@aws-solutions-constructs/aws-alb-lambda 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +10 -9
  6. package/test/integ.alblam-privateApiExistingResources.js +7 -3
  7. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblam-privateApiExistingResources.assets.json +62 -0
  8. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblam-privateApiExistingResources.template.json +1332 -0
  9. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblamprivateApiExistingResourcesIntegDefaultTestDeployAssertC865AE59.assets.json +19 -0
  10. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblamprivateApiExistingResourcesIntegDefaultTestDeployAssertC865AE59.template.json +36 -0
  11. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  12. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  13. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  14. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  15. package/test/integ.alblam-privateApiExistingResources.js.snapshot/cdk.out +1 -0
  16. package/test/integ.alblam-privateApiExistingResources.js.snapshot/integ.json +12 -0
  17. package/test/integ.alblam-privateApiExistingResources.js.snapshot/manifest.json +371 -0
  18. package/test/integ.alblam-privateApiExistingResources.js.snapshot/tree.json +1708 -0
  19. package/test/integ.alblam-privateApiNewResources.js +7 -3
  20. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblam-privateApiNewResources.assets.json +62 -0
  21. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblam-privateApiNewResources.template.json +1048 -0
  22. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblamprivateApiNewResourcesIntegDefaultTestDeployAssertB0CCE59F.assets.json +19 -0
  23. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblamprivateApiNewResourcesIntegDefaultTestDeployAssertB0CCE59F.template.json +36 -0
  24. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  25. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  26. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  27. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  28. package/test/integ.alblam-privateApiNewResources.js.snapshot/cdk.out +1 -0
  29. package/test/integ.alblam-privateApiNewResources.js.snapshot/integ.json +12 -0
  30. package/test/integ.alblam-privateApiNewResources.js.snapshot/manifest.json +275 -0
  31. package/test/integ.alblam-privateApiNewResources.js.snapshot/tree.json +1294 -0
  32. package/test/integ.alblam-publicApiExistingResources.js +7 -3
  33. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblam-publicApiExistingResources.assets.json +62 -0
  34. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblam-publicApiExistingResources.template.json +1332 -0
  35. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblampublicApiExistingResourcesIntegDefaultTestDeployAssert22C8EEFD.assets.json +19 -0
  36. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblampublicApiExistingResourcesIntegDefaultTestDeployAssert22C8EEFD.template.json +36 -0
  37. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  38. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  39. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  40. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  41. package/test/integ.alblam-publicApiExistingResources.js.snapshot/cdk.out +1 -0
  42. package/test/integ.alblam-publicApiExistingResources.js.snapshot/integ.json +12 -0
  43. package/test/integ.alblam-publicApiExistingResources.js.snapshot/manifest.json +371 -0
  44. package/test/integ.alblam-publicApiExistingResources.js.snapshot/tree.json +1708 -0
  45. package/test/integ.alblam-publicApiNewResources.js +7 -3
  46. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblam-publicApiNewResources.assets.json +62 -0
  47. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblam-publicApiNewResources.template.json +1338 -0
  48. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblampublicApiNewResourcesIntegDefaultTestDeployAssert43CC63D2.assets.json +19 -0
  49. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblampublicApiNewResourcesIntegDefaultTestDeployAssert43CC63D2.template.json +36 -0
  50. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  51. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  52. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  53. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  54. package/test/integ.alblam-publicApiNewResources.js.snapshot/cdk.out +1 -0
  55. package/test/integ.alblam-publicApiNewResources.js.snapshot/integ.json +12 -0
  56. package/test/integ.alblam-publicApiNewResources.js.snapshot/manifest.json +371 -0
  57. package/test/integ.alblam-publicApiNewResources.js.snapshot/tree.json +1706 -0
  58. package/test/integ.alblam-twoTargets.js +7 -3
  59. package/test/integ.alblam-twoTargets.js.snapshot/alblam-twoTargets.assets.json +62 -0
  60. package/test/integ.alblam-twoTargets.js.snapshot/alblam-twoTargets.template.json +1598 -0
  61. package/test/integ.alblam-twoTargets.js.snapshot/alblamtwoTargetsIntegDefaultTestDeployAssert4F811416.assets.json +19 -0
  62. package/test/integ.alblam-twoTargets.js.snapshot/alblamtwoTargetsIntegDefaultTestDeployAssert4F811416.template.json +36 -0
  63. package/test/integ.alblam-twoTargets.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  64. package/test/integ.alblam-twoTargets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  65. package/test/integ.alblam-twoTargets.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  66. package/test/integ.alblam-twoTargets.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  67. package/test/integ.alblam-twoTargets.js.snapshot/cdk.out +1 -0
  68. package/test/integ.alblam-twoTargets.js.snapshot/integ.json +12 -0
  69. package/test/integ.alblam-twoTargets.js.snapshot/manifest.json +413 -0
  70. package/test/integ.alblam-twoTargets.js.snapshot/tree.json +2067 -0
  71. package/test/integ.alblam-privateApiExistingResources.expected.json +0 -1378
  72. package/test/integ.alblam-privateApiNewResources.expected.json +0 -983
  73. package/test/integ.alblam-publicApiExistingResources.expected.json +0 -1378
  74. package/test/integ.alblam-publicApiNewResources.expected.json +0 -1386
  75. package/test/integ.alblam-twoTargets.expected.json +0 -1659
@@ -0,0 +1,1598 @@
1
+ {
2
+ "Description": "Integration test for alb with 2 Lambda targets",
3
+ "Resources": {
4
+ "testonetestonealb4F263E42": {
5
+ "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
6
+ "Properties": {
7
+ "LoadBalancerAttributes": [
8
+ {
9
+ "Key": "deletion_protection.enabled",
10
+ "Value": "false"
11
+ },
12
+ {
13
+ "Key": "access_logs.s3.enabled",
14
+ "Value": "true"
15
+ },
16
+ {
17
+ "Key": "access_logs.s3.bucket",
18
+ "Value": {
19
+ "Ref": "testoneE6ACFBB6"
20
+ }
21
+ },
22
+ {
23
+ "Key": "access_logs.s3.prefix",
24
+ "Value": ""
25
+ }
26
+ ],
27
+ "Scheme": "internet-facing",
28
+ "SecurityGroups": [
29
+ {
30
+ "Fn::GetAtt": [
31
+ "testonetestonealbSecurityGroup4DED9E2A",
32
+ "GroupId"
33
+ ]
34
+ }
35
+ ],
36
+ "Subnets": [
37
+ {
38
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
39
+ },
40
+ {
41
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
42
+ }
43
+ ],
44
+ "Type": "application"
45
+ },
46
+ "DependsOn": [
47
+ "testonePolicyE30853FE",
48
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
49
+ "VpcPublicSubnet1RouteTableAssociation97140677",
50
+ "VpcPublicSubnet2DefaultRoute97F91067",
51
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8"
52
+ ]
53
+ },
54
+ "testonetestonealbSecurityGroup4DED9E2A": {
55
+ "Type": "AWS::EC2::SecurityGroup",
56
+ "Properties": {
57
+ "GroupDescription": "Automatically created Security Group for ELB alblamtwoTargetstestonetestonealbCEEAAF66",
58
+ "SecurityGroupEgress": [
59
+ {
60
+ "CidrIp": "255.255.255.255/32",
61
+ "Description": "Disallow all traffic",
62
+ "FromPort": 252,
63
+ "IpProtocol": "icmp",
64
+ "ToPort": 86
65
+ }
66
+ ],
67
+ "SecurityGroupIngress": [
68
+ {
69
+ "CidrIp": "0.0.0.0/0",
70
+ "Description": "Allow from anyone on port 80",
71
+ "FromPort": 80,
72
+ "IpProtocol": "tcp",
73
+ "ToPort": 80
74
+ }
75
+ ],
76
+ "VpcId": {
77
+ "Ref": "Vpc8378EB38"
78
+ }
79
+ },
80
+ "Metadata": {
81
+ "cfn_nag": {
82
+ "rules_to_suppress": [
83
+ {
84
+ "id": "W29",
85
+ "reason": "CDK created rule that blocks all traffic."
