chore: make examples compile (#18020)

Done for a bunch of modules:

  - custom-resources
  - backup
  - s3-assets
  - s3-notifications
  - s3-deployment
  - config
  - cloudtrail
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: kaizencc

packages/@aws-cdk/aws-backup/README.md

@@ -32,7 +32,8 @@ const plan = backup.BackupPlan.dailyWeeklyMonthly5YearRetention(this, 'Plan');
 
 Assigning resources to a plan can be done with `addSelection()`:
 
-```ts fixture=with-plan
+```ts
+declare const plan: backup.BackupPlan;
 const myTable = dynamodb.Table.fromTableName(this, 'Table', 'myTableName');
 const myCoolConstruct = new Construct(this, 'MyCoolConstruct');
 
@@ -50,16 +51,17 @@ created for the selection. The `BackupSelection` implements `IGrantable`.
 
 To add rules to a plan, use `addRule()`:
 
-```ts fixture=with-plan
+```ts
+declare const plan: backup.BackupPlan;
 plan.addRule(new backup.BackupPlanRule({
   completionWindow: Duration.hours(2),
   startWindow: Duration.hours(1),
   scheduleExpression: events.Schedule.cron({ // Only cron expressions are supported
     day: '15',
     hour: '3',
-    minute: '30'
+    minute: '30',
   }),
-  moveToColdStorageAfter: Duration.days(30)
+  moveToColdStorageAfter: Duration.days(30),
 }));
 ```
 
@@ -69,7 +71,8 @@ If no value is specified, the retention period is set to 35 days which is the ma
 Property `moveToColdStorageAfter` must not be specified because PITR does not support this option.
 This example defines an AWS Backup rule with PITR and a retention period set to 14 days:
 
-```ts fixture=with-plan
+```ts
+declare const plan: backup.BackupPlan;
 plan.addRule(new backup.BackupPlanRule({
   enableContinuousBackup: true,
   deleteAfter: Duration.days(14),
@@ -78,7 +81,8 @@ plan.addRule(new backup.BackupPlanRule({
 
 Ready-made rules are also available:
 
-```ts fixture=with-plan
+```ts
+declare const plan: backup.BackupPlan;
 plan.addRule(backup.BackupPlanRule.daily());
 plan.addRule(backup.BackupPlanRule.weekly());
 ```
@@ -152,7 +156,7 @@ const vault = new backup.BackupVault(this, 'Vault', {
         },
       }),
     ],
-  });
+  }),
 })
 ```
 
@@ -166,8 +170,8 @@ new backup.BackupVault(this, 'Vault', {
   blockRecoveryPointDeletion: true,
 });
 
-const plan = backup.BackupPlan.dailyMonthly1YearRetention(this, 'Plan');
-plan.backupVault.blockRecoveryPointDeletion();
+declare const backupVault: backup.BackupVault;
+backupVault.blockRecoveryPointDeletion();
 ```
 
 By default access is not restricted.

packages/@aws-cdk/aws-backup/package.json

@@ -28,7 +28,14 @@
         ]
       }
     },
-    "projectReferences": true
+    "projectReferences": true,
+    "metadata": {
+      "jsii": {
+        "rosetta": {
+          "strict": true
+        }
+      }
+    }
   },
   "repository": {
     "type": "git",

packages/@aws-cdk/aws-backup/rosetta/default.ts-fixture

@@ -3,6 +3,8 @@ import { Duration, RemovalPolicy, Stack } from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import * as backup from '@aws-cdk/aws-backup';
 import * as iam from '@aws-cdk/aws-iam';
+import * as dynamodb from '@aws-cdk/aws-dynamodb';
+import * as events from '@aws-cdk/aws-events';
 import * as kms from '@aws-cdk/aws-kms';
 import * as sns from '@aws-cdk/aws-sns';
 

packages/@aws-cdk/aws-backup/rosetta/with-plan.ts-fixture

@@ -68,6 +68,8 @@ default retention setting. The following code enables sending CloudWatch logs bu
 period for the created Log Group.
 
 ```ts
+import * as logs from '@aws-cdk/aws-logs';
+
 const trail = new cloudtrail.Trail(this, 'CloudTrail', {
   sendToCloudWatchLogs: true,
   cloudWatchLogsRetention: logs.RetentionDays.FOUR_MONTHS, 
@@ -88,18 +90,18 @@ The following code filters events for S3 from a specific AWS account and trigger
 
