@aws-solutions-constructs/aws-cloudfront-apigateway-lambda 2.50.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +51 -6
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +14 -13
  6. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js +6 -3
  7. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/asset.42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c/index.js +10 -0
  8. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  9. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cdk.out +1 -0
  10. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplam-customCloudfrontLoggingBucket.assets.json +45 -0
  11. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplam-customCloudfrontLoggingBucket.template.json +1348 -0
  12. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplamcustomCloudfrontLoggingBucketIntegDefaultTestDeployAssert35A683E0.assets.json +19 -0
  13. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplamcustomCloudfrontLoggingBucketIntegDefaultTestDeployAssert35A683E0.template.json +36 -0
  14. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/integ.json +12 -0
  15. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/manifest.json +299 -0
  16. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/tree.json +1775 -0
  17. package/test/integ.cftaplam-no-arguments.js +6 -3
  18. package/test/integ.cftaplam-no-arguments.js.snapshot/asset.42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c/index.js +10 -0
  19. package/test/integ.cftaplam-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  20. package/test/integ.cftaplam-no-arguments.js.snapshot/cdk.out +1 -0
  21. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplam-no-arguments.assets.json +45 -0
  22. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplam-no-arguments.template.json +1348 -0
  23. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplamnoargumentsIntegDefaultTestDeployAssertACC32F59.assets.json +19 -0
  24. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplamnoargumentsIntegDefaultTestDeployAssertACC32F59.template.json +36 -0
  25. package/test/integ.cftaplam-no-arguments.js.snapshot/integ.json +12 -0
  26. package/test/integ.cftaplam-no-arguments.js.snapshot/manifest.json +299 -0
  27. package/test/integ.cftaplam-no-arguments.js.snapshot/tree.json +1775 -0
  28. package/test/integ.cftaplam-override-behavior.js +6 -3
  29. package/test/integ.cftaplam-override-behavior.js.snapshot/asset.42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c/index.js +10 -0
  30. package/test/integ.cftaplam-override-behavior.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  31. package/test/integ.cftaplam-override-behavior.js.snapshot/cdk.out +1 -0
  32. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplam-override-behavior.assets.json +45 -0
  33. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplam-override-behavior.template.json +1407 -0
  34. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplamoverridebehaviorIntegDefaultTestDeployAssert3DC30427.assets.json +19 -0
  35. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplamoverridebehaviorIntegDefaultTestDeployAssert3DC30427.template.json +36 -0
  36. package/test/integ.cftaplam-override-behavior.js.snapshot/integ.json +12 -0
  37. package/test/integ.cftaplam-override-behavior.js.snapshot/manifest.json +305 -0
  38. package/test/integ.cftaplam-override-behavior.js.snapshot/tree.json +1859 -0
  39. package/test/integ.cftaplam-customCloudfrontLoggingBucket.expected.json +0 -1347
  40. package/test/integ.cftaplam-no-arguments.expected.json +0 -1347
  41. package/test/integ.cftaplam-override-behavior.expected.json +0 -1406
package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplam-no-arguments.template.json ADDED
@@ -0,0 +1,1348 @@
1
+ {
2
+ "Description": "Integration Test for aws-cloudfront-apigateway-lambda",
3
+ "Resources": {
4
+ "cftaplamnoargumentsauthorizerAuthFunctionServiceRole122160C6": {
5
+ "Type": "AWS::IAM::Role",
6
+ "Properties": {
7
+ "AssumeRolePolicyDocument": {
8
+ "Statement": [
9
+ {
10
+ "Action": "sts:AssumeRole",
11
+ "Effect": "Allow",
12
+ "Principal": {
13
+ "Service": "lambda.amazonaws.com"
14
+ }
15
+ }
16
+ ],
17
+ "Version": "2012-10-17"
18
+ },
19
+ "ManagedPolicyArns": [
