@aws-solutions-constructs/aws-cloudfront-oai-s3 2.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/.jsii +4403 -0
  2. package/README.md +109 -0
  3. package/architecture.png +0 -0
  4. package/integ.config.json +7 -0
  5. package/lib/index.d.ts +118 -0
  6. package/lib/index.js +106 -0
  7. package/package.json +95 -0
  8. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts +13 -0
  9. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +56 -0
  10. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  11. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  12. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +32 -0
  13. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +1061 -0
  14. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.assets.json +19 -0
  15. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.template.json +36 -0
  16. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  17. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +215 -0
  18. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +1105 -0
  19. package/test/integ.cftoais3-custom-headers.d.ts +13 -0
  20. package/test/integ.cftoais3-custom-headers.js +71 -0
  21. package/test/integ.cftoais3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  22. package/test/integ.cftoais3-custom-headers.js.snapshot/cdk.out +1 -0
  23. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.assets.json +32 -0
  24. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.template.json +1116 -0
  25. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.assets.json +19 -0
  26. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.template.json +36 -0
  27. package/test/integ.cftoais3-custom-headers.js.snapshot/integ.json +12 -0
  28. package/test/integ.cftoais3-custom-headers.js.snapshot/manifest.json +227 -0
  29. package/test/integ.cftoais3-custom-headers.js.snapshot/tree.json +1196 -0
  30. package/test/integ.cftoais3-custom-originPath.d.ts +13 -0
  31. package/test/integ.cftoais3-custom-originPath.js +48 -0
  32. package/test/integ.cftoais3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  33. package/test/integ.cftoais3-custom-originPath.js.snapshot/cdk.out +1 -0
  34. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.assets.json +32 -0
  35. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.template.json +1085 -0
  36. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.assets.json +19 -0
  37. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.template.json +36 -0
  38. package/test/integ.cftoais3-custom-originPath.js.snapshot/integ.json +12 -0
  39. package/test/integ.cftoais3-custom-originPath.js.snapshot/manifest.json +221 -0
  40. package/test/integ.cftoais3-custom-originPath.js.snapshot/tree.json +1147 -0
  41. package/test/integ.cftoais3-customLoggingBuckets.d.ts +13 -0
  42. package/test/integ.cftoais3-customLoggingBuckets.js +64 -0
  43. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  44. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  45. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.assets.json +32 -0
  46. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.template.json +1109 -0
  47. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.assets.json +19 -0
  48. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.template.json +36 -0
  49. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  50. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/manifest.json +221 -0
  51. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/tree.json +1172 -0
  52. package/test/integ.cftoais3-existing-bucket.d.ts +13 -0
  53. package/test/integ.cftoais3-existing-bucket.js +59 -0
  54. package/test/integ.cftoais3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  55. package/test/integ.cftoais3-existing-bucket.js.snapshot/cdk.out +1 -0
  56. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.assets.json +32 -0
  57. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.template.json +1131 -0
  58. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.assets.json +19 -0
  59. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.template.json +36 -0
  60. package/test/integ.cftoais3-existing-bucket.js.snapshot/integ.json +12 -0
