@aws-solutions-constructs/aws-cloudfront-oai-s3 2.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/.jsii +4403 -0
  2. package/README.md +109 -0
  3. package/architecture.png +0 -0
  4. package/integ.config.json +7 -0
  5. package/lib/index.d.ts +118 -0
  6. package/lib/index.js +106 -0
  7. package/package.json +95 -0
  8. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts +13 -0
  9. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +56 -0
  10. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  11. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  12. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +32 -0
  13. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +1061 -0
  14. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.assets.json +19 -0
  15. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.template.json +36 -0
  16. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  17. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +215 -0
  18. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +1105 -0
  19. package/test/integ.cftoais3-custom-headers.d.ts +13 -0
  20. package/test/integ.cftoais3-custom-headers.js +71 -0
  21. package/test/integ.cftoais3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  22. package/test/integ.cftoais3-custom-headers.js.snapshot/cdk.out +1 -0
  23. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.assets.json +32 -0
  24. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.template.json +1116 -0
  25. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.assets.json +19 -0
  26. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.template.json +36 -0
  27. package/test/integ.cftoais3-custom-headers.js.snapshot/integ.json +12 -0
  28. package/test/integ.cftoais3-custom-headers.js.snapshot/manifest.json +227 -0
  29. package/test/integ.cftoais3-custom-headers.js.snapshot/tree.json +1196 -0
  30. package/test/integ.cftoais3-custom-originPath.d.ts +13 -0
  31. package/test/integ.cftoais3-custom-originPath.js +48 -0
  32. package/test/integ.cftoais3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  33. package/test/integ.cftoais3-custom-originPath.js.snapshot/cdk.out +1 -0
  34. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.assets.json +32 -0
  35. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.template.json +1085 -0
  36. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.assets.json +19 -0
  37. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.template.json +36 -0
  38. package/test/integ.cftoais3-custom-originPath.js.snapshot/integ.json +12 -0
  39. package/test/integ.cftoais3-custom-originPath.js.snapshot/manifest.json +221 -0
  40. package/test/integ.cftoais3-custom-originPath.js.snapshot/tree.json +1147 -0
  41. package/test/integ.cftoais3-customLoggingBuckets.d.ts +13 -0
  42. package/test/integ.cftoais3-customLoggingBuckets.js +64 -0
  43. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  44. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  45. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.assets.json +32 -0
  46. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.template.json +1109 -0
  47. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.assets.json +19 -0
  48. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.template.json +36 -0
  49. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  50. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/manifest.json +221 -0
  51. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/tree.json +1172 -0
  52. package/test/integ.cftoais3-existing-bucket.d.ts +13 -0
  53. package/test/integ.cftoais3-existing-bucket.js +59 -0
  54. package/test/integ.cftoais3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  55. package/test/integ.cftoais3-existing-bucket.js.snapshot/cdk.out +1 -0
  56. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.assets.json +32 -0
  57. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.template.json +1131 -0
  58. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.assets.json +19 -0
  59. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.template.json +36 -0
  60. package/test/integ.cftoais3-existing-bucket.js.snapshot/integ.json +12 -0
  61. package/test/integ.cftoais3-existing-bucket.js.snapshot/manifest.json +233 -0
  62. package/test/integ.cftoais3-existing-bucket.js.snapshot/tree.json +1240 -0
  63. package/test/integ.cftoais3-no-arguments.d.ts +13 -0
  64. package/test/integ.cftoais3-no-arguments.js +53 -0
  65. package/test/integ.cftoais3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  66. package/test/integ.cftoais3-no-arguments.js.snapshot/cdk.out +1 -0
  67. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.assets.json +32 -0
  68. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.template.json +1094 -0
  69. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.assets.json +19 -0
  70. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.template.json +36 -0
  71. package/test/integ.cftoais3-no-arguments.js.snapshot/integ.json +12 -0
  72. package/test/integ.cftoais3-no-arguments.js.snapshot/manifest.json +356 -0
  73. package/test/integ.cftoais3-no-arguments.js.snapshot/tree.json +1146 -0
  74. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.d.ts +13 -0
  75. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js +60 -0
  76. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  77. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -0
  78. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.assets.json +32 -0
  79. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.template.json +743 -0
  80. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.assets.json +19 -0
  81. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.template.json +36 -0
  82. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +12 -0
  83. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +185 -0
  84. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +726 -0
  85. package/test/integ.cftoais3-no-logging.d.ts +13 -0
  86. package/test/integ.cftoais3-no-logging.js +56 -0
  87. package/test/integ.cftoais3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  88. package/test/integ.cftoais3-no-logging.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.assets.json +32 -0
  90. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.template.json +576 -0
  91. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.assets.json +19 -0
  92. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.template.json +36 -0
  93. package/test/integ.cftoais3-no-logging.js.snapshot/integ.json +12 -0
  94. package/test/integ.cftoais3-no-logging.js.snapshot/manifest.json +167 -0
  95. package/test/integ.cftoais3-no-logging.js.snapshot/tree.json +542 -0
  96. package/test/integ.cftoais3-no-security-headers.d.ts +13 -0
  97. package/test/integ.cftoais3-no-security-headers.js +50 -0
  98. package/test/integ.cftoais3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  99. package/test/integ.cftoais3-no-security-headers.js.snapshot/cdk.out +1 -0
  100. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.assets.json +32 -0
  101. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.template.json +1061 -0
  102. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.assets.json +19 -0
  103. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.template.json +36 -0
  104. package/test/integ.cftoais3-no-security-headers.js.snapshot/integ.json +12 -0
  105. package/test/integ.cftoais3-no-security-headers.js.snapshot/manifest.json +215 -0
  106. package/test/integ.cftoais3-no-security-headers.js.snapshot/tree.json +1105 -0
  107. package/test/test.cloudfront-oai-s3.test.d.ts +13 -0
  108. package/test/test.cloudfront-oai-s3.test.js +702 -0
package/README.md ADDED
@@ -0,0 +1,109 @@
1
+ # aws-cloudfront-oai-s3 module
2
+ <!--BEGIN STABILITY BANNER-->
3
+
4
+ ---
5
+
6
+ ![Stability: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)
7
+
8
+ ---
9
+ <!--END STABILITY BANNER-->
10
+
11
+ | **Reference Documentation**:| <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|
12
+ |:-------------|:-------------|
13
+ <div style="height:8px"></div>
14
+
15
+ | **Language** | **Package** |
16
+ |:-------------|-----------------|
17
+ |![Python Logo](https://docs.aws.amazon.com/cdk/api/latest/img/python32.png) Python|`aws_solutions_constructs.aws_cloudfront_oai_s3`|
18
+ |![Typescript Logo](https://docs.aws.amazon.com/cdk/api/latest/img/typescript32.png) Typescript|`@aws-solutions-constructs/aws-cloudfront-oai-s3`|
19
+ |![Java Logo](https://docs.aws.amazon.com/cdk/api/latest/img/java32.png) Java|`software.amazon.awsconstructs.services.cloudfrontoais3`|
20
+
21
+ ## Overview
22
+ This AWS Solutions Construct provisions an Amazon CloudFront Distribution that serves objects from an AWS S3 Bucket via an Origin Access Identity (OAI).
23
+
24
+ IMPORTANT: The recommended architecture for this pattern is to use an Origin Access Control, which is available in aws-cloudfront-s3. This construct is provided to support China regions where Origin Access Controls are not available.
