Upgrade to Release 4.2.1

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.2.1] - 2022-05-02
+
+### Changed
+
+- A bug fix was made to update the S3 Access Log bucket to use new bucket ownership properties and policy settings rather than S3 ACLs
+
 ## [4.2.0] - 2022-12-05
 
 ### Added

source/infrastructure/cdk.json

@@ -1,6 +1,7 @@
 {
   "app": "npx ts-node --prefer-ts-exts bin/machine-to-cloud-connectivity.ts",
   "context": {
-    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": false
+    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": false,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true
   }
 }

source/infrastructure/lib/common-resource/logging-bucket.ts

@@ -3,7 +3,7 @@
 
 import { RemovalPolicy, Aws } from 'aws-cdk-lib';
 import { AnyPrincipal, Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
-import { BlockPublicAccess, Bucket, BucketAccessControl, BucketEncryption } from 'aws-cdk-lib/aws-s3';
+import { Bucket, BucketEncryption, ObjectOwnership } from 'aws-cdk-lib/aws-s3';
 import { NagSuppressions } from 'cdk-nag';
 import { Construct } from 'constructs';
 import { addCfnSuppressRules } from '../../utils/utils';
@@ -18,8 +18,7 @@ export class LoggingBucketConstruct extends Construct {
     super(scope, id);
 
     this.s3LoggingBucket = new Bucket(this, 'LogBucket', {
-      accessControl: BucketAccessControl.LOG_DELIVERY_WRITE,
-      blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
+      objectOwnership: ObjectOwnership.OBJECT_WRITER,
       encryption: BucketEncryption.S3_MANAGED,
       removalPolicy: RemovalPolicy.RETAIN,
       bucketName: `${Aws.STACK_NAME}-${Aws.ACCOUNT_ID}-log`
@@ -41,7 +40,8 @@ export class LoggingBucketConstruct extends Construct {
 
     // cdk-nag suppressions
     NagSuppressions.addResourceSuppressions(this.s3LoggingBucket, [
-      { id: 'AwsSolutions-S1', reason: 'This bucket is to store S3 logs, so it does not require access logs.' }
+      { id: 'AwsSolutions-S1', reason: 'This bucket is to store S3 logs, so it does not require access logs.' },
+      { id: 'AwsSolutions-S2', reason: 'Public Access Blocking is handled by objectOwnership' }
     ]);
   }
 }

source/infrastructure/package.json

@@ -1,6 +1,6 @@
 {
   "name": "machine-to-cloud-connectivity-infrastructure",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "author": {
     "name": "Amazon Web Services",
     "url": "https://aws.amazon.com/solutions"

source/infrastructure/test/__snapshots__/logging-bucket.test.ts.snap

@@ -12,6 +12,10 @@ Object {
               "id": "AwsSolutions-S1",
               "reason": "This bucket is to store S3 logs, so it does not require access logs.",
             },
+            Object {
+              "id": "AwsSolutions-S2",
+              "reason": "Public Access Blocking is handled by objectOwnership",
+            },
           ],
         },
         "cfn_nag": Object {
@@ -24,7 +28,6 @@ Object {
         },
       },
       "Properties": Object {
-        "AccessControl": "LogDeliveryWrite",
         "BucketEncryption": Object {
           "ServerSideEncryptionConfiguration": Array [
             Object {
@@ -49,11 +52,12 @@ Object {
             ],
           ],
         },
-        "PublicAccessBlockConfiguration": Object {
-          "BlockPublicAcls": true,
-          "BlockPublicPolicy": true,
-          "IgnorePublicAcls": true,
-          "RestrictPublicBuckets": true,
+        "OwnershipControls": Object {
+          "Rules": Array [
+            Object {
+              "ObjectOwnership": "ObjectWriter",
+            },
+          ],
         },
       },
       "Type": "AWS::S3::Bucket",

source/infrastructure/test/__snapshots__/machine-to-cloud-connectivity.test.ts.snap

@@ -6173,6 +6173,10 @@ Object {
               "id": "AwsSolutions-S1",
               "reason": "This bucket is to store S3 logs, so it does not require access logs.",
             },
+            Object {
+              "id": "AwsSolutions-S2",
+              "reason": "Public Access Blocking is handled by objectOwnership",
+            },
           ],
         },
         "cfn_nag": Object {
@@ -6210,11 +6214,12 @@ Object {
             ],
           ],
         },
-        "PublicAccessBlockConfiguration": Object {
-          "BlockPublicAcls": true,
-          "BlockPublicPolicy": true,
-          "IgnorePublicAcls": true,
-          "RestrictPublicBuckets": true,
+        "OwnershipControls": Object {
+          "Rules": Array [
+            Object {
+              "ObjectOwnership": "ObjectWriter",
+            },
+          ],
         },
       },
       "Type": "AWS::S3::Bucket",

source/lambda/connection-builder/package.json

@@ -1,6 +1,6 @@
 {
   "name": "connection-builder",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "The function creates a connection and deploys the connection into the Greengrass edge device.",
   "main": "index.js",
   "scripts": {

