@aws-solutions-constructs/aws-cloudfront-oai-s3 2.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/.jsii +4403 -0
  2. package/README.md +109 -0
  3. package/architecture.png +0 -0
  4. package/integ.config.json +7 -0
  5. package/lib/index.d.ts +118 -0
  6. package/lib/index.js +106 -0
  7. package/package.json +95 -0
  8. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts +13 -0
  9. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +56 -0
  10. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  11. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  12. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +32 -0
  13. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +1061 -0
  14. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.assets.json +19 -0
  15. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.template.json +36 -0
  16. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  17. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +215 -0
  18. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +1105 -0
  19. package/test/integ.cftoais3-custom-headers.d.ts +13 -0
  20. package/test/integ.cftoais3-custom-headers.js +71 -0
  21. package/test/integ.cftoais3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  22. package/test/integ.cftoais3-custom-headers.js.snapshot/cdk.out +1 -0
  23. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.assets.json +32 -0
  24. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.template.json +1116 -0
  25. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.assets.json +19 -0
  26. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.template.json +36 -0
  27. package/test/integ.cftoais3-custom-headers.js.snapshot/integ.json +12 -0
  28. package/test/integ.cftoais3-custom-headers.js.snapshot/manifest.json +227 -0
  29. package/test/integ.cftoais3-custom-headers.js.snapshot/tree.json +1196 -0
  30. package/test/integ.cftoais3-custom-originPath.d.ts +13 -0
  31. package/test/integ.cftoais3-custom-originPath.js +48 -0
  32. package/test/integ.cftoais3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  33. package/test/integ.cftoais3-custom-originPath.js.snapshot/cdk.out +1 -0
  34. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.assets.json +32 -0
  35. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.template.json +1085 -0
  36. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.assets.json +19 -0
  37. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.template.json +36 -0
  38. package/test/integ.cftoais3-custom-originPath.js.snapshot/integ.json +12 -0
  39. package/test/integ.cftoais3-custom-originPath.js.snapshot/manifest.json +221 -0
  40. package/test/integ.cftoais3-custom-originPath.js.snapshot/tree.json +1147 -0
  41. package/test/integ.cftoais3-customLoggingBuckets.d.ts +13 -0
  42. package/test/integ.cftoais3-customLoggingBuckets.js +64 -0
  43. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  44. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  45. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.assets.json +32 -0
  46. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.template.json +1109 -0
  47. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.assets.json +19 -0
  48. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.template.json +36 -0
  49. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  50. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/manifest.json +221 -0
  51. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/tree.json +1172 -0
  52. package/test/integ.cftoais3-existing-bucket.d.ts +13 -0
  53. package/test/integ.cftoais3-existing-bucket.js +59 -0
  54. package/test/integ.cftoais3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  55. package/test/integ.cftoais3-existing-bucket.js.snapshot/cdk.out +1 -0
  56. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.assets.json +32 -0
