@aws-solutions-constructs/aws-cloudfront-apigateway-lambda 2.50.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +51 -6
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +14 -13
  6. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js +6 -3
  7. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/asset.42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c/index.js +10 -0
  8. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  9. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cdk.out +1 -0
  10. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplam-customCloudfrontLoggingBucket.assets.json +45 -0
  11. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplam-customCloudfrontLoggingBucket.template.json +1348 -0
  12. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplamcustomCloudfrontLoggingBucketIntegDefaultTestDeployAssert35A683E0.assets.json +19 -0
  13. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplamcustomCloudfrontLoggingBucketIntegDefaultTestDeployAssert35A683E0.template.json +36 -0
  14. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/integ.json +12 -0
  15. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/manifest.json +299 -0
  16. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/tree.json +1775 -0
  17. package/test/integ.cftaplam-no-arguments.js +6 -3
  18. package/test/integ.cftaplam-no-arguments.js.snapshot/asset.42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c/index.js +10 -0
  19. package/test/integ.cftaplam-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  20. package/test/integ.cftaplam-no-arguments.js.snapshot/cdk.out +1 -0
  21. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplam-no-arguments.assets.json +45 -0
  22. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplam-no-arguments.template.json +1348 -0
  23. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplamnoargumentsIntegDefaultTestDeployAssertACC32F59.assets.json +19 -0
  24. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplamnoargumentsIntegDefaultTestDeployAssertACC32F59.template.json +36 -0
  25. package/test/integ.cftaplam-no-arguments.js.snapshot/integ.json +12 -0
  26. package/test/integ.cftaplam-no-arguments.js.snapshot/manifest.json +299 -0
  27. package/test/integ.cftaplam-no-arguments.js.snapshot/tree.json +1775 -0
  28. package/test/integ.cftaplam-override-behavior.js +6 -3
  29. package/test/integ.cftaplam-override-behavior.js.snapshot/asset.42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c/index.js +10 -0
  30. package/test/integ.cftaplam-override-behavior.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  31. package/test/integ.cftaplam-override-behavior.js.snapshot/cdk.out +1 -0
  32. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplam-override-behavior.assets.json +45 -0
  33. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplam-override-behavior.template.json +1407 -0
  34. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplamoverridebehaviorIntegDefaultTestDeployAssert3DC30427.assets.json +19 -0
  35. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplamoverridebehaviorIntegDefaultTestDeployAssert3DC30427.template.json +36 -0
  36. package/test/integ.cftaplam-override-behavior.js.snapshot/integ.json +12 -0
  37. package/test/integ.cftaplam-override-behavior.js.snapshot/manifest.json +305 -0
  38. package/test/integ.cftaplam-override-behavior.js.snapshot/tree.json +1859 -0
  39. package/test/integ.cftaplam-customCloudfrontLoggingBucket.expected.json +0 -1347
  40. package/test/integ.cftaplam-no-arguments.expected.json +0 -1347
  41. package/test/integ.cftaplam-override-behavior.expected.json +0 -1406
package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplam-override-behavior.template.json ADDED
@@ -0,0 +1,1407 @@
1
+ {
2
+ "Description": "Integration Test for aws-cloudfront-apigateway-lambda",
3
+ "Resources": {
4
+ "SomeCachePolicy40B9E4D4": {
5
+ "Type": "AWS::CloudFront::CachePolicy",
6
+ "Properties": {
7
+ "CachePolicyConfig": {
8
+ "DefaultTTL": 28800,
9
+ "MaxTTL": 36000,
10
+ "MinTTL": 18000,
11
+ "Name": "SomeCachePolicy",
12
+ "ParametersInCacheKeyAndForwardedToOrigin": {
13
+ "CookiesConfig": {
14
+ "CookieBehavior": "none"
15
+ },
16
+ "EnableAcceptEncodingBrotli": false,
17
+ "EnableAcceptEncodingGzip": false,
18
+ "HeadersConfig": {
19
+ "HeaderBehavior": "none"
20
+ },
21
+ "QueryStringsConfig": {
22
+ "QueryStringBehavior": "none"
23
+ }
24
+ }
25
+ }
26
+ }
27
+ },
28
