@aws-solutions-constructs/aws-alb-lambda 2.51.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +10 -9
  6. package/test/integ.alblam-privateApiExistingResources.js +7 -3
  7. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblam-privateApiExistingResources.assets.json +62 -0
  8. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblam-privateApiExistingResources.template.json +1332 -0
  9. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblamprivateApiExistingResourcesIntegDefaultTestDeployAssertC865AE59.assets.json +19 -0
  10. package/test/integ.alblam-privateApiExistingResources.js.snapshot/alblamprivateApiExistingResourcesIntegDefaultTestDeployAssertC865AE59.template.json +36 -0
  11. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  12. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  13. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  14. package/test/integ.alblam-privateApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  15. package/test/integ.alblam-privateApiExistingResources.js.snapshot/cdk.out +1 -0
  16. package/test/integ.alblam-privateApiExistingResources.js.snapshot/integ.json +12 -0
  17. package/test/integ.alblam-privateApiExistingResources.js.snapshot/manifest.json +371 -0
  18. package/test/integ.alblam-privateApiExistingResources.js.snapshot/tree.json +1708 -0
  19. package/test/integ.alblam-privateApiNewResources.js +7 -3
  20. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblam-privateApiNewResources.assets.json +62 -0
  21. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblam-privateApiNewResources.template.json +1048 -0
  22. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblamprivateApiNewResourcesIntegDefaultTestDeployAssertB0CCE59F.assets.json +19 -0
  23. package/test/integ.alblam-privateApiNewResources.js.snapshot/alblamprivateApiNewResourcesIntegDefaultTestDeployAssertB0CCE59F.template.json +36 -0
  24. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  25. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  26. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  27. package/test/integ.alblam-privateApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  28. package/test/integ.alblam-privateApiNewResources.js.snapshot/cdk.out +1 -0
  29. package/test/integ.alblam-privateApiNewResources.js.snapshot/integ.json +12 -0
  30. package/test/integ.alblam-privateApiNewResources.js.snapshot/manifest.json +275 -0
  31. package/test/integ.alblam-privateApiNewResources.js.snapshot/tree.json +1294 -0
  32. package/test/integ.alblam-publicApiExistingResources.js +7 -3
  33. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblam-publicApiExistingResources.assets.json +62 -0
  34. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblam-publicApiExistingResources.template.json +1332 -0
  35. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblampublicApiExistingResourcesIntegDefaultTestDeployAssert22C8EEFD.assets.json +19 -0
  36. package/test/integ.alblam-publicApiExistingResources.js.snapshot/alblampublicApiExistingResourcesIntegDefaultTestDeployAssert22C8EEFD.template.json +36 -0
  37. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  38. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  39. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  40. package/test/integ.alblam-publicApiExistingResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  41. package/test/integ.alblam-publicApiExistingResources.js.snapshot/cdk.out +1 -0
  42. package/test/integ.alblam-publicApiExistingResources.js.snapshot/integ.json +12 -0
  43. package/test/integ.alblam-publicApiExistingResources.js.snapshot/manifest.json +371 -0
  44. package/test/integ.alblam-publicApiExistingResources.js.snapshot/tree.json +1708 -0
  45. package/test/integ.alblam-publicApiNewResources.js +7 -3
  46. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblam-publicApiNewResources.assets.json +62 -0
  47. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblam-publicApiNewResources.template.json +1338 -0
  48. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblampublicApiNewResourcesIntegDefaultTestDeployAssert43CC63D2.assets.json +19 -0
  49. package/test/integ.alblam-publicApiNewResources.js.snapshot/alblampublicApiNewResourcesIntegDefaultTestDeployAssert43CC63D2.template.json +36 -0