  57. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.template.json +1131 -0
  58. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.assets.json +19 -0
  59. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.template.json +36 -0
  60. package/test/integ.cftoais3-existing-bucket.js.snapshot/integ.json +12 -0
  61. package/test/integ.cftoais3-existing-bucket.js.snapshot/manifest.json +233 -0
  62. package/test/integ.cftoais3-existing-bucket.js.snapshot/tree.json +1240 -0
  63. package/test/integ.cftoais3-no-arguments.d.ts +13 -0
  64. package/test/integ.cftoais3-no-arguments.js +53 -0
  65. package/test/integ.cftoais3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  66. package/test/integ.cftoais3-no-arguments.js.snapshot/cdk.out +1 -0
  67. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.assets.json +32 -0
  68. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.template.json +1094 -0
  69. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.assets.json +19 -0
  70. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.template.json +36 -0
  71. package/test/integ.cftoais3-no-arguments.js.snapshot/integ.json +12 -0
  72. package/test/integ.cftoais3-no-arguments.js.snapshot/manifest.json +356 -0
  73. package/test/integ.cftoais3-no-arguments.js.snapshot/tree.json +1146 -0
  74. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.d.ts +13 -0
  75. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js +60 -0
  76. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  77. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -0
  78. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.assets.json +32 -0
  79. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.template.json +743 -0
  80. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.assets.json +19 -0
  81. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.template.json +36 -0
  82. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +12 -0
  83. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +185 -0
  84. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +726 -0
  85. package/test/integ.cftoais3-no-logging.d.ts +13 -0
  86. package/test/integ.cftoais3-no-logging.js +56 -0
  87. package/test/integ.cftoais3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  88. package/test/integ.cftoais3-no-logging.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.assets.json +32 -0
  90. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.template.json +576 -0
  91. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.assets.json +19 -0
  92. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.template.json +36 -0
  93. package/test/integ.cftoais3-no-logging.js.snapshot/integ.json +12 -0
  94. package/test/integ.cftoais3-no-logging.js.snapshot/manifest.json +167 -0
  95. package/test/integ.cftoais3-no-logging.js.snapshot/tree.json +542 -0
  96. package/test/integ.cftoais3-no-security-headers.d.ts +13 -0
  97. package/test/integ.cftoais3-no-security-headers.js +50 -0
  98. package/test/integ.cftoais3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  99. package/test/integ.cftoais3-no-security-headers.js.snapshot/cdk.out +1 -0
  100. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.assets.json +32 -0
  101. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.template.json +1061 -0
  102. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.assets.json +19 -0
  103. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.template.json +36 -0
  104. package/test/integ.cftoais3-no-security-headers.js.snapshot/integ.json +12 -0
  105. package/test/integ.cftoais3-no-security-headers.js.snapshot/manifest.json +215 -0
  106. package/test/integ.cftoais3-no-security-headers.js.snapshot/tree.json +1105 -0
  107. package/test/test.cloudfront-oai-s3.test.d.ts +13 -0
  108. package/test/test.cloudfront-oai-s3.test.js +702 -0
