@aws-solutions-constructs/aws-alb-lambda 2.51.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +10 -9
  6. package/test/integ.alblam-privateApiExistingResources.js +7 -3
  7. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblam-privateApiExistingResources.assets.json +62 -0
  8. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblam-privateApiExistingResources.template.json +1332 -0
  9. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblamprivateApiExistingResourcesIntegDefaultTestDeployAssertC865AE59.assets.json +19 -0
  10. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblamprivateApiExistingResourcesIntegDefaultTestDeployAssertC865AE59.template.json +36 -0
  11. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  12. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  13. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  14. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  15. package/test/integ.alblam-privateApiExistingResources.js.snapshot/cdk.out +1 -0
  16. package/test/integ.alblam-privateApiExistingResources.js.snapshot/integ.json +12 -0
  17. package/test/integ.alblam-privateApiExistingResources.js.snapshot/manifest.json +371 -0
  18. package/test/integ.alblam-privateApiExistingResources.js.snapshot/tree.json +1708 -0
  19. package/test/integ.alblam-privateApiNewResources.js +7 -3
  20. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblam-privateApiNewResources.assets.json +62 -0
  21. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblam-privateApiNewResources.template.json +1048 -0
  22. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblamprivateApiNewResourcesIntegDefaultTestDeployAssertB0CCE59F.assets.json +19 -0
  23. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblamprivateApiNewResourcesIntegDefaultTestDeployAssertB0CCE59F.template.json +36 -0
  24. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  25. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  26. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  27. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  28. package/test/integ.alblam-privateApiNewResources.js.snapshot/cdk.out +1 -0
  29. package/test/integ.alblam-privateApiNewResources.js.snapshot/integ.json +12 -0
  30. package/test/integ.alblam-privateApiNewResources.js.snapshot/manifest.json +275 -0
  31. package/test/integ.alblam-privateApiNewResources.js.snapshot/tree.json +1294 -0
  32. package/test/integ.alblam-publicApiExistingResources.js +7 -3
  33. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblam-publicApiExistingResources.assets.json +62 -0
  34. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblam-publicApiExistingResources.template.json +1332 -0
  35. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblampublicApiExistingResourcesIntegDefaultTestDeployAssert22C8EEFD.assets.json +19 -0
  36. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblampublicApiExistingResourcesIntegDefaultTestDeployAssert22C8EEFD.template.json +36 -0
  37. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  38. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  39. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  40. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  41. package/test/integ.alblam-publicApiExistingResources.js.snapshot/cdk.out +1 -0
  42. package/test/integ.alblam-publicApiExistingResources.js.snapshot/integ.json +12 -0
  43. package/test/integ.alblam-publicApiExistingResources.js.snapshot/manifest.json +371 -0
  44. package/test/integ.alblam-publicApiExistingResources.js.snapshot/tree.json +1708 -0
  45. package/test/integ.alblam-publicApiNewResources.js +7 -3
  46. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblam-publicApiNewResources.assets.json +62 -0
  47. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblam-publicApiNewResources.template.json +1338 -0
  48. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblampublicApiNewResourcesIntegDefaultTestDeployAssert43CC63D2.assets.json +19 -0
  49. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblampublicApiNewResourcesIntegDefaultTestDeployAssert43CC63D2.template.json +36 -0
  50. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  51. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  52. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  53. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  54. package/test/integ.alblam-publicApiNewResources.js.snapshot/cdk.out +1 -0
  55. package/test/integ.alblam-publicApiNewResources.js.snapshot/integ.json +12 -0
  56. package/test/integ.alblam-publicApiNewResources.js.snapshot/manifest.json +371 -0
  57. package/test/integ.alblam-publicApiNewResources.js.snapshot/tree.json +1706 -0
  58. package/test/integ.alblam-twoTargets.js +7 -3
  59. package/test/integ.alblam-twoTargets.js.snapshot/alblam-twoTargets.assets.json +62 -0
  60. package/test/integ.alblam-twoTargets.js.snapshot/alblam-twoTargets.template.json +1598 -0
  61. package/test/integ.alblam-twoTargets.js.snapshot/alblamtwoTargetsIntegDefaultTestDeployAssert4F811416.assets.json +19 -0
  62. package/test/integ.alblam-twoTargets.js.snapshot/alblamtwoTargetsIntegDefaultTestDeployAssert4F811416.template.json +36 -0
  63. package/test/integ.alblam-twoTargets.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  64. package/test/integ.alblam-twoTargets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  65. package/test/integ.alblam-twoTargets.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  66. package/test/integ.alblam-twoTargets.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  67. package/test/integ.alblam-twoTargets.js.snapshot/cdk.out +1 -0
  68. package/test/integ.alblam-twoTargets.js.snapshot/integ.json +12 -0
  69. package/test/integ.alblam-twoTargets.js.snapshot/manifest.json +413 -0
  70. package/test/integ.alblam-twoTargets.js.snapshot/tree.json +2067 -0
  71. package/test/integ.alblam-privateApiExistingResources.expected.json +0 -1378
  72. package/test/integ.alblam-privateApiNewResources.expected.json +0 -983
  73. package/test/integ.alblam-publicApiExistingResources.expected.json +0 -1378
  74. package/test/integ.alblam-publicApiNewResources.expected.json +0 -1386
  75. package/test/integ.alblam-twoTargets.expected.json +0 -1659
@@ -1,1659 +0,0 @@
1
- {
2
- "Description": "Integration test for alb with 2 Lambda targets",
3
- "Resources": {
4
- "testonetestonealb4F263E42": {
5
- "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
6
- "Properties": {
7
- "LoadBalancerAttributes": [
8
- {
9
- "Key": "deletion_protection.enabled",
10
- "Value": "false"
11
- },
12
- {
13
- "Key": "access_logs.s3.enabled",
14
- "Value": "true"
15
- },
16
- {
17
- "Key": "access_logs.s3.bucket",
18
- "Value": {
19
- "Ref": "testoneE6ACFBB6"
20
- }
21
- },
22
- {
23
- "Key": "access_logs.s3.prefix",
24
- "Value": ""
25
- }
26
- ],
27
- "Scheme": "internet-facing",
28
- "SecurityGroups": [
29
- {
30
- "Fn::GetAtt": [
31
- "testonetestonealbSecurityGroup4DED9E2A",
32
- "GroupId"
33
- ]
34
- }
35
- ],
36
- "Subnets": [
37
- {
38
- "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
39
- },
40
- {
41
- "Ref": "VpcPublicSubnet2Subnet691E08A3"
42
- },
43
- {
44
- "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
45
- }
46
- ],
47
- "Type": "application"
48
- },
49
- "DependsOn": [
50
- "testonePolicyE30853FE",
51
- "VpcPublicSubnet1DefaultRoute3DA9E72A",
52
- "VpcPublicSubnet1RouteTableAssociation97140677",
53
- "VpcPublicSubnet2DefaultRoute97F91067",
54
- "VpcPublicSubnet2RouteTableAssociationDD5762D8",
55
- "VpcPublicSubnet3DefaultRoute4697774F",
56
- "VpcPublicSubnet3RouteTableAssociation1F1EDF02"
57
- ]
58
- },
59
- "testonetestonealbSecurityGroup4DED9E2A": {
60
- "Type": "AWS::EC2::SecurityGroup",
61
- "Properties": {
62
- "GroupDescription": "Automatically created Security Group for ELB alblamtwoTargetstestonetestonealbCEEAAF66",
63
- "SecurityGroupEgress": [
64
- {
65
- "CidrIp": "255.255.255.255/32",
66
- "Description": "Disallow all traffic",
67
- "FromPort": 252,
68
- "IpProtocol": "icmp",
69
- "ToPort": 86
70
- }
71
- ],
72
- "SecurityGroupIngress": [
73
- {
74
- "CidrIp": "0.0.0.0/0",
75
- "Description": "Allow from anyone on port 80",
76
- "FromPort": 80,
77
- "IpProtocol": "tcp",
78
- "ToPort": 80
79
- }
80
- ],
81
- "VpcId": {
82
- "Ref": "Vpc8378EB38"
83
- }
84
- },
85
- "Metadata": {
86
- "cfn_nag": {
87
- "rules_to_suppress": [
88
- {
89
- "id": "W29",
90
- "reason": "CDK created rule that blocks all traffic."