+ "NoCachePolicy1F71EC46": {
29
+ "Type": "AWS::CloudFront::CachePolicy",
30
+ "Properties": {
31
+ "CachePolicyConfig": {
32
+ "DefaultTTL": 0,
33
+ "MaxTTL": 0,
34
+ "MinTTL": 0,
35
+ "Name": "NoCachePolicy",
36
+ "ParametersInCacheKeyAndForwardedToOrigin": {
37
+ "CookiesConfig": {
38
+ "CookieBehavior": "none"
39
+ },
40
+ "EnableAcceptEncodingBrotli": false,
41
+ "EnableAcceptEncodingGzip": false,
42
+ "HeadersConfig": {
43
+ "HeaderBehavior": "none"
44
+ },
45
+ "QueryStringsConfig": {
46
+ "QueryStringBehavior": "none"
47
+ }
48
+ }
49
+ }
50
+ }
51
+ },
52
+ "cftaplamoverridebehaviorauthorizerAuthFunctionServiceRoleA606974F": {
53
+ "Type": "AWS::IAM::Role",
54
+ "Properties": {
55
+ "AssumeRolePolicyDocument": {
56
+ "Statement": [
57
+ {
58
+ "Action": "sts:AssumeRole",
59
+ "Effect": "Allow",
60
+ "Principal": {
61
+ "Service": "lambda.amazonaws.com"
62
+ }
63
+ }
64
+ ],
65
+ "Version": "2012-10-17"
66
+ },
67
+ "ManagedPolicyArns": [
68
+ {
69
+ "Fn::Join": [
70
+ "",
71
+ [
72
+ "arn:",
73
+ {
74
+ "Ref": "AWS::Partition"
75
+ },
76
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
77
+ ]
78
+ ]
79
+ }
80
+ ]
81
+ }
82
+ },
83
+ "cftaplamoverridebehaviorauthorizerAuthFunction9DD827D6": {
84
+ "Type": "AWS::Lambda::Function",
85
+ "Properties": {
86
+ "Code": {
87
+ "S3Bucket": {
88
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
89
+ },
90
+ "S3Key": "42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c.zip"
91
+ },
92
+ "Handler": ".handler",
93
+ "Role": {
94
+ "Fn::GetAtt": [
95
+ "cftaplamoverridebehaviorauthorizerAuthFunctionServiceRoleA606974F",
96
+ "Arn"
97
+ ]
98
+ },
99
+ "Runtime": "nodejs16.x"
100
+ },
101
+ "DependsOn": [
102
+ "cftaplamoverridebehaviorauthorizerAuthFunctionServiceRoleA606974F"
103
+ ],
104
+ "Metadata": {
105
+ "cfn_nag": {
106
+ "rules_to_suppress": [
107
+ {
108
+ "id": "W58",
109
+ "reason": "Test Resource"
110
+ },
111
+ {
112
+ "id": "W89",
113
+ "reason": "Test Resource"
114
+ },
115
+ {
116
+ "id": "W92",
117
+ "reason": "Test Resource"
118
+ }
119
+ ]
120
+ }
121
+ }
122
+ },
123
+ "cftaplamoverridebehaviorauthorizerAuthFunctioncftaplamoverridebehaviorcftaplamoverridebehaviorauthorizer3042C32CPermissions33B8870B": {
124
+ "Type": "AWS::Lambda::Permission",
125
+ "Properties": {
126
+ "Action": "lambda:InvokeFunction",
127
+ "FunctionName": {
128
+ "Fn::GetAtt": [
129
+ "cftaplamoverridebehaviorauthorizerAuthFunction9DD827D6",
130
+ "Arn"
131
+ ]
132
+ },
133
+ "Principal": "apigateway.amazonaws.com",
134
+ "SourceArn": {
135
+ "Fn::Join": [
136
+ "",
137
+ [
138
+ "arn:",
139
+ {
140
+ "Ref": "AWS::Partition"
141
+ },
142
+ ":execute-api:",
143
+ {
144
+ "Ref": "AWS::Region"
145
+ },
146
+ ":",
147
+ {
148
+ "Ref": "AWS::AccountId"
149
+ },
150
+ ":",
151
+ {
152
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
153
+ },
154
+ "/authorizers/",
155
+ {
156
+ "Ref": "cftaplamoverridebehaviorauthorizer74D77225"
157
+ }
158
+ ]
159
+ ]
160
+ }
161
+ }
162
+ },
163
+ "cftaplamoverridebehaviorauthorizer74D77225": {
164
+ "Type": "AWS::ApiGateway::Authorizer",
165
+ "Properties": {
166
+ "AuthorizerResultTtlInSeconds": 300,
167
+ "AuthorizerUri": {
168
+ "Fn::Join": [
169
+ "",
170
+ [
171
+ "arn:",
172
+ {
173
+ "Fn::Select": [
174
+ 1,
175
+ {
176
+ "Fn::Split": [
177
+ ":",
178
+ {
179
+ "Fn::GetAtt": [
180
+ "cftaplamoverridebehaviorauthorizerAuthFunction9DD827D6",
181
+ "Arn"
182
+ ]
183
+ }
184
+ ]
185
+ }
186
+ ]
187
+ },
188
+ ":apigateway:",
189
+ {
190
+ "Fn::Select": [
191
+ 3,
192
+ {
193
+ "Fn::Split": [
194
+ ":",
195
+ {
196
+ "Fn::GetAtt": [
197
+ "cftaplamoverridebehaviorauthorizerAuthFunction9DD827D6",
198
+ "Arn"
199
+ ]
200
+ }
201
+ ]
202
+ }
203
+ ]
204
+ },
205
+ ":lambda:path/2015-03-31/functions/",
206
+ {
207
+ "Fn::GetAtt": [
208
+ "cftaplamoverridebehaviorauthorizerAuthFunction9DD827D6",
209
+ "Arn"
210
+ ]
211
+ },
212
+ "/invocations"
213
+ ]
214
+ ]
215
+ },
216
+ "IdentitySource": "method.request.header.Authorization",
217
+ "Name": "cftaplamoverridebehaviorcftaplamoverridebehaviorauthorizer3042C32C",
218
+ "RestApiId": {
219
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
220
+ },
221
+ "Type": "REQUEST"
222
+ }
223
+ },
224
+ "cfapilambdaoverrideLambdaFunctionServiceRole4B1A4043": {
225
+ "Type": "AWS::IAM::Role",
226
+ "Properties": {
227
+ "AssumeRolePolicyDocument": {
228
+ "Statement": [
229
+ {
230
+ "Action": "sts:AssumeRole",
231
+ "Effect": "Allow",
232
+ "Principal": {
233
