@aws-solutions-constructs/aws-cloudfront-oai-s3 2.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/.jsii +4403 -0
  2. package/README.md +109 -0
  3. package/architecture.png +0 -0
  4. package/integ.config.json +7 -0
  5. package/lib/index.d.ts +118 -0
  6. package/lib/index.js +106 -0
  7. package/package.json +95 -0
  8. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts +13 -0
  9. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +56 -0
  10. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  11. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  12. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +32 -0
  13. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +1061 -0
  14. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.assets.json +19 -0
  15. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.template.json +36 -0
  16. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  17. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +215 -0
  18. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +1105 -0
  19. package/test/integ.cftoais3-custom-headers.d.ts +13 -0
  20. package/test/integ.cftoais3-custom-headers.js +71 -0
  21. package/test/integ.cftoais3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  22. package/test/integ.cftoais3-custom-headers.js.snapshot/cdk.out +1 -0
  23. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.assets.json +32 -0
  24. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.template.json +1116 -0
  25. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.assets.json +19 -0
  26. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.template.json +36 -0
  27. package/test/integ.cftoais3-custom-headers.js.snapshot/integ.json +12 -0
  28. package/test/integ.cftoais3-custom-headers.js.snapshot/manifest.json +227 -0
  29. package/test/integ.cftoais3-custom-headers.js.snapshot/tree.json +1196 -0
  30. package/test/integ.cftoais3-custom-originPath.d.ts +13 -0
  31. package/test/integ.cftoais3-custom-originPath.js +48 -0
  32. package/test/integ.cftoais3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  33. package/test/integ.cftoais3-custom-originPath.js.snapshot/cdk.out +1 -0
  34. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.assets.json +32 -0
  35. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.template.json +1085 -0
  36. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.assets.json +19 -0
  37. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.template.json +36 -0
  38. package/test/integ.cftoais3-custom-originPath.js.snapshot/integ.json +12 -0
  39. package/test/integ.cftoais3-custom-originPath.js.snapshot/manifest.json +221 -0
  40. package/test/integ.cftoais3-custom-originPath.js.snapshot/tree.json +1147 -0
  41. package/test/integ.cftoais3-customLoggingBuckets.d.ts +13 -0
  42. package/test/integ.cftoais3-customLoggingBuckets.js +64 -0
  43. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  44. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  45. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.assets.json +32 -0
  46. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.template.json +1109 -0
  47. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.assets.json +19 -0
  48. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.template.json +36 -0
