@aws-solutions-constructs/aws-alb-lambda 2.51.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +10 -9
  6. package/test/integ.alblam-privateApiExistingResources.js +7 -3
  7. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblam-privateApiExistingResources.assets.json +62 -0
  8. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblam-privateApiExistingResources.template.json +1332 -0
  9. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblamprivateApiExistingResourcesIntegDefaultTestDeployAssertC865AE59.assets.json +19 -0
  10. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblamprivateApiExistingResourcesIntegDefaultTestDeployAssertC865AE59.template.json +36 -0
  11. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  12. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  13. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  14. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  15. package/test/integ.alblam-privateApiExistingResources.js.snapshot/cdk.out +1 -0
  16. package/test/integ.alblam-privateApiExistingResources.js.snapshot/integ.json +12 -0
  17. package/test/integ.alblam-privateApiExistingResources.js.snapshot/manifest.json +371 -0
  18. package/test/integ.alblam-privateApiExistingResources.js.snapshot/tree.json +1708 -0
  19. package/test/integ.alblam-privateApiNewResources.js +7 -3
  20. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblam-privateApiNewResources.assets.json +62 -0
  21. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblam-privateApiNewResources.template.json +1048 -0
  22. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblamprivateApiNewResourcesIntegDefaultTestDeployAssertB0CCE59F.assets.json +19 -0
  23. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblamprivateApiNewResourcesIntegDefaultTestDeployAssertB0CCE59F.template.json +36 -0
  24. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  25. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  26. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  27. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  28. package/test/integ.alblam-privateApiNewResources.js.snapshot/cdk.out +1 -0
  29. package/test/integ.alblam-privateApiNewResources.js.snapshot/integ.json +12 -0
  30. package/test/integ.alblam-privateApiNewResources.js.snapshot/manifest.json +275 -0
  31. package/test/integ.alblam-privateApiNewResources.js.snapshot/tree.json +1294 -0
  32. package/test/integ.alblam-publicApiExistingResources.js +7 -3
  33. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblam-publicApiExistingResources.assets.json +62 -0
  34. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblam-publicApiExistingResources.template.json +1332 -0
  35. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblampublicApiExistingResourcesIntegDefaultTestDeployAssert22C8EEFD.assets.json +19 -0
  36. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblampublicApiExistingResourcesIntegDefaultTestDeployAssert22C8EEFD.template.json +36 -0
  37. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  38. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  39. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  40. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  41. package/test/integ.alblam-publicApiExistingResources.js.snapshot/cdk.out +1 -0
  42. package/test/integ.alblam-publicApiExistingResources.js.snapshot/integ.json +12 -0
  43. package/test/integ.alblam-publicApiExistingResources.js.snapshot/manifest.json +371 -0
  44. package/test/integ.alblam-publicApiExistingResources.js.snapshot/tree.json +1708 -0
  45. package/test/integ.alblam-publicApiNewResources.js +7 -3
  46. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblam-publicApiNewResources.assets.json +62 -0
  47. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblam-publicApiNewResources.template.json +1338 -0
  48. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblampublicApiNewResourcesIntegDefaultTestDeployAssert43CC63D2.assets.json +19 -0
  49. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblampublicApiNewResourcesIntegDefaultTestDeployAssert43CC63D2.template.json +36 -0
  50. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  51. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  52. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  53. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  54. package/test/integ.alblam-publicApiNewResources.js.snapshot/cdk.out +1 -0
  55. package/test/integ.alblam-publicApiNewResources.js.snapshot/integ.json +12 -0