 ```ts
 const myFunctionHandler = new lambda.Function(this, 'MyFunction', {
-  code: lambda.Code.fromAsset('resource/myfunction');
+  code: lambda.Code.fromAsset('resource/myfunction'),
   runtime: lambda.Runtime.NODEJS_12_X,
   handler: 'index.handler',
 });
 
-const eventRule = Trail.onEvent(this, 'MyCloudWatchEvent', {
-  target: new eventTargets.LambdaFunction(myFunctionHandler),
+const eventRule = cloudtrail.Trail.onEvent(this, 'MyCloudWatchEvent', {
+  target: new targets.LambdaFunction(myFunctionHandler),
 });
 
 eventRule.addEventPattern({
-  account: '123456789012',
-  source: 'aws.s3',
+  account: ['123456789012'],
+  source: ['aws.s3'],
 });
 ```
 
@@ -141,7 +143,7 @@ The following code configures the `Trail` to only track management events that a
 ```ts
 const trail = new cloudtrail.Trail(this, 'CloudTrail', {
   // ...
-  managementEvents: ReadWriteType.READ_ONLY,
+  managementEvents: cloudtrail.ReadWriteType.READ_ONLY,
 });
 ```
 
@@ -157,13 +159,14 @@ be used to configure logging of S3 data events for specific buckets and specific
 configures logging of S3 data events for `fooBucket` and with object prefix `bar/`.
 
 ```ts
-import * as cloudtrail from '@aws-cdk/aws-cloudtrail';
+import * as s3 from '@aws-cdk/aws-s3';
 
 const trail = new cloudtrail.Trail(this, 'MyAmazingCloudTrail');
+declare const bucket: s3.Bucket;
 
 // Adds an event selector to the bucket foo
 trail.addS3EventSelector([{
-  bucket: fooBucket, // 'fooBucket' is of type s3.IBucket
+  bucket,
   objectPrefix: 'bar/',
 }]);
 ```
@@ -174,12 +177,12 @@ configures logging of Lambda data events for a specific Function.
 
 ```ts
 const trail = new cloudtrail.Trail(this, 'MyAmazingCloudTrail');
-const amazingFunction = new lambda.Function(stack, 'AnAmazingFunction', {
+const amazingFunction = new lambda.Function(this, 'AnAmazingFunction', {
   runtime: lambda.Runtime.NODEJS_12_X,
   handler: "hello.handler",
   code: lambda.Code.fromAsset("lambda"),
 });
 
 // Add an event selector to log data events for the provided Lambda functions.
-trail.addLambdaEventSelector([ lambdaFunction ]);
+trail.addLambdaEventSelector([ amazingFunction ]);
 ```

packages/@aws-cdk/aws-cloudtrail/README.md

@@ -28,7 +28,14 @@
         ]
       }
     },
-    "projectReferences": true
+    "projectReferences": true,
+    "metadata": {
+      "jsii": {
+        "rosetta": {
+          "strict": true
+        }
+      }
+    }
   },
   "repository": {
     "type": "git",

packages/@aws-cdk/aws-cloudtrail/package.json

@@ -0,0 +1,14 @@
+// Fixture with packages imported, but nothing else
+import { Stack } from '@aws-cdk/core';
+import { Construct } from 'constructs';
+import * as cloudtrail from '@aws-cdk/aws-cloudtrail';
+import * as sns from '@aws-cdk/aws-sns';
+import * as lambda from '@aws-cdk/aws-lambda';
+import * as targets from '@aws-cdk/aws-events-targets';
+
+class Fixture extends Stack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+    /// here
+  }
+}

packages/@aws-cdk/aws-cloudtrail/rosetta/default.ts-fixture

@@ -59,16 +59,15 @@ For example, you could create a managed rule that checks whether active access k
 within the number of days specified.
 