@@ -0,0 +1,1131 @@
1
+ {
2
+ "Resources": {
3
+ "scrapBucketLog7B53B25C": {
4
+ "Type": "AWS::S3::Bucket",
5
+ "Properties": {
6
+ "BucketEncryption": {
7
+ "ServerSideEncryptionConfiguration": [
8
+ {
9
+ "ServerSideEncryptionByDefault": {
10
+ "SSEAlgorithm": "AES256"
11
+ }
12
+ }
13
+ ]
14
+ },
15
+ "Tags": [
16
+ {
17
+ "Key": "aws-cdk:auto-delete-objects",
18
+ "Value": "true"
19
+ }
20
+ ],
21
+ "VersioningConfiguration": {
22
+ "Status": "Enabled"
23
+ }
24
+ },
25
+ "UpdateReplacePolicy": "Delete",
26
+ "DeletionPolicy": "Delete",
27
+ "Metadata": {
28
+ "cfn_nag": {
29
+ "rules_to_suppress": [
30
+ {
31
+ "id": "W35",
32
+ "reason": "This is a log bucket"
33
+ }
34
+ ]
35
+ }
36
+ }
37
+ },
38
+ "scrapBucketLogPolicy2972C573": {
39
+ "Type": "AWS::S3::BucketPolicy",
40
+ "Properties": {
41
+ "Bucket": {
42
+ "Ref": "scrapBucketLog7B53B25C"
43
+ },
44
+ "PolicyDocument": {
45
+ "Statement": [
46
+ {
47
+ "Action": "s3:*",
48
+ "Condition": {
49
+ "Bool": {
50
+ "aws:SecureTransport": "false"
51
+ }
52
+ },
53
+ "Effect": "Deny",
54
+ "Principal": {
55
+ "AWS": "*"
56
+ },
57
+ "Resource": [
58
+ {
59
+ "Fn::GetAtt": [
60
+ "scrapBucketLog7B53B25C",
61
+ "Arn"
62
+ ]
63
+ },
64
+ {
65
+ "Fn::Join": [
66
+ "",
67
+ [
68
+ {
69
+ "Fn::GetAtt": [
70
+ "scrapBucketLog7B53B25C",
71
+ "Arn"
72
+ ]
73
+ },
74
+ "/*"
75
+ ]
76
+ ]
77
+ }
78
+ ]
79
+ },
80
+ {
81
+ "Action": [
82
+ "s3:DeleteObject*",
83
+ "s3:GetBucket*",
84
+ "s3:List*",
85
+ "s3:PutBucketPolicy"
86
+ ],
87
+ "Effect": "Allow",
88
+ "Principal": {
89
+ "AWS": {
90
+ "Fn::GetAtt": [
91
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
92
+ "Arn"
93
+ ]
94
+ }
95
+ },
96
+ "Resource": [
97
+ {
98
+ "Fn::GetAtt": [
99
+ "scrapBucketLog7B53B25C",
100
+ "Arn"
101
+ ]
102
+ },
103
+ {
104
+ "Fn::Join": [
105
+ "",
106
+ [
107
+ {
108
+ "Fn::GetAtt": [
109
+ "scrapBucketLog7B53B25C",
110
+ "Arn"
111
+ ]
112
+ },
113
+ "/*"
114
+ ]
115
+ ]
116
+ }
117
+ ]
118
+ },
119
+ {
120
+ "Action": "s3:PutObject",
121
+ "Condition": {
122
+ "ArnLike": {
123
+ "aws:SourceArn": {
124
+ "Fn::GetAtt": [
125
+ "scrapBucketB11863B7",
126
+ "Arn"
127
+ ]
128
+ }
129
+ },
130
+ "StringEquals": {
131
+ "aws:SourceAccount": {
132
+ "Ref": "AWS::AccountId"
133
+ }
134
+ }
135
+ },
136
+ "Effect": "Allow",
137
+ "Principal": {
138
+ "Service": "logging.s3.amazonaws.com"
139
+ },
140
+ "Resource": {
141
+ "Fn::Join": [
142
+ "",
143
+ [
144
+ {
145
+ "Fn::GetAtt": [
146
+ "scrapBucketLog7B53B25C",
147
+ "Arn"
148
+ ]
149
+ },
150
+ "/*"
151
+ ]
152
+ ]
153
+ }
154
+ }
155
+ ],
156
+ "Version": "2012-10-17"
157
+ }
158
+ }
159
+ },
160
+ "scrapBucketLogAutoDeleteObjectsCustomResource307F3D47": {
161
+ "Type": "Custom::S3AutoDeleteObjects",
162
+ "Properties": {
163
+ "ServiceToken": {
164
+ "Fn::GetAtt": [
165
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
166
+ "Arn"
167
+ ]
168
+ },
169
+ "BucketName": {
170
+ "Ref": "scrapBucketLog7B53B25C"
171
+ }
172
+ },
173
+ "DependsOn": [
174
+ "scrapBucketLogPolicy2972C573"
175
+ ],
176
+ "UpdateReplacePolicy": "Delete",
177
+ "DeletionPolicy": "Delete"
178
+ },
179
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
180
+ "Type": "AWS::IAM::Role",
181
+ "Properties": {
182
+ "AssumeRolePolicyDocument": {
183
+ "Version": "2012-10-17",
184
+ "Statement": [
185
+ {
186
+ "Action": "sts:AssumeRole",
187
+ "Effect": "Allow",
188
+ "Principal": {
189
+ "Service": "lambda.amazonaws.com"
190
+ }
191
+ }
192
+ ]
193
+ },
194
+ "ManagedPolicyArns": [
195
+ {
196
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
197
+ }
198
+ ]
199
+ }
200
+ },
201
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
202
+ "Type": "AWS::Lambda::Function",
203
+ "Properties": {
204
+ "Code": {
205
+ "S3Bucket": {
206
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
207
+ },
208
+ "S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
