snk
+*.tsbuildinfo
+
+# Include javascript files and typescript declarations
+!*.js
+!*.d.ts
+
+# Exclude jsii outdir
+dist
+
+# Include .jsii
+!.jsii
+
+# Include .jsii
+!.jsii

source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/README.md

@@ -0,0 +1,100 @@
+# aws-eventbridge-kinesisfirehose-s3 module
+<!--BEGIN STABILITY BANNER-->
+
+---
+
+![Stability: Experimental](https://img.shields.io/badge/stability-Experimental-important.svg?style=for-the-badge)
+
+> All classes are under active development and subject to non-backward compatible changes or removal in any
+> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
+> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
+
+---
+<!--END STABILITY BANNER-->
+
+| **Reference Documentation**:| <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|
+|:-------------|:-------------|
+<div style="height:8px"></div>
+
+| **Language**     | **Package**        |
+|:-------------|-----------------|
+|![Python Logo](https://docs.aws.amazon.com/cdk/api/latest/img/python32.png) Python|`aws_solutions_constructs.aws_eventbridge_kinesisfirehose_s3`|
+|![Typescript Logo](https://docs.aws.amazon.com/cdk/api/latest/img/typescript32.png) Typescript|`@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3`|
+|![Java Logo](https://docs.aws.amazon.com/cdk/api/latest/img/java32.png) Java|`software.amazon.awsconstructs.services.eventbridgekinesisfirehoses3`|
+
+This AWS Solutions Construct implements an Amazon EventBridge Rule to send data to an Amazon Kinesis Data Firehose delivery stream connected to an Amazon S3 bucket.
+
+Here is a minimal deployable pattern definition in Typescript:
+
+``` javascript
+import * as cdk from '@aws-cdk/core';
+import { EventbridgeToKinesisFirehoseToS3, EventbridgeToKinesisFirehoseToS3Props } from '@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3';
+
+const EventbridgeToKinesisFirehoseToS3Props: EventbridgeToKinesisFirehoseToS3Props = {
+  eventRuleProps: {
+  schedule: events.Schedule.rate(cdk.Duration.minutes(5))
+  }
+};
+
+new EventbridgeToKinesisFirehoseToS3(this, 'test-eventbridge-firehose-s3', EventbridgeToKinesisFirehoseToS3Props);
+
+```
+
+## Initializer
+
+``` text
+new EventbridgeToKinesisFirehoseToS3(scope: Construct, id: string, props: EventbridgeToKinesisFirehoseToS3Props);
+```
+
+_Parameters_
+
+* scope [`Construct`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_core.Construct.html)
+* id `string`
+* props [`EventbridgeToKinesisFirehoseToS3Props`](#pattern-construct-props)
+
+## Pattern Construct Props
+
+| **Name**     | **Type**        | **Description** |
+|:-------------|:----------------|-----------------|
+|eventRuleProps|[`events.RuleProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-events.RuleProps.html)|User provided eventRuleProps to override the defaults.|
+|kinesisFirehoseProps?|[`kinesisfirehose.CfnDeliveryStreamProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-kinesisfirehose.CfnDeliveryStreamProps.html)|Optional user provided props to override the default props for Kinesis Firehose Delivery Stream|
+|existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object. If this is provided, then also providing bucketProps is an error. |
+|bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|User provided props to override the default props for the S3 Bucket.|
+|logGroupProps?|[`logs.LogGroupProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroupProps.html)|User provided props to override the default props for for the CloudWatchLogs LogGroup.|
+
+## Pattern Properties
+
+| **Name**     | **Type**        | **Description** |
+|:-------------|:----------------|-----------------|
+|eventsRule|[`events.Rule`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-events.Rule.html)|Returns an instance of events.Rule created by the construct.|
+|kinesisFirehose|[`kinesisfirehose.CfnDeliveryStream`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-kinesisfirehose.CfnDeliveryStream.html)|Returns an instance of kinesisfirehose.CfnDeliveryStream created by the construct|
+|s3Bucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct|
+|s3LoggingBucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket.|
+|eventsRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Events Rule|
+|kinesisFirehoseRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Kinesis Data Firehose delivery stream|
+|kinesisFirehoseLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for Kinesis Data Firehose delivery stream|
+
+## Default settings
+
+Out of the box implementation of the Construct without any override will set the following defaults:
+
+### Amazon EventBridge Rule
+* Configure least privilege access IAM role for Amazon EventBridge Rule to publish to the Kinesis Firehose Delivery Stream.
+
+### Amazon Kinesis Firehose
+* Enable CloudWatch logging for Kinesis Firehose
+* Configure least privilege access IAM role for Amazon Kinesis Firehose
+
+### Amazon S3 Bucket
+* Configure Access logging for S3 Bucket
+* Enable server-side encryption for S3 Bucket using AWS managed KMS Key
+* Turn on the versioning for S3 Bucket
+* Don't allow public access for S3 Bucket
+* Retain the S3 Bucket when deleting the CloudFormation stack
+* Applies Lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
+
+## Architecture
+![Architecture Diagram](architecture.png)
+
+***
+&copy; Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.

