@aws-solutions-constructs/aws-cloudfront-oai-s3 2.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/.jsii +4403 -0
  2. package/README.md +109 -0
  3. package/architecture.png +0 -0
  4. package/integ.config.json +7 -0
  5. package/lib/index.d.ts +118 -0
  6. package/lib/index.js +106 -0
  7. package/package.json +95 -0
  8. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts +13 -0
  9. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +56 -0
  10. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  11. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  12. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +32 -0
  13. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +1061 -0
  14. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.assets.json +19 -0
  15. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.template.json +36 -0
  16. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  17. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +215 -0
  18. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +1105 -0
  19. package/test/integ.cftoais3-custom-headers.d.ts +13 -0
  20. package/test/integ.cftoais3-custom-headers.js +71 -0
  21. package/test/integ.cftoais3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  22. package/test/integ.cftoais3-custom-headers.js.snapshot/cdk.out +1 -0
  23. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.assets.json +32 -0
  24. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.template.json +1116 -0
  25. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.assets.json +19 -0
  26. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.template.json +36 -0
  27. package/test/integ.cftoais3-custom-headers.js.snapshot/integ.json +12 -0
  28. package/test/integ.cftoais3-custom-headers.js.snapshot/manifest.json +227 -0
  29. package/test/integ.cftoais3-custom-headers.js.snapshot/tree.json +1196 -0
  30. package/test/integ.cftoais3-custom-originPath.d.ts +13 -0
  31. package/test/integ.cftoais3-custom-originPath.js +48 -0
  32. package/test/integ.cftoais3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  33. package/test/integ.cftoais3-custom-originPath.js.snapshot/cdk.out +1 -0
  34. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.assets.json +32 -0
  35. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.template.json +1085 -0
  36. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.assets.json +19 -0
  37. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.template.json +36 -0
  38. package/test/integ.cftoais3-custom-originPath.js.snapshot/integ.json +12 -0
  39. package/test/integ.cftoais3-custom-originPath.js.snapshot/manifest.json +221 -0
  40. package/test/integ.cftoais3-custom-originPath.js.snapshot/tree.json +1147 -0
  41. package/test/integ.cftoais3-customLoggingBuckets.d.ts +13 -0
  42. package/test/integ.cftoais3-customLoggingBuckets.js +64 -0
  43. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  44. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  45. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.assets.json +32 -0
  46. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.template.json +1109 -0
  47. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.assets.json +19 -0
  48. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.template.json +36 -0
  49. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  50. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/manifest.json +221 -0
  51. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/tree.json +1172 -0
  52. package/test/integ.cftoais3-existing-bucket.d.ts +13 -0
  53. package/test/integ.cftoais3-existing-bucket.js +59 -0
  54. package/test/integ.cftoais3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  55. package/test/integ.cftoais3-existing-bucket.js.snapshot/cdk.out +1 -0
