Merge branch 'main' into hotswap-configurations

packages/aws-cdk/README.md

@@ -191,6 +191,8 @@ In order to deploy them, you can list the stacks you want to deploy. If your app
 
 If you want to deploy all of them, you can use the flag `--all` or the wildcard `*` to deploy all stacks in an app. Please note that, if you have a hierarchy of stacks as described above, `--all` and `*` will only match the stacks on the top level. If you want to match all the stacks in the hierarchy, use `**`. You can also combine these patterns. For example, if you want to deploy all stacks in the `Prod` stage, you can use `cdk deploy PipelineStack/Prod/**`.
 
+`--concurrency N` allows deploying multiple stacks in parallel while respecting inter-stack dependencies to speed up deployments. It does not protect against CloudFormation and other AWS account rate limiting.
+
 #### Parameters
 
 Pass parameters to your template during deployment by using `--parameters

packages/aws-cdk/THIRD_PARTY_LICENSES

@@ -1143,6 +1143,32 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
+----------------
+
+** [email protected] - https://www.npmjs.com/package/eventemitter3/v/4.0.7 | MIT
+The MIT License (MIT)
+
+Copyright (c) 2014 Arnout Kazemier
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+
 ----------------
 
 ** [email protected] - https://www.npmjs.com/package/fast-deep-equal/v/3.1.3 | MIT
@@ -2274,6 +2300,60 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 
+----------------
+
+** [email protected] - https://www.npmjs.com/package/p-finally/v/1.0.0 | MIT
+The MIT License (MIT)
+
+Copyright (c) Sindre Sorhus <[email protected]> (sindresorhus.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+----------------
+
+** [email protected] - https://www.npmjs.com/package/p-queue/v/6.6.2 | MIT
+MIT License
+
+Copyright (c) Sindre Sorhus <[email protected]> (https://sindresorhus.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+----------------
+
+** [email protected] - https://www.npmjs.com/package/p-timeout/v/3.2.0 | MIT
+MIT License
+
+Copyright (c) Sindre Sorhus <[email protected]> (sindresorhus.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
 ----------------
 
 ** [email protected] - https://www.npmjs.com/package/pac-proxy-agent/v/5.0.0 | MIT

packages/aws-cdk/lib/cdk-toolkit.ts

@@ -14,6 +14,7 @@ import { CloudExecutable } from './api/cxapp/cloud-executable';
 import { findCloudWatchLogGroups } from './api/logs/find-cloudwatch-logs';
 import { CloudWatchLogEventMonitor } from './api/logs/logs-monitor';
 import { StackActivityProgress } from './api/util/cloudformation/stack-activity-monitor';
+import { deployStacks } from './deploy';
 import { printSecurityDiff, printStackDiff, RequireApproval } from './diff';
 import { ResourceImporter } from './import';
 import { data, debug, error, highlight, print, success, warning } from './logging';
@@ -137,7 +138,7 @@ export class CdkToolkit {
     }
 
     const startSynthTime = new Date().getTime();
-    const stacks = await this.selectStacksForDeploy(options.selector, options.exclusively, options.cacheCloudAssembly);
+    const stackCollection = await this.selectStacksForDeploy(options.selector, options.exclusively, options.cacheCloudAssembly);
     const elapsedSynthTime = new Date().getTime() - startSynthTime;
     print('\n✨  Synthesis time: %ss\n', formatTime(elapsedSynthTime));
 
@@ -163,11 +164,19 @@ export class CdkToolkit {
       warning('⚠️ It should only be used for development - never use it for your production Stacks!');
     }
 
+    const stacks = stackCollection.stackArtifacts;
+
     const stackOutputs: { [key: string]: any } = { };
     const outputsFile = options.outputsFile;
 
-    for (const stack of stacks.stackArtifacts) {
-      if (stacks.stackCount !== 1) { highlight(stack.displayName); }
+    const concurrency = options.concurrency || 1;
+    const progress = concurrency > 1 ? StackActivityProgress.EVENTS : options.progress;
+    if (concurrency > 1 && options.progress && options.progress != StackActivityProgress.EVENTS) {
+      warning('⚠️ The --concurrency flag only supports --progress "events". Switching to "events".');
+    }
+
+    const deployStack = async (stack: cxapi.CloudFormationStackArtifact) => {
+      if (stackCollection.stackCount !== 1) { highlight(stack.displayName); }
       if (!stack.environment) {
         // eslint-disable-next-line max-len
         throw new Error(`Stack ${stack.displayName} does not define an environment, and AWS credentials could not be obtained from standard locations or no region was configured.`);
@@ -187,7 +196,7 @@ export class CdkToolkit {
             ci: options.ci,
           });
         }
-        continue;
+        return;
       }
 
       if (requireApproval !== RequireApproval.Never) {
@@ -201,6 +210,13 @@ export class CdkToolkit {
               'but terminal (TTY) is not attached so we are unable to get a confirmation from the user');
           }
 