  49. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  50. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/manifest.json +221 -0
  51. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/tree.json +1172 -0
  52. package/test/integ.cftoais3-existing-bucket.d.ts +13 -0
  53. package/test/integ.cftoais3-existing-bucket.js +59 -0
  54. package/test/integ.cftoais3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  55. package/test/integ.cftoais3-existing-bucket.js.snapshot/cdk.out +1 -0
  56. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.assets.json +32 -0
  57. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.template.json +1131 -0
  58. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.assets.json +19 -0
  59. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.template.json +36 -0
  60. package/test/integ.cftoais3-existing-bucket.js.snapshot/integ.json +12 -0
  61. package/test/integ.cftoais3-existing-bucket.js.snapshot/manifest.json +233 -0
  62. package/test/integ.cftoais3-existing-bucket.js.snapshot/tree.json +1240 -0
  63. package/test/integ.cftoais3-no-arguments.d.ts +13 -0
  64. package/test/integ.cftoais3-no-arguments.js +53 -0
  65. package/test/integ.cftoais3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  66. package/test/integ.cftoais3-no-arguments.js.snapshot/cdk.out +1 -0
  67. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.assets.json +32 -0
  68. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.template.json +1094 -0
  69. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.assets.json +19 -0
  70. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.template.json +36 -0
  71. package/test/integ.cftoais3-no-arguments.js.snapshot/integ.json +12 -0
  72. package/test/integ.cftoais3-no-arguments.js.snapshot/manifest.json +356 -0
  73. package/test/integ.cftoais3-no-arguments.js.snapshot/tree.json +1146 -0
  74. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.d.ts +13 -0
  75. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js +60 -0
  76. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  77. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -0
  78. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.assets.json +32 -0
  79. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.template.json +743 -0
  80. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.assets.json +19 -0
  81. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.template.json +36 -0
  82. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +12 -0
  83. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +185 -0
  84. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +726 -0
  85. package/test/integ.cftoais3-no-logging.d.ts +13 -0
  86. package/test/integ.cftoais3-no-logging.js +56 -0
  87. package/test/integ.cftoais3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  88. package/test/integ.cftoais3-no-logging.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.assets.json +32 -0
  90. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.template.json +576 -0
  91. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.assets.json +19 -0
  92. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.template.json +36 -0
  93. package/test/integ.cftoais3-no-logging.js.snapshot/integ.json +12 -0
