@aws-solutions-constructs/aws-cloudfront-apigateway-lambda 2.79.0 → 2.80.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/.jsii +37 -58
  2. package/lib/index.d.ts +7 -0
  3. package/lib/index.js +4 -3
  4. package/package.json +8 -8
  5. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/asset.3a18fd3de4803f72260a058823accffd4f8d69986c6862a23cd86265f6cafa0f/index.js +23 -0
  6. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cdk.out +1 -1
  7. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplam-customCloudfrontLoggingBucket.assets.json +6 -6
  8. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplam-customCloudfrontLoggingBucket.template.json +6 -6
  9. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/cftaplamcustomCloudfrontLoggingBucketIntegDefaultTestDeployAssert35A683E0.assets.json +1 -1
  10. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/integ.json +1 -1
  11. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/manifest.json +421 -2
  12. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/tree.json +371 -82
  13. package/test/integ.cftaplam-no-arguments.js.snapshot/asset.3a18fd3de4803f72260a058823accffd4f8d69986c6862a23cd86265f6cafa0f/index.js +23 -0
  14. package/test/integ.cftaplam-no-arguments.js.snapshot/cdk.out +1 -1
  15. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplam-no-arguments.assets.json +6 -6
  16. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplam-no-arguments.template.json +6 -6
  17. package/test/integ.cftaplam-no-arguments.js.snapshot/cftaplamnoargumentsIntegDefaultTestDeployAssertACC32F59.assets.json +1 -1
  18. package/test/integ.cftaplam-no-arguments.js.snapshot/integ.json +1 -1
  19. package/test/integ.cftaplam-no-arguments.js.snapshot/manifest.json +421 -2
  20. package/test/integ.cftaplam-no-arguments.js.snapshot/tree.json +371 -82
  21. package/test/integ.cftaplam-no-usage-plan.d.ts +13 -0
  22. package/test/integ.cftaplam-no-usage-plan.js +50 -0
  23. package/test/integ.cftaplam-no-usage-plan.js.snapshot/asset.3a18fd3de4803f72260a058823accffd4f8d69986c6862a23cd86265f6cafa0f/index.js +23 -0
  24. package/test/integ.cftaplam-no-usage-plan.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  25. package/test/integ.cftaplam-no-usage-plan.js.snapshot/cdk.out +1 -0
  26. package/test/integ.cftaplam-no-usage-plan.js.snapshot/cftaplam-no-usage-plan.assets.json +45 -0
  27. package/test/integ.cftaplam-no-usage-plan.js.snapshot/cftaplam-no-usage-plan.template.json +1414 -0
  28. package/test/integ.cftaplam-no-usage-plan.js.snapshot/cftaplamnousageplanIntegDefaultTestDeployAssertABA4F4C5.assets.json +19 -0
  29. package/test/integ.cftaplam-no-usage-plan.js.snapshot/cftaplamnousageplanIntegDefaultTestDeployAssertABA4F4C5.template.json +36 -0
  30. package/test/integ.cftaplam-no-usage-plan.js.snapshot/integ.json +12 -0
  31. package/test/integ.cftaplam-no-usage-plan.js.snapshot/manifest.json +701 -0
  32. package/test/integ.cftaplam-no-usage-plan.js.snapshot/tree.json +1959 -0
  33. package/test/integ.cftaplam-override-behavior.js.snapshot/asset.3a18fd3de4803f72260a058823accffd4f8d69986c6862a23cd86265f6cafa0f/index.js +23 -0
  34. package/test/integ.cftaplam-override-behavior.js.snapshot/cdk.out +1 -1
  35. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplam-override-behavior.assets.json +6 -6
  36. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplam-override-behavior.template.json +6 -6
  37. package/test/integ.cftaplam-override-behavior.js.snapshot/cftaplamoverridebehaviorIntegDefaultTestDeployAssert3DC30427.assets.json +1 -1
  38. package/test/integ.cftaplam-override-behavior.js.snapshot/integ.json +1 -1
  39. package/test/integ.cftaplam-override-behavior.js.snapshot/manifest.json +460 -2
  40. package/test/integ.cftaplam-override-behavior.js.snapshot/tree.json +407 -87
  41. package/test/test.cloudfront-apigateway-lambda.test.js +42 -1
  42. package/test/integ.cftaplam-customCloudfrontLoggingBucket.js.snapshot/asset.42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c/index.js +0 -10
  43. package/test/integ.cftaplam-no-arguments.js.snapshot/asset.42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c/index.js +0 -10
  44. package/test/integ.cftaplam-override-behavior.js.snapshot/asset.42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c/index.js +0 -10
package/test/integ.cftaplam-no-usage-plan.js.snapshot/cftaplam-no-usage-plan.template.json ADDED
@@ -0,0 +1,1414 @@
1
+ {
2
+ "Description": "Integration Test for aws-cloudfront-apigateway-lambda",