  56. package/test/integ.alblam-publicApiNewResources.js.snapshot/manifest.json +371 -0
  57. package/test/integ.alblam-publicApiNewResources.js.snapshot/tree.json +1706 -0
  58. package/test/integ.alblam-twoTargets.js +7 -3
  59. package/test/integ.alblam-twoTargets.js.snapshot/alblam-twoTargets.assets.json +62 -0
  60. package/test/integ.alblam-twoTargets.js.snapshot/alblam-twoTargets.template.json +1598 -0
  61. package/test/integ.alblam-twoTargets.js.snapshot/alblamtwoTargetsIntegDefaultTestDeployAssert4F811416.assets.json +19 -0
  62. package/test/integ.alblam-twoTargets.js.snapshot/alblamtwoTargetsIntegDefaultTestDeployAssert4F811416.template.json +36 -0
  63. package/test/integ.alblam-twoTargets.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  64. package/test/integ.alblam-twoTargets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  65. package/test/integ.alblam-twoTargets.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  66. package/test/integ.alblam-twoTargets.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  67. package/test/integ.alblam-twoTargets.js.snapshot/cdk.out +1 -0
  68. package/test/integ.alblam-twoTargets.js.snapshot/integ.json +12 -0
  69. package/test/integ.alblam-twoTargets.js.snapshot/manifest.json +413 -0
  70. package/test/integ.alblam-twoTargets.js.snapshot/tree.json +2067 -0
  71. package/test/integ.alblam-privateApiExistingResources.expected.json +0 -1378
  72. package/test/integ.alblam-privateApiNewResources.expected.json +0 -983
  73. package/test/integ.alblam-publicApiExistingResources.expected.json +0 -1378
  74. package/test/integ.alblam-publicApiNewResources.expected.json +0 -1386
  75. package/test/integ.alblam-twoTargets.expected.json +0 -1659
@@ -0,0 +1,1338 @@
1
+ {
2
+ "Description": "Integration Test for public HTTP API with a new function and ALB",
3
+ "Resources": {
4
+ "testonetestonealb4F263E42": {
5
+ "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
6
+ "Properties": {
7
+ "LoadBalancerAttributes": [
8
+ {
9
+ "Key": "deletion_protection.enabled",
10
+ "Value": "false"
11
+ },
12
+ {
13
+ "Key": "access_logs.s3.enabled",
14
+ "Value": "true"
15
+ },
16
+ {
17
+ "Key": "access_logs.s3.bucket",
18
+ "Value": {
19
+ "Ref": "testoneE6ACFBB6"
20
+ }
21
+ },
22
+ {
23
+ "Key": "access_logs.s3.prefix",
24
+ "Value": ""
25
+ }
26
+ ],
27
+ "Scheme": "internet-facing",
28
+ "SecurityGroups": [
29
+ {
30
+ "Fn::GetAtt": [
31
+ "testonetestonealbSecurityGroup4DED9E2A",
32
+ "GroupId"
33
+ ]
34
+ }
35
+ ],
36
+ "Subnets": [
37
+ {
38
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
39
+ },
40
+ {
41
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
42
+ }
43
+ ],
44
+ "Type": "application"
45
+ },
46
+ "DependsOn": [
47
+ "testonePolicyE30853FE",
48
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
49
+ "VpcPublicSubnet1RouteTableAssociation97140677",
50
+ "VpcPublicSubnet2DefaultRoute97F91067",
51
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8"
52
+ ]
53
+ },
54
+ "testonetestonealbSecurityGroup4DED9E2A": {
55
+ "Type": "AWS::EC2::SecurityGroup",
56
+ "Properties": {
57
+ "GroupDescription": "Automatically created Security Group for ELB alblampublicApiNewResourcestestonetestonealbE07397A7",
58
+ "SecurityGroupEgress": [
59
+ {
60
+ "CidrIp": "255.255.255.255/32",
61
+ "Description": "Disallow all traffic",
62
+ "FromPort": 252,
63
+ "IpProtocol": "icmp",
64
+ "ToPort": 86
65
+ }
66
+ ],
67
+ "SecurityGroupIngress": [
68
+ {
69
+ "CidrIp": "0.0.0.0/0",
70
+ "Description": "Allow from anyone on port 80",
71
+ "FromPort": 80,
72
+ "IpProtocol": "tcp",
73
+ "ToPort": 80
74
+ }
75
+ ],
76
+ "VpcId": {
77
+ "Ref": "Vpc8378EB38"
78
+ }
79
+ },
80
+ "Metadata": {
81
+ "cfn_nag": {
82
+ "rules_to_suppress": [
83
+ {
84
+ "id": "W29",
85
+ "reason": "CDK created rule that blocks all traffic."
86
+ },
87
+ {
88
+ "id": "W2",
89
+ "reason": "Rule does not apply for ELB."
90
+ },
91
+ {
92
+ "id": "W9",
93
+ "reason": "Rule does not apply for ELB."
94
+ }
95
+ ]
96
+ }
97
+ }
98
+ },
99
+ "testoneE6ACFBB6": {
100
+ "Type": "AWS::S3::Bucket",
101
+ "Properties": {
102
+ "BucketEncryption": {
103
+ "ServerSideEncryptionConfiguration": [
104
+ {
105
+ "ServerSideEncryptionByDefault": {
106
+ "SSEAlgorithm": "AES256"
107
+ }
108
+ }
109
+ ]
110
+ },
111
+ "PublicAccessBlockConfiguration": {
112
+ "BlockPublicAcls": true,
113
+ "BlockPublicPolicy": true,
114
+ "IgnorePublicAcls": true,
115
+ "RestrictPublicBuckets": true
116
+ },
117
+ "Tags": [
118
+ {
119
+ "Key": "aws-cdk:auto-delete-objects",
120
+ "Value": "true"
121
+ }