  94. package/test/integ.cftoais3-no-logging.js.snapshot/manifest.json +167 -0
  95. package/test/integ.cftoais3-no-logging.js.snapshot/tree.json +542 -0
  96. package/test/integ.cftoais3-no-security-headers.d.ts +13 -0
  97. package/test/integ.cftoais3-no-security-headers.js +50 -0
  98. package/test/integ.cftoais3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  99. package/test/integ.cftoais3-no-security-headers.js.snapshot/cdk.out +1 -0
  100. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.assets.json +32 -0
  101. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.template.json +1061 -0
  102. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.assets.json +19 -0
  103. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.template.json +36 -0
  104. package/test/integ.cftoais3-no-security-headers.js.snapshot/integ.json +12 -0
  105. package/test/integ.cftoais3-no-security-headers.js.snapshot/manifest.json +215 -0
  106. package/test/integ.cftoais3-no-security-headers.js.snapshot/tree.json +1105 -0
  107. package/test/test.cloudfront-oai-s3.test.d.ts +13 -0
  108. package/test/test.cloudfront-oai-s3.test.js +702 -0
@@ -0,0 +1,743 @@
1
+ {
2
+ "Description": "Integration Test for aws-cloudfront-oai-s3",
3
+ "Resources": {
4
+ "testcloudfrontoais3S3Bucket578AB9F3": {
5
+ "Type": "AWS::S3::Bucket",
6
+ "Properties": {
7
+ "BucketEncryption": {
8
+ "ServerSideEncryptionConfiguration": [
9
+ {
10
+ "ServerSideEncryptionByDefault": {
11
+ "SSEAlgorithm": "AES256"
12
+ }
13
+ }
14
+ ]
15
+ },
16
+ "LifecycleConfiguration": {
17
+ "Rules": [
18
+ {
19
+ "NoncurrentVersionTransitions": [
20
+ {
21
+ "StorageClass": "GLACIER",
22
+ "TransitionInDays": 90
23
+ }
24
+ ],
25
+ "Status": "Enabled"
26
+ }
27
+ ]
28
+ },
29
+ "PublicAccessBlockConfiguration": {
30
+ "BlockPublicAcls": true,
31
+ "BlockPublicPolicy": true,
32
+ "IgnorePublicAcls": true,
33
+ "RestrictPublicBuckets": true
34
+ },
35
+ "Tags": [
36
+ {
37
+ "Key": "aws-cdk:auto-delete-objects",
38
+ "Value": "true"
39
+ }
40
+ ],
41
+ "VersioningConfiguration": {
42
+ "Status": "Enabled"
43
+ }
44
+ },
45
+ "UpdateReplacePolicy": "Delete",
46
+ "DeletionPolicy": "Delete",
47
+ "Metadata": {
48
+ "cfn_nag": {
49
+ "rules_to_suppress": [
50
+ {
51
+ "id": "W35",
52
+ "reason": "Test case only"
53
+ }
54
+ ]
55
+ }
56
+ }
57
+ },
58
+ "testcloudfrontoais3S3BucketPolicyD2322CC3": {
59
+ "Type": "AWS::S3::BucketPolicy",
60
+ "Properties": {
61
+ "Bucket": {
62
+ "Ref": "testcloudfrontoais3S3Bucket578AB9F3"
63
+ },
64
+ "PolicyDocument": {
65
+ "Statement": [
66
+ {
67
+ "Action": "s3:*",
68
+ "Condition": {
69
+ "Bool": {
70
+ "aws:SecureTransport": "false"
71
+ }
72
+ },
73
+ "Effect": "Deny",
74
+ "Principal": {
75
+ "AWS": "*"
76
+ },
77
+ "Resource": [
78
+ {
79
+ "Fn::GetAtt": [
80
+ "testcloudfrontoais3S3Bucket578AB9F3",
81
+ "Arn"
82
+ ]
83
+ },
84
+ {
85
+ "Fn::Join": [
86
+ "",
87
+ [
88
+ {
89
+ "Fn::GetAtt": [
90
+ "testcloudfrontoais3S3Bucket578AB9F3",
91
+ "Arn"
92
+ ]
93
+ },
94
+ "/*"
95
+ ]
96
+ ]
97
+ }
98
+ ]
99
+ },
100
+ {
101
+ "Action": [
102
+ "s3:DeleteObject*",
103
+ "s3:GetBucket*",
104
+ "s3:List*",
105
+ "s3:PutBucketPolicy"
106
+ ],
107
+ "Effect": "Allow",
108
+ "Principal": {
109
+ "AWS": {
110
+ "Fn::GetAtt": [
111
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