  50. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  51. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  52. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  53. package/test/integ.alblam-publicApiNewResources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  54. package/test/integ.alblam-publicApiNewResources.js.snapshot/cdk.out +1 -0
  55. package/test/integ.alblam-publicApiNewResources.js.snapshot/integ.json +12 -0
  56. package/test/integ.alblam-publicApiNewResources.js.snapshot/manifest.json +371 -0
  57. package/test/integ.alblam-publicApiNewResources.js.snapshot/tree.json +1706 -0
  58. package/test/integ.alblam-twoTargets.js +7 -3
  59. package/test/integ.alblam-twoTargets.js.snapshot/alblam-twoTargets.assets.json +62 -0
  60. package/test/integ.alblam-twoTargets.js.snapshot/alblam-twoTargets.template.json +1598 -0
  61. package/test/integ.alblam-twoTargets.js.snapshot/alblamtwoTargetsIntegDefaultTestDeployAssert4F811416.assets.json +19 -0
  62. package/test/integ.alblam-twoTargets.js.snapshot/alblamtwoTargetsIntegDefaultTestDeployAssert4F811416.template.json +36 -0
  63. package/test/integ.alblam-twoTargets.js.snapshot/asset.7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79/index.js +8 -0
  64. package/test/integ.alblam-twoTargets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  65. package/test/integ.alblam-twoTargets.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  66. package/test/integ.alblam-twoTargets.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  67. package/test/integ.alblam-twoTargets.js.snapshot/cdk.out +1 -0
  68. package/test/integ.alblam-twoTargets.js.snapshot/integ.json +12 -0
  69. package/test/integ.alblam-twoTargets.js.snapshot/manifest.json +413 -0
  70. package/test/integ.alblam-twoTargets.js.snapshot/tree.json +2067 -0
  71. package/test/integ.alblam-privateApiExistingResources.expected.json +0 -1378
  72. package/test/integ.alblam-privateApiNewResources.expected.json +0 -983
  73. package/test/integ.alblam-publicApiExistingResources.expected.json +0 -1378
  74. package/test/integ.alblam-publicApiNewResources.expected.json +0 -1386
  75. package/test/integ.alblam-twoTargets.expected.json +0 -1659
@@ -0,0 +1,1048 @@
1
+ {
2
+ "Description": "Integration Test for HTTP API with a new function and ALB",
3
+ "Resources": {
4
+ "testonetestonealb4F263E42": {
5
+ "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
6
+ "Properties": {
7
+ "LoadBalancerAttributes": [
8
+ {
9
+ "Key": "deletion_protection.enabled",
10
+ "Value": "false"
11
+ },
12
+ {
13
+ "Key": "access_logs.s3.enabled",
14
+ "Value": "true"
15
+ },
16
+ {
17
+ "Key": "access_logs.s3.bucket",
18
+ "Value": {
19
+ "Ref": "testoneE6ACFBB6"
20
+ }
21
+ },
22
+ {
23
+ "Key": "access_logs.s3.prefix",
24
+ "Value": ""
25
+ }
26
+ ],
27
+ "Scheme": "internal",
28
+ "SecurityGroups": [
29
+ {
30
+ "Fn::GetAtt": [
31
+ "testonetestonealbSecurityGroup4DED9E2A",
32
+ "GroupId"
33
+ ]
34
+ }
35
+ ],
36
+ "Subnets": [
37
+ {
38
+ "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
39
+ },
40
+ {
41
+ "Ref": "VpcisolatedSubnet2Subnet39217055"
42
+ }
43
+ ],
44
+ "Type": "application"
45
+ },
46
+ "DependsOn": [
47
+ "testonePolicyE30853FE"
48
+ ]
49
+ },
50
+ "testonetestonealbSecurityGroup4DED9E2A": {
51
+ "Type": "AWS::EC2::SecurityGroup",
52
+ "Properties": {
53
+ "GroupDescription": "Automatically created Security Group for ELB alblamprivateApiNewResourcestestonetestonealb8D3CF023",
54
+ "SecurityGroupEgress": [
55
+ {
56
+ "CidrIp": "255.255.255.255/32",
57
+ "Description": "Disallow all traffic",
58
+ "FromPort": 252,
59
+ "IpProtocol": "icmp",
60
+ "ToPort": 86
61
+ }
62
+ ],
63
+ "SecurityGroupIngress": [
64
+ {
65
+ "CidrIp": "0.0.0.0/0",
66
+ "Description": "Allow from anyone on port 80",
67
+ "FromPort": 80,
68
+ "IpProtocol": "tcp",
69
+ "ToPort": 80
70
+ }
71
+ ],
72
+ "VpcId": {
73
+ "Ref": "Vpc8378EB38"
74
+ }
75
+ },
76
+ "Metadata": {
77
+ "cfn_nag": {
78
+ "rules_to_suppress": [
79
+ {
80
+ "id": "W29",
81
+ "reason": "CDK created rule that blocks all traffic."
82
+ },
83
+ {
84
+ "id": "W2",
85
+ "reason": "Rule does not apply for ELB."
86
+ },
87
+ {
88
+ "id": "W9",
89
+ "reason": "Rule does not apply for ELB."