122
+ ],
123
+ "VersioningConfiguration": {
124
+ "Status": "Enabled"
125
+ }
126
+ },
127
+ "UpdateReplacePolicy": "Delete",
128
+ "DeletionPolicy": "Delete",
129
+ "Metadata": {
130
+ "cfn_nag": {
131
+ "rules_to_suppress": [
132
+ {
133
+ "id": "W35",
134
+ "reason": "This is a log bucket for an Application Load Balancer"
135
+ }
136
+ ]
137
+ }
138
+ }
139
+ },
140
+ "testonePolicyE30853FE": {
141
+ "Type": "AWS::S3::BucketPolicy",
142
+ "Properties": {
143
+ "Bucket": {
144
+ "Ref": "testoneE6ACFBB6"
145
+ },
146
+ "PolicyDocument": {
147
+ "Statement": [
148
+ {
149
+ "Action": "s3:*",
150
+ "Condition": {
151
+ "Bool": {
152
+ "aws:SecureTransport": "false"
153
+ }
154
+ },
155
+ "Effect": "Deny",
156
+ "Principal": {
157
+ "AWS": "*"
158
+ },
159
+ "Resource": [
160
+ {
161
+ "Fn::GetAtt": [
162
+ "testoneE6ACFBB6",
163
+ "Arn"
164
+ ]
165
+ },
166
+ {
167
+ "Fn::Join": [
168
+ "",
169
+ [
170
+ {
171
+ "Fn::GetAtt": [
172
+ "testoneE6ACFBB6",
173
+ "Arn"
174
+ ]
175
+ },
176
+ "/*"
177
+ ]
178
+ ]
179
+ }
180
+ ]
181
+ },
182
+ {
183
+ "Action": [
184
+ "s3:DeleteObject*",
185
+ "s3:GetBucket*",
186
+ "s3:List*",
187
+ "s3:PutBucketPolicy"
188
+ ],
189
+ "Effect": "Allow",
190
+ "Principal": {
191
+ "AWS": {
192
+ "Fn::GetAtt": [
193
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
194
+ "Arn"
195
+ ]
196
+ }
197
+ },
198
+ "Resource": [
199
+ {
200
+ "Fn::GetAtt": [
201
+ "testoneE6ACFBB6",
202
+ "Arn"
203
+ ]
204
+ },
205
+ {
206
+ "Fn::Join": [
207
+ "",
208
+ [
209
+ {
210
+ "Fn::GetAtt": [
211
+ "testoneE6ACFBB6",
212
+ "Arn"
213
+ ]
214
+ },
215
+ "/*"
216
+ ]
217
+ ]
218
+ }
219
+ ]
220
+ },
221
+ {
222
+ "Action": "s3:PutObject",
223
+ "Effect": "Allow",
224
+ "Principal": {
225
+ "AWS": "arn:aws:iam::127311923021:root"
226
+ },
227
+ "Resource": {
228
+ "Fn::Join": [
229
+ "",
230
+ [
231
+ {
232
+ "Fn::GetAtt": [
233
+ "testoneE6ACFBB6",
234
+ "Arn"
235
+ ]
236
+ },
237
+ "/AWSLogs/",
238
+ {
239
+ "Ref": "AWS::AccountId"
240
+ },
241
+ "/*"
242
+ ]
243
+ ]
244
+ }
245
+ },
246
+ {
247
+ "Action": "s3:PutObject",
248
+ "Condition": {
249
+ "StringEquals": {
250
+ "s3:x-amz-acl": "bucket-owner-full-control"
251
+ }
252
+ },
253
+ "Effect": "Allow",
254
+ "Principal": {
255
+ "Service": "delivery.logs.amazonaws.com"
256
+ },
257
+ "Resource": {
258
+ "Fn::Join": [
259
+ "",
260
+ [
261
+ {
262
+ "Fn::GetAtt": [
263
+ "testoneE6ACFBB6",
264
+ "Arn"
265
+ ]
266
+ },
267
+ "/AWSLogs/",
268
+ {
269
+ "Ref": "AWS::AccountId"
270
+ },
271
+ "/*"
272
+ ]
273
+ ]
274
+ }
275
+ },
276
+ {
277
+ "Action": "s3:GetBucketAcl",
278
+ "Effect": "Allow",
279
+ "Principal": {
280
+ "Service": "delivery.logs.amazonaws.com"
281
+ },
282
+ "Resource": {
283
+ "Fn::GetAtt": [
284
+ "testoneE6ACFBB6",
285
+ "Arn"
286
+ ]
287
+ }
288
+ }
289
+ ],
290
+ "Version": "2012-10-17"
291
+ }
292
+ }
293
+ },
294
+ "testoneAutoDeleteObjectsCustomResourceEDE3D2FC": {
295
+ "Type": "Custom::S3AutoDeleteObjects",
296
+ "Properties": {
297
+ "ServiceToken": {
298
+ "Fn::GetAtt": [
299
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
300
+ "Arn"
301
+ ]
302
+ },
303
+ "BucketName": {
304
+ "Ref": "testoneE6ACFBB6"
305
+ }
306
+ },
307
+ "DependsOn": [
308
+ "testonePolicyE30853FE"
309
+ ],
310
+ "UpdateReplacePolicy": "Delete",
311
+ "DeletionPolicy": "Delete"
312
+ },
313
+ "testoneLambdaFunctionServiceRoleE92573D3": {
314
+ "Type": "AWS::IAM::Role",
315
+ "Properties": {
316
+ "AssumeRolePolicyDocument": {
317
+ "Statement": [
318
+ {
319
+ "Action": "sts:AssumeRole",
320
+ "Effect": "Allow",
321
+ "Principal": {
322
+ "Service": "lambda.amazonaws.com"
323
+ }
324
+ }
325
+ ],
326
+ "Version": "2012-10-17"
327
+ },
328
+ "Policies": [
329
+ {
330
+ "PolicyDocument": {
331
+ "Statement": [
332
+ {
333
+ "Action": [
334
+ "logs:CreateLogGroup",
335
+ "logs:CreateLogStream",
336
+ "logs:PutLogEvents"
337
+ ],
338
+ "Effect": "Allow",
339
+ "Resource": {
340
+ "Fn::Join": [
341
+ "",
342
+ [
343
+ "arn:",
344
+ {
345
+ "Ref": "AWS::Partition"
346
+ },
347
+ ":logs:",
348
+ {
349
+ "Ref": "AWS::Region"
350
+ },
351
+ ":",
352
+ {
353
+ "Ref": "AWS::AccountId"
354
+ },
355
+ ":log-group:/aws/lambda/*"
356
+ ]
357
+ ]
358
+ }
359
+ }
360
+ ],
361
+ "Version": "2012-10-17"
362
+ },
363
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
364
+ }
365
+ ]
366
+ }
367
+ },
368
+ "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173": {
369
+ "Type": "AWS::IAM::Policy",
370
+ "Properties": {
371
+ "PolicyDocument": {
372
+ "Statement": [
373
+ {
374
+ "Action": [
375
+ "ec2:AssignPrivateIpAddresses",