+ "Service": "lambda.amazonaws.com"
234
+ }
235
+ }
236
+ ],
237
+ "Version": "2012-10-17"
238
+ },
239
+ "Policies": [
240
+ {
241
+ "PolicyDocument": {
242
+ "Statement": [
243
+ {
244
+ "Action": [
245
+ "logs:CreateLogGroup",
246
+ "logs:CreateLogStream",
247
+ "logs:PutLogEvents"
248
+ ],
249
+ "Effect": "Allow",
250
+ "Resource": {
251
+ "Fn::Join": [
252
+ "",
253
+ [
254
+ "arn:",
255
+ {
256
+ "Ref": "AWS::Partition"
257
+ },
258
+ ":logs:",
259
+ {
260
+ "Ref": "AWS::Region"
261
+ },
262
+ ":",
263
+ {
264
+ "Ref": "AWS::AccountId"
265
+ },
266
+ ":log-group:/aws/lambda/*"
267
+ ]
268
+ ]
269
+ }
270
+ }
271
+ ],
272
+ "Version": "2012-10-17"
273
+ },
274
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
275
+ }
276
+ ]
277
+ }
278
+ },
279
+ "cfapilambdaoverrideLambdaFunctionServiceRoleDefaultPolicy1A3D9202": {
280
+ "Type": "AWS::IAM::Policy",
281
+ "Properties": {
282
+ "PolicyDocument": {
283
+ "Statement": [
284
+ {
285
+ "Action": [
286
+ "xray:PutTelemetryRecords",
287
+ "xray:PutTraceSegments"
288
+ ],
289
+ "Effect": "Allow",
290
+ "Resource": "*"
291
+ }
292
+ ],
293
+ "Version": "2012-10-17"
294
+ },
295
+ "PolicyName": "cfapilambdaoverrideLambdaFunctionServiceRoleDefaultPolicy1A3D9202",
296
+ "Roles": [
297
+ {
298
+ "Ref": "cfapilambdaoverrideLambdaFunctionServiceRole4B1A4043"
299
+ }
300
+ ]
301
+ },
302
+ "Metadata": {
303
+ "cfn_nag": {
304
+ "rules_to_suppress": [
305
+ {
306
+ "id": "W12",
307
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
308
+ }
309
+ ]
310
+ }
311
+ }
312
+ },
313
+ "cfapilambdaoverrideLambdaFunction74CE466F": {
314
+ "Type": "AWS::Lambda::Function",
315
+ "Properties": {
316
+ "Code": {
317
+ "S3Bucket": {
318
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
319
+ },
320
+ "S3Key": "42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c.zip"
321
+ },
322
+ "Environment": {
323
+ "Variables": {
324
+ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
325
+ }
326
+ },
327
+ "Handler": "index.handler",
328
+ "Role": {
329
+ "Fn::GetAtt": [
330
+ "cfapilambdaoverrideLambdaFunctionServiceRole4B1A4043",
331
+ "Arn"
332
+ ]
333
+ },
334
+ "Runtime": "nodejs16.x",
335
+ "TracingConfig": {
336
+ "Mode": "Active"
337
+ }
338
+ },
339
+ "DependsOn": [
340
+ "cfapilambdaoverrideLambdaFunctionServiceRoleDefaultPolicy1A3D9202",
341
+ "cfapilambdaoverrideLambdaFunctionServiceRole4B1A4043"
342
+ ],
343
+ "Metadata": {
344
+ "cfn_nag": {
345
+ "rules_to_suppress": [
346
+ {
347
+ "id": "W58",
348
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
349
+ },
350
+ {
351
+ "id": "W89",
352
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
353
+ },
354
+ {
355
+ "id": "W92",
356
+ "reason": "Impossible for us to define the correct concurrency for clients"
357
+ }
358
+ ]
359
+ }
360
+ }
361
+ },
362
+ "cfapilambdaoverrideApiAccessLogGroup2665068D": {
363
+ "Type": "AWS::Logs::LogGroup",
364
+ "UpdateReplacePolicy": "Retain",
365
+ "DeletionPolicy": "Retain",
366
+ "Metadata": {
367
+ "cfn_nag": {
368
+ "rules_to_suppress": [
369
+ {
370
+ "id": "W86",
371
+ "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely"
372
+ },
373
+ {
374
+ "id": "W84",
375
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
376
+ }
377
+ ]
378
+ }
379
+ }
380
+ },
381
+ "cfapilambdaoverrideLambdaRestApi6E7952FC": {
382
+ "Type": "AWS::ApiGateway::RestApi",
383
+ "Properties": {
384
+ "EndpointConfiguration": {
385
+ "Types": [
386
+ "REGIONAL"
387
+ ]
388
+ },
389
+ "Name": "LambdaRestApi"
390
+ }
391
+ },
392
+ "cfapilambdaoverrideLambdaRestApiDeployment82ACBB00eff3607850f915efb43bbead11999a10": {
393
+ "Type": "AWS::ApiGateway::Deployment",
394
+ "Properties": {
395
+ "Description": "Automatically created by the RestApi construct",
396
+ "RestApiId": {
397
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
398
+ }
399
+ },
400
+ "DependsOn": [
401
+ "cfapilambdaoverrideLambdaRestApidynamicGET15050D54",
402
+ "cfapilambdaoverrideLambdaRestApidynamic88206171",
403
+ "cfapilambdaoverrideLambdaRestApistaticGET81EF9C24",
404
+ "cfapilambdaoverrideLambdaRestApistaticC2ECB649",
405
+ "cftaplamoverridebehaviorauthorizer74D77225"
406
+ ],
407
+ "Metadata": {
408
+ "cfn_nag": {
409
+ "rules_to_suppress": [
410
+ {
411
+ "id": "W45",
412
+ "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checks for it in AWS::ApiGateway::Deployment resource"
413
+ }
414
+ ]
415
+ }
416
+ }
417
+ },
418
+ "cfapilambdaoverrideLambdaRestApiDeploymentStageprodC4F6FBB5": {
419