91
- },
92
- {
93
- "id": "W2",
94
- "reason": "Rule does not apply for ELB."
95
- },
96
- {
97
- "id": "W9",
98
- "reason": "Rule does not apply for ELB."
99
- }
100
- ]
101
- }
102
- }
103
- },
104
- "testoneE6ACFBB6": {
105
- "Type": "AWS::S3::Bucket",
106
- "Properties": {
107
- "BucketEncryption": {
108
- "ServerSideEncryptionConfiguration": [
109
- {
110
- "ServerSideEncryptionByDefault": {
111
- "SSEAlgorithm": "AES256"
112
- }
113
- }
114
- ]
115
- },
116
- "PublicAccessBlockConfiguration": {
117
- "BlockPublicAcls": true,
118
- "BlockPublicPolicy": true,
119
- "IgnorePublicAcls": true,
120
- "RestrictPublicBuckets": true
121
- },
122
- "Tags": [
123
- {
124
- "Key": "aws-cdk:auto-delete-objects",
125
- "Value": "true"
126
- }
127
- ],
128
- "VersioningConfiguration": {
129
- "Status": "Enabled"
130
- }
131
- },
132
- "UpdateReplacePolicy": "Delete",
133
- "DeletionPolicy": "Delete",
134
- "Metadata": {
135
- "cfn_nag": {
136
- "rules_to_suppress": [
137
- {
138
- "id": "W35",
139
- "reason": "This is a log bucket for an Application Load Balancer"
140
- }
141
- ]
142
- }
143
- }
144
- },
145
- "testonePolicyE30853FE": {
146
- "Type": "AWS::S3::BucketPolicy",
147
- "Properties": {
148
- "Bucket": {
149
- "Ref": "testoneE6ACFBB6"
150
- },
151
- "PolicyDocument": {
152
- "Statement": [
153
- {
154
- "Action": "s3:*",
155
- "Condition": {
156
- "Bool": {
157
- "aws:SecureTransport": "false"
158
- }
159
- },
160
- "Effect": "Deny",
161
- "Principal": {
162
- "AWS": "*"
163
- },
164
- "Resource": [
165
- {
166
- "Fn::GetAtt": [
167
- "testoneE6ACFBB6",
168
- "Arn"
169
- ]
170
- },
171
- {
172
- "Fn::Join": [
173
- "",
174
- [
175
- {
176
- "Fn::GetAtt": [
177
- "testoneE6ACFBB6",
178
- "Arn"
179
- ]
180
- },
181
- "/*"
182
- ]
183
- ]
184
- }
185
- ]
186
- },
187
- {
188
- "Action": [
189
- "s3:PutBucketPolicy",
190
- "s3:GetBucket*",
191
- "s3:List*",
192
- "s3:DeleteObject*"
193
- ],
194
- "Effect": "Allow",
195
- "Principal": {
196
- "AWS": {
197
- "Fn::GetAtt": [
198
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
199
- "Arn"
200
- ]
201
- }
202
- },
203
- "Resource": [
204
- {
205
- "Fn::GetAtt": [
206
- "testoneE6ACFBB6",
207
- "Arn"
208
- ]
209
- },
210
- {
211
- "Fn::Join": [
212
- "",
213
- [
214
- {
215
- "Fn::GetAtt": [
216
- "testoneE6ACFBB6",
217
- "Arn"
218
- ]
219
- },
220
- "/*"
221
- ]
222
- ]
223
- }
224
- ]
225
- },
226
- {
227
- "Action": "s3:PutObject",
228
- "Effect": "Allow",
229
- "Principal": {
230
- "AWS": {
231
- "Fn::Join": [
232
- "",
233
- [
234
- "arn:",
235
- {
236
- "Ref": "AWS::Partition"
237
- },
238
- ":iam::127311923021:root"
239
- ]
240
- ]
241
- }
242
- },
243
- "Resource": {
244
- "Fn::Join": [
245
- "",
246
- [
247
- {
248
- "Fn::GetAtt": [
249
- "testoneE6ACFBB6",
250
- "Arn"
251
- ]
252
- },
253
- "/AWSLogs/",
254
- {
255
- "Ref": "AWS::AccountId"
256
- },
257
- "/*"
258
- ]
259
- ]
260
- }
261
- },
262
- {
263
- "Action": "s3:PutObject",
264
- "Condition": {
265
- "StringEquals": {
266
- "s3:x-amz-acl": "bucket-owner-full-control"
267
- }
268
- },
269
- "Effect": "Allow",
270
- "Principal": {
271
- "Service": "delivery.logs.amazonaws.com"
272
- },
273
- "Resource": {
274
- "Fn::Join": [
275
- "",
276
- [
277
- {
278
- "Fn::GetAtt": [
279
- "testoneE6ACFBB6",
280
- "Arn"
281
- ]
282
- },
283
- "/AWSLogs/",
284
- {
285
- "Ref": "AWS::AccountId"
286
- },
287
- "/*"
288
- ]
289
- ]
290
- }
291
- },
292
- {
293
- "Action": "s3:GetBucketAcl",
294
- "Effect": "Allow",
295
- "Principal": {
296
- "Service": "delivery.logs.amazonaws.com"
297
- },
298
- "Resource": {
299
- "Fn::GetAtt": [
300
- "testoneE6ACFBB6",
301
- "Arn"
302
- ]
303
- }
304
- }
305
- ],
306
- "Version": "2012-10-17"
307
- }
308
- }
309
- },
310
- "testoneAutoDeleteObjectsCustomResourceEDE3D2FC": {
311
- "Type": "Custom::S3AutoDeleteObjects",
312
- "Properties": {
313
- "ServiceToken": {
314
- "Fn::GetAtt": [
315
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
316
- "Arn"
317
- ]
318
- },
319
- "BucketName": {
320
- "Ref": "testoneE6ACFBB6"
321
- }
322
- },
323
- "DependsOn": [
324
- "testonePolicyE30853FE"
325
- ],
326
- "UpdateReplacePolicy": "Delete",
327
- "DeletionPolicy": "Delete"
328
- },
329
- "testoneLambdaFunctionServiceRoleE92573D3": {
330
- "Type": "AWS::IAM::Role",
331
- "Properties": {
332
- "AssumeRolePolicyDocument": {
333
- "Statement": [
334
- {
335
- "Action": "sts:AssumeRole",
336
- "Effect": "Allow",
337
- "Principal": {
338
- "Service": "lambda.amazonaws.com"
339
- }
340
- }
341
- ],
342
- "Version": "2012-10-17"
343
- },
344
- "Policies": [
345
- {
346
- "PolicyDocument": {
347
- "Statement": [
348
- {
349
- "Action": [
350
- "logs:CreateLogGroup",
351
- "logs:CreateLogStream",
352
- "logs:PutLogEvents"
353
- ],
354
- "Effect": "Allow",
355
- "Resource": {
356
- "Fn::Join": [
357
- "",
358
- [
359
- "arn:",
360
- {
361
- "Ref": "AWS::Partition"
362
- },
363
- ":logs:",
364
- {
365
- "Ref": "AWS::Region"
366
- },
367
- ":",
368
- {
369
- "Ref": "AWS::AccountId"
370
- },
371
- ":log-group:/aws/lambda/*"
372
- ]
373
- ]
374
- }
375
- }
376
- ],
377
- "Version": "2012-10-17"
378
- },
379
- "PolicyName": "LambdaFunctionServiceRolePolicy"