86
+ },
87
+ {
88
+ "id": "W2",
89
+ "reason": "Rule does not apply for ELB."
90
+ },
91
+ {
92
+ "id": "W9",
93
+ "reason": "Rule does not apply for ELB."
94
+ }
95
+ ]
96
+ }
97
+ }
98
+ },
99
+ "testoneE6ACFBB6": {
100
+ "Type": "AWS::S3::Bucket",
101
+ "Properties": {
102
+ "BucketEncryption": {
103
+ "ServerSideEncryptionConfiguration": [
104
+ {
105
+ "ServerSideEncryptionByDefault": {
106
+ "SSEAlgorithm": "AES256"
107
+ }
108
+ }
109
+ ]
110
+ },
111
+ "PublicAccessBlockConfiguration": {
112
+ "BlockPublicAcls": true,
113
+ "BlockPublicPolicy": true,
114
+ "IgnorePublicAcls": true,
115
+ "RestrictPublicBuckets": true
116
+ },
117
+ "Tags": [
118
+ {
119
+ "Key": "aws-cdk:auto-delete-objects",
120
+ "Value": "true"
121
+ }
122
+ ],
123
+ "VersioningConfiguration": {
124
+ "Status": "Enabled"
125
+ }
126
+ },
127
+ "UpdateReplacePolicy": "Delete",
128
+ "DeletionPolicy": "Delete",
129
+ "Metadata": {
130
+ "cfn_nag": {
131
+ "rules_to_suppress": [
132
+ {
133
+ "id": "W35",
134
+ "reason": "This is a log bucket for an Application Load Balancer"
135
+ }
136
+ ]
137
+ }
138
+ }
139
+ },
140
+ "testonePolicyE30853FE": {
141
+ "Type": "AWS::S3::BucketPolicy",
142
+ "Properties": {
143
+ "Bucket": {
144
+ "Ref": "testoneE6ACFBB6"
145
+ },
146
+ "PolicyDocument": {
147
+ "Statement": [
148
+ {
149
+ "Action": "s3:*",
150
+ "Condition": {
151
+ "Bool": {
152
+ "aws:SecureTransport": "false"
153
+ }
154
+ },
155
+ "Effect": "Deny",
156
+ "Principal": {
157
+ "AWS": "*"
158
+ },
159
+ "Resource": [
160
+ {
161
+ "Fn::GetAtt": [
162
+ "testoneE6ACFBB6",
163
+ "Arn"
164
+ ]
165
+ },
166
+ {
167
+ "Fn::Join": [
168
+ "",
169
+ [
170
+ {
171
+ "Fn::GetAtt": [
172
+ "testoneE6ACFBB6",
173
+ "Arn"
174
+ ]
175
+ },
176
+ "/*"
177
+ ]
178
+ ]
179
+ }
180
+ ]
181
+ },
182
+ {
183
+ "Action": [
184
+ "s3:DeleteObject*",
185
+ "s3:GetBucket*",
186
+ "s3:List*",
187
+ "s3:PutBucketPolicy"
188
+ ],
189
+ "Effect": "Allow",
190
+ "Principal": {
191
+ "AWS": {
192
+ "Fn::GetAtt": [
193
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
194
+ "Arn"
195
+ ]
196
+ }
197
+ },
198
+ "Resource": [
199
+ {
200
+ "Fn::GetAtt": [
201
+ "testoneE6ACFBB6",
202
+ "Arn"
203
+ ]
204
+ },
205
+ {
206
+ "Fn::Join": [
207
+ "",
208
+ [
209
+ {
210
+ "Fn::GetAtt": [
211
+ "testoneE6ACFBB6",
212
+ "Arn"
213
+ ]
214
+ },
215
+ "/*"
216
+ ]
217
+ ]
218
+ }
219
+ ]
220
+ },
221
+ {
222
+ "Action": "s3:PutObject",
223
+ "Effect": "Allow",
224
+ "Principal": {
225
+ "AWS": "arn:aws:iam::127311923021:root"
226
+ },
227
+ "Resource": {
228
+ "Fn::Join": [
229
+ "",
230
+ [
231
+ {
232
+ "Fn::GetAtt": [
233
+ "testoneE6ACFBB6",
234
+ "Arn"
235
+ ]
236
+ },
237
+ "/AWSLogs/",
238
+ {
239
+ "Ref": "AWS::AccountId"
240
+ },
241
+ "/*"
242
+ ]
243
+ ]
244
+ }
245
+ },
246
+ {
247
+ "Action": "s3:PutObject",
248
+ "Condition": {
249
+ "StringEquals": {
250
+ "s3:x-amz-acl": "bucket-owner-full-control"
251
+ }
252
+ },
253
+ "Effect": "Allow",
254
+ "Principal": {
255
+ "Service": "delivery.logs.amazonaws.com"
256
+ },
257
+ "Resource": {
258
+ "Fn::Join": [
259
+ "",
260
+ [
261
+ {
262
+ "Fn::GetAtt": [
263
+ "testoneE6ACFBB6",
264
+ "Arn"
265
+ ]
266
+ },
267
+ "/AWSLogs/",
268
+ {
269
+ "Ref": "AWS::AccountId"
270
+ },
271
+ "/*"
272
+ ]
273
+ ]
274
+ }
275
+ },
276
+ {
277
+ "Action": "s3:GetBucketAcl",
278
+ "Effect": "Allow",
279
+ "Principal": {
280
+ "Service": "delivery.logs.amazonaws.com"
281
+ },
282
+ "Resource": {
283
+ "Fn::GetAtt": [
284
+ "testoneE6ACFBB6",
285
+ "Arn"
286
+ ]
287
+ }
288
+ }
289
+ ],
290
+ "Version": "2012-10-17"
291
+ }
292
+ }
293
+ },
294
+ "testoneAutoDeleteObjectsCustomResourceEDE3D2FC": {
295
+ "Type": "Custom::S3AutoDeleteObjects",
296
+ "Properties": {
297
+ "ServiceToken": {
298
+ "Fn::GetAtt": [
299
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
300
+ "Arn"
301
+ ]
302
+ },
303
+ "BucketName": {
304
+ "Ref": "testoneE6ACFBB6"
305
+ }
306
+ },
307
+ "DependsOn": [
308
+ "testonePolicyE30853FE"
309
+ ],
310
+ "UpdateReplacePolicy": "Delete",
311
+ "DeletionPolicy": "Delete"
312
+ },
313
+ "testoneLambdaFunctionServiceRoleE92573D3": {
314
+ "Type": "AWS::IAM::Role",
315
+ "Properties": {
316
+ "AssumeRolePolicyDocument": {
317
+ "Statement": [
318
+ {
319
+ "Action": "sts:AssumeRole",
320
+ "Effect": "Allow",
321
+ "Principal": {
322
+ "Service": "lambda.amazonaws.com"
323
+ }
324
+ }
325
+ ],
326
+ "Version": "2012-10-17"
327
+ },
328
+ "Policies": [
329
+ {
330
+ "PolicyDocument": {
331
+ "Statement": [
332
+ {
333
+ "Action": [
334
+ "logs:CreateLogGroup",
335
+ "logs:CreateLogStream",
336
+ "logs:PutLogEvents"
337
+ ],
338
+ "Effect": "Allow",
339
+ "Resource": {
340
+ "Fn::Join": [
341
+ "",
342
+ [
343
+ "arn:",
344
+ {
345
+ "Ref": "AWS::Partition"
346
+ },
347
+ ":logs:",
348
+ {
349
+ "Ref": "AWS::Region"
350
+ },
351
+ ":",
352
+ {
353
+ "Ref": "AWS::AccountId"
354
+ },
355
+ ":log-group:/aws/lambda/*"
356
+ ]
357
