Merge pull request #607 from aws-solutions/feature/v7.0.7

release v7.0.7

Author: jangidms

CHANGELOG.md

@@ -5,9 +5,24 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [7.0.7] - 2025-09-22
+
+### Security
+
+- Bumped `axios` to 1.12.2 to mitigate [CVE-2025-58754](https://avd.aquasec.com/nvd/cve-2025-58754)
+
+### Changed
+
+- Modified sourcebucketpattern to allow valid s3 bucket names
+
+### Removed
+
+- AppRegistry application at resource level
+
 ## [7.0.6] - 2025-07-28
 
 ### Security
+
 - Bump `form-data` to mitigate [CVE-2025-7783](https://github.com/advisories/GHSA-fjxv-7rqg-78g4)
 
 ## [7.0.5] - 2025-07-07

NOTICE

@@ -703,6 +703,7 @@ detect-libc under the Apache-2.0 license.
 @aws-sdk/middleware-sdk-ec2 under the Apache-2.0 license.
 @aws-sdk/util-format-url under the Apache-2.0 license.
 @aws-sdk/client-s3 under the Apache-2.0 license.
+@aws-sdk/client-rekognition under the Apache-2.0 license.
 @aws-crypto/sha1-browser under the Apache-2.0 license.
 @aws-sdk/middleware-bucket-endpoint under the Apache-2.0 license.
 @aws-sdk/util-arn-parser under the Apache-2.0 license.
@@ -718,11 +719,8 @@ detect-libc under the Apache-2.0 license.
 @smithy/chunked-blob-reader-native under the Apache-2.0 license.
 @smithy/hash-stream-node under the Apache-2.0 license.
 @aws-sdk/client-secrets-manager under the Apache-2.0 license.
-@aws-sdk/client-service-catalog-appregistry under the Apache-2.0 license.
-@aws-sdk/client-rekognition under the Apache-2.0 license.
 moment under the MIT license.
 metrics-utils under the Apache-2.0 license.
-@aws-cdk/aws-servicecatalogappregistry-alpha under the Apache-2.0 license.
 @aws-solutions-constructs/aws-apigateway-lambda under the Apache-2.0 license.
 code-point-at under the MIT license.
 core-util-is under the MIT license.

VERSION.txt

@@ -1 +1 @@
-7.0.6
+7.0.7

source/constructs/lib/common-resources/common-resources-construct.ts

@@ -8,7 +8,6 @@ import { Construct } from "constructs";
 import { addCfnCondition } from "../../utils/utils";
 import { SolutionConstructProps } from "../types";
 import { CustomResourcesConstruct } from "./custom-resources/custom-resource-construct";
-import * as appreg from "@aws-cdk/aws-servicecatalogappregistry-alpha";
 
 export interface CommonResourcesProps extends SolutionConstructProps {
   readonly solutionId: string;
@@ -29,14 +28,6 @@ export interface Conditions {
   readonly useExistingCloudFrontDistributionCondition: CfnCondition;
 }
 
-export interface AppRegistryApplicationProps {
-  readonly description: string;
-  readonly solutionId: string;
-  readonly applicationName: string;
-  readonly solutionName: string;
-  readonly solutionVersion: string;
-}
-
 /**
  * Construct that creates Common Resources for the solution.
  */
@@ -110,32 +101,4 @@ export class CommonResources extends Construct {
 
     this.logsBucket = this.customResources.createLogBucket();
   }
-
-  public appRegistryApplication(props: AppRegistryApplicationProps) {
-    const stack = Stack.of(this);
-    const applicationType = "AWS-Solutions";
-
-    const application = new appreg.Application(stack, "AppRegistry", {
-      applicationName: props.applicationName,
-      description: `Service Catalog application to track and manage all your resources for the solution ${props.solutionName}`,
-    });
-    application.associateApplicationWithStack(stack);
-
-    Tags.of(application).add("Solutions:SolutionID", props.solutionId);
-    Tags.of(application).add("Solutions:SolutionName", props.solutionName);
-    Tags.of(application).add("Solutions:SolutionVersion", props.solutionVersion);
-    Tags.of(application).add("Solutions:ApplicationType", applicationType);
-
-    const attributeGroup = new appreg.AttributeGroup(stack, "DefaultApplicationAttributeGroup", {
-      attributeGroupName: `A30-AppRegistry-${Aws.STACK_NAME}`,
-      description: "Attribute group for solution information",
-      attributes: {
-        applicationType,
-        version: props.solutionVersion,
-        solutionID: props.solutionId,
-        solutionName: props.solutionName,
-      },
-    });
-    attributeGroup.associateWith(application);
-  }
-}
+}  

source/constructs/lib/common-resources/custom-resources/custom-resource-construct.ts