25
+
26
+ Here is a minimal deployable pattern definition:
27
+
28
+ Typescript
29
+ ``` typescript
30
+ import { Construct } from 'constructs';
31
+ import { Stack, StackProps } from 'aws-cdk-lib';
32
+ import { CloudFrontToOaiToS3 } from '@aws-solutions-constructs/aws-cloudfront-oai-s3';
33
+
34
+ new CloudFrontToOaiToS3(this, 'test-cloudfront-oai-s3', {});
35
+ ```
36
+
37
+ Python
38
+ ``` python
39
+ from aws_solutions_constructs.aws_cloudfront_oai_s3 import CloudFrontToOaiToS3
40
+ from aws_cdk import Stack
41
+ from constructs import Construct
42
+
43
+ CloudFrontToOaiToS3(self, 'test-cloudfront-oai-s3')
44
+ ```
45
+
46
+ Java
47
+ ``` java
48
+ import software.constructs.Construct;
49
+
50
+ import software.amazon.awscdk.Stack;
51
+ import software.amazon.awscdk.StackProps;
52
+ import software.amazon.awsconstructs.services.cloudfrontoais3.*;
53
+
54
+ new CloudFrontToOaiToS3(this, "test-cloudfront-oai-s3", new CloudFrontToOaiToS3Props.Builder()
55
+ .build());
56
+ ```
57
+
58
+ ## Pattern Construct Props
59
+
60
+ | **Name** | **Type** | **Description** |
61
+ |:-------------|:----------------|-----------------|
62
+ |cloudFrontDistributionProps?|[`cloudfront.DistributionProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.DistributionProps.html)|Optional user provided props to override the default props for CloudFront Distribution|
63
+ |insertHttpSecurityHeaders?|`boolean`|Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront|
64
+ |responseHeadersPolicyProps? | [`cloudfront.ResponseHeadersPolicyProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.ResponseHeadersPolicyProps.html) | Optional user provided configuration that cloudfront applies to all http responses.|
65
+ |originPath?|`string`|Optional user provided props to provide an[originPath](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront_origins.S3OriginProps.html#originpath) that CloudFront appends to the origin domain name when CloudFront requests content from the origin. The string should start with a `/`, for example: `/production`. Default value is `'/'`|
66
+ |existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.IBucket.html)|Existing instance of S3 content bucket object or interface. If this is provided, then also providing bucketProps will cause an error. |
67
+ |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketProps.html)|Optional user provided props to override the default props for the S3 content bucket. Note - to log S3 access for this bucket to an existing S3 bucket, put the existing log bucket in bucketProps: `serverAccessLogsBucket`|
68
+ |logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true|
69
+ |loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.|
70
+ |cloudFrontLoggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketProps.html)|Optional user provided props to override the default props for the CloudFront Logging Bucket. Note: to use an existing bucketto hold CloudFront logs, pass the existing log bucket in |
71
+ |logCloudFrontAccessLog|`boolean`|Optional - Whether to maintain access logs for the CloudFront Logging bucket. Specifying false for this while providing info about the log bucket will cause an error. Default = true |
72
+ |cloudFrontLoggingBucketAccessLogBucketProps|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketProps.html)|Optional user provided props to override the default props for the CloudFront Log Bucket Access Log bucket. Providing both this and `existingcloudFrontLoggingBucketAccessLogBucket` will cause an error. To provide an existing bucket to accept these logs, pass the existing bucket in `cloudFrontLoggingBucketProps::serverAccessLogBucket`|
73
+
74
+ ## Pattern Properties
75
+
76
+ | **Name** | **Type** | **Description** |
77
+ |:-------------|:----------------|-----------------|
78
+ |cloudFrontWebDistribution|[`cloudfront.Distribution`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html)|Returns an instance of cloudfront.Distribution created by the construct.|
79
+ |cloudFrontFunction?|[`cloudfront.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Function.html)|Returns an instance of the Cloudfront function created by the construct.|
80
+ |s3BucketInterface|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.IBucket.html)|Returns an instance of s3.IBucket created by the construct.|
81
+ |s3Bucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct. IMPORTANT: If `existingBucketObj` was provided in Pattern Construct Props, this property will be `undefined`|
82
+ |s3LoggingBucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket.|
83
+ |cloudFrontLoggingBucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html)|The S3 bucket created by the construct to hold CloudFront logs. Only populated if the construct creates the bucket (not if an existing bucket is passed in via DistributionProps)|
84
+ |cloudFrontLoggingBucketAccessLogBucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html)|The S3 bucket containing the S3 access logs for the CloudFront log bucket. Only populated if the construct creates the bucket (not if the bucket is passed in via `cloudFrontLoggingBucketProps::serverAccessLogBucket`|
85
+
86
+ ## Default settings
87
+
88
+ Out of the box implementation of the Construct without any override will set the following defaults:
89
+
90
+ ### Amazon CloudFront
91
+ * Configure Access logging for CloudFront Distribution
92
+ * Enable automatic injection of best practice HTTP security headers in all responses from CloudFront Distribution
93
+ * CloudFront originPath set to `'/'`
94
+ * Create an Origin Access Identity to access S3 bucket
95
+
96
+ ### Amazon S3 Bucket
97
+ * Configure Access logging for S3 Bucket
98
+ * Enable server-side encryption for S3 Bucket using AWS managed KMS Key
99
+ * Enforce encryption of data in transit
100
+ * Turn on the versioning for S3 Bucket
101
+ * Block public access for S3 Bucket
102
+ * Retain the S3 Bucket when deleting the CloudFormation stack
103
+ * Applies Lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
104
+
105
+ ## Architecture
106
+ ![Architecture Diagram](architecture.png)
107
+
108
+ ***
109
+ &copy; Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Binary file
@@ -0,0 +1,7 @@
1
+ {
2
+ "parallelRegions": [
3
+ "us-east-1"
4
+ ],
5
+ "disable-update-workflow": true,
6
+ "update-on-failed": false
7
+ }
package/lib/index.d.ts ADDED
@@ -0,0 +1,118 @@
1
+ /**
2
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ *
4
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
+ * with the License. A copy of the License is located at
6
+ *
7
+ * http://www.apache.org/licenses/LICENSE-2.0
8
+ *
9
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
+ * and limitations under the License.
12
+ */
13
+ import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
14
+ import * as s3 from 'aws-cdk-lib/aws-s3';
15
+ import { Construct } from 'constructs';
16
+ /**
17
+ * @summary The properties for the CloudFrontToOaiToS3 Construct
18
+ */
19
+ export interface CloudFrontToOaiToS3Props {
20
+ /**
21
+ * Optional user provided props to override the default props
22
+ *
23
+ * @default - Default props are used
24
+ */
25
+ readonly cloudFrontDistributionProps?: cloudfront.DistributionProps | any;
26
+ /**
27
+ * Optional user provided props to turn on/off the automatic injection of best practice HTTP
28
+ * security headers in all responses from cloudfront.
29
+ * Turning this on will inject default headers and is mutually exclusive with passing custom security headers
30
+ * via the responseHeadersPolicyProps parameter.
31
+ *
32
+ * @default - true
33
+ */
34
+ readonly insertHttpSecurityHeaders?: boolean;
35
+ /**
36
+ * Optional user provided configuration that cloudfront applies to all http responses.
37
+ * Can be used to pass a custom ResponseSecurityHeadersBehavior, ResponseCustomHeadersBehavior or
38
+ * ResponseHeadersCorsBehavior to the cloudfront distribution.
39
+ *
40
+ * Passing a custom ResponseSecurityHeadersBehavior is mutually exclusive with turning on the default security headers
41
+ * via `insertHttpSecurityHeaders` prop. Will throw an error if both `insertHttpSecurityHeaders` is set to `true`
42
+ * and ResponseSecurityHeadersBehavior is passed.
43
+ *
44
+ * @default - undefined
45
+ */
46
+ readonly responseHeadersPolicyProps?: cloudfront.ResponseHeadersPolicyProps;
47
+ /**
48
+ * Optional user provided props to provide an originPath that CloudFront appends to the
49
+ * origin domain name when CloudFront requests content from the origin.
50
+ * The string should start with a `/`, for example `/production`.
51
+ * @default = '/'
52
+ */
53
+ readonly originPath?: string;
54
+ /**
55
+ * Existing instance of S3 Content Bucket object, providing both this and `bucketProps` will cause an error.
56
+ *
57
+ * @default - None
58
+ */
59
+ readonly existingBucketObj?: s3.IBucket;
60
+ /**
61
+ * Optional user provided props to override the default props for the S3 Content Bucket.
62
+ *
63
+ * @default - Default props are used
64
+ */
65
+ readonly bucketProps?: s3.BucketProps;
66
+ /**
67
+ * Optional - Whether to maintain access logs for the S3 Content bucket
68
+ *
69
+ * @default - true
70
+ */
71
+ readonly logS3AccessLogs?: boolean;
72
+ /**
73
+ * Optional user provided props to override the default props for the S3 Content Bucket Access Log Bucket.
74
+ *
75
+ * @default - Default props are used
76
+ */
77
+ readonly loggingBucketProps?: s3.BucketProps;
78
+ /**
79
+ * Optional user provided props to override the default props for the CloudFront Log Bucket.
80
+ *
81
+ * @default - Default props are used
82
+ */
83
+ readonly cloudFrontLoggingBucketProps?: s3.BucketProps;
84
+ /**
85
+ * Optional - Whether to maintain access logs for the CloudFront Logging bucket. Specifying false for this
86
+ * while providing info about the log bucket will cause an error.
87
+ *
88
+ * @default - true
89
+ */
90
+ readonly logCloudFrontAccessLog?: boolean;
91
+ /**
92
+ * Optional user provided props to override the default props for the CloudFront Log Bucket Access Log bucket.
