Paco-models

------------------

Added

- IRoute53HealthCheck has ip_address field.

- resource/snstopics.yaml is an alias for resource/notificationgroups.yaml

- raise_invalid_reference method to display helpful message when a ref look-up fails.

Fixed

- cfn-init package sets were only loading for item, now loads all package types.

- ICloudWatchLogSource log_stream_name is a required field, if it's empty the agent won't launch.

------------------

Added

- ICloudWatchDashboard for CloudWatch Dashboard resources.

- Route53 Health Checks have domain_name and enable_sni fields.

Changed

- Invariant errors in schema checks have non-confusing error message.

------------------

- Fixes for the AIM to paco rename.

------------------

Changed

- Package rename: `paco.models` is now `paco.models`, consistent with the tool being
renamed to `paco`.

- Top-level directories have been renamed to be consistent with their names in the model:
NetworkEnvironments --> netenv
Resources --> resource
Services --> service
Accounts --> account
MonitorConfig --> monitor
The loader will look for `NetworkEnvironments` and if it exists use the legacy names.

Added

- Added support for AWS Backup Vault. There can now be global backup_vaults field in NetworkEnvironment YAML files.
These can be overrode in EnvironmentDefault and EnvironmentRegion configuration sections.

- Added support for block_device_mappings for IASG.

------------------

Added

- Applications can be provisioned in the same environment more than once with a new
"app{suffix}" syntax for an environments application keys.

- INotificationGroups has a regions field, if it is the default of ['ALL'] it will apply to
all of a project's active regions. Otherwise is will just provision in the selected region(s).

- ICloudFormationInit for modelling AWS::CloudFormation::Init, which can be applied to
the IASG.cfn_init field.

- ICloudWatchLogAlarm schema. ICloudWatchAlarm now has "type: Alarm" and if it is "type: LogAlarm"
an ICloudWatchLogAlarm will be created which can be used to connect an alarm to a MetricFilter
of a LogGroup.

- IDBParameterGrouups resource.

- IElastiCache has `description` and `cache_clusters` fields, while IElastiCacheRedis has `snapshot_retention_limit_days`
and `snapshot_window` fields.

- IRDS has new `license_model`, `cloudwatch_logs_export` and `deletion_protection` fields.

- `global_role_name` field for IAM Role can be set to True and the RoleName
will not be hashed. Can only be used for global Roles, otherwise if these
Roles overlap per-environment, things will break!

- `monitoring.health_checks` which can contain HealthCheck Resources.
IRoute53HealthCheck resource for Route53 health checks.

- `region_name` property can be overrode if a `overrode_region_name` attribute is set.

- Added a CodeBuild IAM Permission for IAM Users

- Added `resolve_ref` method to DeploymentPipelineConfiguration

- Added the EIP Application Resource and a support 'eip' field to the ASG resource for associating an EIP with a single instance ASG.

- Added AWS Cli install commands to vocabulary.

- Added `dns` to EIP Application Resource

- Added `cftemplate_iam_user_delegates_2019_10_02` legacy flag to make user delegate role stack names consistent with others.

- Added `route53_hosted_zone_2019_10_12` legacy flag for Route53 CFTemplate refactor.

- Added `route53_record_set_2019_10_16` legacy flag for the Route53 RecordSet refactor.

- Added `availability_zone` for locking in an ASG to a single Availability Zone.

- Added `parameter_group` to IElastiCache Application Resource

- Added `vpc_associations` to IPrivateHosted.

- Added `vpc_config` to the ILambda Application Resources

- Added `secrets_manager` to IIEnvironmentDefault.

- Added `ttl` to IDNS

- Added caching to instance AMI ID function.ref lookups.

- Added the EBS Application Resources.
Added `ebs_volume_mounts` to IASG to mount volumes to single instance groups.

- Added `launch_options` to IASG as an IEC2LaunchOptions object. The initial option is update_packages which will update the linux distributions packages on launch.

- Added resolve_ref() to Resource in base.py as a catch all.

Changed

- ISecurityGroupRule `source_security_group` was moved to IIngressRule and IEgressRule (finally!)
has a `destination_security_group` field.

- `load_resources` was removed and you can now simply apply_attributes to
an Application and it will recurse through app.groups.<groupname>.resources.<resourcename>
without any external fiddling.

- Moved deepdiff CLI functions into `aim` project.

- IApplication is now IMonitorable. Alarms at the Application level must
specify their Namespace and Dimensions.

- Changed RDS `primary_domain_name` and `primary_hosted_zone` to an IDNS object

Fixed

- Alarm overrides are now cast to the schema of the field. Fixes "threshold: 10" loading as in int()
when the schema expects a float().

------------------

Added

- ICloudWatchAlarms have `enable_ok_actions` and `enable_insufficient_data_actions` booleans
that will send to the notification groups when the alarm enters the OK or INSUFFICIENT_DATA states.

- `references.get_model_obj_ref` will resolve an paco.ref to a model object
and won't attempt to do Stack output lookups.

- Service plug-ins are loaded according to an `initilization_order` integer
that each plug-in can supply. If no integer is supplied, loading for unordered
plug-ins count up from 1000.

- Minimal API Gateway models for Methods, Resources, Models and Stages.

- S3Bucket NotificationConfiguration for Lambdas.

- S3Bucket has `get_bucket_name()` to return the full computed bucket name.

- IGlobalResources for project['resource'] to contain config from the ./Resources/ directory.
Resources such as S3 and EC2 now implement INamed and are loaded into project['resource'].

- ISNSTopic has `cross_account_access` which grants `sns:Publish` to all accounts in the AIM Project.

- IAccountContainer and IRegionContainer are lightweight containers for account and region information.
They can be used by Services that want to set-up Resources in a multi-account, multi-region manner.

Changed

- CloudTrail defines CloudWatchLogGroup as a sub-object rather than an paco.ref.

- Alarms have `get_alarm_actions_paco_refs` renamed from `get_alarm_actions` as alarms can only provide
paco.refs and need to get the ARNs from the stacks.

- NotificationGroups are now Resources. Now they have regular working paco.ref's.