  61. package/test/integ.cftoais3-existing-bucket.js.snapshot/manifest.json +233 -0
  62. package/test/integ.cftoais3-existing-bucket.js.snapshot/tree.json +1240 -0
  63. package/test/integ.cftoais3-no-arguments.d.ts +13 -0
  64. package/test/integ.cftoais3-no-arguments.js +53 -0
  65. package/test/integ.cftoais3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  66. package/test/integ.cftoais3-no-arguments.js.snapshot/cdk.out +1 -0
  67. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.assets.json +32 -0
  68. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.template.json +1094 -0
  69. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.assets.json +19 -0
  70. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.template.json +36 -0
  71. package/test/integ.cftoais3-no-arguments.js.snapshot/integ.json +12 -0
  72. package/test/integ.cftoais3-no-arguments.js.snapshot/manifest.json +356 -0
  73. package/test/integ.cftoais3-no-arguments.js.snapshot/tree.json +1146 -0
  74. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.d.ts +13 -0
  75. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js +60 -0
  76. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  77. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -0
  78. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.assets.json +32 -0
  79. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.template.json +743 -0
  80. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.assets.json +19 -0
  81. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.template.json +36 -0
  82. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +12 -0
  83. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +185 -0
  84. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +726 -0
  85. package/test/integ.cftoais3-no-logging.d.ts +13 -0
  86. package/test/integ.cftoais3-no-logging.js +56 -0
  87. package/test/integ.cftoais3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  88. package/test/integ.cftoais3-no-logging.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.assets.json +32 -0
  90. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.template.json +576 -0
  91. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.assets.json +19 -0
  92. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.template.json +36 -0
  93. package/test/integ.cftoais3-no-logging.js.snapshot/integ.json +12 -0
  94. package/test/integ.cftoais3-no-logging.js.snapshot/manifest.json +167 -0
  95. package/test/integ.cftoais3-no-logging.js.snapshot/tree.json +542 -0
  96. package/test/integ.cftoais3-no-security-headers.d.ts +13 -0
  97. package/test/integ.cftoais3-no-security-headers.js +50 -0
  98. package/test/integ.cftoais3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  99. package/test/integ.cftoais3-no-security-headers.js.snapshot/cdk.out +1 -0
  100. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.assets.json +32 -0
  101. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.template.json +1061 -0
  102. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.assets.json +19 -0
  103. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.template.json +36 -0
  104. package/test/integ.cftoais3-no-security-headers.js.snapshot/integ.json +12 -0
  105. package/test/integ.cftoais3-no-security-headers.js.snapshot/manifest.json +215 -0
  106. package/test/integ.cftoais3-no-security-headers.js.snapshot/tree.json +1105 -0
  107. package/test/test.cloudfront-oai-s3.test.d.ts +13 -0
  108. package/test/test.cloudfront-oai-s3.test.js +702 -0
@@ -0,0 +1,1094 @@
1
+ {
2
+ "Description": "Integration Test for aws-cloudfront-oai-s3",
3
+ "Resources": {
4
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9": {
5
+ "Type": "AWS::S3::Bucket",
6
+ "Properties": {
7
+ "BucketEncryption": {
8
+ "ServerSideEncryptionConfiguration": [
9
+ {
10
+ "ServerSideEncryptionByDefault": {
11
+ "SSEAlgorithm": "AES256"
12
+ }
13
+ }
14
+ ]
15
+ },
16
+ "PublicAccessBlockConfiguration": {
17
+ "BlockPublicAcls": true,
18
+ "BlockPublicPolicy": true,
19
+ "IgnorePublicAcls": true,
20
+ "RestrictPublicBuckets": true
21
+ },
22
+ "Tags": [
23
+ {
24
+ "Key": "aws-cdk:auto-delete-objects",
25
+ "Value": "true"
26
+ }
27
+ ],
28
+ "VersioningConfiguration": {