3
+ "Resources": {
4
+ "cftaplamnousageplanauthorizerAuthFunctionServiceRoleD960FE23": {
5
+ "Type": "AWS::IAM::Role",
6
+ "Properties": {
7
+ "AssumeRolePolicyDocument": {
8
+ "Statement": [
9
+ {
10
+ "Action": "sts:AssumeRole",
11
+ "Effect": "Allow",
12
+ "Principal": {
13
+ "Service": "lambda.amazonaws.com"
14
+ }
15
+ }
16
+ ],
17
+ "Version": "2012-10-17"
18
+ },
19
+ "ManagedPolicyArns": [
20
+ {
21
+ "Fn::Join": [
22
+ "",
23
+ [
24
+ "arn:",
25
+ {
26
+ "Ref": "AWS::Partition"
27
+ },
28
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
29
+ ]
30
+ ]
31
+ }
32
+ ]
33
+ }
34
+ },
35
+ "cftaplamnousageplanauthorizerAuthFunctionC756EB1A": {
36
+ "Type": "AWS::Lambda::Function",
37
+ "Properties": {
38
+ "Code": {
39
+ "S3Bucket": {
40
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
41
+ },
42
+ "S3Key": "3a18fd3de4803f72260a058823accffd4f8d69986c6862a23cd86265f6cafa0f.zip"
43
+ },
44
+ "Handler": ".handler",
45
+ "Role": {
46
+ "Fn::GetAtt": [
47
+ "cftaplamnousageplanauthorizerAuthFunctionServiceRoleD960FE23",
48
+ "Arn"
49
+ ]
50
+ },
51
+ "Runtime": "nodejs20.x"
52
+ },
53
+ "DependsOn": [
54
+ "cftaplamnousageplanauthorizerAuthFunctionServiceRoleD960FE23"
55
+ ],
56
+ "Metadata": {
57
+ "cfn_nag": {
58
+ "rules_to_suppress": [
59
+ {
60
+ "id": "W58",
61
+ "reason": "Test Resource"
62
+ },
63
+ {
64
+ "id": "W89",
65
+ "reason": "Test Resource"
66
+ },
67
+ {
68
+ "id": "W92",
69
+ "reason": "Test Resource"
70
+ }
71
+ ]
72
+ }
73
+ }
74
+ },
75
+ "cftaplamnousageplanauthorizerAuthFunctioncftaplamnousageplancftaplamnousageplanauthorizerB8C63521Permissions5697B0FF": {
76
+ "Type": "AWS::Lambda::Permission",
77
+ "Properties": {
78
+ "Action": "lambda:InvokeFunction",
79
+ "FunctionName": {
80
+ "Fn::GetAtt": [
81
+ "cftaplamnousageplanauthorizerAuthFunctionC756EB1A",
82
+ "Arn"
83
+ ]
84
+ },
85
+ "Principal": "apigateway.amazonaws.com",
86
+ "SourceArn": {
87
+ "Fn::Join": [
88
+ "",
89
+ [
90
+ "arn:",
91
+ {
92
+ "Ref": "AWS::Partition"
93
+ },
94
+ ":execute-api:",
95
+ {
96
+ "Ref": "AWS::Region"
97
+ },
98
+ ":",
99
+ {
100
+ "Ref": "AWS::AccountId"
101
+ },
102
+ ":",
103
+ {
104
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
105
+ },
106
+ "/authorizers/",
107
+ {
108
+ "Ref": "cftaplamnousageplanauthorizerB177A4F9"
109
+ }
110
+ ]
111
+ ]
112
+ }
113
+ }
114
+ },
115
+ "cftaplamnousageplanauthorizerB177A4F9": {
116
+ "Type": "AWS::ApiGateway::Authorizer",
117
+ "Properties": {
118
+ "AuthorizerResultTtlInSeconds": 300,
119
+ "AuthorizerUri": {
120
+ "Fn::Join": [
121
+ "",
122
+ [
123
+ "arn:",
124
+ {
125
+ "Fn::Select": [
126
+ 1,
127
+ {
128
+ "Fn::Split": [
129
+ ":",
130
+ {
131
+ "Fn::GetAtt": [
132
+ "cftaplamnousageplanauthorizerAuthFunctionC756EB1A",
133
+ "Arn"
134
+ ]
135
+ }
136
+ ]
137
+ }
138
+ ]
139
+ },
140
+ ":apigateway:",
141
+ {
142
+ "Fn::Select": [
143
+ 3,
144
+ {
145
+ "Fn::Split": [
146
+ ":",
147
+ {
148
+ "Fn::GetAtt": [
149
+ "cftaplamnousageplanauthorizerAuthFunctionC756EB1A",
150
+ "Arn"
151
+ ]
152
+ }
153
+ ]
154
+ }
155
+ ]
156
+ },
157
+ ":lambda:path/2015-03-31/functions/",
158
+ {
159
+ "Fn::GetAtt": [
160
+ "cftaplamnousageplanauthorizerAuthFunctionC756EB1A",
161
+ "Arn"
162
+ ]
163
+ },
164
+ "/invocations"
165
+ ]
166
+ ]
167
+ },
168
+ "IdentitySource": "method.request.header.Authorization",
169
+ "Name": "cftaplamnousageplancftaplamnousageplanauthorizerB8C63521",
170
+ "RestApiId": {
171
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
172
+ },
173
+ "Type": "REQUEST"
174
+ }
175
+ },
176
+ "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F": {
177
+ "Type": "AWS::IAM::Role",
178
+ "Properties": {
179
+ "AssumeRolePolicyDocument": {
180
+ "Statement": [
181
+ {
182
+ "Action": "sts:AssumeRole",
183
+ "Effect": "Allow",
184
+ "Principal": {
185
+ "Service": "lambda.amazonaws.com"
186
+ }
187
+ }
188
+ ],
189
+ "Version": "2012-10-17"
190
+ },
191
+ "Policies": [
192
+ {
193
+ "PolicyDocument": {
194
+ "Statement": [
195
+ {
196
+ "Action": [
197
+ "logs:CreateLogGroup",
198
+ "logs:CreateLogStream",
199
+ "logs:PutLogEvents"
200
+ ],
201
+ "Effect": "Allow",
202
+ "Resource": {
203
+ "Fn::Join": [
204
+ "",
205
+ [
206
+ "arn:",
207
+ {
208
+ "Ref": "AWS::Partition"
209
+ },
210
+ ":logs:",
211
+ {
212
+ "Ref": "AWS::Region"
213
+ },
214
+ ":",
215
+ {
216
+ "Ref": "AWS::AccountId"
217
+ },
218
+ ":log-group:/aws/lambda/*"
219
+ ]
220
+ ]
221
+ }
222
+ }
223
+ ],
224
+ "Version": "2012-10-17"
225
+ },
226
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
