Update to version v2.1.2

Author: Mike O'Brien

CHANGELOG.md

@@ -1,9 +1,24 @@
-# Change Log 
-All notable changes to this project will be documented in this file. 
- 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [2.1.2] - 2021-05-31
+
+### Added
+
+- Added Point In Time recovery and Encryption support for DynamoDB Table
+- Added API Gateway usage plan
+- Added cfn_nag suppress rules for Lambda VPC deployment and Reserved Concurrency
+
+### Fixed
+
+- Removed unused dev dependency grunt
 
 ## [2.1.1] - 2019-12-20
-### Added 
-- upgraded lambda runtime to nodejs 12.x
+
+### Added
+
+- upgraded lambda runtime to nodejs 12.x

NOTICE.txt

@@ -17,3 +17,5 @@ Underscore.js under the Massachusetts Institute of Technology (MIT) license
 Moment.js under the Massachusetts Institute of Technology (MIT) license
 shortid under the Massachusetts Institute of Technology (MIT) license
 randomstring under the Massachusetts Institute of Technology (MIT) license
+
+The licenses for these third party components are included in LICENSE.txt

README.md

@@ -55,10 +55,10 @@ Each microservice follows the structure of:
 
 ***
 
-Copyright 2017-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 
-Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at
+Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+    http://aws.amazon.com/asl/
 
-or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and limitations under the License.

deployment/aws-connected-vehicle-solution.template

@@ -26,6 +26,13 @@ Resources:
                     MKT_TBL: !Ref AdTrackingTable
                     NOTIFICATION_SERVICE: !Ref NotificationServiceFunction
                     POI_TBL: !Ref MarketingPoiTable
+        Metadata:
+          cfn_nag: 
+              rules_to_suppress: 
+                - id: "W89"
+                  reason: "not a valid use case for VPC deployment"
+                - id: "W92"
+                  reason: "not a valid reserved concurrency"
 
     LocationBasedMarketingRule:
         Type: "AWS::IoT::TopicRule"
@@ -107,6 +114,10 @@ Resources:
         Type: "AWS::DynamoDB::Table"
         DeletionPolicy: "Delete"
         Properties:
+            PointInTimeRecoverySpecification:
+                PointInTimeRecoveryEnabled: true
+            SSESpecification: 
+                SSEEnabled: true
             AttributeDefinitions:
                 -
                     AttributeName: "poi_id"
@@ -121,6 +132,10 @@ Resources:
         Type: "AWS::DynamoDB::Table"
         DeletionPolicy: "Delete"
         Properties:
+            PointInTimeRecoverySpecification:
+                PointInTimeRecoveryEnabled: true
+            SSESpecification: 
+                SSEEnabled: true
             AttributeDefinitions:
                 -
                     AttributeName: "trip_id"
@@ -205,7 +220,11 @@ Resources:
               - ClientId: !Ref ConnectedVehicleClient
                 ProviderName: !GetAtt ConnectedVehicleUserPool.ProviderName
             AllowUnauthenticatedIdentities: true
-
+        Metadata:
+          cfn_nag:
+            rules_to_suppress:
+              - id: W57
+                reason: "AllowUnauthenticatedIdentities set to true and proper restrictive IAM roles and permissions are established for unauthenticated users"
 
     ConnectedVehicleIdentityPoolRoleAttachment:
         Type: "AWS::Cognito::IdentityPoolRoleAttachment"
@@ -1316,6 +1335,13 @@ Resources:
                         description: Unique user id for the vehicle owner
     ApiLogs:
         Type: "AWS::Logs::LogGroup"
+        Properties:
+            RetentionInDays: 7
+        Metadata:
+            cfn_nag:
+                rules_to_suppress:
+                  - id: "W84"
+                    reason: "using service dafault encryption https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/data-protection.html"
 
     ApiGatewayAccountLogsRole:
         Type: AWS::IAM::Role
@@ -1349,6 +1375,22 @@ Resources:
                     DestinationArn: !GetAtt ApiLogs.Arn
                     Format: $context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] "$context.httpMethod $context.resourcePath $context.protocol" $context.status $context.responseLength $context.requestId
 