209
+ },
210
+ "Timeout": 900,
211
+ "MemorySize": 128,
212
+ "Handler": "index.handler",
213
+ "Role": {
214
+ "Fn::GetAtt": [
215
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
216
+ "Arn"
217
+ ]
218
+ },
219
+ "Runtime": {
220
+ "Fn::FindInMap": [
221
+ "LatestNodeRuntimeMap",
222
+ {
223
+ "Ref": "AWS::Region"
224
+ },
225
+ "value"
226
+ ]
227
+ },
228
+ "Description": {
229
+ "Fn::Join": [
230
+ "",
231
+ [
232
+ "Lambda function for auto-deleting objects in ",
233
+ {
234
+ "Ref": "scrapBucketLog7B53B25C"
235
+ },
236
+ " S3 bucket."
237
+ ]
238
+ ]
239
+ }
240
+ },
241
+ "DependsOn": [
242
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
243
+ ],
244
+ "Metadata": {
245
+ "cfn_nag": {
246
+ "rules_to_suppress": [
247
+ {
248
+ "id": "W58",
249
+ "reason": "CDK generated custom resource"
250
+ },
251
+ {
252
+ "id": "W89",
253
+ "reason": "CDK generated custom resource"
254
+ },
255
+ {
256
+ "id": "W92",
257
+ "reason": "CDK generated custom resource"
258
+ }
259
+ ]
260
+ }
261
+ }
262
+ },
263
+ "scrapBucketB11863B7": {
264
+ "Type": "AWS::S3::Bucket",
265
+ "Properties": {
266
+ "BucketEncryption": {
267
+ "ServerSideEncryptionConfiguration": [
268
+ {
269
+ "ServerSideEncryptionByDefault": {
270
+ "SSEAlgorithm": "AES256"
271
+ }
272
+ }
273
+ ]
274
+ },
275
+ "LoggingConfiguration": {
276
+ "DestinationBucketName": {
277
+ "Ref": "scrapBucketLog7B53B25C"
278
+ }
279
+ },
280
+ "Tags": [
281
+ {
282
+ "Key": "aws-cdk:auto-delete-objects",
283
+ "Value": "true"
284
+ }
285
+ ],
286
+ "VersioningConfiguration": {
287
+ "Status": "Enabled"
288
+ }
289
+ },
290
+ "UpdateReplacePolicy": "Delete",
291
+ "DeletionPolicy": "Delete"
292
+ },
293
+ "scrapBucketPolicy189B0607": {
294
+ "Type": "AWS::S3::BucketPolicy",
295
+ "Properties": {
296
+ "Bucket": {
297
+ "Ref": "scrapBucketB11863B7"
298
+ },
299
+ "PolicyDocument": {
300
+ "Statement": [
301
+ {
302
+ "Action": "s3:*",
303
+ "Condition": {
304
+ "Bool": {
305
+ "aws:SecureTransport": "false"
306
+ }
307
+ },
308
+ "Effect": "Deny",
309
+ "Principal": {
310
+ "AWS": "*"
311
+ },
312
+ "Resource": [
313
+ {
314
+ "Fn::GetAtt": [
315
+ "scrapBucketB11863B7",
316
+ "Arn"
317
+ ]
318
+ },
319
+ {
320
+ "Fn::Join": [
321
+ "",
322
+ [
323
+ {
324
+ "Fn::GetAtt": [
325
+ "scrapBucketB11863B7",
326
+ "Arn"
327
+ ]
328
+ },
329
+ "/*"
330
+ ]
331
+ ]
332
+ }
333
+ ]
334
+ },
335
+ {
336
+ "Action": [
337
+ "s3:DeleteObject*",
338
+ "s3:GetBucket*",
339
+ "s3:List*",
340
+ "s3:PutBucketPolicy"
341
+ ],
342
+ "Effect": "Allow",
343
+ "Principal": {
344
+ "AWS": {
345
+ "Fn::GetAtt": [
346
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
347
+ "Arn"
348
+ ]
349
+ }
350
+ },
351
+ "Resource": [
352
+ {
353
+ "Fn::GetAtt": [
354
+ "scrapBucketB11863B7",
355
+ "Arn"
356
+ ]
357
+ },
358
+ {
359
+ "Fn::Join": [
360
+ "",
361
+ [
362
+ {
363
+ "Fn::GetAtt": [
364
+ "scrapBucketB11863B7",
365
+ "Arn"
366
+ ]
367
+ },
368
+ "/*"
369
+ ]
370
+ ]
371
+ }
372
+ ]
373
+ },
374
+ {
375
+ "Action": "s3:GetObject",
376
+ "Effect": "Allow",
377
+ "Principal": {
378
+ "CanonicalUser": [
379
+ {
380
+ "Fn::GetAtt": [
381
+ "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1",
382
+ "S3CanonicalUserId"
383
+ ]
384
+ },
385
+ {
386
+ "Fn::GetAtt": [
387
+ "testcloudfrontoais3CloudFrontDistributionOrigin2S3Origin226F4E91",
388
+ "S3CanonicalUserId"
389
+ ]
390
+ }
391
+ ]
392
+ },
393
+ "Resource": {
394
+ "Fn::Join": [
395
+ "",
396
+ [
397
+ {
398
+ "Fn::GetAtt": [
399
+ "scrapBucketB11863B7",
400
+ "Arn"
401
+ ]
402
+ },
403
+ "/*"
404
+ ]
405
+ ]
406
+ }
407
+ },
408
+ {
409
+ "Action": "s3:GetObject",
410
+ "Condition": {
411
+ "StringEquals": {
412
+ "AWS:SourceArn": {
413
+ "Fn::Join": [
414
+ "",
415
+ [
416
+ "arn:",
417
+ {
418
+ "Ref": "AWS::Partition"
419
+ },
420
+ ":cloudfront::",
421
+ {
422
+ "Ref": "AWS::AccountId"
423
+ },
424