+          // only talk to user if concurreny is 1 (otherwise, fail)
+          if (concurrency > 1) {
+            throw new Error(
+              '"--require-approval" is enabled and stack includes security-sensitive updates, ' +
+              'but concurrency is greater than 1 so we are unable to get a confirmation from the user');
+          }
+
           const confirmed = await promptly.confirm('Do you wish to deploy these changes (y/n)?');
           if (!confirmed) { throw new Error('Aborted by user'); }
         }
@@ -229,7 +245,7 @@ export class CdkToolkit {
           force: options.force,
           parameters: Object.assign({}, parameterMap['*'], parameterMap[stack.stackName]),
           usePreviousParameters: options.usePreviousParameters,
-          progress: options.progress,
+          progress,
           ci: options.ci,
           rollback: options.rollback,
           hotswap: options.hotswap,
@@ -278,6 +294,13 @@ export class CdkToolkit {
         }
       }
       print('\n✨  Total time: %ss\n', formatTime(elapsedSynthTime + elapsedDeployTime));
+    };
+
+    try {
+      await deployStacks(stacks, { concurrency, deployStack });
+    } catch (e) {
+      error('\n ❌ Deployment failed: %s', e);
+      throw e;
     }
   }
 
@@ -948,6 +971,14 @@ export interface DeployOptions extends CfnDeployOptions, WatchOptions {
    * @default - not monitoring CloudWatch logs
    */
   readonly cloudWatchLogMonitor?: CloudWatchLogEventMonitor;
+
+  /**
+   * Maximum number of simulatenous deployments (dependency permitting) to execute.
+   * The default is '1', which executes all deployments serially.
+   *
+   * @default 1
+   */
+  readonly concurrency?: number;
 }
 
 export interface ImportOptions extends CfnDeployOptions {

packages/aws-cdk/lib/cli.ts

@@ -146,7 +146,8 @@ async function parseCommandLineArguments() {
         desc: 'Show CloudWatch log events from all resources in the selected Stacks in the terminal. ' +
           "'true' by default, use --no-logs to turn off. " +
           "Only in effect if specified alongside the '--watch' option",
-      }),
+      })
+      .option('concurrency', { type: 'number', desc: 'Maximum number of simulatenous deployments (dependency permitting) to execute.', default: 1, requiresArg: true }),
     )
     .command('import [STACK]', 'Import existing resource(s) into the given STACK', (yargs: Argv) => yargs
       .option('execute', { type: 'boolean', desc: 'Whether to execute ChangeSet (--no-execute will NOT execute the ChangeSet)', default: true })
@@ -480,6 +481,7 @@ async function initCommandLine() {
           hotswap: args.hotswap,
           watch: args.watch,
           traceLogs: args.logs,
+          concurrency: args.concurrency,
         });
 
       case 'import':

packages/aws-cdk/lib/deploy.ts

@@ -0,0 +1,60 @@
+import * as cxapi from '@aws-cdk/cx-api';
+import PQueue from 'p-queue';
+
+type Options = {
+  concurrency: number;
+  deployStack: (stack: cxapi.CloudFormationStackArtifact) => Promise<void>;
+};
+
+type DeploymentState = 'pending' | 'queued' | 'deploying' | 'completed' | 'failed' | 'skipped';
+
+export const deployStacks = async (stacks: cxapi.CloudFormationStackArtifact[], { concurrency, deployStack }: Options): Promise<void> => {
+  const queue = new PQueue({ concurrency });
+  const deploymentStates = stacks.reduce((acc, stack) => ({ ...acc, [stack.id]: 'pending' as const }), {} as Record<string, DeploymentState>);
+
+  const isStackUnblocked = (stack: cxapi.CloudFormationStackArtifact) =>
+    stack.dependencies
+      .map(({ id }) => id)
+      .filter((id) => !id.endsWith('.assets'))
+      .every((id) => deploymentStates[id] === 'completed');
+
+  const hasAnyStackFailed = (states: Record<string, DeploymentState>) => Object.values(states).includes('failed');
+
+  const deploymentErrors: Error[] = [];
+
+  const enqueueStackDeploys = () => {
+    stacks.forEach(async (stack) => {
+      if (deploymentStates[stack.id] === 'pending' && isStackUnblocked(stack)) {
+        deploymentStates[stack.id] = 'queued';
+
+        await queue.add(async () => {
+          // Do not start new deployments if any has already failed
+          if (hasAnyStackFailed(deploymentStates)) {
+            deploymentStates[stack.id] = 'skipped';
+            return;
+          }
+
+          deploymentStates[stack.id] = 'deploying';
+
+          await deployStack(stack).catch((err) => {
+            deploymentStates[stack.id] = 'failed';
+            throw err;
+          });
+
+          deploymentStates[stack.id] = 'completed';
+          enqueueStackDeploys();
+        }).catch((err) => {
+          deploymentErrors.push(err);
+        });
+      }
+    });
+  };
+
+  enqueueStackDeploys();
+
+  await queue.onIdle();
+
+  if (deploymentErrors.length) {
+    throw Error(`Stack Deployments Failed: ${deploymentErrors}`);
+  }
+};

packages/aws-cdk/package.json

@@ -107,6 +107,7 @@
     "glob": "^7.2.3",
     "json-diff": "^0.9.0",
     "minimatch": ">=3.1",
+    "p-queue": "^6.6.2",
     "promptly": "^3.2.0",
     "proxy-agent": "^5.0.0",
     "semver": "^7.3.7",