93
+ * Providing both this and `existingcloudFrontLoggingBucketAccessLogBucket` will cause an error
94
+ *
95
+ * @default - Default props are used
96
+ */
97
+ readonly cloudFrontLoggingBucketAccessLogBucketProps?: s3.BucketProps;
98
+ }
99
+ export declare class CloudFrontToOaiToS3 extends Construct {
100
+ readonly cloudFrontWebDistribution: cloudfront.Distribution;
101
+ readonly cloudFrontFunction?: cloudfront.Function;
102
+ readonly cloudFrontLoggingBucket?: s3.Bucket;
103
+ readonly cloudFrontLoggingBucketAccessLogBucket?: s3.Bucket;
104
+ readonly s3BucketInterface: s3.IBucket;
105
+ readonly s3Bucket?: s3.Bucket;
106
+ readonly s3LoggingBucket?: s3.Bucket;
107
+ readonly originAccessControl?: cloudfront.CfnOriginAccessControl;
108
+ /**
109
+ * @summary Constructs a new instance of the CloudFrontToOaiToS3 class.
110
+ * @param {Construct} scope - represents the scope for all the resources.
111
+ * @param {string} id - this is a a scope-unique id.
112
+ * @param {CloudFrontToOaiToS3Props} props - user provided props for the construct
113
+ * @since 0.8.0
114
+ * @access public
115
+ */
116
+ constructor(scope: Construct, id: string, props: CloudFrontToOaiToS3Props);
117
+ private checkForKmsKey;
118
+ }
package/lib/index.js ADDED
@@ -0,0 +1,106 @@
1
+ "use strict";
2
+ var _a;
3
+ Object.defineProperty(exports, "__esModule", { value: true });
4
+ exports.CloudFrontToOaiToS3 = void 0;
5
+ const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
6
+ /**
7
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
8
+ *
9
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
10
+ * with the License. A copy of the License is located at
11
+ *
12
+ * http://www.apache.org/licenses/LICENSE-2.0
13
+ *
14
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
15
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
16
+ * and limitations under the License.
17
+ */
18
+ const aws_cdk_lib_1 = require("aws-cdk-lib");
19
+ const iam = require("aws-cdk-lib/aws-iam");
20
+ const defaults = require("@aws-solutions-constructs/core");
21
+ // import * as resources from '@aws-solutions-constructs/resources';
22
+ // import * as kms from 'aws-cdk-lib/aws-kms';
23
+ // Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
24
+ const constructs_1 = require("constructs");
25
+ class CloudFrontToOaiToS3 extends constructs_1.Construct {
26
+ /**
27
+ * @summary Constructs a new instance of the CloudFrontToOaiToS3 class.
28
+ * @param {Construct} scope - represents the scope for all the resources.
29
+ * @param {string} id - this is a a scope-unique id.
30
+ * @param {CloudFrontToOaiToS3Props} props - user provided props for the construct
31
+ * @since 0.8.0
32
+ * @access public
33
+ */
34
+ constructor(scope, id, props) {
35
+ super(scope, id);
36
+ defaults.printWarning(`This construct deploys a Cloudfront/S3 pattern connected with an Origin Access Identity,
37
+ the recommended architecture is to use an Origin Access Connector (provided in aws-cloudfront-oai-s3). This construct
38
+ is provided only for use in China regions, where OACs are not available.`);
39
+ // All our tests are based upon this behavior being on, so we're setting
40
+ // context here rather than assuming the client will set it
41
+ this.node.setContext("@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy", true);
42
+ defaults.CheckS3Props(props);
43
+ defaults.CheckCloudFrontProps(props);
44
+ defaults.CheckCloudfrontS3Props(props);
45
+ this.checkForKmsKey(props);
46
+ let originBucket;
47
+ if (!props.existingBucketObj) {
48
+ const buildS3BucketResponse = defaults.buildS3Bucket(this, {
49
+ bucketProps: props.bucketProps,
50
+ loggingBucketProps: props.loggingBucketProps,
51
+ logS3AccessLogs: props.logS3AccessLogs
52
+ });
53
+ this.s3Bucket = buildS3BucketResponse.bucket;
54
+ this.s3LoggingBucket = buildS3BucketResponse.loggingBucket;
55
+ originBucket = this.s3Bucket;
56
+ }
57
+ else {
58
+ originBucket = props.existingBucketObj;
59
+ }
60
+ this.s3BucketInterface = originBucket;
61
+ // Define the CloudFront Distribution
62
+ const cloudFrontOaiDistributionForS3Props = {
63
+ originPath: props.originPath,
64
+ sourceBucket: this.s3BucketInterface,
65
+ cloudFrontDistributionProps: props.cloudFrontDistributionProps,
66
+ httpSecurityHeaders: props.insertHttpSecurityHeaders,
67
+ cloudFrontLoggingBucketProps: props.cloudFrontLoggingBucketProps,
68
+ responseHeadersPolicyProps: props.responseHeadersPolicyProps,
69
+ cloudFrontLoggingBucketS3AccessLogBucketProps: props.cloudFrontLoggingBucketAccessLogBucketProps,
70
+ logCloudFrontAccessLog: props.logCloudFrontAccessLog
71
+ };
72
+ const cloudFrontDistributionForS3Response = defaults.createCloudFrontOaiDistributionForS3(this, cloudFrontOaiDistributionForS3Props);
73
+ this.cloudFrontWebDistribution = cloudFrontDistributionForS3Response.distribution;
74
+ this.cloudFrontFunction = cloudFrontDistributionForS3Response.cloudfrontFunction;
75
+ this.cloudFrontLoggingBucket = cloudFrontDistributionForS3Response.loggingBucket;
76
+ this.cloudFrontLoggingBucketAccessLogBucket = cloudFrontDistributionForS3Response.loggingBucketS3AccesssLogBucket;
77