376
+ "ec2:CreateNetworkInterface",
377
+ "ec2:DeleteNetworkInterface",
378
+ "ec2:DescribeNetworkInterfaces",
379
+ "ec2:UnassignPrivateIpAddresses",
380
+ "xray:PutTelemetryRecords",
381
+ "xray:PutTraceSegments"
382
+ ],
383
+ "Effect": "Allow",
384
+ "Resource": "*"
385
+ }
386
+ ],
387
+ "Version": "2012-10-17"
388
+ },
389
+ "PolicyName": "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173",
390
+ "Roles": [
391
+ {
392
+ "Ref": "testoneLambdaFunctionServiceRoleE92573D3"
393
+ }
394
+ ]
395
+ },
396
+ "Metadata": {
397
+ "cfn_nag": {
398
+ "rules_to_suppress": [
399
+ {
400
+ "id": "W12",
401
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
402
+ }
403
+ ]
404
+ }
405
+ }
406
+ },
407
+ "testoneReplaceDefaultSecurityGroupsecuritygroupE46270FE": {
408
+ "Type": "AWS::EC2::SecurityGroup",
409
+ "Properties": {
410
+ "GroupDescription": "alblam-publicApiNewResources/test-one/ReplaceDefaultSecurityGroup-security-group",
411
+ "SecurityGroupEgress": [
412
+ {
413
+ "CidrIp": "0.0.0.0/0",
414
+ "Description": "Allow all outbound traffic by default",
415
+ "IpProtocol": "-1"
416
+ }
417
+ ],
418
+ "VpcId": {
419
+ "Ref": "Vpc8378EB38"
420
+ }
421
+ },
422
+ "Metadata": {
423
+ "cfn_nag": {
424
+ "rules_to_suppress": [
425
+ {
426
+ "id": "W5",
427
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
428
+ },
429
+ {
430
+ "id": "W40",
431
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
432
+ }
433
+ ]
434
+ }
435
+ }
436
+ },
437
+ "testoneLambdaFunctionCC9B03E1": {
438
+ "Type": "AWS::Lambda::Function",
439
+ "Properties": {
440
+ "Code": {
441
+ "S3Bucket": {
442
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
443
+ },
444
+ "S3Key": "7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79.zip"
445
+ },
446
+ "Environment": {
447
+ "Variables": {
448
+ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
449
+ }
450
+ },
451
+ "Handler": "index.handler",
452
+ "Role": {
453
+ "Fn::GetAtt": [
454
+ "testoneLambdaFunctionServiceRoleE92573D3",
455
+ "Arn"
456
+ ]
457
+ },
458
+ "Runtime": "nodejs16.x",
459
+ "TracingConfig": {
460
+ "Mode": "Active"
461
+ },
462
+ "VpcConfig": {
463
+ "SecurityGroupIds": [
464
+ {
465
+ "Fn::GetAtt": [
466
+ "testoneReplaceDefaultSecurityGroupsecuritygroupE46270FE",
467
+ "GroupId"
468
+ ]
469
+ }
470
+ ],
471
+ "SubnetIds": [
472
+ {
473
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
474
+ },
475
+ {
476
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
477
+ }
478
+ ]
479
+ }
480
+ },
481
+ "DependsOn": [
482
+ "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173",
483
+ "testoneLambdaFunctionServiceRoleE92573D3",
484
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
485
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
486
+ "VpcPrivateSubnet2DefaultRoute060D2087",
487
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56"
488
+ ],
489
+ "Metadata": {
490
+ "cfn_nag": {
491
+ "rules_to_suppress": [
492
+ {
493
+ "id": "W58",
494
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
495
+ },
496
+ {
497
+ "id": "W89",
498
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
499
+ },
500
+ {
501
+ "id": "W92",
502
+ "reason": "Impossible for us to define the correct concurrency for clients"
503
+ }
504
+ ]
505
+ }
506
+ }
507
+ },
508
+ "testoneLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY508A8518": {
509
+ "Type": "AWS::Lambda::Permission",
510
+ "Properties": {
511
+ "Action": "lambda:InvokeFunction",
512
+ "FunctionName": {
513
+ "Fn::GetAtt": [
514
+ "testoneLambdaFunctionCC9B03E1",
515
+ "Arn"
516
+ ]
517
+ },
518
+ "Principal": "elasticloadbalancing.amazonaws.com"
519
+ },
520
+ "DependsOn": [
521
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
522
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
523
+ "VpcPrivateSubnet2DefaultRoute060D2087",
524
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56"
525
+ ]
526
+ },
527
+ "testonetestonelistener51CF582F": {
528
+ "Type": "AWS::ElasticLoadBalancingV2::Listener",
529
+ "Properties": {
530
+ "DefaultActions": [
531
+ {
532
+ "TargetGroupArn": {
533
+ "Ref": "testonetg2tg6459EC7C"
534
+ },
535
+ "Type": "forward"
536
+ }
537
+ ],
538
+ "LoadBalancerArn": {
539
+ "Ref": "testonetestonealb4F263E42"
540
+ },
541
+ "Port": 80,
542
+ "Protocol": "HTTP"
543
+ },
544
+ "DependsOn": [
545
+ "testonetg2tg6459EC7C"
546
+ ],
547
+ "Metadata": {
548
+ "cfn_nag": {
549
+ "rules_to_suppress": [
550
+ {
551
+ "id": "W56",
552
+ "reason": "All integration tests must be HTTP because of certificate limitations."