+ "Type": "AWS::ApiGateway::Stage",
420
+ "Properties": {
421
+ "AccessLogSetting": {
422
+ "DestinationArn": {
423
+ "Fn::GetAtt": [
424
+ "cfapilambdaoverrideApiAccessLogGroup2665068D",
425
+ "Arn"
426
+ ]
427
+ },
428
+ "Format": "{\"requestId\":\"$context.requestId\",\"ip\":\"$context.identity.sourceIp\",\"user\":\"$context.identity.user\",\"caller\":\"$context.identity.caller\",\"requestTime\":\"$context.requestTime\",\"httpMethod\":\"$context.httpMethod\",\"resourcePath\":\"$context.resourcePath\",\"status\":\"$context.status\",\"protocol\":\"$context.protocol\",\"responseLength\":\"$context.responseLength\"}"
429
+ },
430
+ "DeploymentId": {
431
+ "Ref": "cfapilambdaoverrideLambdaRestApiDeployment82ACBB00eff3607850f915efb43bbead11999a10"
432
+ },
433
+ "MethodSettings": [
434
+ {
435
+ "DataTraceEnabled": false,
436
+ "HttpMethod": "*",
437
+ "LoggingLevel": "INFO",
438
+ "ResourcePath": "/*"
439
+ }
440
+ ],
441
+ "RestApiId": {
442
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
443
+ },
444
+ "StageName": "prod",
445
+ "TracingEnabled": true
446
+ }
447
+ },
448
+ "cfapilambdaoverrideLambdaRestApistaticC2ECB649": {
449
+ "Type": "AWS::ApiGateway::Resource",
450
+ "Properties": {
451
+ "ParentId": {
452
+ "Fn::GetAtt": [
453
+ "cfapilambdaoverrideLambdaRestApi6E7952FC",
454
+ "RootResourceId"
455
+ ]
456
+ },
457
+ "PathPart": "static",
458
+ "RestApiId": {
459
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
460
+ }
461
+ }
462
+ },
463
+ "cfapilambdaoverrideLambdaRestApistaticGET81EF9C24": {
464
+ "Type": "AWS::ApiGateway::Method",
465
+ "Properties": {
466
+ "AuthorizationType": "CUSTOM",
467
+ "AuthorizerId": {
468
+ "Ref": "cftaplamoverridebehaviorauthorizer74D77225"
469
+ },
470
+ "HttpMethod": "GET",
471
+ "Integration": {
472
+ "IntegrationHttpMethod": "GET",
473
+ "Type": "HTTP_PROXY",
474
+ "Uri": "http://amazon.com"
475
+ },
476
+ "ResourceId": {
477
+ "Ref": "cfapilambdaoverrideLambdaRestApistaticC2ECB649"
478
+ },
479
+ "RestApiId": {
480
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
481
+ }
482
+ },
483
+ "Metadata": {
484
+ "cfn_nag": {
485
+ "rules_to_suppress": [
486
+ {
487
+ "id": "W59",
488
+ "reason": "AWS::ApiGateway::Method AuthorizationType is set to 'NONE' because API Gateway behind CloudFront does not support AWS_IAM authentication"
489
+ }
490
+ ]
491
+ }
492
+ }
493
+ },
494
+ "cfapilambdaoverrideLambdaRestApidynamic88206171": {
495
+ "Type": "AWS::ApiGateway::Resource",
496
+ "Properties": {
497
+ "ParentId": {
498
+ "Fn::GetAtt": [
499
+ "cfapilambdaoverrideLambdaRestApi6E7952FC",
500
+ "RootResourceId"
501
+ ]
502
+ },
503
+ "PathPart": "dynamic",
504
+ "RestApiId": {
505
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
506
+ }
507
+ }
508
+ },
509
+ "cfapilambdaoverrideLambdaRestApidynamicGETApiPermissioncftaplamoverridebehaviorcfapilambdaoverrideLambdaRestApiE3676062GETdynamic9C58B7B8": {
510
+ "Type": "AWS::Lambda::Permission",
511
+ "Properties": {
512
+ "Action": "lambda:InvokeFunction",
513
+ "FunctionName": {
514
+ "Fn::GetAtt": [
515
+ "cfapilambdaoverrideLambdaFunction74CE466F",
516
+ "Arn"
517
+ ]
518
+ },
519
+ "Principal": "apigateway.amazonaws.com",
520
+ "SourceArn": {
521
+ "Fn::Join": [
522
+ "",
523
+ [
524
+ "arn:",
525
+ {
526
+ "Ref": "AWS::Partition"
527
+ },
528
+ ":execute-api:",
529
+ {
530
+ "Ref": "AWS::Region"
531
+ },
532
+ ":",
533
+ {
534
+ "Ref": "AWS::AccountId"
535
+ },
536
+ ":",
537
+ {
538
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
539
+ },
540
+ "/",
541
+ {
542
+ "Ref": "cfapilambdaoverrideLambdaRestApiDeploymentStageprodC4F6FBB5"
543
+ },
544
+ "/GET/dynamic"
545
+ ]
546
+ ]
547
+ }
548
+ }
549
+ },
550
+ "cfapilambdaoverrideLambdaRestApidynamicGETApiPermissionTestcftaplamoverridebehaviorcfapilambdaoverrideLambdaRestApiE3676062GETdynamic5810873D": {
551
+ "Type": "AWS::Lambda::Permission",
552
+ "Properties": {
553
+ "Action": "lambda:InvokeFunction",
554
+ "FunctionName": {
555
+ "Fn::GetAtt": [
556
+ "cfapilambdaoverrideLambdaFunction74CE466F",
557
+ "Arn"
558
+ ]
559
+ },
560
+ "Principal": "apigateway.amazonaws.com",
561
+ "SourceArn": {
562
+ "Fn::Join": [
563
+ "",
564
+ [
565
+ "arn:",
566
+ {
567
+ "Ref": "AWS::Partition"
568
+ },
569
+ ":execute-api:",
570
+ {
571
+ "Ref": "AWS::Region"
572
+ },
573
+ ":",
574
+ {
575
+ "Ref": "AWS::AccountId"
576
+ },
577
+ ":",
578
+ {
579
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
580
+ },
581
+ "/test-invoke-stage/GET/dynamic"
582