+ // Grant CloudFront permission to get the objects from the s3 bucket origin
78
+ originBucket.addToResourcePolicy(new iam.PolicyStatement({
79
+ effect: iam.Effect.ALLOW,
80
+ actions: ['s3:GetObject'],
81
+ principals: [new iam.ServicePrincipal('cloudfront.amazonaws.com')],
82
+ resources: [originBucket.arnForObjects('*')],
83
+ conditions: {
84
+ StringEquals: {
85
+ 'AWS:SourceArn': `arn:${aws_cdk_lib_1.Aws.PARTITION}:cloudfront::${aws_cdk_lib_1.Aws.ACCOUNT_ID}:distribution/${this.cloudFrontWebDistribution.distributionId}`
86
+ }
87
+ }
88
+ }));
89
+ }
90
+ checkForKmsKey(props) {
91
+ let errorMessages = '';
92
+ let errorFound = false;
93
+ if ((props.bucketProps && props.bucketProps.encryptionKey) ||
94
+ (props.existingBucketObj && props.existingBucketObj.encryptionKey)) {
95
+ errorMessages += 'Error - buckets cannot use CMKs with OAIs\n';
96
+ errorFound = true;
97
+ }
98
+ if (errorFound) {
99
+ throw new Error(errorMessages);
100
+ }
101
+ }
102
+ }
103
+ exports.CloudFrontToOaiToS3 = CloudFrontToOaiToS3;
104
+ _a = JSII_RTTI_SYMBOL_1;
105
+ CloudFrontToOaiToS3[_a] = { fqn: "@aws-solutions-constructs/aws-cloudfront-oai-s3.CloudFrontToOaiToS3", version: "2.79.0" };
106
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBOzs7Ozs7Ozs7OztHQVdHO0FBRUgsNkNBQWtDO0FBRWxDLDJDQUEyQztBQUUzQywyREFBMkQ7QUFDM0Qsb0VBQW9FO0FBQ3BFLDhDQUE4QztBQUM5Qyx3RkFBd0Y7QUFDeEYsMkNBQXVDO0FBc0d2QyxNQUFhLG1CQUFvQixTQUFRLHNCQUFTO0lBVWhEOzs7Ozs7O09BT0c7SUFDSCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQStCO1FBQ3ZFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsUUFBUSxDQUFDLFlBQVksQ0FBQzs7K0VBRXFELENBQUMsQ0FBQztRQUU3RSx3RUFBd0U7UUFDeEUsMkRBQTJEO1FBQzNELElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLGlEQUFpRCxFQUFFLElBQUksQ0FBQyxDQUFDO1FBRTlFLFFBQVEsQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDN0IsUUFBUSxDQUFDLG9CQUFvQixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3JDLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN2QyxJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTNCLElBQUksWUFBd0IsQ0FBQztRQUU3QixJQUFJLENBQUMsS0FBSyxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDN0IsTUFBTSxxQkFBcUIsR0FBRyxRQUFRLENBQUMsYUFBYSxDQUFDLElBQUksRUFBRTtnQkFDekQsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO2dCQUM5QixrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCO2dCQUM1QyxlQUFlLEVBQUUsS0FBSyxDQUFDLGVBQWU7YUFDdkMsQ0FBQyxDQUFDO1lBQ0gsSUFBSSxDQUFDLFFBQVEsR0FBRyxxQkFBcUIsQ0FBQyxNQUFNLENBQUM7WUFDN0MsSUFBSSxDQUFDLGVBQWUsR0FBRyxxQkFBcUIsQ0FBQyxhQUFhLENBQUM7WUFDM0QsWUFBWSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDL0IsQ0FBQzthQUFNLENBQUM7WUFDTixZQUFZLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDO1FBQ3pDLENBQUM7UUFFRCxJQUFJLENBQUMsaUJBQWlCLEdBQUcsWUFBWSxDQUFDO1FBRXRDLHFDQUFxQztRQUNyQyxNQUFNLG1DQUFtQyxHQUF1RDtZQUM5RixVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVU7WUFDNUIsWUFBWSxFQUFFLElBQUksQ0FBQyxpQkFBaUI7WUFDcEMsMkJBQTJCLEVBQUUsS0FBSyxDQUFDLDJCQUEyQjtZQUM5RCxtQkFBbUIsRUFBRSxLQUFLLENBQUMseUJBQXlCO1lBQ3BELDRCQUE0QixFQUFFLEtBQUssQ0FBQyw0QkFBNEI7WUFDaEUsMEJBQTBCLEVBQUUsS0FBSyxDQUFDLDBCQUEwQjtZQUM1RCw2Q0FBNkMsRUFBRSxLQUFLLENBQUMsMkNBQTJDO1lBQ2hHLHNCQUFzQixFQUFFLEtBQUssQ0FBQyxzQkFBc0I7U0FDckQsQ0FBQztRQUNGLE1BQU0sbUNBQW1DLEdBQUcsUUFBUSxDQUFDLG9DQUFvQyxDQUFDLElBQUksRUFBRSxtQ0FBbUMsQ0FBQyxDQUFDO1FBQ3JJLElBQUksQ0FBQyx5QkFBeUIsR0FBRyxtQ0FBbUMsQ0FBQyxZQUFZLENBQUM7UUFDbEYsSUFBSSxDQUFDLGtCQUFrQixHQUFHLG1DQUFtQyxDQUFDLGtCQUFrQixDQUFDO1FBQ2pGLElBQUksQ0FBQyx1QkFBdUIsR0FBRyxtQ0FBbUMsQ0FBQyxhQUFhLENBQUM7UUFDakYsSUFBSSxDQUFDLHNDQUFzQyxHQUFHLG1DQUFtQyxDQUFDLCtCQUErQixDQUFDO1FBRWxILDJFQUEyRTtRQUMzRSxZQUFZLENBQUMsbUJBQW1CLENBQzlCLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztZQUN0QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLO1lBQ3hCLE9BQU8sRUFBRSxDQUFDLGNBQWMsQ0FBQztZQUN6QixVQUFVLEVBQUUsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO1lBQ2xFLFNBQVMsRUFBRSxDQUFDLFlBQVksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDNUMsVUFBVSxFQUFFO2dCQUNWLFlBQVksRUFBRTtvQkFDWixlQUFlLEVBQUUsT0FBTyxpQkFBRyxDQUFDLFNBQVMsZ0JBQWdCLGlCQUFHLENBQUMsVUFBVSxpQkFBaUIsSUFBSSxDQUFDLHlCQUF5QixDQUFDLGNBQWMsRUFBRTtpQkFDcEk7YUFDRjtTQUNGLENBQUMsQ0FDSCxDQUFDO0lBRUosQ0FBQztJQUVPLGNBQWMsQ0FBQyxLQUErQjtRQUNwRCxJQUFJLGFBQWEsR0FBRyxFQUFFLENBQUM7UUFDdkIsSUFBSSxVQUFVLEdBQUcsS0FBSyxDQUFDO1FBRXZCLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxJQUFJLEtBQUssQ0FBQyxXQUFXLENBQUMsYUFBYSxDQUFDO1lBQ3hELENBQUMsS0FBSyxDQUFDLGlCQUFpQixJQUFJLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDO1lBQ3JFLGFBQWEsSUFBSSw2Q0FBNkMsQ0FBQztZQUMvRCxVQUFVLEdBQUcsSUFBSSxDQUFDO1FBQ3BCLENBQUM7UUFFRCxJQUFJLFVBQVUsRUFBRSxDQUFDO1lBQ2YsTUFBTSxJQUFJLEtBQUssQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUNqQyxDQUFDO0lBQ0gsQ0FBQzs7QUFsR0gsa0RBbUdDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuaW1wb3J0IHsgQXdzIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0ICogYXMgY2xvdWRmcm9udCBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY2xvdWRmcm9udCc7XG5pbXBvcnQgKiBhcyBpYW0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5pbXBvcnQgKiBhcyBzMyBmcm9tICdhd3MtY2RrLWxpYi9hd3MtczMnO1xuaW1wb3J0ICogYXMgZGVmYXVsdHMgZnJvbSAnQGF3cy1zb2x1dGlvbnMtY29uc3RydWN0cy9jb3JlJztcbi8vIGltcG9ydCAqIGFzIHJlc291cmNlcyBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL3Jlc291cmNlcyc7XG4vLyBpbXBvcnQgKiBhcyBrbXMgZnJvbSAnYXdzLWNkay1saWIvYXdzLWttcyc7XG4vLyBOb3RlOiBUbyBlbnN1cmUgQ0RLdjIgY29tcGF0aWJpbGl0eSwga2VlcCB0aGUgaW1wb3J0IHN0YXRlbWVudCBmb3IgQ29uc3RydWN0IHNlcGFyYXRlXG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcblxuLyoqXG4gKiBAc3VtbWFyeSBUaGUgcHJvcGVydGllcyBmb3IgdGhlIENsb3VkRnJvbnRUb09haVRvUzMgQ29uc3RydWN0XG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ2xvdWRGcm9udFRvT2FpVG9TM1Byb3BzIHtcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcHMgdG8gb3ZlcnJpZGUgdGhlIGRlZmF1bHQgcHJvcHNcbiAgICpcbiAgICogQGRlZmF1bHQgLSBEZWZhdWx0IHByb3BzIGFyZSB1c2VkXG4gICAqL1xuICByZWFkb25seSBjbG91ZEZyb250RGlzdHJpYnV0aW9uUHJvcHM/OiBjbG91ZGZyb250LkRpc3RyaWJ1dGlvblByb3BzIHwgYW55LFxuICAvKipcbiAgICogT3B0aW9uYWwgdXNlciBwcm92aWRlZCBwcm9wcyB0byB0dXJuIG9uL29mZiB0aGUgYXV0b21hdGljIGluamVjdGlvbiBvZiBiZXN0IHByYWN0aWNlIEhUVFBcbiAgICogc2VjdXJpdHkgaGVhZGVycyBpbiBhbGwgcmVzcG9uc2VzIGZyb20gY2xvdWRmcm9udC5cbiAgICogVHVybmluZyB0aGlzIG9uIHdpbGwgaW5qZWN0IGRlZmF1bHQgaGVhZGVycyBhbmQgaXMgbXV0dWFsbHkgZXhjbHVzaXZlIHdpdGggcGFzc2luZyBjdXN0b20gc2VjdXJpdHkgaGVhZGVyc1xuICAgKiB2aWEgdGhlIHJlc3BvbnNlSGVhZGVyc1BvbGljeVByb3BzIHBhcmFtZXRlci5cbiAgICpcbiAgICogQGRlZmF1bHQgLSB0cnVlXG4gICAqL1xuICByZWFkb25seSBpbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzPzogYm9vbGVhbjtcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgY29uZmlndXJhdGlvbiB0aGF0IGNsb3VkZnJvbnQgYXBwbGllcyB0byBhbGwgaHR0cCByZXNwb25zZXMuXG4gICAqIENhbiBiZSB1c2VkIHRvIHBhc3MgYSBjdXN0b20gUmVzcG9uc2VTZWN1cml0eUhlYWRlcnNCZWhhdmlvciwgUmVzcG9uc2VDdXN0b21IZWFkZXJzQmVoYXZpb3Igb3JcbiAgICogUmVzcG9uc2VIZWFkZXJzQ29yc0JlaGF2aW9yIHRvIHRoZSBjbG91ZGZyb250IGRpc3RyaWJ1dGlvbi5cbiAgICpcbiAgICogUGFzc2luZyBhIGN1c3RvbSBSZXNwb25zZVNlY3VyaXR5SGVhZGVyc0JlaGF2aW9yIGlzIG11dHVhbGx5IGV4Y2x1c2l2ZSB3aXRoIHR1cm5pbmcgb24gdGhlIGRlZmF1bHQgc2VjdXJpdHkgaGVhZGVyc1xuICAgKiB2aWEgYGluc2VydEh0dHBTZWN1cml0eUhlYWRlcnNgIHByb3AuIFdpbGwgdGhyb3cgYW4gZXJyb3IgaWYgYm90aCBgaW5zZXJ0SHR0cFNlY3VyaXR5SGVhZGVyc2AgaXMgc2V0IHRvIGB0cnVlYFxuICAgKiBhbmQgUmVzcG9uc2VTZWN1cml0eUhlYWRlcnNCZWhhdmlvciBpcyBwYXNzZWQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdW5kZWZpbmVkXG4gICAqL1xuICByZWFkb25seSByZXNwb25zZUhlYWRlcnNQb2xpY3lQcm9wcz86IGNsb3VkZnJvbnQuUmVzcG9uc2VIZWFkZXJzUG9saWN5UHJvcHNcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcHMgdG8gcHJvdmlkZSBhbiBvcmlnaW5QYXRoIHRoYXQgQ2xvdWRGcm9udCBhcHBlbmRzIHRvIHRoZVxuICAgKiBvcmlnaW4gZG9tYWluIG5hbWUgd2hlbiBDbG91ZEZyb250IHJlcXVlc3RzIGNvbnRlbnQgZnJvbSB0aGUgb3JpZ2luLlxuICAgKiBUaGUgc3RyaW5nIHNob3VsZCBzdGFydCB3aXRoIGEgYC9gLCBmb3IgZXhhbXBsZSBgL3Byb2R1Y3Rpb25gLlxuICAgKiBAZGVmYXVsdCA9ICcvJ1xuICAgKi9cbiAgcmVhZG9ubHkgb3JpZ2luUGF0aD86IHN0cmluZyxcblxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLy8gUzMgQ29udGVudCBCdWNrZXRcbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8qKlxuICAgKiBFeGlzdGluZyBpbnN0YW5jZSBvZiBTMyBDb250ZW50IEJ1Y2tldCBvYmplY3QsIHByb3ZpZGluZyBib3RoIHRoaXMgYW5kIGBidWNrZXRQcm9wc2Agd2lsbCBjYXVzZSBhbiBlcnJvci5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBOb25lXG4gICAqL1xuICByZWFkb25seSBleGlzdGluZ0J1Y2tldE9iaj86IHMzLklCdWNrZXQsXG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIG92ZXJyaWRlIHRoZSBkZWZhdWx0IHByb3BzIGZvciB0aGUgUzMgQ29udGVudCBCdWNrZXQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRGVmYXVsdCBwcm9wcyBhcmUgdXNlZFxuICAgKi9cbiAgcmVhZG9ubHkgYnVja2V0UHJvcHM/OiBzMy5CdWNrZXRQcm9wcyxcblxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLy8gUzMgQ29udGVudCBCdWNrZXQgQWNjZXNzIExvZ3MgQnVja2V0XG4gIC8vID09PT09PT09PT09PT09PT09PT09PVxuICAvKipcbiAgICogT3B0aW9uYWwgLSBXaGV0aGVyIHRvIG1haW50YWluIGFjY2VzcyBsb2dzIGZvciB0aGUgUzMgQ29udGVudCBidWNrZXRcbiAgICpcbiAgICogQGRlZmF1bHQgLSB0cnVlXG4gICAqL1xuICByZWFkb25seSBsb2dTM0FjY2Vzc0xvZ3M/OiBib29sZWFuLFxuICAvKipcbiAgICogT3B0aW9uYWwgdXNlciBwcm92aWRlZCBwcm9wcyB0byBvdmVycmlkZSB0aGUgZGVmYXVsdCBwcm9wcyBmb3IgdGhlIFMzIENvbnRlbnQgQnVja2V0IEFjY2VzcyBMb2cgQnVja2V0LlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIERlZmF1bHQgcHJvcHMgYXJlIHVzZWRcbiAgICovXG4gIHJlYWRvbmx5IGxvZ2dpbmdCdWNrZXRQcm9wcz86IHMzLkJ1Y2tldFByb3BzLFxuXG4gIC8vID09PT09PT09PT09PT09PT09PT09PVxuICAvLyBDbG91ZEZyb250IExvZyBCdWNrZXRcbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIG92ZXJyaWRlIHRoZSBkZWZhdWx0IHByb3BzIGZvciB0aGUgQ2xvdWRGcm9udCBMb2cgQnVja2V0LlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIERlZmF1bHQgcHJvcHMgYXJlIHVzZWRcbiAgICovXG4gIHJlYWRvbmx5IGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM/OiBzMy5CdWNrZXRQcm9wcyxcblxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLy8gQ2xvdWRGcm9udCBMb2dzIEJ1Y2tldCBBY2Nlc3MgTG9nIEJ1Y2tldFxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLyoqXG4gICAqIE9wdGlvbmFsIC0gV2hldGhlciB0byBtYWludGFpbiBhY2Nlc3MgbG9ncyBmb3IgdGhlIENsb3VkRnJvbnQgTG9nZ2luZyBidWNrZXQuIFNwZWNpZnlpbmcgZmFsc2UgZm9yIHRoaXNcbiAgICogd2hpbGUgcHJvdmlkaW5nIGluZm8gYWJvdXQgdGhlIGxvZyBidWNrZXQgd2lsbCBjYXVzZSBhbiBlcnJvci5cbiAgICpcbiAgICogQGRlZmF1bHQgLSB0cnVlXG4gICAqL1xuICByZWFkb25seSBsb2dDbG91ZEZyb250QWNjZXNzTG9nPzogYm9vbGVhbixcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcHMgdG8gb3ZlcnJpZGUgdGhlIGRlZmF1bHQgcHJvcHMgZm9yIHRoZSBDbG91ZEZyb250IExvZyBCdWNrZXQgQWNjZXNzIExvZyBidWNrZXQuXG4gICAqIFByb3ZpZGluZyBib3RoIHRoaXMgYW5kIGBleGlzdGluZ2Nsb3VkRnJvbnRMb2dnaW5nQnVja2V0QWNjZXNzTG9nQnVja2V0YCB3aWxsIGNhdXNlIGFuIGVycm9yXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRGVmYXVsdCBwcm9wcyBhcmUgdXNlZFxuICAgKi9cbiAgcmVhZG9ubHkgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXRQcm9wcz86IHMzLkJ1Y2tldFByb3BzLFxufVxuXG5leHBvcnQgY2xhc3MgQ2xvdWRGcm9udFRvT2FpVG9TMyBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSBjbG91ZEZyb250V2ViRGlzdHJpYnV0aW9uOiBjbG91ZGZyb250LkRpc3RyaWJ1dGlvbjtcbiAgcHVibGljIHJlYWRvbmx5IGNsb3VkRnJvbnRGdW5jdGlvbj86IGNsb3VkZnJvbnQuRnVuY3Rpb247XG4gIHB1YmxpYyByZWFkb25seSBjbG91ZEZyb250TG9nZ2luZ0J1Y2tldD86IHMzLkJ1Y2tldDtcbiAgcHVibGljIHJlYWRvbmx5IGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0QWNjZXNzTG9nQnVja2V0PzogczMuQnVja2V0O1xuICBwdWJsaWMgcmVhZG9ubHkgczNCdWNrZXRJbnRlcmZhY2U6IHMzLklCdWNrZXQ7XG4gIHB1YmxpYyByZWFkb25seSBzM0J1Y2tldD86IHMzLkJ1Y2tldDtcbiAgcHVibGljIHJlYWRvbmx5IHMzTG9nZ2luZ0J1Y2tldD86IHMzLkJ1Y2tldDtcbiAgcHVibGljIHJlYWRvbmx5IG9yaWdpbkFjY2Vzc0NvbnRyb2w/OiBjbG91ZGZyb250LkNmbk9yaWdpbkFjY2Vzc0NvbnRyb2w7XG5cbiAgLyoqXG4gICAqIEBzdW1tYXJ5IENvbnN0cnVjdHMgYSBuZXcgaW5zdGFuY2Ugb2YgdGhlIENsb3VkRnJvbnRUb09haVRvUzMgY2xhc3MuXG4gICAqIEBwYXJhbSB7Q29uc3RydWN0fSBzY29wZSAtIHJlcHJlc2VudHMgdGhlIHNjb3BlIGZvciBhbGwgdGhlIHJlc291cmNlcy5cbiAgICogQHBhcmFtIHtzdHJpbmd9IGlkIC0gdGhpcyBpcyBhIGEgc2NvcGUtdW5pcXVlIGlkLlxuICAgKiBAcGFyYW0ge0Nsb3VkRnJvbnRUb09haVRvUzNQcm9wc30gcHJvcHMgLSB1c2VyIHByb3ZpZGVkIHByb3BzIGZvciB0aGUgY29uc3RydWN0XG4gICAqIEBzaW5jZSAwLjguMFxuICAgKiBAYWNjZXNzIHB1YmxpY1xuICAgKi9cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IENsb3VkRnJvbnRUb09haVRvUzNQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBkZWZhdWx0cy5wcmludFdhcm5pbmcoYFRoaXMgY29uc3RydWN0IGRlcGxveXMgYSBDbG91ZGZyb250L1MzIHBhdHRlcm4gY29ubmVjdGVkIHdpdGggYW4gT3JpZ2luIEFjY2VzcyBJZGVudGl0eSxcbiAgICAgIHRoZSByZWNvbW1lbmRlZCBhcmNoaXRlY3R1cmUgaXMgdG8gdXNlIGFuIE9yaWdpbiBBY2Nlc3MgQ29ubmVjdG9yIChwcm92aWRlZCBpbiBhd3MtY2xvdWRmcm9udC1vYWktczMpLiBUaGlzIGNvbnN0cnVjdFxuICAgICAgaXMgcHJvdmlkZWQgb25seSBmb3IgdXNlIGluIENoaW5hIHJlZ2lvbnMsIHdoZXJlIE9BQ3MgYXJlIG5vdCBhdmFpbGFibGUuYCk7XG5cbiAgICAvLyBBbGwgb3VyIHRlc3RzIGFyZSBiYXNlZCB1cG9uIHRoaXMgYmVoYXZpb3IgYmVpbmcgb24sIHNvIHdlJ3JlIHNldHRpbmdcbiAgICAvLyBjb250ZXh0IGhlcmUgcmF0aGVyIHRoYW4gYXNzdW1pbmcgdGhlIGNsaWVudCB3aWxsIHNldCBpdFxuICAgIHRoaXMubm9kZS5zZXRDb250ZXh0KFwiQGF3cy1jZGsvYXdzLXMzOnNlcnZlckFjY2Vzc0xvZ3NVc2VCdWNrZXRQb2xpY3lcIiwgdHJ1ZSk7XG5cbiAgICBkZWZhdWx0cy5DaGVja1MzUHJvcHMocHJvcHMpO1xuICAgIGRlZmF1bHRzLkNoZWNrQ2xvdWRGcm9udFByb3BzKHByb3BzKTtcbiAgICBkZWZhdWx0cy5DaGVja0Nsb3VkZnJvbnRTM1Byb3BzKHByb3BzKTtcbiAgICB0aGlzLmNoZWNrRm9yS21zS2V5KHByb3BzKTtcblxuICAgIGxldCBvcmlnaW5CdWNrZXQ6IHMzLklCdWNrZXQ7XG5cbiAgICBpZiAoIXByb3BzLmV4aXN0aW5nQnVja2V0T2JqKSB7XG4gICAgICBjb25zdCBidWlsZFMzQnVja2V0UmVzcG9uc2UgPSBkZWZhdWx0cy5idWlsZFMzQnVja2V0KHRoaXMsIHtcbiAgICAgICAgYnVja2V0UHJvcHM6IHByb3BzLmJ1Y2tldFByb3BzLFxuICAgICAgICBsb2dnaW5nQnVja2V0UHJvcHM6IHByb3BzLmxvZ2dpbmdCdWNrZXRQcm9wcyxcbiAgICAgICAgbG9nUzNBY2Nlc3NMb2dzOiBwcm9wcy5sb2dTM0FjY2Vzc0xvZ3NcbiAgICAgIH0pO1xuICAgICAgdGhpcy5zM0J1Y2tldCA9IGJ1aWxkUzNCdWNrZXRSZXNwb25zZS5idWNrZXQ7XG4gICAgICB0aGlzLnMzTG9nZ2luZ0J1Y2tldCA9IGJ1aWxkUzNCdWNrZXRSZXNwb25zZS5sb2dnaW5nQnVja2V0O1xuICAgICAgb3JpZ2luQnVja2V0ID0gdGhpcy5zM0J1Y2tldDtcbiAgICB9IGVsc2Uge1xuICAgICAgb3JpZ2luQnVja2V0ID0gcHJvcHMuZXhpc3RpbmdCdWNrZXRPYmo7XG4gICAgfVxuXG4gICAgdGhpcy5zM0J1Y2tldEludGVyZmFjZSA9IG9yaWdpbkJ1Y2tldDtcblxuICAgIC8vIERlZmluZSB0aGUgQ2xvdWRGcm9udCBEaXN0cmlidXRpb25cbiAgICBjb25zdCBjbG91ZEZyb250T2FpRGlzdHJpYnV0aW9uRm9yUzNQcm9wczogZGVmYXVsdHMuQ3JlYXRlQ2xvdWRGcm9udE9haURpc3RyaWJ1dGlvbkZvclMzUHJvcHMgPSB7XG4gICAgICBvcmlnaW5QYXRoOiBwcm9wcy5vcmlnaW5QYXRoLFxuICAgICAgc291cmNlQnVja2V0OiB0aGlzLnMzQnVja2V0SW50ZXJmYWNlLFxuICAgICAgY2xvdWRGcm9udERpc3RyaWJ1dGlvblByb3BzOiBwcm9wcy5jbG91ZEZyb250RGlzdHJpYnV0aW9uUHJvcHMsXG4gICAgICBodHRwU2VjdXJpdHlIZWFkZXJzOiBwcm9wcy5pbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzLFxuICAgICAgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRQcm9wczogcHJvcHMuY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRQcm9wcyxcbiAgICAgIHJlc3BvbnNlSGVhZGVyc1BvbGljeVByb3BzOiBwcm9wcy5yZXNwb25zZUhlYWRlcnNQb2xpY3lQcm9wcyxcbiAgICAgIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UzNBY2Nlc3NMb2dCdWNrZXRQcm9wczogcHJvcHMuY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXRQcm9wcyxcbiAgICAgIGxvZ0Nsb3VkRnJvbnRBY2Nlc3NMb2c6IHByb3BzLmxvZ0Nsb3VkRnJvbnRBY2Nlc3NMb2dcbiAgICB9O1xuICAgIGNvbnN0IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Jlc3BvbnNlID0gZGVmYXVsdHMuY3JlYXRlQ2xvdWRGcm9udE9haURpc3RyaWJ1dGlvbkZvclMzKHRoaXMsIGNsb3VkRnJvbnRPYWlEaXN0cmlidXRpb25Gb3JTM1Byb3BzKTtcbiAgICB0aGlzLmNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb24gPSBjbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNSZXNwb25zZS5kaXN0cmlidXRpb247XG4gICAgdGhpcy5jbG91ZEZyb250RnVuY3Rpb24gPSBjbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNSZXNwb25zZS5jbG91ZGZyb250RnVuY3Rpb247XG4gICAgdGhpcy5jbG91ZEZyb250TG9nZ2luZ0J1Y2tldCA9IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Jlc3BvbnNlLmxvZ2dpbmdCdWNrZXQ7XG4gICAgdGhpcy5jbG91ZEZyb250TG9nZ2luZ0J1Y2tldEFjY2Vzc0xvZ0J1Y2tldCA9IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Jlc3BvbnNlLmxvZ2dpbmdCdWNrZXRTM0FjY2Vzc3NMb2dCdWNrZXQ7XG5cbiAgICAvLyBHcmFudCBDbG91ZEZyb250IHBlcm1pc3Npb24gdG8gZ2V0IHRoZSBvYmplY3RzIGZyb20gdGhlIHMzIGJ1Y2tldCBvcmlnaW5cbiAgICBvcmlnaW5CdWNrZXQuYWRkVG9SZXNvdXJjZVBvbGljeShcbiAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgZWZmZWN0OiBpYW0uRWZmZWN0LkFMTE9XLFxuICAgICAgICBhY3Rpb25zOiBbJ3MzOkdldE9iamVjdCddLFxuICAgICAgICBwcmluY2lwYWxzOiBbbmV3IGlhbS5TZXJ2aWNlUHJpbmNpcGFsKCdjbG91ZGZyb250LmFtYXpvbmF3cy5jb20nKV0sXG4gICAgICAgIHJlc291cmNlczogW29yaWdpbkJ1Y2tldC5hcm5Gb3JPYmplY3RzKCcqJyldLFxuICAgICAgICBjb25kaXRpb25zOiB7XG4gICAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgICAnQVdTOlNvdXJjZUFybic6IGBhcm46JHtBd3MuUEFSVElUSU9OfTpjbG91ZGZyb250Ojoke0F3cy5BQ0NPVU5UX0lEfTpkaXN0cmlidXRpb24vJHt0aGlzLmNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb24uZGlzdHJpYnV0aW9uSWR9YFxuICAgICAgICAgIH1cbiAgICAgICAgfVxuICAgICAgfSlcbiAgICApO1xuXG4gIH1cblxuICBwcml2YXRlIGNoZWNrRm9yS21zS2V5KHByb3BzOiBDbG91ZEZyb250VG9PYWlUb1MzUHJvcHMpIHtcbiAgICBsZXQgZXJyb3JNZXNzYWdlcyA9ICcnO1xuICAgIGxldCBlcnJvckZvdW5kID0gZmFsc2U7XG5cbiAgICBpZiAoKHByb3BzLmJ1Y2tldFByb3BzICYmIHByb3BzLmJ1Y2tldFByb3BzLmVuY3J5cHRpb25LZXkpIHx8XG4gICAgICAocHJvcHMuZXhpc3RpbmdCdWNrZXRPYmogJiYgcHJvcHMuZXhpc3RpbmdCdWNrZXRPYmouZW5jcnlwdGlvbktleSkpIHtcbiAgICAgIGVycm9yTWVzc2FnZXMgKz0gJ0Vycm9yIC0gYnVja2V0cyBjYW5ub3QgdXNlIENNS3Mgd2l0aCBPQUlzXFxuJztcbiAgICAgIGVycm9yRm91bmQgPSB0cnVlO1xuICAgIH1cblxuICAgIGlmIChlcnJvckZvdW5kKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoZXJyb3JNZXNzYWdlcyk7XG4gICAgfVxuICB9XG59Il19
package/package.json ADDED
@@ -0,0 +1,95 @@
1
+ {
2
+ "name": "@aws-solutions-constructs/aws-cloudfront-oai-s3",
3
+ "version": "2.79.0",
4
+ "description": "CDK Constructs for AWS Cloudfront to AWS S3 integration.",
5
+ "main": "lib/index.js",
6
+ "types": "lib/index.d.ts",
7
+ "repository": {
8
+ "type": "git",
9
+ "url": "https://github.com/awslabs/aws-solutions-constructs.git",
10
+ "directory": "source/patterns/@aws-solutions-constructs/aws-cloudfront-oai-s3"
11
+ },
12
+ "author": {
13
+ "name": "Amazon Web Services",
14
+ "url": "https://aws.amazon.com",
15
+ "organization": true
16
+ },
17
+ "license": "Apache-2.0",
18
+ "scripts": {
19
+ "build": "tsc -b .",
20
+ "lint": "eslint --config ../eslintrc.config.mjs --no-warn-ignored .",
21
+ "lint-fix": "eslint --config ../eslintrc.config.mjs --ext=.js,.ts --fix .",
22
+ "test": "jest --coverage",
23
+ "clean": "tsc -b --clean",
24
+ "watch": "tsc -b -w",
25
+ "integ": "integ-runner --update-on-failed",
26
+ "integ-no-clean": "integ-runner --update-on-failed --no-clean",
27
+ "integ-assert": "integ-runner",
28
+ "jsii": "jsii",
29
+ "jsii-pacmak": "jsii-pacmak",
30
+ "build+lint+test": "npm run jsii && npm run lint && npm test && npm run integ-assert",
31
+ "blt": "npm run build+lint+test",
32
+ "snapshot-update": "npm run jsii && npm test -- -u && npm run integ-assert"
33
+ },
34
+ "jsii": {
35
+ "outdir": "dist",
36
+ "targets": {
37
+ "java": {
38
+ "package": "software.amazon.awsconstructs.services.cloudfrontoais3",
39
+ "maven": {
40
+ "groupId": "software.amazon.awsconstructs",
41
+ "artifactId": "cloudfrontoais3"
42
+ }
43
+ },
44
+ "dotnet": {
45
+ "namespace": "Amazon.SolutionsConstructs.AWS.CloudfrontOaiS3",
46
+ "packageId": "Amazon.SolutionsConstructs.AWS.CloudfrontOaiS3",
47
+ "signAssembly": true,
48
+ "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png"
49
+ },
50
+ "python": {
51
+ "distName": "aws-solutions-constructs.aws-cloudfront-oai-s3",
52
+ "module": "aws_solutions_constructs.aws_cloudfront_oai_s3"
53
+ }
54
+ }
55
+ },
56
+ "dependencies": {
57
+ "@aws-solutions-constructs/core": "2.79.0",
58
+ "@aws-solutions-constructs/resources": "2.79.0",
59
+ "constructs": "^10.0.0"
60
+ },
61
+ "devDependencies": {
62
+ "@aws-cdk/integ-tests-alpha": "2.177.0-alpha.0",
63
+ "@types/node": "^10.3.0",
64
+ "constructs": "^10.0.0",
65
+ "aws-cdk-lib": "2.177.0"
66
+ },
67
+ "jest": {
68
+ "moduleFileExtensions": [
69
+ "js"
70
+ ],
71
+ "coverageReporters": [
72
+ "text",
73
+ [
74
+ "lcov",
75
+ {
76
+ "projectRoot": "../../../../"
77
+ }
78
+ ]
79
+ ]
80
+ },
81
+ "peerDependencies": {
82
+ "@aws-solutions-constructs/core": "2.79.0",
83
+ "@aws-solutions-constructs/resources": "2.79.0",
84
+ "constructs": "^10.0.0",
85
+ "aws-cdk-lib": "^2.177.0"
86
+ },
87
+ "keywords": [
88
+ "aws",
89
+ "cdk",
90
+ "awscdk",
91
+ "AWS Solutions Constructs",
92
+ "Amazon CloudFront",
93
+ "Amazon S3"
94
+ ]
95
+ }
@@ -0,0 +1,13 @@
1
+ /**
2
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ *
4
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
+ * with the License. A copy of the License is located at
6
+ *
7
+ * http://www.apache.org/licenses/LICENSE-2.0
8
+ *
9
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
+ * and limitations under the License.
12
+ */
13
+ export {};
@@ -0,0 +1,56 @@
1
+ "use strict";
2
+ /**
3
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4
+ *
5
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
6
+ * with the License. A copy of the License is located at
7
+ *
8
+ * http://www.apache.org/licenses/LICENSE-2.0
9
+ *
10
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
11
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
12
+ * and limitations under the License.