380
- }
381
- ]
382
- }
383
- },
384
- "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173": {
385
- "Type": "AWS::IAM::Policy",
386
- "Properties": {
387
- "PolicyDocument": {
388
- "Statement": [
389
- {
390
- "Action": [
391
- "ec2:CreateNetworkInterface",
392
- "ec2:DescribeNetworkInterfaces",
393
- "ec2:DeleteNetworkInterface",
394
- "ec2:AssignPrivateIpAddresses",
395
- "ec2:UnassignPrivateIpAddresses"
396
- ],
397
- "Effect": "Allow",
398
- "Resource": "*"
399
- },
400
- {
401
- "Action": [
402
- "xray:PutTraceSegments",
403
- "xray:PutTelemetryRecords"
404
- ],
405
- "Effect": "Allow",
406
- "Resource": "*"
407
- }
408
- ],
409
- "Version": "2012-10-17"
410
- },
411
- "PolicyName": "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173",
412
- "Roles": [
413
- {
414
- "Ref": "testoneLambdaFunctionServiceRoleE92573D3"
415
- }
416
- ]
417
- },
418
- "Metadata": {
419
- "cfn_nag": {
420
- "rules_to_suppress": [
421
- {
422
- "id": "W12",
423
- "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
424
- }
425
- ]
426
- }
427
- }
428
- },
429
- "testoneReplaceDefaultSecurityGroupsecuritygroupE46270FE": {
430
- "Type": "AWS::EC2::SecurityGroup",
431
- "Properties": {
432
- "GroupDescription": "alblam-twoTargets/test-one/ReplaceDefaultSecurityGroup-security-group",
433
- "SecurityGroupEgress": [
434
- {
435
- "CidrIp": "0.0.0.0/0",
436
- "Description": "Allow all outbound traffic by default",
437
- "IpProtocol": "-1"
438
- }
439
- ],
440
- "VpcId": {
441
- "Ref": "Vpc8378EB38"
442
- }
443
- },
444
- "Metadata": {
445
- "cfn_nag": {
446
- "rules_to_suppress": [
447
- {
448
- "id": "W5",
449
- "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
450
- },
451
- {
452
- "id": "W40",
453
- "reason": "Egress IPProtocol of -1 is default and generally considered OK"
454
- }
455
- ]
456
- }
457
- }
458
- },
459
- "testoneLambdaFunctionCC9B03E1": {
460
- "Type": "AWS::Lambda::Function",
461
- "Properties": {
462
- "Code": {
463
- "S3Bucket": {
464
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
465
- },
466
- "S3Key": "7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79.zip"
467
- },
468
- "Environment": {
469
- "Variables": {
470
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
471
- }
472
- },
473
- "Handler": "index.handler",
474
- "Role": {
475
- "Fn::GetAtt": [
476
- "testoneLambdaFunctionServiceRoleE92573D3",
477
- "Arn"
478
- ]
479
- },
480
- "Runtime": "nodejs16.x",
481
- "TracingConfig": {
482
- "Mode": "Active"
483
- },
484
- "VpcConfig": {
485
- "SecurityGroupIds": [
486
- {
487
- "Fn::GetAtt": [
488
- "testoneReplaceDefaultSecurityGroupsecuritygroupE46270FE",
489
- "GroupId"
490
- ]
491
- }
492
- ],
493
- "SubnetIds": [
494
- {
495
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
496
- },
497
- {
498
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
499
- },
500
- {
501
- "Ref": "VpcPrivateSubnet3SubnetF258B56E"
502
- }
503
- ]
504
- }
505
- },
506
- "DependsOn": [
507
- "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173",
508
- "testoneLambdaFunctionServiceRoleE92573D3",
509
- "VpcPrivateSubnet1DefaultRouteBE02A9ED",
510
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
511
- "VpcPrivateSubnet2DefaultRoute060D2087",
512
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
513
- "VpcPrivateSubnet3DefaultRoute94B74F0D",
514
- "VpcPrivateSubnet3RouteTableAssociation16BDDC43"
515
- ],
516
- "Metadata": {
517
- "cfn_nag": {
518
- "rules_to_suppress": [
519
- {
520
- "id": "W58",
521
- "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
522
- },
523
- {
524
- "id": "W89",
525
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
526
- },
527
- {
528
- "id": "W92",
529
- "reason": "Impossible for us to define the correct concurrency for clients"
530
- }
531
- ]
532
- }
533
- }
534
- },
535
- "testoneLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY508A8518": {
536
- "Type": "AWS::Lambda::Permission",
537
- "Properties": {
538
- "Action": "lambda:InvokeFunction",
539
- "FunctionName": {
540
- "Fn::GetAtt": [
541
- "testoneLambdaFunctionCC9B03E1",
542
- "Arn"
543
- ]
544
- },
545
- "Principal": "elasticloadbalancing.amazonaws.com"
546
- },
547
- "DependsOn": [
548
- "VpcPrivateSubnet1DefaultRouteBE02A9ED",
549
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
550
- "VpcPrivateSubnet2DefaultRoute060D2087",
551
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
552
- "VpcPrivateSubnet3DefaultRoute94B74F0D",
553
- "VpcPrivateSubnet3RouteTableAssociation16BDDC43"
554
- ]
555
- },
556
- "testonetestonelistener51CF582F": {
557
- "Type": "AWS::ElasticLoadBalancingV2::Listener",
558
- "Properties": {
559
- "DefaultActions": [
560
- {
561
- "TargetGroupArn": {
562
- "Ref": "testonetg2tg6459EC7C"
563
- },
564
- "Type": "forward"
565
- }
566
- ],
567
- "LoadBalancerArn": {
568
- "Ref": "testonetestonealb4F263E42"
569
- },
570
- "Port": 80,
571
- "Protocol": "HTTP"
572
- },
573
- "DependsOn": [
574
- "testonetg2tg6459EC7C"
575
- ],
576
- "Metadata": {
577
- "cfn_nag": {
578
- "rules_to_suppress": [
579
- {
580
- "id": "W56",
581
- "reason": "All integration tests must be HTTP because of certificate limitations."