+    TelemetricsApiUsagePlan:
+        Type: 'AWS::ApiGateway::UsagePlan'
+        DependsOn: TelemetricsApiDeployment
+        Properties:
+          ApiStages:
+            - ApiId: !Ref TelemetricsApi
+              Stage: "prod"
+          Description: Connected Vehicle Telemetrics Api Usage Plan     
+          Quota:
+            Limit: 5000
+            Period: MONTH
+          Throttle:
+            BurstLimit: 200
+            RateLimit: 100
+          UsagePlanName: TelemetricsApi-UsagePlan                
+    
     TelemetricsRawStorageRule:
         Type: "AWS::IoT::TopicRule"
         Properties:
@@ -1557,7 +1599,15 @@ Resources:
           Role: !GetAtt JitrServiceRole.Arn
           Timeout: 300
           MemorySize: 256
-
+      Metadata:
+          cfn_nag: 
+              rules_to_suppress: 
+                - id: "W89"
+                  reason: "not a valid use case for VPC deployment"
+                - id: "W92"
+                  reason: "not a valid reserved concurrency"
+                - id: "W58"
+                  reason: "CloudWatch logs permission added with custom policy"
     AnomalyServiceFunction:
       Type: AWS::Lambda::Function
       Properties:
@@ -1574,6 +1624,13 @@ Resources:
               Variables:
                   VEHICLE_ANOMALY_TBL: !Ref VehicleAnomalyTable
                   NOTIFICATION_SERVICE: !Ref NotificationServiceFunction
+      Metadata:
+          cfn_nag: 
+              rules_to_suppress: 
+                - id: "W89"
+                  reason: "not a valid use case for VPC deployment"
+                - id: "W92"
+                  reason: "not a valid reserved concurrency"          
 
     AnomalyServiceEventSource:
         DependsOn: AnomalyServiceFunction
@@ -1602,6 +1659,15 @@ Resources:
                   VEHICLE_DTC_TBL: !Ref VehicleDtcTable
                   DTC_TBL: !Ref DtcTable
                   NOTIFICATION_SERVICE: !Ref NotificationServiceFunction
+      Metadata:
+          cfn_nag: 
+              rules_to_suppress: 
+                - id: "W89"
+                  reason: "not a valid use case for VPC deployment"
+                - id: "W92"
+                  reason: "not a valid reserved concurrency"
+                - id: "W58"
+                  reason: "CloudWatch logs permission added with custom policy"
 
     NotificationServiceFunction:
       Type: AWS::Lambda::Function
@@ -1619,6 +1685,15 @@ Resources:
               Variables:
                   VEHICLE_OWNER_TBL: !Ref VehicleOwnerTable
                   USER_POOL_ID: !Ref ConnectedVehicleUserPool
+      Metadata:
+          cfn_nag: 
+              rules_to_suppress: 
+                - id: "W89"
+                  reason: "not a valid use case for VPC deployment"
+                - id: "W92"
+                  reason: "not a valid reserved concurrency"
+                - id: "W58"
+                  reason: "CloudWatch logs permission added with custom policy"
 
     DriverSafetyServiceFunction:
       Type: AWS::Lambda::Function
@@ -1636,6 +1711,15 @@ Resources:
               Variables:
                   VEHICLE_TRIP_TBL: !Ref VehicleTripTable
                   NOTIFICATION_SERVICE: !Ref NotificationServiceFunction
+      Metadata:
+          cfn_nag: 
+              rules_to_suppress: 
+                - id: "W89"
+                  reason: "not a valid use case for VPC deployment"
+                - id: "W92"
+                  reason: "not a valid reserved concurrency"
+                - id: "W58"
+                  reason: "CloudWatch logs permission added with custom policy"
 
     VehicleServiceFunction:
       Type: AWS::Lambda::Function
@@ -1656,6 +1740,15 @@ Resources:
                   VEHICLE_DTC_TBL: !Ref VehicleDtcTable
                   HEALTH_REPORT_TBL: !Ref HealthReportTable
                   VEHICLE_ANOMALY_TBL: !Ref VehicleAnomalyTable
+      Metadata:
+          cfn_nag: 
+              rules_to_suppress: 
+                - id: "W89"
+                  reason: "not a valid use case for VPC deployment"
+                - id: "W92"
+                  reason: "not a valid reserved concurrency"
+                - id: "W58"
+                  reason: "CloudWatch logs permission added with custom policy"
 