553
+ }
554
+ ]
555
+ }
556
+ }
557
+ },
558
+ "testonetg2tg6459EC7C": {
559
+ "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
560
+ "Properties": {
561
+ "TargetType": "lambda",
562
+ "Targets": [
563
+ {
564
+ "Id": {
565
+ "Fn::GetAtt": [
566
+ "testoneLambdaFunctionCC9B03E1",
567
+ "Arn"
568
+ ]
569
+ }
570
+ }
571
+ ]
572
+ },
573
+ "DependsOn": [
574
+ "testoneLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY508A8518"
575
+ ]
576
+ },
577
+ "Vpc8378EB38": {
578
+ "Type": "AWS::EC2::VPC",
579
+ "Properties": {
580
+ "CidrBlock": "10.0.0.0/16",
581
+ "EnableDnsHostnames": true,
582
+ "EnableDnsSupport": true,
583
+ "InstanceTenancy": "default",
584
+ "Tags": [
585
+ {
586
+ "Key": "Name",
587
+ "Value": "alblam-publicApiNewResources/Vpc"
588
+ }
589
+ ]
590
+ }
591
+ },
592
+ "VpcPublicSubnet1Subnet5C2D37C4": {
593
+ "Type": "AWS::EC2::Subnet",
594
+ "Properties": {
595
+ "AvailabilityZone": {
596
+ "Fn::Select": [
597
+ 0,
598
+ {
599
+ "Fn::GetAZs": ""
600
+ }
601
+ ]
602
+ },
603
+ "CidrBlock": "10.0.0.0/18",
604
+ "MapPublicIpOnLaunch": true,
605
+ "Tags": [
606
+ {
607
+ "Key": "aws-cdk:subnet-name",
608
+ "Value": "Public"
609
+ },
610
+ {
611
+ "Key": "aws-cdk:subnet-type",
612
+ "Value": "Public"
613
+ },
614
+ {
615
+ "Key": "Name",
616
+ "Value": "alblam-publicApiNewResources/Vpc/PublicSubnet1"
617
+ }
618
+ ],
619
+ "VpcId": {
620
+ "Ref": "Vpc8378EB38"
621
+ }
622
+ },
623
+ "Metadata": {
624
+ "cfn_nag": {
625
+ "rules_to_suppress": [
626
+ {
627
+ "id": "W33",
628
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
629
+ }
630
+ ]
631
+ }
632
+ }
633
+ },
634
+ "VpcPublicSubnet1RouteTable6C95E38E": {
635
+ "Type": "AWS::EC2::RouteTable",
636
+ "Properties": {
637
+ "Tags": [
638
+ {
639
+ "Key": "Name",
640
+ "Value": "alblam-publicApiNewResources/Vpc/PublicSubnet1"
641
+ }
642
+ ],
643
+ "VpcId": {
644
+ "Ref": "Vpc8378EB38"
645
+ }
646
+ }
647
+ },
648
+ "VpcPublicSubnet1RouteTableAssociation97140677": {
649
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
650
+ "Properties": {
651
+ "RouteTableId": {
652
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
653
+ },
654
+ "SubnetId": {
655
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
656
+ }
657
+ }
658
+ },
659
+ "VpcPublicSubnet1DefaultRoute3DA9E72A": {
660
+ "Type": "AWS::EC2::Route",
661
+ "Properties": {
662
+ "DestinationCidrBlock": "0.0.0.0/0",
663
+ "GatewayId": {
664
+ "Ref": "VpcIGWD7BA715C"
665
+ },
666
+ "RouteTableId": {
667
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
668
+ }
669
+ },
670
+ "DependsOn": [
671
+ "VpcVPCGWBF912B6E"
672
+ ]
673
+ },
674
+ "VpcPublicSubnet1EIPD7E02669": {
675
+ "Type": "AWS::EC2::EIP",
676
+ "Properties": {
677
+ "Domain": "vpc",
678
+ "Tags": [
679
+ {
680
+ "Key": "Name",
681
+ "Value": "alblam-publicApiNewResources/Vpc/PublicSubnet1"
682
+ }
683
+ ]
684
+ }
685
+ },
686
+ "VpcPublicSubnet1NATGateway4D7517AA": {
687
+ "Type": "AWS::EC2::NatGateway",
688
+ "Properties": {
689
+ "AllocationId": {
690
+ "Fn::GetAtt": [
691
+ "VpcPublicSubnet1EIPD7E02669",
692
+ "AllocationId"
693
+ ]
694
+ },
695
+ "SubnetId": {
696
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
697
+ },
698
+ "Tags": [
699
+ {
700
+ "Key": "Name",
701
+ "Value": "alblam-publicApiNewResources/Vpc/PublicSubnet1"
702
+ }
703
+ ]
704
+ },
705
+ "DependsOn": [
706
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
707
+ "VpcPublicSubnet1RouteTableAssociation97140677"
708
+ ]
709
+ },
710
+ "VpcPublicSubnet2Subnet691E08A3": {
711
+ "Type": "AWS::EC2::Subnet",
712
+ "Properties": {
713
+ "AvailabilityZone": {
714
+ "Fn::Select": [
715
+ 1,
716
+ {
717
+ "Fn::GetAZs": ""
718
+ }
719
+ ]
720
+ },
721
+ "CidrBlock": "10.0.64.0/18",
722
+ "MapPublicIpOnLaunch": true,
723
+ "Tags": [
724
+ {
725
+ "Key": "aws-cdk:subnet-name",
726
+ "Value": "Public"
727
+ },
728
+ {
729
+ "Key": "aws-cdk:subnet-type",
730
+ "Value": "Public"
731
+ },
732
+ {
733
+ "Key": "Name",
734
+ "Value": "alblam-publicApiNewResources/Vpc/PublicSubnet2"
735
+ }
736
+ ],
737
+ "VpcId": {
738
+ "Ref": "Vpc8378EB38"
739
+ }
740
+ },
741
+ "Metadata": {
742
+ "cfn_nag": {
743
+ "rules_to_suppress": [
744
+ {
745
+ "id": "W33",
746
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
747
+ }
748
+ ]
749
+ }
750
+ }
751
+ },
752
+ "VpcPublicSubnet2RouteTable94F7E489": {
753
+ "Type": "AWS::EC2::RouteTable",
754
+ "Properties": {
755
+ "Tags": [
756
+ {