112
+ "Arn"
113
+ ]
114
+ }
115
+ },
116
+ "Resource": [
117
+ {
118
+ "Fn::GetAtt": [
119
+ "testcloudfrontoais3S3Bucket578AB9F3",
120
+ "Arn"
121
+ ]
122
+ },
123
+ {
124
+ "Fn::Join": [
125
+ "",
126
+ [
127
+ {
128
+ "Fn::GetAtt": [
129
+ "testcloudfrontoais3S3Bucket578AB9F3",
130
+ "Arn"
131
+ ]
132
+ },
133
+ "/*"
134
+ ]
135
+ ]
136
+ }
137
+ ]
138
+ },
139
+ {
140
+ "Action": "s3:GetObject",
141
+ "Effect": "Allow",
142
+ "Principal": {
143
+ "CanonicalUser": {
144
+ "Fn::GetAtt": [
145
+ "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1",
146
+ "S3CanonicalUserId"
147
+ ]
148
+ }
149
+ },
150
+ "Resource": {
151
+ "Fn::Join": [
152
+ "",
153
+ [
154
+ {
155
+ "Fn::GetAtt": [
156
+ "testcloudfrontoais3S3Bucket578AB9F3",
157
+ "Arn"
158
+ ]
159
+ },
160
+ "/*"
161
+ ]
162
+ ]
163
+ }
164
+ },
165
+ {
166
+ "Action": "s3:GetObject",
167
+ "Condition": {
168
+ "StringEquals": {
169
+ "AWS:SourceArn": {
170
+ "Fn::Join": [
171
+ "",
172
+ [
173
+ "arn:",
174
+ {
175
+ "Ref": "AWS::Partition"
176
+ },
177
+ ":cloudfront::",
178
+ {
179
+ "Ref": "AWS::AccountId"
180
+ },
181
+ ":distribution/",
182
+ {
183
+ "Ref": "testcloudfrontoais3CloudFrontDistribution0E089CC5"
184
+ }
185
+ ]
186
+ ]
187
+ }
188
+ }
189
+ },
190
+ "Effect": "Allow",
191
+ "Principal": {
192
+ "Service": "cloudfront.amazonaws.com"
193
+ },
194
+ "Resource": {
195
+ "Fn::Join": [
196
+ "",
197
+ [
198
+ {
199
+ "Fn::GetAtt": [
200
+ "testcloudfrontoais3S3Bucket578AB9F3",
201
+ "Arn"
202
+ ]
203
+ },
204
+ "/*"
205
+ ]
206
+ ]
207
+ }
208
+ }
209
+ ],
210
+ "Version": "2012-10-17"
211
+ }
212
+ },
213
+ "Metadata": {
214
+ "cfn_nag": {
215
+ "rules_to_suppress": [
216
+ {
217
+ "id": "F16",
218
+ "reason": "Public website bucket policy requires a wildcard principal"
219
+ }
220
+ ]
221
+ }
222
+ }
223
+ },
224
+ "testcloudfrontoais3S3BucketAutoDeleteObjectsCustomResourceA2545EE1": {
225
+ "Type": "Custom::S3AutoDeleteObjects",
226
+ "Properties": {
227
+ "ServiceToken": {
228
+ "Fn::GetAtt": [
229
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
230
+ "Arn"
231
+ ]
232
+ },
233
+ "BucketName": {
234
+ "Ref": "testcloudfrontoais3S3Bucket578AB9F3"
235
+ }
236
+ },
237
+ "DependsOn": [
238
+ "testcloudfrontoais3S3BucketPolicyD2322CC3"
239
+ ],
240
+ "UpdateReplacePolicy": "Delete",
241
+ "DeletionPolicy": "Delete"
242
+ },
243
+ "testcloudfrontoais3SetHttpSecurityHeaders4EB3C97B": {
244
+ "Type": "AWS::CloudFront::Function",
245
+ "Properties": {
246
+ "AutoPublish": true,
247
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
248
+ "FunctionConfig": {
249
+ "Comment": "SetHttpSecurityHeadersc8f7f4bd284e0dfe896b4ee5e3002830ae26040096",
250
+ "Runtime": "cloudfront-js-1.0"
251
+ },
252
+ "Name": "SetHttpSecurityHeadersc8f7f4bd284e0dfe896b4ee5e3002830ae26040096"
253
+ }
254
+ },
255
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC": {
256
+ "Type": "AWS::S3::Bucket",
257
+ "Properties": {
258
+ "AccessControl": "LogDeliveryWrite",
259
+ "BucketEncryption": {
260
+ "ServerSideEncryptionConfiguration": [
261
+ {
262
+ "ServerSideEncryptionByDefault": {
263
+ "SSEAlgorithm": "AES256"
264
+ }
265
+ }
266
+ ]
267
+ },
268
+ "OwnershipControls": {
269
+ "Rules": [
270
+ {
271
+ "ObjectOwnership": "ObjectWriter"
272
+ }
273
+ ]
274
+ },
275