+ ]
583
+ ]
584
+ }
585
+ }
586
+ },
587
+ "cfapilambdaoverrideLambdaRestApidynamicGET15050D54": {
588
+ "Type": "AWS::ApiGateway::Method",
589
+ "Properties": {
590
+ "AuthorizationType": "CUSTOM",
591
+ "AuthorizerId": {
592
+ "Ref": "cftaplamoverridebehaviorauthorizer74D77225"
593
+ },
594
+ "HttpMethod": "GET",
595
+ "Integration": {
596
+ "IntegrationHttpMethod": "POST",
597
+ "Type": "AWS_PROXY",
598
+ "Uri": {
599
+ "Fn::Join": [
600
+ "",
601
+ [
602
+ "arn:",
603
+ {
604
+ "Ref": "AWS::Partition"
605
+ },
606
+ ":apigateway:",
607
+ {
608
+ "Ref": "AWS::Region"
609
+ },
610
+ ":lambda:path/2015-03-31/functions/",
611
+ {
612
+ "Fn::GetAtt": [
613
+ "cfapilambdaoverrideLambdaFunction74CE466F",
614
+ "Arn"
615
+ ]
616
+ },
617
+ "/invocations"
618
+ ]
619
+ ]
620
+ }
621
+ },
622
+ "ResourceId": {
623
+ "Ref": "cfapilambdaoverrideLambdaRestApidynamic88206171"
624
+ },
625
+ "RestApiId": {
626
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
627
+ }
628
+ },
629
+ "Metadata": {
630
+ "cfn_nag": {
631
+ "rules_to_suppress": [
632
+ {
633
+ "id": "W59",
634
+ "reason": "AWS::ApiGateway::Method AuthorizationType is set to 'NONE' because API Gateway behind CloudFront does not support AWS_IAM authentication"
635
+ }
636
+ ]
637
+ }
638
+ }
639
+ },
640
+ "cfapilambdaoverrideLambdaRestApiUsagePlanCF4B0BE0": {
641
+ "Type": "AWS::ApiGateway::UsagePlan",
642
+ "Properties": {
643
+ "ApiStages": [
644
+ {
645
+ "ApiId": {
646
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
647
+ },
648
+ "Stage": {
649
+ "Ref": "cfapilambdaoverrideLambdaRestApiDeploymentStageprodC4F6FBB5"
650
+ },
651
+ "Throttle": {}
652
+ }
653
+ ]
654
+ }
655
+ },
656
+ "cfapilambdaoverrideLambdaRestApiCloudWatchRole0F1F3559": {
657
+ "Type": "AWS::IAM::Role",
658
+ "Properties": {
659
+ "AssumeRolePolicyDocument": {
660
+ "Statement": [
661
+ {
662
+ "Action": "sts:AssumeRole",
663
+ "Effect": "Allow",
664
+ "Principal": {
665
+ "Service": "apigateway.amazonaws.com"
666
+ }
667
+ }
668
+ ],
669
+ "Version": "2012-10-17"
670
+ },
671
+ "Policies": [
672
+ {
673
+ "PolicyDocument": {
674
+ "Statement": [
675
+ {
676
+ "Action": [
677
+ "logs:CreateLogGroup",
678
+ "logs:CreateLogStream",
679
+ "logs:DescribeLogGroups",
680
+ "logs:DescribeLogStreams",
681
+ "logs:FilterLogEvents",
682
+ "logs:GetLogEvents",
683
+ "logs:PutLogEvents"
684
+ ],
685
+ "Effect": "Allow",
686
+ "Resource": {
687
+ "Fn::Join": [
688
+ "",
689
+ [
690
+ "arn:",
691
+ {
692
+ "Ref": "AWS::Partition"
693
+ },
694
+ ":logs:",
695
+ {
696
+ "Ref": "AWS::Region"
697
+ },
698
+ ":",
699
+ {
700
+ "Ref": "AWS::AccountId"
701
+ },
702
+ ":*"
703
+ ]
704
+ ]
705
+ }
706
+ }
707
+ ],
708
+ "Version": "2012-10-17"
709
+ },
710
+ "PolicyName": "LambdaRestApiCloudWatchRolePolicy"
711
+ }
712
+ ]
713
+ }
714
+ },
715
+ "cfapilambdaoverrideLambdaRestApiAccountFB480D92": {
716
+ "Type": "AWS::ApiGateway::Account",
717
+ "Properties": {
718
+ "CloudWatchRoleArn": {
719
+ "Fn::GetAtt": [
720
+ "cfapilambdaoverrideLambdaRestApiCloudWatchRole0F1F3559",
721
+ "Arn"
722
+ ]
723
+ }
724
+ },
725
+ "DependsOn": [
726
+ "cfapilambdaoverrideLambdaRestApi6E7952FC"
727
+ ]
728
+ },
729
+ "cfapilambdaoverrideCloudFrontToApiGatewaySetHttpSecurityHeaders67E61E6E": {
730
+ "Type": "AWS::CloudFront::Function",
731
+ "Properties": {
732
+ "AutoPublish": true,
733
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
734
+ "FunctionConfig": {
735
+ "Comment": "SetHttpSecurityHeadersc826c2a6a3ffe209aed33765f37752084820de0d3b",
736
+ "Runtime": "cloudfront-js-1.0"
737
+ },
738
+ "Name": "SetHttpSecurityHeadersc826c2a6a3ffe209aed33765f37752084820de0d3b"
739
+ }
740
+ },
741
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog9CEB5CD9": {
742
+ "Type": "AWS::S3::Bucket",
743
+ "Properties": {
744
+ "BucketEncryption": {
745
+ "ServerSideEncryptionConfiguration": [
746
+ {
747
+ "ServerSideEncryptionByDefault": {
748
+ "SSEAlgorithm": "AES256"
749
+ }
750
+ }
751
+ ]
752
+ },
753
+ "OwnershipControls": {
754
+ "Rules": [
755
+ {
756
+ "ObjectOwnership": "ObjectWriter"
757
+ }
758
+ ]
759
+ },
760
+ "PublicAccessBlockConfiguration": {
761
+ "BlockPublicAcls": true,
762
+ "BlockPublicPolicy": true,
763
+ "IgnorePublicAcls": true,
764
+ "RestrictPublicBuckets": true
765
+ },
766
+ "Tags": [
767
+ {
768
+ "Key": "aws-cdk:auto-delete-objects",
769
+ "Value": "true"
770
+ }
771
+ ],
772
+ "VersioningConfiguration": {
773
+ "Status": "Enabled"
774
+ }
775
+ },
776
+ "UpdateReplacePolicy": "Delete",
