Add support for .NET 9 and support for disabling IMDS v1 for Beanstal…

…k recipes

The support for disabling IMDS v1 provides a mechanism for transitions EC2 Launch Configuration to Launch Templates

src/AWS.Deploy.DockerEngine/Properties/DockerFileConfig.json

@@ -2,11 +2,17 @@
     {
         "SdkType": "Microsoft.NET.Sdk.Web",
         "ImageMapping": [
+            {
+                "TargetFramework": "net9.0",
+                "BaseImage": "mcr.microsoft.com/dotnet/aspnet:9.0",
+                "BuildImage": "mcr.microsoft.com/dotnet/sdk:9.0"
+            },
             {
                 "TargetFramework": "net8.0",
                 "BaseImage": "mcr.microsoft.com/dotnet/aspnet:8.0",
                 "BuildImage": "mcr.microsoft.com/dotnet/sdk:8.0"
-            },            {
+            },
+            {
                 "TargetFramework": "net7.0",
                 "BaseImage": "mcr.microsoft.com/dotnet/aspnet:7.0",
                 "BuildImage": "mcr.microsoft.com/dotnet/sdk:7.0"
@@ -31,11 +37,16 @@
     {
         "SdkType": "Microsoft.NET.Sdk",
         "ImageMapping": [
+            {
+                "TargetFramework": "net9.0",
+                "BaseImage": "mcr.microsoft.com/dotnet/runtime:9.0",
+                "BuildImage": "mcr.microsoft.com/dotnet/sdk:9.0"
+            },
             {
                 "TargetFramework": "net8.0",
                 "BaseImage": "mcr.microsoft.com/dotnet/runtime:8.0",
                 "BuildImage": "mcr.microsoft.com/dotnet/sdk:8.0"
-            },            
+            },
             {
                 "TargetFramework": "net7.0",
                 "BaseImage": "mcr.microsoft.com/dotnet/runtime:7.0",

src/AWS.Deploy.Orchestration/CdkAppSettingsSerializer.cs

@@ -53,7 +53,8 @@ public string Build(CloudApplication cloudApplication, Recommendation recommenda
                 ECRRepositoryName = recommendation.DeploymentBundle.ECRRepositoryName ?? "",
                 ECRImageTag = recommendation.DeploymentBundle.ECRImageTag ?? "",
                 DotnetPublishZipPath = recommendation.DeploymentBundle.DotnetPublishZipPath ?? "",
-                DotnetPublishOutputDirectory = recommendation.DeploymentBundle.DotnetPublishOutputDirectory ?? ""
+                DotnetPublishOutputDirectory = recommendation.DeploymentBundle.DotnetPublishOutputDirectory ?? "",
+                NewDeployment = !recommendation.IsExistingCloudApplication
             };
 
             // Persist deployment bundle settings

src/AWS.Deploy.Orchestration/DeploymentBundleHandler.cs

@@ -134,8 +134,8 @@ private void SwitchToSelfContainedBuildIfNeeded(Recommendation recommendation)
                     return;
 
                 // Elastic Beanstalk doesn't currently have .NET 7 preinstalled.
-                var unavailableFramework = new List<string> { "net7.0" };
-                var frameworkNames = new Dictionary<string, string> { { "net7.0", ".NET 7" } };
+                var unavailableFramework = new List<string> { "net7.0", "net9.0" };
+                var frameworkNames = new Dictionary<string, string> { { "net7.0", ".NET 7" }, { "net9.0", ".NET 9" } };
                 if (unavailableFramework.Contains(targetFramework))
                 {
                     _interactiveService.LogInfoMessage($"Using self-contained publish since AWS Elastic Beanstalk does not currently have {frameworkNames[targetFramework]} preinstalled");

src/AWS.Deploy.Recipes.CDK.Common/AWS.Deploy.Recipes.CDK.Common.csproj

@@ -15,7 +15,7 @@
 
   <ItemGroup>
     <PackageReference Include="Amazon.CDK.Lib" Version="2.155.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.1" />
   </ItemGroup>
 