90
+ }
91
+ ]
92
+ }
93
+ }
94
+ },
95
+ "testoneE6ACFBB6": {
96
+ "Type": "AWS::S3::Bucket",
97
+ "Properties": {
98
+ "BucketEncryption": {
99
+ "ServerSideEncryptionConfiguration": [
100
+ {
101
+ "ServerSideEncryptionByDefault": {
102
+ "SSEAlgorithm": "AES256"
103
+ }
104
+ }
105
+ ]
106
+ },
107
+ "PublicAccessBlockConfiguration": {
108
+ "BlockPublicAcls": true,
109
+ "BlockPublicPolicy": true,
110
+ "IgnorePublicAcls": true,
111
+ "RestrictPublicBuckets": true
112
+ },
113
+ "Tags": [
114
+ {
115
+ "Key": "aws-cdk:auto-delete-objects",
116
+ "Value": "true"
117
+ }
118
+ ],
119
+ "VersioningConfiguration": {
120
+ "Status": "Enabled"
121
+ }
122
+ },
123
+ "UpdateReplacePolicy": "Delete",
124
+ "DeletionPolicy": "Delete",
125
+ "Metadata": {
126
+ "cfn_nag": {
127
+ "rules_to_suppress": [
128
+ {
129
+ "id": "W35",
130
+ "reason": "This is a log bucket for an Application Load Balancer"
131
+ }
132
+ ]
133
+ }
134
+ }
135
+ },
136
+ "testonePolicyE30853FE": {
137
+ "Type": "AWS::S3::BucketPolicy",
138
+ "Properties": {
139
+ "Bucket": {
140
+ "Ref": "testoneE6ACFBB6"
141
+ },
142
+ "PolicyDocument": {
143
+ "Statement": [
144
+ {
145
+ "Action": "s3:*",
146
+ "Condition": {
147
+ "Bool": {
148
+ "aws:SecureTransport": "false"
149
+ }
150
+ },
151
+ "Effect": "Deny",
152
+ "Principal": {
153
+ "AWS": "*"
154
+ },
155
+ "Resource": [
156
+ {
157
+ "Fn::GetAtt": [
158
+ "testoneE6ACFBB6",
159
+ "Arn"
160
+ ]
161
+ },
162
+ {
163
+ "Fn::Join": [
164
+ "",
165
+ [
166
+ {
167
+ "Fn::GetAtt": [
168
+ "testoneE6ACFBB6",
169
+ "Arn"
170
+ ]
171
+ },
172
+ "/*"
173
+ ]
174
+ ]
175
+ }
176
+ ]
177
+ },
178
+ {
179
+ "Action": [
180
+ "s3:DeleteObject*",
181
+ "s3:GetBucket*",
182
+ "s3:List*",
183
+ "s3:PutBucketPolicy"
184
+ ],
185
+ "Effect": "Allow",
186
+ "Principal": {
187
+ "AWS": {
188
+ "Fn::GetAtt": [
189
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
190
+ "Arn"
191
+ ]
192
+ }
193
+ },
194
+ "Resource": [
195
+ {
196
+ "Fn::GetAtt": [
197
+ "testoneE6ACFBB6",
198
+ "Arn"
199
+ ]
200
+ },
201
+ {
202
+ "Fn::Join": [
203
+ "",
204
+ [
205
+ {
206
+ "Fn::GetAtt": [
207
+ "testoneE6ACFBB6",
208
+ "Arn"
209
+ ]
210
+ },
211
+ "/*"
212
+ ]
213
+ ]
214
+ }
215
+ ]
216
+ },
217
+ {
218
+ "Action": "s3:PutObject",
219
+ "Effect": "Allow",
220
+ "Principal": {
221
+ "AWS": "arn:aws:iam::127311923021:root"
222
+ },
223
+ "Resource": {
224
+ "Fn::Join": [
225
+ "",
226
+ [
227
+ {
228
+ "Fn::GetAtt": [
229
+ "testoneE6ACFBB6",
230
+ "Arn"
231
+ ]
232
+ },
233
+ "/AWSLogs/",
234
+ {
235
+ "Ref": "AWS::AccountId"
236
+ },
237
+ "/*"
238
+ ]
239
+ ]
240
+ }
241
+ },
242
+ {
243
+ "Action": "s3:PutObject",
244
+ "Condition": {
245
+ "StringEquals": {
246
+ "s3:x-amz-acl": "bucket-owner-full-control"
247
+ }
248
+ },
249
+ "Effect": "Allow",
250
+ "Principal": {
251
+ "Service": "delivery.logs.amazonaws.com"
252
+ },
253
+ "Resource": {
254
+ "Fn::Join": [
255
+ "",
256
+ [
257
+ {
258
+ "Fn::GetAtt": [
259
+ "testoneE6ACFBB6",
260
+ "Arn"
261
+ ]
262
+ },
263
+ "/AWSLogs/",
264
+ {
265
+ "Ref": "AWS::AccountId"
266
+ },
267
+ "/*"
268
+ ]
269
+ ]
270
+ }
271
+ },
272
+ {
273
+ "Action": "s3:GetBucketAcl",
