chore(ec2): use aws-sdk-js-codemod for moving to JS SDK v3

packages/aws-cdk-lib/aws-ec2/lib/cfn-init-elements.ts

@@ -174,10 +174,10 @@ export interface InitCommandOptions {
 export abstract class InitCommandWaitDuration {
   /** Wait for a specified duration after a command. */
   public static of(duration: Duration): InitCommandWaitDuration {
-    return new class extends InitCommandWaitDuration {
+    return new (class extends InitCommandWaitDuration {
       /** @internal */
       public _render() { return duration.toSeconds(); }
-    }();
+    })();
   }
 
   /** Do not wait for this command. */
@@ -330,7 +330,7 @@ export abstract class InitFile extends InitElement {
     if (!content) {
       throw new Error(`InitFile ${fileName}: cannot create empty file. Please supply at least one character of content.`);
     }
-    return new class extends InitFile {
+    return new (class extends InitFile {
       protected _doBind(bindOptions: InitBindOptions) {
         return {
           config: this._standardConfig(options, bindOptions.platform, {
@@ -339,7 +339,7 @@ export abstract class InitFile extends InitElement {
           }),
         };
       }
-    }(fileName, options);
+    })(fileName, options);
   }
 
   /**
@@ -359,15 +359,15 @@ export abstract class InitFile extends InitElement {
    * May contain tokens.
    */
   public static fromObject(fileName: string, obj: Record<string, any>, options: InitFileOptions = {}): InitFile {
-    return new class extends InitFile {
+    return new (class extends InitFile {
       protected _doBind(bindOptions: InitBindOptions) {
         return {
           config: this._standardConfig(options, bindOptions.platform, {
             content: obj,
           }),
         };
       }
-    }(fileName, options);
+    })(fileName, options);
   }
 
   /**
@@ -388,22 +388,22 @@ export abstract class InitFile extends InitElement {
    * Download from a URL at instance startup time
    */
   public static fromUrl(fileName: string, url: string, options: InitFileOptions = {}): InitFile {
-    return new class extends InitFile {
+    return new (class extends InitFile {
       protected _doBind(bindOptions: InitBindOptions) {
         return {
           config: this._standardConfig(options, bindOptions.platform, {
             source: url,
           }),
         };
       }
-    }(fileName, options);
+    })(fileName, options);
   }
 
   /**
    * Download a file from an S3 bucket at instance startup time
    */
   public static fromS3Object(fileName: string, bucket: s3.IBucket, key: string, options: InitFileOptions = {}): InitFile {
-    return new class extends InitFile {
+    return new (class extends InitFile {
       protected _doBind(bindOptions: InitBindOptions) {
         bucket.grantRead(bindOptions.instanceRole, key);
         return {
@@ -413,7 +413,7 @@ export abstract class InitFile extends InitElement {
           authentication: standardS3Auth(bindOptions.instanceRole, bucket.bucketName),
         };
       }
-    }(fileName, options);
+    })(fileName, options);
   }
 
   /**
@@ -422,7 +422,7 @@ export abstract class InitFile extends InitElement {
    * This is appropriate for files that are too large to embed into the template.
    */
   public static fromAsset(targetFileName: string, path: string, options: InitFileAssetOptions = {}): InitFile {
-    return new class extends InitFile {
+    return new (class extends InitFile {
       protected _doBind(bindOptions: InitBindOptions) {
         const asset = new s3_assets.Asset(bindOptions.scope, `${targetFileName}Asset`, {
           path,
@@ -438,14 +438,14 @@ export abstract class InitFile extends InitElement {
           assetHash: asset.assetHash,
         };
       }
-    }(targetFileName, options);
+    })(targetFileName, options);
   }
 
   /**
    * Use a file from an asset at instance startup time
    */
   public static fromExistingAsset(targetFileName: string, asset: s3_assets.Asset, options: InitFileOptions = {}): InitFile {
-    return new class extends InitFile {
+    return new (class extends InitFile {
       protected _doBind(bindOptions: InitBindOptions) {
         asset.grantRead(bindOptions.instanceRole);
         return {
@@ -456,7 +456,7 @@ export abstract class InitFile extends InitElement {
           assetHash: asset.assetHash,
         };
       }
-    }(targetFileName, options);
+    })(targetFileName, options);
   }
 
   public readonly elementType = InitElementType.FILE.toString();
@@ -923,7 +923,7 @@ export abstract class InitSource extends InitElement {
    * Extract an archive stored in an S3 bucket into the given directory
    */
   public static fromS3Object(targetDirectory: string, bucket: s3.IBucket, key: string, options: InitSourceOptions = {}): InitSource {
-    return new class extends InitSource {
+    return new (class extends InitSource {
       protected _doBind(bindOptions: InitBindOptions) {
         bucket.grantRead(bindOptions.instanceRole, key);
 