   <ItemGroup>

src/AWS.Deploy.Recipes.CDK.Common/RecipeProps.cs

@@ -70,6 +70,11 @@ public interface IRecipeProps<T>
         /// The account ID used during deployment.
         /// </summary>
         string? AWSAccountId { get; set; }
+
+        /// <summary>
+        /// True if the recipe is doing a new deployment.
+        /// </summary>
+        bool NewDeployment { get; set; }
     }
 
     /// <summary>
@@ -138,6 +143,11 @@ public class RecipeProps<T> : IRecipeProps<T>
         /// </summary>
         public string? AWSAccountId { get; set; }
 
+        /// <summary>
+        /// True if the recipe is doing a redeployment.
+        /// </summary>
+        public bool NewDeployment { get; set; } = false;
+
         /// A parameterless constructor is needed for <see cref="Microsoft.Extensions.Configuration.ConfigurationBuilder"/>
         /// or the classes will fail to initialize.
         /// The warnings are disabled since a parameterless constructor will allow non-nullable properties to be initialized with null values.

src/AWS.Deploy.Recipes/CdkTemplates/AspNetAppAppRunner/AspNetAppAppRunner.csproj

@@ -25,7 +25,7 @@
   <ItemGroup>
     <!-- CDK Construct Library dependencies -->
     <PackageReference Include="Amazon.CDK.Lib" Version="2.155.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.1" />
 
     <!-- jsii Roslyn analyzers (un-comment to obtain compile-time checks for missing required props
     <PackageReference Include="Amazon.Jsii.Analyzers" Version="*" PrivateAssets="all" />

src/AWS.Deploy.Recipes/CdkTemplates/AspNetAppEcsFargate/AspNetAppEcsFargate.csproj

@@ -25,7 +25,7 @@
   <ItemGroup>
     <!-- CDK Construct Library dependencies -->
     <PackageReference Include="Amazon.CDK.Lib" Version="2.155.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.1" />
 
     <!-- jsii Roslyn analyzers (un-comment to obtain compile-time checks for missing required props
     <PackageReference Include="Amazon.Jsii.Analyzers" Version="*" PrivateAssets="all" />

src/AWS.Deploy.Recipes/CdkTemplates/AspNetAppElasticBeanstalkLinux/AspNetAppElasticBeanstalkLinux.csproj

@@ -27,7 +27,7 @@
     <PackageReference Include="Amazon.CDK.Lib" Version="2.155.0" />
 
     <PackageReference Include="AWSSDK.ElasticBeanstalk" Version="3.7.200.42" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.1" />
 
     <!-- jsii Roslyn analyzers (un-comment to obtain compile-time checks for missing required props
     <PackageReference Include="Amazon.Jsii.Analyzers" Version="*" PrivateAssets="all" />

src/AWS.Deploy.Recipes/CdkTemplates/AspNetAppElasticBeanstalkLinux/Generated/Configurations/Configuration.cs

@@ -43,6 +43,11 @@ public partial class Configuration
         /// </summary>
         public BeanstalkApplicationConfiguration BeanstalkApplication { get; set; }
 
+        /// <summary>
+        /// Control of IMDS v1 accessibility.
+        /// </summary>
+        public string IMDSv1Access { get; set; } = Recipe.IMDS_V1_DEFAULT;
+
         /// <summary>
         /// The name of an Elastic Beanstalk solution stack (platform version) to use with the environment.
         /// </summary>

src/AWS.Deploy.Recipes/CdkTemplates/AspNetAppElasticBeanstalkLinux/Generated/Recipe.cs

@@ -33,6 +33,10 @@ public class Recipe : Construct
         public const string LOADBALANCERTYPE_APPLICATION = "application";
         public const string LOADBALANCERSCHEME_PUBLIC = "public";
 
+        public const string IMDS_V1_DEFAULT = "Default";
+        public const string IMDS_V1_DISABLED = "Disabled";
+        public const string IMDS_V1_ENABLED = "Enabled";
+
         public const string REVERSEPROXY_NGINX = "nginx";
 
         public const string ENHANCED_HEALTH_REPORTING = "enhanced";
@@ -74,7 +78,7 @@ public Recipe(Construct scope, IRecipeProps<Configuration> props)
             ConfigureVpc(settings);
             ConfigureIAM(settings);
             var beanstalkApplicationName = ConfigureApplication(settings);
-            ConfigureBeanstalkEnvironment(settings, beanstalkApplicationName);
+            ConfigureBeanstalkEnvironment(props.NewDeployment, settings, beanstalkApplicationName);
         }
 
         private void ConfigureVpc(Configuration settings)
@@ -200,7 +204,7 @@ private string ConfigureApplication(Configuration settings)
             return beanstalkApplicationName;
         }
 