582
- }
583
- ]
584
- }
585
- }
586
- },
587
- "testonetestonelistenertesttwotargetsRule3ACCF5EF": {
588
- "Type": "AWS::ElasticLoadBalancingV2::ListenerRule",
589
- "Properties": {
590
- "Actions": [
591
- {
592
- "TargetGroupArn": {
593
- "Ref": "testtwotg2tg35BE6697"
594
- },
595
- "Type": "forward"
596
- }
597
- ],
598
- "Conditions": [
599
- {
600
- "Field": "path-pattern",
601
- "PathPatternConfig": {
602
- "Values": [
603
- "*admin*"
604
- ]
605
- }
606
- }
607
- ],
608
- "ListenerArn": {
609
- "Ref": "testonetestonelistener51CF582F"
610
- },
611
- "Priority": 10
612
- }
613
- },
614
- "testonetg2tg6459EC7C": {
615
- "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
616
- "Properties": {
617
- "TargetType": "lambda",
618
- "Targets": [
619
- {
620
- "Id": {
621
- "Fn::GetAtt": [
622
- "testoneLambdaFunctionCC9B03E1",
623
- "Arn"
624
- ]
625
- }
626
- }
627
- ]
628
- },
629
- "DependsOn": [
630
- "testoneLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY508A8518"
631
- ]
632
- },
633
- "Vpc8378EB38": {
634
- "Type": "AWS::EC2::VPC",
635
- "Properties": {
636
- "CidrBlock": "10.0.0.0/16",
637
- "EnableDnsHostnames": true,
638
- "EnableDnsSupport": true,
639
- "InstanceTenancy": "default",
640
- "Tags": [
641
- {
642
- "Key": "Name",
643
- "Value": "alblam-twoTargets/Vpc"
644
- }
645
- ]
646
- }
647
- },
648
- "VpcPublicSubnet1Subnet5C2D37C4": {
649
- "Type": "AWS::EC2::Subnet",
650
- "Properties": {
651
- "AvailabilityZone": "test-region-1a",
652
- "CidrBlock": "10.0.0.0/19",
653
- "MapPublicIpOnLaunch": true,
654
- "Tags": [
655
- {
656
- "Key": "aws-cdk:subnet-name",
657
- "Value": "Public"
658
- },
659
- {
660
- "Key": "aws-cdk:subnet-type",
661
- "Value": "Public"
662
- },
663
- {
664
- "Key": "Name",
665
- "Value": "alblam-twoTargets/Vpc/PublicSubnet1"
666
- }
667
- ],
668
- "VpcId": {
669
- "Ref": "Vpc8378EB38"
670
- }
671
- },
672
- "Metadata": {
673
- "cfn_nag": {
674
- "rules_to_suppress": [
675
- {
676
- "id": "W33",
677
- "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
678
- }
679
- ]
680
- }
681
- }
682
- },
683
- "VpcPublicSubnet1RouteTable6C95E38E": {
684
- "Type": "AWS::EC2::RouteTable",
685
- "Properties": {
686
- "Tags": [
687
- {
688
- "Key": "Name",
689
- "Value": "alblam-twoTargets/Vpc/PublicSubnet1"
690
- }
691
- ],
692
- "VpcId": {
693
- "Ref": "Vpc8378EB38"
694
- }
695
- }
696
- },
697
- "VpcPublicSubnet1RouteTableAssociation97140677": {
698
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
699
- "Properties": {
700
- "RouteTableId": {
701
- "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
702
- },
703
- "SubnetId": {
704
- "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
705
- }
706
- }
707
- },
708
- "VpcPublicSubnet1DefaultRoute3DA9E72A": {
709
- "Type": "AWS::EC2::Route",
710
- "Properties": {
711
- "DestinationCidrBlock": "0.0.0.0/0",
712
- "GatewayId": {
713
- "Ref": "VpcIGWD7BA715C"
714
- },
715
- "RouteTableId": {
716
- "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
717
- }
718
- },
719
- "DependsOn": [
720
- "VpcVPCGWBF912B6E"
721
- ]
722
- },
723
- "VpcPublicSubnet1EIPD7E02669": {
724
- "Type": "AWS::EC2::EIP",
725
- "Properties": {
726
- "Domain": "vpc",
727
- "Tags": [
728
- {
729
- "Key": "Name",
730
- "Value": "alblam-twoTargets/Vpc/PublicSubnet1"
731
- }
732
- ]
733
- }
734
- },
735
- "VpcPublicSubnet1NATGateway4D7517AA": {
736
- "Type": "AWS::EC2::NatGateway",
737
- "Properties": {
738
- "AllocationId": {
739
- "Fn::GetAtt": [
740
- "VpcPublicSubnet1EIPD7E02669",
741
- "AllocationId"
742
- ]
743
- },
744
- "SubnetId": {
745
- "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
746
- },
747
- "Tags": [
748
- {
749
- "Key": "Name",
750
- "Value": "alblam-twoTargets/Vpc/PublicSubnet1"
751
- }
752
- ]
753
- },
754
- "DependsOn": [
755
- "VpcPublicSubnet1DefaultRoute3DA9E72A",
756
- "VpcPublicSubnet1RouteTableAssociation97140677"
757
- ]
758
- },
759
- "VpcPublicSubnet2Subnet691E08A3": {
760
- "Type": "AWS::EC2::Subnet",
761
- "Properties": {
762
- "AvailabilityZone": "test-region-1b",
763
- "CidrBlock": "10.0.32.0/19",
764
- "MapPublicIpOnLaunch": true,
765
- "Tags": [
766
- {
767
- "Key": "aws-cdk:subnet-name",
768
- "Value": "Public"
769
- },
770
- {
771
- "Key": "aws-cdk:subnet-type",
772
- "Value": "Public"
773
- },
774
- {
775
- "Key": "Name",
776
- "Value": "alblam-twoTargets/Vpc/PublicSubnet2"
777
- }
778
- ],
779
- "VpcId": {
780
- "Ref": "Vpc8378EB38"
781
- }
782
- },
783
- "Metadata": {
784
- "cfn_nag": {
785
- "rules_to_suppress": [
786
- {
787
- "id": "W33",
788
- "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
789
- }
790
- ]
791
- }
792
- }
793
- },
794
- "VpcPublicSubnet2RouteTable94F7E489": {
795
- "Type": "AWS::EC2::RouteTable",
796
- "Properties": {
797
- "Tags": [
798
- {
799
- "Key": "Name",
800
- "Value": "alblam-twoTargets/Vpc/PublicSubnet2"
801
- }
802
- ],
803
- "VpcId": {
804
- "Ref": "Vpc8378EB38"
805
- }
806
- }
807
- },
808
- "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
809
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