@@ -932,14 +932,14 @@ export abstract class InitSource extends InitElement {
           authentication: standardS3Auth(bindOptions.instanceRole, bucket.bucketName),
         };
       }
-    }(targetDirectory, options.serviceRestartHandles);
+    })(targetDirectory, options.serviceRestartHandles);
   }
 
   /**
    * Create an InitSource from an asset created from the given path.
    */
   public static fromAsset(targetDirectory: string, path: string, options: InitSourceAssetOptions = {}): InitSource {
-    return new class extends InitSource {
+    return new (class extends InitSource {
       protected _doBind(bindOptions: InitBindOptions) {
         const asset = new s3_assets.Asset(bindOptions.scope, `${targetDirectory}Asset`, {
           path,
@@ -953,14 +953,14 @@ export abstract class InitSource extends InitElement {
           assetHash: asset.assetHash,
         };
       }
-    }(targetDirectory, options.serviceRestartHandles);
+    })(targetDirectory, options.serviceRestartHandles);
   }
 
   /**
    * Extract a directory from an existing directory asset.
    */
   public static fromExistingAsset(targetDirectory: string, asset: s3_assets.Asset, options: InitSourceOptions = {}): InitSource {
-    return new class extends InitSource {
+    return new (class extends InitSource {
       protected _doBind(bindOptions: InitBindOptions) {
         asset.grantRead(bindOptions.instanceRole);
 
@@ -970,7 +970,7 @@ export abstract class InitSource extends InitElement {
           assetHash: asset.assetHash,
         };
       }
-    }(targetDirectory, options.serviceRestartHandles);
+    })(targetDirectory, options.serviceRestartHandles);
   }
 
   public readonly elementType = InitElementType.SOURCE.toString();

packages/aws-cdk-lib/aws-ec2/lib/cfn-init.ts

@@ -308,7 +308,7 @@ function deepMerge(target?: Record<string, any>, src?: Record<string, any>) {
         throw new Error(`Trying to merge array [${value}] into a non-array '${target[key]}'`);
       }
       target[key] = Array.from(new Set([
-        ...target[key] ?? [],
+        ...(target[key] ?? []),
         ...value,
       ]));
       continue;

packages/aws-cdk-lib/aws-ec2/lib/restrict-default-security-group-handler/index.ts

@@ -1,12 +1,20 @@
 // eslint-disable-next-line import/no-extraneous-dependencies
-import { EC2 } from 'aws-sdk';
+
+import * as AWS_EC2 from '@aws-sdk/client-ec2';
+
+const {
+  EC2,
+} = AWS_EC2;
 
 const ec2 = new EC2();
 
 /**
  * The default security group ingress rule. This can be used to both revoke and authorize the rules
  */
-function ingressRuleParams(groupId: string, account: string): EC2.RevokeSecurityGroupIngressRequest | EC2.AuthorizeSecurityGroupIngressRequest {
+function ingressRuleParams(
+  groupId: string,
+  account: string,
+): AWS_EC2.RevokeSecurityGroupIngressCommandInput | AWS_EC2.AuthorizeSecurityGroupIngressCommandInput {
   return {
     GroupId: groupId,
     IpPermissions: [{
@@ -22,7 +30,7 @@ function ingressRuleParams(groupId: string, account: string): EC2.RevokeSecurity
 /**
  * The default security group egress rule. This can be used to both revoke and authorize the rules
  */
-function egressRuleParams(groupId: string): EC2.RevokeSecurityGroupEgressRequest | EC2.AuthorizeSecurityGroupEgressRequest {
+function egressRuleParams(groupId: string): AWS_EC2.RevokeSecurityGroupEgressCommandInput | AWS_EC2.AuthorizeSecurityGroupEgressCommandInput {
   return {
     GroupId: groupId,
     IpPermissions: [{
@@ -67,16 +75,16 @@ async function onUpdate(event: AWSLambda.CloudFormationCustomResourceUpdateEvent
  * Revoke both ingress and egress rules
  */
 async function revokeRules(groupId: string, account: string): Promise<void> {
-  await ec2.revokeSecurityGroupEgress(egressRuleParams(groupId)).promise();
-  await ec2.revokeSecurityGroupIngress(ingressRuleParams(groupId, account)).promise();
+  await ec2.revokeSecurityGroupEgress(egressRuleParams(groupId));
+  await ec2.revokeSecurityGroupIngress(ingressRuleParams(groupId, account));
   return;
 }
 
