From 393e5c0058560ff10acdc2892cc40ad542dc1629 Mon Sep 17 00:00:00 2001 From: Kazuho Cryer-Shinozuka Date: Fri, 10 Jan 2025 08:47:12 +0900 Subject: [PATCH] feat(appconfig): environment deletion protection (#32737) ### Issue # (if applicable) None ### Reason for this change AWS AppConfig environment supports [deletion protection](https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html) and this feature is not configurable from AWS CDK. ### Description of changes - Add `DeletionProtectionCheck` enum - Add `deletionProtectionCheck` prop to `EnvironmentOption` There are two entities, `EnvironmentOptions` and `EnvironmentProps`, where `EnvironmentProps` is designed as an extension of `EnvironmentOptions` with the addition of an `application` prop. ```ts export interface EnvironmentProps extends EnvironmentOptions { /** * The application to be associated with the environment. */ readonly application: IApplication; } abstract class ApplicationBase extends cdk.Resource implements IApplication, IExtensible { public addEnvironment(id: string, options: EnvironmentOptions = {}): IEnvironment { return new Environment(this, id, { application: this, ...options, }); } ``` Therefore, the current argument addition has also been made to `EnvironmentOptions`. ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssert75BD28E7.assets.json | 2 +- .../aws-appconfig-environment.assets.json | 6 +- .../aws-appconfig-environment.template.json | 1 + .../integ.environment.js.snapshot/cdk.out | 2 +- .../integ.environment.js.snapshot/integ.json | 2 +- .../manifest.json | 13 +- .../integ.environment.js.snapshot/tree.json | 113 +++++++++--------- .../aws-appconfig/test/integ.environment.ts | 3 +- packages/aws-cdk-lib/aws-appconfig/README.md | 18 +++ .../aws-appconfig/lib/environment.ts | 9 ++ .../aws-cdk-lib/aws-appconfig/lib/index.ts | 1 + .../aws-cdk-lib/aws-appconfig/lib/util.ts | 25 ++++ .../aws-appconfig/test/environment.test.ts | 23 +++- 13 files changed, 143 insertions(+), 75 deletions(-) create mode 100644 packages/aws-cdk-lib/aws-appconfig/lib/util.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/appconfigenvironmentDefaultTestDeployAssert75BD28E7.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/appconfigenvironmentDefaultTestDeployAssert75BD28E7.assets.json index 947e7fb4d76ea..13d8dae10ffa1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/appconfigenvironmentDefaultTestDeployAssert75BD28E7.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/appconfigenvironmentDefaultTestDeployAssert75BD28E7.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "39.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.assets.json index 8ffcd1a6d5b6d..cdc65b59c1ce0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "39.0.0", "files": { - "6ec3a45c455c20f3072a3622b3e548aa72a4c1b8e5a1fac757962194d9f1c82d": { + "8b5317b754f85f2bf23708deb5bed067016cee6070da8f8fdf848daf7d5e028c": { "source": { "path": "aws-appconfig-environment.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6ec3a45c455c20f3072a3622b3e548aa72a4c1b8e5a1fac757962194d9f1c82d.json", + "objectKey": "8b5317b754f85f2bf23708deb5bed067016cee6070da8f8fdf848daf7d5e028c.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.template.json index ea327d13d23c1..6d109a20eb71e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/aws-appconfig-environment.template.json @@ -126,6 +126,7 @@ "ApplicationId": { "Ref": "MyApplicationForEnv1F597ED9" }, + "DeletionProtectionCheck": "ACCOUNT_DEFAULT", "Description": "This is the environment for integ testing", "Monitors": [ { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/cdk.out index 1f0068d32659a..91e1a8b9901d5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"39.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/integ.json index c314a395d9c88..49e33ed13ba49 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "39.0.0", "testCases": { "appconfig-environment/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/manifest.json index e21ade66747e8..7d7faf972f4ea 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "39.0.0", "artifacts": { "aws-appconfig-environment.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6ec3a45c455c20f3072a3622b3e548aa72a4c1b8e5a1fac757962194d9f1c82d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/8b5317b754f85f2bf23708deb5bed067016cee6070da8f8fdf848daf7d5e028c.