777
+ "DeletionPolicy": "Delete",
778
+ "Metadata": {
779
+ "cfn_nag": {
780
+ "rules_to_suppress": [
781
+ {
782
+ "id": "W35",
783
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
784
+ }
785
+ ]
786
+ }
787
+ }
788
+ },
789
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLogPolicy53DB42E0": {
790
+ "Type": "AWS::S3::BucketPolicy",
791
+ "Properties": {
792
+ "Bucket": {
793
+ "Ref": "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog9CEB5CD9"
794
+ },
795
+ "PolicyDocument": {
796
+ "Statement": [
797
+ {
798
+ "Action": "s3:*",
799
+ "Condition": {
800
+ "Bool": {
801
+ "aws:SecureTransport": "false"
802
+ }
803
+ },
804
+ "Effect": "Deny",
805
+ "Principal": {
806
+ "AWS": "*"
807
+ },
808
+ "Resource": [
809
+ {
810
+ "Fn::GetAtt": [
811
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog9CEB5CD9",
812
+ "Arn"
813
+ ]
814
+ },
815
+ {
816
+ "Fn::Join": [
817
+ "",
818
+ [
819
+ {
820
+ "Fn::GetAtt": [
821
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog9CEB5CD9",
822
+ "Arn"
823
+ ]
824
+ },
825
+ "/*"
826
+ ]
827
+ ]
828
+ }
829
+ ]
830
+ },
831
+ {
832
+ "Action": [
833
+ "s3:DeleteObject*",
834
+ "s3:GetBucket*",
835
+ "s3:List*",
836
+ "s3:PutBucketPolicy"
837
+ ],
838
+ "Effect": "Allow",
839
+ "Principal": {
840
+ "AWS": {
841
+ "Fn::GetAtt": [
842
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
843
+ "Arn"
844
+ ]
845
+ }
846
+ },
847
+ "Resource": [
848
+ {
849
+ "Fn::GetAtt": [
850
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog9CEB5CD9",
851
+ "Arn"
852
+ ]
853
+ },
854
+ {
855
+ "Fn::Join": [
856
+ "",
857
+ [
858
+ {
859
+ "Fn::GetAtt": [
860
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog9CEB5CD9",
861
+ "Arn"
862
+ ]
863
+ },
864
+ "/*"
865
+ ]
866
+ ]
867
+ }
868
+ ]
869
+ },
870
+ {
871
+ "Action": "s3:PutObject",
872
+ "Condition": {
873
+ "ArnLike": {
874
+ "aws:SourceArn": {
875
+ "Fn::GetAtt": [
876
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0",
877
+ "Arn"
878
+ ]
879
+ }
880
+ },
881
+ "StringEquals": {
882
+ "aws:SourceAccount": {
883
+ "Ref": "AWS::AccountId"
884
+ }
885
+ }
886
+ },
887
+ "Effect": "Allow",
888
+ "Principal": {
889
+ "Service": "logging.s3.amazonaws.com"
890
+ },
891
+ "Resource": {
892
+ "Fn::Join": [
893
+ "",
894
+ [
895
+ {
896
+ "Fn::GetAtt": [
897
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog9CEB5CD9",
898
+ "Arn"
899
+ ]
900
+ },
901
+ "/*"
902
+ ]
903
+ ]
904
+ }
905
+ }
906
+ ],
907
+ "Version": "2012-10-17"
908
+ }
909
+ }
910
+ },
911
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource33279C95": {
912
+ "Type": "Custom::S3AutoDeleteObjects",
913
+ "Properties": {
914
+ "ServiceToken": {
915
+ "Fn::GetAtt": [
916
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
917
+ "Arn"
918
+ ]
919
+ },
920
+ "BucketName": {
921
+ "Ref": "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog9CEB5CD9"
922
+ }
923
+ },
924
+ "DependsOn": [
925
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLogPolicy53DB42E0"
926
+ ],
927
+ "UpdateReplacePolicy": "Delete",
928
+ "DeletionPolicy": "Delete"
929
+ },
930
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0": {
931
+ "Type": "AWS::S3::Bucket",
932
+ "Properties": {
933
+ "AccessControl": "LogDeliveryWrite",
934
+ "BucketEncryption": {
935
+ "ServerSideEncryptionConfiguration": [
936
+ {
937
+ "ServerSideEncryptionByDefault": {
938
+ "SSEAlgorithm": "AES256"
939
+ }
940
+ }
941
+ ]
942
+ },
943
+ "LoggingConfiguration": {
944
+ "DestinationBucketName": {
945
+ "Ref": "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog9CEB5CD9"
946
+ }
947
+ },
948
+ "OwnershipControls": {
949
+ "Rules": [
950
+ {
951
+ "ObjectOwnership": "ObjectWriter"
952
+ }
953
+ ]
954
+ },
955
+ "PublicAccessBlockConfiguration": {
956
+ "BlockPublicAcls": true,
957
+ "BlockPublicPolicy": true,
958
+ "IgnorePublicAcls": true,
959
+ "RestrictPublicBuckets": true
960
+ },
961
+ "Tags": [
962
+ {
963
+ "Key": "aws-cdk:auto-delete-objects",
964
+ "Value": "true"
965
+ }
966
+ ],
967
+ "VersioningConfiguration": {
968
+ "Status": "Enabled"
969
+ }
970
+ },
971
+ "UpdateReplacePolicy": "Delete",
972
+ "DeletionPolicy": "Delete"
973
+ },
974
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketPolicyC3092436": {
975
+ "Type": "AWS::S3::BucketPolicy",
976
+ "Properties": {
977
+ "Bucket": {
978
+ "Ref": "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0"
979
+ },
980
+ "PolicyDocument": {
981
+ "Statement": [
982
+ {
983