274
+ "Effect": "Allow",
275
+ "Principal": {
276
+ "Service": "delivery.logs.amazonaws.com"
277
+ },
278
+ "Resource": {
279
+ "Fn::GetAtt": [
280
+ "testoneE6ACFBB6",
281
+ "Arn"
282
+ ]
283
+ }
284
+ }
285
+ ],
286
+ "Version": "2012-10-17"
287
+ }
288
+ }
289
+ },
290
+ "testoneAutoDeleteObjectsCustomResourceEDE3D2FC": {
291
+ "Type": "Custom::S3AutoDeleteObjects",
292
+ "Properties": {
293
+ "ServiceToken": {
294
+ "Fn::GetAtt": [
295
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
296
+ "Arn"
297
+ ]
298
+ },
299
+ "BucketName": {
300
+ "Ref": "testoneE6ACFBB6"
301
+ }
302
+ },
303
+ "DependsOn": [
304
+ "testonePolicyE30853FE"
305
+ ],
306
+ "UpdateReplacePolicy": "Delete",
307
+ "DeletionPolicy": "Delete"
308
+ },
309
+ "testoneLambdaFunctionServiceRoleE92573D3": {
310
+ "Type": "AWS::IAM::Role",
311
+ "Properties": {
312
+ "AssumeRolePolicyDocument": {
313
+ "Statement": [
314
+ {
315
+ "Action": "sts:AssumeRole",
316
+ "Effect": "Allow",
317
+ "Principal": {
318
+ "Service": "lambda.amazonaws.com"
319
+ }
320
+ }
321
+ ],
322
+ "Version": "2012-10-17"
323
+ },
324
+ "Policies": [
325
+ {
326
+ "PolicyDocument": {
327
+ "Statement": [
328
+ {
329
+ "Action": [
330
+ "logs:CreateLogGroup",
331
+ "logs:CreateLogStream",
332
+ "logs:PutLogEvents"
333
+ ],
334
+ "Effect": "Allow",
335
+ "Resource": {
336
+ "Fn::Join": [
337
+ "",
338
+ [
339
+ "arn:",
340
+ {
341
+ "Ref": "AWS::Partition"
342
+ },
343
+ ":logs:",
344
+ {
345
+ "Ref": "AWS::Region"
346
+ },
347
+ ":",
348
+ {
349
+ "Ref": "AWS::AccountId"
350
+ },
351
+ ":log-group:/aws/lambda/*"
352
+ ]
353
+ ]
354
+ }
355
+ }
356
+ ],
357
+ "Version": "2012-10-17"
358
+ },
359
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
360
+ }
361
+ ]
362
+ }
363
+ },
364
+ "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173": {
365
+ "Type": "AWS::IAM::Policy",
366
+ "Properties": {
367
+ "PolicyDocument": {
368
+ "Statement": [
369
+ {
370
+ "Action": [
371
+ "ec2:AssignPrivateIpAddresses",
372
+ "ec2:CreateNetworkInterface",
373
+ "ec2:DeleteNetworkInterface",
374
+ "ec2:DescribeNetworkInterfaces",
375
+ "ec2:UnassignPrivateIpAddresses",
376
+ "xray:PutTelemetryRecords",
377
+ "xray:PutTraceSegments"
378
+ ],
379
+ "Effect": "Allow",
380
+ "Resource": "*"
381
+ }
382
+ ],
383
+ "Version": "2012-10-17"
384
+ },
385
+ "PolicyName": "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173",
386
+ "Roles": [
387
+ {
388
+ "Ref": "testoneLambdaFunctionServiceRoleE92573D3"
389
+ }
390
+ ]
391
+ },
392
+ "Metadata": {
393
+ "cfn_nag": {
394
+ "rules_to_suppress": [
395
+ {
396
+ "id": "W12",
397
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
398
+ }
399
+ ]
400
+ }
401
+ }
402
+ },
403
+ "testoneReplaceDefaultSecurityGroupsecuritygroupE46270FE": {
404
+ "Type": "AWS::EC2::SecurityGroup",
405
+ "Properties": {
406
+ "GroupDescription": "alblam-privateApiNewResources/test-one/ReplaceDefaultSecurityGroup-security-group",
407
+ "SecurityGroupEgress": [
408
+ {
409
+ "CidrIp": "0.0.0.0/0",
410
+ "Description": "Allow all outbound traffic by default",
411
+ "IpProtocol": "-1"
412
+ }
413
+ ],
414
+ "VpcId": {
415
+ "Ref": "Vpc8378EB38"