20
+ {
21
+ "Fn::Join": [
22
+ "",
23
+ [
24
+ "arn:",
25
+ {
26
+ "Ref": "AWS::Partition"
27
+ },
28
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
29
+ ]
30
+ ]
31
+ }
32
+ ]
33
+ }
34
+ },
35
+ "cftaplamnoargumentsauthorizerAuthFunction9B127993": {
36
+ "Type": "AWS::Lambda::Function",
37
+ "Properties": {
38
+ "Code": {
39
+ "S3Bucket": {
40
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
41
+ },
42
+ "S3Key": "42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c.zip"
43
+ },
44
+ "Handler": ".handler",
45
+ "Role": {
46
+ "Fn::GetAtt": [
47
+ "cftaplamnoargumentsauthorizerAuthFunctionServiceRole122160C6",
48
+ "Arn"
49
+ ]
50
+ },
51
+ "Runtime": "nodejs16.x"
52
+ },
53
+ "DependsOn": [
54
+ "cftaplamnoargumentsauthorizerAuthFunctionServiceRole122160C6"
55
+ ],
56
+ "Metadata": {
57
+ "cfn_nag": {
58
+ "rules_to_suppress": [
59
+ {
60
+ "id": "W58",
61
+ "reason": "Test Resource"
62
+ },
63
+ {
64
+ "id": "W89",
65
+ "reason": "Test Resource"
66
+ },
67
+ {
68
+ "id": "W92",
69
+ "reason": "Test Resource"
70
+ }
71
+ ]
72
+ }
73
+ }
74
+ },
75
+ "cftaplamnoargumentsauthorizerAuthFunctioncftaplamnoargumentscftaplamnoargumentsauthorizer14876A7BPermissionsE711C432": {
76
+ "Type": "AWS::Lambda::Permission",
77
+ "Properties": {
78
+ "Action": "lambda:InvokeFunction",
79
+ "FunctionName": {
80
+ "Fn::GetAtt": [
81
+ "cftaplamnoargumentsauthorizerAuthFunction9B127993",
82
+ "Arn"
83
+ ]
84
+ },
85
+ "Principal": "apigateway.amazonaws.com",
86
+ "SourceArn": {
87
+ "Fn::Join": [
88
+ "",
89
+ [
90
+ "arn:",
91
+ {
92
+ "Ref": "AWS::Partition"
93
+ },
94
+ ":execute-api:",
95
+ {
96
+ "Ref": "AWS::Region"
97
+ },
98
+ ":",
99
+ {
100
+ "Ref": "AWS::AccountId"
101
+ },
102
+ ":",
103
+ {
104
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
105
+ },
106
+ "/authorizers/",
107
+ {
108
+ "Ref": "cftaplamnoargumentsauthorizerD7B341B1"
109
+ }
110
+ ]
111
+ ]
112
+ }
113
+ }
114
+ },
115
+ "cftaplamnoargumentsauthorizerD7B341B1": {
116
+ "Type": "AWS::ApiGateway::Authorizer",
117
+ "Properties": {
118
+ "AuthorizerResultTtlInSeconds": 300,
119
+ "AuthorizerUri": {
120
+ "Fn::Join": [
121
+ "",
122
+ [
123
+ "arn:",
124
+ {
125
+ "Fn::Select": [
126
+ 1,
127
+ {
128
+ "Fn::Split": [
129
+ ":",
130
+ {
131
+ "Fn::GetAtt": [
132
+ "cftaplamnoargumentsauthorizerAuthFunction9B127993",
133
+ "Arn"
134
+ ]
135
+ }
136
+ ]
137
+ }
138
+ ]
139
+ },
140
+ ":apigateway:",
141
+ {
142
+ "Fn::Select": [
143
+ 3,
144
+ {
145
+ "Fn::Split": [
146
+ ":",
147
+ {
148
+ "Fn::GetAtt": [
149
+ "cftaplamnoargumentsauthorizerAuthFunction9B127993",
150
+ "Arn"
151
+ ]
152
+ }
153
+ ]
154
+ }
155
+ ]
156
+ },
157
+ ":lambda:path/2015-03-31/functions/",
158
+ {
159
+ "Fn::GetAtt": [
160
+ "cftaplamnoargumentsauthorizerAuthFunction9B127993",
161
+ "Arn"
162
+ ]
163
+ },
164
+ "/invocations"
165
+ ]
166
+ ]
167
+ },
168
+ "IdentitySource": "method.request.header.Authorization",
169
+ "Name": "cftaplamnoargumentscftaplamnoargumentsauthorizer14876A7B",
170
+ "RestApiId": {
171
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
172
+ },
173
+ "Type": "REQUEST"
174
+ }
175
+ },
176
+ "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F": {
177
+ "Type": "AWS::IAM::Role",
178
+ "Properties": {
179
+ "AssumeRolePolicyDocument": {
180
+ "Statement": [
181
+ {
182
+ "Action": "sts:AssumeRole",
183
+ "Effect": "Allow",
184
+ "Principal": {
185
+ "Service": "lambda.amazonaws.com"
186
+ }
187
+ }
188
+ ],
189
+ "Version": "2012-10-17"
190
+ },
191
+ "Policies": [
192
+ {
193
+ "PolicyDocument": {
194
+ "Statement": [
195
+ {
196
+ "Action": [
197
+ "logs:CreateLogGroup",
198
+ "logs:CreateLogStream",
199
+ "logs:PutLogEvents"
200
+ ],
201
+ "Effect": "Allow",
202
+ "Resource": {
203
+ "Fn::Join": [
204
+ "",
205
+ [
206
+ "arn:",
207
+ {
208
+ "Ref": "AWS::Partition"
209
+ },
210
+ ":logs:",
211
+ {
212
+ "Ref": "AWS::Region"
213
+ },
214
+ ":",
215
+ {
216
+ "Ref": "AWS::AccountId"
217
+ },
218
+ ":log-group:/aws/lambda/*"
219
+ ]
220
+ ]
221
+ }
222
+ }
223
+ ],
224
+ "Version": "2012-10-17"
225
+ },
226
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
227
+ }
228
+ ]
229
+ }
230
+ },
231
+ "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB": {
232
+ "Type": "AWS::IAM::Policy",