757
+ "Key": "Name",
758
+ "Value": "alblam-publicApiNewResources/Vpc/PublicSubnet2"
759
+ }
760
+ ],
761
+ "VpcId": {
762
+ "Ref": "Vpc8378EB38"
763
+ }
764
+ }
765
+ },
766
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
767
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
768
+ "Properties": {
769
+ "RouteTableId": {
770
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
771
+ },
772
+ "SubnetId": {
773
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
774
+ }
775
+ }
776
+ },
777
+ "VpcPublicSubnet2DefaultRoute97F91067": {
778
+ "Type": "AWS::EC2::Route",
779
+ "Properties": {
780
+ "DestinationCidrBlock": "0.0.0.0/0",
781
+ "GatewayId": {
782
+ "Ref": "VpcIGWD7BA715C"
783
+ },
784
+ "RouteTableId": {
785
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
786
+ }
787
+ },
788
+ "DependsOn": [
789
+ "VpcVPCGWBF912B6E"
790
+ ]
791
+ },
792
+ "VpcPublicSubnet2EIP3C605A87": {
793
+ "Type": "AWS::EC2::EIP",
794
+ "Properties": {
795
+ "Domain": "vpc",
796
+ "Tags": [
797
+ {
798
+ "Key": "Name",
799
+ "Value": "alblam-publicApiNewResources/Vpc/PublicSubnet2"
800
+ }
801
+ ]
802
+ }
803
+ },
804
+ "VpcPublicSubnet2NATGateway9182C01D": {
805
+ "Type": "AWS::EC2::NatGateway",
806
+ "Properties": {
807
+ "AllocationId": {
808
+ "Fn::GetAtt": [
809
+ "VpcPublicSubnet2EIP3C605A87",
810
+ "AllocationId"
811
+ ]
812
+ },
813
+ "SubnetId": {
814
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
815
+ },
816
+ "Tags": [
817
+ {
818
+ "Key": "Name",
819
+ "Value": "alblam-publicApiNewResources/Vpc/PublicSubnet2"
820
+ }
821
+ ]
822
+ },
823
+ "DependsOn": [
824
+ "VpcPublicSubnet2DefaultRoute97F91067",
825
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8"
826
+ ]
827
+ },
828
+ "VpcPrivateSubnet1Subnet536B997A": {
829
+ "Type": "AWS::EC2::Subnet",
830
+ "Properties": {
831
+ "AvailabilityZone": {
832
+ "Fn::Select": [
833
+ 0,
834
+ {
835
+ "Fn::GetAZs": ""
836
+ }
837
+ ]
838
+ },
839
+ "CidrBlock": "10.0.128.0/18",
840
+ "MapPublicIpOnLaunch": false,
841
+ "Tags": [
842
+ {
843
+ "Key": "aws-cdk:subnet-name",
844
+ "Value": "Private"
845
+ },
846
+ {
847
+ "Key": "aws-cdk:subnet-type",
848
+ "Value": "Private"
849
+ },
850
+ {
851
+ "Key": "Name",
852
+ "Value": "alblam-publicApiNewResources/Vpc/PrivateSubnet1"
853
+ }
854
+ ],
855
+ "VpcId": {
856
+ "Ref": "Vpc8378EB38"
857
+ }
858
+ }
859
+ },
860
+ "VpcPrivateSubnet1RouteTableB2C5B500": {
861
+ "Type": "AWS::EC2::RouteTable",
862
+ "Properties": {
863
+ "Tags": [
864
+ {
865
+ "Key": "Name",
866
+ "Value": "alblam-publicApiNewResources/Vpc/PrivateSubnet1"
867
+ }
868
+ ],
869
+ "VpcId": {
870
+ "Ref": "Vpc8378EB38"
871
+ }
872
+ }
873
+ },
874
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
875
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
876
+ "Properties": {
877
+ "RouteTableId": {
878
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
879
+ },
880
+ "SubnetId": {
881
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
882
+ }
883
+ }
884
+ },
885
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
886
+ "Type": "AWS::EC2::Route",
887
+ "Properties": {
888
+ "DestinationCidrBlock": "0.0.0.0/0",
889
+ "NatGatewayId": {
890
+ "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
891
+ },
892
+ "RouteTableId": {
893
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
894
+ }
895
+ }
896
+ },
897
+ "VpcPrivateSubnet2Subnet3788AAA1": {
898
+ "Type": "AWS::EC2::Subnet",
899
+ "Properties": {
900
+ "AvailabilityZone": {
901
+ "Fn::Select": [
902
+ 1,
903
+ {
904
+ "Fn::GetAZs": ""
905
+ }
906
+ ]
907
+ },
908
+ "CidrBlock": "10.0.192.0/18",
909
+ "MapPublicIpOnLaunch": false,
910
+ "Tags": [
911
+ {
912
+ "Key": "aws-cdk:subnet-name",
913
+ "Value": "Private"
914
+ },
915
+ {
916
+ "Key": "aws-cdk:subnet-type",
917
+ "Value": "Private"
918
+ },
919
+ {
920
+ "Key": "Name",
921
+ "Value": "alblam-publicApiNewResources/Vpc/PrivateSubnet2"
922
+ }
923
+ ],
924
+ "VpcId": {
925
+ "Ref": "Vpc8378EB38"
926
+ }
927
+ }
928
+ },
929
+ "VpcPrivateSubnet2RouteTableA678073B": {
930
+ "Type": "AWS::EC2::RouteTable",
931
+ "Properties": {
932
+ "Tags": [
933
+ {
934
+ "Key": "Name",
935
+ "Value": "alblam-publicApiNewResources/Vpc/PrivateSubnet2"
936
+ }
937
+ ],
938
+ "VpcId": {
939
+ "Ref": "Vpc8378EB38"
940
+ }
941
+ }
942
+ },
943
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
944
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
945
