@aws-solutions-constructs/aws-cloudfront-oai-s3 2.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/.jsii +4403 -0
  2. package/README.md +109 -0
  3. package/architecture.png +0 -0
  4. package/integ.config.json +7 -0
  5. package/lib/index.d.ts +118 -0
  6. package/lib/index.js +106 -0
  7. package/package.json +95 -0
  8. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts +13 -0
  9. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +56 -0
  10. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  11. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  12. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +32 -0
  13. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +1061 -0
  14. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.assets.json +19 -0
  15. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.template.json +36 -0
  16. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  17. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +215 -0
  18. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +1105 -0
  19. package/test/integ.cftoais3-custom-headers.d.ts +13 -0
  20. package/test/integ.cftoais3-custom-headers.js +71 -0
  21. package/test/integ.cftoais3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  22. package/test/integ.cftoais3-custom-headers.js.snapshot/cdk.out +1 -0
  23. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.assets.json +32 -0
  24. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.template.json +1116 -0
  25. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.assets.json +19 -0
  26. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.template.json +36 -0
  27. package/test/integ.cftoais3-custom-headers.js.snapshot/integ.json +12 -0
  28. package/test/integ.cftoais3-custom-headers.js.snapshot/manifest.json +227 -0
  29. package/test/integ.cftoais3-custom-headers.js.snapshot/tree.json +1196 -0
  30. package/test/integ.cftoais3-custom-originPath.d.ts +13 -0
  31. package/test/integ.cftoais3-custom-originPath.js +48 -0
  32. package/test/integ.cftoais3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  33. package/test/integ.cftoais3-custom-originPath.js.snapshot/cdk.out +1 -0
  34. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.assets.json +32 -0
  35. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.template.json +1085 -0
  36. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.assets.json +19 -0
  37. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.template.json +36 -0
  38. package/test/integ.cftoais3-custom-originPath.js.snapshot/integ.json +12 -0
  39. package/test/integ.cftoais3-custom-originPath.js.snapshot/manifest.json +221 -0
  40. package/test/integ.cftoais3-custom-originPath.js.snapshot/tree.json +1147 -0
  41. package/test/integ.cftoais3-customLoggingBuckets.d.ts +13 -0
  42. package/test/integ.cftoais3-customLoggingBuckets.js +64 -0
  43. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  44. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  45. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.assets.json +32 -0
  46. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.template.json +1109 -0
  47. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.assets.json +19 -0
  48. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.template.json +36 -0
  49. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  50. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/manifest.json +221 -0
  51. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/tree.json +1172 -0
  52. package/test/integ.cftoais3-existing-bucket.d.ts +13 -0
  53. package/test/integ.cftoais3-existing-bucket.js +59 -0
  54. package/test/integ.cftoais3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  55. package/test/integ.cftoais3-existing-bucket.js.snapshot/cdk.out +1 -0
  56. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.assets.json +32 -0
  57. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.template.json +1131 -0
  58. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.assets.json +19 -0
  59. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.template.json +36 -0
  60. package/test/integ.cftoais3-existing-bucket.js.snapshot/integ.json +12 -0
  61. package/test/integ.cftoais3-existing-bucket.js.snapshot/manifest.json +233 -0
  62. package/test/integ.cftoais3-existing-bucket.js.snapshot/tree.json +1240 -0
  63. package/test/integ.cftoais3-no-arguments.d.ts +13 -0
  64. package/test/integ.cftoais3-no-arguments.js +53 -0
  65. package/test/integ.cftoais3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  66. package/test/integ.cftoais3-no-arguments.js.snapshot/cdk.out +1 -0
  67. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.assets.json +32 -0
  68. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.template.json +1094 -0
  69. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.assets.json +19 -0
  70. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.template.json +36 -0
  71. package/test/integ.cftoais3-no-arguments.js.snapshot/integ.json +12 -0
  72. package/test/integ.cftoais3-no-arguments.js.snapshot/manifest.json +356 -0
  73. package/test/integ.cftoais3-no-arguments.js.snapshot/tree.json +1146 -0
  74. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.d.ts +13 -0
  75. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js +60 -0
  76. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  77. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -0