  56. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.assets.json +32 -0
  57. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.template.json +1131 -0
  58. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.assets.json +19 -0
  59. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.template.json +36 -0
  60. package/test/integ.cftoais3-existing-bucket.js.snapshot/integ.json +12 -0
  61. package/test/integ.cftoais3-existing-bucket.js.snapshot/manifest.json +233 -0
  62. package/test/integ.cftoais3-existing-bucket.js.snapshot/tree.json +1240 -0
  63. package/test/integ.cftoais3-no-arguments.d.ts +13 -0
  64. package/test/integ.cftoais3-no-arguments.js +53 -0
  65. package/test/integ.cftoais3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  66. package/test/integ.cftoais3-no-arguments.js.snapshot/cdk.out +1 -0
  67. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.assets.json +32 -0
  68. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.template.json +1094 -0
  69. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.assets.json +19 -0
  70. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.template.json +36 -0
  71. package/test/integ.cftoais3-no-arguments.js.snapshot/integ.json +12 -0
  72. package/test/integ.cftoais3-no-arguments.js.snapshot/manifest.json +356 -0
  73. package/test/integ.cftoais3-no-arguments.js.snapshot/tree.json +1146 -0
  74. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.d.ts +13 -0
  75. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js +60 -0
  76. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  77. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -0
  78. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.assets.json +32 -0
  79. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.template.json +743 -0
  80. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.assets.json +19 -0
  81. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.template.json +36 -0
  82. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +12 -0
  83. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +185 -0
  84. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +726 -0
  85. package/test/integ.cftoais3-no-logging.d.ts +13 -0
  86. package/test/integ.cftoais3-no-logging.js +56 -0
  87. package/test/integ.cftoais3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  88. package/test/integ.cftoais3-no-logging.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.assets.json +32 -0
  90. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.template.json +576 -0
  91. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.assets.json +19 -0
  92. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.template.json +36 -0
  93. package/test/integ.cftoais3-no-logging.js.snapshot/integ.json +12 -0
  94. package/test/integ.cftoais3-no-logging.js.snapshot/manifest.json +167 -0
  95. package/test/integ.cftoais3-no-logging.js.snapshot/tree.json +542 -0
  96. package/test/integ.cftoais3-no-security-headers.d.ts +13 -0
  97. package/test/integ.cftoais3-no-security-headers.js +50 -0
  98. package/test/integ.cftoais3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  99. package/test/integ.cftoais3-no-security-headers.js.snapshot/cdk.out +1 -0
  100. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.assets.json +32 -0
  101. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.template.json +1061 -0
  102. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.assets.json +19 -0
  103. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.template.json +36 -0
  104. package/test/integ.cftoais3-no-security-headers.js.snapshot/integ.json +12 -0
  105. package/test/integ.cftoais3-no-security-headers.js.snapshot/manifest.json +215 -0
  106. package/test/integ.cftoais3-no-security-headers.js.snapshot/tree.json +1105 -0
  107. package/test/test.cloudfront-oai-s3.test.d.ts +13 -0