source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/architecture.png

@@ -0,0 +1,133 @@
+/**
+ *  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+import * as events from '@aws-cdk/aws-events';
+import * as kinesisfirehose from '@aws-cdk/aws-kinesisfirehose';
+import * as defaults from '@aws-solutions-constructs/core';
+import * as iam from '@aws-cdk/aws-iam';
+import * as s3 from '@aws-cdk/aws-s3';
+import * as logs from '@aws-cdk/aws-logs';
+import { Construct } from '@aws-cdk/core';
+import { overrideProps } from '@aws-solutions-constructs/core';
+import { KinesisFirehoseToS3 } from '@aws-solutions-constructs/aws-kinesisfirehose-s3';
+
+/**
+ * @summary The properties for the EventbridgeToKinesisFirehoseToS3 Construct
+ */
+export interface EventbridgeToKinesisFirehoseToS3Props {
+  /**
+   * User provided eventRuleProps to override the defaults
+   *
+   * @default - None
+   */
+  readonly eventRuleProps: events.RuleProps
+  /**
+   * User provided props to override the default props for the Kinesis Firehose.
+   *
+   * @default - Default props are used
+   */
+  readonly kinesisFirehoseProps?: kinesisfirehose.CfnDeliveryStreamProps | any
+  /**
+   * Existing instance of S3 Bucket object, providing both this and `bucketProps` will cause an error.
+   *
+   * @default - None
+   */
+  readonly existingBucketObj?: s3.IBucket,
+  /**
+   * User provided props to override the default props for the S3 Bucket.
+   *
+   * @default - Default props are used
+   */
+  readonly bucketProps?: s3.BucketProps,
+  /**
+   * User provided props to override the default props for the CloudWatchLogs LogGroup.
+   *
+   * @default - Default props are used
+   */
+  readonly logGroupProps?: logs.LogGroupProps
+}
+
+export class EventbridgeToKinesisFirehoseToS3 extends Construct {
+  public readonly eventsRule: events.Rule;
+  public readonly eventsRole: iam.Role;
+  public readonly kinesisFirehose: kinesisfirehose.CfnDeliveryStream;
+  public readonly kinesisFirehoseLogGroup: logs.LogGroup;
+  public readonly kinesisFirehoseRole: iam.Role;
+  public readonly s3Bucket?: s3.Bucket;
+  public readonly s3LoggingBucket?: s3.Bucket;
+
+  /**
+   * @summary Constructs a new instance of the EventbridgeToKinesisFirehoseToS3 class.
+   * @param {cdk.App} scope - represents the scope for all the resources.
+   * @param {string} id - this is a a scope-unique id.
+   * @param {EventbridgeToKinesisFirehoseToS3Props} props - user provided props for the construct
+   * @access public
+   */
+  constructor(scope: Construct, id: string, props: EventbridgeToKinesisFirehoseToS3Props) {
+    super(scope, id);
+    defaults.CheckProps(props);
+
+    if (props.existingBucketObj && props.bucketProps) {
+      throw new Error('Cannot specify both bucket properties and an existing bucket');
+    }
+
+    // Set up the Kinesis Firehose using KinesisFirehoseToS3 construct
+    const firehoseToS3 = new KinesisFirehoseToS3(this, 'KinesisFirehoseToS3', {
+      kinesisFirehoseProps: props.kinesisFirehoseProps,
+      existingBucketObj: props.existingBucketObj,
+      bucketProps: props.bucketProps,
+      logGroupProps: props.logGroupProps
+    });
+    this.kinesisFirehose = firehoseToS3.kinesisFirehose;
+    this.s3Bucket = firehoseToS3.s3Bucket;
+    this.kinesisFirehoseRole = firehoseToS3.kinesisFirehoseRole;
+    this.s3LoggingBucket = firehoseToS3.s3LoggingBucket;
+    this.kinesisFirehoseLogGroup = firehoseToS3.kinesisFirehoseLogGroup;
+
+    // Create an events service role
+    this.eventsRole = new iam.Role(this, 'EventsRuleInvokeKinesisFirehoseRole', {
+      assumedBy: new iam.ServicePrincipal('events.amazonaws.com'),
+      description: 'Events Rule To Kinesis Firehose Role',
+    });
+
+    // Setup the IAM policy that grants events rule the permission to send cw events data to kinesis firehose
+    const eventsPolicy = new iam.Policy(this, 'EventsRuleInvokeKinesisFirehosePolicy', {
+      statements: [new iam.PolicyStatement({
+        actions: [
+          'firehose:PutRecord',
+          'firehose:PutRecordBatch'
+        ],
+        resources: [this.kinesisFirehose.attrArn]
+      })
+      ]});
+
+    // Attach policy to role
+    eventsPolicy.attachToRole(this.eventsRole);
+
+    // Set up the Kinesis Firehose as the target for event rule
+    const KinesisFirehoseEventTarget: events.IRuleTarget = {
+      bind: () => ({
+        id: '',
+        arn: this.kinesisFirehose.attrArn,
+        role: this.eventsRole
+      })
+    };
+
+    // Set up the events rule props
+    const defaultEventsRuleProps = defaults.DefaultEventsRuleProps([KinesisFirehoseEventTarget]);
+    const eventsRuleProps = overrideProps(defaultEventsRuleProps, props.eventRuleProps, true);
+
+    this.eventsRule = new events.Rule(this, 'EventsRule', eventsRuleProps);
+
+  }
+}

