feat: cdk best practices (#345)

* refactor: changes to IAM policies

* refactor: adding the nag suppression

* refactor: adding the nag suppression for emr on eks construct

* refactor: moved the cdk-nag to unit test and added suppressions

* refactor: introduce lambda boto3 layer

* refactor: refactor requirements.txt to remove boto3 reference

* refactor: fixed IAM policy to allow createlogstream and fix EKS to have logs enabled

* fix: updated suppression for cdk-nag test with new cdk-nag finding upon cdk version upgrade

* fix: test build with cdk-nag active

* update the cdk-nag-github-action

* fix: test build with cdk-nag active

* add AraBucket

* fix: issue when merged with boto3 lambda layer

* fix: issue with emr-eks autoscaler IAM scoping

* fix: issue with emr managed endpoint not deploying correctly

* fix: added props for notebook-managed-endpoint.ts, added newer version of EMR and

* fix: issue with how duplicate managed endpoint are handled

* fixing issues

* fix: update the requirements.txt for lambda layer

* doc: updates in emr-eks-cluster.ts and notebook-platform.ts

* fix: add the option to create or not the default nodegroups

* fixing issues

* refactor cdk

* fix: modified data-lake-exporter.ts to pass e2e testing and modified notebook-platform.ts to use Singleton-Key construct

* add doc

* fix: delete the custom provider implementation and add on contributor to include Role with cloudwatch log permissions to provider when it is created. See synchronous-athena-query.ts for example.

* fix: refactored synchronous-athena-query.ts

* refactor: modify the encryption mode for data lake storage to KMS instead of KMS_MANAGED

* refactor: grant lambda role access to stack default key

* fix: changes to cdk-nag to take into account the use of L2 CDK Provider and not the L3 one

* e2e test

* fix: changes to have cdk-nag run with the unit test, move cdk-nag folder under unit test one

* fix: change method in notebook-platform-helpers.ts for SecretValue not to use deprecated plainText. L222

* chore: self mutation

* fix: remove the deprecated python runtime from pre-bundled-function.ts

* fix: comment the cdk-nag test until we merge with the PR of flyway fix

* fix image for cdk nag test

* fix node version in cdk-nag workflow

Co-authored-by: Lotfi Mouhib <[email protected]>
Co-authored-by: lmouhib <[email protected]>
Co-authored-by: Automation <[email protected]>

Author: 3 people

.github/workflows/test-cdk-nag.yml

@@ -0,0 +1,28 @@
+name: NAG
+on:
+  pull_request: {}
+  workflow_dispatch: {}
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+      - name: Setup Node 14
+        uses: actions/setup-node@v2
+        with:
+          node-version: '14'
+      - name: Setup Java 11
+        uses: actions/setup-java@v2
+        with:
+          distribution: 'zulu' # OpenJDK
+          java-version: '11'
+      - name: Install dependencies
+        run: cd core && yarn install --check-files --frozen-lockfile
+      - name: Build
+        run: cd core && npx projen build
+    container:
+      image: jsii/superchain:1-buster-slim-node14