  108. package/test/test.cloudfront-oai-s3.test.js +702 -0
@@ -0,0 +1,1109 @@
1
+ {
2
+ "Resources": {
3
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9": {
4
+ "Type": "AWS::S3::Bucket",
5
+ "Properties": {
6
+ "BucketEncryption": {
7
+ "ServerSideEncryptionConfiguration": [
8
+ {
9
+ "ServerSideEncryptionByDefault": {
10
+ "SSEAlgorithm": "AES256"
11
+ }
12
+ }
13
+ ]
14
+ },
15
+ "LifecycleConfiguration": {
16
+ "Rules": [
17
+ {
18
+ "Status": "Enabled",
19
+ "Transitions": [
20
+ {
21
+ "StorageClass": "GLACIER",
22
+ "TransitionInDays": 7
23
+ }
24
+ ]
25
+ }
26
+ ]
27
+ },
28
+ "PublicAccessBlockConfiguration": {
29
+ "BlockPublicAcls": true,
30
+ "BlockPublicPolicy": true,
31
+ "IgnorePublicAcls": true,
32
+ "RestrictPublicBuckets": true
33
+ },
34
+ "Tags": [
35
+ {
36
+ "Key": "aws-cdk:auto-delete-objects",
37
+ "Value": "true"
38
+ }
39
+ ],
40
+ "VersioningConfiguration": {
41
+ "Status": "Enabled"
42
+ }
43
+ },
44
+ "UpdateReplacePolicy": "Delete",
45
+ "DeletionPolicy": "Delete",
46
+ "Metadata": {
47
+ "cfn_nag": {
48
+ "rules_to_suppress": [
49
+ {
50
+ "id": "W35",
51
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
52
+ }
53
+ ]
54
+ }
55
+ }
56
+ },
57
+ "testcloudfrontoais3S3LoggingBucketPolicy792609D7": {
58
+ "Type": "AWS::S3::BucketPolicy",
59
+ "Properties": {
60
+ "Bucket": {
61
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
62
+ },
63
+ "PolicyDocument": {
64
+ "Statement": [
65
+ {
66
+ "Action": "s3:*",
67
+ "Condition": {
68
+ "Bool": {
69
+ "aws:SecureTransport": "false"
70
+ }
71
+ },
72
+ "Effect": "Deny",
73
+ "Principal": {
74
+ "AWS": "*"
75
+ },
76
+ "Resource": [
77
+ {
78
+ "Fn::GetAtt": [
79
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
80
+ "Arn"
81
+ ]
82
+ },
83
+ {
84
+ "Fn::Join": [
85
+ "",
86
+ [
87
+ {
88
+ "Fn::GetAtt": [
89
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
90
+ "Arn"
91
+ ]
92
+ },
93
+ "/*"
94
+ ]
95
+ ]
96
+ }
97
+ ]
98
+ },
99
+ {
100
+ "Action": [
101
+ "s3:DeleteObject*",
102
+ "s3:GetBucket*",
103
+ "s3:List*",
104
+ "s3:PutBucketPolicy"
105
+ ],
106
+ "Effect": "Allow",
107
+ "Principal": {
108
+ "AWS": {
109
+ "Fn::GetAtt": [
110
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
111
+ "Arn"
112
+ ]
113
+ }
114
+ },
115
+ "Resource": [
116
+ {
117
+ "Fn::GetAtt": [
118
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
119
+ "Arn"
120
+ ]
121
+ },
122
+ {
123
+ "Fn::Join": [
124
+ "",
125
+ [
126
+ {
127
+ "Fn::GetAtt": [
128
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
129
+ "Arn"
130
+ ]
131
+ },
132
+ "/*"
133
+ ]
134
+ ]
135
+ }
136
+ ]
137
+ },
138
+ {
139
+ "Action": "s3:PutObject",
140
+ "Condition": {
141
+ "ArnLike": {
142
+ "aws:SourceArn": {
143
+ "Fn::GetAtt": [
144
+ "testcloudfrontoais3S3Bucket578AB9F3",
145
+ "Arn"
146
+ ]
147
+ }
148
+ },
149
+ "StringEquals": {
150
+ "aws:SourceAccount": {
151
+ "Ref": "AWS::AccountId"
152
+ }
153
+ }
154
+ },
155
+ "Effect": "Allow",
156
+ "Principal": {
157
+ "Service": "logging.s3.amazonaws.com"
158
+ },
159
+ "Resource": {
160
+ "Fn::Join": [
161
+ "",
162
+ [
163
+ {
164
+ "Fn::GetAtt": [
165
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
166
+ "Arn"
167
+ ]
168
+ },
169
+ "/*"
170
+ ]
171
+ ]
172
+ }
173
+ }
174
+ ],
175
+ "Version": "2012-10-17"
176
+ }
177
+ }
178
+ },
179
+ "testcloudfrontoais3S3LoggingBucketAutoDeleteObjectsCustomResource24F8B1EE": {
180
+ "Type": "Custom::S3AutoDeleteObjects",
181
+ "Properties": {
182
+ "ServiceToken": {
183
+ "Fn::GetAtt": [
184
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
185
+ "Arn"
186
+ ]
187
+ },
188
+ "BucketName": {
189
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
190
+ }
191
+ },
192
+ "DependsOn": [
193
+ "testcloudfrontoais3S3LoggingBucketPolicy792609D7"
194
+ ],
195
+ "UpdateReplacePolicy": "Delete",
196
+ "DeletionPolicy": "Delete"
197