810
- "Properties": {
811
- "RouteTableId": {
812
- "Ref": "VpcPublicSubnet2RouteTable94F7E489"
813
- },
814
- "SubnetId": {
815
- "Ref": "VpcPublicSubnet2Subnet691E08A3"
816
- }
817
- }
818
- },
819
- "VpcPublicSubnet2DefaultRoute97F91067": {
820
- "Type": "AWS::EC2::Route",
821
- "Properties": {
822
- "DestinationCidrBlock": "0.0.0.0/0",
823
- "GatewayId": {
824
- "Ref": "VpcIGWD7BA715C"
825
- },
826
- "RouteTableId": {
827
- "Ref": "VpcPublicSubnet2RouteTable94F7E489"
828
- }
829
- },
830
- "DependsOn": [
831
- "VpcVPCGWBF912B6E"
832
- ]
833
- },
834
- "VpcPublicSubnet2EIP3C605A87": {
835
- "Type": "AWS::EC2::EIP",
836
- "Properties": {
837
- "Domain": "vpc",
838
- "Tags": [
839
- {
840
- "Key": "Name",
841
- "Value": "alblam-twoTargets/Vpc/PublicSubnet2"
842
- }
843
- ]
844
- }
845
- },
846
- "VpcPublicSubnet2NATGateway9182C01D": {
847
- "Type": "AWS::EC2::NatGateway",
848
- "Properties": {
849
- "AllocationId": {
850
- "Fn::GetAtt": [
851
- "VpcPublicSubnet2EIP3C605A87",
852
- "AllocationId"
853
- ]
854
- },
855
- "SubnetId": {
856
- "Ref": "VpcPublicSubnet2Subnet691E08A3"
857
- },
858
- "Tags": [
859
- {
860
- "Key": "Name",
861
- "Value": "alblam-twoTargets/Vpc/PublicSubnet2"
862
- }
863
- ]
864
- },
865
- "DependsOn": [
866
- "VpcPublicSubnet2DefaultRoute97F91067",
867
- "VpcPublicSubnet2RouteTableAssociationDD5762D8"
868
- ]
869
- },
870
- "VpcPublicSubnet3SubnetBE12F0B6": {
871
- "Type": "AWS::EC2::Subnet",
872
- "Properties": {
873
- "AvailabilityZone": "test-region-1c",
874
- "CidrBlock": "10.0.64.0/19",
875
- "MapPublicIpOnLaunch": true,
876
- "Tags": [
877
- {
878
- "Key": "aws-cdk:subnet-name",
879
- "Value": "Public"
880
- },
881
- {
882
- "Key": "aws-cdk:subnet-type",
883
- "Value": "Public"
884
- },
885
- {
886
- "Key": "Name",
887
- "Value": "alblam-twoTargets/Vpc/PublicSubnet3"
888
- }
889
- ],
890
- "VpcId": {
891
- "Ref": "Vpc8378EB38"
892
- }
893
- },
894
- "Metadata": {
895
- "cfn_nag": {
896
- "rules_to_suppress": [
897
- {
898
- "id": "W33",
899
- "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
900
- }
901
- ]
902
- }
903
- }
904
- },
905
- "VpcPublicSubnet3RouteTable93458DBB": {
906
- "Type": "AWS::EC2::RouteTable",
907
- "Properties": {
908
- "Tags": [
909
- {
910
- "Key": "Name",
911
- "Value": "alblam-twoTargets/Vpc/PublicSubnet3"
912
- }
913
- ],
914
- "VpcId": {
915
- "Ref": "Vpc8378EB38"
916
- }
917
- }
918
- },
919
- "VpcPublicSubnet3RouteTableAssociation1F1EDF02": {
920
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
921
- "Properties": {
922
- "RouteTableId": {
923
- "Ref": "VpcPublicSubnet3RouteTable93458DBB"
924
- },
925
- "SubnetId": {
926
- "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
927
- }
928
- }
929
- },
930
- "VpcPublicSubnet3DefaultRoute4697774F": {
931
- "Type": "AWS::EC2::Route",
932
- "Properties": {
933
- "DestinationCidrBlock": "0.0.0.0/0",
934
- "GatewayId": {
935
- "Ref": "VpcIGWD7BA715C"
936
- },
937
- "RouteTableId": {
938
- "Ref": "VpcPublicSubnet3RouteTable93458DBB"
939
- }
940
- },
941
- "DependsOn": [
942
- "VpcVPCGWBF912B6E"
943
- ]
944
- },
945
- "VpcPublicSubnet3EIP3A666A23": {
946
- "Type": "AWS::EC2::EIP",
947
- "Properties": {
948
- "Domain": "vpc",
949
- "Tags": [
950
- {
951
- "Key": "Name",
952
- "Value": "alblam-twoTargets/Vpc/PublicSubnet3"
953
- }
954
- ]
955
- }
956
- },
957
- "VpcPublicSubnet3NATGateway7640CD1D": {
958
- "Type": "AWS::EC2::NatGateway",
959
- "Properties": {
960
- "AllocationId": {
961
- "Fn::GetAtt": [
962
- "VpcPublicSubnet3EIP3A666A23",
963
- "AllocationId"
964
- ]
965
- },
966
- "SubnetId": {
967
- "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
968
- },
969
- "Tags": [
970
- {
971
- "Key": "Name",
972
- "Value": "alblam-twoTargets/Vpc/PublicSubnet3"
973
- }
974
- ]
975
- },
976
- "DependsOn": [
977
- "VpcPublicSubnet3DefaultRoute4697774F",
978
- "VpcPublicSubnet3RouteTableAssociation1F1EDF02"
979
- ]
980
- },
981
- "VpcPrivateSubnet1Subnet536B997A": {
982
- "Type": "AWS::EC2::Subnet",
983
- "Properties": {
984
- "AvailabilityZone": "test-region-1a",
985
- "CidrBlock": "10.0.96.0/19",
986
- "MapPublicIpOnLaunch": false,
987
- "Tags": [
988
- {
989
- "Key": "aws-cdk:subnet-name",
990
- "Value": "Private"
991
- },
992
- {
993
- "Key": "aws-cdk:subnet-type",
994
- "Value": "Private"
995
- },
996
- {
997
- "Key": "Name",
998
- "Value": "alblam-twoTargets/Vpc/PrivateSubnet1"
999
- }
1000
- ],
1001
- "VpcId": {
1002
- "Ref": "Vpc8378EB38"
1003
- }
1004
- }
1005
- },
1006
- "VpcPrivateSubnet1RouteTableB2C5B500": {
1007
- "Type": "AWS::EC2::RouteTable",
1008
- "Properties": {
1009
- "Tags": [
1010
- {
1011
- "Key": "Name",
1012
- "Value": "alblam-twoTargets/Vpc/PrivateSubnet1"
1013
- }
1014
- ],
1015
- "VpcId": {
1016
- "Ref": "Vpc8378EB38"
1017
- }
1018
- }
1019
- },
1020
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
1021
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
1022
- "Properties": {
1023
- "RouteTableId": {
1024
- "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
1025
- },
1026
- "SubnetId": {
1027