+ "Action": "s3:*",
984
+ "Condition": {
985
+ "Bool": {
986
+ "aws:SecureTransport": "false"
987
+ }
988
+ },
989
+ "Effect": "Deny",
990
+ "Principal": {
991
+ "AWS": "*"
992
+ },
993
+ "Resource": [
994
+ {
995
+ "Fn::GetAtt": [
996
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0",
997
+ "Arn"
998
+ ]
999
+ },
1000
+ {
1001
+ "Fn::Join": [
1002
+ "",
1003
+ [
1004
+ {
1005
+ "Fn::GetAtt": [
1006
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0",
1007
+ "Arn"
1008
+ ]
1009
+ },
1010
+ "/*"
1011
+ ]
1012
+ ]
1013
+ }
1014
+ ]
1015
+ },
1016
+ {
1017
+ "Action": [
1018
+ "s3:DeleteObject*",
1019
+ "s3:GetBucket*",
1020
+ "s3:List*",
1021
+ "s3:PutBucketPolicy"
1022
+ ],
1023
+ "Effect": "Allow",
1024
+ "Principal": {
1025
+ "AWS": {
1026
+ "Fn::GetAtt": [
1027
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
1028
+ "Arn"
1029
+ ]
1030
+ }
1031
+ },
1032
+ "Resource": [
1033
+ {
1034
+ "Fn::GetAtt": [
1035
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0",
1036
+ "Arn"
1037
+ ]
1038
+ },
1039
+ {
1040
+ "Fn::Join": [
1041
+ "",
1042
+ [
1043
+ {
1044
+ "Fn::GetAtt": [
1045
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0",
1046
+ "Arn"
1047
+ ]
1048
+ },
1049
+ "/*"
1050
+ ]
1051
+ ]
1052
+ }
1053
+ ]
1054
+ }
1055
+ ],
1056
+ "Version": "2012-10-17"
1057
+ }
1058
+ }
1059
+ },
1060
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAutoDeleteObjectsCustomResource028E07CD": {
1061
+ "Type": "Custom::S3AutoDeleteObjects",
1062
+ "Properties": {
1063
+ "ServiceToken": {
1064
+ "Fn::GetAtt": [
1065
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
1066
+ "Arn"
1067
+ ]
1068
+ },
1069
+ "BucketName": {
1070
+ "Ref": "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0"
1071
+ }
1072
+ },
1073
+ "DependsOn": [
1074
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketPolicyC3092436"
1075
+ ],
1076
+ "UpdateReplacePolicy": "Delete",
1077
+ "DeletionPolicy": "Delete"
1078
+ },
1079
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudFrontDistribution94A35932": {
1080
+ "Type": "AWS::CloudFront::Distribution",
1081
+ "Properties": {
1082
+ "DistributionConfig": {
1083
+ "CacheBehaviors": [
1084
+ {
1085
+ "CachePolicyId": {
1086
+ "Ref": "NoCachePolicy1F71EC46"
1087
+ },
1088
+ "Compress": true,
1089
+ "PathPattern": "/dynamic",
1090
+ "TargetOriginId": "cftaplamoverridebehaviorcfapilambdaoverrideCloudFrontToApiGatewayCloudFrontDistributionOrigin2D0C9421C",
1091
+ "ViewerProtocolPolicy": "allow-all"
1092
+ }
1093
+ ],
1094
+ "DefaultCacheBehavior": {
1095
+ "CachePolicyId": {
1096
+ "Ref": "SomeCachePolicy40B9E4D4"
1097
+ },
1098
+ "Compress": true,
1099
+ "FunctionAssociations": [
1100
+ {
1101
+ "EventType": "viewer-response",
1102
+ "FunctionARN": {
1103
+ "Fn::GetAtt": [
1104
+ "cfapilambdaoverrideCloudFrontToApiGatewaySetHttpSecurityHeaders67E61E6E",
1105
+ "FunctionARN"
1106
+ ]
1107
+ }
1108
+ }
1109
+ ],
1110
+ "TargetOriginId": "cftaplamoverridebehaviorcfapilambdaoverrideCloudFrontToApiGatewayCloudFrontDistributionOrigin14C42522D",
1111
+ "ViewerProtocolPolicy": "redirect-to-https"
1112
+ },
1113
+ "Enabled": true,
1114
+ "HttpVersion": "http2",
1115
+ "IPV6Enabled": true,
1116
+ "Logging": {
1117
+ "Bucket": {
1118
+ "Fn::GetAtt": [
1119
+ "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0",
1120
+ "RegionalDomainName"
1121
+ ]
1122
+ }
1123
+ },
1124
+ "Origins": [
1125
+ {
1126
+ "CustomOriginConfig": {
1127
+ "OriginProtocolPolicy": "https-only",
1128
+ "OriginSSLProtocols": [
1129
+ "TLSv1.2"
1130
+ ]
1131
+ },
1132
+ "DomainName": {
1133
+ "Fn::Select": [
1134
+ 0,
1135
+ {
1136
+ "Fn::Split": [
1137
+ "/",
1138
+ {
1139
+ "Fn::Select": [
1140
+ 1,
1141
+ {
1142
+ "Fn::Split": [
1143
+ "://",
1144
+ {
1145
+ "Fn::Join": [
1146
+ "",
1147
+ [
1148
+ "https://",
1149
+ {
1150
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
1151
+ },
1152
+ ".execute-api.",
1153
+ {
1154
+ "Ref": "AWS::Region"
1155
+ },
1156
+ ".",
1157
+ {
1158
+ "Ref": "AWS::URLSuffix"
1159
+ },
1160
+ "/",
1161
+ {
1162
+ "Ref": "cfapilambdaoverrideLambdaRestApiDeploymentStageprodC4F6FBB5"
1163
+ },
1164
+ "/"
1165
+ ]
1166
+ ]
1167
+ }
1168
+ ]
1169
+ }
1170
+ ]
1171
+ }
1172
+ ]
1173
+ }
1174
+ ]
1175
+ },
1176
+ "Id": "cftaplamoverridebehaviorcfapilambdaoverrideCloudFrontToApiGatewayCloudFrontDistributionOrigin14C42522D",
1177
+ "OriginPath": {
1178
+ "Fn::Join": [
1179
+ "",
1180
+ [
1181
+ "/",
1182
+ {
1183
+ "Ref": "cfapilambdaoverrideLambdaRestApiDeploymentStageprodC4F6FBB5"