416
+ }
417
+ },
418
+ "Metadata": {
419
+ "cfn_nag": {
420
+ "rules_to_suppress": [
421
+ {
422
+ "id": "W5",
423
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
424
+ },
425
+ {
426
+ "id": "W40",
427
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
428
+ }
429
+ ]
430
+ }
431
+ }
432
+ },
433
+ "testoneLambdaFunctionCC9B03E1": {
434
+ "Type": "AWS::Lambda::Function",
435
+ "Properties": {
436
+ "Code": {
437
+ "S3Bucket": {
438
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
439
+ },
440
+ "S3Key": "7caf594b8ad91abecca72f7f10a23a5cf446d05dc00d6194619935e7e3fd5a79.zip"
441
+ },
442
+ "Environment": {
443
+ "Variables": {
444
+ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
445
+ }
446
+ },
447
+ "Handler": "index.handler",
448
+ "Role": {
449
+ "Fn::GetAtt": [
450
+ "testoneLambdaFunctionServiceRoleE92573D3",
451
+ "Arn"
452
+ ]
453
+ },
454
+ "Runtime": "nodejs16.x",
455
+ "TracingConfig": {
456
+ "Mode": "Active"
457
+ },
458
+ "VpcConfig": {
459
+ "SecurityGroupIds": [
460
+ {
461
+ "Fn::GetAtt": [
462
+ "testoneReplaceDefaultSecurityGroupsecuritygroupE46270FE",
463
+ "GroupId"
464
+ ]
465
+ }
466
+ ],
467
+ "SubnetIds": [
468
+ {
469
+ "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
470
+ },
471
+ {
472
+ "Ref": "VpcisolatedSubnet2Subnet39217055"
473
+ }
474
+ ]
475
+ }
476
+ },
477
+ "DependsOn": [
478
+ "testoneLambdaFunctionServiceRoleDefaultPolicy6025A173",
479
+ "testoneLambdaFunctionServiceRoleE92573D3",
480
+ "VpcisolatedSubnet1RouteTableAssociationD259E31A",
481
+ "VpcisolatedSubnet2RouteTableAssociation25A4716F"
482
+ ],
483
+ "Metadata": {
484
+ "cfn_nag": {
485
+ "rules_to_suppress": [
486
+ {
487
+ "id": "W58",
488
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
489
+ },
490
+ {
491
+ "id": "W89",
492
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
493
+ },
494
+ {
495
+ "id": "W92",
496
+ "reason": "Impossible for us to define the correct concurrency for clients"
497
+ }
498
+ ]
499
+ }
500
+ }
501
+ },
502
+ "testoneLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY508A8518": {
503
+ "Type": "AWS::Lambda::Permission",
504
+ "Properties": {
505
+ "Action": "lambda:InvokeFunction",
506
+ "FunctionName": {
507
+ "Fn::GetAtt": [
508
+ "testoneLambdaFunctionCC9B03E1",
509
+ "Arn"
510
+ ]
511
+ },
512
+ "Principal": "elasticloadbalancing.amazonaws.com"
513
+ },
514
+ "DependsOn": [
515
+ "VpcisolatedSubnet1RouteTableAssociationD259E31A",
516
+ "VpcisolatedSubnet2RouteTableAssociation25A4716F"
517
+ ]
518
+ },
519
+ "testonetestonelistener51CF582F": {
520
+ "Type": "AWS::ElasticLoadBalancingV2::Listener",
521
+ "Properties": {
522
+ "DefaultActions": [
523
+ {
524
+ "TargetGroupArn": {
525
+ "Ref": "testonetg2tg6459EC7C"
526
+ },
527
+ "Type": "forward"
528
+ }
529
+ ],
530
+ "LoadBalancerArn": {
531
+ "Ref": "testonetestonealb4F263E42"
532
+ },
533
+ "Port": 80,
534
+ "Protocol": "HTTP"
535
+ },
536
+ "DependsOn": [
537
+ "testonetg2tg6459EC7C"
538
+ ],
539
+ "Metadata": {
540
+ "cfn_nag": {
541
+ "rules_to_suppress": [
542
+ {
543
+ "id": "W56",
544
+ "reason": "All integration tests must be HTTP because of certificate limitations."