+ },
198
+ "testcloudfrontoais3S3Bucket578AB9F3": {
199
+ "Type": "AWS::S3::Bucket",
200
+ "Properties": {
201
+ "BucketEncryption": {
202
+ "ServerSideEncryptionConfiguration": [
203
+ {
204
+ "ServerSideEncryptionByDefault": {
205
+ "SSEAlgorithm": "AES256"
206
+ }
207
+ }
208
+ ]
209
+ },
210
+ "LifecycleConfiguration": {
211
+ "Rules": [
212
+ {
213
+ "NoncurrentVersionTransitions": [
214
+ {
215
+ "StorageClass": "GLACIER",
216
+ "TransitionInDays": 90
217
+ }
218
+ ],
219
+ "Status": "Enabled"
220
+ }
221
+ ]
222
+ },
223
+ "LoggingConfiguration": {
224
+ "DestinationBucketName": {
225
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
226
+ }
227
+ },
228
+ "PublicAccessBlockConfiguration": {
229
+ "BlockPublicAcls": true,
230
+ "BlockPublicPolicy": true,
231
+ "IgnorePublicAcls": true,
232
+ "RestrictPublicBuckets": true
233
+ },
234
+ "Tags": [
235
+ {
236
+ "Key": "aws-cdk:auto-delete-objects",
237
+ "Value": "true"
238
+ }
239
+ ],
240
+ "VersioningConfiguration": {
241
+ "Status": "Enabled"
242
+ }
243
+ },
244
+ "UpdateReplacePolicy": "Delete",
245
+ "DeletionPolicy": "Delete"
246
+ },
247
+ "testcloudfrontoais3S3BucketPolicyD2322CC3": {
248
+ "Type": "AWS::S3::BucketPolicy",
249
+ "Properties": {
250
+ "Bucket": {
251
+ "Ref": "testcloudfrontoais3S3Bucket578AB9F3"
252
+ },
253
+ "PolicyDocument": {
254
+ "Statement": [
255
+ {
256
+ "Action": "s3:*",
257
+ "Condition": {
258
+ "Bool": {
259
+ "aws:SecureTransport": "false"
260
+ }
261
+ },
262
+ "Effect": "Deny",
263
+ "Principal": {
264
+ "AWS": "*"
265
+ },
266
+ "Resource": [
267
+ {
268
+ "Fn::GetAtt": [
269
+ "testcloudfrontoais3S3Bucket578AB9F3",
270
+ "Arn"
271
+ ]
272
+ },
273
+ {
274
+ "Fn::Join": [
275
+ "",
276
+ [
277
+ {
278
+ "Fn::GetAtt": [
279
+ "testcloudfrontoais3S3Bucket578AB9F3",
280
+ "Arn"
281
+ ]
282
+ },
283
+ "/*"
284
+ ]
285
+ ]
286
+ }
287
+ ]
288
+ },
289
+ {
290
+ "Action": [
291
+ "s3:DeleteObject*",
292
+ "s3:GetBucket*",
293
+ "s3:List*",
294
+ "s3:PutBucketPolicy"
295
+ ],
296
+ "Effect": "Allow",
297
+ "Principal": {
298
+ "AWS": {
299
+ "Fn::GetAtt": [
300
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
301
+ "Arn"
302
+ ]
303
+ }
304
+ },
305
+ "Resource": [
306
+ {
307
+ "Fn::GetAtt": [
308
+ "testcloudfrontoais3S3Bucket578AB9F3",
309
+ "Arn"
310
+ ]
311
+ },
312
+ {
313
+ "Fn::Join": [
314
+ "",
315
+ [
316
+ {
317
+ "Fn::GetAtt": [
318
+ "testcloudfrontoais3S3Bucket578AB9F3",
319
+ "Arn"
320
+ ]
321
+ },
322
+ "/*"
323
+ ]
324
+ ]
325
+ }
326
+ ]
327
+ },
328
+ {
329
+ "Action": "s3:GetObject",
330
+ "Effect": "Allow",
331
+ "Principal": {
332
+ "CanonicalUser": {
333
+ "Fn::GetAtt": [
334
+ "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1",
335
+ "S3CanonicalUserId"
336
+ ]
337
+ }
338
+ },
339
+ "Resource": {
340
+ "Fn::Join": [
341
+ "",
342
+ [
343
+ {
344
+ "Fn::GetAtt": [
345
+ "testcloudfrontoais3S3Bucket578AB9F3",
346
+ "Arn"
347
+ ]
348
+ },
349
+ "/*"
350
+ ]
351
+ ]
352
+ }
353
+ },
354
+ {
355
+ "Action": "s3:GetObject",
356
+ "Condition": {
357
+ "StringEquals": {
358
+ "AWS:SourceArn": {
359
+ "Fn::Join": [
360
+ "",
361
+ [
362
+ "arn:",
363
+ {
364
+ "Ref": "AWS::Partition"
365
+ },
366
+ ":cloudfront::",
367
+ {
368
+ "Ref": "AWS::AccountId"
369
+ },
370
+ ":distribution/",
371
+ {
372
+ "Ref": "testcloudfrontoais3CloudFrontDistribution0E089CC5"
373
+ }
374
+ ]
375
+ ]
376
+ }
377
+ }
378
+ },
379
+ "Effect": "Allow",
380
+ "Principal": {
381
+ "Service": "cloudfront.amazonaws.com"
382
+ },
383
+ "Resource": {
384
+ "Fn::Join": [
385
+ "",
386
+ [
387
+ {
388
+ "Fn::GetAtt": [
389
+ "testcloudfrontoais3S3Bucket578AB9F3",
390
+ "Arn"
391
+ ]
392
+ },
393
+ "/*"
394
+ ]
395
+ ]
396
+ }
397
+ }
398
+ ],
399
+ "Version": "2012-10-17"
400
+ }
401
+ },
402
+ "Metadata": {
403
+ "cfn_nag": {
404
+ "rules_to_suppress": [
405
+ {
406
+ "id": "F16",
407