+ ]
358
+ }
359
+ }
360
+ ],
361
+ "Version": "2012-10-17"
362
+ },
363
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
364
+ }
365
+ ]
366
+ }
367
+ },
368
+ "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173": {
369
+ "Type": "AWS::IAM::Policy",
370
+ "Properties": {
371
+ "PolicyDocument": {
372
+ "Statement": [
373
+ {
374
+ "Action": [
375
+ "ec2:AssignPrivateIpAddresses",
376
+ "ec2:CreateNetworkInterface",
377
+ "ec2:DeleteNetworkInterface",
378
+ "ec2:DescribeNetworkInterfaces",
379
+ "ec2:UnassignPrivateIpAddresses",
380
+ "xray:PutTelemetryRecords",
381
+ "xray:PutTraceSegments"
382
+ ],
383
+ "Effect": "Allow",
384
+ "Resource": "*"
385
+ }
386
+ ],
387
+ "Version": "2012-10-17"
388
+ },
389
+ "PolicyName": "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173",
390
+ "Roles": [
391
+ {
392
+ "Ref": "testoneLambdaFunctionServiceRoleE92573D3"
393
+ }
394
+ ]
395
+ },
396
+ "Metadata": {
397
+ "cfn_nag": {
398
+ "rules_to_suppress": [
399
+ {
400
+ "id": "W12",
401
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
402
+ }
403
+ ]
404
+ }
405
+ }
406
+ },
407
+ "testoneReplaceDefaultSecurityGroupsecuritygroupE46270FE": {
408
+ "Type": "AWS::EC2::SecurityGroup",
409
+ "Properties": {
410
+ "GroupDescription": "alblam-twoTargets/test-one/ReplaceDefaultSecurityGroup-security-group",
411
+ "SecurityGroupEgress": [
412
+ {
413
+ "CidrIp": "0.0.0.0/0",
414
+ "Description": "Allow all outbound traffic by default",
415
+ "IpProtocol": "-1"
416
+ }
417
+ ],
418
+ "VpcId": {
419
+ "Ref": "Vpc8378EB38"
420
+ }
421
+ },
422
+ "Metadata": {
423
+ "cfn_nag": {
424
+ "rules_to_suppress": [
425
+ {
426
+ "id": "W5",
427
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
428
+ },
429
+ {
430
+ "id": "W40",
431
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
432
+ }
433
+ ]
434
+ }
435
+ }
436
+ },
437
+ "testoneLambdaFunctionCC9B03E1": {
438
+ "Type": "AWS::Lambda::Function",
439
+ "Properties": {
440
+ "Code": {
441
+ "S3Bucket": {
442
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
443
+ },
444
+ "S3Key": "7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79.zip"
445
+ },
446
+ "Environment": {
447
+ "Variables": {
448
+ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
449
+ }
450
+ },
451
+ "Handler": "index.handler",
452
+ "Role": {
453
+ "Fn::GetAtt": [
454
+ "testoneLambdaFunctionServiceRoleE92573D3",
455
+ "Arn"
456
+ ]
457
+ },
458
+ "Runtime": "nodejs16.x",
459
+ "TracingConfig": {
460
+ "Mode": "Active"
461
+ },
462
+ "VpcConfig": {
463
+ "SecurityGroupIds": [
464
+ {
465
+ "Fn::GetAtt": [
466
+ "testoneReplaceDefaultSecurityGroupsecuritygroupE46270FE",
467
+ "GroupId"
468
+ ]
469
+ }
470
+ ],
471
+ "SubnetIds": [
472
+ {
473
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
474
+ },
475
+ {
476
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
477
+ }
478
+ ]
479
+ }
480
+ },
481
+ "DependsOn": [
482
+ "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173",
483
+ "testoneLambdaFunctionServiceRoleE92573D3",
484
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
485
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
486
+ "VpcPrivateSubnet2DefaultRoute060D2087",
487
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56"
488
+ ],
489
+ "Metadata": {
490
+ "cfn_nag": {
491
+ "rules_to_suppress": [
492
+ {
493
+ "id": "W58",
494
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
495
+ },
496
+ {
497
+ "id": "W89",
498
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
499
+ },
500
+ {
501
+ "id": "W92",
502
+ "reason": "Impossible for us to define the correct concurrency for clients"
503
+ }
504
+ ]
505
+ }
506
+ }
507
+ },
508
+ "testoneLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY508A8518": {
509
+ "Type": "AWS::Lambda::Permission",
510
+ "Properties": {
511
+ "Action": "lambda:InvokeFunction",
512
+ "FunctionName": {
513
+ "Fn::GetAtt": [
514
+ "testoneLambdaFunctionCC9B03E1",
515
+ "Arn"
516
+ ]
517
+ },
518
+ "Principal": "elasticloadbalancing.amazonaws.com"
519
+ },
520
+ "DependsOn": [
521
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
522
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
523
+ "VpcPrivateSubnet2DefaultRoute060D2087",
524
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56"
525
+ ]
526
+ },
527
+ "testonetestonelistener51CF582F": {
528
+ "Type": "AWS::ElasticLoadBalancingV2::Listener",
529
+ "Properties": {
530
+ "DefaultActions": [
531
+ {
532
+ "TargetGroupArn": {
533
+ "Ref": "testonetg2tg6459EC7C"
534
+ },
535
+ "Type": "forward"
536
+ }
537
+ ],
538
+ "LoadBalancerArn": {
539
+ "Ref": "testonetestonealb4F263E42"
540
+ },
541
+ "Port": 80,
542
+ "Protocol": "HTTP"
543
+ },
544
+ "DependsOn": [
545
+ "testonetg2tg6459EC7C"
546
+ ],
547
+ "Metadata": {
548
+ "cfn_nag": {
549
+ "rules_to_suppress": [
550
+ {
551
+ "id": "W56",
552
+ "reason": "All integration tests must be HTTP because of certificate limitations."