545
+ }
546
+ ]
547
+ }
548
+ }
549
+ },
550
+ "testonetg2tg6459EC7C": {
551
+ "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
552
+ "Properties": {
553
+ "TargetType": "lambda",
554
+ "Targets": [
555
+ {
556
+ "Id": {
557
+ "Fn::GetAtt": [
558
+ "testoneLambdaFunctionCC9B03E1",
559
+ "Arn"
560
+ ]
561
+ }
562
+ }
563
+ ]
564
+ },
565
+ "DependsOn": [
566
+ "testoneLambdaFunctionInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HY508A8518"
567
+ ]
568
+ },
569
+ "Vpc8378EB38": {
570
+ "Type": "AWS::EC2::VPC",
571
+ "Properties": {
572
+ "CidrBlock": "10.0.0.0/16",
573
+ "EnableDnsHostnames": true,
574
+ "EnableDnsSupport": true,
575
+ "InstanceTenancy": "default",
576
+ "Tags": [
577
+ {
578
+ "Key": "Name",
579
+ "Value": "alblam-privateApiNewResources/Vpc"
580
+ }
581
+ ]
582
+ }
583
+ },
584
+ "VpcisolatedSubnet1SubnetE62B1B9B": {
585
+ "Type": "AWS::EC2::Subnet",
586
+ "Properties": {
587
+ "AvailabilityZone": {
588
+ "Fn::Select": [
589
+ 0,
590
+ {
591
+ "Fn::GetAZs": ""
592
+ }
593
+ ]
594
+ },
595
+ "CidrBlock": "10.0.0.0/18",
596
+ "MapPublicIpOnLaunch": false,
597
+ "Tags": [
598
+ {
599
+ "Key": "aws-cdk:subnet-name",
600
+ "Value": "isolated"
601
+ },
602
+ {
603
+ "Key": "aws-cdk:subnet-type",
604
+ "Value": "Isolated"
605
+ },
606
+ {
607
+ "Key": "Name",
608
+ "Value": "alblam-privateApiNewResources/Vpc/isolatedSubnet1"
609
+ }
610
+ ],
611
+ "VpcId": {
612
+ "Ref": "Vpc8378EB38"
613
+ }
614
+ }
615
+ },
616
+ "VpcisolatedSubnet1RouteTableE442650B": {
617
+ "Type": "AWS::EC2::RouteTable",
618
+ "Properties": {
619
+ "Tags": [
620
+ {
621
+ "Key": "Name",
622
+ "Value": "alblam-privateApiNewResources/Vpc/isolatedSubnet1"
623
+ }
624
+ ],
625
+ "VpcId": {
626
+ "Ref": "Vpc8378EB38"
627
+ }
628
+ }
629
+ },
630
+ "VpcisolatedSubnet1RouteTableAssociationD259E31A": {
631
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
632
+ "Properties": {
633
+ "RouteTableId": {
634
+ "Ref": "VpcisolatedSubnet1RouteTableE442650B"
635
+ },
636
+ "SubnetId": {
637
+ "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
638
+ }
639
+ }
640
+ },
641
+ "VpcisolatedSubnet2Subnet39217055": {
642
+ "Type": "AWS::EC2::Subnet",
643
+ "Properties": {
644
+ "AvailabilityZone": {
645
+ "Fn::Select": [
646
+ 1,
647
+ {
648
+ "Fn::GetAZs": ""
649
+ }
650
+ ]
651
+ },
652
+ "CidrBlock": "10.0.64.0/18",
653
+ "MapPublicIpOnLaunch": false,
654
+ "Tags": [
655
+ {
656
+ "Key": "aws-cdk:subnet-name",
657
+ "Value": "isolated"
658
+ },
659
+ {
660
+ "Key": "aws-cdk:subnet-type",
661
+ "Value": "Isolated"
662
+ },
663
+ {
664
+ "Key": "Name",
665
+ "Value": "alblam-privateApiNewResources/Vpc/isolatedSubnet2"
666
+ }
667
+ ],
668
+ "VpcId": {
669
+ "Ref": "Vpc8378EB38"
670
+ }
671
+ }
672
+ },
673
+ "VpcisolatedSubnet2RouteTable334F9764": {
674
+ "Type": "AWS::EC2::RouteTable",
675
+ "Properties": {
676
+ "Tags": [
677
+ {
678
+ "Key": "Name",
679
+ "Value": "alblam-privateApiNewResources/Vpc/isolatedSubnet2"
680
+ }
681
+ ],
682
+ "VpcId": {
683
+ "Ref": "Vpc8378EB38"
684
+ }
685
+ }
686
+ },
687
+ "VpcisolatedSubnet2RouteTableAssociation25A4716F": {
688
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
689
+ "Properties": {
690
+ "RouteTableId": {
691
+ "Ref": "VpcisolatedSubnet2RouteTable334F9764"
692
+ },
693
+ "SubnetId": {
694
+ "Ref": "VpcisolatedSubnet2Subnet39217055"
695
+ }
696
+ }
697
+ },
698
+ "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": {
699
+ "Type": "Custom::VpcRestrictDefaultSG",
700
+ "Properties": {
701
+ "ServiceToken": {
702
+ "Fn::GetAtt": [
703
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
704
+ "Arn"
705
+ ]
706
+ },
707