227
+ }
228
+ ]
229
+ },
230
+ "Metadata": {
231
+ "guard": {
232
+ "SuppressedRules": [
233
+ "IAM_NO_INLINE_POLICY_CHECK"
234
+ ]
235
+ }
236
+ }
237
+ },
238
+ "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB": {
239
+ "Type": "AWS::IAM::Policy",
240
+ "Properties": {
241
+ "PolicyDocument": {
242
+ "Statement": [
243
+ {
244
+ "Action": [
245
+ "xray:PutTelemetryRecords",
246
+ "xray:PutTraceSegments"
247
+ ],
248
+ "Effect": "Allow",
249
+ "Resource": "*"
250
+ }
251
+ ],
252
+ "Version": "2012-10-17"
253
+ },
254
+ "PolicyName": "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB",
255
+ "Roles": [
256
+ {
257
+ "Ref": "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F"
258
+ }
259
+ ]
260
+ },
261
+ "Metadata": {
262
+ "cfn_nag": {
263
+ "rules_to_suppress": [
264
+ {
265
+ "id": "W12",
266
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
267
+ }
268
+ ]
269
+ }
270
+ }
271
+ },
272
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65": {
273
+ "Type": "AWS::Lambda::Function",
274
+ "Properties": {
275
+ "Code": {
276
+ "S3Bucket": {
277
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
278
+ },
279
+ "S3Key": "3a18fd3de4803f72260a058823accffd4f8d69986c6862a23cd86265f6cafa0f.zip"
280
+ },
281
+ "Environment": {
282
+ "Variables": {
283
+ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
284
+ }
285
+ },
286
+ "Handler": "index.handler",
287
+ "Role": {
288
+ "Fn::GetAtt": [
289
+ "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F",
290
+ "Arn"
291
+ ]
292
+ },
293
+ "Runtime": "nodejs20.x",
294
+ "TracingConfig": {
295
+ "Mode": "Active"
296
+ }
297
+ },
298
+ "DependsOn": [
299
+ "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB",
300
+ "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F"
301
+ ],
302
+ "Metadata": {
303
+ "cfn_nag": {
304
+ "rules_to_suppress": [
305
+ {
306
+ "id": "W58",
307
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
308
+ },
309
+ {
310
+ "id": "W89",
311
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
312
+ },
313
+ {
314
+ "id": "W92",
315
+ "reason": "Impossible for us to define the correct concurrency for clients"
316
+ }
317
+ ]
318
+ }
319
+ }
320
+ },
321
+ "testcloudfrontapigatewaylambdaApiAccessLogGroup97EB2E40": {
322
+ "Type": "AWS::Logs::LogGroup",
323
+ "UpdateReplacePolicy": "Retain",
324
+ "DeletionPolicy": "Retain",
325
+ "Metadata": {
326
+ "cfn_nag": {
327
+ "rules_to_suppress": [
328
+ {
329
+ "id": "W86",
330
+ "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely"
331
+ },
332
+ {
333
+ "id": "W84",
334
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
335
+ }
336
+ ]
337
+ }
338
+ }
339
+ },
340
+ "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44": {
341
+ "Type": "AWS::ApiGateway::RestApi",
342
+ "Properties": {
343
+ "EndpointConfiguration": {
344
+ "Types": [
345
+ "REGIONAL"
346
+ ]
347
+ },
348
+ "Name": "LambdaRestApi"
349
+ }
350
+ },
351
+ "testcloudfrontapigatewaylambdaLambdaRestApiDeployment0C4661C0d9c4123459f0cf4d3f3c0bde215f7fe1": {
352
+ "Type": "AWS::ApiGateway::Deployment",
353
+ "Properties": {
354
+ "Description": "Automatically created by the RestApi construct",
355
+ "RestApiId": {
356
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
357
+ }
358
+ },
359
+ "DependsOn": [
360
+ "cftaplamnousageplanauthorizerB177A4F9",
361
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYAE500A13",
362
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyBC09D86F",
363
+ "testcloudfrontapigatewaylambdaLambdaRestApiANYBC435DFD"
364
+ ],
365
+ "Metadata": {
366
+ "cfn_nag": {
367
+ "rules_to_suppress": [
368
+ {
369
+ "id": "W45",
370
+ "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checks for it in AWS::ApiGateway::Deployment resource"
371
+ }
372
+ ]
373
+ }
374
+ }
375
+ },
376
+ "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7": {
377
+ "Type": "AWS::ApiGateway::Stage",
378
+ "Properties": {
379
+ "AccessLogSetting": {
380
+ "DestinationArn": {
381
+ "Fn::GetAtt": [
382
+ "testcloudfrontapigatewaylambdaApiAccessLogGroup97EB2E40",
383
+ "Arn"
384
+ ]
385
+ },
386
+ "Format": "{\"requestId\":\"$context.requestId\",\"ip\":\"$context.identity.sourceIp\",\"user\":\"$context.identity.user\",\"caller\":\"$context.identity.caller\",\"requestTime\":\"$context.requestTime\",\"httpMethod\":\"$context.httpMethod\",\"resourcePath\":\"$context.resourcePath\",\"status\":\"$context.status\",\"protocol\":\"$context.protocol\",\"responseLength\":\"$context.responseLength\"}"
387
+ },
388