553
+ }
554
+ ]
555
+ }
556
+ }
557
+ },
558
+ "testonetestonelistenertesttwotargetsRule3ACCF5EF": {
559
+ "Type": "AWS::ElasticLoadBalancingV2::ListenerRule",
560
+ "Properties": {
561
+ "Actions": [
562
+ {
563
+ "TargetGroupArn": {
564
+ "Ref": "testtwotg2tg35BE6697"
565
+ },
566
+ "Type": "forward"
567
+ }
568
+ ],
569
+ "Conditions": [
570
+ {
571
+ "Field": "path-pattern",
572
+ "PathPatternConfig": {
573
+ "Values": [
574
+ "*admin*"
575
+ ]
576
+ }
577
+ }
578
+ ],
579
+ "ListenerArn": {
580
+ "Ref": "testonetestonelistener51CF582F"
581
+ },
582
+ "Priority": 10
583
+ }
584
+ },
585
+ "testonetg2tg6459EC7C": {
586
+ "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
587
+ "Properties": {
588
+ "TargetType": "lambda",
589
+ "Targets": [
590
+ {
591
+ "Id": {
592
+ "Fn::GetAtt": [
593
+ "testoneLambdaFunctionCC9B03E1",
594
+ "Arn"
595
+ ]
596
+ }
597
+ }
598
+ ]
599
+ },
600
+ "DependsOn": [
601
+ "testoneLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY508A8518"
602
+ ]
603
+ },
604
+ "Vpc8378EB38": {
605
+ "Type": "AWS::EC2::VPC",
606
+ "Properties": {
607
+ "CidrBlock": "10.0.0.0/16",
608
+ "EnableDnsHostnames": true,
609
+ "EnableDnsSupport": true,
610
+ "InstanceTenancy": "default",
611
+ "Tags": [
612
+ {
613
+ "Key": "Name",
614
+ "Value": "alblam-twoTargets/Vpc"
615
+ }
616
+ ]
617
+ }
618
+ },
619
+ "VpcPublicSubnet1Subnet5C2D37C4": {
620
+ "Type": "AWS::EC2::Subnet",
621
+ "Properties": {
622
+ "AvailabilityZone": {
623
+ "Fn::Select": [
624
+ 0,
625
+ {
626
+ "Fn::GetAZs": ""
627
+ }
628
+ ]
629
+ },
630
+ "CidrBlock": "10.0.0.0/18",
631
+ "MapPublicIpOnLaunch": true,
632
+ "Tags": [
633
+ {
634
+ "Key": "aws-cdk:subnet-name",
635
+ "Value": "Public"
636
+ },
637
+ {
638
+ "Key": "aws-cdk:subnet-type",
639
+ "Value": "Public"
640
+ },
641
+ {
642
+ "Key": "Name",
643
+ "Value": "alblam-twoTargets/Vpc/PublicSubnet1"
644
+ }
645
+ ],
646
+ "VpcId": {
647
+ "Ref": "Vpc8378EB38"
648
+ }
649
+ },
650
+ "Metadata": {
651
+ "cfn_nag": {
652
+ "rules_to_suppress": [
653
+ {
654
+ "id": "W33",
655
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
656
+ }
657
+ ]
658
+ }
659
+ }
660
+ },
661
+ "VpcPublicSubnet1RouteTable6C95E38E": {
662
+ "Type": "AWS::EC2::RouteTable",
663
+ "Properties": {
664
+ "Tags": [
665
+ {
666
+ "Key": "Name",
667
+ "Value": "alblam-twoTargets/Vpc/PublicSubnet1"
668
+ }
669
+ ],
670
+ "VpcId": {
671
+ "Ref": "Vpc8378EB38"
672
+ }
673
+ }
674
+ },
675
+ "VpcPublicSubnet1RouteTableAssociation97140677": {
676
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
677
+ "Properties": {
678
+ "RouteTableId": {
679
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
680
+ },
681
+ "SubnetId": {
682
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
683
+ }
684
+ }
685
+ },
686
+ "VpcPublicSubnet1DefaultRoute3DA9E72A": {
687
+ "Type": "AWS::EC2::Route",
688
+ "Properties": {
689
+ "DestinationCidrBlock": "0.0.0.0/0",
690
+ "GatewayId": {
691
+ "Ref": "VpcIGWD7BA715C"
692
+ },
693
+ "RouteTableId": {
694
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
695
+ }
696
+ },
697
+ "DependsOn": [
698
+ "VpcVPCGWBF912B6E"
699
+ ]
700
+ },
701
+ "VpcPublicSubnet1EIPD7E02669": {
702
+ "Type": "AWS::EC2::EIP",
703
+ "Properties": {
704
+ "Domain": "vpc",
705
+ "Tags": [
706
+ {
707
+ "Key": "Name",
708
+ "Value": "alblam-twoTargets/Vpc/PublicSubnet1"
709
+ }
710
+ ]
711
+ }
712
+ },
713
+ "VpcPublicSubnet1NATGateway4D7517AA": {
714
+ "Type": "AWS::EC2::NatGateway",
715
+ "Properties": {
716
+ "AllocationId": {
717
+ "Fn::GetAtt": [
718
+ "VpcPublicSubnet1EIPD7E02669",
719
+ "AllocationId"
720
+ ]
721
+ },
722
+ "SubnetId": {
723
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
724
+ },
725
+ "Tags": [
726
+ {
727
+ "Key": "Name",
728
+ "Value": "alblam-twoTargets/Vpc/PublicSubnet1"
729
+ }
730
+ ]
731
+ },
732
+ "DependsOn": [
733
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
734
+ "VpcPublicSubnet1RouteTableAssociation97140677"
735
+ ]
736
+ },
737
+ "VpcPublicSubnet2Subnet691E08A3": {
738
+ "Type": "AWS::EC2::Subnet",
739
+ "Properties": {
740
+ "AvailabilityZone": {
741
+ "Fn::Select": [
742
+ 1,
743
+ {
744
+ "Fn::GetAZs": ""
745
+ }
746
+ ]
747
+ },
748
+ "CidrBlock": "10.0.64.0/18",
749
+ "MapPublicIpOnLaunch": true,
750
+ "Tags": [
751
+ {
752
+ "Key": "aws-cdk:subnet-name",
753
+ "Value": "Public"
754
+ },
755
+ {
756
+ "Key": "aws-cdk:subnet-type",
757
+ "Value": "Public"
758
+ },
759
+ {
760
+ "Key": "Name",
761
+ "Value": "alblam-twoTargets/Vpc/PublicSubnet2"
762
+ }
763
+ ],
764
+ "VpcId": {
765
+ "Ref": "Vpc8378EB38"
766
+ }
767
+ },
768
+ "Metadata": {
769
+ "cfn_nag": {
770
+ "rules_to_suppress": [
771
+ {
772
+ "id": "W33",
773
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
774
+ }
775
+ ]
776
+ }
777
+ }
778