 ```ts
-import * as config from '@aws-cdk/aws-config';
-import * as cdk from '@aws-cdk/core';
-
 // https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
 new config.ManagedRule(this, 'AccessKeysRotated', {
   identifier: config.ManagedRuleIdentifiers.ACCESS_KEYS_ROTATED,
   inputParameters: {
-     maxAccessKeyAge: 60 // default is 90 days
+    maxAccessKeyAge: 60, // default is 90 days
   },
-  maximumExecutionFrequency: config.MaximumExecutionFrequency.TWELVE_HOURS // default is 24 hours
+
+  // default is 24 hours
+  maximumExecutionFrequency: config.MaximumExecutionFrequency.TWELVE_HOURS,
 });
 ```
 
@@ -82,9 +81,6 @@ The following higher level constructs for AWS managed rules are available.
 Checks whether your active access keys are rotated within the number of days specified.
 
 ```ts
-import * as config from '@aws-cdk/aws-config';
-import * as cdk from '@aws-cdk/aws-cdk';
-
 // compliant if access keys have been rotated within the last 90 days
 new config.AccessKeysRotated(this, 'AccessKeyRotated');
 ```
@@ -95,12 +91,9 @@ Checks whether your CloudFormation stack's actual configuration differs, or has
 from it's expected configuration. 
 
 ```ts
-import * as config from '@aws-cdk/aws-config';
-import * as cdk from '@aws-cdk/aws-cdk';
-
 // compliant if stack's status is 'IN_SYNC'
 // non-compliant if the stack's drift status is 'DRIFTED'
-new config.CloudFormationStackDriftDetectionCheck(stack, 'Drift', {
+new config.CloudFormationStackDriftDetectionCheck(this, 'Drift', {
   ownStackOnly: true, // checks only the stack containing the rule
 });
 ```
@@ -110,17 +103,14 @@ new config.CloudFormationStackDriftDetectionCheck(stack, 'Drift', {
 Checks whether your CloudFormation stacks are sending event notifications to a SNS topic.
 
 ```ts
-import * as config from '@aws-cdk/aws-config';
-import * as cdk from '@aws-cdk/aws-cdk';
-
 // topics to which CloudFormation stacks may send event notifications
-const topic1 = new sns.Topic(stack, 'AllowedTopic1');
-const topic2 = new sns.Topic(stack, 'AllowedTopic2');
+const topic1 = new sns.Topic(this, 'AllowedTopic1');
+const topic2 = new sns.Topic(this, 'AllowedTopic2');
 
 // non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
 new config.CloudFormationStackNotificationCheck(this, 'NotificationCheck', {
   topics: [topic1, topic2],
-})
+});
 ```
 
 ### Custom rules
@@ -140,13 +130,15 @@ To create a custom rule, define a `CustomRule` and specify the Lambda Function
 to run and the trigger types.
 
 ```ts
-import * as config from '@aws-cdk/aws-config';
+declare const evalComplianceFn: lambda.Function;
 
 new config.CustomRule(this, 'CustomRule', {
   lambdaFunction: evalComplianceFn,
   configurationChanges: true,
   periodic: true,
-  maximumExecutionFrequency: config.MaximumExecutionFrequency.SIX_HOURS, // default is 24 hours
+
+  // default is 24 hours
+  maximumExecutionFrequency: config.MaximumExecutionFrequency.SIX_HOURS,
 });
 ```
 
@@ -165,22 +157,21 @@ Use the `RuleScope` APIs (`fromResource()`, `fromResources()` or `fromTag()`) to
 the scope of both managed and custom rules:
 