+ "DeploymentId": {
389
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeployment0C4661C0d9c4123459f0cf4d3f3c0bde215f7fe1"
390
+ },
391
+ "MethodSettings": [
392
+ {
393
+ "DataTraceEnabled": false,
394
+ "HttpMethod": "*",
395
+ "LoggingLevel": "INFO",
396
+ "ResourcePath": "/*"
397
+ }
398
+ ],
399
+ "RestApiId": {
400
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
401
+ },
402
+ "StageName": "prod",
403
+ "TracingEnabled": true
404
+ },
405
+ "Metadata": {
406
+ "guard": {
407
+ "SuppressedRules": [
408
+ "API_GW_CACHE_ENABLED_AND_ENCRYPTED"
409
+ ]
410
+ }
411
+ }
412
+ },
413
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyBC09D86F": {
414
+ "Type": "AWS::ApiGateway::Resource",
415
+ "Properties": {
416
+ "ParentId": {
417
+ "Fn::GetAtt": [
418
+ "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44",
419
+ "RootResourceId"
420
+ ]
421
+ },
422
+ "PathPart": "{proxy+}",
423
+ "RestApiId": {
424
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
425
+ }
426
+ }
427
+ },
428
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYApiPermissioncftaplamnousageplantestcloudfrontapigatewaylambdaLambdaRestApiB0E151E3ANYproxyAA0B8F51": {
429
+ "Type": "AWS::Lambda::Permission",
430
+ "Properties": {
431
+ "Action": "lambda:InvokeFunction",
432
+ "FunctionName": {
433
+ "Fn::GetAtt": [
434
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
435
+ "Arn"
436
+ ]
437
+ },
438
+ "Principal": "apigateway.amazonaws.com",
439
+ "SourceArn": {
440
+ "Fn::Join": [
441
+ "",
442
+ [
443
+ "arn:",
444
+ {
445
+ "Ref": "AWS::Partition"
446
+ },
447
+ ":execute-api:",
448
+ {
449
+ "Ref": "AWS::Region"
450
+ },
451
+ ":",
452
+ {
453
+ "Ref": "AWS::AccountId"
454
+ },
455
+ ":",
456
+ {
457
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
458
+ },
459
+ "/",
460
+ {
461
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
462
+ },
463
+ "/*/*"
464
+ ]
465
+ ]
466
+ }
467
+ }
468
+ },
469
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYApiPermissionTestcftaplamnousageplantestcloudfrontapigatewaylambdaLambdaRestApiB0E151E3ANYproxy80E1CD41": {
470
+ "Type": "AWS::Lambda::Permission",
471
+ "Properties": {
472
+ "Action": "lambda:InvokeFunction",
473
+ "FunctionName": {
474
+ "Fn::GetAtt": [
475
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
476
+ "Arn"
477
+ ]
478
+ },
479
+ "Principal": "apigateway.amazonaws.com",
480
+ "SourceArn": {
481
+ "Fn::Join": [
482
+ "",
483
+ [
484
+ "arn:",
485
+ {
486
+ "Ref": "AWS::Partition"
487
+ },
488
+ ":execute-api:",
489
+ {
490
+ "Ref": "AWS::Region"
491
+ },
492
+ ":",
493
+ {
494
+ "Ref": "AWS::AccountId"
495
+ },
496
+ ":",
497
+ {
498
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
499
+ },
500
+ "/test-invoke-stage/*/*"
501
+ ]
502
+ ]
503
+ }
504
+ }
505
+ },
506
+ "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYAE500A13": {
507
+ "Type": "AWS::ApiGateway::Method",
508
+ "Properties": {
509
+ "AuthorizationType": "CUSTOM",
510
+ "AuthorizerId": {
511
+ "Ref": "cftaplamnousageplanauthorizerB177A4F9"
512
+ },
513
+ "HttpMethod": "ANY",
514
+ "Integration": {
515
+ "IntegrationHttpMethod": "POST",
516
+ "Type": "AWS_PROXY",
517
+ "Uri": {
518
+ "Fn::Join": [
519
+ "",
520
+ [
521
+ "arn:",
522
+ {
523
+ "Ref": "AWS::Partition"
524
+ },
525
+ ":apigateway:",
526
+ {
527
+ "Ref": "AWS::Region"
528
+ },
529
+ ":lambda:path/2015-03-31/functions/",
530
+ {
531
+ "Fn::GetAtt": [
532
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
533
+ "Arn"
534
+ ]
535
+ },
536
+ "/invocations"
537
+ ]
538
+ ]
539
+ }
540
+ },
541
+ "ResourceId": {
542
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiproxyBC09D86F"
543
+ },
544
+ "RestApiId": {
545
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
546
+ }
547
+ }
548
+ },
549
+ "testcloudfrontapigatewaylambdaLambdaRestApiANYApiPermissioncftaplamnousageplantestcloudfrontapigatewaylambdaLambdaRestApiB0E151E3ANY1F699A3F": {
550
+ "Type": "AWS::Lambda::Permission",
551
+ "Properties": {
552
+ "Action": "lambda:InvokeFunction",
553
+ "FunctionName": {
554
+ "Fn::GetAtt": [
555
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
556
+ "Arn"
557
+ ]
558
+ },
559
+ "Principal": "apigateway.amazonaws.com",
560
+ "SourceArn": {
561
+ "Fn::Join": [
562
+ "",
563
+ [
564
+ "arn:",
565
+ {
566
+ "Ref": "AWS::Partition"
567
+ },
568
+ ":execute-api:",
569
+ {
570
+ "Ref": "AWS::Region"
571
+ },
572
+ ":",
573
+ {
574
+ "Ref": "AWS::AccountId"
575
+ },
576
+ ":",
577
+ {
578
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
579
+ },