-        private void ConfigureBeanstalkEnvironment(Configuration settings, string beanstalkApplicationName)
+        private void ConfigureBeanstalkEnvironment(bool newDeployment, Configuration settings, string beanstalkApplicationName)
         {
             if (Ec2InstanceProfile == null)
                 throw new InvalidOperationException($"{nameof(Ec2InstanceProfile)} has not been set. The {nameof(ConfigureIAM)} method should be called before {nameof(ConfigureBeanstalkEnvironment)}");
@@ -238,6 +242,18 @@ private void ConfigureBeanstalkEnvironment(Configuration settings, string beanst
                    }
                 };
 
+            if (newDeployment ||
+                (newDeployment && !string.Equals(settings.IMDSv1Access, IMDS_V1_DEFAULT, StringComparison.InvariantCultureIgnoreCase)))
+            {
+                var computedDisableIMDSv1 = string.Equals(settings.IMDSv1Access, IMDS_V1_ENABLED, StringComparison.InvariantCultureIgnoreCase) ? "false" : "true";
+                optionSettingProperties.Add(new CfnEnvironment.OptionSettingProperty
+                {
+                    Namespace = "aws:autoscaling:launchconfiguration",
+                    OptionName = "DisableIMDSv1",
+                    Value = computedDisableIMDSv1
+                });
+            }
+
             if (!string.IsNullOrEmpty(settings.InstanceType))
             {
                 optionSettingProperties.Add(new CfnEnvironment.OptionSettingProperty

src/AWS.Deploy.Recipes/CdkTemplates/AspNetAppElasticBeanstalkWindows/AspNetAppElasticBeanstalkWindows.csproj

@@ -27,7 +27,7 @@
     <PackageReference Include="Amazon.CDK.Lib" Version="2.155.0" />
 
     <PackageReference Include="AWSSDK.ElasticBeanstalk" Version="3.7.200.42" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.1" />
 
     <!-- jsii Roslyn analyzers (un-comment to obtain compile-time checks for missing required props
     <PackageReference Include="Amazon.Jsii.Analyzers" Version="*" PrivateAssets="all" />

src/AWS.Deploy.Recipes/CdkTemplates/AspNetAppElasticBeanstalkWindows/Generated/Configurations/Configuration.cs

@@ -43,6 +43,11 @@ public partial class Configuration
         /// </summary>
         public BeanstalkApplicationConfiguration BeanstalkApplication { get; set; }
 
+        /// <summary>
+        /// Control of IMDS v1 accessibility.
+        /// </summary>
+        public string IMDSv1Access { get; set; } = Recipe.IMDS_V1_DEFAULT;
+
         /// <summary>
         /// The name of an Elastic Beanstalk solution stack (platform version) to use with the environment.
         /// </summary>

src/AWS.Deploy.Recipes/CdkTemplates/AspNetAppElasticBeanstalkWindows/Generated/Recipe.cs

@@ -33,6 +33,10 @@ public class Recipe : Construct
         public const string LOADBALANCERTYPE_APPLICATION = "application";
         public const string LOADBALANCERSCHEME_PUBLIC = "public";
 
+        public const string IMDS_V1_DEFAULT = "Default";
+        public const string IMDS_V1_DISABLED = "Disabled";
+        public const string IMDS_V1_ENABLED = "Enabled";
+
         public const string REVERSEPROXY_NGINX = "nginx";
 
         public const string ENHANCED_HEALTH_REPORTING = "enhanced";
@@ -74,7 +78,7 @@ public Recipe(Construct scope, IRecipeProps<Configuration> props)
             ConfigureVpc(settings);
             ConfigureIAM(settings);
             var beanstalkApplicationName = ConfigureApplication(settings);
-            ConfigureBeanstalkEnvironment(settings, beanstalkApplicationName);
+            ConfigureBeanstalkEnvironment(props.NewDeployment, settings, beanstalkApplicationName);
         }
 
         private void ConfigureVpc(Configuration settings)
@@ -200,7 +204,7 @@ private string ConfigureApplication(Configuration settings)
             return beanstalkApplicationName;
         }
 