 ```ts
-import * as config from '@aws-cdk/aws-config';
-
 const sshRule = new config.ManagedRule(this, 'SSH', {
   identifier: config.ManagedRuleIdentifiers.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED,
   ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_SECURITY_GROUP, 'sg-1234567890abcdefgh'), // restrict to specific security group
 });
 
+declare const evalComplianceFn: lambda.Function;
 const customRule = new config.CustomRule(this, 'Lambda', {
   lambdaFunction: evalComplianceFn,
-  configurationChanges: true
+  configurationChanges: true,
   ruleScope: config.RuleScope.fromResources([config.ResourceType.CLOUDFORMATION_STACK, config.ResourceType.S3_BUCKET]), // restrict to all CloudFormation stacks and S3 buckets
 });
 
 const tagRule = new config.CustomRule(this, 'CostCenterTagRule', {
   lambdaFunction: evalComplianceFn,
-  configurationChanges: true
+  configurationChanges: true,
   ruleScope: config.RuleScope.fromTag('Cost Center', 'MyApp'), // restrict to a specific tag
 });
 ```
@@ -194,10 +185,6 @@ Use the `onComplianceChange()` APIs to trigger an EventBridge event when a compl
 of your AWS Config Rule fails:
 
 ```ts
-import * as config from '@aws-cdk/aws-config';
-import * as sns from '@aws-cdk/aws-sns';
-import * as targets from '@aws-cdk/aws-events-targets';
-
 // Topic to which compliance notification events will be published
 const complianceTopic = new sns.Topic(this, 'ComplianceTopic');
 
@@ -211,15 +198,13 @@ Use the `onReEvaluationStatus()` status to trigger an EventBridge event when an
 rule is re-evaluated.
 
 ```ts
-import * as config from '@aws-cdk/aws-config';
-import * as sns from '@aws-cdk/aws-sns';
-import * as targets from '@aws-cdk/aws-events-targets';
-
 // Topic to which re-evaluation notification events will be published
 const reEvaluationTopic = new sns.Topic(this, 'ComplianceTopic');
+
+const rule = new config.CloudFormationStackDriftDetectionCheck(this, 'Drift');
 rule.onReEvaluationStatus('ReEvaluationEvent', {
   target: new targets.SnsTopic(reEvaluationTopic),
-})
+});
 ```
 
 ### Example
@@ -228,11 +213,6 @@ The following example creates a custom rule that evaluates whether EC2 instances
 Compliance events are published to an SNS topic.
 
 ```ts
-import * as config from '@aws-cdk/aws-config';
-import * as lambda from '@aws-cdk/aws-lambda';
-import * as sns from '@aws-cdk/aws-sns';
-import * as targets from '@aws-cdk/aws-events-targets';
-
 // Lambda function containing logic that evaluates compliance with the rule.
 const evalComplianceFn = new lambda.Function(this, 'CustomFunction', {
   code: lambda.AssetCode.fromInline('exports.handler = (event) => console.log(event);'),
@@ -244,7 +224,7 @@ const evalComplianceFn = new lambda.Function(this, 'CustomFunction', {
 const customRule = new config.CustomRule(this, 'Custom', {
   configurationChanges: true,
   lambdaFunction: evalComplianceFn,
-  ruleScope: config.RuleScope.fromResource([config.ResourceType.EC2_INSTANCE]),
+  ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_INSTANCE),
 });
 
 // A rule to detect stack drifts

packages/@aws-cdk/aws-config/README.md

@@ -28,7 +28,14 @@
         ]
       }
     },
-    "projectReferences": true
+    "projectReferences": true,
+    "metadata": {
+      "jsii": {
+        "rosetta": {
+          "strict": true
+        }
+      }
+    }
   },
   "repository": {
     "type": "git",