233
+ "Properties": {
234
+ "PolicyDocument": {
235
+ "Statement": [
236
+ {
237
+ "Action": [
238
+ "xray:PutTelemetryRecords",
239
+ "xray:PutTraceSegments"
240
+ ],
241
+ "Effect": "Allow",
242
+ "Resource": "*"
243
+ }
244
+ ],
245
+ "Version": "2012-10-17"
246
+ },
247
+ "PolicyName": "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB",
248
+ "Roles": [
249
+ {
250
+ "Ref": "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F"
251
+ }
252
+ ]
253
+ },
254
+ "Metadata": {
255
+ "cfn_nag": {
256
+ "rules_to_suppress": [
257
+ {
258
+ "id": "W12",
259
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
260
+ }
261
+ ]
262
+ }
263
+ }
264
+ },
265
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65": {
266
+ "Type": "AWS::Lambda::Function",
267
+ "Properties": {
268
+ "Code": {
269
+ "S3Bucket": {
270
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
271
+ },
272
+ "S3Key": "42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c.zip"
273
+ },
274
+ "Environment": {
275
+ "Variables": {
276
+ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
277
+ }
278
+ },
279
+ "Handler": "index.handler",
280
+ "Role": {
281
+ "Fn::GetAtt": [
282
+ "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F",
283
+ "Arn"
284
+ ]
285
+ },
286
+ "Runtime": "nodejs16.x",
287
+ "TracingConfig": {
288
+ "Mode": "Active"
289
+ }
290
+ },
291
+ "DependsOn": [
292
+ "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB",
293
+ "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F"
294
+ ],
295
+ "Metadata": {
296
+ "cfn_nag": {
297
+ "rules_to_suppress": [
298
+ {
299
+ "id": "W58",
300
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
301
+ },
302
+ {
303
+ "id": "W89",
304
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
305
+ },
306
+ {
307
+ "id": "W92",
308
+ "reason": "Impossible for us to define the correct concurrency for clients"
309
+ }
310
+ ]
311
+ }
312
+ }
313
+ },
314
+ "testcloudfrontapigatewaylambdaApiAccessLogGroup97EB2E40": {
315
+ "Type": "AWS::Logs::LogGroup",
316
+ "UpdateReplacePolicy": "Retain",
317
+ "DeletionPolicy": "Retain",
318
+ "Metadata": {
319
+ "cfn_nag": {
320
+ "rules_to_suppress": [
321
+ {
322
+ "id": "W86",
323
+ "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely"
324
+ },
325
+ {
326
+ "id": "W84",
327
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
328
+ }
329
+ ]
330
+ }
331
+ }
332
+ },
333
+ "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44": {
334
+ "Type": "AWS::ApiGateway::RestApi",
335
+ "Properties": {
336
+ "EndpointConfiguration": {
337
+ "Types": [
338
+ "REGIONAL"
339
+ ]
340
+ },
341
+ "Name": "LambdaRestApi"
342
+ }
343
+ },
344
+ "testcloudfrontapigatewaylambdaLambdaRestApiDeployment0C4661C0449e768de84d9b01b952d7f0c0a787fe": {
345
+ "Type": "AWS::ApiGateway::Deployment",
346
+ "Properties": {
347
+ "Description": "Automatically created by the RestApi construct",
348
+ "RestApiId": {
349
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
350
+ }
351
+ },
352
+ "DependsOn": [
353
+ "cftaplamnoargumentsauthorizerD7B341B1",
354
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYAE500A13",
355
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyBC09D86F",
356
+ "testcloudfrontapigatewaylambdaLambdaRestApiANYBC435DFD"
357
+ ],
358
+ "Metadata": {
359
+ "cfn_nag": {
360
+ "rules_to_suppress": [
361
+ {
362
+ "id": "W45",
363
+ "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checks for it in AWS::ApiGateway::Deployment resource"
364
+ }
365
+ ]
366
+ }
367
+ }
368
+ },
369
+ "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7": {
370
+ "Type": "AWS::ApiGateway::Stage",
371
+ "Properties": {
372
+ "AccessLogSetting": {
373
+ "DestinationArn": {
374
+ "Fn::GetAtt": [
375
+ "testcloudfrontapigatewaylambdaApiAccessLogGroup97EB2E40",
376
+ "Arn"
377
+ ]
378
+ },
379
+ "Format": "{\"requestId\":\"$context.requestId\",\"ip\":\"$context.identity.sourceIp\",\"user\":\"$context.identity.user\",\"caller\":\"$context.identity.caller\",\"requestTime\":\"$context.requestTime\",\"httpMethod\":\"$context.httpMethod\",\"resourcePath\":\"$context.resourcePath\",\"status\":\"$context.status\",\"protocol\":\"$context.protocol\",\"responseLength\":\"$context.responseLength\"}"
380
+ },
381
+ "DeploymentId": {