29
+ "Status": "Enabled"
30
+ }
31
+ },
32
+ "UpdateReplacePolicy": "Delete",
33
+ "DeletionPolicy": "Delete",
34
+ "Metadata": {
35
+ "cfn_nag": {
36
+ "rules_to_suppress": [
37
+ {
38
+ "id": "W35",
39
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
40
+ }
41
+ ]
42
+ }
43
+ }
44
+ },
45
+ "testcloudfrontoais3S3LoggingBucketPolicy792609D7": {
46
+ "Type": "AWS::S3::BucketPolicy",
47
+ "Properties": {
48
+ "Bucket": {
49
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
50
+ },
51
+ "PolicyDocument": {
52
+ "Statement": [
53
+ {
54
+ "Action": "s3:*",
55
+ "Condition": {
56
+ "Bool": {
57
+ "aws:SecureTransport": "false"
58
+ }
59
+ },
60
+ "Effect": "Deny",
61
+ "Principal": {
62
+ "AWS": "*"
63
+ },
64
+ "Resource": [
65
+ {
66
+ "Fn::GetAtt": [
67
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
68
+ "Arn"
69
+ ]
70
+ },
71
+ {
72
+ "Fn::Join": [
73
+ "",
74
+ [
75
+ {
76
+ "Fn::GetAtt": [
77
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
78
+ "Arn"
79
+ ]
80
+ },
81
+ "/*"
82
+ ]
83
+ ]
84
+ }
85
+ ]
86
+ },
87
+ {
88
+ "Action": [
89
+ "s3:DeleteObject*",
90
+ "s3:GetBucket*",
91
+ "s3:List*",
92
+ "s3:PutBucketPolicy"
93
+ ],
94
+ "Effect": "Allow",
95
+ "Principal": {
96
+ "AWS": {
97
+ "Fn::GetAtt": [
98
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
99
+ "Arn"
100
+ ]
101
+ }
102
+ },
103
+ "Resource": [
104
+ {
105
+ "Fn::GetAtt": [
106
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
107
+ "Arn"
108
+ ]
109
+ },
110
+ {
111
+ "Fn::Join": [
112
+ "",
113
+ [
114
+ {
115
+ "Fn::GetAtt": [
116
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
117
+ "Arn"
118
+ ]
119
+ },
120
+ "/*"
121
+ ]
122
+ ]
123
+ }
124
+ ]
125
+ },
126
+ {
127
+ "Action": "s3:PutObject",
128
+ "Condition": {
129
+ "ArnLike": {
130
+ "aws:SourceArn": {
131
+ "Fn::GetAtt": [
132
+ "testcloudfrontoais3S3Bucket578AB9F3",
133
+ "Arn"
134
+ ]
135
+ }
136
+ },
137
+ "StringEquals": {
138
+ "aws:SourceAccount": {
139
+ "Ref": "AWS::AccountId"
140
+ }
141
+ }
142
+ },
143
+ "Effect": "Allow",
144
+ "Principal": {
145
+ "Service": "logging.s3.amazonaws.com"
146
+ },
147
+ "Resource": {
148
+ "Fn::Join": [
149
+ "",
150
+ [
151
+ {
152
+ "Fn::GetAtt": [
153
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
154
+ "Arn"
155
+ ]
156
+ },
157
+ "/*"
158
+ ]
159
+ ]
160
+ }
161
+ }
162
+ ],
163
+ "Version": "2012-10-17"
164
+ }
165
+ }
166
+ },
167
+ "testcloudfrontoais3S3LoggingBucketAutoDeleteObjectsCustomResource24F8B1EE": {
168
+ "Type": "Custom::S3AutoDeleteObjects",
169
+ "Properties": {
170
+ "ServiceToken": {
171
+ "Fn::GetAtt": [
172
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
173
+ "Arn"
174
+ ]
175
+ },
176
+ "BucketName": {
177
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
178
+ }
179
+ },
180
+ "DependsOn": [
181
+ "testcloudfrontoais3S3LoggingBucketPolicy792609D7"
182
+ ],
183
+ "UpdateReplacePolicy": "Delete",
184
+ "DeletionPolicy": "Delete"
185
+ },
186
+ "testcloudfrontoais3S3Bucket578AB9F3": {
187
+ "Type": "AWS::S3::Bucket",
188
+ "Properties": {
189
+ "BucketEncryption": {
190
+ "ServerSideEncryptionConfiguration": [
191
+ {
192
+ "ServerSideEncryptionByDefault": {
193
+ "SSEAlgorithm": "AES256"
194
+ }
195
+ }
196
+ ]
197
+ },
198
+ "LifecycleConfiguration": {
199
+ "Rules": [
200
+ {
201
+ "NoncurrentVersionTransitions": [
202
+ {
203
+ "StorageClass": "GLACIER",
204
+ "TransitionInDays": 90
205
+ }
206
+ ],
207
+ "Status": "Enabled"
208
+ }
209
+ ]
210
+ },
211
+ "LoggingConfiguration": {
212
+ "DestinationBucketName": {
213
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
214
+ }
215
+ },
216
+ "PublicAccessBlockConfiguration": {
217
+ "BlockPublicAcls": true,
218
+ "BlockPublicPolicy": true,
219
+ "IgnorePublicAcls": true,
220
+ "RestrictPublicBuckets": true
221
+ },
222
+ "Tags": [
223
+ {
224
+ "Key": "aws-cdk:auto-delete-objects",
225
+ "Value": "true"
226
+ }
227
+ ],
228
+ "VersioningConfiguration": {
229
+ "Status": "Enabled"
230
+ }
231
+ },
232
+ "UpdateReplacePolicy": "Delete",
233
+ "DeletionPolicy": "Delete",
234
+ "Metadata": {
235
+ "cfn_nag": {
236
+ "rules_to_suppress": [
237
+ {
238
+ "id": "W35",
239
+ "reason": "This S3 bucket is created for unit/ integration testing purposes only."