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
1028
- }
1029
- }
1030
- },
1031
- "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
1032
- "Type": "AWS::EC2::Route",
1033
- "Properties": {
1034
- "DestinationCidrBlock": "0.0.0.0/0",
1035
- "NatGatewayId": {
1036
- "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
1037
- },
1038
- "RouteTableId": {
1039
- "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
1040
- }
1041
- }
1042
- },
1043
- "VpcPrivateSubnet2Subnet3788AAA1": {
1044
- "Type": "AWS::EC2::Subnet",
1045
- "Properties": {
1046
- "AvailabilityZone": "test-region-1b",
1047
- "CidrBlock": "10.0.128.0/19",
1048
- "MapPublicIpOnLaunch": false,
1049
- "Tags": [
1050
- {
1051
- "Key": "aws-cdk:subnet-name",
1052
- "Value": "Private"
1053
- },
1054
- {
1055
- "Key": "aws-cdk:subnet-type",
1056
- "Value": "Private"
1057
- },
1058
- {
1059
- "Key": "Name",
1060
- "Value": "alblam-twoTargets/Vpc/PrivateSubnet2"
1061
- }
1062
- ],
1063
- "VpcId": {
1064
- "Ref": "Vpc8378EB38"
1065
- }
1066
- }
1067
- },
1068
- "VpcPrivateSubnet2RouteTableA678073B": {
1069
- "Type": "AWS::EC2::RouteTable",
1070
- "Properties": {
1071
- "Tags": [
1072
- {
1073
- "Key": "Name",
1074
- "Value": "alblam-twoTargets/Vpc/PrivateSubnet2"
1075
- }
1076
- ],
1077
- "VpcId": {
1078
- "Ref": "Vpc8378EB38"
1079
- }
1080
- }
1081
- },
1082
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
1083
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
1084
- "Properties": {
1085
- "RouteTableId": {
1086
- "Ref": "VpcPrivateSubnet2RouteTableA678073B"
1087
- },
1088
- "SubnetId": {
1089
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
1090
- }
1091
- }
1092
- },
1093
- "VpcPrivateSubnet2DefaultRoute060D2087": {
1094
- "Type": "AWS::EC2::Route",
1095
- "Properties": {
1096
- "DestinationCidrBlock": "0.0.0.0/0",
1097
- "NatGatewayId": {
1098
- "Ref": "VpcPublicSubnet2NATGateway9182C01D"
1099
- },
1100
- "RouteTableId": {
1101
- "Ref": "VpcPrivateSubnet2RouteTableA678073B"
1102
- }
1103
- }
1104
- },
1105
- "VpcPrivateSubnet3SubnetF258B56E": {
1106
- "Type": "AWS::EC2::Subnet",
1107
- "Properties": {
1108
- "AvailabilityZone": "test-region-1c",
1109
- "CidrBlock": "10.0.160.0/19",
1110
- "MapPublicIpOnLaunch": false,
1111
- "Tags": [
1112
- {
1113
- "Key": "aws-cdk:subnet-name",
1114
- "Value": "Private"
1115
- },
1116
- {
1117
- "Key": "aws-cdk:subnet-type",
1118
- "Value": "Private"
1119
- },
1120
- {
1121
- "Key": "Name",
1122
- "Value": "alblam-twoTargets/Vpc/PrivateSubnet3"
1123
- }
1124
- ],
1125
- "VpcId": {
1126
- "Ref": "Vpc8378EB38"
1127
- }
1128
- }
1129
- },
1130
- "VpcPrivateSubnet3RouteTableD98824C7": {
1131
- "Type": "AWS::EC2::RouteTable",
1132
- "Properties": {
1133
- "Tags": [
1134
- {
1135
- "Key": "Name",
1136
- "Value": "alblam-twoTargets/Vpc/PrivateSubnet3"
1137
- }
1138
- ],
1139
- "VpcId": {
1140
- "Ref": "Vpc8378EB38"
1141
- }
1142
- }
1143
- },
1144
- "VpcPrivateSubnet3RouteTableAssociation16BDDC43": {
1145
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
1146
- "Properties": {
1147
- "RouteTableId": {
1148
- "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
1149
- },
1150
- "SubnetId": {
1151
- "Ref": "VpcPrivateSubnet3SubnetF258B56E"
1152
- }
1153
- }
1154
- },
1155
- "VpcPrivateSubnet3DefaultRoute94B74F0D": {
1156
- "Type": "AWS::EC2::Route",
1157
- "Properties": {
1158
- "DestinationCidrBlock": "0.0.0.0/0",
1159
- "NatGatewayId": {
1160
- "Ref": "VpcPublicSubnet3NATGateway7640CD1D"
1161
- },
1162
- "RouteTableId": {
1163
- "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
1164
- }
1165
- }
1166
- },
1167
- "VpcIGWD7BA715C": {
1168
- "Type": "AWS::EC2::InternetGateway",
1169
- "Properties": {
1170
- "Tags": [
1171
- {
1172
- "Key": "Name",
1173
- "Value": "alblam-twoTargets/Vpc"
1174
- }
1175
- ]
1176
- }
1177
- },
1178
- "VpcVPCGWBF912B6E": {
1179
- "Type": "AWS::EC2::VPCGatewayAttachment",
1180
- "Properties": {
1181
- "InternetGatewayId": {
1182
- "Ref": "VpcIGWD7BA715C"
1183
- },
1184
- "VpcId": {
1185
- "Ref": "Vpc8378EB38"
1186
- }
1187
- }
1188
- },
1189
- "VpcFlowLogIAMRole6A475D41": {
1190
- "Type": "AWS::IAM::Role",
1191
- "Properties": {
1192
- "AssumeRolePolicyDocument": {
1193
- "Statement": [
1194
- {
1195
- "Action": "sts:AssumeRole",
1196
- "Effect": "Allow",
1197
- "Principal": {
1198
- "Service": "vpc-flow-logs.amazonaws.com"
1199
- }
1200
- }
1201
- ],
1202
- "Version": "2012-10-17"
1203
- },
1204
- "Tags": [
1205
- {
1206
- "Key": "Name",
1207
- "Value": "alblam-twoTargets/Vpc/FlowLog"
1208
- }
1209
- ]
1210
- }
1211
- },
1212
- "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
1213
- "Type": "AWS::IAM::Policy",
1214
- "Properties": {
1215
- "PolicyDocument": {
1216
- "Statement": [
1217
- {
1218
- "Action": [
1219
- "logs:CreateLogStream",
1220
- "logs:PutLogEvents",
1221
- "logs:DescribeLogStreams"
1222
- ],
1223
- "Effect": "Allow",
1224
- "Resource": {
1225
- "Fn::GetAtt": [
1226
- "VpcFlowLogLogGroup7B5C56B9",
1227
- "Arn"
1228
- ]
1229
- }
1230
- },
1231
- {
1232
- "Action": "iam:PassRole",