382
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeployment0C4661C0449e768de84d9b01b952d7f0c0a787fe"
383
+ },
384
+ "MethodSettings": [
385
+ {
386
+ "DataTraceEnabled": false,
387
+ "HttpMethod": "*",
388
+ "LoggingLevel": "INFO",
389
+ "ResourcePath": "/*"
390
+ }
391
+ ],
392
+ "RestApiId": {
393
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
394
+ },
395
+ "StageName": "prod",
396
+ "TracingEnabled": true
397
+ }
398
+ },
399
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyBC09D86F": {
400
+ "Type": "AWS::ApiGateway::Resource",
401
+ "Properties": {
402
+ "ParentId": {
403
+ "Fn::GetAtt": [
404
+ "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44",
405
+ "RootResourceId"
406
+ ]
407
+ },
408
+ "PathPart": "{proxy+}",
409
+ "RestApiId": {
410
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
411
+ }
412
+ }
413
+ },
414
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYApiPermissioncftaplamnoargumentstestcloudfrontapigatewaylambdaLambdaRestApiF14A7709ANYproxyB4BC87CC": {
415
+ "Type": "AWS::Lambda::Permission",
416
+ "Properties": {
417
+ "Action": "lambda:InvokeFunction",
418
+ "FunctionName": {
419
+ "Fn::GetAtt": [
420
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
421
+ "Arn"
422
+ ]
423
+ },
424
+ "Principal": "apigateway.amazonaws.com",
425
+ "SourceArn": {
426
+ "Fn::Join": [
427
+ "",
428
+ [
429
+ "arn:",
430
+ {
431
+ "Ref": "AWS::Partition"
432
+ },
433
+ ":execute-api:",
434
+ {
435
+ "Ref": "AWS::Region"
436
+ },
437
+ ":",
438
+ {
439
+ "Ref": "AWS::AccountId"
440
+ },
441
+ ":",
442
+ {
443
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
444
+ },
445
+ "/",
446
+ {
447
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
448
+ },
449
+ "/*/*"
450
+ ]
451
+ ]
452
+ }
453
+ }
454
+ },
455
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYApiPermissionTestcftaplamnoargumentstestcloudfrontapigatewaylambdaLambdaRestApiF14A7709ANYproxy647FCDDD": {
456
+ "Type": "AWS::Lambda::Permission",
457
+ "Properties": {
458
+ "Action": "lambda:InvokeFunction",
459
+ "FunctionName": {
460
+ "Fn::GetAtt": [
461
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
462
+ "Arn"
463
+ ]
464
+ },
465
+ "Principal": "apigateway.amazonaws.com",
466
+ "SourceArn": {
467
+ "Fn::Join": [
468
+ "",
469
+ [
470
+ "arn:",
471
+ {
472
+ "Ref": "AWS::Partition"
473
+ },
474
+ ":execute-api:",
475
+ {
476
+ "Ref": "AWS::Region"
477
+ },
478
+ ":",
479
+ {
480
+ "Ref": "AWS::AccountId"
481
+ },
482
+ ":",
483
+ {
484
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
485
+ },
486
+ "/test-invoke-stage/*/*"
487
+ ]
488
+ ]
489
+ }
490
+ }
491
+ },
492
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYAE500A13": {
493
+ "Type": "AWS::ApiGateway::Method",
494
+ "Properties": {
495
+ "AuthorizationType": "CUSTOM",
496
+ "AuthorizerId": {
497
+ "Ref": "cftaplamnoargumentsauthorizerD7B341B1"
498
+ },
499
+ "HttpMethod": "ANY",
500
+ "Integration": {
501
+ "IntegrationHttpMethod": "POST",
502
+ "Type": "AWS_PROXY",
503
+ "Uri": {
504
+ "Fn::Join": [
505
+ "",
506
+ [
507
+ "arn:",
508
+ {
509
+ "Ref": "AWS::Partition"
510
+ },
511
+ ":apigateway:",
512
+ {
513
+ "Ref": "AWS::Region"
514
+ },
515
+ ":lambda:path/2015-03-31/functions/",
516
+ {
517
+ "Fn::GetAtt": [
518
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
519
+ "Arn"
520
+ ]
521
+ },
522
+ "/invocations"
523
+ ]
524
+ ]
525
+ }
526
+ },
527
+ "ResourceId": {
528
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiproxyBC09D86F"
529
+ },
530
+ "RestApiId": {
531
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
532
+ }
533
+ }
534
+ },
535
+ "testcloudfrontapigatewaylambdaLambdaRestApiANYApiPermissioncftaplamnoargumentstestcloudfrontapigatewaylambdaLambdaRestApiF14A7709ANY1BADAD44": {
536
+ "Type": "AWS::Lambda::Permission",
537
+ "Properties": {
538
+ "Action": "lambda:InvokeFunction",
539
+ "FunctionName": {
540
+ "Fn::GetAtt": [
541
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
542
+ "Arn"
543
+ ]
544
+ },
545
+ "Principal": "apigateway.amazonaws.com",
546
+ "SourceArn": {
547
+ "Fn::Join": [
548
+ "",
549
+ [
550
+ "arn:",
551
+ {
552
+ "Ref": "AWS::Partition"
553
+ },
554
+ ":execute-api:",
555
+ {
556
+ "Ref": "AWS::Region"
557
+ },
558
+ ":",
559
+ {