+ "PublicAccessBlockConfiguration": {
276
+ "BlockPublicAcls": true,
277
+ "BlockPublicPolicy": true,
278
+ "IgnorePublicAcls": true,
279
+ "RestrictPublicBuckets": true
280
+ },
281
+ "Tags": [
282
+ {
283
+ "Key": "aws-cdk:auto-delete-objects",
284
+ "Value": "true"
285
+ }
286
+ ],
287
+ "VersioningConfiguration": {
288
+ "Status": "Enabled"
289
+ }
290
+ },
291
+ "UpdateReplacePolicy": "Delete",
292
+ "DeletionPolicy": "Delete",
293
+ "Metadata": {
294
+ "cfn_nag": {
295
+ "rules_to_suppress": [
296
+ {
297
+ "id": "W35",
298
+ "reason": "Test case only"
299
+ }
300
+ ]
301
+ },
302
+ "guard": {
303
+ "SuppressedRules": [
304
+ "S3_BUCKET_LOGGING_ENABLED"
305
+ ]
306
+ }
307
+ }
308
+ },
309
+ "testcloudfrontoais3CloudfrontLoggingBucketPolicy2130EE92": {
310
+ "Type": "AWS::S3::BucketPolicy",
311
+ "Properties": {
312
+ "Bucket": {
313
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC"
314
+ },
315
+ "PolicyDocument": {
316
+ "Statement": [
317
+ {
318
+ "Action": "s3:*",
319
+ "Condition": {
320
+ "Bool": {
321
+ "aws:SecureTransport": "false"
322
+ }
323
+ },
324
+ "Effect": "Deny",
325
+ "Principal": {
326
+ "AWS": "*"
327
+ },
328
+ "Resource": [
329
+ {
330
+ "Fn::GetAtt": [
331
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
332
+ "Arn"
333
+ ]
334
+ },
335
+ {
336
+ "Fn::Join": [
337
+ "",
338
+ [
339
+ {
340
+ "Fn::GetAtt": [
341
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
342
+ "Arn"
343
+ ]
344
+ },
345
+ "/*"
346
+ ]
347
+ ]
348
+ }
349
+ ]
350
+ },
351
+ {
352
+ "Action": [
353
+ "s3:DeleteObject*",
354
+ "s3:GetBucket*",
355
+ "s3:List*",
356
+ "s3:PutBucketPolicy"
357
+ ],
358
+ "Effect": "Allow",
359
+ "Principal": {
360
+ "AWS": {
361
+ "Fn::GetAtt": [
362
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
363
+ "Arn"
364
+ ]
365
+ }
366
+ },
367
+ "Resource": [
368
+ {
369
+ "Fn::GetAtt": [
370
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
371
+ "Arn"
372
+ ]
373
+ },
374
+ {
375
+ "Fn::Join": [
376
+ "",
377
+ [
378
+ {
379
+ "Fn::GetAtt": [
380
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
381
+ "Arn"
382
+ ]
383
+ },
384
+ "/*"
385
+ ]
386
+ ]
387
+ }
388
+ ]
389
+ }
390
+ ],
391
+ "Version": "2012-10-17"
392
+ }
393
+ }
394
+ },
395
+ "testcloudfrontoais3CloudfrontLoggingBucketAutoDeleteObjectsCustomResourceE88BD625": {
396
+ "Type": "Custom::S3AutoDeleteObjects",
397
+ "Properties": {
398
+ "ServiceToken": {
399
+ "Fn::GetAtt": [
400
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
401
+ "Arn"
402
+ ]
403
+ },
404
+ "BucketName": {
405
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC"
406
+ }
407
+ },
408
+ "DependsOn": [
409
+ "testcloudfrontoais3CloudfrontLoggingBucketPolicy2130EE92"
410
+ ],
411
+ "UpdateReplacePolicy": "Delete",
412
+ "DeletionPolicy": "Delete"
413
+ },
414
+ "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1": {
415
+ "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
416
+ "Properties": {
417
+ "CloudFrontOriginAccessIdentityConfig": {
418
+ "Comment": "Identity for cftoais3nocloudfronts3accesslogstestcloudfrontoais3CloudFrontDistributionOrigin19941995A"
419
+ }
420
+ }
421
+ },
422
+ "testcloudfrontoais3CloudFrontDistribution0E089CC5": {
423
+ "Type": "AWS::CloudFront::Distribution",
424
+ "Properties": {
425
+ "DistributionConfig": {
426
+ "DefaultCacheBehavior": {