+ ":distribution/",
425
+ {
426
+ "Ref": "testcloudfrontoais3CloudFrontDistribution0E089CC5"
427
+ }
428
+ ]
429
+ ]
430
+ }
431
+ }
432
+ },
433
+ "Effect": "Allow",
434
+ "Principal": {
435
+ "Service": "cloudfront.amazonaws.com"
436
+ },
437
+ "Resource": {
438
+ "Fn::Join": [
439
+ "",
440
+ [
441
+ {
442
+ "Fn::GetAtt": [
443
+ "scrapBucketB11863B7",
444
+ "Arn"
445
+ ]
446
+ },
447
+ "/*"
448
+ ]
449
+ ]
450
+ }
451
+ }
452
+ ],
453
+ "Version": "2012-10-17"
454
+ }
455
+ },
456
+ "Metadata": {
457
+ "cfn_nag": {
458
+ "rules_to_suppress": [
459
+ {
460
+ "id": "F16",
461
+ "reason": "Public website bucket policy requires a wildcard principal"
462
+ }
463
+ ]
464
+ }
465
+ }
466
+ },
467
+ "scrapBucketAutoDeleteObjectsCustomResourceFFFC3275": {
468
+ "Type": "Custom::S3AutoDeleteObjects",
469
+ "Properties": {
470
+ "ServiceToken": {
471
+ "Fn::GetAtt": [
472
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
473
+ "Arn"
474
+ ]
475
+ },
476
+ "BucketName": {
477
+ "Ref": "scrapBucketB11863B7"
478
+ }
479
+ },
480
+ "DependsOn": [
481
+ "scrapBucketPolicy189B0607"
482
+ ],
483
+ "UpdateReplacePolicy": "Delete",
484
+ "DeletionPolicy": "Delete"
485
+ },
486
+ "testcloudfrontoais3SetHttpSecurityHeaders4EB3C97B": {
487
+ "Type": "AWS::CloudFront::Function",
488
+ "Properties": {
489
+ "AutoPublish": true,
490
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
491
+ "FunctionConfig": {
492
+ "Comment": "SetHttpSecurityHeadersc88f9647f3c3880b7dc1e2842431b60acc15da4a92",
493
+ "Runtime": "cloudfront-js-1.0"
494
+ },
495
+ "Name": "SetHttpSecurityHeadersc88f9647f3c3880b7dc1e2842431b60acc15da4a92"
496
+ }
497
+ },
498
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80": {
499
+ "Type": "AWS::S3::Bucket",
500
+ "Properties": {
501
+ "BucketEncryption": {
502
+ "ServerSideEncryptionConfiguration": [
503
+ {
504
+ "ServerSideEncryptionByDefault": {
505
+ "SSEAlgorithm": "AES256"
506
+ }
507
+ }
508
+ ]
509
+ },
510
+ "PublicAccessBlockConfiguration": {
511
+ "BlockPublicAcls": true,
512
+ "BlockPublicPolicy": true,
513
+ "IgnorePublicAcls": true,
514
+ "RestrictPublicBuckets": true
515
+ },
516
+ "Tags": [
517
+ {
518
+ "Key": "aws-cdk:auto-delete-objects",
519
+ "Value": "true"
520
+ }
521
+ ],
522
+ "VersioningConfiguration": {
523
+ "Status": "Enabled"
524
+ }
525
+ },
526
+ "UpdateReplacePolicy": "Delete",
527
+ "DeletionPolicy": "Delete",
528
+ "Metadata": {
529
+ "cfn_nag": {
530
+ "rules_to_suppress": [
531
+ {
532
+ "id": "W35",
533
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
534
+ }
535
+ ]
536
+ }
537
+ }
538
+ },
539
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogPolicy0C078528": {
540
+ "Type": "AWS::S3::BucketPolicy",
541
+ "Properties": {
542
+ "Bucket": {
543
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
544
+ },
545
+ "PolicyDocument": {
546
+ "Statement": [
547
+ {
548
+ "Action": "s3:*",
549
+ "Condition": {
550
+ "Bool": {
551
+ "aws:SecureTransport": "false"
552
+ }
553
+ },
554
+ "Effect": "Deny",
555
+ "Principal": {
556
+ "AWS": "*"
557
+ },
558
+ "Resource": [
559
+ {
560
+ "Fn::GetAtt": [
561
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
562
+ "Arn"
563
+ ]
564
+ },
565
+ {
566
+ "Fn::Join": [
567
+ "",
568
+ [
569
+ {
570
+ "Fn::GetAtt": [
571
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
572
+ "Arn"
573
+ ]
574
+ },
575
+ "/*"
576
+ ]
577
+ ]
578
+ }
579
+ ]
580
+ },
581
+ {
582
+ "Action": [
583
+ "s3:DeleteObject*",
584
+ "s3:GetBucket*",
585
+ "s3:List*",
586
+ "s3:PutBucketPolicy"
587
+ ],
588
+ "Effect": "Allow",
589
+ "Principal": {
590
+ "AWS": {
591
+ "Fn::GetAtt": [
592
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
593
+ "Arn"
594
+ ]
595
+ }
596
+ },
597
+ "Resource": [
598
+ {
599
+ "Fn::GetAtt": [
600
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
601
+ "Arn"
602
+ ]
603
+ },
604
+ {
605
+ "Fn::Join": [
606
+ "",