+ "Properties": {
946
+ "RouteTableId": {
947
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
948
+ },
949
+ "SubnetId": {
950
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
951
+ }
952
+ }
953
+ },
954
+ "VpcPrivateSubnet2DefaultRoute060D2087": {
955
+ "Type": "AWS::EC2::Route",
956
+ "Properties": {
957
+ "DestinationCidrBlock": "0.0.0.0/0",
958
+ "NatGatewayId": {
959
+ "Ref": "VpcPublicSubnet2NATGateway9182C01D"
960
+ },
961
+ "RouteTableId": {
962
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
963
+ }
964
+ }
965
+ },
966
+ "VpcIGWD7BA715C": {
967
+ "Type": "AWS::EC2::InternetGateway",
968
+ "Properties": {
969
+ "Tags": [
970
+ {
971
+ "Key": "Name",
972
+ "Value": "alblam-publicApiNewResources/Vpc"
973
+ }
974
+ ]
975
+ }
976
+ },
977
+ "VpcVPCGWBF912B6E": {
978
+ "Type": "AWS::EC2::VPCGatewayAttachment",
979
+ "Properties": {
980
+ "InternetGatewayId": {
981
+ "Ref": "VpcIGWD7BA715C"
982
+ },
983
+ "VpcId": {
984
+ "Ref": "Vpc8378EB38"
985
+ }
986
+ }
987
+ },
988
+ "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": {
989
+ "Type": "Custom::VpcRestrictDefaultSG",
990
+ "Properties": {
991
+ "ServiceToken": {
992
+ "Fn::GetAtt": [
993
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
994
+ "Arn"
995
+ ]
996
+ },
997
+ "DefaultSecurityGroupId": {
998
+ "Fn::GetAtt": [
999
+ "Vpc8378EB38",
1000
+ "DefaultSecurityGroup"
1001
+ ]
1002
+ },
1003
+ "Account": {
1004
+ "Ref": "AWS::AccountId"
1005
+ }
1006
+ },
1007
+ "UpdateReplacePolicy": "Delete",
1008
+ "DeletionPolicy": "Delete"
1009
+ },
1010
+ "VpcFlowLogIAMRole6A475D41": {
1011
+ "Type": "AWS::IAM::Role",
1012
+ "Properties": {
1013
+ "AssumeRolePolicyDocument": {
1014
+ "Statement": [
1015
+ {
1016
+ "Action": "sts:AssumeRole",
1017
+ "Effect": "Allow",
1018
+ "Principal": {
1019
+ "Service": "vpc-flow-logs.amazonaws.com"
1020
+ }
1021
+ }
1022
+ ],
1023
+ "Version": "2012-10-17"
1024
+ },
1025
+ "Tags": [
1026
+ {
1027
+ "Key": "Name",
1028
+ "Value": "alblam-publicApiNewResources/Vpc/FlowLog"
1029
+ }
1030
+ ]
1031
+ }
1032
+ },
1033
+ "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
1034
+ "Type": "AWS::IAM::Policy",
1035
+ "Properties": {
1036
+ "PolicyDocument": {
1037
+ "Statement": [
1038
+ {
1039
+ "Action": [
1040
+ "logs:CreateLogStream",
1041
+ "logs:DescribeLogStreams",
1042
+ "logs:PutLogEvents"
1043
+ ],
1044
+ "Effect": "Allow",
1045
+ "Resource": {
1046
+ "Fn::GetAtt": [
1047
+ "VpcFlowLogLogGroup7B5C56B9",
1048
+ "Arn"
1049
+ ]
1050
+ }
1051
+ },
1052
+ {
1053
+ "Action": "iam:PassRole",
1054
+ "Effect": "Allow",
1055
+ "Resource": {
1056
+ "Fn::GetAtt": [
1057
+ "VpcFlowLogIAMRole6A475D41",
1058
+ "Arn"
1059
+ ]
1060
+ }
1061
+ }
1062
+ ],
1063
+ "Version": "2012-10-17"
1064
+ },
1065
+ "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
1066
+ "Roles": [
1067
+ {
1068
+ "Ref": "VpcFlowLogIAMRole6A475D41"
1069
+ }
1070
+ ]
1071
+ }
1072
+ },
1073
+ "VpcFlowLogLogGroup7B5C56B9": {
1074
+ "Type": "AWS::Logs::LogGroup",
1075
+ "Properties": {
1076
+ "RetentionInDays": 731,
1077
+ "Tags": [
1078
+ {
1079
+ "Key": "Name",
1080
+ "Value": "alblam-publicApiNewResources/Vpc/FlowLog"
1081
+ }
1082
+ ]
1083
+ },
1084
+ "UpdateReplacePolicy": "Retain",
1085
+ "DeletionPolicy": "Retain",
1086
+ "Metadata": {
1087
+ "cfn_nag": {
1088
+ "rules_to_suppress": [
1089
+ {
1090
+ "id": "W84",
1091
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
1092
+ }
1093
+ ]
1094
+ }
1095
+ }
1096
+ },
1097
+ "VpcFlowLog8FF33A73": {
1098
+ "Type": "AWS::EC2::FlowLog",
1099
+ "Properties": {
1100
+ "DeliverLogsPermissionArn": {
1101
+ "Fn::GetAtt": [
1102
+ "VpcFlowLogIAMRole6A475D41",
1103
+ "Arn"
1104
+ ]
1105
+ },
1106
+ "LogDestinationType": "cloud-watch-logs",
1107
+ "LogGroupName": {
1108
+ "Ref": "VpcFlowLogLogGroup7B5C56B9"
1109
+ },
1110
+ "ResourceId": {
1111
+ "Ref": "Vpc8378EB38"
1112
+ },
1113
+ "ResourceType": "VPC",
1114
+ "Tags": [
1115
+ {
1116
+ "Key": "Name",
1117
+ "Value": "alblam-publicApiNewResources/Vpc/FlowLog"
1118
+ }
1119
+ ],
1120
+ "TrafficType": "ALL"
1121
+ }
1122
+ },
1123
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
1124
+ "Type": "AWS::IAM::Role",
1125
+ "Properties": {
1126
+ "AssumeRolePolicyDocument": {
1127
+ "Version": "2012-10-17",
1128
+ "Statement": [
1129
+ {
1130
+ "Action": "sts:AssumeRole",
1131
+ "Effect": "Allow",
1132
+ "Principal": {
1133
+ "Service": "lambda.amazonaws.com"
1134
+ }
1135
+ }
1136