1233
- "Effect": "Allow",
1234
- "Resource": {
1235
- "Fn::GetAtt": [
1236
- "VpcFlowLogIAMRole6A475D41",
1237
- "Arn"
1238
- ]
1239
- }
1240
- }
1241
- ],
1242
- "Version": "2012-10-17"
1243
- },
1244
- "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
1245
- "Roles": [
1246
- {
1247
- "Ref": "VpcFlowLogIAMRole6A475D41"
1248
- }
1249
- ]
1250
- }
1251
- },
1252
- "VpcFlowLogLogGroup7B5C56B9": {
1253
- "Type": "AWS::Logs::LogGroup",
1254
- "Properties": {
1255
- "RetentionInDays": 731,
1256
- "Tags": [
1257
- {
1258
- "Key": "Name",
1259
- "Value": "alblam-twoTargets/Vpc/FlowLog"
1260
- }
1261
- ]
1262
- },
1263
- "UpdateReplacePolicy": "Retain",
1264
- "DeletionPolicy": "Retain",
1265
- "Metadata": {
1266
- "cfn_nag": {
1267
- "rules_to_suppress": [
1268
- {
1269
- "id": "W84",
1270
- "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
1271
- }
1272
- ]
1273
- }
1274
- }
1275
- },
1276
- "VpcFlowLog8FF33A73": {
1277
- "Type": "AWS::EC2::FlowLog",
1278
- "Properties": {
1279
- "DeliverLogsPermissionArn": {
1280
- "Fn::GetAtt": [
1281
- "VpcFlowLogIAMRole6A475D41",
1282
- "Arn"
1283
- ]
1284
- },
1285
- "LogDestinationType": "cloud-watch-logs",
1286
- "LogGroupName": {
1287
- "Ref": "VpcFlowLogLogGroup7B5C56B9"
1288
- },
1289
- "ResourceId": {
1290
- "Ref": "Vpc8378EB38"
1291
- },
1292
- "ResourceType": "VPC",
1293
- "Tags": [
1294
- {
1295
- "Key": "Name",
1296
- "Value": "alblam-twoTargets/Vpc/FlowLog"
1297
- }
1298
- ],
1299
- "TrafficType": "ALL"
1300
- }
1301
- },
1302
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
1303
- "Type": "AWS::IAM::Role",
1304
- "Properties": {
1305
- "AssumeRolePolicyDocument": {
1306
- "Version": "2012-10-17",
1307
- "Statement": [
1308
- {
1309
- "Action": "sts:AssumeRole",
1310
- "Effect": "Allow",
1311
- "Principal": {
1312
- "Service": "lambda.amazonaws.com"
1313
- }
1314
- }
1315
- ]
1316
- },
1317
- "ManagedPolicyArns": [
1318
- {
1319
- "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1320
- }
1321
- ]
1322
- }
1323
- },
1324
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
1325
- "Type": "AWS::Lambda::Function",
1326
- "Properties": {
1327
- "Code": {
1328
- "S3Bucket": {
1329
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
1330
- },
1331
- "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
1332
- },
1333
- "Timeout": 900,
1334
- "MemorySize": 128,
1335
- "Handler": "index.handler",
1336
- "Role": {
1337
- "Fn::GetAtt": [
1338
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
1339
- "Arn"
1340
- ]
1341
- },
1342
- "Runtime": "nodejs18.x",
1343
- "Description": {
1344
- "Fn::Join": [
1345
- "",
1346
- [
1347
- "Lambda function for auto-deleting objects in ",
1348
- {
1349
- "Ref": "testoneE6ACFBB6"
1350
- },
1351
- " S3 bucket."
1352
- ]
1353
- ]
1354
- }
1355
- },
1356
- "DependsOn": [
1357
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
1358
- ],
1359
- "Metadata": {
1360
- "cfn_nag": {
1361
- "rules_to_suppress": [
1362
- {
1363
- "id": "W58",
1364
- "reason": "CDK generated custom resource"
1365
- },
1366
- {
1367
- "id": "W89",
1368
- "reason": "CDK generated custom resource"
1369
- },
1370
- {
1371
- "id": "W92",
1372
- "reason": "CDK generated custom resource"
1373
- }
1374
- ]
1375
- }
1376
- }
1377
- },
1378
- "testtwoLambdaFunctionServiceRoleD100E5F8": {
1379
- "Type": "AWS::IAM::Role",
1380
- "Properties": {
1381
- "AssumeRolePolicyDocument": {
1382
- "Statement": [
1383
- {
1384
- "Action": "sts:AssumeRole",
1385
- "Effect": "Allow",
1386
- "Principal": {
1387
- "Service": "lambda.amazonaws.com"
1388
- }
1389
- }
1390
- ],
1391
- "Version": "2012-10-17"
1392
- },
1393
- "Policies": [
1394
- {
1395
- "PolicyDocument": {
1396
- "Statement": [
1397
- {
1398
- "Action": [
1399
- "logs:CreateLogGroup",
1400
- "logs:CreateLogStream",
1401
- "logs:PutLogEvents"
1402
- ],
1403
- "Effect": "Allow",
1404
- "Resource": {
1405
- "Fn::Join": [
1406
- "",
1407
- [
1408
- "arn:",
1409
- {
1410
- "Ref": "AWS::Partition"
1411
- },
1412
- ":logs:",
1413
- {
1414
- "Ref": "AWS::Region"
1415
- },
1416
- ":",
1417
- {
1418
- "Ref": "AWS::AccountId"
1419
- },
1420
- ":log-group:/aws/lambda/*"
1421
- ]
1422
- ]
1423
- }
1424
- }
1425
- ],
1426
- "Version": "2012-10-17"
1427
- },
1428
- "PolicyName": "LambdaFunctionServiceRolePolicy"
1429
- }
1430
- ]
1431
- }
1432
- },
1433
- "testtwoLambdaFunctionServiceRoleDefaultPolicy3BCA0DDD": {
1434
- "Type": "AWS::IAM::Policy",
1435
- "Properties": {
1436
- "PolicyDocument": {
1437
- "Statement": [
1438
- {
1439
- "Action": [
1440
- "ec2:CreateNetworkInterface",
1441
- "ec2:DescribeNetworkInterfaces",
1442
- "ec2:DeleteNetworkInterface",
1443
- "ec2:AssignPrivateIpAddresses",
1444
- "ec2:UnassignPrivateIpAddresses"
1445
- ],
1446
- "Effect": "Allow",
1447
- "Resource": "*"
1448
- },
1449
- {
1450
- "Action": [
1451
- "xray:PutTraceSegments",
1452
- "xray:PutTelemetryRecords"
1453
- ],
1454
- "Effect": "Allow",
1455
- "Resource": "*"
1456
- }
1457
- ],
1458
- "Version": "2012-10-17"
1459
- },
1460