607
+ [
608
+ {
609
+ "Fn::GetAtt": [
610
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
611
+ "Arn"
612
+ ]
613
+ },
614
+ "/*"
615
+ ]
616
+ ]
617
+ }
618
+ ]
619
+ },
620
+ {
621
+ "Action": "s3:PutObject",
622
+ "Condition": {
623
+ "ArnLike": {
624
+ "aws:SourceArn": {
625
+ "Fn::GetAtt": [
626
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
627
+ "Arn"
628
+ ]
629
+ }
630
+ },
631
+ "StringEquals": {
632
+ "aws:SourceAccount": {
633
+ "Ref": "AWS::AccountId"
634
+ }
635
+ }
636
+ },
637
+ "Effect": "Allow",
638
+ "Principal": {
639
+ "Service": "logging.s3.amazonaws.com"
640
+ },
641
+ "Resource": {
642
+ "Fn::Join": [
643
+ "",
644
+ [
645
+ {
646
+ "Fn::GetAtt": [
647
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
648
+ "Arn"
649
+ ]
650
+ },
651
+ "/*"
652
+ ]
653
+ ]
654
+ }
655
+ }
656
+ ],
657
+ "Version": "2012-10-17"
658
+ }
659
+ }
660
+ },
661
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource00DB3AC8": {
662
+ "Type": "Custom::S3AutoDeleteObjects",
663
+ "Properties": {
664
+ "ServiceToken": {
665
+ "Fn::GetAtt": [
666
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
667
+ "Arn"
668
+ ]
669
+ },
670
+ "BucketName": {
671
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
672
+ }
673
+ },
674
+ "DependsOn": [
675
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogPolicy0C078528"
676
+ ],
677
+ "UpdateReplacePolicy": "Delete",
678
+ "DeletionPolicy": "Delete"
679
+ },
680
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC": {
681
+ "Type": "AWS::S3::Bucket",
682
+ "Properties": {
683
+ "AccessControl": "LogDeliveryWrite",
684
+ "BucketEncryption": {
685
+ "ServerSideEncryptionConfiguration": [
686
+ {
687
+ "ServerSideEncryptionByDefault": {
688
+ "SSEAlgorithm": "AES256"
689
+ }
690
+ }
691
+ ]
692
+ },
693
+ "LoggingConfiguration": {
694
+ "DestinationBucketName": {
695
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
696
+ }
697
+ },
698
+ "OwnershipControls": {
699
+ "Rules": [
700
+ {
701
+ "ObjectOwnership": "ObjectWriter"
702
+ }
703
+ ]
704
+ },
705
+ "PublicAccessBlockConfiguration": {
706
+ "BlockPublicAcls": true,
707
+ "BlockPublicPolicy": true,
708
+ "IgnorePublicAcls": true,
709
+ "RestrictPublicBuckets": true
710
+ },
711
+ "Tags": [
712
+ {
713
+ "Key": "aws-cdk:auto-delete-objects",
714
+ "Value": "true"
715
+ }
716
+ ],
717
+ "VersioningConfiguration": {
718
+ "Status": "Enabled"
719
+ }
720
+ },
721
+ "UpdateReplacePolicy": "Delete",
722
+ "DeletionPolicy": "Delete"
723
+ },
724
+ "testcloudfrontoais3CloudfrontLoggingBucketPolicy2130EE92": {
725
+ "Type": "AWS::S3::BucketPolicy",
726
+ "Properties": {
727
+ "Bucket": {
728
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC"
729
+ },
730
+ "PolicyDocument": {
731
+ "Statement": [
732
+ {
733
+ "Action": "s3:*",
734
+ "Condition": {
735
+ "Bool": {
736
+ "aws:SecureTransport": "false"
737
+ }
738
+ },
739
+ "Effect": "Deny",
740
+ "Principal": {
741
+ "AWS": "*"
742
+ },
743
+ "Resource": [
744
+ {
745
+ "Fn::GetAtt": [
746
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
747
+ "Arn"
748
+ ]
749
+ },
750
+ {
751
+ "Fn::Join": [
752
+ "",
753
+ [
754
+ {
755
+ "Fn::GetAtt": [
756
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
757
+ "Arn"
758
+ ]
759
+ },
760
+ "/*"
761
+ ]
762
+ ]
763
+ }
764
+ ]
765
+ },
766
+ {
767
+ "Action": [
768
+ "s3:DeleteObject*",
769
+ "s3:GetBucket*",
770
+ "s3:List*",
771
+ "s3:PutBucketPolicy"
772
+ ],
773
+ "Effect": "Allow",
774
+ "Principal": {
775
+ "AWS": {
776
+ "Fn::GetAtt": [
777
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
778
+ "Arn"
779
+ ]
780
+ }
781
+ },
782
+ "Resource": [
783
+ {
784
+ "Fn::GetAtt": [
785
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
786
+ "Arn"
787
+ ]
788
+ },
789
+ {
790
+ "Fn::Join": [
791
+ "",
792
+ [
793
+ {
794
+ "Fn::GetAtt": [
795
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