580
+ "/",
581
+ {
582
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
583
+ },
584
+ "/*/"
585
+ ]
586
+ ]
587
+ }
588
+ }
589
+ },
590
+ "testcloudfrontapigatewaylambdaLambdaRestApiANYApiPermissionTestcftaplamnousageplantestcloudfrontapigatewaylambdaLambdaRestApiB0E151E3ANY6015C6F7": {
591
+ "Type": "AWS::Lambda::Permission",
592
+ "Properties": {
593
+ "Action": "lambda:InvokeFunction",
594
+ "FunctionName": {
595
+ "Fn::GetAtt": [
596
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
597
+ "Arn"
598
+ ]
599
+ },
600
+ "Principal": "apigateway.amazonaws.com",
601
+ "SourceArn": {
602
+ "Fn::Join": [
603
+ "",
604
+ [
605
+ "arn:",
606
+ {
607
+ "Ref": "AWS::Partition"
608
+ },
609
+ ":execute-api:",
610
+ {
611
+ "Ref": "AWS::Region"
612
+ },
613
+ ":",
614
+ {
615
+ "Ref": "AWS::AccountId"
616
+ },
617
+ ":",
618
+ {
619
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
620
+ },
621
+ "/test-invoke-stage/*/"
622
+ ]
623
+ ]
624
+ }
625
+ }
626
+ },
627
+ "testcloudfrontapigatewaylambdaLambdaRestApiANYBC435DFD": {
628
+ "Type": "AWS::ApiGateway::Method",
629
+ "Properties": {
630
+ "AuthorizationType": "CUSTOM",
631
+ "AuthorizerId": {
632
+ "Ref": "cftaplamnousageplanauthorizerB177A4F9"
633
+ },
634
+ "HttpMethod": "ANY",
635
+ "Integration": {
636
+ "IntegrationHttpMethod": "POST",
637
+ "Type": "AWS_PROXY",
638
+ "Uri": {
639
+ "Fn::Join": [
640
+ "",
641
+ [
642
+ "arn:",
643
+ {
644
+ "Ref": "AWS::Partition"
645
+ },
646
+ ":apigateway:",
647
+ {
648
+ "Ref": "AWS::Region"
649
+ },
650
+ ":lambda:path/2015-03-31/functions/",
651
+ {
652
+ "Fn::GetAtt": [
653
+ "testcloudfrontapigatewaylambdaLambdaFunction17A55E65",
654
+ "Arn"
655
+ ]
656
+ },
657
+ "/invocations"
658
+ ]
659
+ ]
660
+ }
661
+ },
662
+ "ResourceId": {
663
+ "Fn::GetAtt": [
664
+ "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44",
665
+ "RootResourceId"
666
+ ]
667
+ },
668
+ "RestApiId": {
669
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
670
+ }
671
+ }
672
+ },
673
+ "testcloudfrontapigatewaylambdaLambdaRestApiCloudWatchRole7A327F48": {
674
+ "Type": "AWS::IAM::Role",
675
+ "Properties": {
676
+ "AssumeRolePolicyDocument": {
677
+ "Statement": [
678
+ {
679
+ "Action": "sts:AssumeRole",
680
+ "Effect": "Allow",
681
+ "Principal": {
682
+ "Service": "apigateway.amazonaws.com"
683
+ }
684
+ }
685
+ ],
686
+ "Version": "2012-10-17"
687
+ },
688
+ "Policies": [
689
+ {
690
+ "PolicyDocument": {
691
+ "Statement": [
692
+ {
693
+ "Action": [
694
+ "logs:CreateLogGroup",
695
+ "logs:CreateLogStream",
696
+ "logs:DescribeLogGroups",
697
+ "logs:DescribeLogStreams",
698
+ "logs:FilterLogEvents",
699
+ "logs:GetLogEvents",
700
+ "logs:PutLogEvents"
701
+ ],
702
+ "Effect": "Allow",
703
+ "Resource": {
704
+ "Fn::Join": [
705
+ "",
706
+ [
707
+ "arn:",
708
+ {
709
+ "Ref": "AWS::Partition"
710
+ },
711
+ ":logs:",
712
+ {
713
+ "Ref": "AWS::Region"
714
+ },
715
+ ":",
716
+ {
717
+ "Ref": "AWS::AccountId"
718
+ },
719
+ ":*"
720
+ ]
721
+ ]
722
+ }
723
+ }
724
+ ],
725
+ "Version": "2012-10-17"
726
+ },
727
+ "PolicyName": "LambdaRestApiCloudWatchRolePolicy"
728
+ }
729
+ ]
730
+ },
731
+ "Metadata": {
732
+ "guard": {
733
+ "SuppressedRules": [
734
+ "IAM_NO_INLINE_POLICY_CHECK"
735
+ ]
736
+ }
737
+ }
738
+ },
739
+ "testcloudfrontapigatewaylambdaLambdaRestApiAccount1A4578BB": {
740
+ "Type": "AWS::ApiGateway::Account",
741
+ "Properties": {
742
+ "CloudWatchRoleArn": {
743
+ "Fn::GetAtt": [
744
+ "testcloudfrontapigatewaylambdaLambdaRestApiCloudWatchRole7A327F48",
745
+ "Arn"
746
+ ]
747
+ }
748
+ },
749
+ "DependsOn": [
750
+ "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
751
+ ]
752
+ },
753
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A": {
754
+ "Type": "AWS::CloudFront::Function",
755
+ "Properties": {
756
+ "AutoPublish": true,
757
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
758
+ "FunctionConfig": {
759
+ "Comment": "SetHttpSecurityHeadersc86ff048e47765694444f7bb321137eed6f5db5665",
760
+ "Runtime": "cloudfront-js-1.0"
761
+ },
762
+ "Name": "SetHttpSecurityHeadersc86ff048e47765694444f7bb321137eed6f5db5665"
763
+ }
764
+ },
765
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57": {
766
+ "Type": "AWS::S3::Bucket",
767
+ "Properties": {
768
+ "BucketEncryption": {
769
+ "ServerSideEncryptionConfiguration": [
770
+ {
771
+ "ServerSideEncryptionByDefault": {
772
+ "SSEAlgorithm": "AES256"
773
+ }
774
+ }
775
+ ]
776
+ },
777
+ "PublicAccessBlockConfiguration": {
778
+ "BlockPublicAcls": true,
779