240
+ }
241
+ ]
242
+ }
243
+ }
244
+ },
245
+ "testcloudfrontoais3S3BucketPolicyD2322CC3": {
246
+ "Type": "AWS::S3::BucketPolicy",
247
+ "Properties": {
248
+ "Bucket": {
249
+ "Ref": "testcloudfrontoais3S3Bucket578AB9F3"
250
+ },
251
+ "PolicyDocument": {
252
+ "Statement": [
253
+ {
254
+ "Action": "s3:*",
255
+ "Condition": {
256
+ "Bool": {
257
+ "aws:SecureTransport": "false"
258
+ }
259
+ },
260
+ "Effect": "Deny",
261
+ "Principal": {
262
+ "AWS": "*"
263
+ },
264
+ "Resource": [
265
+ {
266
+ "Fn::GetAtt": [
267
+ "testcloudfrontoais3S3Bucket578AB9F3",
268
+ "Arn"
269
+ ]
270
+ },
271
+ {
272
+ "Fn::Join": [
273
+ "",
274
+ [
275
+ {
276
+ "Fn::GetAtt": [
277
+ "testcloudfrontoais3S3Bucket578AB9F3",
278
+ "Arn"
279
+ ]
280
+ },
281
+ "/*"
282
+ ]
283
+ ]
284
+ }
285
+ ]
286
+ },
287
+ {
288
+ "Action": [
289
+ "s3:DeleteObject*",
290
+ "s3:GetBucket*",
291
+ "s3:List*",
292
+ "s3:PutBucketPolicy"
293
+ ],
294
+ "Effect": "Allow",
295
+ "Principal": {
296
+ "AWS": {
297
+ "Fn::GetAtt": [
298
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
299
+ "Arn"
300
+ ]
301
+ }
302
+ },
303
+ "Resource": [
304
+ {
305
+ "Fn::GetAtt": [
306
+ "testcloudfrontoais3S3Bucket578AB9F3",
307
+ "Arn"
308
+ ]
309
+ },
310
+ {
311
+ "Fn::Join": [
312
+ "",
313
+ [
314
+ {
315
+ "Fn::GetAtt": [
316
+ "testcloudfrontoais3S3Bucket578AB9F3",
317
+ "Arn"
318
+ ]
319
+ },
320
+ "/*"
321
+ ]
322
+ ]
323
+ }
324
+ ]
325
+ },
326
+ {
327
+ "Action": "s3:GetObject",
328
+ "Effect": "Allow",
329
+ "Principal": {
330
+ "CanonicalUser": {
331
+ "Fn::GetAtt": [
332
+ "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1",
333
+ "S3CanonicalUserId"
334
+ ]
335
+ }
336
+ },
337
+ "Resource": {
338
+ "Fn::Join": [
339
+ "",
340
+ [
341
+ {
342
+ "Fn::GetAtt": [
343
+ "testcloudfrontoais3S3Bucket578AB9F3",
344
+ "Arn"
345
+ ]
346
+ },
347
+ "/*"
348
+ ]
349
+ ]
350
+ }
351
+ },
352
+ {
353
+ "Action": "s3:GetObject",
354
+ "Condition": {
355
+ "StringEquals": {
356
+ "AWS:SourceArn": {
357
+ "Fn::Join": [
358
+ "",
359
+ [
360
+ "arn:",
361
+ {
362
+ "Ref": "AWS::Partition"
363
+ },
364
+ ":cloudfront::",
365
+ {
366
+ "Ref": "AWS::AccountId"
367
+ },
368
+ ":distribution/",
369
+ {
370
+ "Ref": "testcloudfrontoais3CloudFrontDistribution0E089CC5"
371
+ }
372
+ ]
373
+ ]
374
+ }
375
+ }
376
+ },
377
+ "Effect": "Allow",
378
+ "Principal": {
379
+ "Service": "cloudfront.amazonaws.com"
380
+ },
381
+ "Resource": {
382
+ "Fn::Join": [
383
+ "",
384
+ [
385
+ {
386
+ "Fn::GetAtt": [
387
+ "testcloudfrontoais3S3Bucket578AB9F3",
388
+ "Arn"
389
+ ]
390
+ },
391
+ "/*"
392
+ ]
393
+ ]
394
+ }
395
+ }
396
+ ],
397
+ "Version": "2012-10-17"
398
+ }
399
+ },
400
+ "Metadata": {
401
+ "cfn_nag": {
402
+ "rules_to_suppress": [
403
+ {
404
+ "id": "F16",
405
+ "reason": "Public website bucket policy requires a wildcard principal"
406
+ }
407
+ ]
408
+ }
409
+ }
410
+ },
411
+ "testcloudfrontoais3S3BucketAutoDeleteObjectsCustomResourceA2545EE1": {
412
+ "Type": "Custom::S3AutoDeleteObjects",
413
+ "Properties": {
414
+ "ServiceToken": {
415
+ "Fn::GetAtt": [
416
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
417
+ "Arn"
418
+ ]
419
+ },
420
+ "BucketName": {
421
+ "Ref": "testcloudfrontoais3S3Bucket578AB9F3"
422
+ }
423
+ },
424
+ "DependsOn": [
425
+ "testcloudfrontoais3S3BucketPolicyD2322CC3"
426
+ ],
427
+ "UpdateReplacePolicy": "Delete",
428
+ "DeletionPolicy": "Delete"
429
+ },
430
+ "testcloudfrontoais3SetHttpSecurityHeaders4EB3C97B": {
431
+ "Type": "AWS::CloudFront::Function",
432
