cdk-lambda-subminute 2.0.286 → 2.0.288

package/node_modules/aws-sdk/lib/config_service_placeholders.d.ts

@@ -358,6 +358,7 @@ export abstract class ConfigurationServicePlaceholders {
   bedrock?: AWS.Bedrock.Types.ClientConfiguration;
   bedrockruntime?: AWS.BedrockRuntime.Types.ClientConfiguration;
   datazone?: AWS.DataZone.Types.ClientConfiguration;
+  launchwizard?: AWS.LaunchWizard.Types.ClientConfiguration;
 }
 export interface ConfigurationServiceApiVersions {
   acm?: AWS.ACM.Types.apiVersion;
@@ -718,4 +719,5 @@ export interface ConfigurationServiceApiVersions {
   bedrock?: AWS.Bedrock.Types.apiVersion;
   bedrockruntime?: AWS.BedrockRuntime.Types.apiVersion;
   datazone?: AWS.DataZone.Types.apiVersion;
+  launchwizard?: AWS.LaunchWizard.Types.apiVersion;
 }

package/node_modules/aws-sdk/lib/core.js

@@ -20,7 +20,7 @@ AWS.util.update(AWS, {
   /**
    * @constant
    */
-  VERSION: '2.1486.0',
+  VERSION: '2.1488.0',
 
   /**
    * @api private

package/node_modules/aws-sdk/lib/credentials/ec2_metadata_credentials.d.ts

@@ -28,4 +28,18 @@ interface EC2MetadataCredentialsOptions {
     }
     maxRetries?: number
     logger?: Logger
+    /**
+     * Prevent IMDSv1 fallback.
+     */
+    ec2MetadataV1Disabled?: boolean
+
+    /**
+     * profile name to check for IMDSv1 settings.
+     */
+    profile?: string
+
+    /**
+     * optional file from which to to get config.
+     */
+    filename?: string
 }

package/node_modules/aws-sdk/lib/credentials/ec2_metadata_credentials.js

@@ -20,6 +20,7 @@ require('../metadata_service');
  *   maxRetries: 10, // retry 10 times
  *   retryDelayOptions: { base: 200 }, // see AWS.Config for information
  *   logger: console // see AWS.Config for information
+ *   ec2MetadataV1Disabled: false // whether to block IMDS v1 fallback.
  * });
  * ```
  *

package/node_modules/aws-sdk/lib/metadata_service.d.ts

@@ -54,4 +54,19 @@ interface MetadataServiceOptions {
      * A set of options to configure the retry delay on retryable errors. See AWS.Config for details.
      */
     retryDelayOptions?: any
-}
+
+    /**
+     * Prevent IMDSv1 fallback.
+     */
+    ec2MetadataV1Disabled?: boolean
+
+    /**
+     * profile name to check for IMDSv1 settings.
+     */
+    profile?: string
+
+    /**
+     * optional file from which to to get config.
+     */
+    filename?: string
+}

package/node_modules/aws-sdk/lib/metadata_service.js

@@ -58,12 +58,18 @@ AWS.MetadataService = inherit({
    *   perform for timeout errors
    * @option options retryDelayOptions [map] A set of options to configure the
    *   retry delay on retryable errors. See AWS.Config for details.
+   * @option options ec2MetadataV1Disabled [boolean] Whether to block IMDS v1 fallback.
+   * @option options profile [string] A profile to check for IMDSv1 fallback settings.
+   * @option options filename [string] Optional filename for the config file.
    */
   constructor: function MetadataService(options) {
     if (options && options.host) {
       options.endpoint = 'http://' + options.host;
       delete options.host;
     }
+    this.profile = options && options.profile || process.env.AWS_PROFILE || AWS.util.defaultProfile;
+    this.ec2MetadataV1Disabled = !!(options && options.ec2MetadataV1Disabled);
+    this.filename = options && options.filename;
     AWS.util.update(this, options);
   },
 
@@ -146,6 +152,36 @@ AWS.MetadataService = inherit({
     var self = this;
     var basePath = '/latest/meta-data/iam/security-credentials/';
 
+    var isImdsV1Fallback = self.disableFetchToken
+      || !(options && options.headers && options.headers['x-aws-ec2-metadata-token']);
+
+    if (isImdsV1Fallback && !(process.env.AWS_EC2_METADATA_DISABLED)) {
+      try {
+        var profiles = AWS.util.getProfilesFromSharedConfig(AWS.util.iniLoader, this.filename);
+        var profileSettings = profiles[this.profile] || {};
+      } catch (e) {
+        profileSettings = {};
+      }
+
+      if (profileSettings.ec2_metadata_v1_disabled && profileSettings.ec2_metadata_v1_disabled !== 'false') {
+        return cb(AWS.util.error(
+          new Error('AWS EC2 Metadata v1 fallback has been blocked by AWS config file profile.')
+        ));
+      }
+
+      if (self.ec2MetadataV1Disabled) {
+        return cb(AWS.util.error(
+          new Error('AWS EC2 Metadata v1 fallback has been blocked by AWS.MetadataService::options.ec2MetadataV1Disabled=true.')
+        ));
+      }
+
+      if (process.env.AWS_EC2_METADATA_V1_DISABLED && process.env.AWS_EC2_METADATA_V1_DISABLED !== 'false') {
+        return cb(AWS.util.error(
+          new Error('AWS EC2 Metadata v1 fallback has been blocked by process.env.AWS_EC2_METADATA_V1_DISABLED.')
+        ));
+      }
+    }
+
     self.request(basePath, options, function (err, roleName) {
       if (err) {
         self.disableFetchToken = !(err.statusCode === 401);

package/node_modules/aws-sdk/package.json

@@ -1,7 +1,7 @@
 {
   "name": "aws-sdk",
   "description": "AWS SDK for JavaScript",
-  "version": "2.1486.0",
+  "version": "2.1488.0",
   "author": {
     "name": "Amazon Web Services",
     "email": "",

package/package.json

@@ -57,7 +57,7 @@
     "jsii-pacmak": "^1.91.0",
     "jsii-rosetta": "1.x",
     "npm-check-updates": "^16",
-    "projen": "^0.76.16",
+    "projen": "^0.76.18",
     "source-map-support": "^0.5.21",
     "standard-version": "^9",
     "ts-jest": "^27",
@@ -69,7 +69,7 @@
   },
   "dependencies": {
     "aws-cdk-lib": "^2.95.0",
-    "aws-sdk": "^2.1486.0",
+    "aws-sdk": "^2.1488.0",
     "constructs": "^10.0.5"
   },
   "bundledDependencies": [
@@ -91,7 +91,7 @@
   ],
   "main": "lib/index.js",
   "license": "Apache-2.0",
-  "version": "2.0.286",
+  "version": "2.0.288",
   "jest": {
     "testMatch": [
       "<rootDir>/src/**/__tests__/**/*.ts?(x)",