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -105,15 +105,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "MyConfigDeployment36077E0B58611": [ - { - "type": "aws:cdk:logicalId", - "data": "MyConfigDeployment36077E0B58611", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "aws-appconfig-environment" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/tree.json index fd96c532cfa58..0e8689629772d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.js.snapshot/tree.json @@ -22,14 +22,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnApplication", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-appconfig-alpha.Application", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "StartDeploymentCallCountAlarm": { @@ -69,14 +69,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cloudwatch.CfnAlarm", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cloudwatch.Alarm", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "MyRole": { @@ -87,8 +87,8 @@ "id": "ImportMyRole", "path": "aws-appconfig-environment/MyRole/ImportMyRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "Resource": { @@ -127,14 +127,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "MyCompositeAlarm": { @@ -166,14 +166,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cloudwatch.CfnCompositeAlarm", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cloudwatch.CompositeAlarm", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "MyEnvironment": { @@ -188,8 +188,8 @@ "id": "ImportRole1963C", "path": "aws-appconfig-environment/MyEnvironment/Role1963C/ImportRole1963C", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "Resource": { @@ -228,14 +228,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "Resource": { @@ -247,6 +247,7 @@ "applicationId": { "Ref": "MyApplicationForEnv1F597ED9" }, + "deletionProtectionCheck": "ACCOUNT_DEFAULT", "description": "This is the environment for integ testing", "monitors": [ { @@ -296,14 +297,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnEnvironment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-appconfig-alpha.Environment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "MyDeploymentStrategy": { @@ -324,14 +325,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnDeploymentStrategy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-appconfig-alpha.DeploymentStrategy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "MyConfig": { @@ -352,8 +353,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnConfigurationProfile", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "Resource": { @@ -373,8 +374,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnHostedConfigurationVersion", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "Deployment1963C": { @@ -401,36 +402,36 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_appconfig.CfnDeployment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-appconfig-alpha.HostedConfiguration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-appconfig-environment/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-appconfig-environment/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "appconfig-environment": { @@ -446,7 +447,7 @@ "path": "appconfig-environment/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } }, "DeployAssert": { @@ -457,22 +458,22 @@ "id": "BootstrapVersion", "path": "appconfig-environment/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "appconfig-environment/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } }, @@ -492,13 +493,13 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.4.2" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.ts index e9c8b1bc81e60..aa11622386de7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.environment.ts @@ -2,7 +2,7 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import { App, Duration, PhysicalName, Stack } from 'aws-cdk-lib'; import { Alarm, ComparisonOperator, CompositeAlarm, Metric, TreatMissingData } from 'aws-cdk-lib/aws-cloudwatch'; import { Role, ServicePrincipal, Effect, PolicyStatement, PolicyDocument } from 'aws-cdk-lib/aws-iam'; -import { Application, ConfigurationContent, DeploymentStrategy, Environment, HostedConfiguration, Monitor, RolloutStrategy } from 'aws-cdk-lib/aws-appconfig'; +import { Application, ConfigurationContent, DeletionProtectionCheck, DeploymentStrategy, Environment, HostedConfiguration, Monitor, RolloutStrategy } from 'aws-cdk-lib/aws-appconfig'; const app = new App(); @@ -54,6 +54,7 @@ const compositeAlarm = new CompositeAlarm(stack, 'MyCompositeAlarm', { const env = new Environment(stack, 'MyEnvironment', { application: appForEnv, description: 'This is the environment for integ testing', + deletionProtectionCheck: DeletionProtectionCheck.ACCOUNT_DEFAULT, monitors: [ Monitor.fromCloudWatchAlarm(alarm), Monitor.fromCfnMonitorsProperty({ diff --git a/packages/aws-cdk-lib/aws-appconfig/README.md b/packages/aws-cdk-lib/aws-appconfig/README.md index 66c7034db0c23..2a84c45645b03 100644 --- a/packages/aws-cdk-lib/aws-appconfig/README.md +++ b/packages/aws-cdk-lib/aws-appconfig/README.md @@ -96,6 +96,24 @@ const user = new iam.User(this, 'MyUser'); env.grantReadConfig(user); ``` +### Deletion Protection Check + +You can enable [deletion protection](https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html) on the environment by setting the `deletionProtectionCheck` property. + +- ACCOUNT_DEFAULT: The default setting, which uses account-level deletion protection. To configure account-level deletion protection, use the UpdateAccountSettings API. +- APPLY: Instructs the deletion protection check to run, even if deletion protection is disabled at the account level. APPLY also forces the deletion protection check to run against resources created in the past hour, which are normally excluded from deletion protection checks. +- BYPASS: Instructs AWS AppConfig to bypass the deletion protection check and delete an environment even if deletion protection would have otherwise prevented it. + +```ts +declare const application: appconfig.Application; +declare const alarm: cloudwatch.Alarm; +declare const compositeAlarm: cloudwatch.CompositeAlarm; + +new appconfig.Environment(this, 'MyEnvironment', { + application, + deletionProtectionCheck: appconfig.DeletionProtectionCheck.APPLY, +}); +``` ## Deployment Strategy diff --git a/packages/aws-cdk-lib/aws-appconfig/lib/environment.ts b/packages/aws-cdk-lib/aws-appconfig/lib/environment.ts index 705cc9c2144cc..9c3c4318f33ca 100644 --- a/packages/aws-cdk-lib/aws-appconfig/lib/environment.ts +++ b/packages/aws-cdk-lib/aws-appconfig/lib/environment.ts @@ -4,6 +4,7 @@ import { IApplication } from './application'; import { IConfiguration } from './configuration'; import { ActionPoint, IEventDestination, ExtensionOptions, IExtension, IExtensible, ExtensibleBase } from './extension'; import { getHash } from './private/hash'; +import { DeletionProtectionCheck } from './util'; import * as cloudwatch from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; import { Resource, IResource, Stack, ArnFormat, PhysicalName, Names } from '../../core'; @@ -165,6 +166,13 @@ export interface EnvironmentOptions { * @default - No monitors. */ readonly monitors?: Monitor[]; + + /** + * A property to prevent accidental deletion of active environments. + * + * @default undefined - AppConfig default is ACCOUNT_DEFAULT + */ + readonly deletionProtectionCheck?: DeletionProtectionCheck; } /** @@ -309,6 +317,7 @@ export class Environment extends EnvironmentBase { applicationId: this.applicationId, name: this.name, description: this.description, + deletionProtectionCheck: props.deletionProtectionCheck, monitors: this.monitors?.map((monitor) => { return { alarmArn: monitor.alarmArn, diff --git a/packages/aws-cdk-lib/aws-appconfig/lib/index.ts b/packages/aws-cdk-lib/aws-appconfig/lib/index.ts index ff835da7514d6..062dfeee027b1 100644 --- a/packages/aws-cdk-lib/aws-appconfig/lib/index.ts +++ b/packages/aws-cdk-lib/aws-appconfig/lib/index.ts @@ -3,6 +3,7 @@ export * from './deployment-strategy'; export * from './extension'; export * from './application'; export * from './configuration'; +export * from './util'; // AWS::AppConfig CloudFormation Resources: export * from './appconfig.generated'; diff --git a/packages/aws-cdk-lib/aws-appconfig/lib/util.ts b/packages/aws-cdk-lib/aws-appconfig/lib/util.ts new file mode 100644 index 0000000000000..9e054d837b94b --- /dev/null +++ b/packages/aws-cdk-lib/aws-appconfig/lib/util.ts @@ -0,0 +1,25 @@ +/** + * The deletion protection check options. + */ +export enum DeletionProtectionCheck { + /** + * The default setting, + * which uses account-level deletion protection. To configure account-level deletion protection, use the UpdateAccountSettings API. + */ + ACCOUNT_DEFAULT = 'ACCOUNT_DEFAULT', + + /** + * Instructs the deletion protection check to run, + * even if deletion protection is disabled at the account level. + * + * APPLY also forces the deletion protection check to run against resources created in the past hour, + * which are normally excluded from deletion protection checks. + */ + APPLY = 'APPLY', + + /** + * Instructs AWS AppConfig to bypass the deletion protection check and delete an environment or a configuration profile + * even if deletion protection would have otherwise prevented it. + */ + BYPASS = 'BYPASS', +} diff --git a/packages/aws-cdk-lib/aws-appconfig/test/environment.test.ts b/packages/aws-cdk-lib/aws-appconfig/test/environment.test.ts index 398a5dbc728ee..4ee3b62abe865 100644 --- a/packages/aws-cdk-lib/aws-appconfig/test/environment.test.ts +++ b/packages/aws-cdk-lib/aws-appconfig/test/environment.test.ts @@ -2,7 +2,7 @@ import { Template } from '../../assertions'; import { Alarm, CompositeAlarm, Metric } from '../../aws-cloudwatch'; import * as iam from '../../aws-iam'; import * as cdk from '../../core'; -import { Application, ConfigurationContent, Environment, HostedConfiguration, Monitor } from '../lib'; +import { Application, ConfigurationContent, DeletionProtectionCheck, Environment, HostedConfiguration, Monitor } from '../lib'; describe('environment', () => { test('default environment', () => { @@ -20,6 +20,27 @@ describe('environment', () => { }); }); + test.each([ + DeletionProtectionCheck.ACCOUNT_DEFAULT, + DeletionProtectionCheck.APPLY, + DeletionProtectionCheck.BYPASS, + ])('environment with deletion protection check', (deletionProtectionCheck) => { + const stack = new cdk.Stack(); + const app = new Application(stack, 'MyAppConfig'); + new Environment(stack, 'MyEnvironment', { + application: app, + deletionProtectionCheck, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::AppConfig::Environment', { + Name: 'MyEnvironment', + ApplicationId: { + Ref: 'MyAppConfigB4B63E75', + }, + DeletionProtectionCheck: deletionProtectionCheck, + }); + }); + test('environment with name', () => { const stack = new cdk.Stack(); const app = new Application(stack, 'MyAppConfig');