source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/lib/index.ts

@@ -0,0 +1,105 @@
+{
+  "name": "@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3",
+  "version": "0.0.0",
+  "description": "CDK Constructs for Amazon CloudWatch Events Rule to Amazon Kinesis Firehose to Amazon S3 integration.",
+  "main": "lib/index.js",
+  "types": "lib/index.d.ts",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/awslabs/aws-solutions-constructs.git",
+    "directory": "source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3"
+  },
+  "author": {
+    "name": "Amazon Web Services",
+    "url": "https://aws.amazon.com",
+    "organization": true
+  },
+  "license": "Apache-2.0",
+  "scripts": {
+    "build": "tsc -b .",
+    "lint": "eslint -c ../eslintrc.yml --ext=.js,.ts . && tslint --project .",
+    "lint-fix": "eslint -c ../eslintrc.yml --ext=.js,.ts --fix .",
+    "test": "jest --coverage",
+    "clean": "tsc -b --clean",
+    "watch": "tsc -b -w",
+    "integ": "cdk-integ",
+    "integ-assert": "cdk-integ-assert",
+    "integ-no-clean": "cdk-integ --no-clean",
+    "jsii": "jsii",
+    "jsii-pacmak": "jsii-pacmak",
+    "build+lint+test": "npm run jsii && npm run lint && npm test && npm run integ-assert",
+    "snapshot-update": "npm run jsii && npm test -- -u && npm run integ-assert"
+  },
+  "jsii": {
+    "outdir": "dist",
+    "targets": {
+      "java": {
+        "package": "software.amazon.awsconstructs.services.eventbridgekinesisfirehoses3",
+        "maven": {
+          "groupId": "software.amazon.awsconstructs",
+          "artifactId": "eventbridgekinesisfirehoses3"
+        }
+      },
+      "dotnet": {
+        "namespace": "Amazon.Constructs.AWS.EventbridgeKinesisFirehoseS3",
+        "packageId": "Amazon.Constructs.AWS.EventbridgeKinesisFirehoseS3",
+        "signAssembly": true,
+        "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png"
+      },
+      "python": {
+        "distName": "aws-solutions-constructs.aws-eventbridge-kinesis-firehose-s3",
+        "module": "aws_solutions_constructs.aws_eventbridge_kinesis_firehose_s3"
+      }
+    }
+  },
+  "dependencies": {
+    "@aws-cdk/aws-iam": "0.0.0",
+    "@aws-cdk/aws-kinesisfirehose": "0.0.0",
+    "@aws-cdk/aws-events": "0.0.0",
+    "@aws-cdk/core": "0.0.0",
+    "@aws-cdk/aws-s3": "0.0.0",
+    "@aws-cdk/aws-logs": "0.0.0",
+    "@aws-solutions-constructs/core": "0.0.0",
+    "@aws-solutions-constructs/aws-kinesisfirehose-s3": "0.0.0",
+    "constructs": "^3.2.0"
+  },
+  "devDependencies": {
+    "@aws-cdk/assert": "0.0.0",
+    "@types/jest": "^26.0.22",
+    "@types/node": "^10.3.0"
+  },
+  "jest": {
+    "moduleFileExtensions": [
+      "js"
+    ],
+    "coverageReporters": [
+      "text",
+      [
+        "lcov",
+        {
+          "projectRoot": "../../../../"
+        }
+      ]
+    ]
+  },
+  "peerDependencies": {
+    "@aws-cdk/aws-iam": "0.0.0",
+    "@aws-cdk/aws-kinesisfirehose": "0.0.0",
+    "@aws-cdk/aws-events": "0.0.0",
+    "@aws-cdk/aws-s3": "0.0.0",
+    "@aws-cdk/core": "0.0.0",
+    "@aws-solutions-constructs/core": "0.0.0",
+    "@aws-solutions-constructs/aws-kinesisfirehose-s3": "0.0.0",
+    "constructs": "^3.2.0",
+    "@aws-cdk/aws-logs": "0.0.0"
+  },
+  "keywords": [
+    "aws",
+    "cdk",
+    "awscdk",
+    "AWS Solutions Constructs",
+    "Amazon EventBridge",
+    "Amazon Kinesis Data Firehose",
+    "Amazon S3"
+  ]
+}