+ },
779
+ "VpcPublicSubnet2RouteTable94F7E489": {
780
+ "Type": "AWS::EC2::RouteTable",
781
+ "Properties": {
782
+ "Tags": [
783
+ {
784
+ "Key": "Name",
785
+ "Value": "alblam-twoTargets/Vpc/PublicSubnet2"
786
+ }
787
+ ],
788
+ "VpcId": {
789
+ "Ref": "Vpc8378EB38"
790
+ }
791
+ }
792
+ },
793
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
794
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
795
+ "Properties": {
796
+ "RouteTableId": {
797
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
798
+ },
799
+ "SubnetId": {
800
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
801
+ }
802
+ }
803
+ },
804
+ "VpcPublicSubnet2DefaultRoute97F91067": {
805
+ "Type": "AWS::EC2::Route",
806
+ "Properties": {
807
+ "DestinationCidrBlock": "0.0.0.0/0",
808
+ "GatewayId": {
809
+ "Ref": "VpcIGWD7BA715C"
810
+ },
811
+ "RouteTableId": {
812
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
813
+ }
814
+ },
815
+ "DependsOn": [
816
+ "VpcVPCGWBF912B6E"
817
+ ]
818
+ },
819
+ "VpcPublicSubnet2EIP3C605A87": {
820
+ "Type": "AWS::EC2::EIP",
821
+ "Properties": {
822
+ "Domain": "vpc",
823
+ "Tags": [
824
+ {
825
+ "Key": "Name",
826
+ "Value": "alblam-twoTargets/Vpc/PublicSubnet2"
827
+ }
828
+ ]
829
+ }
830
+ },
831
+ "VpcPublicSubnet2NATGateway9182C01D": {
832
+ "Type": "AWS::EC2::NatGateway",
833
+ "Properties": {
834
+ "AllocationId": {
835
+ "Fn::GetAtt": [
836
+ "VpcPublicSubnet2EIP3C605A87",
837
+ "AllocationId"
838
+ ]
839
+ },
840
+ "SubnetId": {
841
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
842
+ },
843
+ "Tags": [
844
+ {
845
+ "Key": "Name",
846
+ "Value": "alblam-twoTargets/Vpc/PublicSubnet2"
847
+ }
848
+ ]
849
+ },
850
+ "DependsOn": [
851
+ "VpcPublicSubnet2DefaultRoute97F91067",
852
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8"
853
+ ]
854
+ },
855
+ "VpcPrivateSubnet1Subnet536B997A": {
856
+ "Type": "AWS::EC2::Subnet",
857
+ "Properties": {
858
+ "AvailabilityZone": {
859
+ "Fn::Select": [
860
+ 0,
861
+ {
862
+ "Fn::GetAZs": ""
863
+ }
864
+ ]
865
+ },
866
+ "CidrBlock": "10.0.128.0/18",
867
+ "MapPublicIpOnLaunch": false,
868
+ "Tags": [
869
+ {
870
+ "Key": "aws-cdk:subnet-name",
871
+ "Value": "Private"
872
+ },
873
+ {
874
+ "Key": "aws-cdk:subnet-type",
875
+ "Value": "Private"
876
+ },
877
+ {
878
+ "Key": "Name",
879
+ "Value": "alblam-twoTargets/Vpc/PrivateSubnet1"
880
+ }
881
+ ],
882
+ "VpcId": {
883
+ "Ref": "Vpc8378EB38"
884
+ }
885
+ }
886
+ },
887
+ "VpcPrivateSubnet1RouteTableB2C5B500": {
888
+ "Type": "AWS::EC2::RouteTable",
889
+ "Properties": {
890
+ "Tags": [
891
+ {
892
+ "Key": "Name",
893
+ "Value": "alblam-twoTargets/Vpc/PrivateSubnet1"
894
+ }
895
+ ],
896
+ "VpcId": {
897
+ "Ref": "Vpc8378EB38"
898
+ }
899
+ }
900
+ },
901
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
902
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
903
+ "Properties": {
904
+ "RouteTableId": {
905
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
906
+ },
907
+ "SubnetId": {
908
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
909
+ }
910
+ }
911
+ },
912
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
913
+ "Type": "AWS::EC2::Route",
914
+ "Properties": {
915
+ "DestinationCidrBlock": "0.0.0.0/0",
916
+ "NatGatewayId": {
917
+ "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
918
+ },
919
+ "RouteTableId": {
920
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
921
+ }
922
+ }
923
+ },
924
+ "VpcPrivateSubnet2Subnet3788AAA1": {
925
+ "Type": "AWS::EC2::Subnet",
926
+ "Properties": {
927
+ "AvailabilityZone": {
928
+ "Fn::Select": [
929
+ 1,
930
+ {
931
+ "Fn::GetAZs": ""
932
+ }
933
+ ]
934
+ },
935
+ "CidrBlock": "10.0.192.0/18",
936
+ "MapPublicIpOnLaunch": false,
937
+ "Tags": [
938
+ {
939
+ "Key": "aws-cdk:subnet-name",
940
+ "Value": "Private"
941
+ },
942
+ {
943
+ "Key": "aws-cdk:subnet-type",
944
+ "Value": "Private"
945
+ },
946
+ {
947
+ "Key": "Name",
948
+ "Value": "alblam-twoTargets/Vpc/PrivateSubnet2"
949
+ }
950
+ ],
951
+ "VpcId": {
952
+ "Ref": "Vpc8378EB38"
953
+ }
954
+ }
955
+ },
956
+ "VpcPrivateSubnet2RouteTableA678073B": {
957
+ "Type": "AWS::EC2::RouteTable",
958
+ "Properties": {
959
+ "Tags": [
960
+ {
961
+ "Key": "Name",
962
+ "Value": "alblam-twoTargets/Vpc/PrivateSubnet2"
963
+ }
964
+ ],
965
+ "VpcId": {
966
+ "Ref": "Vpc8378EB38"
967
+ }
968
+ }
969
+ },
970
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
971
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
972
+ "Properties": {
973
+ "RouteTableId": {
974
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
975
+ },
976
+ "SubnetId": {
977
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
978
+ }
979
+ }
980
+ },
981
+ "VpcPrivateSubnet2DefaultRoute060D2087": {
982
+ "Type": "AWS::EC2::Route",
983