796
+ "Arn"
797
+ ]
798
+ },
799
+ "/*"
800
+ ]
801
+ ]
802
+ }
803
+ ]
804
+ }
805
+ ],
806
+ "Version": "2012-10-17"
807
+ }
808
+ }
809
+ },
810
+ "testcloudfrontoais3CloudfrontLoggingBucketAutoDeleteObjectsCustomResourceE88BD625": {
811
+ "Type": "Custom::S3AutoDeleteObjects",
812
+ "Properties": {
813
+ "ServiceToken": {
814
+ "Fn::GetAtt": [
815
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
816
+ "Arn"
817
+ ]
818
+ },
819
+ "BucketName": {
820
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC"
821
+ }
822
+ },
823
+ "DependsOn": [
824
+ "testcloudfrontoais3CloudfrontLoggingBucketPolicy2130EE92"
825
+ ],
826
+ "UpdateReplacePolicy": "Delete",
827
+ "DeletionPolicy": "Delete"
828
+ },
829
+ "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1": {
830
+ "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
831
+ "Properties": {
832
+ "CloudFrontOriginAccessIdentityConfig": {
833
+ "Comment": "Identity for cftoais3existingbuckettestcloudfrontoais3CloudFrontDistributionOrigin151240FB9"
834
+ }
835
+ }
836
+ },
837
+ "testcloudfrontoais3CloudFrontDistribution0E089CC5": {
838
+ "Type": "AWS::CloudFront::Distribution",
839
+ "Properties": {
840
+ "DistributionConfig": {
841
+ "CacheBehaviors": [
842
+ {
843
+ "CachePolicyId": {
844
+ "Ref": "myCachePolicy16CE2FCF"
845
+ },
846
+ "Compress": true,
847
+ "PathPattern": "/images/*.jpg",
848
+ "TargetOriginId": "cftoais3existingbuckettestcloudfrontoais3CloudFrontDistributionOrigin2153DAD64",
849
+ "ViewerProtocolPolicy": "allow-all"
850
+ }
851
+ ],
852
+ "DefaultCacheBehavior": {
853
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
854
+ "Compress": true,
855
+ "FunctionAssociations": [
856
+ {
857
+ "EventType": "viewer-response",
858
+ "FunctionARN": {
859
+ "Fn::GetAtt": [
860
+ "testcloudfrontoais3SetHttpSecurityHeaders4EB3C97B",
861
+ "FunctionARN"
862
+ ]
863
+ }
864
+ }
865
+ ],
866
+ "TargetOriginId": "cftoais3existingbuckettestcloudfrontoais3CloudFrontDistributionOrigin151240FB9",
867
+ "ViewerProtocolPolicy": "redirect-to-https"
868
+ },
869
+ "DefaultRootObject": "index.html",
870
+ "Enabled": true,
871
+ "HttpVersion": "http2",
872
+ "IPV6Enabled": true,
873
+ "Logging": {
874
+ "Bucket": {
875
+ "Fn::GetAtt": [
876
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
877
+ "RegionalDomainName"
878
+ ]
879
+ }
880
+ },
881
+ "Origins": [
882
+ {
883
+ "DomainName": {
884
+ "Fn::GetAtt": [
885
+ "scrapBucketB11863B7",
886
+ "RegionalDomainName"
887
+ ]
888
+ },
889
+ "Id": "cftoais3existingbuckettestcloudfrontoais3CloudFrontDistributionOrigin151240FB9",
890
+ "S3OriginConfig": {
891
+ "OriginAccessIdentity": {
892
+ "Fn::Join": [
893
+ "",
894
+ [
895
+ "origin-access-identity/cloudfront/",
896
+ {
897
+ "Ref": "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1"
898
+ }
899
+ ]
900
+ ]
901
+ }
902
+ }
903
+ },
904
+ {
905
+ "DomainName": {
906
+ "Fn::GetAtt": [
907
+ "scrapBucketB11863B7",
908
+ "RegionalDomainName"
909
+ ]
910
+ },
911
+ "Id": "cftoais3existingbuckettestcloudfrontoais3CloudFrontDistributionOrigin2153DAD64",
912
+ "S3OriginConfig": {
913
+ "OriginAccessIdentity": {
914
+ "Fn::Join": [
915
+ "",
916
+ [
917
+ "origin-access-identity/cloudfront/",
918
+ {
919
+ "Ref": "testcloudfrontoais3CloudFrontDistributionOrigin2S3Origin226F4E91"
920
+ }
921
+ ]
922
+ ]
923
+ }
924
+ }
925
+ }
926
+ ]
927
+ }
928
+ },
929
+ "Metadata": {
930
+ "cfn_nag": {
931
+ "rules_to_suppress": [
932
+ {
933
+ "id": "W70",
934
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
935
+ }
936
+ ]
937
+ }
938
+ }
939
+ },
940
+ "testcloudfrontoais3CloudFrontDistributionOrigin2S3Origin226F4E91": {
941
+ "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
942
+ "Properties": {
943
+ "CloudFrontOriginAccessIdentityConfig": {
944
+ "Comment": "Identity for cftoais3existingbuckettestcloudfrontoais3CloudFrontDistributionOrigin2153DAD64"