-        private void ConfigureBeanstalkEnvironment(Configuration settings, string beanstalkApplicationName)
+        private void ConfigureBeanstalkEnvironment(bool newDeployment, Configuration settings, string beanstalkApplicationName)
         {
             if (Ec2InstanceProfile == null)
                 throw new InvalidOperationException($"{nameof(Ec2InstanceProfile)} has not been set. The {nameof(ConfigureIAM)} method should be called before {nameof(ConfigureBeanstalkEnvironment)}");
@@ -238,6 +242,18 @@ private void ConfigureBeanstalkEnvironment(Configuration settings, string beanst
                    }
                 };
 
+            if (newDeployment ||
+                (newDeployment && !string.Equals(settings.IMDSv1Access, IMDS_V1_DEFAULT, StringComparison.InvariantCultureIgnoreCase)))
+            {
+                var computedDisableIMDSv1 = string.Equals(settings.IMDSv1Access, IMDS_V1_ENABLED, StringComparison.InvariantCultureIgnoreCase) ? "false" : "true";
+                optionSettingProperties.Add(new CfnEnvironment.OptionSettingProperty
+                {
+                    Namespace = "aws:autoscaling:launchconfiguration",
+                    OptionName = "DisableIMDSv1",
+                    Value = computedDisableIMDSv1
+                });
+            }
+
             if (!string.IsNullOrEmpty(settings.InstanceType))
             {
                 optionSettingProperties.Add(new CfnEnvironment.OptionSettingProperty

src/AWS.Deploy.Recipes/CdkTemplates/BlazorWasm/BlazorWasm.csproj

@@ -25,7 +25,7 @@
   <ItemGroup>
     <!-- CDK Construct Library dependencies -->
     <PackageReference Include="Amazon.CDK.Lib" Version="2.155.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.1" />
 
     <!-- jsii Roslyn analyzers (un-comment to obtain compile-time checks for missing required props
     <PackageReference Include="Amazon.Jsii.Analyzers" Version="*" PrivateAssets="all" />

src/AWS.Deploy.Recipes/CdkTemplates/ConsoleAppECSFargateScheduleTask/ConsoleAppECSFargateScheduleTask.csproj

@@ -25,7 +25,7 @@
   <ItemGroup>
     <!-- CDK Construct Library dependencies -->
     <PackageReference Include="Amazon.CDK.Lib" Version="2.155.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.1" />
 
     <!-- jsii Roslyn analyzers (un-comment to obtain compile-time checks for missing required props
     <PackageReference Include="Amazon.Jsii.Analyzers" Version="*" PrivateAssets="all" />

src/AWS.Deploy.Recipes/CdkTemplates/ConsoleAppECSFargateService/ConsoleAppEcsFargateService.csproj

@@ -25,7 +25,7 @@
   <ItemGroup>
     <!-- CDK Construct Library dependencies -->
     <PackageReference Include="Amazon.CDK.Lib" Version="2.155.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.1" />
 
     <!-- jsii Roslyn analyzers (un-comment to obtain compile-time checks for missing required props
     <PackageReference Include="Amazon.Jsii.Analyzers" Version="*" PrivateAssets="all" />

src/AWS.Deploy.Recipes/RecipeDefinitions/ASP.NETAppAppRunner.recipe

@@ -33,7 +33,7 @@
                     "Type": "MSProperty",
                     "Condition": {
                         "PropertyName": "TargetFramework",
-                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0" ]
+                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0", "net9.0" ]
                     }
                 }
             ]

src/AWS.Deploy.Recipes/RecipeDefinitions/ASP.NETAppECSFargate.recipe

@@ -41,7 +41,7 @@
                     "Type": "MSProperty",
                     "Condition": {
                         "PropertyName": "TargetFramework",
-                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0" ]
+                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0", "net9.0" ]
                     }
                 }
             ]