560
+ "Ref": "AWS::AccountId"
561
+ },
562
+ ":",
563
+ {
564
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
565
+ },
566
+ "/",
567
+ {
568
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
569
+ },
570
+ "/*/"
571
+ ]
572
+ ]
573
+ }
574
+ }
575
+ },
576
+ "testcloudfrontapigatewaylambdaLambdaRestApiANYApiPermissionTestcftaplamnoargumentstestcloudfrontapigatewaylambdaLambdaRestApiF14A7709ANYA87D989E": {
577
+ "Type": "AWS::Lambda::Permission",
578
+ "Properties": {
579
+ "Action": "lambda:InvokeFunction",
580
+ "FunctionName": {
581
+ "Fn::GetAtt": [
582
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
583
+ "Arn"
584
+ ]
585
+ },
586
+ "Principal": "apigateway.amazonaws.com",
587
+ "SourceArn": {
588
+ "Fn::Join": [
589
+ "",
590
+ [
591
+ "arn:",
592
+ {
593
+ "Ref": "AWS::Partition"
594
+ },
595
+ ":execute-api:",
596
+ {
597
+ "Ref": "AWS::Region"
598
+ },
599
+ ":",
600
+ {
601
+ "Ref": "AWS::AccountId"
602
+ },
603
+ ":",
604
+ {
605
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
606
+ },
607
+ "/test-invoke-stage/*/"
608
+ ]
609
+ ]
610
+ }
611
+ }
612
+ },
613
+ "testcloudfrontapigatewaylambdaLambdaRestApiANYBC435DFD": {
614
+ "Type": "AWS::ApiGateway::Method",
615
+ "Properties": {
616
+ "AuthorizationType": "CUSTOM",
617
+ "AuthorizerId": {
618
+ "Ref": "cftaplamnoargumentsauthorizerD7B341B1"
619
+ },
620
+ "HttpMethod": "ANY",
621
+ "Integration": {
622
+ "IntegrationHttpMethod": "POST",
623
+ "Type": "AWS_PROXY",
624
+ "Uri": {
625
+ "Fn::Join": [
626
+ "",
627
+ [
628
+ "arn:",
629
+ {
630
+ "Ref": "AWS::Partition"
631
+ },
632
+ ":apigateway:",
633
+ {
634
+ "Ref": "AWS::Region"
635
+ },
636
+ ":lambda:path/2015-03-31/functions/",
637
+ {
638
+ "Fn::GetAtt": [
639
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
640
+ "Arn"
641
+ ]
642
+ },
643
+ "/invocations"
644
+ ]
645
+ ]
646
+ }
647
+ },
648
+ "ResourceId": {
649
+ "Fn::GetAtt": [
650
+ "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44",
651
+ "RootResourceId"
652
+ ]
653
+ },
654
+ "RestApiId": {
655
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
656
+ }
657
+ }
658
+ },
659
+ "testcloudfrontapigatewaylambdaLambdaRestApiUsagePlan59548A66": {
660
+ "Type": "AWS::ApiGateway::UsagePlan",
661
+ "Properties": {
662
+ "ApiStages": [
663
+ {
664
+ "ApiId": {
665
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
666
+ },
667
+ "Stage": {
668
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
669
+ },
670
+ "Throttle": {}
671
+ }
672
+ ]
673
+ }
674
+ },
675
+ "testcloudfrontapigatewaylambdaLambdaRestApiCloudWatchRole7A327F48": {
676
+ "Type": "AWS::IAM::Role",
677
+ "Properties": {
678
+ "AssumeRolePolicyDocument": {
679
+ "Statement": [
680
+ {
681
+ "Action": "sts:AssumeRole",
682
+ "Effect": "Allow",
683
+ "Principal": {
684
+ "Service": "apigateway.amazonaws.com"
685
+ }
686
+ }
687
+ ],
688
+ "Version": "2012-10-17"
689
+ },
690
+ "Policies": [
691
+ {
692
+ "PolicyDocument": {
693
+ "Statement": [
694
+ {
695
+ "Action": [
696
+ "logs:CreateLogGroup",
697
+ "logs:CreateLogStream",
698
+ "logs:DescribeLogGroups",
699
+ "logs:DescribeLogStreams",
700
+ "logs:FilterLogEvents",
701
+ "logs:GetLogEvents",
702
+ "logs:PutLogEvents"
703
+ ],
704
+ "Effect": "Allow",
705
+ "Resource": {
706
+ "Fn::Join": [
707
+ "",
708
+ [
709
+ "arn:",
710
+ {
711
+ "Ref": "AWS::Partition"
712
+ },
713
+ ":logs:",
714
+ {
715
+ "Ref": "AWS::Region"
716
+ },
717
+ ":",
718
+ {
719
+ "Ref": "AWS::AccountId"
720
+ },
721
+ ":*"
722
+ ]
723
+ ]
724
+ }
725
+ }
726
+ ],
727
+ "Version": "2012-10-17"
728
+ },
729
+ "PolicyName": "LambdaRestApiCloudWatchRolePolicy"
730
+ }
731
+ ]
732
+ }
733
+ },
734
+ "testcloudfrontapigatewaylambdaLambdaRestApiAccount1A4578BB": {
735
+ "Type": "AWS::ApiGateway::Account",
736
+ "Properties": {
737
+ "CloudWatchRoleArn": {
738
+ "Fn::GetAtt": [
739
+ "testcloudfrontapigatewaylambdaLambdaRestApiCloudWatchRole7A327F48",
740
+ "Arn"
741
+ ]
742
+ }
743
+ },
744
+ "DependsOn": [
745
+ "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
746
+ ]
747
+ },
748
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A": {
749
+ "Type": "AWS::CloudFront::Function",
750
+ "Properties": {
751
+ "AutoPublish": true,
752
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