427
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
428
+ "Compress": true,
429
+ "FunctionAssociations": [
430
+ {
431
+ "EventType": "viewer-response",
432
+ "FunctionARN": {
433
+ "Fn::GetAtt": [
434
+ "testcloudfrontoais3SetHttpSecurityHeaders4EB3C97B",
435
+ "FunctionARN"
436
+ ]
437
+ }
438
+ }
439
+ ],
440
+ "TargetOriginId": "cftoais3nocloudfronts3accesslogstestcloudfrontoais3CloudFrontDistributionOrigin19941995A",
441
+ "ViewerProtocolPolicy": "redirect-to-https"
442
+ },
443
+ "DefaultRootObject": "index.html",
444
+ "Enabled": true,
445
+ "HttpVersion": "http2",
446
+ "IPV6Enabled": true,
447
+ "Logging": {
448
+ "Bucket": {
449
+ "Fn::GetAtt": [
450
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
451
+ "RegionalDomainName"
452
+ ]
453
+ }
454
+ },
455
+ "Origins": [
456
+ {
457
+ "DomainName": {
458
+ "Fn::GetAtt": [
459
+ "testcloudfrontoais3S3Bucket578AB9F3",
460
+ "RegionalDomainName"
461
+ ]
462
+ },
463
+ "Id": "cftoais3nocloudfronts3accesslogstestcloudfrontoais3CloudFrontDistributionOrigin19941995A",
464
+ "S3OriginConfig": {
465
+ "OriginAccessIdentity": {
466
+ "Fn::Join": [
467
+ "",
468
+ [
469
+ "origin-access-identity/cloudfront/",
470
+ {
471
+ "Ref": "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1"
472
+ }
473
+ ]
474
+ ]
475
+ }
476
+ }
477
+ }
478
+ ]
479
+ }
480
+ },
481
+ "Metadata": {
482
+ "cfn_nag": {
483
+ "rules_to_suppress": [
484
+ {
485
+ "id": "W70",
486
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
487
+ },
488
+ {
489
+ "id": "W10",
490
+ "reason": "Test case only"
491
+ },
492
+ {
493
+ "id": "W35",
494
+ "reason": "Test case only"
495
+ }
496
+ ]
497
+ }
498
+ }
499
+ },
500
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
501
+ "Type": "AWS::IAM::Role",
502
+ "Properties": {
503
+ "AssumeRolePolicyDocument": {
504
+ "Version": "2012-10-17",
505
+ "Statement": [
506
+ {
507
+ "Action": "sts:AssumeRole",
508
+ "Effect": "Allow",
509
+ "Principal": {
510
+ "Service": "lambda.amazonaws.com"
511
+ }
512
+ }
513
+ ]
514
+ },
515
+ "ManagedPolicyArns": [
516
+ {
517
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
518
+ }
519
+ ]
520
+ }
521
+ },
522
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
523
+ "Type": "AWS::Lambda::Function",
524
+ "Properties": {
525
+ "Code": {
526
+ "S3Bucket": {
527
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
528
+ },
529
+ "S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
530
+ },
531
+ "Timeout": 900,
532
+ "MemorySize": 128,
533
+ "Handler": "index.handler",
534
+ "Role": {
535
+ "Fn::GetAtt": [
536
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
537
+ "Arn"
538
+ ]
539
+ },
540
+ "Runtime": {
541
+ "Fn::FindInMap": [
542
+ "LatestNodeRuntimeMap",
543
+ {
544
+ "Ref": "AWS::Region"
545
+ },
546
+ "value"
547
+ ]
548
+ },
549
+ "Description": {
550
+ "Fn::Join": [
551
+ "",
552
+ [
553
+ "Lambda function for auto-deleting objects in ",
554
+ {
555
+ "Ref": "testcloudfrontoais3S3Bucket578AB9F3"
556
+ },
557
+ " S3 bucket."
558
+ ]
559
+ ]
560
+ }
561
+ },
562
+ "DependsOn": [
563
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
564
+ ],
565
+ "Metadata": {
566
+ "cfn_nag": {
567
+ "rules_to_suppress": [
568
+ {
569
+ "id": "W58",
570
+ "reason": "CDK generated custom resource"
571
+ },
572
+ {
573