+ "BlockPublicPolicy": true,
780
+ "IgnorePublicAcls": true,
781
+ "RestrictPublicBuckets": true
782
+ },
783
+ "VersioningConfiguration": {
784
+ "Status": "Enabled"
785
+ }
786
+ },
787
+ "UpdateReplacePolicy": "Retain",
788
+ "DeletionPolicy": "Retain",
789
+ "Metadata": {
790
+ "cfn_nag": {
791
+ "rules_to_suppress": [
792
+ {
793
+ "id": "W35",
794
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
795
+ }
796
+ ]
797
+ }
798
+ }
799
+ },
800
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLogPolicy521355D8": {
801
+ "Type": "AWS::S3::BucketPolicy",
802
+ "Properties": {
803
+ "Bucket": {
804
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57"
805
+ },
806
+ "PolicyDocument": {
807
+ "Statement": [
808
+ {
809
+ "Action": "s3:*",
810
+ "Condition": {
811
+ "Bool": {
812
+ "aws:SecureTransport": "false"
813
+ }
814
+ },
815
+ "Effect": "Deny",
816
+ "Principal": {
817
+ "AWS": "*"
818
+ },
819
+ "Resource": [
820
+ {
821
+ "Fn::GetAtt": [
822
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57",
823
+ "Arn"
824
+ ]
825
+ },
826
+ {
827
+ "Fn::Join": [
828
+ "",
829
+ [
830
+ {
831
+ "Fn::GetAtt": [
832
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57",
833
+ "Arn"
834
+ ]
835
+ },
836
+ "/*"
837
+ ]
838
+ ]
839
+ }
840
+ ]
841
+ },
842
+ {
843
+ "Action": "s3:PutObject",
844
+ "Condition": {
845
+ "ArnLike": {
846
+ "aws:SourceArn": {
847
+ "Fn::GetAtt": [
848
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
849
+ "Arn"
850
+ ]
851
+ }
852
+ },
853
+ "StringEquals": {
854
+ "aws:SourceAccount": {
855
+ "Ref": "AWS::AccountId"
856
+ }
857
+ }
858
+ },
859
+ "Effect": "Allow",
860
+ "Principal": {
861
+ "Service": "logging.s3.amazonaws.com"
862
+ },
863
+ "Resource": {
864
+ "Fn::Join": [
865
+ "",
866
+ [
867
+ {
868
+ "Fn::GetAtt": [
869
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57",
870
+ "Arn"
871
+ ]
872
+ },
873
+ "/*"
874
+ ]
875
+ ]
876
+ }
877
+ }
878
+ ],
879
+ "Version": "2012-10-17"
880
+ }
881
+ }
882
+ },
883
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421": {
884
+ "Type": "AWS::S3::Bucket",
885
+ "Properties": {
886
+ "AccessControl": "LogDeliveryWrite",
887
+ "BucketEncryption": {
888
+ "ServerSideEncryptionConfiguration": [
889
+ {
890
+ "ServerSideEncryptionByDefault": {
891
+ "SSEAlgorithm": "AES256"
892
+ }
893
+ }
894
+ ]
895
+ },
896
+ "LoggingConfiguration": {
897
+ "DestinationBucketName": {
898
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLog347EED57"
899
+ }
900
+ },
901
+ "OwnershipControls": {
902
+ "Rules": [
903
+ {
904
+ "ObjectOwnership": "ObjectWriter"
905
+ }
906
+ ]
907
+ },
908
+ "PublicAccessBlockConfiguration": {
909
+ "BlockPublicAcls": true,
910
+ "BlockPublicPolicy": true,
911
+ "IgnorePublicAcls": true,
912
+ "RestrictPublicBuckets": true
913
+ },
914
+ "Tags": [
915
+ {
916
+ "Key": "aws-cdk:auto-delete-objects",
917
+ "Value": "true"
918
+ }
919
+ ],
920
+ "VersioningConfiguration": {
921
+ "Status": "Enabled"
922
+ }
923
+ },
924
+ "UpdateReplacePolicy": "Delete",
925
+ "DeletionPolicy": "Delete"
926
+ },
927
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketPolicy4A551B79": {
928
+ "Type": "AWS::S3::BucketPolicy",
929
+ "Properties": {
930
+ "Bucket": {
931
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421"
932
+ },
933
+ "PolicyDocument": {
934
+ "Statement": [
935
+ {
936
+ "Action": "s3:*",
937
+ "Condition": {
938
+ "Bool": {
939
+ "aws:SecureTransport": "false"
940
+ }
941
+ },
942
+ "Effect": "Deny",
943
+ "Principal": {
944
+ "AWS": "*"
945
+ },
946
+ "Resource": [
947
+ {
948
+ "Fn::GetAtt": [
949
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
950
+ "Arn"
951
+ ]
952
+ },
953
+ {
954
+ "Fn::Join": [
955
+ "",
956
+ [
957
+ {
958
+ "Fn::GetAtt": [
959
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
960
+ "Arn"
961
+ ]
962
+ },
963
+ "/*"
964
+ ]
965
+ ]
966
+ }
967
+ ]
968
+ },
969
+ {
970
+ "Action": [
971
+ "s3:DeleteObject*",
972
+ "s3:GetBucket*",
973
+ "s3:List*",
974
+ "s3:PutBucketPolicy"
975
+ ],
976
+ "Effect": "Allow",
977
+ "Principal": {
978
+ "AWS": {
979
+ "Fn::GetAtt": [
980
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
981
+ "Arn"
982
+ ]
983
+ }
984
+ },
985
+ "Resource": [
986
+ {
987
+ "Fn::GetAtt": [
988
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
989
+ "Arn"
990
+ ]
991
+ },
992
+ {
993
+ "Fn::Join": [
994
+ "",
995
+ [
996
+ {
997
+ "Fn::GetAtt": [
998
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
999
+ "Arn"
1000
+ ]
1001
+ },
1002
+ "/*"
1003
+ ]
1004
+ ]
1005