- "PolicyName": "testtwoLambdaFunctionServiceRoleDefaultPolicy3BCA0DDD",
1461
- "Roles": [
1462
- {
1463
- "Ref": "testtwoLambdaFunctionServiceRoleD100E5F8"
1464
- }
1465
- ]
1466
- },
1467
- "Metadata": {
1468
- "cfn_nag": {
1469
- "rules_to_suppress": [
1470
- {
1471
- "id": "W12",
1472
- "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
1473
- }
1474
- ]
1475
- }
1476
- }
1477
- },
1478
- "testtwoReplaceDefaultSecurityGroupsecuritygroupE62CC6C1": {
1479
- "Type": "AWS::EC2::SecurityGroup",
1480
- "Properties": {
1481
- "GroupDescription": "alblam-twoTargets/test-two/ReplaceDefaultSecurityGroup-security-group",
1482
- "SecurityGroupEgress": [
1483
- {
1484
- "CidrIp": "0.0.0.0/0",
1485
- "Description": "Allow all outbound traffic by default",
1486
- "IpProtocol": "-1"
1487
- }
1488
- ],
1489
- "VpcId": {
1490
- "Ref": "Vpc8378EB38"
1491
- }
1492
- },
1493
- "Metadata": {
1494
- "cfn_nag": {
1495
- "rules_to_suppress": [
1496
- {
1497
- "id": "W5",
1498
- "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
1499
- },
1500
- {
1501
- "id": "W40",
1502
- "reason": "Egress IPProtocol of -1 is default and generally considered OK"
1503
- }
1504
- ]
1505
- }
1506
- }
1507
- },
1508
- "testtwoLambdaFunction0418AA26": {
1509
- "Type": "AWS::Lambda::Function",
1510
- "Properties": {
1511
- "Code": {
1512
- "S3Bucket": {
1513
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
1514
- },
1515
- "S3Key": "7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79.zip"
1516
- },
1517
- "Environment": {
1518
- "Variables": {
1519
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
1520
- }
1521
- },
1522
- "Handler": "index.handler",
1523
- "Role": {
1524
- "Fn::GetAtt": [
1525
- "testtwoLambdaFunctionServiceRoleD100E5F8",
1526
- "Arn"
1527
- ]
1528
- },
1529
- "Runtime": "nodejs16.x",
1530
- "TracingConfig": {
1531
- "Mode": "Active"
1532
- },
1533
- "VpcConfig": {
1534
- "SecurityGroupIds": [
1535
- {
1536
- "Fn::GetAtt": [
1537
- "testtwoReplaceDefaultSecurityGroupsecuritygroupE62CC6C1",
1538
- "GroupId"
1539
- ]
1540
- }
1541
- ],
1542
- "SubnetIds": [
1543
- {
1544
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
1545
- },
1546
- {
1547
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
1548
- },
1549
- {
1550
- "Ref": "VpcPrivateSubnet3SubnetF258B56E"
1551
- }
1552
- ]
1553
- }
1554
- },
1555
- "DependsOn": [
1556
- "testtwoLambdaFunctionServiceRoleDefaultPolicy3BCA0DDD",
1557
- "testtwoLambdaFunctionServiceRoleD100E5F8",
1558
- "VpcPrivateSubnet1DefaultRouteBE02A9ED",
1559
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
1560
- "VpcPrivateSubnet2DefaultRoute060D2087",
1561
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
1562
- "VpcPrivateSubnet3DefaultRoute94B74F0D",
1563
- "VpcPrivateSubnet3RouteTableAssociation16BDDC43"
1564
- ],
1565
- "Metadata": {
1566
- "cfn_nag": {
1567
- "rules_to_suppress": [
1568
- {
1569
- "id": "W58",
1570
- "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
1571
- },
1572
- {
1573
- "id": "W89",
1574
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
1575
- },
1576
- {
1577
- "id": "W92",
1578
- "reason": "Impossible for us to define the correct concurrency for clients"
1579
- }
1580
- ]
1581
- }
1582
- }
1583
- },
1584
- "testtwoLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY068D8D47": {
1585
- "Type": "AWS::Lambda::Permission",
1586
- "Properties": {
1587
- "Action": "lambda:InvokeFunction",
1588
- "FunctionName": {
1589
- "Fn::GetAtt": [
1590
- "testtwoLambdaFunction0418AA26",
1591
- "Arn"
1592
- ]
1593
- },
1594
- "Principal": "elasticloadbalancing.amazonaws.com"
1595
- },
1596
- "DependsOn": [
1597
- "VpcPrivateSubnet1DefaultRouteBE02A9ED",
1598
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
1599
- "VpcPrivateSubnet2DefaultRoute060D2087",
1600
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
1601
- "VpcPrivateSubnet3DefaultRoute94B74F0D",
1602
- "VpcPrivateSubnet3RouteTableAssociation16BDDC43"
1603
- ]
1604
- },
1605
- "testtwotg2tg35BE6697": {
1606
- "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
1607
- "Properties": {
1608
- "TargetType": "lambda",
1609
- "Targets": [
1610
- {
1611
- "Id": {
1612
- "Fn::GetAtt": [
1613
- "testtwoLambdaFunction0418AA26",
1614
- "Arn"
1615
- ]
1616
- }
1617
- }
1618
- ]
1619
- },
1620
- "DependsOn": [
1621
- "testtwoLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY068D8D47"
1622
- ]
1623
- }
1624
- },
1625
- "Parameters": {
1626
- "BootstrapVersion": {
1627
- "Type": "AWS::SSM::Parameter::Value<String>",
1628
- "Default": "/cdk-bootstrap/hnb659fds/version",
1629
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1630
- }
1631
- },
1632
- "Rules": {
1633
- "CheckBootstrapVersion": {
1634
- "Assertions": [
1635
- {
1636
- "Assert": {
1637
- "Fn::Not": [
1638
- {
1639
- "Fn::Contains": [
1640
- [
1641
- "1",
1642
- "2",
1643
- "3",
1644
- "4",
1645
- "5"
1646
- ],
1647
- {
1648
- "Ref": "BootstrapVersion"
1649
- }
1650
- ]
1651
- }
1652
- ]
1653
- },
1654
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1655
- }
1656
- ]
1657
- }
1658
- }
1659
- }