+ "Properties": {
433
+ "AutoPublish": true,
434
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
435
+ "FunctionConfig": {
436
+ "Comment": "SetHttpSecurityHeadersc81d27c49db98f9fe8414478bf1a95de9d2bd2f3fa",
437
+ "Runtime": "cloudfront-js-1.0"
438
+ },
439
+ "Name": "SetHttpSecurityHeadersc81d27c49db98f9fe8414478bf1a95de9d2bd2f3fa"
440
+ }
441
+ },
442
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80": {
443
+ "Type": "AWS::S3::Bucket",
444
+ "Properties": {
445
+ "BucketEncryption": {
446
+ "ServerSideEncryptionConfiguration": [
447
+ {
448
+ "ServerSideEncryptionByDefault": {
449
+ "SSEAlgorithm": "AES256"
450
+ }
451
+ }
452
+ ]
453
+ },
454
+ "PublicAccessBlockConfiguration": {
455
+ "BlockPublicAcls": true,
456
+ "BlockPublicPolicy": true,
457
+ "IgnorePublicAcls": true,
458
+ "RestrictPublicBuckets": true
459
+ },
460
+ "Tags": [
461
+ {
462
+ "Key": "aws-cdk:auto-delete-objects",
463
+ "Value": "true"
464
+ }
465
+ ],
466
+ "VersioningConfiguration": {
467
+ "Status": "Enabled"
468
+ }
469
+ },
470
+ "UpdateReplacePolicy": "Delete",
471
+ "DeletionPolicy": "Delete",
472
+ "Metadata": {
473
+ "cfn_nag": {
474
+ "rules_to_suppress": [
475
+ {
476
+ "id": "W35",
477
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
478
+ }
479
+ ]
480
+ }
481
+ }
482
+ },
483
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogPolicy0C078528": {
484
+ "Type": "AWS::S3::BucketPolicy",
485
+ "Properties": {
486
+ "Bucket": {
487
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
488
+ },
489
+ "PolicyDocument": {
490
+ "Statement": [
491
+ {
492
+ "Action": "s3:*",
493
+ "Condition": {
494
+ "Bool": {
495
+ "aws:SecureTransport": "false"
496
+ }
497
+ },
498
+ "Effect": "Deny",
499
+ "Principal": {
500
+ "AWS": "*"
501
+ },
502
+ "Resource": [
503
+ {
504
+ "Fn::GetAtt": [
505
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
506
+ "Arn"
507
+ ]
508
+ },
509
+ {
510
+ "Fn::Join": [
511
+ "",
512
+ [
513
+ {
514
+ "Fn::GetAtt": [
515
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
516
+ "Arn"
517
+ ]
518
+ },
519
+ "/*"
520
+ ]
521
+ ]
522
+ }
523
+ ]
524
+ },
525
+ {
526
+ "Action": [
527
+ "s3:DeleteObject*",
528
+ "s3:GetBucket*",
529
+ "s3:List*",
530
+ "s3:PutBucketPolicy"
531
+ ],
532
+ "Effect": "Allow",
533
+ "Principal": {
534
+ "AWS": {
535
+ "Fn::GetAtt": [
536
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
537
+ "Arn"
538
+ ]
539
+ }
540
+ },
541
+ "Resource": [
542
+ {
543
+ "Fn::GetAtt": [
544
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
545
+ "Arn"
546
+ ]
547
+ },
548
+ {
549
+ "Fn::Join": [
550
+ "",
551
+ [
552
+ {
553
+ "Fn::GetAtt": [
554
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
555
+ "Arn"
556
+ ]
557
+ },
558
+ "/*"
559
+ ]
560
+ ]
561
+ }
562
+ ]
563
+ },
564
+ {
565
+ "Action": "s3:PutObject",
566
+ "Condition": {
567
+ "ArnLike": {
568
+ "aws:SourceArn": {
569
+ "Fn::GetAtt": [
570
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
571
+ "Arn"
572
+ ]
573
+ }
574
+ },
575
+ "StringEquals": {
576
+ "aws:SourceAccount": {
577
+ "Ref": "AWS::AccountId"
578
+ }
579
+ }
580
+ },
581
+ "Effect": "Allow",
582
+ "Principal": {
583
+ "Service": "logging.s3.amazonaws.com"
584
+ },
585
+ "Resource": {
586
+ "Fn::Join": [
587
+ "",
588
+ [
589
+ {
590
+ "Fn::GetAtt": [
591
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
592
+ "Arn"
593
+ ]
594
+ },
595
+ "/*"
596
+ ]
597
+ ]
598
+ }
599
+ }
600
+ ],
601
+ "Version": "2012-10-17"
602
+ }
603
+ }
604
+ },
605
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource00DB3AC8": {