+ "Properties": {
984
+ "DestinationCidrBlock": "0.0.0.0/0",
985
+ "NatGatewayId": {
986
+ "Ref": "VpcPublicSubnet2NATGateway9182C01D"
987
+ },
988
+ "RouteTableId": {
989
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
990
+ }
991
+ }
992
+ },
993
+ "VpcIGWD7BA715C": {
994
+ "Type": "AWS::EC2::InternetGateway",
995
+ "Properties": {
996
+ "Tags": [
997
+ {
998
+ "Key": "Name",
999
+ "Value": "alblam-twoTargets/Vpc"
1000
+ }
1001
+ ]
1002
+ }
1003
+ },
1004
+ "VpcVPCGWBF912B6E": {
1005
+ "Type": "AWS::EC2::VPCGatewayAttachment",
1006
+ "Properties": {
1007
+ "InternetGatewayId": {
1008
+ "Ref": "VpcIGWD7BA715C"
1009
+ },
1010
+ "VpcId": {
1011
+ "Ref": "Vpc8378EB38"
1012
+ }
1013
+ }
1014
+ },
1015
+ "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": {
1016
+ "Type": "Custom::VpcRestrictDefaultSG",
1017
+ "Properties": {
1018
+ "ServiceToken": {
1019
+ "Fn::GetAtt": [
1020
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
1021
+ "Arn"
1022
+ ]
1023
+ },
1024
+ "DefaultSecurityGroupId": {
1025
+ "Fn::GetAtt": [
1026
+ "Vpc8378EB38",
1027
+ "DefaultSecurityGroup"
1028
+ ]
1029
+ },
1030
+ "Account": {
1031
+ "Ref": "AWS::AccountId"
1032
+ }
1033
+ },
1034
+ "UpdateReplacePolicy": "Delete",
1035
+ "DeletionPolicy": "Delete"
1036
+ },
1037
+ "VpcFlowLogIAMRole6A475D41": {
1038
+ "Type": "AWS::IAM::Role",
1039
+ "Properties": {
1040
+ "AssumeRolePolicyDocument": {
1041
+ "Statement": [
1042
+ {
1043
+ "Action": "sts:AssumeRole",
1044
+ "Effect": "Allow",
1045
+ "Principal": {
1046
+ "Service": "vpc-flow-logs.amazonaws.com"
1047
+ }
1048
+ }
1049
+ ],
1050
+ "Version": "2012-10-17"
1051
+ },
1052
+ "Tags": [
1053
+ {
1054
+ "Key": "Name",
1055
+ "Value": "alblam-twoTargets/Vpc/FlowLog"
1056
+ }
1057
+ ]
1058
+ }
1059
+ },
1060
+ "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
1061
+ "Type": "AWS::IAM::Policy",
1062
+ "Properties": {
1063
+ "PolicyDocument": {
1064
+ "Statement": [
1065
+ {
1066
+ "Action": [
1067
+ "logs:CreateLogStream",
1068
+ "logs:DescribeLogStreams",
1069
+ "logs:PutLogEvents"
1070
+ ],
1071
+ "Effect": "Allow",
1072
+ "Resource": {
1073
+ "Fn::GetAtt": [
1074
+ "VpcFlowLogLogGroup7B5C56B9",
1075
+ "Arn"
1076
+ ]
1077
+ }
1078
+ },
1079
+ {
1080
+ "Action": "iam:PassRole",
1081
+ "Effect": "Allow",
1082
+ "Resource": {
1083
+ "Fn::GetAtt": [
1084
+ "VpcFlowLogIAMRole6A475D41",
1085
+ "Arn"
1086
+ ]
1087
+ }
1088
+ }
1089
+ ],
1090
+ "Version": "2012-10-17"
1091
+ },
1092
+ "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
1093
+ "Roles": [
1094
+ {
1095
+ "Ref": "VpcFlowLogIAMRole6A475D41"
1096
+ }
1097
+ ]
1098
+ }
1099
+ },
1100
+ "VpcFlowLogLogGroup7B5C56B9": {
1101
+ "Type": "AWS::Logs::LogGroup",
1102
+ "Properties": {
1103
+ "RetentionInDays": 731,
1104
+ "Tags": [
1105
+ {
1106
+ "Key": "Name",
1107
+ "Value": "alblam-twoTargets/Vpc/FlowLog"
1108
+ }
1109
+ ]
1110
+ },
1111
+ "UpdateReplacePolicy": "Retain",
1112
+ "DeletionPolicy": "Retain",
1113
+ "Metadata": {
1114
+ "cfn_nag": {
1115
+ "rules_to_suppress": [
1116
+ {
1117
+ "id": "W84",
1118
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
1119
+ }
1120
+ ]
1121
+ }
1122
+ }
1123
+ },
1124
+ "VpcFlowLog8FF33A73": {
1125
+ "Type": "AWS::EC2::FlowLog",
1126
+ "Properties": {
1127
+ "DeliverLogsPermissionArn": {
1128
+ "Fn::GetAtt": [
1129
+ "VpcFlowLogIAMRole6A475D41",
1130
+ "Arn"
1131
+ ]
1132
+ },
1133
+ "LogDestinationType": "cloud-watch-logs",
1134
+ "LogGroupName": {
1135
+ "Ref": "VpcFlowLogLogGroup7B5C56B9"
1136
+ },
1137
+ "ResourceId": {
1138
+ "Ref": "Vpc8378EB38"
1139
+ },
1140
+ "ResourceType": "VPC",
1141
+ "Tags": [
1142
+ {
1143
+ "Key": "Name",
1144
+ "Value": "alblam-twoTargets/Vpc/FlowLog"
1145
+ }
1146
+ ],
1147
+ "TrafficType": "ALL"
1148
+ }
1149
+ },
1150
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
1151
+ "Type": "AWS::IAM::Role",
1152
+ "Properties": {
1153
+ "AssumeRolePolicyDocument": {
1154
+ "Version": "2012-10-17",
1155
+ "Statement": [
1156
+ {
1157
+ "Action": "sts:AssumeRole",
1158
+ "Effect": "Allow",
1159
+ "Principal": {
1160
+ "Service": "lambda.amazonaws.com"
1161
+ }
1162
+ }
1163
+ ]
1164
+ },
1165
+ "ManagedPolicyArns": [
1166
+ {
1167
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1168
+ }
1169
+ ],
1170
+ "Policies": [
1171
+ {
1172
+ "PolicyName": "Inline",
1173
+ "PolicyDocument": {
1174
+ "Version": "2012-10-17",
1175
+ "Statement": [
1176
+ {
1177
+ "Effect": "Allow",
1178
+ "Action": [
1179
+ "ec2:AuthorizeSecurityGroupIngress",
1180
+ "ec2:AuthorizeSecurityGroupEgress",
1181
+ "ec2:RevokeSecurityGroupIngress",
1182
+ "ec2:RevokeSecurityGroupEgress"
1183
+ ],
1184
+ "Resource": [
1185
+ {
1186
+ "Fn::Join": [
1187
+ "",
1188
+ [
1189
+ "arn:aws:ec2:us-east-1:",
1190
+ {
1191
+ "Ref": "AWS::AccountId"
1192
+ },
1193