753
+ "FunctionConfig": {
754
+ "Comment": "SetHttpSecurityHeadersc87d9e55c0a6a55f893f95e9a700c7ce19634229d0",
755
+ "Runtime": "cloudfront-js-1.0"
756
+ },
757
+ "Name": "SetHttpSecurityHeadersc87d9e55c0a6a55f893f95e9a700c7ce19634229d0"
758
+ }
759
+ },
760
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57": {
761
+ "Type": "AWS::S3::Bucket",
762
+ "Properties": {
763
+ "BucketEncryption": {
764
+ "ServerSideEncryptionConfiguration": [
765
+ {
766
+ "ServerSideEncryptionByDefault": {
767
+ "SSEAlgorithm": "AES256"
768
+ }
769
+ }
770
+ ]
771
+ },
772
+ "OwnershipControls": {
773
+ "Rules": [
774
+ {
775
+ "ObjectOwnership": "ObjectWriter"
776
+ }
777
+ ]
778
+ },
779
+ "PublicAccessBlockConfiguration": {
780
+ "BlockPublicAcls": true,
781
+ "BlockPublicPolicy": true,
782
+ "IgnorePublicAcls": true,
783
+ "RestrictPublicBuckets": true
784
+ },
785
+ "Tags": [
786
+ {
787
+ "Key": "aws-cdk:auto-delete-objects",
788
+ "Value": "true"
789
+ }
790
+ ],
791
+ "VersioningConfiguration": {
792
+ "Status": "Enabled"
793
+ }
794
+ },
795
+ "UpdateReplacePolicy": "Delete",
796
+ "DeletionPolicy": "Delete",
797
+ "Metadata": {
798
+ "cfn_nag": {
799
+ "rules_to_suppress": [
800
+ {
801
+ "id": "W35",
802
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
803
+ }
804
+ ]
805
+ }
806
+ }
807
+ },
808
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLogPolicy521355D8": {
809
+ "Type": "AWS::S3::BucketPolicy",
810
+ "Properties": {
811
+ "Bucket": {
812
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57"
813
+ },
814
+ "PolicyDocument": {
815
+ "Statement": [
816
+ {
817
+ "Action": "s3:*",
818
+ "Condition": {
819
+ "Bool": {
820
+ "aws:SecureTransport": "false"
821
+ }
822
+ },
823
+ "Effect": "Deny",
824
+ "Principal": {
825
+ "AWS": "*"
826
+ },
827
+ "Resource": [
828
+ {
829
+ "Fn::GetAtt": [
830
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57",
831
+ "Arn"
832
+ ]
833
+ },
834
+ {
835
+ "Fn::Join": [
836
+ "",
837
+ [
838
+ {
839
+ "Fn::GetAtt": [
840
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57",
841
+ "Arn"
842
+ ]
843
+ },
844
+ "/*"
845
+ ]
846
+ ]
847
+ }
848
+ ]
849
+ },
850
+ {
851
+ "Action": [
852
+ "s3:DeleteObject*",
853
+ "s3:GetBucket*",
854
+ "s3:List*",
855
+ "s3:PutBucketPolicy"
856
+ ],
857
+ "Effect": "Allow",
858
+ "Principal": {
859
+ "AWS": {
860
+ "Fn::GetAtt": [
861
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
862
+ "Arn"
863
+ ]
864
+ }
865
+ },
866
+ "Resource": [
867
+ {
868
+ "Fn::GetAtt": [
869
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57",
870
+ "Arn"
871
+ ]
872
+ },
873
+ {
874
+ "Fn::Join": [
875
+ "",
876
+ [
877
+ {
878
+ "Fn::GetAtt": [
879
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57",
880
+ "Arn"
881
+ ]
882
+ },
883
+ "/*"
884
+ ]
885
+ ]
886
+ }
887
+ ]
888
+ },
889
+ {
890
+ "Action": "s3:PutObject",
891
+ "Condition": {
892
+ "ArnLike": {
893
+ "aws:SourceArn": {
894
+ "Fn::GetAtt": [
895
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
896
+ "Arn"
897
+ ]
898
+ }
899
+ },
900
+ "StringEquals": {
901
+ "aws:SourceAccount": {
902
+ "Ref": "AWS::AccountId"
903
+ }
904
+ }
905
+ },
906
+ "Effect": "Allow",
907
+ "Principal": {
908
+ "Service": "logging.s3.amazonaws.com"
909
+ },
910
+ "Resource": {
911
+ "Fn::Join": [
912
+ "",
913
+ [
914
+ {
915
+ "Fn::GetAtt": [
916
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57",
917
+ "Arn"
918
+ ]
919
+ },
920
+ "/*"
921
+ ]
922
+ ]
923
+ }
924
+ }
925
+ ],
926
+ "Version": "2012-10-17"
927
+ }
928
+ }
929
+ },
930
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource2395E2A2": {
931
+ "Type": "Custom::S3AutoDeleteObjects",
932
+ "Properties": {
933
+ "ServiceToken": {
934
+ "Fn::GetAtt": [
935
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
936
+ "Arn"
937
+ ]
938
+ },
939
+ "BucketName": {
940
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57"
941
+ }
942
+ },
943
+ "DependsOn": [
944
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLogPolicy521355D8"
945
+ ],
946
+ "UpdateReplacePolicy": "Delete",
947
+ "DeletionPolicy": "Delete"
948
+ },
949
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421": {
950
+ "Type": "AWS::S3::Bucket",
951
+ "Properties": {
952
+ "AccessControl": "LogDeliveryWrite",
953