606
+ "Type": "Custom::S3AutoDeleteObjects",
607
+ "Properties": {
608
+ "ServiceToken": {
609
+ "Fn::GetAtt": [
610
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
611
+ "Arn"
612
+ ]
613
+ },
614
+ "BucketName": {
615
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
616
+ }
617
+ },
618
+ "DependsOn": [
619
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogPolicy0C078528"
620
+ ],
621
+ "UpdateReplacePolicy": "Delete",
622
+ "DeletionPolicy": "Delete"
623
+ },
624
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC": {
625
+ "Type": "AWS::S3::Bucket",
626
+ "Properties": {
627
+ "AccessControl": "LogDeliveryWrite",
628
+ "BucketEncryption": {
629
+ "ServerSideEncryptionConfiguration": [
630
+ {
631
+ "ServerSideEncryptionByDefault": {
632
+ "SSEAlgorithm": "AES256"
633
+ }
634
+ }
635
+ ]
636
+ },
637
+ "LoggingConfiguration": {
638
+ "DestinationBucketName": {
639
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
640
+ }
641
+ },
642
+ "OwnershipControls": {
643
+ "Rules": [
644
+ {
645
+ "ObjectOwnership": "ObjectWriter"
646
+ }
647
+ ]
648
+ },
649
+ "PublicAccessBlockConfiguration": {
650
+ "BlockPublicAcls": true,
651
+ "BlockPublicPolicy": true,
652
+ "IgnorePublicAcls": true,
653
+ "RestrictPublicBuckets": true
654
+ },
655
+ "Tags": [
656
+ {
657
+ "Key": "aws-cdk:auto-delete-objects",
658
+ "Value": "true"
659
+ }
660
+ ],
661
+ "VersioningConfiguration": {
662
+ "Status": "Enabled"
663
+ }
664
+ },
665
+ "UpdateReplacePolicy": "Delete",
666
+ "DeletionPolicy": "Delete"
667
+ },
668
+ "testcloudfrontoais3CloudfrontLoggingBucketPolicy2130EE92": {
669
+ "Type": "AWS::S3::BucketPolicy",
670
+ "Properties": {
671
+ "Bucket": {
672
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC"
673
+ },
674
+ "PolicyDocument": {
675
+ "Statement": [
676
+ {
677
+ "Action": "s3:*",
678
+ "Condition": {
679
+ "Bool": {
680
+ "aws:SecureTransport": "false"
681
+ }
682
+ },
683
+ "Effect": "Deny",
684
+ "Principal": {
685
+ "AWS": "*"
686
+ },
687
+ "Resource": [
688
+ {
689
+ "Fn::GetAtt": [
690
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
691
+ "Arn"
692
+ ]
693
+ },
694
+ {
695
+ "Fn::Join": [
696
+ "",
697
+ [
698
+ {
699
+ "Fn::GetAtt": [
700
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
701
+ "Arn"
702
+ ]
703
+ },
704
+ "/*"
705
+ ]
706
+ ]
707
+ }
708
+ ]
709
+ },
710
+ {
711
+ "Action": [
712
+ "s3:DeleteObject*",
713
+ "s3:GetBucket*",
714
+ "s3:List*",
715
+ "s3:PutBucketPolicy"
716
+ ],
717
+ "Effect": "Allow",
718
+ "Principal": {
719
+ "AWS": {
720
+ "Fn::GetAtt": [
721
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
722
+ "Arn"
723
+ ]
724
+ }
725
+ },
726
+ "Resource": [
727
+ {
728
+ "Fn::GetAtt": [
729
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
730
+ "Arn"
731
+ ]
732
+ },
733
+ {
734
+ "Fn::Join": [
735
+ "",
736
+ [
737
+ {
738
+ "Fn::GetAtt": [
739
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
740
+ "Arn"
741
+ ]
742
+ },
743
+ "/*"
744
+ ]
745
+ ]
746
+ }
747
+ ]
748
+ }
749
+ ],
750
+ "Version": "2012-10-17"
751
+ }
752
+ }
753
+ },
754
+ "testcloudfrontoais3CloudfrontLoggingBucketAutoDeleteObjectsCustomResourceE88BD625": {
755
+ "Type": "Custom::S3AutoDeleteObjects",
756
+ "Properties": {
757
+ "ServiceToken": {
758
+ "Fn::GetAtt": [
759
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
760
+ "Arn"
761
+ ]
762
+ },
763
+ "BucketName": {
764
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC"
765
+ }
766
+ },
767
+ "DependsOn": [
768