+ }
1006
+ ]
1007
+ }
1008
+ ],
1009
+ "Version": "2012-10-17"
1010
+ }
1011
+ }
1012
+ },
1013
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAutoDeleteObjectsCustomResourceD4126D01": {
1014
+ "Type": "Custom::S3AutoDeleteObjects",
1015
+ "Properties": {
1016
+ "ServiceToken": {
1017
+ "Fn::GetAtt": [
1018
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
1019
+ "Arn"
1020
+ ]
1021
+ },
1022
+ "BucketName": {
1023
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421"
1024
+ }
1025
+ },
1026
+ "DependsOn": [
1027
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketPolicy4A551B79"
1028
+ ],
1029
+ "UpdateReplacePolicy": "Delete",
1030
+ "DeletionPolicy": "Delete"
1031
+ },
1032
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudFrontDistribution0AFC98FC": {
1033
+ "Type": "AWS::CloudFront::Distribution",
1034
+ "Properties": {
1035
+ "DistributionConfig": {
1036
+ "DefaultCacheBehavior": {
1037
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
1038
+ "Compress": true,
1039
+ "FunctionAssociations": [
1040
+ {
1041
+ "EventType": "viewer-response",
1042
+ "FunctionARN": {
1043
+ "Fn::GetAtt": [
1044
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A",
1045
+ "FunctionARN"
1046
+ ]
1047
+ }
1048
+ }
1049
+ ],
1050
+ "TargetOriginId": "cftaplamnousageplantestcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudFrontDistributionOrigin1079FB863",
1051
+ "ViewerProtocolPolicy": "redirect-to-https"
1052
+ },
1053
+ "Enabled": true,
1054
+ "HttpVersion": "http2",
1055
+ "IPV6Enabled": true,
1056
+ "Logging": {
1057
+ "Bucket": {
1058
+ "Fn::GetAtt": [
1059
+ "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
1060
+ "RegionalDomainName"
1061
+ ]
1062
+ }
1063
+ },
1064
+ "Origins": [
1065
+ {
1066
+ "CustomOriginConfig": {
1067
+ "OriginProtocolPolicy": "https-only",
1068
+ "OriginSSLProtocols": [
1069
+ "TLSv1.2"
1070
+ ]
1071
+ },
1072
+ "DomainName": {
1073
+ "Fn::Select": [
1074
+ 0,
1075
+ {
1076
+ "Fn::Split": [
1077
+ "/",
1078
+ {
1079
+ "Fn::Select": [
1080
+ 1,
1081
+ {
1082
+ "Fn::Split": [
1083
+ "://",
1084
+ {
1085
+ "Fn::Join": [
1086
+ "",
1087
+ [
1088
+ "https://",
1089
+ {
1090
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
1091
+ },
1092
+ ".execute-api.",
1093
+ {
1094
+ "Ref": "AWS::Region"
1095
+ },
1096
+ ".",
1097
+ {
1098
+ "Ref": "AWS::URLSuffix"
1099
+ },
1100
+ "/",
1101
+ {
1102
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
1103
+ },
1104
+ "/"
1105
+ ]
1106
+ ]
1107
+ }
1108
+ ]
1109
+ }
1110
+ ]
1111
+ }
1112
+ ]
1113
+ }
1114
+ ]
1115
+ },
1116
+ "Id": "cftaplamnousageplantestcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudFrontDistributionOrigin1079FB863",
1117
+ "OriginPath": {
1118
+ "Fn::Join": [
1119
+ "",
1120
+ [
1121
+ "/",
1122
+ {
1123
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
1124
+ }
1125
+ ]
1126
+ ]
1127
+ }
1128
+ }
1129
+ ]
1130
+ }
1131
+ },
1132
+ "Metadata": {
1133
+ "cfn_nag": {
1134
+ "rules_to_suppress": [
1135
+ {
1136
+ "id": "W70",
1137
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
1138
+ }
1139
+ ]
1140
+ }
1141
+ }
1142
+ },
1143
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
1144
+ "Type": "AWS::IAM::Role",
1145
+ "Properties": {
1146
+ "AssumeRolePolicyDocument": {
1147
+ "Version": "2012-10-17",
1148
+ "Statement": [
1149
+ {
1150
+ "Action": "sts:AssumeRole",
1151
+ "Effect": "Allow",
1152
+ "Principal": {
1153
+ "Service": "lambda.amazonaws.com"
1154
+ }
1155
+ }
1156
+ ]
1157
+ },
1158
+ "ManagedPolicyArns": [
1159
+ {
1160
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1161
+ }
1162
+ ]
1163
+ }
1164
+ },
1165
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
1166
+ "Type": "AWS::Lambda::Function",
1167
+ "Properties": {
1168
+ "Code": {
1169
+ "S3Bucket": {
1170
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1171
+ },
1172
+ "S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
1173
+ },
1174
+ "Timeout": 900,
1175
+ "MemorySize": 128,
1176
+ "Handler": "index.handler",
1177
+ "Role": {
1178
+ "Fn::GetAtt": [
1179
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
1180
+ "Arn"
1181
+ ]
1182
+ },
1183
+ "Runtime": {
1184
+ "Fn::FindInMap": [
1185
+ "LatestNodeRuntimeMap",
1186
+ {
1187
+ "Ref": "AWS::Region"
1188
+ },
1189
+ "value"
1190
+ ]
1191
+ },
1192
+ "Description": {
1193
+ "Fn::Join": [
1194
+ "",
1195
+ [
1196
+ "Lambda function for auto-deleting objects in ",
1197
+ {
1198
+ "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421"
1199
+ },
1200
+ " S3 bucket."
