From b8ad5f3bd867ea300b1f06ad5625c5a9eaae24f4 Mon Sep 17 00:00:00 2001
From: Calvin Combs <comcalvi@amazon.com>
Date: Thu, 19 Sep 2024 12:48:41 -0700
Subject: [PATCH] more version fun

---
 packages/@aws-cdk/cx-api/FEATURE_FLAGS.md   | 22 +++++++++++++-
 packages/@aws-cdk/cx-api/package.json       |  4 +--
 packages/@aws-cdk/integ-runner/package.json |  4 +--
 packages/aws-cdk-lib/package.json           |  2 +-
 packages/aws-cdk/package.json               |  4 +--
 yarn.lock                                   | 32 ++++++++-------------
 6 files changed, 40 insertions(+), 28 deletions(-)

diff --git a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md
index 634630f6e9b41..beadd60aa4ed2 100644
--- a/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md
+++ b/packages/@aws-cdk/cx-api/FEATURE_FLAGS.md
@@ -73,6 +73,7 @@ Flags come in three types:
 | [@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault](#aws-cdkcustom-resourceslogapiresponsedatapropertytruedefault) | When enabled, the custom resource used for `AwsCustomResource` will configure the `logApiResponseData` property as true by default | 2.145.0 | (fix) |
 | [@aws-cdk/aws-s3:keepNotificationInImportedBucket](#aws-cdkaws-s3keepnotificationinimportedbucket) | When enabled, Adding notifications to a bucket in the current stack will not remove notification from imported stack. | 2.155.0 | (fix) |
 | [@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask](#aws-cdkaws-stepfunctions-tasksusenews3uriparametersforbedrockinvokemodeltask) | When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model. | 2.156.0 | (fix) |
+| [@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions](#aws-cdkaws-ecsreduceec2fargatecloudwatchpermissions) | When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration | 2.159.0 | (fix) |
 