 /**
  * Authorize both ingress and egress rules
  */
 async function authorizeRules(groupId: string, account: string): Promise<void> {
-  await ec2.authorizeSecurityGroupIngress(ingressRuleParams(groupId, account)).promise();
-  await ec2.authorizeSecurityGroupEgress(egressRuleParams(groupId)).promise();
+  await ec2.authorizeSecurityGroupIngress(ingressRuleParams(groupId, account));
+  await ec2.authorizeSecurityGroupEgress(egressRuleParams(groupId));
   return;
 }

packages/aws-cdk-lib/aws-ec2/test/import-certificates-handler/index.ts

@@ -1,5 +1,5 @@
 import * as fs from 'fs';
-import { ACM } from 'aws-sdk'; // eslint-disable-line import/no-extraneous-dependencies
+import { ACM } from '@aws-sdk/client-acm';
 
 const acm = new ACM();
 
@@ -12,7 +12,7 @@ export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent
           Certificate: fs.readFileSync('./server.crt'),
           PrivateKey: fs.readFileSync('./server.key'),
           CertificateChain: fs.readFileSync('./ca.crt'),
-        }).promise();
+        });
       }
 
       let clientImport;
@@ -21,7 +21,7 @@ export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent
           Certificate: fs.readFileSync('./client1.domain.tld.crt'),
           PrivateKey: fs.readFileSync('./client1.domain.tld.key'),
           CertificateChain: fs.readFileSync('./ca.crt'),
-        }).promise();
+        });
       }
 
       return {
@@ -36,12 +36,12 @@ export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent
       if (event.ResourceProperties.ServerCertificateArn) {
         await acm.deleteCertificate({
           CertificateArn: event.ResourceProperties.ServerCertificateArn,
-        }).promise();
+        });
       }
       if (event.ResourceProperties.ClientCertificateArn) {
         await acm.deleteCertificate({
           CertificateArn: event.ResourceProperties.ClientCertificateArn,
-        }).promise();
+        });
       }
       return;
   }

packages/aws-cdk-lib/aws-ec2/test/volume.test.ts

@@ -1417,39 +1417,31 @@ describe('volume', () => {
           availabilityZone: 'us-east-1a',
           size: cdk.Size.gibibytes(min - 1),
           volumeType,
-          ...iops
-            ? { iops }
-            : {},
+          ...(iops ? { iops } : {}),
         });
       }).toThrow(/volumes must be between/);
       expect(() => {
         new Volume(stack, `Volume${idx++}`, {
           availabilityZone: 'us-east-1a',
           size: cdk.Size.gibibytes(min),
           volumeType,
-          ...iops
-            ? { iops }
-            : {},
+          ...(iops ? { iops } : {}),
         });
       }).not.toThrow();
       expect(() => {
         new Volume(stack, `Volume${idx++}`, {
           availabilityZone: 'us-east-1a',
           size: cdk.Size.gibibytes(max),
           volumeType,
-          ...iops
-            ? { iops }
-            : {},
+          ...(iops ? { iops } : {}),
         });
       }).not.toThrow();
       expect(() => {
         new Volume(stack, `Volume${idx++}`, {
           availabilityZone: 'us-east-1a',
           size: cdk.Size.gibibytes(max + 1),
           volumeType,
-          ...iops
-            ? { iops }
-            : {},
+          ...(iops ? { iops } : {}),
         });
       }).toThrow(/volumes must be between/);
     }
@@ -1480,7 +1472,7 @@ describe('volume', () => {
         availabilityZone: 'us-east-1a',
         size: cdk.Size.gibibytes(125),
         volumeType,
-        ...iops ? { iops }: {},
+        ...(iops ? { iops } : {}),
         throughput: 125,
       });
     }).toThrow(/throughput property requires volumeType: EbsDeviceVolumeType.GP3/);

packages/aws-cdk-lib/package.json

@@ -126,6 +126,7 @@
     "@aws-cdk/asset-awscli-v1": "^2.2.200",
     "@aws-cdk/asset-node-proxy-agent-v5": "^2.0.166",
     "@aws-cdk/asset-kubectl-v20": "^2.1.2",
+    "@aws-sdk/client-ec2": "^3.387.0",
     "@balena/dockerignore": "^1.0.2",
     "case": "1.6.3",
     "fs-extra": "^11.1.1",