13
+ */
14
+ Object.defineProperty(exports, "__esModule", { value: true });
15
+ // Imports
16
+ const aws_cdk_lib_1 = require("aws-cdk-lib");
17
+ const lib_1 = require("../lib");
18
+ const core_1 = require("@aws-solutions-constructs/core");
19
+ const aws_s3_1 = require("aws-cdk-lib/aws-s3");
20
+ const integ_tests_alpha_1 = require("@aws-cdk/integ-tests-alpha");
21
+ // Setup
22
+ const app = new aws_cdk_lib_1.App();
23
+ const stack = new aws_cdk_lib_1.Stack(app, (0, core_1.generateIntegStackName)(__filename));
24
+ stack.node.setContext("@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy", true);
25
+ stack.templateOptions.description = 'Integration Test for aws-cloudfront-oai-s3';
26
+ // Definitions
27
+ const existingBucketObj = (0, core_1.buildS3Bucket)(stack, {
28
+ bucketProps: {
29
+ encryption: aws_s3_1.BucketEncryption.S3_MANAGED,
30
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
31
+ autoDeleteObjects: true
32
+ },
33
+ loggingBucketProps: {
34
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
35
+ autoDeleteObjects: true
36
+ }
37
+ }, 'existing-s3-bucket-encrypted-with-s3-managed-key').bucket;
38
+ const props = {
39
+ existingBucketObj,
40
+ cloudFrontLoggingBucketProps: {
41
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
42
+ autoDeleteObjects: true
43
+ },
44
+ cloudFrontLoggingBucketAccessLogBucketProps: {
45
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
46
+ autoDeleteObjects: true
47
+ },
48
+ insertHttpSecurityHeaders: false
49
+ };
50
+ new lib_1.CloudFrontToOaiToS3(stack, 'test-cloudfront-oai-s3-managed-key', props);
51
+ (0, core_1.suppressCustomHandlerCfnNagWarnings)(stack, 'Custom::S3AutoDeleteObjectsCustomResourceProvider');
52
+ // Synth
53
+ new integ_tests_alpha_1.IntegTest(stack, 'Integ', { testCases: [
54
+ stack
55
+ ] });
56
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0b2FpczMtYnVja2V0LWVuY3J5cHRlZC13aXRoLW1hbmFnZWQta2V5LXByb3ZpZGVkLWFzLWV4aXN0aW5nYnVja2V0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiaW50ZWcuY2Z0b2FpczMtYnVja2V0LWVuY3J5cHRlZC13aXRoLW1hbmFnZWQta2V5LXByb3ZpZGVkLWFzLWV4aXN0aW5nYnVja2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7R0FXRzs7QUFFSCxVQUFVO0FBQ1YsNkNBQXdEO0FBQ3hELGdDQUF1RTtBQUN2RSx5REFBNEg7QUFDNUgsK0NBQXNEO0FBQ3RELGtFQUF1RDtBQUV2RCxRQUFRO0FBQ1IsTUFBTSxHQUFHLEdBQUcsSUFBSSxpQkFBRyxFQUFFLENBQUM7QUFDdEIsTUFBTSxLQUFLLEdBQUcsSUFBSSxtQkFBSyxDQUFDLEdBQUcsRUFBRSxJQUFBLDZCQUFzQixFQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7QUFDakUsS0FBSyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsaURBQWlELEVBQUUsSUFBSSxDQUFDLENBQUM7QUFDL0UsS0FBSyxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsNENBQTRDLENBQUM7QUFFakYsY0FBYztBQUNkLE1BQU0saUJBQWlCLEdBQUcsSUFBQSxvQkFBYSxFQUFDLEtBQUssRUFBRTtJQUM3QyxXQUFXLEVBQUU7UUFDWCxVQUFVLEVBQUUseUJBQWdCLENBQUMsVUFBVTtRQUN2QyxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCxrQkFBa0IsRUFBRTtRQUNsQixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7Q0FDRixFQUFFLGtEQUFrRCxDQUFDLENBQUMsTUFBTSxDQUFDO0FBRTlELE1BQU0sS0FBSyxHQUE2QjtJQUN0QyxpQkFBaUI7SUFDakIsNEJBQTRCLEVBQUU7UUFDNUIsYUFBYSxFQUFFLDJCQUFhLENBQUMsT0FBTztRQUNwQyxpQkFBaUIsRUFBRSxJQUFJO0tBQ3hCO0lBQ0QsMkNBQTJDLEVBQUU7UUFDM0MsYUFBYSxFQUFFLDJCQUFhLENBQUMsT0FBTztRQUNwQyxpQkFBaUIsRUFBRSxJQUFJO0tBQ3hCO0lBQ0QseUJBQXlCLEVBQUUsS0FBSztDQUNqQyxDQUFDO0FBRUYsSUFBSSx5QkFBbUIsQ0FBQyxLQUFLLEVBQUUsb0NBQW9DLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFFNUUsSUFBQSwwQ0FBbUMsRUFBQyxLQUFLLEVBQUUsbURBQW1ELENBQUMsQ0FBQztBQUVoRyxRQUFRO0FBQ1IsSUFBSSw2QkFBUyxDQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRSxTQUFTLEVBQUU7UUFDekMsS0FBSztLQUNOLEVBQUUsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuLy8gSW1wb3J0c1xuaW1wb3J0IHsgQXBwLCBSZW1vdmFsUG9saWN5LCBTdGFjayB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ2xvdWRGcm9udFRvT2FpVG9TMywgQ2xvdWRGcm9udFRvT2FpVG9TM1Byb3BzIH0gZnJvbSBcIi4uL2xpYlwiO1xuaW1wb3J0IHsgYnVpbGRTM0J1Y2tldCwgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZSwgc3VwcHJlc3NDdXN0b21IYW5kbGVyQ2ZuTmFnV2FybmluZ3MgfSBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuaW1wb3J0IHsgQnVja2V0RW5jcnlwdGlvbiB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczNcIjtcbmltcG9ydCB7IEludGVnVGVzdCB9IGZyb20gJ0Bhd3MtY2RrL2ludGVnLXRlc3RzLWFscGhhJztcblxuLy8gU2V0dXBcbmNvbnN0IGFwcCA9IG5ldyBBcHAoKTtcbmNvbnN0IHN0YWNrID0gbmV3IFN0YWNrKGFwcCwgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZShfX2ZpbGVuYW1lKSk7XG5zdGFjay5ub2RlLnNldENvbnRleHQoXCJAYXdzLWNkay9hd3MtczM6c2VydmVyQWNjZXNzTG9nc1VzZUJ1Y2tldFBvbGljeVwiLCB0cnVlKTtcbnN0YWNrLnRlbXBsYXRlT3B0aW9ucy5kZXNjcmlwdGlvbiA9ICdJbnRlZ3JhdGlvbiBUZXN0IGZvciBhd3MtY2xvdWRmcm9udC1vYWktczMnO1xuXG4vLyBEZWZpbml0aW9uc1xuY29uc3QgZXhpc3RpbmdCdWNrZXRPYmogPSBidWlsZFMzQnVja2V0KHN0YWNrLCB7XG4gIGJ1Y2tldFByb3BzOiB7XG4gICAgZW5jcnlwdGlvbjogQnVja2V0RW5jcnlwdGlvbi5TM19NQU5BR0VELFxuICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICBhdXRvRGVsZXRlT2JqZWN0czogdHJ1ZVxuICB9LFxuICBsb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfVxufSwgJ2V4aXN0aW5nLXMzLWJ1Y2tldC1lbmNyeXB0ZWQtd2l0aC1zMy1tYW5hZ2VkLWtleScpLmJ1Y2tldDtcblxuY29uc3QgcHJvcHM6IENsb3VkRnJvbnRUb09haVRvUzNQcm9wcyA9IHtcbiAgZXhpc3RpbmdCdWNrZXRPYmosXG4gIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXRQcm9wczoge1xuICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICBhdXRvRGVsZXRlT2JqZWN0czogdHJ1ZVxuICB9LFxuICBpbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzOiBmYWxzZVxufTtcblxubmV3IENsb3VkRnJvbnRUb09haVRvUzMoc3RhY2ssICd0ZXN0LWNsb3VkZnJvbnQtb2FpLXMzLW1hbmFnZWQta2V5JywgcHJvcHMpO1xuXG5zdXBwcmVzc0N1c3RvbUhhbmRsZXJDZm5OYWdXYXJuaW5ncyhzdGFjaywgJ0N1c3RvbTo6UzNBdXRvRGVsZXRlT2JqZWN0c0N1c3RvbVJlc291cmNlUHJvdmlkZXInKTtcblxuLy8gU3ludGhcbm5ldyBJbnRlZ1Rlc3Qoc3RhY2ssICdJbnRlZycsIHsgdGVzdENhc2VzOiBbXG4gIHN0YWNrXG5dIH0pO1xuIl19
@@ -0,0 +1 @@
1
+ "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -0,0 +1,32 @@
1
+ {
2
+ "version": "39.0.0",
3
+ "files": {
4
+ "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6": {
5
+ "source": {
6
+ "path": "asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6",
7
+ "packaging": "zip"
8
+ },
9
+ "destinations": {
10
+ "current_account-current_region": {
11
+ "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12
+ "objectKey": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip",
13
+ "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
14
+ }
15
+ }
16
+ },
17
+ "273b549d5f2d60c470693f400d06f286190b06247ddd3868a46a3ff76654c6b8": {
18
+ "source": {
19
+ "path": "cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json",
20
+ "packaging": "file"
21
+ },
22
+ "destinations": {
23
+ "current_account-current_region": {
24
+ "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
25
+ "objectKey": "273b549d5f2d60c470693f400d06f286190b06247ddd3868a46a3ff76654c6b8.json",
26
+ "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
27
+ }
28
+ }
29
+ }
30
+ },
31
+ "dockerImages": {}
32
+ }