 <!-- END table -->
 
@@ -134,7 +135,8 @@ The following json shows the current recommended set of flags, as `cdk init` wou
     "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
     "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
     "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
-    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false
+    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+    "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true
   }
 }
 ```
@@ -1378,4 +1380,22 @@ When this feature flag is enabled, specify newly introduced props 's3InputUri' a
 **Compatibility with old behavior:** Disable the feature flag to use input and output path fields for s3 URI
 
 
+### @aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions
+
+*When enabled, we will only grant the necessary permissions when users specify cloudwatch log group through logConfiguration* (fix)
+
+Currently, we automatically add a number of cloudwatch permissions to the task role when no cloudwatch log group is
+specified as logConfiguration and it will grant 'Resources': ['*'] to the task role.
+
+When this feature flag is enabled, we will only grant the necessary permissions when users specify cloudwatch log group.
+
+
+| Since | Default | Recommended |
+| ----- | ----- | ----- |
+| (not in v1) |  |  |
+| 2.159.0 | `false` | `true` |
+
+**Compatibility with old behavior:** Disable the feature flag to continue grant permissions to log group when no log group is specified
+
+
 <!-- END details -->
diff --git a/packages/@aws-cdk/cx-api/package.json b/packages/@aws-cdk/cx-api/package.json
index 9da12f5b7f962..31cc267e1ecc8 100644
--- a/packages/@aws-cdk/cx-api/package.json
+++ b/packages/@aws-cdk/cx-api/package.json
@@ -82,12 +82,12 @@
     "semver": "^7.6.3"
   },
   "peerDependencies": {
-    "@aws-cdk/cloud-assembly-schema": "^37.0.0"
+    "@aws-cdk/cloud-assembly-schema": "^38.0.0"
   },
   "license": "Apache-2.0",
   "devDependencies": {
     "@aws-cdk/cdk-build-tools": "0.0.0",
-    "@aws-cdk/cloud-assembly-schema": "^37.0.0",
+    "@aws-cdk/cloud-assembly-schema": "^38.0.0",
     "@aws-cdk/pkglint": "0.0.0",
     "@types/jest": "^29.5.12",
     "@types/mock-fs": "^4.13.4",
diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json
index b8dd646e98b2c..84312ef8dd01a 100644
--- a/packages/@aws-cdk/integ-runner/package.json
+++ b/packages/@aws-cdk/integ-runner/package.json
@@ -71,10 +71,10 @@
   },
   "dependencies": {
     "chokidar": "^3.6.0",
-    "@aws-cdk/cloud-assembly-schema": "^37.0.0",
+    "@aws-cdk/cloud-assembly-schema": "^38.0.0",
     "@aws-cdk/cloudformation-diff": "0.0.0",
     "@aws-cdk/cx-api": "0.0.0",
-    "cdk-assets": "^2.151.37",
+    "cdk-assets": "^2.154.0",
     "@aws-cdk/aws-service-spec": "^0.1.24",
 
     "@aws-cdk/cdk-cli-wrapper": "0.0.0",
diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json
index f4dac01903dfe..3003b87c37138 100644
--- a/packages/aws-cdk-lib/package.json
+++ b/packages/aws-cdk-lib/package.json
@@ -122,7 +122,7 @@
     "@aws-cdk/asset-awscli-v1": "^2.2.202",
     "@aws-cdk/asset-kubectl-v20": "^2.1.2",
     "@aws-cdk/asset-node-proxy-agent-v6": "^2.1.0",
-    "@aws-cdk/cloud-assembly-schema": "^37.0.0",
+    "@aws-cdk/cloud-assembly-schema": "^38.0.0",
     "@balena/dockerignore": "^1.0.2",
     "case": "1.6.3",
     "fs-extra": "^11.2.0",
diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json
index 9f5d1868f83e5..7946d4256d6e5 100644
--- a/packages/aws-cdk/package.json
+++ b/packages/aws-cdk/package.json
@@ -96,7 +96,7 @@
     "xml-js": "^1.6.11"
   },
   "dependencies": {
-    "@aws-cdk/cloud-assembly-schema": "^37.0.0",
+    "@aws-cdk/cloud-assembly-schema": "^38.0.0",
     "@aws-cdk/cloudformation-diff": "0.0.0",
     "@aws-cdk/cx-api": "0.0.0",
     "@aws-cdk/region-info": "0.0.0",
@@ -104,7 +104,7 @@
     "archiver": "^5.3.2",
     "aws-sdk": "^2.1691.0",
     "camelcase": "^6.3.0",
-    "cdk-assets": "^2.151.37",
+    "cdk-assets": "^2.154.0",
     "cdk-from-cfn": "^0.162.0",
     "chalk": "^4",
     "chokidar": "^3.6.0",
diff --git a/yarn.lock b/yarn.lock
index 6d02f9d31c8f1..3c101cd0d04e9 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -59,26 +59,18 @@
     "@aws-cdk/service-spec-types" "^0.0.91"
     "@cdklabs/tskb" "^0.0.3"
 
-"@aws-cdk/cloud-assembly-schema@^36.1.1":
-  version "36.3.0"
-  resolved "https://registry.npmjs.org/@aws-cdk/cloud-assembly-schema/-/cloud-assembly-schema-36.3.0.tgz#17aeb389cbbff72f2b8d5b3b25d8d21d6ec3f0ef"
-  integrity sha512-mLSYgcMFTNCXrGAD7xob95p9s47/7WwEWUJiexxM46H2GxiijhlhLQJs31AS5uRRP6Cx1DLEu4qayKAUOOVGrw==
-  dependencies:
-    jsonschema "^1.4.1"
-    semver "^7.6.3"
-
-"@aws-cdk/cloud-assembly-schema@^37.0.0":
-  version "37.0.0"
-  resolved "https://registry.npmjs.org/@aws-cdk/cloud-assembly-schema/-/cloud-assembly-schema-37.0.0.tgz#a265f00d40135cbd2a65034ee6e0776caecaa232"
-  integrity sha512-iCY/vEBnb7zRUj9LRRz52Ol0gWEJvnbZNouISFi8GtA8YZ7BFuh+fN24qQNn1lGNjPli4E1Nn2JNk1P//gNrOw==
+"@aws-cdk/cloud-assembly-schema@^38.0.0":
+  version "38.0.1"
+  resolved "https://registry.npmjs.org/@aws-cdk/cloud-assembly-schema/-/cloud-assembly-schema-38.0.1.tgz#cdf4684ae8778459e039cd44082ea644a3504ca9"
+  integrity sha512-KvPe+NMWAulfNVwY7jenFhzhuLhLqJ/OPy5jx7wUstbjnYnjRVLpUHPU3yCjXFE0J8cuJVdx95BJ4rOs66Pi9w==
   dependencies:
     jsonschema "^1.4.1"
     semver "^7.6.3"
 
 "@aws-cdk/cx-api@^2.158.0":
-  version "2.158.0"
-  resolved "https://registry.npmjs.org/@aws-cdk/cx-api/-/cx-api-2.158.0.tgz#f151027803dd7ecfcf69d3f23ab07276678d0560"
-  integrity sha512-hiSaCK6Wc29WbYaf05pvaABhRS/M8wqOgG0e3djhDp7OHiY3/fNW1dcQHwjMY6oq9Sppcgts8w4jrhapIKEQBg==
+  version "2.159.0"
+  resolved "https://registry.npmjs.org/@aws-cdk/cx-api/-/cx-api-2.159.0.tgz#567c0ae0d7a6fc2f7cb9bda7e6cb23fac8d99094"
+  integrity sha512-HVkHCKQjVi3PCSOF22zLztZMEL+cJcyVvFctS3vXPetgl77L+e/onaGt1AUwRcNY44tvbqJm3oIVQt2HqM3q7w==
   dependencies:
     semver "^7.6.3"
 
@@ -8762,12 +8754,12 @@ case@1.6.3, case@^1.6.3:
   resolved "https://registry.npmjs.org/case/-/case-1.6.3.tgz#0a4386e3e9825351ca2e6216c60467ff5f1ea1c9"
   integrity sha512-mzDSXIPaFwVDvZAHqZ9VlbyF4yyXRuX6IvB06WvPYkqJVO24kX1PPhv9bfpKNFZyxYFmmgo03HUiD8iklmJYRQ==
 
-cdk-assets@^2.151.37:
-  version "2.151.37"
-  resolved "https://registry.npmjs.org/cdk-assets/-/cdk-assets-2.151.37.tgz#f3f024803eed0105e3608c7cd2e7340befb0834a"
-  integrity sha512-UvYktNzwE28Tt5CzJvR8R5aHw7EnJ8Fkk8p8Tj6d2Xz5/hDpDGSE5vC5bOjPOKcxFusAdOtyEfq/gYUKR2emEA==
+cdk-assets@^2.154.0:
+  version "2.154.0"
+  resolved "https://registry.npmjs.org/cdk-assets/-/cdk-assets-2.154.0.tgz#675d239c0156ca05c4a2809b30858c843f984ead"
+  integrity sha512-8M3zLHCx8nj5Fv5ubEps53jh22NN9G7ZLuq1AJwPdXZP7+nb4q5tdl2Ah2ZPMM/dob9u3KTwNeN34oLKHfDzbw==
   dependencies:
-    "@aws-cdk/cloud-assembly-schema" "^36.1.1"
+    "@aws-cdk/cloud-assembly-schema" "^38.0.0"
     "@aws-cdk/cx-api" "^2.158.0"
     archiver "^5.3.2"
     aws-sdk "^2.1691.0"