+ "BucketEncryption": {
954
+ "ServerSideEncryptionConfiguration": [
955
+ {
956
+ "ServerSideEncryptionByDefault": {
957
+ "SSEAlgorithm": "AES256"
958
+ }
959
+ }
960
+ ]
961
+ },
962
+ "LoggingConfiguration": {
963
+ "DestinationBucketName": {
964
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57"
965
+ }
966
+ },
967
+ "OwnershipControls": {
968
+ "Rules": [
969
+ {
970
+ "ObjectOwnership": "ObjectWriter"
971
+ }
972
+ ]
973
+ },
974
+ "PublicAccessBlockConfiguration": {
975
+ "BlockPublicAcls": true,
976
+ "BlockPublicPolicy": true,
977
+ "IgnorePublicAcls": true,
978
+ "RestrictPublicBuckets": true
979
+ },
980
+ "Tags": [
981
+ {
982
+ "Key": "aws-cdk:auto-delete-objects",
983
+ "Value": "true"
984
+ }
985
+ ],
986
+ "VersioningConfiguration": {
987
+ "Status": "Enabled"
988
+ }
989
+ },
990
+ "UpdateReplacePolicy": "Delete",
991
+ "DeletionPolicy": "Delete"
992
+ },
993
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketPolicy4A551B79": {
994
+ "Type": "AWS::S3::BucketPolicy",
995
+ "Properties": {
996
+ "Bucket": {
997
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421"
998
+ },
999
+ "PolicyDocument": {
1000
+ "Statement": [
1001
+ {
1002
+ "Action": "s3:*",
1003
+ "Condition": {
1004
+ "Bool": {
1005
+ "aws:SecureTransport": "false"
1006
+ }
1007
+ },
1008
+ "Effect": "Deny",
1009
+ "Principal": {
1010
+ "AWS": "*"
1011
+ },
1012
+ "Resource": [
1013
+ {
1014
+ "Fn::GetAtt": [
1015
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
1016
+ "Arn"
1017
+ ]
1018
+ },
1019
+ {
1020
+ "Fn::Join": [
1021
+ "",
1022
+ [
1023
+ {
1024
+ "Fn::GetAtt": [
1025
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
1026
+ "Arn"
1027
+ ]
1028
+ },
1029
+ "/*"
1030
+ ]
1031
+ ]
1032
+ }
1033
+ ]
1034
+ },
1035
+ {
1036
+ "Action": [
1037
+ "s3:DeleteObject*",
1038
+ "s3:GetBucket*",
1039
+ "s3:List*",
1040
+ "s3:PutBucketPolicy"
1041
+ ],
1042
+ "Effect": "Allow",
1043
+ "Principal": {
1044
+ "AWS": {
1045
+ "Fn::GetAtt": [
1046
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
1047
+ "Arn"
1048
+ ]
1049
+ }
1050
+ },
1051
+ "Resource": [
1052
+ {
1053
+ "Fn::GetAtt": [
1054
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
1055
+ "Arn"
1056
+ ]
1057
+ },
1058
+ {
1059
+ "Fn::Join": [
1060
+ "",
1061
+ [
1062
+ {
1063
+ "Fn::GetAtt": [
1064
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
1065
+ "Arn"
1066
+ ]
1067
+ },
1068
+ "/*"
1069
+ ]
1070
+ ]
1071
+ }
1072
+ ]
1073
+ }
1074
+ ],
1075
+ "Version": "2012-10-17"
1076
+ }
1077
+ }
1078
+ },
1079
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAutoDeleteObjectsCustomResourceD4126D01": {
1080
+ "Type": "Custom::S3AutoDeleteObjects",
1081
+ "Properties": {
1082
+ "ServiceToken": {
1083
+ "Fn::GetAtt": [
1084
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
1085
+ "Arn"
1086
+ ]
1087
+ },
1088
+ "BucketName": {
1089
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421"
1090
+ }
1091
+ },
1092
+ "DependsOn": [
1093
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketPolicy4A551B79"
1094
+ ],
1095
+ "UpdateReplacePolicy": "Delete",
1096
+ "DeletionPolicy": "Delete"
1097
+ },
1098
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudFrontDistribution0AFC98FC": {
1099
+ "Type": "AWS::CloudFront::Distribution",
1100
+ "Properties": {
1101
+ "DistributionConfig": {
1102
+ "DefaultCacheBehavior": {
1103
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
1104
+ "Compress": true,
1105
+ "FunctionAssociations": [
1106
+ {
1107
+ "EventType": "viewer-response",
1108
+ "FunctionARN": {
1109
+ "Fn::GetAtt": [
1110
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A",
1111
+ "FunctionARN"
1112
+ ]
1113
+ }
1114
+ }
1115
+ ],
1116
+ "TargetOriginId": "cftaplamnoargumentstestcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudFrontDistributionOrigin14C55B0B8",
1117
+ "ViewerProtocolPolicy": "redirect-to-https"
1118
+ },
1119
+ "Enabled": true,
1120
+ "HttpVersion": "http2",
1121
+ "IPV6Enabled": true,
1122
+ "Logging": {
1123
+ "Bucket": {
1124
+ "Fn::GetAtt": [
1125
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
1126
+ "RegionalDomainName"
1127
+ ]
1128
+ }
1129
+ },
1130
+ "Origins": [
1131
+ {
1132
+ "CustomOriginConfig": {
1133
+ "OriginProtocolPolicy": "https-only",
1134