1184
+ }
1185
+ ]
1186
+ ]
1187
+ }
1188
+ },
1189
+ {
1190
+ "CustomOriginConfig": {
1191
+ "OriginProtocolPolicy": "https-only",
1192
+ "OriginSSLProtocols": [
1193
+ "TLSv1.2"
1194
+ ]
1195
+ },
1196
+ "DomainName": {
1197
+ "Fn::Select": [
1198
+ 0,
1199
+ {
1200
+ "Fn::Split": [
1201
+ "/",
1202
+ {
1203
+ "Fn::Select": [
1204
+ 1,
1205
+ {
1206
+ "Fn::Split": [
1207
+ "://",
1208
+ {
1209
+ "Fn::Join": [
1210
+ "",
1211
+ [
1212
+ "https://",
1213
+ {
1214
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
1215
+ },
1216
+ ".execute-api.",
1217
+ {
1218
+ "Ref": "AWS::Region"
1219
+ },
1220
+ ".",
1221
+ {
1222
+ "Ref": "AWS::URLSuffix"
1223
+ },
1224
+ "/",
1225
+ {
1226
+ "Ref": "cfapilambdaoverrideLambdaRestApiDeploymentStageprodC4F6FBB5"
1227
+ },
1228
+ "/"
1229
+ ]
1230
+ ]
1231
+ }
1232
+ ]
1233
+ }
1234
+ ]
1235
+ }
1236
+ ]
1237
+ }
1238
+ ]
1239
+ },
1240
+ "Id": "cftaplamoverridebehaviorcfapilambdaoverrideCloudFrontToApiGatewayCloudFrontDistributionOrigin2D0C9421C",
1241
+ "OriginPath": {
1242
+ "Fn::Join": [
1243
+ "",
1244
+ [
1245
+ "/",
1246
+ {
1247
+ "Ref": "cfapilambdaoverrideLambdaRestApiDeploymentStageprodC4F6FBB5"
1248
+ },
1249
+ "/dynamic"
1250
+ ]
1251
+ ]
1252
+ }
1253
+ }
1254
+ ]
1255
+ }
1256
+ },
1257
+ "Metadata": {
1258
+ "cfn_nag": {
1259
+ "rules_to_suppress": [
1260
+ {
1261
+ "id": "W70",
1262
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
1263
+ }
1264
+ ]
1265
+ }
1266
+ }
1267
+ },
1268
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
1269
+ "Type": "AWS::IAM::Role",
1270
+ "Properties": {
1271
+ "AssumeRolePolicyDocument": {
1272
+ "Version": "2012-10-17",
1273
+ "Statement": [
1274
+ {
1275
+ "Action": "sts:AssumeRole",
1276
+ "Effect": "Allow",
1277
+ "Principal": {
1278
+ "Service": "lambda.amazonaws.com"
1279
+ }
1280
+ }
1281
+ ]
1282
+ },
1283
+ "ManagedPolicyArns": [
1284
+ {
1285
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1286
+ }
1287
+ ]
1288
+ }
1289
+ },
1290
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
1291
+ "Type": "AWS::Lambda::Function",
1292
+ "Properties": {
1293
+ "Code": {
1294
+ "S3Bucket": {
1295
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1296
+ },
1297
+ "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
1298
+ },
1299
+ "Timeout": 900,
1300
+ "MemorySize": 128,
1301
+ "Handler": "index.handler",
1302
+ "Role": {
1303
+ "Fn::GetAtt": [
1304
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
1305
+ "Arn"
1306
+ ]
1307
+ },
1308
+ "Runtime": "nodejs18.x",
1309
+ "Description": {
1310
+ "Fn::Join": [
1311
+ "",
1312
+ [
1313
+ "Lambda function for auto-deleting objects in ",
1314
+ {
1315
+ "Ref": "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog9CEB5CD9"
1316
+ },
1317
+ " S3 bucket."
1318
+ ]
1319
+ ]
1320
+ }
1321
+ },
1322
+ "DependsOn": [
1323
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
1324
+ ],
1325
+ "Metadata": {
1326
+ "cfn_nag": {
1327
+ "rules_to_suppress": [
1328
+ {
1329
+ "id": "W58",
1330
+ "reason": "CDK generated custom resource"
1331
+ },
1332
+ {
1333
+ "id": "W89",
1334
+ "reason": "CDK generated custom resource"
1335
+ },
1336
+ {
1337
+ "id": "W92",
1338
+ "reason": "CDK generated custom resource"
1339
+ }
1340
+ ]
1341
+ }
1342
+ }
1343
+ }
1344
+ },
1345
+ "Outputs": {
1346
+ "cfapilambdaoverrideLambdaRestApiEndpointF8A561AB": {
1347
+ "Value": {
1348
+ "Fn::Join": [
1349
+ "",
1350
+ [
1351
+ "https://",
1352
+ {
1353
+ "Ref": "cfapilambdaoverrideLambdaRestApi6E7952FC"
1354
+ },
1355
+ ".execute-api.",
1356
+ {
1357
+ "Ref": "AWS::Region"
1358
+ },
1359
+ ".",
1360
+ {
1361
+ "Ref": "AWS::URLSuffix"
1362
+ },
1363
+ "/",
1364
+ {
1365
+ "Ref": "cfapilambdaoverrideLambdaRestApiDeploymentStageprodC4F6FBB5"
1366
+ },
1367
+ "/"
1368
+ ]
1369
+ ]
1370
+ }
1371
+ }
1372
+ },
1373
+ "Parameters": {
1374
+ "BootstrapVersion": {
1375
+ "Type": "AWS::SSM::Parameter::Value<String>",
1376
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1377
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1378
+ }
1379
+ },
1380
+ "Rules": {
1381
+ "CheckBootstrapVersion": {
1382
+ "Assertions": [
1383
+ {
1384
+ "Assert": {
1385
+ "Fn::Not": [
1386
+ {
1387
+ "Fn::Contains": [
1388
+ [
1389
+ "1",
1390
+ "2",
1391
+ "3",
1392
+ "4",
1393
+ "5"
1394
+ ],
1395
+ {
1396
+ "Ref": "BootstrapVersion"
1397
+ }
1398
+ ]
1399
+ }
1400
+ ]
1401
+ },
1402
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1403
+ }
1404
+ ]
1405
+ }
1406
+ }
1407
+ }