+ "testcloudfrontoais3CloudfrontLoggingBucketPolicy2130EE92"
769
+ ],
770
+ "UpdateReplacePolicy": "Delete",
771
+ "DeletionPolicy": "Delete"
772
+ },
773
+ "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1": {
774
+ "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
775
+ "Properties": {
776
+ "CloudFrontOriginAccessIdentityConfig": {
777
+ "Comment": "Identity for cftoais3noargumentstestcloudfrontoais3CloudFrontDistributionOrigin1D9C87098"
778
+ }
779
+ }
780
+ },
781
+ "testcloudfrontoais3CloudFrontDistribution0E089CC5": {
782
+ "Type": "AWS::CloudFront::Distribution",
783
+ "Properties": {
784
+ "DistributionConfig": {
785
+ "DefaultCacheBehavior": {
786
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
787
+ "Compress": true,
788
+ "FunctionAssociations": [
789
+ {
790
+ "EventType": "viewer-response",
791
+ "FunctionARN": {
792
+ "Fn::GetAtt": [
793
+ "testcloudfrontoais3SetHttpSecurityHeaders4EB3C97B",
794
+ "FunctionARN"
795
+ ]
796
+ }
797
+ }
798
+ ],
799
+ "TargetOriginId": "cftoais3noargumentstestcloudfrontoais3CloudFrontDistributionOrigin1D9C87098",
800
+ "ViewerProtocolPolicy": "redirect-to-https"
801
+ },
802
+ "DefaultRootObject": "index.html",
803
+ "Enabled": true,
804
+ "HttpVersion": "http2",
805
+ "IPV6Enabled": true,
806
+ "Logging": {
807
+ "Bucket": {
808
+ "Fn::GetAtt": [
809
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
810
+ "RegionalDomainName"
811
+ ]
812
+ }
813
+ },
814
+ "Origins": [
815
+ {
816
+ "DomainName": {
817
+ "Fn::GetAtt": [
818
+ "testcloudfrontoais3S3Bucket578AB9F3",
819
+ "RegionalDomainName"
820
+ ]
821
+ },
822
+ "Id": "cftoais3noargumentstestcloudfrontoais3CloudFrontDistributionOrigin1D9C87098",
823
+ "S3OriginConfig": {
824
+ "OriginAccessIdentity": {
825
+ "Fn::Join": [
826
+ "",
827
+ [
828
+ "origin-access-identity/cloudfront/",
829
+ {
830
+ "Ref": "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1"
831
+ }
832
+ ]
833
+ ]
834
+ }
835
+ }
836
+ }
837
+ ]
838
+ }
839
+ },
840
+ "Metadata": {
841
+ "cfn_nag": {
842
+ "rules_to_suppress": [
843
+ {
844
+ "id": "W70",
845
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
846
+ }
847
+ ]
848
+ }
849
+ }
850
+ },
851
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
852
+ "Type": "AWS::IAM::Role",
853
+ "Properties": {
854
+ "AssumeRolePolicyDocument": {
855
+ "Version": "2012-10-17",
856
+ "Statement": [
857
+ {
858
+ "Action": "sts:AssumeRole",
859
+ "Effect": "Allow",
860
+ "Principal": {
861
+ "Service": "lambda.amazonaws.com"
862
+ }
863
+ }
864
+ ]
865
+ },
866
+ "ManagedPolicyArns": [
867
+ {
868
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
869
+ }
870
+ ]
871
+ }
872
+ },
873
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
874
+ "Type": "AWS::Lambda::Function",
875
+ "Properties": {
876
+ "Code": {
877
+ "S3Bucket": {
878
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
879
+ },
880
+ "S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
881
+ },
882
+ "Timeout": 900,
883
+ "MemorySize": 128,
884
+ "Handler": "index.handler",
885
+ "Role": {
886
+ "Fn::GetAtt": [
887
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
888
+ "Arn"
889
+ ]
890
+ },
891
+ "Runtime": {
892
+ "Fn::FindInMap": [
893
+ "LatestNodeRuntimeMap",
894
+ {
895
+ "Ref": "AWS::Region"
896
+ },
897
+ "value"
898
+ ]
899
+ },
900
+ "Description": {
901
+ "Fn::Join": [
902
+ "",
903
+ [
904
+ "Lambda function for auto-deleting objects in ",
905
+ {
906
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
907
+ },
908
+ " S3 bucket."