src/AWS.Deploy.Recipes/RecipeDefinitions/ASP.NETAppElasticBeanstalkLinux.recipe

@@ -33,7 +33,7 @@
                     "Type": "MSProperty",
                     "Condition": {
                         "PropertyName": "TargetFramework",
-                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0" ]
+                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0", "net9.0" ]
                     }
                 }
             ],
@@ -263,6 +263,21 @@
                 }
             ]
         },
+        {
+            "Id": "IMDSv1Access",
+            "Name": "Access to IMDS v1",
+            "Category": "Compute",
+            "Description": "Access to IMDS v1; Default means new deployments will disable IMDSv1, redeployments leave the setting at its current value.",
+            "Type": "String",
+            "DefaultValue": "Default",
+            "AllowedValues": [
+                "Default",
+                "Disabled",
+                "Enabled"
+            ],
+            "AdvancedSetting": false,
+            "Updatable": true
+        },
         {
             "Id": "EnvironmentType",
             "Name": "Environment Type",

src/AWS.Deploy.Recipes/RecipeDefinitions/ASP.NETAppElasticBeanstalkWindows.recipe

@@ -33,7 +33,7 @@
                     "Type": "MSProperty",
                     "Condition": {
                         "PropertyName": "TargetFramework",
-                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0" ]
+                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0", "net9.0" ]
                     }
                 }
             ],
@@ -251,6 +251,21 @@
                 }
             ]
         },
+        {
+            "Id": "IMDSv1Access",
+            "Name": "Access to IMDS v1",
+            "Category": "Compute",
+            "Description": "Access to IMDS v1; Default means new deployments will disable IMDSv1, redeployments leave the setting at its current value.",
+            "Type": "String",
+            "DefaultValue": "Default",
+            "AllowedValues": [
+                "Default",
+                "Disabled",
+                "Enabled"
+            ],
+            "AdvancedSetting": false,
+            "Updatable": true
+        },
         {
             "Id": "EnvironmentType",
             "Name": "Environment Type",

src/AWS.Deploy.Recipes/RecipeDefinitions/ASP.NETAppExistingBeanstalkEnvironment.recipe

@@ -25,7 +25,7 @@
                     "Type": "MSProperty",
                     "Condition": {
                         "PropertyName": "TargetFramework",
-                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0" ]
+                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0", "net9.0" ]
                     }
                 }
             ],

src/AWS.Deploy.Recipes/RecipeDefinitions/ASP.NETAppExistingBeanstalkWindowsEnvironment.recipe

@@ -25,7 +25,7 @@
                     "Type": "MSProperty",
                     "Condition": {
                         "PropertyName": "TargetFramework",
-                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0" ]
+                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0", "net9.0" ]
                     }
                 }
             ],

src/AWS.Deploy.Recipes/RecipeDefinitions/ConsoleAppECSFargateScheduleTask.recipe

@@ -41,7 +41,7 @@
                     "Type": "MSProperty",
                     "Condition": {
                         "PropertyName": "TargetFramework",
-                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0" ]
+                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0", "net9.0" ]
                     }
                 },
                 {

src/AWS.Deploy.Recipes/RecipeDefinitions/ConsoleAppECSFargateService.recipe

@@ -36,7 +36,7 @@
                     "Type": "MSProperty",
                     "Condition": {
                         "PropertyName": "TargetFramework",
-                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0" ]
+                        "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0", "net8.0", "net9.0" ]
                     }
                 }
             ],

test/AWS.Deploy.CLI.Common.UnitTests/ConfigFileDeployment/DeploymentSettingsHandlerTests.cs

@@ -174,6 +174,7 @@ public async Task SaveSettings_NonContainerBased(SaveSettingsType saveSettingsTy
                 { "key1", "value1" },
                 { "key2", "value2" }
             });
+            await _optionSettingHandler.SetOptionSettingValue(selectedRecommendation, "IMDSv1Access", "Disabled");
 
             // ACT
             await _deploymentSettingsHandler.SaveSettings(new SaveSettingsConfiguration(saveSettingsType, actualSnapshotFilePath), selectedRecommendation, cloudApplication, _orchestratorSession);