From bf23a47d8a41505f283eeb8f3490702572971f5b Mon Sep 17 00:00:00 2001 From: Alexander Sperling Date: Mon, 11 Aug 2025 09:24:16 +0200 Subject: [PATCH 1/3] fix(aws-secretsmanager): Secret transformation * Use new transform to update from deprecated python 3.9 lambda runtime --- .../aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts index c11915c67dbdf..7ed47c424e260 100644 --- a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts +++ b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts @@ -314,7 +314,7 @@ export class HostedRotation implements ec2.IConnectable { */ public bind(secret: ISecret, scope: Construct): CfnRotationSchedule.HostedRotationLambdaProperty { // https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-rotationschedule-hostedrotationlambda.html - Stack.of(scope).addTransform('AWS::SecretsManager-2020-07-23'); + Stack.of(scope).addTransform('AWS::SecretsManager-2024-09-16'); if (!this.props.vpc && this.props.securityGroups) { throw new ValidationError('`vpc` must be specified when specifying `securityGroups`.', secret); From 9915a36c1322af418aafde4d9d215c7de2e03a3f Mon Sep 17 00:00:00 2001 From: Alexander Sperling Date: Mon, 11 Aug 2025 10:24:46 +0200 Subject: [PATCH 2/3] chore(secretsmanager): Update unit test --- .../aws-secretsmanager/test/rotation-schedule.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts b/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts index 23236bc011cab..ae7ff317805bc 100644 --- a/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts +++ b/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts @@ -159,7 +159,7 @@ describe('default tests', () => { }); expect(app.synth().getStackByName(stack.stackName).template).toEqual(expect.objectContaining({ - Transform: 'AWS::SecretsManager-2020-07-23', + Transform: 'AWS::SecretsManager-2024-09-16', })); Template.fromStack(stack).hasResourceProperties('AWS::SecretsManager::ResourcePolicy', { From cd706d8416d3687c547879cf61a2f140e8fdd047 Mon Sep 17 00:00:00 2001 From: alex Date: Mon, 11 Aug 2025 20:48:44 +0200 Subject: [PATCH 3/3] chore: Fix test --- .../aws-cdk-rds-integ-secret-rotation.template.json | 2 +- .../aws-cdk-rds-integ-secret-rotation.template.json | 2 +- .../cdk-integ-secret-hosted-rotation.template.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.serverless-cluster-secret-rotation-custom-names.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.serverless-cluster-secret-rotation-custom-names.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json index 0a12dc325c73e..3e9c4582c1b8c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.serverless-cluster-secret-rotation-custom-names.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.serverless-cluster-secret-rotation-custom-names.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json @@ -1,5 +1,5 @@ { - "Transform": "AWS::SecretsManager-2020-07-23", + "Transform": "AWS::SecretsManager-2024-09-16", "Resources": { "DbSecurity381C2C15": { "Type": "AWS::KMS::Key", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json index c9972ef2c6403..350da170491cf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json @@ -1,5 +1,5 @@ { - "Transform": "AWS::SecretsManager-2020-07-23", + "Transform": "AWS::SecretsManager-2024-09-16", "Resources": { "DbSecurity381C2C15": { "Type": "AWS::KMS::Key", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.template.json index ba97007a7276d..a0d7970fec194 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.template.json @@ -1,6 +1,6 @@ { "Transform": [ - "AWS::SecretsManager-2020-07-23" + "AWS::SecretsManager-2024-09-16" ], "Resources": { "SecretA720EF05": {