+ "DefaultSecurityGroupId": {
708
+ "Fn::GetAtt": [
709
+ "Vpc8378EB38",
710
+ "DefaultSecurityGroup"
711
+ ]
712
+ },
713
+ "Account": {
714
+ "Ref": "AWS::AccountId"
715
+ }
716
+ },
717
+ "UpdateReplacePolicy": "Delete",
718
+ "DeletionPolicy": "Delete"
719
+ },
720
+ "VpcFlowLogIAMRole6A475D41": {
721
+ "Type": "AWS::IAM::Role",
722
+ "Properties": {
723
+ "AssumeRolePolicyDocument": {
724
+ "Statement": [
725
+ {
726
+ "Action": "sts:AssumeRole",
727
+ "Effect": "Allow",
728
+ "Principal": {
729
+ "Service": "vpc-flow-logs.amazonaws.com"
730
+ }
731
+ }
732
+ ],
733
+ "Version": "2012-10-17"
734
+ },
735
+ "Tags": [
736
+ {
737
+ "Key": "Name",
738
+ "Value": "alblam-privateApiNewResources/Vpc/FlowLog"
739
+ }
740
+ ]
741
+ }
742
+ },
743
+ "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
744
+ "Type": "AWS::IAM::Policy",
745
+ "Properties": {
746
+ "PolicyDocument": {
747
+ "Statement": [
748
+ {
749
+ "Action": [
750
+ "logs:CreateLogStream",
751
+ "logs:DescribeLogStreams",
752
+ "logs:PutLogEvents"
753
+ ],
754
+ "Effect": "Allow",
755
+ "Resource": {
756
+ "Fn::GetAtt": [
757
+ "VpcFlowLogLogGroup7B5C56B9",
758
+ "Arn"
759
+ ]
760
+ }
761
+ },
762
+ {
763
+ "Action": "iam:PassRole",
764
+ "Effect": "Allow",
765
+ "Resource": {
766
+ "Fn::GetAtt": [
767
+ "VpcFlowLogIAMRole6A475D41",
768
+ "Arn"
769
+ ]
770
+ }
771
+ }
772
+ ],
773
+ "Version": "2012-10-17"
774
+ },
775
+ "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
776
+ "Roles": [
777
+ {
778
+ "Ref": "VpcFlowLogIAMRole6A475D41"
779
+ }
780
+ ]
781
+ }
782
+ },
783
+ "VpcFlowLogLogGroup7B5C56B9": {
784
+ "Type": "AWS::Logs::LogGroup",
785
+ "Properties": {
786
+ "RetentionInDays": 731,
787
+ "Tags": [
788
+ {
789
+ "Key": "Name",
790
+ "Value": "alblam-privateApiNewResources/Vpc/FlowLog"
791
+ }
792
+ ]
793
+ },
794
+ "UpdateReplacePolicy": "Retain",
795
+ "DeletionPolicy": "Retain",
796
+ "Metadata": {
797
+ "cfn_nag": {
798
+ "rules_to_suppress": [
799
+ {
800
+ "id": "W84",
801
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
802
+ }
803
+ ]
804
+ }
805
+ }
806
+ },
807
+ "VpcFlowLog8FF33A73": {
808
+ "Type": "AWS::EC2::FlowLog",
809
+ "Properties": {
810
+ "DeliverLogsPermissionArn": {
811
+ "Fn::GetAtt": [
812
+ "VpcFlowLogIAMRole6A475D41",
813
+ "Arn"
814
+ ]
815
+ },
816
+ "LogDestinationType": "cloud-watch-logs",
817
+ "LogGroupName": {
818
+ "Ref": "VpcFlowLogLogGroup7B5C56B9"
819
+ },
820
+ "ResourceId": {
821
+ "Ref": "Vpc8378EB38"
822
+ },
823
+ "ResourceType": "VPC",
824
+ "Tags": [
825
+ {
826
+ "Key": "Name",
827
+ "Value": "alblam-privateApiNewResources/Vpc/FlowLog"
828
+ }
829
+ ],
830
+ "TrafficType": "ALL"
831
+ }
832
+ },
833
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
834
+ "Type": "AWS::IAM::Role",
835
+ "Properties": {
836
+ "AssumeRolePolicyDocument": {
837
+ "Version": "2012-10-17",
838
+ "Statement": [
839
+ {
840
+ "Action": "sts:AssumeRole",
841
+ "Effect": "Allow",
842
+ "Principal": {
843
+ "Service": "lambda.amazonaws.com"
844
+ }
845
+ }
846
+ ]
847
+ },
848
+ "ManagedPolicyArns": [
849
+ {
850
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
851
+ }
852
+ ],
853
+ "Policies": [
854
+ {
855
+ "PolicyName": "Inline",
856
+ "PolicyDocument": {
857
+ "Version": "2012-10-17",
858
+ "Statement": [
859
+ {
860
+ "Effect": "Allow",
861
+ "Action": [
862
+ "ec2:AuthorizeSecurityGroupIngress",
863
+ "ec2:AuthorizeSecurityGroupEgress",
864
+ "ec2:RevokeSecurityGroupIngress",
865
+ "ec2:RevokeSecurityGroupEgress"
866
+ ],
867
+ "Resource": [
868
+ {
869
+ "Fn::Join": [
870
+ "",
871
+ [
872
+ "arn:aws:ec2:us-east-1:",
873
+ {
874
+ "Ref": "AWS::AccountId"
875
+ },