909
+ ]
910
+ ]
911
+ }
912
+ },
913
+ "DependsOn": [
914
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
915
+ ],
916
+ "Metadata": {
917
+ "cfn_nag": {
918
+ "rules_to_suppress": [
919
+ {
920
+ "id": "W58",
921
+ "reason": "CDK generated custom resource"
922
+ },
923
+ {
924
+ "id": "W89",
925
+ "reason": "CDK generated custom resource"
926
+ },
927
+ {
928
+ "id": "W92",
929
+ "reason": "CDK generated custom resource"
930
+ }
931
+ ]
932
+ }
933
+ }
934
+ }
935
+ },
936
+ "Mappings": {
937
+ "LatestNodeRuntimeMap": {
938
+ "af-south-1": {
939
+ "value": "nodejs20.x"
940
+ },
941
+ "ap-east-1": {
942
+ "value": "nodejs20.x"
943
+ },
944
+ "ap-northeast-1": {
945
+ "value": "nodejs20.x"
946
+ },
947
+ "ap-northeast-2": {
948
+ "value": "nodejs20.x"
949
+ },
950
+ "ap-northeast-3": {
951
+ "value": "nodejs20.x"
952
+ },
953
+ "ap-south-1": {
954
+ "value": "nodejs20.x"
955
+ },
956
+ "ap-south-2": {
957
+ "value": "nodejs20.x"
958
+ },
959
+ "ap-southeast-1": {
960
+ "value": "nodejs20.x"
961
+ },
962
+ "ap-southeast-2": {
963
+ "value": "nodejs20.x"
964
+ },
965
+ "ap-southeast-3": {
966
+ "value": "nodejs20.x"
967
+ },
968
+ "ap-southeast-4": {
969
+ "value": "nodejs20.x"
970
+ },
971
+ "ap-southeast-5": {
972
+ "value": "nodejs20.x"
973
+ },
974
+ "ap-southeast-7": {
975
+ "value": "nodejs20.x"
976
+ },
977
+ "ca-central-1": {
978
+ "value": "nodejs20.x"
979
+ },
980
+ "ca-west-1": {
981
+ "value": "nodejs20.x"
982
+ },
983
+ "cn-north-1": {
984
+ "value": "nodejs18.x"
985
+ },
986
+ "cn-northwest-1": {
987
+ "value": "nodejs18.x"
988
+ },
989
+ "eu-central-1": {
990
+ "value": "nodejs20.x"
991
+ },
992
+ "eu-central-2": {
993
+ "value": "nodejs20.x"
994
+ },
995
+ "eu-isoe-west-1": {
996
+ "value": "nodejs18.x"
997
+ },
998
+ "eu-north-1": {
999
+ "value": "nodejs20.x"
1000
+ },
1001
+ "eu-south-1": {
1002
+ "value": "nodejs20.x"
1003
+ },
1004
+ "eu-south-2": {
1005
+ "value": "nodejs20.x"
1006
+ },
1007
+ "eu-west-1": {
1008
+ "value": "nodejs20.x"
1009
+ },
1010
+ "eu-west-2": {
1011
+ "value": "nodejs20.x"
1012
+ },
1013
+ "eu-west-3": {
1014
+ "value": "nodejs20.x"
1015
+ },
1016
+ "il-central-1": {
1017
+ "value": "nodejs20.x"
1018
+ },
1019
+ "me-central-1": {
1020
+ "value": "nodejs20.x"
1021
+ },
1022
+ "me-south-1": {
1023
+ "value": "nodejs20.x"
1024
+ },
1025
+ "mx-central-1": {
1026
+ "value": "nodejs20.x"
1027
+ },
1028
+ "sa-east-1": {
1029
+ "value": "nodejs20.x"
1030
+ },
1031
+ "us-east-1": {
1032
+ "value": "nodejs20.x"
1033
+ },
1034
+ "us-east-2": {
1035
+ "value": "nodejs20.x"
1036
+ },
1037
+ "us-gov-east-1": {
1038
+ "value": "nodejs18.x"
1039
+ },
1040
+ "us-gov-west-1": {
1041
+ "value": "nodejs18.x"
1042
+ },
1043
+ "us-iso-east-1": {
1044
+ "value": "nodejs18.x"
1045
+ },
1046
+ "us-iso-west-1": {
1047
+ "value": "nodejs18.x"
1048
+ },
1049
+ "us-isob-east-1": {
1050
+ "value": "nodejs18.x"
1051
+ },
1052
+ "us-west-1": {
1053
+ "value": "nodejs20.x"
1054
+ },
1055
+ "us-west-2": {
1056
+ "value": "nodejs20.x"
1057
+ }
1058
+ }
1059
+ },
1060
+ "Parameters": {
1061
+ "BootstrapVersion": {
1062
+ "Type": "AWS::SSM::Parameter::Value<String>",
1063
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1064
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1065
+ }
1066
+ },
1067
+ "Rules": {
1068
+ "CheckBootstrapVersion": {
1069
+ "Assertions": [
1070
+ {
1071
+ "Assert": {
1072
+ "Fn::Not": [
1073
+ {
1074
+ "Fn::Contains": [
1075
+ [
1076
+ "1",
1077
+ "2",
1078
+ "3",
1079
+ "4",
1080
+ "5"
1081
+ ],
1082
+ {
1083
+ "Ref": "BootstrapVersion"
1084
+ }
1085
+ ]
1086
+ }
1087
+ ]
1088
+ },
1089
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1090
+ }
1091
+ ]
1092
+ }
1093
+ }
1094
+ }