     AnomalyStream:
         Type: AWS::Kinesis::Stream
@@ -1675,6 +1768,8 @@ Resources:
         Type: AWS::KinesisFirehose::DeliveryStream
         Properties:
             DeliveryStreamName: "connected-vehicle-telemetry"
+            DeliveryStreamEncryptionConfigurationInput:
+                KeyType: 'AWS_OWNED_CMK'
             S3DestinationConfiguration:
                 BucketARN: !GetAtt TelemetricDataBucket.Arn
                 BufferingHints:
@@ -2225,6 +2320,10 @@ Resources:
         Type: "AWS::DynamoDB::Table"
         DeletionPolicy: "Delete"
         Properties:
+            PointInTimeRecoverySpecification:
+                PointInTimeRecoveryEnabled: true
+            SSESpecification: 
+                SSEEnabled: true
             AttributeDefinitions:
                 -
                     AttributeName: "vin"
@@ -2245,6 +2344,10 @@ Resources:
         Type: "AWS::DynamoDB::Table"
         DeletionPolicy: "Delete"
         Properties:
+            PointInTimeRecoverySpecification:
+                PointInTimeRecoveryEnabled: true
+            SSESpecification: 
+                SSEEnabled: true
             AttributeDefinitions:
                 -
                     AttributeName: "vin"
@@ -2265,6 +2368,10 @@ Resources:
         Type: "AWS::DynamoDB::Table"
         DeletionPolicy: "Delete"
         Properties:
+            PointInTimeRecoverySpecification:
+                PointInTimeRecoveryEnabled: true
+            SSESpecification: 
+                SSEEnabled: true
             AttributeDefinitions:
                 -
                     AttributeName: "vin"
@@ -2285,6 +2392,10 @@ Resources:
         Type: "AWS::DynamoDB::Table"
         DeletionPolicy: "Delete"
         Properties:
+            PointInTimeRecoverySpecification:
+                PointInTimeRecoveryEnabled: true
+            SSESpecification: 
+                SSEEnabled: true
             AttributeDefinitions:
                 -
                     AttributeName: "vin"
@@ -2318,6 +2429,10 @@ Resources:
         Type: "AWS::DynamoDB::Table"
         DeletionPolicy: "Delete"
         Properties:
+            PointInTimeRecoverySpecification:
+                PointInTimeRecoveryEnabled: true
+            SSESpecification: 
+                SSEEnabled: true
             AttributeDefinitions:
                 -
                     AttributeName: "owner_id"
@@ -2346,6 +2461,10 @@ Resources:
         Type: "AWS::DynamoDB::Table"
         DeletionPolicy: "Delete"
         Properties:
+            PointInTimeRecoverySpecification:
+                PointInTimeRecoveryEnabled: true
+            SSESpecification: 
+                SSEEnabled: true
             AttributeDefinitions:
                 -
                     AttributeName: "dtc"
@@ -2470,7 +2589,13 @@ Resources:
                     - "Arn"
             Runtime: "nodejs12.x"
             Timeout: "300"
-
+        Metadata:
+          cfn_nag: 
+              rules_to_suppress: 
+                - id: "W89"
+                  reason: "not a valid use case for VPC deployment"
+                - id: "W92"
+                  reason: "not a valid reserved concurrency"          
 
 Outputs:
     DtcTable:

source/data-loaders/dtc-generator/package.json

@@ -2,7 +2,7 @@
     "name": "connected-car-sim-engine",
     "description": "The simulation engine for the connected car solutions",
     "main": "index.js",
-    "license": "Apache 2.0",
+    "license": "ASL",
     "version": "0.0.1",
     "private": "true",
     "dependencies": {

source/resources/helper/package.json

@@ -15,10 +15,6 @@
         "fast-csv": "*"
     },
     "devDependencies": {
-        "grunt": "^0.4.5",
-        "grunt-aws-lambda": "^0.13.0",
-        "grunt-pack": "0.1.*",
-        "grunt-contrib-clean": "*",
         "chai": "*",
         "sinon": "*",
         "sinon-chai": "*",

source/services/anomaly/lib/test-setup.spec.js

@@ -10,18 +10,18 @@
     "dependencies": {
         "aws-sdk": "*",
         "moment": "*",
+        "randomstring": "*",
         "shortid": "*",
-        "underscore": "*",
-        "randomstring": "*"
+        "underscore": "*"
     },
     "devDependencies": {
+        "aws-sdk-mock": "*",
         "chai": "*",
-        "sinon": "*",
-        "sinon-chai": "*",
         "mocha": "*",
-        "aws-sdk-mock": "*",
         "npm-run-all": "*",
-        "proxyquire": "*"
+        "proxyquire": "*",
+        "sinon": "*",
+        "sinon-chai": "*"
     },
     "scripts": {
         "pretest": "npm install",