+ ]
1137
+ },
1138
+ "ManagedPolicyArns": [
1139
+ {
1140
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1141
+ }
1142
+ ],
1143
+ "Policies": [
1144
+ {
1145
+ "PolicyName": "Inline",
1146
+ "PolicyDocument": {
1147
+ "Version": "2012-10-17",
1148
+ "Statement": [
1149
+ {
1150
+ "Effect": "Allow",
1151
+ "Action": [
1152
+ "ec2:AuthorizeSecurityGroupIngress",
1153
+ "ec2:AuthorizeSecurityGroupEgress",
1154
+ "ec2:RevokeSecurityGroupIngress",
1155
+ "ec2:RevokeSecurityGroupEgress"
1156
+ ],
1157
+ "Resource": [
1158
+ {
1159
+ "Fn::Join": [
1160
+ "",
1161
+ [
1162
+ "arn:aws:ec2:us-east-1:",
1163
+ {
1164
+ "Ref": "AWS::AccountId"
1165
+ },
1166
+ ":security-group/",
1167
+ {
1168
+ "Fn::GetAtt": [
1169
+ "Vpc8378EB38",
1170
+ "DefaultSecurityGroup"
1171
+ ]
1172
+ }
1173
+ ]
1174
+ ]
1175
+ }
1176
+ ]
1177
+ }
1178
+ ]
1179
+ }
1180
+ }
1181
+ ]
1182
+ }
1183
+ },
1184
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
1185
+ "Type": "AWS::Lambda::Function",
1186
+ "Properties": {
1187
+ "Code": {
1188
+ "S3Bucket": {
1189
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
1190
+ },
1191
+ "S3Key": "dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e.zip"
1192
+ },
1193
+ "Timeout": 900,
1194
+ "MemorySize": 128,
1195
+ "Handler": "__entrypoint__.handler",
1196
+ "Role": {
1197
+ "Fn::GetAtt": [
1198
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
1199
+ "Arn"
1200
+ ]
1201
+ },
1202
+ "Runtime": "nodejs18.x",
1203
+ "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
1204
+ },
1205
+ "DependsOn": [
1206
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
1207
+ ],
1208
+ "Metadata": {
1209
+ "cfn_nag": {
1210
+ "rules_to_suppress": [
1211
+ {
1212
+ "id": "W58",
1213
+ "reason": "CDK generated custom resource"
1214
+ },
1215
+ {
1216
+ "id": "W89",
1217
+ "reason": "CDK generated custom resource"
1218
+ },
1219
+ {
1220
+ "id": "W92",
1221
+ "reason": "CDK generated custom resource"
1222
+ }
1223
+ ]
1224
+ }
1225
+ }
1226
+ },
1227
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
1228
+ "Type": "AWS::IAM::Role",
1229
+ "Properties": {
1230
+ "AssumeRolePolicyDocument": {
1231
+ "Version": "2012-10-17",
1232
+ "Statement": [
1233
+ {
1234
+ "Action": "sts:AssumeRole",
1235
+ "Effect": "Allow",
1236
+ "Principal": {
1237
+ "Service": "lambda.amazonaws.com"
1238
+ }
1239
+ }
1240
+ ]
1241
+ },
1242
+ "ManagedPolicyArns": [
1243
+ {
1244
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1245
+ }
1246
+ ]
1247
+ }
1248
+ },
1249
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
1250
+ "Type": "AWS::Lambda::Function",
1251
+ "Properties": {
1252
+ "Code": {
1253
+ "S3Bucket": {
1254
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
1255
+ },
1256
+ "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
1257
+ },
1258
+ "Timeout": 900,
1259
+ "MemorySize": 128,
1260
+ "Handler": "index.handler",
1261
+ "Role": {
1262
+ "Fn::GetAtt": [
1263
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
1264
+ "Arn"
1265
+ ]
1266
+ },
1267
+ "Runtime": "nodejs18.x",
1268
+ "Description": {
1269
+ "Fn::Join": [
1270
+ "",
1271
+ [
1272
+ "Lambda function for auto-deleting objects in ",
1273
+ {
1274
+ "Ref": "testoneE6ACFBB6"
1275
+ },
1276
+ " S3 bucket."
1277
+ ]
1278
+ ]
1279
+ }
1280
+ },
1281
+ "DependsOn": [
1282
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
1283
+ ],
1284
+ "Metadata": {
1285
+ "cfn_nag": {
1286
+ "rules_to_suppress": [
1287
+ {
1288
+ "id": "W58",
1289
+ "reason": "CDK generated custom resource"
1290
+ },
1291
+ {
1292
+ "id": "W89",
1293
+ "reason": "CDK generated custom resource"
1294
+ },
1295
+ {
1296
+ "id": "W92",
1297
+ "reason": "CDK generated custom resource"
1298
+ }
1299
+ ]
1300
+ }
1301
+ }
1302
+ }
1303
+ },
1304
+ "Parameters": {
1305
+ "BootstrapVersion": {
1306
+ "Type": "AWS::SSM::Parameter::Value<String>",
1307
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1308
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1309
+ }
1310
+ },
1311
+ "Rules": {
1312
+ "CheckBootstrapVersion": {
1313
+ "Assertions": [
1314
+ {
1315
+ "Assert": {
1316
+ "Fn::Not": [
1317
+ {
1318
+ "Fn::Contains": [
1319
+ [
1320
+ "1",
1321
+ "2",
1322
+ "3",
1323
+ "4",
1324
+ "5"
1325
+ ],
1326
+ {
1327
+ "Ref": "BootstrapVersion"
1328
+ }
1329
+ ]
1330
+ }
1331
+ ]
1332
+ },
1333
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1334
+ }
1335
+ ]
1336
+ }
1337
+ }
1338
+ }