source/lambda/custom-resource/package.json

@@ -1,6 +1,6 @@
 {
   "name": "custom-resource",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "The solution's custom resource function",
   "main": "index.js",
   "scripts": {

source/lambda/greengrass-deployer/package.json

@@ -1,6 +1,6 @@
 {
   "name": "greengrass-deployer",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "The function deploys the Greengrass group and restarting connections.",
   "main": "index.js",
   "scripts": {

source/lambda/lib/aws-handlers/greengrass-v2-component-builder.ts

@@ -26,7 +26,7 @@ const PYTHON_MODULE_VERSION = {
   'OpenOPC-Python3x': '1.3.1',
   Pyro4: '4.81',
   'python-dateutil': '2.8.1',
-  requests_ntlm: '1.1.0',
+  requests_ntlm: '1.2.0',
   testresources: '2.0.1',
   wheel: '0.37.1',
   'twisted[serial]': '20.3.0',

source/lambda/lib/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lib",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "The Lambda functions common libraries",
   "main": "index.js",
   "scripts": {

source/lambda/sqs-message-consumer/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sqs-message-consumer",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "It consumes the SQS queue messages from IoT topic and stores the logs into the DynamoDB table.",
   "main": "index.js",
   "scripts": {

source/lambda/timestream-writer/package.json

@@ -1,6 +1,6 @@
 {
   "name": "timestream-writer",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "It consumes the Kinesis Data Stream data and store the data into Amazon Timestream table.",
   "main": "index.js",
   "scripts": {

source/machine_connector/m2c2_modbus_tcp_connector/requirements.txt

@@ -4,5 +4,5 @@ pyserial>=3.5
 pyserial-asyncio==0.6
 greengrasssdk==1.6.0
 backoff==2.2.1
-awsiotsdk==1.11.1
+awsiotsdk==1.13.0
 dateutil==1.4

source/machine_connector/m2c2_opcda_connector/requirements.txt

@@ -3,4 +3,4 @@ Pyro4==4.81
 OpenOPC-Python3x==1.3.1
 python-dateutil==2.8.1
 backoff==2.2.1
-awsiotsdk==1.11.1
+awsiotsdk==1.13.0

source/machine_connector/m2c2_osipi_connector/requirements.txt

@@ -1,6 +1,6 @@
 git+https://github.com/dcbark01/PI-Web-API-Client-Python.git@b620f72f2d2551632f406df44bd409f5cc305055
 
-requests_ntlm == 1.1.0
+requests_ntlm == 1.2.0
 greengrasssdk==1.6.0
 backoff==2.2.1
-awsiotsdk==1.11.1
+awsiotsdk==1.13.0

source/machine_connector/m2c2_publisher/requirements.txt

@@ -1,4 +1,4 @@
 greengrasssdk==1.6.0
 python-dateutil==2.8.1
 backoff==2.2.1
-awsiotsdk==1.11.3
+awsiotsdk==1.13.0

source/machine_connector/requirements_dev.txt

@@ -3,11 +3,11 @@ pytest==7.2.0
 pytest-cov==4.0.0
 pytest-mock==3.10.0
 python-dateutil==2.8.1
-awsiotsdk==1.11.1
+awsiotsdk==1.13.0
 greengrasssdk==1.6.0
 Pyro4==4.81
 OpenOPC-Python3x==1.3.1
 
 git+https://github.com/dcbark01/PI-Web-API-Client-Python.git@b620f72f2d2551632f406df44bd409f5cc305055
 
-requests_ntlm == 1.1.0
+requests_ntlm == 1.2.0

source/machine_connector/utils/__init__.py

@@ -6,4 +6,4 @@
 from .stream_manager_helper import StreamManagerHelperClient
 from .init_msg_metadata import InitMessage
 
-__version__ = "4.2.0"
+__version__ = "4.2.1"

source/machine_connector/utils/requirements.txt

@@ -1,3 +1,3 @@
 backoff==2.2.1
-awsiotsdk==1.11.1
+awsiotsdk==1.13.0
 greengrasssdk==1.6.1

source/package.json

@@ -1,6 +1,6 @@
 {
   "name": "machine-to-cloud-connectivity-framework-source",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "Machine to Cloud Connectivity Framework ESLint and prettier",
   "private": true,
   "license": "Apache-2.0",
@@ -23,12 +23,12 @@
     "eslint-config-react-app": "^7.0.0",
     "eslint-plugin-header": "^3.1.1",
     "eslint-plugin-import": "^2.25.4",
-    "eslint-plugin-jsdoc": "^38.0.6",
+    "eslint-plugin-jsdoc": "^43.1.1",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-prettier": "^4.0.0",
     "eslint-plugin-react": "^7.29.4",
     "eslint-plugin-react-hooks": "^4.3.0",
     "prettier": "^2.6.1",
     "typescript": "~4.6.3"
   }
-}
+}

source/ui/package.json

@@ -6,7 +6,7 @@
     "name": "Amazon Web Services",
     "url": "https://aws.amazon.com/solutions"
   },
-  "version": "4.2.0",
+  "version": "4.2.1",
   "private": true,
   "devDependencies": {
     "@aws-amplify/api": "4.0.40",