@@ -68,7 +68,6 @@ export class CustomResourcesConstruct extends Construct {
   public readonly uuid: string;
   public regionedBucketName: string;
   public regionedBucketHash: string;
-  public appRegApplicationName: string;
   public existingDistributionDomainName: string;
 
   constructor(scope: Construct, id: string, props: CustomResourcesConstructProps) {
@@ -142,40 +141,6 @@ export class CustomResourcesConstruct extends Construct {
             }),
           ],
         }),
-        AppRegistryPolicy: new PolicyDocument({
-          statements: [
-            new PolicyStatement({
-              effect: Effect.ALLOW,
-              actions: ["cloudformation:DescribeStackResources"],
-              resources: [
-                Stack.of(this).formatArn({
-                  partition: Aws.PARTITION,
-                  service: "cloudformation",
-                  region: Aws.REGION,
-                  account: Aws.ACCOUNT_ID,
-                  resource: "stack",
-                  resourceName: `${Aws.STACK_NAME}/*`,
-                  arnFormat: ArnFormat.SLASH_RESOURCE_NAME,
-                }),
-              ],
-            }),
-            new PolicyStatement({
-              effect: Effect.ALLOW,
-              actions: ["servicecatalog:GetApplication"],
-              resources: [
-                Stack.of(this).formatArn({
-                  partition: Aws.PARTITION,
-                  service: "servicecatalog",
-                  region: Aws.REGION,
-                  account: Aws.ACCOUNT_ID,
-                  resource: "applications",
-                  resourceName: `*`,
-                  arnFormat: ArnFormat.SLASH_RESOURCE_SLASH_RESOURCE_NAME,
-                }),
-              ],
-            }),
-          ],
-        }),
         ExistingDistributionPolicy: new PolicyDocument({
           statements: [
             new PolicyStatement({
@@ -291,16 +256,6 @@ export class CustomResourcesConstruct extends Construct {
       produce: () => regionedBucketValidationResults.getAttString("BucketHash"),
     });
 
-    const getAppRegApplicationNameResults = this.createCustomResource(
-      "CustomResourceGetAppRegApplicationName",
-      this.customResourceLambda,
-      {
-        CustomAction: "getAppRegApplicationName",
-        Region: Aws.REGION,
-        DefaultName: Fn.join("-", ["AppRegistry", Aws.STACK_NAME, Aws.REGION, Aws.ACCOUNT_ID]),
-      }
-    );
-    this.appRegApplicationName = getAppRegApplicationNameResults.getAttString("ApplicationName");
 
     this.createCustomResource(
       "CustomResourceCheckFallbackImage",

source/constructs/lib/serverless-image-stack.ts

@@ -47,9 +47,9 @@ export class ServerlessImageHandlerStack extends Stack {
     const sourceBucketsParameter = new CfnParameter(this, "SourceBucketsParameter", {
       type: "String",
       description:
-        "(Required) List the buckets (comma-separated) within your account that contain original image files. If you plan to use Thumbor or Custom image requests with this solution, the source bucket for those requests will default to the first bucket listed in this field.",
-      allowedPattern: ".+",
-      default: "defaultBucket, bucketNo2, bucketNo3, ...",
+        "(Required) List the buckets (comma-separated) within your account that contain original image files. If you plan to use Thumbor or Custom image requests with this solution, the source bucket for those requests will default to the first bucket listed in this field. e.g. (defaultBucket,bucketNo2,bucketNo3,...)",
+      allowedPattern: "^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9](?:\\s*,\\s*[a-z0-9][a-z0-9.-]{1,61}[a-z0-9])*$",
+      constraintDescription: "Source bucket is required. Please provide at least one valid S3 bucket name that is present in your account.",
     });
 
     const deployDemoUIParameter = new CfnParameter(this, "DeployDemoUIParameter", {
@@ -316,14 +316,6 @@ export class ServerlessImageHandlerStack extends Stack {
       apiEndpoint: apiEndpointConditionString,
     });
 
-    commonResources.appRegistryApplication({
-      description: `${props.solutionId} - ${props.solutionName}. Version ${props.solutionVersion}`,
-      solutionVersion: props.solutionVersion,
-      solutionId: props.solutionId,
-      solutionName: props.solutionName,
-      applicationName: commonResources.customResources.appRegApplicationName,
-    });
-
     this.templateOptions.metadata = {
       "AWS::CloudFormation::Interface": {
         ParameterGroups: [