945
+ }
946
+ }
947
+ },
948
+ "myCachePolicy16CE2FCF": {
949
+ "Type": "AWS::CloudFront::CachePolicy",
950
+ "Properties": {
951
+ "CachePolicyConfig": {
952
+ "DefaultTTL": 0,
953
+ "MaxTTL": 0,
954
+ "MinTTL": 0,
955
+ "Name": "MyPolicy",
956
+ "ParametersInCacheKeyAndForwardedToOrigin": {
957
+ "CookiesConfig": {
958
+ "CookieBehavior": "none"
959
+ },
960
+ "EnableAcceptEncodingBrotli": false,
961
+ "EnableAcceptEncodingGzip": false,
962
+ "HeadersConfig": {
963
+ "HeaderBehavior": "none"
964
+ },
965
+ "QueryStringsConfig": {
966
+ "QueryStringBehavior": "none"
967
+ }
968
+ }
969
+ }
970
+ }
971
+ }
972
+ },
973
+ "Mappings": {
974
+ "LatestNodeRuntimeMap": {
975
+ "af-south-1": {
976
+ "value": "nodejs20.x"
977
+ },
978
+ "ap-east-1": {
979
+ "value": "nodejs20.x"
980
+ },
981
+ "ap-northeast-1": {
982
+ "value": "nodejs20.x"
983
+ },
984
+ "ap-northeast-2": {
985
+ "value": "nodejs20.x"
986
+ },
987
+ "ap-northeast-3": {
988
+ "value": "nodejs20.x"
989
+ },
990
+ "ap-south-1": {
991
+ "value": "nodejs20.x"
992
+ },
993
+ "ap-south-2": {
994
+ "value": "nodejs20.x"
995
+ },
996
+ "ap-southeast-1": {
997
+ "value": "nodejs20.x"
998
+ },
999
+ "ap-southeast-2": {
1000
+ "value": "nodejs20.x"
1001
+ },
1002
+ "ap-southeast-3": {
1003
+ "value": "nodejs20.x"
1004
+ },
1005
+ "ap-southeast-4": {
1006
+ "value": "nodejs20.x"
1007
+ },
1008
+ "ap-southeast-5": {
1009
+ "value": "nodejs20.x"
1010
+ },
1011
+ "ap-southeast-7": {
1012
+ "value": "nodejs20.x"
1013
+ },
1014
+ "ca-central-1": {
1015
+ "value": "nodejs20.x"
1016
+ },
1017
+ "ca-west-1": {
1018
+ "value": "nodejs20.x"
1019
+ },
1020
+ "cn-north-1": {
1021
+ "value": "nodejs18.x"
1022
+ },
1023
+ "cn-northwest-1": {
1024
+ "value": "nodejs18.x"
1025
+ },
1026
+ "eu-central-1": {
1027
+ "value": "nodejs20.x"
1028
+ },
1029
+ "eu-central-2": {
1030
+ "value": "nodejs20.x"
1031
+ },
1032
+ "eu-isoe-west-1": {
1033
+ "value": "nodejs18.x"
1034
+ },
1035
+ "eu-north-1": {
1036
+ "value": "nodejs20.x"
1037
+ },
1038
+ "eu-south-1": {
1039
+ "value": "nodejs20.x"
1040
+ },
1041
+ "eu-south-2": {
1042
+ "value": "nodejs20.x"
1043
+ },
1044
+ "eu-west-1": {
1045
+ "value": "nodejs20.x"
1046
+ },
1047
+ "eu-west-2": {
1048
+ "value": "nodejs20.x"
1049
+ },
1050
+ "eu-west-3": {
1051
+ "value": "nodejs20.x"
1052
+ },
1053
+ "il-central-1": {
1054
+ "value": "nodejs20.x"
1055
+ },
1056
+ "me-central-1": {
1057
+ "value": "nodejs20.x"
1058
+ },
1059
+ "me-south-1": {
1060
+ "value": "nodejs20.x"
1061
+ },
1062
+ "mx-central-1": {
1063
+ "value": "nodejs20.x"
1064
+ },
1065
+ "sa-east-1": {
1066
+ "value": "nodejs20.x"
1067
+ },
1068
+ "us-east-1": {
1069
+ "value": "nodejs20.x"
1070
+ },
1071
+ "us-east-2": {
1072
+ "value": "nodejs20.x"
1073
+ },
1074
+ "us-gov-east-1": {
1075
+ "value": "nodejs18.x"
1076
+ },
1077
+ "us-gov-west-1": {
1078
+ "value": "nodejs18.x"
1079
+ },
1080
+ "us-iso-east-1": {
1081
+ "value": "nodejs18.x"
1082
+ },
1083
+ "us-iso-west-1": {
1084
+ "value": "nodejs18.x"
1085
+ },
1086
+ "us-isob-east-1": {
1087
+ "value": "nodejs18.x"
1088
+ },
1089
+ "us-west-1": {
1090
+ "value": "nodejs20.x"
1091
+ },
1092
+ "us-west-2": {
1093
+ "value": "nodejs20.x"
1094
+ }
1095
+ }
1096
+ },
1097
+ "Parameters": {
1098
+ "BootstrapVersion": {
1099
+ "Type": "AWS::SSM::Parameter::Value<String>",
1100
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1101
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1102
+ }
1103
+ },
1104
+ "Rules": {
1105
+ "CheckBootstrapVersion": {
1106
+ "Assertions": [
1107
+ {
1108
+ "Assert": {
1109
+ "Fn::Not": [
1110
+ {
1111
+ "Fn::Contains": [
1112
+ [
1113
+ "1",
1114
+ "2",
1115
+ "3",
1116
+ "4",
1117
+ "5"
1118
+ ],
1119
+ {
1120
+ "Ref": "BootstrapVersion"
1121
+ }
1122
+ ]
1123
+ }
1124
+ ]
1125
+ },
1126
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1127
+ }
1128
+ ]
1129
+ }
1130
+ }
1131
+ }