+ "OriginSSLProtocols": [
1135
+ "TLSv1.2"
1136
+ ]
1137
+ },
1138
+ "DomainName": {
1139
+ "Fn::Select": [
1140
+ 0,
1141
+ {
1142
+ "Fn::Split": [
1143
+ "/",
1144
+ {
1145
+ "Fn::Select": [
1146
+ 1,
1147
+ {
1148
+ "Fn::Split": [
1149
+ "://",
1150
+ {
1151
+ "Fn::Join": [
1152
+ "",
1153
+ [
1154
+ "https://",
1155
+ {
1156
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
1157
+ },
1158
+ ".execute-api.",
1159
+ {
1160
+ "Ref": "AWS::Region"
1161
+ },
1162
+ ".",
1163
+ {
1164
+ "Ref": "AWS::URLSuffix"
1165
+ },
1166
+ "/",
1167
+ {
1168
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
1169
+ },
1170
+ "/"
1171
+ ]
1172
+ ]
1173
+ }
1174
+ ]
1175
+ }
1176
+ ]
1177
+ }
1178
+ ]
1179
+ }
1180
+ ]
1181
+ },
1182
+ "Id": "cftaplamnoargumentstestcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudFrontDistributionOrigin14C55B0B8",
1183
+ "OriginPath": {
1184
+ "Fn::Join": [
1185
+ "",
1186
+ [
1187
+ "/",
1188
+ {
1189
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
1190
+ }
1191
+ ]
1192
+ ]
1193
+ }
1194
+ }
1195
+ ]
1196
+ }
1197
+ },
1198
+ "Metadata": {
1199
+ "cfn_nag": {
1200
+ "rules_to_suppress": [
1201
+ {
1202
+ "id": "W70",
1203
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
1204
+ }
1205
+ ]
1206
+ }
1207
+ }
1208
+ },
1209
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
1210
+ "Type": "AWS::IAM::Role",
1211
+ "Properties": {
1212
+ "AssumeRolePolicyDocument": {
1213
+ "Version": "2012-10-17",
1214
+ "Statement": [
1215
+ {
1216
+ "Action": "sts:AssumeRole",
1217
+ "Effect": "Allow",
1218
+ "Principal": {
1219
+ "Service": "lambda.amazonaws.com"
1220
+ }
1221
+ }
1222
+ ]
1223
+ },
1224
+ "ManagedPolicyArns": [
1225
+ {
1226
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1227
+ }
1228
+ ]
1229
+ }
1230
+ },
1231
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
1232
+ "Type": "AWS::Lambda::Function",
1233
+ "Properties": {
1234
+ "Code": {
1235
+ "S3Bucket": {
1236
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1237
+ },
1238
+ "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
1239
+ },
1240
+ "Timeout": 900,
1241
+ "MemorySize": 128,
1242
+ "Handler": "index.handler",
1243
+ "Role": {
1244
+ "Fn::GetAtt": [
1245
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
1246
+ "Arn"
1247
+ ]
1248
+ },
1249
+ "Runtime": "nodejs18.x",
1250
+ "Description": {
1251
+ "Fn::Join": [
1252
+ "",
1253
+ [
1254
+ "Lambda function for auto-deleting objects in ",
1255
+ {
1256
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57"
1257
+ },
1258
+ " S3 bucket."
1259
+ ]
1260
+ ]
1261
+ }
1262
+ },
1263
+ "DependsOn": [
1264
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
1265
+ ],
1266
+ "Metadata": {
1267
+ "cfn_nag": {
1268
+ "rules_to_suppress": [
1269
+ {
1270
+ "id": "W58",
1271
+ "reason": "CDK generated custom resource"
1272
+ },
1273
+ {
1274
+ "id": "W89",
1275
+ "reason": "CDK generated custom resource"
1276
+ },
1277
+ {
1278
+ "id": "W92",
1279
+ "reason": "CDK generated custom resource"
1280
+ }
1281
+ ]
1282
+ }
1283
+ }
1284
+ }
1285
+ },
1286
+ "Outputs": {
1287
+ "testcloudfrontapigatewaylambdaLambdaRestApiEndpoint83FD8F0F": {
1288
+ "Value": {
1289
+ "Fn::Join": [
1290
+ "",
1291
+ [
1292
+ "https://",
1293
+ {
1294
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
1295
+ },
1296
+ ".execute-api.",
1297
+ {
1298
+ "Ref": "AWS::Region"
1299
+ },
1300
+ ".",
1301
+ {
1302
+ "Ref": "AWS::URLSuffix"
1303
+ },
1304
+ "/",
1305
+ {
1306
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
1307
+ },
1308
+ "/"
1309
+ ]
1310
+ ]
1311
+ }
1312
+ }
1313
+ },
1314
+ "Parameters": {
1315
+ "BootstrapVersion": {
1316
+ "Type": "AWS::SSM::Parameter::Value<String>",
1317
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1318
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1319
+ }
1320
+ },
1321
+ "Rules": {
1322
+ "CheckBootstrapVersion": {
1323
+ "Assertions": [
1324
+ {
1325
+ "Assert": {
1326
+ "Fn::Not": [
1327
+ {
1328
+ "Fn::Contains": [
1329
+ [
1330
+ "1",
1331
+ "2",
1332
+ "3",
1333
+ "4",
1334
+ "5"
1335
+ ],
1336
+ {
1337
+ "Ref": "BootstrapVersion"
1338
+ }
1339
+ ]
1340
+ }
1341
+ ]
1342
+ },
1343
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1344
+ }
1345
+ ]
1346
+ }
1347
+ }
1348
+ }