876
+ ":security-group/",
877
+ {
878
+ "Fn::GetAtt": [
879
+ "Vpc8378EB38",
880
+ "DefaultSecurityGroup"
881
+ ]
882
+ }
883
+ ]
884
+ ]
885
+ }
886
+ ]
887
+ }
888
+ ]
889
+ }
890
+ }
891
+ ]
892
+ }
893
+ },
894
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
895
+ "Type": "AWS::Lambda::Function",
896
+ "Properties": {
897
+ "Code": {
898
+ "S3Bucket": {
899
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
900
+ },
901
+ "S3Key": "dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e.zip"
902
+ },
903
+ "Timeout": 900,
904
+ "MemorySize": 128,
905
+ "Handler": "__entrypoint__.handler",
906
+ "Role": {
907
+ "Fn::GetAtt": [
908
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
909
+ "Arn"
910
+ ]
911
+ },
912
+ "Runtime": "nodejs18.x",
913
+ "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
914
+ },
915
+ "DependsOn": [
916
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
917
+ ],
918
+ "Metadata": {
919
+ "cfn_nag": {
920
+ "rules_to_suppress": [
921
+ {
922
+ "id": "W58",
923
+ "reason": "CDK generated custom resource"
924
+ },
925
+ {
926
+ "id": "W89",
927
+ "reason": "CDK generated custom resource"
928
+ },
929
+ {
930
+ "id": "W92",
931
+ "reason": "CDK generated custom resource"
932
+ }
933
+ ]
934
+ }
935
+ }
936
+ },
937
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
938
+ "Type": "AWS::IAM::Role",
939
+ "Properties": {
940
+ "AssumeRolePolicyDocument": {
941
+ "Version": "2012-10-17",
942
+ "Statement": [
943
+ {
944
+ "Action": "sts:AssumeRole",
945
+ "Effect": "Allow",
946
+ "Principal": {
947
+ "Service": "lambda.amazonaws.com"
948
+ }
949
+ }
950
+ ]
951
+ },
952
+ "ManagedPolicyArns": [
953
+ {
954
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
955
+ }
956
+ ]
957
+ }
958
+ },
959
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
960
+ "Type": "AWS::Lambda::Function",
961
+ "Properties": {
962
+ "Code": {
963
+ "S3Bucket": {
964
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
965
+ },
966
+ "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
967
+ },
968
+ "Timeout": 900,
969
+ "MemorySize": 128,
970
+ "Handler": "index.handler",
971
+ "Role": {
972
+ "Fn::GetAtt": [
973
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
974
+ "Arn"
975
+ ]
976
+ },
977
+ "Runtime": "nodejs18.x",
978
+ "Description": {
979
+ "Fn::Join": [
980
+ "",
981
+ [
982
+ "Lambda function for auto-deleting objects in ",
983
+ {
984
+ "Ref": "testoneE6ACFBB6"
985
+ },
986
+ " S3 bucket."
987
+ ]
988
+ ]
989
+ }
990
+ },
991
+ "DependsOn": [
992
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
993
+ ],
994
+ "Metadata": {
995
+ "cfn_nag": {
996
+ "rules_to_suppress": [
997
+ {
998
+ "id": "W58",
999
+ "reason": "CDK generated custom resource"
1000
+ },
1001
+ {
1002
+ "id": "W89",
1003
+ "reason": "CDK generated custom resource"
1004
+ },
1005
+ {
1006
+ "id": "W92",
1007
+ "reason": "CDK generated custom resource"
1008
+ }
1009
+ ]
1010
+ }
1011
+ }
1012
+ }
1013
+ },
1014
+ "Parameters": {
1015
+ "BootstrapVersion": {
1016
+ "Type": "AWS::SSM::Parameter::Value<String>",
1017
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1018
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1019
+ }
1020
+ },
1021
+ "Rules": {
1022
+ "CheckBootstrapVersion": {
1023
+ "Assertions": [
1024
+ {
1025
+ "Assert": {
1026
+ "Fn::Not": [
1027
+ {
1028
+ "Fn::Contains": [
1029
+ [
1030
+ "1",
1031
+ "2",
1032
+ "3",
1033
+ "4",
1034
+ "5"
1035
+ ],
1036
+ {
1037
+ "Ref": "BootstrapVersion"
1038
+ }
1039
+ ]
1040
+ }
1041
+ ]
1042
+ },
1043
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1044
+ }
1045
+ ]
1046
+ }
1047
+ }
1048
+ }