feat: cdk bump 2.165.0 (#782)

* bump cdk

---------

Co-authored-by: vgkowski <[email protected]>
Co-authored-by: lmouhib <[email protected]>

.projenrc.ts

@@ -5,8 +5,8 @@ import { Transform } from "projen/lib/javascript";
 import { dirname } from 'path';
 import { globSync } from 'glob';
 
-const CDK_VERSION = '2.145.0';
-const CDK_CONSTRUCTS_VERSION = '10.3.0';
+const CDK_VERSION = '2.165.0';
+const CDK_CONSTRUCTS_VERSION = '10.4.2';
 const JSII_VERSION = '~5.5.0';
 const KUBECTL_LAYER_VERSION='v30';
 

examples/datazone-msk-governance/tests/test_example.py

@@ -41,7 +41,7 @@ def results():
         "/my-stack-test/AWS679f53fac002430cb0da5b7982bd2287",
         [
             {'id':'AwsSolutions-IAM4', 'reason':'Managed Policy for Custom Resource provider framework role is setup by the CDK framework and can\'t be changed' },
-            {'id':'AwsSolutions-L1', 'reason':'Lambda Function for Custom Resource provider framework is setup by the CDK framework and can\'t be changed' },
+            {'id':'CdkNagValidationFailure', 'reason':'Lambda Function for Custom Resource provider framework is setup by the CDK framework and can\'t be resolved' },
         ],
         True,
     )

examples/opensearch-quickstart/tests/test_example.py

@@ -18,6 +18,7 @@ def results():
 
     # We suppress NAGs for the DSF construct because they are already tested in the framework
     suppress_nag(stack, 'MyOpenSearchCluster')
+    suppress_nag(stack, 'OpenSearchApi')
 
     NagSuppressions.add_resource_suppressions_by_path(stack,
         "/my-stack-test/MyOpenSearchCluster/Domain/Resource",
@@ -40,7 +41,7 @@ def results():
         "/my-stack-test/AWS679f53fac002430cb0da5b7982bd2287",
         [
             {'id':'AwsSolutions-IAM4', 'reason':'The Lambda is part of the CDK custom resource framework for SDK calls and can\'t be changed' },
-            {'id':'AwsSolutions-L1', 'reason': 'The Lambda is part of the CDK custom resource framework for SDK calls and can\'t be changed'}
+            {'id':'CdkNagValidationFailure', 'reason':'Lambda Function for Custom Resource provider framework is setup by the CDK framework and can\'t be resolved' },
         ],
         True,
     )

framework/test/unit/governance/datazone-msk-central-authorizer.test.ts

@@ -319,15 +319,7 @@ describe ('Creating a DataZoneMskCentralAuthorizer with default configuration',
               Action: 'sts:AssumeRole',
               Effect: 'Allow',
               Principal: {
-                Service: {
-                  'Fn::FindInMap': [
-                    'ServiceprincipalMap',
-                    {
-                      Ref: 'AWS::Region',
-                    },
-                    'states',
-                  ],
-                },
+                Service: 'states.amazonaws.com',
               },
             },
           ],
@@ -552,15 +544,7 @@ describe ('Creating a DataZoneMskCentralAuthorizer with default configuration',
               Action: 'sts:AssumeRole',
               Effect: 'Allow',
               Principal: {
-                Service: {
-                  'Fn::FindInMap': [
-                    'ServiceprincipalMap',
-                    {
-                      Ref: 'AWS::Region',
-                    },
-                    'states',
-                  ],
-                },
+                Service: 'states.amazonaws.com',
               },
             },
             {

framework/test/unit/governance/datazone-msk-environment-authorizer.test.ts

@@ -101,15 +101,7 @@ describe ('Creating a DataZoneMskEnvironmentAuthorizer with default configuratio
               Action: 'sts:AssumeRole',
               Effect: 'Allow',
               Principal: {
-                Service: {
-                  'Fn::FindInMap': [
-                    'ServiceprincipalMap',
-                    {
-                      Ref: 'AWS::Region',
-                    },
-                    'states',
-                  ],
-                },
+                Service: 'states.amazonaws.com',
               },
             },
             {

framework/test/unit/nag/consumption/nag-opensearch-api.test.ts

@@ -38,7 +38,7 @@ Aspects.of(stack).add(new AwsSolutionsChecks({ verbose: true }));
 NagSuppressions.addResourceSuppressionsByPath(
   stack,
   '/Stack/OpenSearch/SecurityGroup/Resource',
-  [{ id: 'CdkNagValidationFailure', reason: 'VPC can be created or supplied as props, so cidr block is not known in advance' }],
+  [{ id: 'CdkNagValidationFailure', reason: 'VPC can be created or supplied as props, so CIDR block is not known in advance' }],
 );
 NagSuppressions.addResourceSuppressionsByPath(
   stack,
@@ -111,6 +111,18 @@ NagSuppressions.addResourceSuppressionsByPath(
   ],
 );
 
+NagSuppressions.addResourceSuppressionsByPath(stack,
+  [
+    '/Stack/OpenSearchApi/Provider',
+    '/Stack/AWS679f53fac002430cb0da5b7982bd2287/Resource',
+    '/Stack/OpenSearch/CreateSLR/Provider',
+  ],
+  [
+    { id: 'CdkNagValidationFailure', reason: 'CDK custom resource provider framework is using intrinsic function to get latest node runtime per region which makes the NAG validation fails' },
+  ],
+  true,
+);
+
 //recommendaed FGAC https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html
 NagSuppressions.addResourceSuppressionsByPath(
   stack,

framework/test/unit/nag/consumption/nag-opensearch.test.ts

@@ -121,6 +121,18 @@ NagSuppressions.addResourceSuppressionsByPath(
   true,
 );
 
+NagSuppressions.addResourceSuppressionsByPath(stack,
+  [
+    '/Stack/OpenSearchApi/Provider',
+    '/Stack/AWS679f53fac002430cb0da5b7982bd2287',
+    '/Stack/OpenSearch/CreateSLR/Provider',
+  ],
+  [
+    { id: 'CdkNagValidationFailure', reason: 'CDK custom resource provider framework is using intrinsic function to get latest node runtime per region which makes the NAG validation fails' },
+  ],
+  true,
+);
+
 
 test('No unsuppressed Warnings', () => {
   const warnings = Annotations.fromStack(stack).findWarning('*', Match.stringLikeRegexp('AwsSolutions-.*'));