+ "reason": "Public website bucket policy requires a wildcard principal"
408
+ }
409
+ ]
410
+ }
411
+ }
412
+ },
413
+ "testcloudfrontoais3S3BucketAutoDeleteObjectsCustomResourceA2545EE1": {
414
+ "Type": "Custom::S3AutoDeleteObjects",
415
+ "Properties": {
416
+ "ServiceToken": {
417
+ "Fn::GetAtt": [
418
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
419
+ "Arn"
420
+ ]
421
+ },
422
+ "BucketName": {
423
+ "Ref": "testcloudfrontoais3S3Bucket578AB9F3"
424
+ }
425
+ },
426
+ "DependsOn": [
427
+ "testcloudfrontoais3S3BucketPolicyD2322CC3"
428
+ ],
429
+ "UpdateReplacePolicy": "Delete",
430
+ "DeletionPolicy": "Delete"
431
+ },
432
+ "testcloudfrontoais3SetHttpSecurityHeaders4EB3C97B": {
433
+ "Type": "AWS::CloudFront::Function",
434
+ "Properties": {
435
+ "AutoPublish": true,
436
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
437
+ "FunctionConfig": {
438
+ "Comment": "SetHttpSecurityHeadersc8468fd170bf5278d204f24e153252ea2649059b5f",
439
+ "Runtime": "cloudfront-js-1.0"
440
+ },
441
+ "Name": "SetHttpSecurityHeadersc8468fd170bf5278d204f24e153252ea2649059b5f"
442
+ }
443
+ },
444
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80": {
445
+ "Type": "AWS::S3::Bucket",
446
+ "Properties": {
447
+ "BucketEncryption": {
448
+ "ServerSideEncryptionConfiguration": [
449
+ {
450
+ "ServerSideEncryptionByDefault": {
451
+ "SSEAlgorithm": "AES256"
452
+ }
453
+ }
454
+ ]
455
+ },
456
+ "PublicAccessBlockConfiguration": {
457
+ "BlockPublicAcls": true,
458
+ "BlockPublicPolicy": true,
459
+ "IgnorePublicAcls": true,
460
+ "RestrictPublicBuckets": true
461
+ },
462
+ "Tags": [
463
+ {
464
+ "Key": "aws-cdk:auto-delete-objects",
465
+ "Value": "true"
466
+ }
467
+ ],
468
+ "VersioningConfiguration": {
469
+ "Status": "Enabled"
470
+ }
471
+ },
472
+ "UpdateReplacePolicy": "Delete",
473
+ "DeletionPolicy": "Delete",
474
+ "Metadata": {
475
+ "cfn_nag": {
476
+ "rules_to_suppress": [
477
+ {
478
+ "id": "W35",
479
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
480
+ }
481
+ ]
482
+ }
483
+ }
484
+ },
485
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogPolicy0C078528": {
486
+ "Type": "AWS::S3::BucketPolicy",
487
+ "Properties": {
488
+ "Bucket": {
489
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
490
+ },
491
+ "PolicyDocument": {
492
+ "Statement": [
493
+ {
494
+ "Action": "s3:*",
495
+ "Condition": {
496
+ "Bool": {
497
+ "aws:SecureTransport": "false"
498
+ }
499
+ },
500
+ "Effect": "Deny",
501
+ "Principal": {
502
+ "AWS": "*"
503
+ },
504
+ "Resource": [
505
+ {
506
+ "Fn::GetAtt": [
507
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
508
+ "Arn"
509
+ ]
510
+ },
511
+ {
512
+ "Fn::Join": [
513
+ "",
514
+ [
515
+ {
516
+ "Fn::GetAtt": [
517
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
518
+ "Arn"
519
+ ]
520
+ },
521
+ "/*"
522
+ ]
523
+ ]
524
+ }
525
+ ]
526
+ },
527
+ {
528
+ "Action": [
529
+ "s3:DeleteObject*",
530
+ "s3:GetBucket*",
531
+ "s3:List*",
532
+ "s3:PutBucketPolicy"
533
+ ],
534
+ "Effect": "Allow",
535
+ "Principal": {
536
+ "AWS": {
537
+ "Fn::GetAtt": [
538
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
539
+ "Arn"
540
+ ]
541
+ }
542
+ },
543
+ "Resource": [
544
+ {
545
+ "Fn::GetAtt": [
546
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
547
+ "Arn"
548
+ ]
549
+ },
550
+ {
551
+ "Fn::Join": [
552
+ "",
553
+ [
554
+ {
555
+ "Fn::GetAtt": [
556
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
557
+ "Arn"
558
+ ]
559
+ },
560
+ "/*"
561
+ ]
562
+ ]
563
+ }
564
+ ]
565
+ },
566
+ {
567
+ "Action": "s3:PutObject",
568
+ "Condition": {
569
+ "ArnLike": {
570
+ "aws:SourceArn": {
571
+ "Fn::GetAtt": [
572
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
573
+ "Arn"
574
+ ]
575
+ }
576
+ },
577
+ "StringEquals": {
578
+ "aws:SourceAccount": {
579
+ "Ref": "AWS::AccountId"
580
+ }
581
+ }
582
+ },
583