+ ":security-group/",
1194
+ {
1195
+ "Fn::GetAtt": [
1196
+ "Vpc8378EB38",
1197
+ "DefaultSecurityGroup"
1198
+ ]
1199
+ }
1200
+ ]
1201
+ ]
1202
+ }
1203
+ ]
1204
+ }
1205
+ ]
1206
+ }
1207
+ }
1208
+ ]
1209
+ }
1210
+ },
1211
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
1212
+ "Type": "AWS::Lambda::Function",
1213
+ "Properties": {
1214
+ "Code": {
1215
+ "S3Bucket": {
1216
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
1217
+ },
1218
+ "S3Key": "dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e.zip"
1219
+ },
1220
+ "Timeout": 900,
1221
+ "MemorySize": 128,
1222
+ "Handler": "__entrypoint__.handler",
1223
+ "Role": {
1224
+ "Fn::GetAtt": [
1225
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
1226
+ "Arn"
1227
+ ]
1228
+ },
1229
+ "Runtime": "nodejs18.x",
1230
+ "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
1231
+ },
1232
+ "DependsOn": [
1233
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
1234
+ ],
1235
+ "Metadata": {
1236
+ "cfn_nag": {
1237
+ "rules_to_suppress": [
1238
+ {
1239
+ "id": "W58",
1240
+ "reason": "CDK generated custom resource"
1241
+ },
1242
+ {
1243
+ "id": "W89",
1244
+ "reason": "CDK generated custom resource"
1245
+ },
1246
+ {
1247
+ "id": "W92",
1248
+ "reason": "CDK generated custom resource"
1249
+ }
1250
+ ]
1251
+ }
1252
+ }
1253
+ },
1254
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
1255
+ "Type": "AWS::IAM::Role",
1256
+ "Properties": {
1257
+ "AssumeRolePolicyDocument": {
1258
+ "Version": "2012-10-17",
1259
+ "Statement": [
1260
+ {
1261
+ "Action": "sts:AssumeRole",
1262
+ "Effect": "Allow",
1263
+ "Principal": {
1264
+ "Service": "lambda.amazonaws.com"
1265
+ }
1266
+ }
1267
+ ]
1268
+ },
1269
+ "ManagedPolicyArns": [
1270
+ {
1271
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1272
+ }
1273
+ ]
1274
+ }
1275
+ },
1276
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
1277
+ "Type": "AWS::Lambda::Function",
1278
+ "Properties": {
1279
+ "Code": {
1280
+ "S3Bucket": {
1281
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
1282
+ },
1283
+ "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
1284
+ },
1285
+ "Timeout": 900,
1286
+ "MemorySize": 128,
1287
+ "Handler": "index.handler",
1288
+ "Role": {
1289
+ "Fn::GetAtt": [
1290
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
1291
+ "Arn"
1292
+ ]
1293
+ },
1294
+ "Runtime": "nodejs18.x",
1295
+ "Description": {
1296
+ "Fn::Join": [
1297
+ "",
1298
+ [
1299
+ "Lambda function for auto-deleting objects in ",
1300
+ {
1301
+ "Ref": "testoneE6ACFBB6"
1302
+ },
1303
+ " S3 bucket."
1304
+ ]
1305
+ ]
1306
+ }
1307
+ },
1308
+ "DependsOn": [
1309
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
1310
+ ],
1311
+ "Metadata": {
1312
+ "cfn_nag": {
1313
+ "rules_to_suppress": [
1314
+ {
1315
+ "id": "W58",
1316
+ "reason": "CDK generated custom resource"
1317
+ },
1318
+ {
1319
+ "id": "W89",
1320
+ "reason": "CDK generated custom resource"
1321
+ },
1322
+ {
1323
+ "id": "W92",
1324
+ "reason": "CDK generated custom resource"
1325
+ }
1326
+ ]
1327
+ }
1328
+ }
1329
+ },
1330
+ "testtwoLambdaFunctionServiceRoleD100E5F8": {
1331
+ "Type": "AWS::IAM::Role",
1332
+ "Properties": {
1333
+ "AssumeRolePolicyDocument": {
1334
+ "Statement": [
1335
+ {
1336
+ "Action": "sts:AssumeRole",
1337
+ "Effect": "Allow",
1338
+ "Principal": {
1339
+ "Service": "lambda.amazonaws.com"
1340
+ }
1341
+ }
1342
+ ],
1343
+ "Version": "2012-10-17"
1344
+ },
1345
+ "Policies": [
1346
+ {
1347
+ "PolicyDocument": {
1348
+ "Statement": [
1349
+ {
1350
+ "Action": [
1351
+ "logs:CreateLogGroup",
1352
+ "logs:CreateLogStream",
1353
+ "logs:PutLogEvents"
1354
+ ],
1355
+ "Effect": "Allow",
1356
+ "Resource": {
1357
+ "Fn::Join": [
1358
+ "",
1359
+ [
1360
+ "arn:",
1361
+ {
1362
+ "Ref": "AWS::Partition"
1363
+ },
1364
+ ":logs:",
1365
+ {
1366
+ "Ref": "AWS::Region"
1367
+ },
1368
+ ":",
1369
+ {
1370
+ "Ref": "AWS::AccountId"
1371
+ },
1372
+ ":log-group:/aws/lambda/*"
1373
+ ]
1374
+ ]
1375
+ }
1376
+ }
1377
+ ],
1378
+ "Version": "2012-10-17"
1379
+ },
1380
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
1381
+ }
1382
+ ]
1383
+ }
1384
+ },
1385
+ "testtwoLambdaFunctionServiceRoleDefaultPolicy3BCA0DDD": {
1386
+ "Type": "AWS::IAM::Policy",
1387
+ "Properties": {
1388
+ "PolicyDocument": {
1389
+ "Statement": [
1390
+ {
1391
+ "Action": [
1392
+ "ec2:AssignPrivateIpAddresses",
1393
+ "ec2:CreateNetworkInterface",
1394
+ "ec2:DeleteNetworkInterface",
1395
+ "ec2:DescribeNetworkInterfaces",
1396
+ "ec2:UnassignPrivateIpAddresses",
1397
+ "xray:PutTelemetryRecords",
1398
+ "xray:PutTraceSegments"
1399
+ ],
1400
+ "Effect": "Allow",
1401
+ "Resource": "*"
1402
+ }
1403
+ ],
1404
+ "Version": "2012-10-17"
1405
+ },
1406