+ "id": "W89",
574
+ "reason": "CDK generated custom resource"
575
+ },
576
+ {
577
+ "id": "W92",
578
+ "reason": "CDK generated custom resource"
579
+ }
580
+ ]
581
+ }
582
+ }
583
+ }
584
+ },
585
+ "Mappings": {
586
+ "LatestNodeRuntimeMap": {
587
+ "af-south-1": {
588
+ "value": "nodejs20.x"
589
+ },
590
+ "ap-east-1": {
591
+ "value": "nodejs20.x"
592
+ },
593
+ "ap-northeast-1": {
594
+ "value": "nodejs20.x"
595
+ },
596
+ "ap-northeast-2": {
597
+ "value": "nodejs20.x"
598
+ },
599
+ "ap-northeast-3": {
600
+ "value": "nodejs20.x"
601
+ },
602
+ "ap-south-1": {
603
+ "value": "nodejs20.x"
604
+ },
605
+ "ap-south-2": {
606
+ "value": "nodejs20.x"
607
+ },
608
+ "ap-southeast-1": {
609
+ "value": "nodejs20.x"
610
+ },
611
+ "ap-southeast-2": {
612
+ "value": "nodejs20.x"
613
+ },
614
+ "ap-southeast-3": {
615
+ "value": "nodejs20.x"
616
+ },
617
+ "ap-southeast-4": {
618
+ "value": "nodejs20.x"
619
+ },
620
+ "ap-southeast-5": {
621
+ "value": "nodejs20.x"
622
+ },
623
+ "ap-southeast-7": {
624
+ "value": "nodejs20.x"
625
+ },
626
+ "ca-central-1": {
627
+ "value": "nodejs20.x"
628
+ },
629
+ "ca-west-1": {
630
+ "value": "nodejs20.x"
631
+ },
632
+ "cn-north-1": {
633
+ "value": "nodejs18.x"
634
+ },
635
+ "cn-northwest-1": {
636
+ "value": "nodejs18.x"
637
+ },
638
+ "eu-central-1": {
639
+ "value": "nodejs20.x"
640
+ },
641
+ "eu-central-2": {
642
+ "value": "nodejs20.x"
643
+ },
644
+ "eu-isoe-west-1": {
645
+ "value": "nodejs18.x"
646
+ },
647
+ "eu-north-1": {
648
+ "value": "nodejs20.x"
649
+ },
650
+ "eu-south-1": {
651
+ "value": "nodejs20.x"
652
+ },
653
+ "eu-south-2": {
654
+ "value": "nodejs20.x"
655
+ },
656
+ "eu-west-1": {
657
+ "value": "nodejs20.x"
658
+ },
659
+ "eu-west-2": {
660
+ "value": "nodejs20.x"
661
+ },
662
+ "eu-west-3": {
663
+ "value": "nodejs20.x"
664
+ },
665
+ "il-central-1": {
666
+ "value": "nodejs20.x"
667
+ },
668
+ "me-central-1": {
669
+ "value": "nodejs20.x"
670
+ },
671
+ "me-south-1": {
672
+ "value": "nodejs20.x"
673
+ },
674
+ "mx-central-1": {
675
+ "value": "nodejs20.x"
676
+ },
677
+ "sa-east-1": {
678
+ "value": "nodejs20.x"
679
+ },
680
+ "us-east-1": {
681
+ "value": "nodejs20.x"
682
+ },
683
+ "us-east-2": {
684
+ "value": "nodejs20.x"
685
+ },
686
+ "us-gov-east-1": {
687
+ "value": "nodejs18.x"
688
+ },
689
+ "us-gov-west-1": {
690
+ "value": "nodejs18.x"
691
+ },
692
+ "us-iso-east-1": {
693
+ "value": "nodejs18.x"
694
+ },
695
+ "us-iso-west-1": {
696
+ "value": "nodejs18.x"
697
+ },
698
+ "us-isob-east-1": {
699
+ "value": "nodejs18.x"
700
+ },
701
+ "us-west-1": {
702
+ "value": "nodejs20.x"
703
+ },
704
+ "us-west-2": {
705
+ "value": "nodejs20.x"
706
+ }
707
+ }
708
+ },
709
+ "Parameters": {
710
+ "BootstrapVersion": {
711
+ "Type": "AWS::SSM::Parameter::Value<String>",
712
+ "Default": "/cdk-bootstrap/hnb659fds/version",
713
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
714
+ }
715
+ },
716
+ "Rules": {
717
+ "CheckBootstrapVersion": {
718
+ "Assertions": [
719
+ {
720
+ "Assert": {
721
+ "Fn::Not": [
722
+ {
723
+ "Fn::Contains": [
724
+ [
725
+ "1",
726
+ "2",
727
+ "3",
728
+ "4",
729
+ "5"
730
+ ],
731
+ {
732
+ "Ref": "BootstrapVersion"
733
+ }
734
+ ]
735
+ }
736
+ ]
737
+ },
738
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
739
+ }
740
+ ]
741
+ }
742
+ }
743
+ }