+ "Effect": "Allow",
584
+ "Principal": {
585
+ "Service": "logging.s3.amazonaws.com"
586
+ },
587
+ "Resource": {
588
+ "Fn::Join": [
589
+ "",
590
+ [
591
+ {
592
+ "Fn::GetAtt": [
593
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
594
+ "Arn"
595
+ ]
596
+ },
597
+ "/*"
598
+ ]
599
+ ]
600
+ }
601
+ }
602
+ ],
603
+ "Version": "2012-10-17"
604
+ }
605
+ }
606
+ },
607
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource00DB3AC8": {
608
+ "Type": "Custom::S3AutoDeleteObjects",
609
+ "Properties": {
610
+ "ServiceToken": {
611
+ "Fn::GetAtt": [
612
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
613
+ "Arn"
614
+ ]
615
+ },
616
+ "BucketName": {
617
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
618
+ }
619
+ },
620
+ "DependsOn": [
621
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogPolicy0C078528"
622
+ ],
623
+ "UpdateReplacePolicy": "Delete",
624
+ "DeletionPolicy": "Delete"
625
+ },
626
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC": {
627
+ "Type": "AWS::S3::Bucket",
628
+ "Properties": {
629
+ "AccessControl": "LogDeliveryWrite",
630
+ "BucketEncryption": {
631
+ "ServerSideEncryptionConfiguration": [
632
+ {
633
+ "ServerSideEncryptionByDefault": {
634
+ "SSEAlgorithm": "AES256"
635
+ }
636
+ }
637
+ ]
638
+ },
639
+ "LifecycleConfiguration": {
640
+ "Rules": [
641
+ {
642
+ "Status": "Enabled",
643
+ "Transitions": [
644
+ {
645
+ "StorageClass": "GLACIER",
646
+ "TransitionInDays": 7
647
+ }
648
+ ]
649
+ }
650
+ ]
651
+ },
652
+ "LoggingConfiguration": {
653
+ "DestinationBucketName": {
654
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
655
+ }
656
+ },
657
+ "OwnershipControls": {
658
+ "Rules": [
659
+ {
660
+ "ObjectOwnership": "ObjectWriter"
661
+ }
662
+ ]
663
+ },
664
+ "PublicAccessBlockConfiguration": {
665
+ "BlockPublicAcls": true,
666
+ "BlockPublicPolicy": true,
667
+ "IgnorePublicAcls": true,
668
+ "RestrictPublicBuckets": true
669
+ },
670
+ "Tags": [
671
+ {
672
+ "Key": "aws-cdk:auto-delete-objects",
673
+ "Value": "true"
674
+ }
675
+ ],
676
+ "VersioningConfiguration": {
677
+ "Status": "Enabled"
678
+ }
679
+ },
680
+ "UpdateReplacePolicy": "Delete",
681
+ "DeletionPolicy": "Delete"
682
+ },
683
+ "testcloudfrontoais3CloudfrontLoggingBucketPolicy2130EE92": {
684
+ "Type": "AWS::S3::BucketPolicy",
685
+ "Properties": {
686
+ "Bucket": {
687
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC"
688
+ },
689
+ "PolicyDocument": {
690
+ "Statement": [
691
+ {
692
+ "Action": "s3:*",
693
+ "Condition": {
694
+ "Bool": {
695
+ "aws:SecureTransport": "false"
696
+ }
697
+ },
698
+ "Effect": "Deny",
699
+ "Principal": {
700
+ "AWS": "*"
701
+ },
702
+ "Resource": [
703
+ {
704
+ "Fn::GetAtt": [
705
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
706
+ "Arn"
707
+ ]
708
+ },
709
+ {
710
+ "Fn::Join": [
711
+ "",
712
+ [
713
+ {
714
+ "Fn::GetAtt": [
715
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
716
+ "Arn"
717
+ ]
718
+ },
719
+ "/*"
720
+ ]
721
+ ]
722
+ }
723
+ ]
724
+ },
725
+ {
726
+ "Action": [
727
+ "s3:DeleteObject*",
728
+ "s3:GetBucket*",
729
+ "s3:List*",
730
+ "s3:PutBucketPolicy"
731
+ ],
732
+ "Effect": "Allow",
733
+ "Principal": {
734
+ "AWS": {
735
+ "Fn::GetAtt": [
736
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
737
+ "Arn"
738
+ ]
739
+ }
740
+ },
741
+ "Resource": [
742
+ {
743
+ "Fn::GetAtt": [
744
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
745
+ "Arn"
746
+ ]
747
+ },
748
+ {
749
+ "Fn::Join": [
750
+ "",
751
+ [
752
+ {
753
+ "Fn::GetAtt": [
754
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
755
+ "Arn"
756
+ ]
757
+ },
758
+ "/*"
759
+ ]
760
+ ]
761
+ }
762
+ ]
763
+ }
764
+ ],
765
+ "Version": "2012-10-17"
766
+ }
767
+ }
768
+ },
769
+ "testcloudfrontoais3CloudfrontLoggingBucketAutoDeleteObjectsCustomResourceE88BD625": {
770