+ "PolicyName": "testtwoLambdaFunctionServiceRoleDefaultPolicy3BCA0DDD",
1407
+ "Roles": [
1408
+ {
1409
+ "Ref": "testtwoLambdaFunctionServiceRoleD100E5F8"
1410
+ }
1411
+ ]
1412
+ },
1413
+ "Metadata": {
1414
+ "cfn_nag": {
1415
+ "rules_to_suppress": [
1416
+ {
1417
+ "id": "W12",
1418
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
1419
+ }
1420
+ ]
1421
+ }
1422
+ }
1423
+ },
1424
+ "testtwoReplaceDefaultSecurityGroupsecuritygroupE62CC6C1": {
1425
+ "Type": "AWS::EC2::SecurityGroup",
1426
+ "Properties": {
1427
+ "GroupDescription": "alblam-twoTargets/test-two/ReplaceDefaultSecurityGroup-security-group",
1428
+ "SecurityGroupEgress": [
1429
+ {
1430
+ "CidrIp": "0.0.0.0/0",
1431
+ "Description": "Allow all outbound traffic by default",
1432
+ "IpProtocol": "-1"
1433
+ }
1434
+ ],
1435
+ "VpcId": {
1436
+ "Ref": "Vpc8378EB38"
1437
+ }
1438
+ },
1439
+ "Metadata": {
1440
+ "cfn_nag": {
1441
+ "rules_to_suppress": [
1442
+ {
1443
+ "id": "W5",
1444
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
1445
+ },
1446
+ {
1447
+ "id": "W40",
1448
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
1449
+ }
1450
+ ]
1451
+ }
1452
+ }
1453
+ },
1454
+ "testtwoLambdaFunction0418AA26": {
1455
+ "Type": "AWS::Lambda::Function",
1456
+ "Properties": {
1457
+ "Code": {
1458
+ "S3Bucket": {
1459
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
1460
+ },
1461
+ "S3Key": "7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79.zip"
1462
+ },
1463
+ "Environment": {
1464
+ "Variables": {
1465
+ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
1466
+ }
1467
+ },
1468
+ "Handler": "index.handler",
1469
+ "Role": {
1470
+ "Fn::GetAtt": [
1471
+ "testtwoLambdaFunctionServiceRoleD100E5F8",
1472
+ "Arn"
1473
+ ]
1474
+ },
1475
+ "Runtime": "nodejs16.x",
1476
+ "TracingConfig": {
1477
+ "Mode": "Active"
1478
+ },
1479
+ "VpcConfig": {
1480
+ "SecurityGroupIds": [
1481
+ {
1482
+ "Fn::GetAtt": [
1483
+ "testtwoReplaceDefaultSecurityGroupsecuritygroupE62CC6C1",
1484
+ "GroupId"
1485
+ ]
1486
+ }
1487
+ ],
1488
+ "SubnetIds": [
1489
+ {
1490
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
1491
+ },
1492
+ {
1493
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
1494
+ }
1495
+ ]
1496
+ }
1497
+ },
1498
+ "DependsOn": [
1499
+ "testtwoLambdaFunctionServiceRoleDefaultPolicy3BCA0DDD",
1500
+ "testtwoLambdaFunctionServiceRoleD100E5F8",
1501
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
1502
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
1503
+ "VpcPrivateSubnet2DefaultRoute060D2087",
1504
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56"
1505
+ ],
1506
+ "Metadata": {
1507
+ "cfn_nag": {
1508
+ "rules_to_suppress": [
1509
+ {
1510
+ "id": "W58",
1511
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
1512
+ },
1513
+ {
1514
+ "id": "W89",
1515
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
1516
+ },
1517
+ {
1518
+ "id": "W92",
1519
+ "reason": "Impossible for us to define the correct concurrency for clients"
1520
+ }
1521
+ ]
1522
+ }
1523
+ }
1524
+ },
1525
+ "testtwoLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY068D8D47": {
1526
+ "Type": "AWS::Lambda::Permission",
1527
+ "Properties": {
1528
+ "Action": "lambda:InvokeFunction",
1529
+ "FunctionName": {
1530
+ "Fn::GetAtt": [
1531
+ "testtwoLambdaFunction0418AA26",
1532
+ "Arn"
1533
+ ]
1534
+ },
1535
+ "Principal": "elasticloadbalancing.amazonaws.com"
1536
+ },
1537
+ "DependsOn": [
1538
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
1539
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
1540
+ "VpcPrivateSubnet2DefaultRoute060D2087",
1541
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56"
1542
+ ]
1543
+ },
1544
+ "testtwotg2tg35BE6697": {
1545
+ "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
1546
+ "Properties": {
1547
+ "TargetType": "lambda",
1548
+ "Targets": [
1549
+ {
1550
+ "Id": {
1551
+ "Fn::GetAtt": [
1552
+ "testtwoLambdaFunction0418AA26",
1553
+ "Arn"
1554
+ ]
1555
+ }
1556
+ }
1557
+ ]
1558
+ },
1559
+ "DependsOn": [
1560
+ "testtwoLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY068D8D47"
1561
+ ]
1562
+ }
1563
+ },
1564
+ "Parameters": {
1565
+ "BootstrapVersion": {
1566
+ "Type": "AWS::SSM::Parameter::Value<String>",
1567
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1568
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1569
+ }
1570
+ },
1571
+ "Rules": {
1572
+ "CheckBootstrapVersion": {
1573
+ "Assertions": [
1574
+ {
1575
+ "Assert": {
1576
+ "Fn::Not": [
1577
+ {
1578
+ "Fn::Contains": [
1579
+ [
1580
+ "1",
1581
+ "2",
1582
+ "3",
1583
+ "4",
1584
+ "5"
1585
+ ],
1586
+ {
1587
+ "Ref": "BootstrapVersion"
1588
+ }
1589
+ ]
1590
+ }
1591
+ ]
1592
+ },
1593
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1594
+ }
1595
+ ]
1596
+ }
1597
+ }
1598
+ }