1201
+ ]
1202
+ ]
1203
+ }
1204
+ },
1205
+ "DependsOn": [
1206
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
1207
+ ],
1208
+ "Metadata": {
1209
+ "cfn_nag": {
1210
+ "rules_to_suppress": [
1211
+ {
1212
+ "id": "W58",
1213
+ "reason": "CDK generated custom resource"
1214
+ },
1215
+ {
1216
+ "id": "W89",
1217
+ "reason": "CDK generated custom resource"
1218
+ },
1219
+ {
1220
+ "id": "W92",
1221
+ "reason": "CDK generated custom resource"
1222
+ }
1223
+ ]
1224
+ }
1225
+ }
1226
+ }
1227
+ },
1228
+ "Outputs": {
1229
+ "testcloudfrontapigatewaylambdaLambdaRestApiEndpoint83FD8F0F": {
1230
+ "Value": {
1231
+ "Fn::Join": [
1232
+ "",
1233
+ [
1234
+ "https://",
1235
+ {
1236
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44"
1237
+ },
1238
+ ".execute-api.",
1239
+ {
1240
+ "Ref": "AWS::Region"
1241
+ },
1242
+ ".",
1243
+ {
1244
+ "Ref": "AWS::URLSuffix"
1245
+ },
1246
+ "/",
1247
+ {
1248
+ "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7"
1249
+ },
1250
+ "/"
1251
+ ]
1252
+ ]
1253
+ }
1254
+ }
1255
+ },
1256
+ "Mappings": {
1257
+ "LatestNodeRuntimeMap": {
1258
+ "af-south-1": {
1259
+ "value": "nodejs20.x"
1260
+ },
1261
+ "ap-east-1": {
1262
+ "value": "nodejs20.x"
1263
+ },
1264
+ "ap-northeast-1": {
1265
+ "value": "nodejs20.x"
1266
+ },
1267
+ "ap-northeast-2": {
1268
+ "value": "nodejs20.x"
1269
+ },
1270
+ "ap-northeast-3": {
1271
+ "value": "nodejs20.x"
1272
+ },
1273
+ "ap-south-1": {
1274
+ "value": "nodejs20.x"
1275
+ },
1276
+ "ap-south-2": {
1277
+ "value": "nodejs20.x"
1278
+ },
1279
+ "ap-southeast-1": {
1280
+ "value": "nodejs20.x"
1281
+ },
1282
+ "ap-southeast-2": {
1283
+ "value": "nodejs20.x"
1284
+ },
1285
+ "ap-southeast-3": {
1286
+ "value": "nodejs20.x"
1287
+ },
1288
+ "ap-southeast-4": {
1289
+ "value": "nodejs20.x"
1290
+ },
1291
+ "ap-southeast-5": {
1292
+ "value": "nodejs20.x"
1293
+ },
1294
+ "ap-southeast-7": {
1295
+ "value": "nodejs20.x"
1296
+ },
1297
+ "ca-central-1": {
1298
+ "value": "nodejs20.x"
1299
+ },
1300
+ "ca-west-1": {
1301
+ "value": "nodejs20.x"
1302
+ },
1303
+ "cn-north-1": {
1304
+ "value": "nodejs20.x"
1305
+ },
1306
+ "cn-northwest-1": {
1307
+ "value": "nodejs20.x"
1308
+ },
1309
+ "eu-central-1": {
1310
+ "value": "nodejs20.x"
1311
+ },
1312
+ "eu-central-2": {
1313
+ "value": "nodejs20.x"
1314
+ },
1315
+ "eu-isoe-west-1": {
1316
+ "value": "nodejs18.x"
1317
+ },
1318
+ "eu-north-1": {
1319
+ "value": "nodejs20.x"
1320
+ },
1321
+ "eu-south-1": {
1322
+ "value": "nodejs20.x"
1323
+ },
1324
+ "eu-south-2": {
1325
+ "value": "nodejs20.x"
1326
+ },
1327
+ "eu-west-1": {
1328
+ "value": "nodejs20.x"
1329
+ },
1330
+ "eu-west-2": {
1331
+ "value": "nodejs20.x"
1332
+ },
1333
+ "eu-west-3": {
1334
+ "value": "nodejs20.x"
1335
+ },
1336
+ "il-central-1": {
1337
+ "value": "nodejs20.x"
1338
+ },
1339
+ "me-central-1": {
1340
+ "value": "nodejs20.x"
1341
+ },
1342
+ "me-south-1": {
1343
+ "value": "nodejs20.x"
1344
+ },
1345
+ "mx-central-1": {
1346
+ "value": "nodejs20.x"
1347
+ },
1348
+ "sa-east-1": {
1349
+ "value": "nodejs20.x"
1350
+ },
1351
+ "us-east-1": {
1352
+ "value": "nodejs20.x"
1353
+ },
1354
+ "us-east-2": {
1355
+ "value": "nodejs20.x"
1356
+ },
1357
+ "us-gov-east-1": {
1358
+ "value": "nodejs20.x"
1359
+ },
1360
+ "us-gov-west-1": {
1361
+ "value": "nodejs20.x"
1362
+ },
1363
+ "us-iso-east-1": {
1364
+ "value": "nodejs18.x"
1365
+ },
1366
+ "us-iso-west-1": {
1367
+ "value": "nodejs18.x"
1368
+ },
1369
+ "us-isob-east-1": {
1370
+ "value": "nodejs18.x"
1371
+ },
1372
+ "us-west-1": {
1373
+ "value": "nodejs20.x"
1374
+ },
1375
+ "us-west-2": {
1376
+ "value": "nodejs20.x"
1377
+ }
1378
+ }
1379
+ },
1380
+ "Parameters": {
1381
+ "BootstrapVersion": {
1382
+ "Type": "AWS::SSM::Parameter::Value<String>",
1383
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1384
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1385
+ }
1386
+ },
1387
+ "Rules": {
1388
+ "CheckBootstrapVersion": {
1389
+ "Assertions": [
1390
+ {
1391
+ "Assert": {
1392
+ "Fn::Not": [
1393
+ {
1394
+ "Fn::Contains": [
1395
+ [
1396
+ "1",
1397
+ "2",
1398
+ "3",
1399
+ "4",
1400
+ "5"
1401
+ ],
1402
+ {
1403
+ "Ref": "BootstrapVersion"
1404
+ }
1405
+ ]
1406
+ }
1407
+ ]
1408
+ },
1409
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1410
+ }
1411
+ ]
1412
+ }
1413
+ }
1414
+ }