+ "Type": "Custom::S3AutoDeleteObjects",
771
+ "Properties": {
772
+ "ServiceToken": {
773
+ "Fn::GetAtt": [
774
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
775
+ "Arn"
776
+ ]
777
+ },
778
+ "BucketName": {
779
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC"
780
+ }
781
+ },
782
+ "DependsOn": [
783
+ "testcloudfrontoais3CloudfrontLoggingBucketPolicy2130EE92"
784
+ ],
785
+ "UpdateReplacePolicy": "Delete",
786
+ "DeletionPolicy": "Delete"
787
+ },
788
+ "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1": {
789
+ "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
790
+ "Properties": {
791
+ "CloudFrontOriginAccessIdentityConfig": {
792
+ "Comment": "Identity for cftoais3customLoggingBucketstestcloudfrontoais3CloudFrontDistributionOrigin108880941"
793
+ }
794
+ }
795
+ },
796
+ "testcloudfrontoais3CloudFrontDistribution0E089CC5": {
797
+ "Type": "AWS::CloudFront::Distribution",
798
+ "Properties": {
799
+ "DistributionConfig": {
800
+ "DefaultCacheBehavior": {
801
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
802
+ "Compress": true,
803
+ "FunctionAssociations": [
804
+ {
805
+ "EventType": "viewer-response",
806
+ "FunctionARN": {
807
+ "Fn::GetAtt": [
808
+ "testcloudfrontoais3SetHttpSecurityHeaders4EB3C97B",
809
+ "FunctionARN"
810
+ ]
811
+ }
812
+ }
813
+ ],
814
+ "TargetOriginId": "cftoais3customLoggingBucketstestcloudfrontoais3CloudFrontDistributionOrigin108880941",
815
+ "ViewerProtocolPolicy": "redirect-to-https"
816
+ },
817
+ "DefaultRootObject": "index.html",
818
+ "Enabled": true,
819
+ "HttpVersion": "http2",
820
+ "IPV6Enabled": true,
821
+ "Logging": {
822
+ "Bucket": {
823
+ "Fn::GetAtt": [
824
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
825
+ "RegionalDomainName"
826
+ ]
827
+ }
828
+ },
829
+ "Origins": [
830
+ {
831
+ "DomainName": {
832
+ "Fn::GetAtt": [
833
+ "testcloudfrontoais3S3Bucket578AB9F3",
834
+ "RegionalDomainName"
835
+ ]
836
+ },
837
+ "Id": "cftoais3customLoggingBucketstestcloudfrontoais3CloudFrontDistributionOrigin108880941",
838
+ "S3OriginConfig": {
839
+ "OriginAccessIdentity": {
840
+ "Fn::Join": [
841
+ "",
842
+ [
843
+ "origin-access-identity/cloudfront/",
844
+ {
845
+ "Ref": "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1"
846
+ }
847
+ ]
848
+ ]
849
+ }
850
+ }
851
+ }
852
+ ]
853
+ }
854
+ },
855
+ "Metadata": {
856
+ "cfn_nag": {
857
+ "rules_to_suppress": [
858
+ {
859
+ "id": "W70",
860
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
861
+ }
862
+ ]
863
+ }
864
+ }
865
+ },
866
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
867
+ "Type": "AWS::IAM::Role",
868
+ "Properties": {
869
+ "AssumeRolePolicyDocument": {
870
+ "Version": "2012-10-17",
871
+ "Statement": [
872
+ {
873
+ "Action": "sts:AssumeRole",
874
+ "Effect": "Allow",
875
+ "Principal": {
876
+ "Service": "lambda.amazonaws.com"
877
+ }
878
+ }
879
+ ]
880
+ },
881
+ "ManagedPolicyArns": [
882
+ {
883
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
884
+ }
885
+ ]
886
+ }
887
+ },
888
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
889
+ "Type": "AWS::Lambda::Function",
890
+ "Properties": {
891
+ "Code": {
892
+ "S3Bucket": {
893
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
894
+ },
895
+ "S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
896
+ },
897
+ "Timeout": 900,
898
+ "MemorySize": 128,
899
+ "Handler": "index.handler",
900
+ "Role": {
901
+ "Fn::GetAtt": [
902
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
903
+ "Arn"
904
+ ]
905
+ },
906
+ "Runtime": {
907
+ "Fn::FindInMap": [
908
+ "LatestNodeRuntimeMap",
909
+ {
910
+ "Ref": "AWS::Region"
911
+ },
912
+ "value"
913
+ ]
914
+ },
915
+ "Description": {
916
+ "Fn::Join": [
917
+ "",
918
+ [
919
+ "Lambda function for auto-deleting objects in ",
920
+ {
921
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
922
+ },
923
+ " S3 bucket."
924
+ ]
925
+ ]
926
+ }
927
+ },
928
+ "DependsOn": [
929
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
930
+ ],
931
+ "Metadata": {
932
+ "cfn_nag": {
933
+ "rules_to_suppress": [
934
+ {
935
+ "id": "W58",
936
+ "reason": "CDK generated custom resource"
937
+ },
938
+ {
939
+ "id": "W89",
940
+ "reason": "CDK generated custom resource"
941
+ },
942
+ {
943
+ "id": "W92",
944
+ "reason": "CDK generated custom resource"
945
+ }
946
+ ]
947
+ }
948
+ }
949
+ }
950
+ },
951
+ "Mappings": {
952
+ "LatestNodeRuntimeMap": {
953
+ "af-south-1": {
954
+ "value": "nodejs20.x"
955
+ },
956
+ "ap-east-1": {
957
+ "value": "nodejs20.x"
958
+ },
959
+ "ap-northeast-1": {
960
+ "value": "nodejs20.x"
961
+ },
962
+ "ap-northeast-2": {
963
+ "value": "nodejs20.x"
964
+ },
965
+ "ap-northeast-3": {
966
+ "value": "nodejs20.x"
967
+ },
968
+ "ap-south-1": {
969
+ "value": "nodejs20.x"
970
+ },
971
+ "ap-south-2": {
972
+ "value": "nodejs20.x"
973
+ },
974
+ "ap-southeast-1": {
975
+ "value": "nodejs20.x"
976
+ },
977
+ "ap-southeast-2": {
978
+ "value": "nodejs20.x"
979
+ },
980
+ "ap-southeast-3": {
981
+ "value": "nodejs20.x"
982
+ },
983
+ "ap-southeast-4": {
984
+ "value": "nodejs20.x"
985
+ },
986
+ "ap-southeast-5": {
987
+ "value": "nodejs20.x"
988
+ },
989
+ "ap-southeast-7": {
990
+ "value": "nodejs20.x"
991
+ },
992
+ "ca-central-1": {
993
+ "value": "nodejs20.x"
994
+ },
995
+ "ca-west-1": {
996
+ "value": "nodejs20.x"
997
+ },
998
+ "cn-north-1": {
999
+ "value": "nodejs18.x"
1000
+ },
1001
+ "cn-northwest-1": {
1002
+ "value": "nodejs18.x"
1003
+ },
1004
+ "eu-central-1": {
1005
+ "value": "nodejs20.x"
1006
+ },
1007
+ "eu-central-2": {
1008
+ "value": "nodejs20.x"
1009
+ },
1010
+ "eu-isoe-west-1": {
1011
+ "value": "nodejs18.x"
1012
+ },
1013
+ "eu-north-1": {
1014
+ "value": "nodejs20.x"
1015
+ },
1016
+ "eu-south-1": {
1017
+ "value": "nodejs20.x"
1018
+ },
1019
+ "eu-south-2": {
1020
+ "value": "nodejs20.x"
1021
+ },
1022
+ "eu-west-1": {
1023
+ "value": "nodejs20.x"
1024
+ },
1025
+ "eu-west-2": {
1026
+ "value": "nodejs20.x"
1027
+ },
1028
+ "eu-west-3": {
1029
+ "value": "nodejs20.x"
1030
+ },
1031
+ "il-central-1": {
1032
+ "value": "nodejs20.x"
1033
+ },
1034
+ "me-central-1": {
1035
+ "value": "nodejs20.x"
1036
+ },
1037
+ "me-south-1": {
1038
+ "value": "nodejs20.x"
1039
+ },
1040
+ "mx-central-1": {
1041
+ "value": "nodejs20.x"
1042
+ },
1043
+ "sa-east-1": {
1044
+ "value": "nodejs20.x"
1045
+ },
1046
+ "us-east-1": {
1047
+ "value": "nodejs20.x"
1048
+ },
1049
+ "us-east-2": {
1050
+ "value": "nodejs20.x"
1051
+ },
1052
+ "us-gov-east-1": {
1053
+ "value": "nodejs18.x"
1054
+ },
1055
+ "us-gov-west-1": {
1056
+ "value": "nodejs18.x"
1057
+ },
1058
+ "us-iso-east-1": {
1059
+ "value": "nodejs18.x"
1060
+ },
1061
+ "us-iso-west-1": {
1062
+ "value": "nodejs18.x"
1063
+ },
1064
+ "us-isob-east-1": {
1065
+ "value": "nodejs18.x"
1066
+ },
1067
+ "us-west-1": {
1068
+ "value": "nodejs20.x"
1069
+ },
1070
+ "us-west-2": {
1071
+ "value": "nodejs20.x"
1072
+ }
1073
+ }
1074
+ },
1075
+ "Parameters": {
1076
+ "BootstrapVersion": {
1077
+ "Type": "AWS::SSM::Parameter::Value<String>",
1078
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1079
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1080
+ }
1081
+ },
1082
+ "Rules": {
1083
+ "CheckBootstrapVersion": {
1084
+ "Assertions": [
1085
+ {
1086
+ "Assert": {
1087
+ "Fn::Not": [
1088
+ {
1089
+ "Fn::Contains": [
1090
+ [
1091
+ "1",
1092
+ "2",
1093
+ "3",
1094
+ "4",
1095
+ "5"
1096
+ ],
1097
+ {
1098
+ "Ref": "BootstrapVersion"
1099
+ }
1100
+ ]
1101
+ }
1102
+ ]
1103
+ },
1104
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1105
+ }
1106
+ ]
1107
+ }
1108
+ }
1109
+ }