  78. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.assets.json +32 -0
  79. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.template.json +743 -0
  80. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.assets.json +19 -0
  81. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.template.json +36 -0
  82. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +12 -0
  83. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +185 -0
  84. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +726 -0
  85. package/test/integ.cftoais3-no-logging.d.ts +13 -0
  86. package/test/integ.cftoais3-no-logging.js +56 -0
  87. package/test/integ.cftoais3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  88. package/test/integ.cftoais3-no-logging.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.assets.json +32 -0
  90. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.template.json +576 -0
  91. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.assets.json +19 -0
  92. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.template.json +36 -0
  93. package/test/integ.cftoais3-no-logging.js.snapshot/integ.json +12 -0
  94. package/test/integ.cftoais3-no-logging.js.snapshot/manifest.json +167 -0
  95. package/test/integ.cftoais3-no-logging.js.snapshot/tree.json +542 -0
  96. package/test/integ.cftoais3-no-security-headers.d.ts +13 -0
  97. package/test/integ.cftoais3-no-security-headers.js +50 -0
  98. package/test/integ.cftoais3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  99. package/test/integ.cftoais3-no-security-headers.js.snapshot/cdk.out +1 -0
  100. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.assets.json +32 -0
  101. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.template.json +1061 -0
  102. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.assets.json +19 -0
  103. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.template.json +36 -0
  104. package/test/integ.cftoais3-no-security-headers.js.snapshot/integ.json +12 -0
  105. package/test/integ.cftoais3-no-security-headers.js.snapshot/manifest.json +215 -0
  106. package/test/integ.cftoais3-no-security-headers.js.snapshot/tree.json +1105 -0
  107. package/test/test.cloudfront-oai-s3.test.d.ts +13 -0
  108. package/test/test.cloudfront-oai-s3.test.js +702 -0
@@ -0,0 +1,1061 @@
1
+ {
2
+ "Description": "Integration Test for aws-cloudfront-oai-s3",
3
+ "Resources": {
4
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7": {
5
+ "Type": "AWS::S3::Bucket",
6
+ "Properties": {
7
+ "BucketEncryption": {
8
+ "ServerSideEncryptionConfiguration": [
9
+ {
10
+ "ServerSideEncryptionByDefault": {
11
+ "SSEAlgorithm": "AES256"
12
+ }
13
+ }
14
+ ]
15
+ },
16
+ "PublicAccessBlockConfiguration": {
17
+ "BlockPublicAcls": true,
18
+ "BlockPublicPolicy": true,
19
+ "IgnorePublicAcls": true,
20
+ "RestrictPublicBuckets": true
21
+ },
22
+ "Tags": [
23
+ {
24
+ "Key": "aws-cdk:auto-delete-objects",
25
+ "Value": "true"
26
+ }
27
+ ],
28
+ "VersioningConfiguration": {
29
+ "Status": "Enabled"
30
+ }
31
+ },
32
+ "UpdateReplacePolicy": "Delete",
33
+ "DeletionPolicy": "Delete",
34
+ "Metadata": {
35
+ "cfn_nag": {
36
+ "rules_to_suppress": [
37
+ {
38
+ "id": "W35",
39
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
40
+ }
41
+ ]
42
+ }
43
+ }
44
+ },
45
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketPolicy4358229C": {
46
+ "Type": "AWS::S3::BucketPolicy",
47
+ "Properties": {
48
+ "Bucket": {
49
+ "Ref": "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7"
50
+ },
51
+ "PolicyDocument": {
52
+ "Statement": [
53
+ {
54
+ "Action": "s3:*",
55
+ "Condition": {
56
+ "Bool": {
57
+ "aws:SecureTransport": "false"
58
+ }
59
+ },
60
+ "Effect": "Deny",
61
+ "Principal": {
62
+ "AWS": "*"
63
+ },
64
+ "Resource": [
65
+ {
66
+ "Fn::GetAtt": [
67
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7",
68
+ "Arn"
69
+ ]
70
+ },
71
+ {
72
+ "Fn::Join": [
73
+ "",
74
+ [
75
+ {
76
+ "Fn::GetAtt": [
77
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7",
78
+ "Arn"
79
+ ]
80
+ },
81
+ "/*"
82
+ ]
83
+ ]
84
+ }
85
+ ]
86
+ },
87
+ {
88
+ "Action": [
89
+ "s3:DeleteObject*",
90
+ "s3:GetBucket*",
91
+ "s3:List*",
92
+ "s3:PutBucketPolicy"
93
+ ],
94
+ "Effect": "Allow",
95
+ "Principal": {
96
+ "AWS": {
97
+ "Fn::GetAtt": [
98
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
99
+ "Arn"
100
+ ]
101
+ }
102
+ },
103
+ "Resource": [
104
+ {
105
+ "Fn::GetAtt": [
106
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7",
107
+ "Arn"
108
+ ]
109
+ },
110
+ {
111
+ "Fn::Join": [
112
+ "",
113
+ [
114
+ {
115
+ "Fn::GetAtt": [
116
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7",
117
+ "Arn"
118
+ ]
119
+ },
120
+ "/*"
121
+ ]
122
+ ]
123
+ }
124
+ ]
125
+ },
126
+ {
127
+ "Action": "s3:PutObject",
128
+ "Condition": {
129
+ "ArnLike": {
130
+ "aws:SourceArn": {
131
+ "Fn::GetAtt": [
132
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
133
+ "Arn"
134
+ ]
135
+ }
136
+ },
137
+ "StringEquals": {
138
+ "aws:SourceAccount": {
139
+ "Ref": "AWS::AccountId"
140
+ }
141
+ }
142
+ },
143
+ "Effect": "Allow",
144
+ "Principal": {
145
+ "Service": "logging.s3.amazonaws.com"
146
+ },
147
+ "Resource": {
148
+ "Fn::Join": [
149
+ "",
150
+ [
151
+ {
152
+ "Fn::GetAtt": [
153
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7",
154
+ "Arn"
155
+ ]
156
+ },
157
+ "/*"
158
+ ]
159
+ ]
160
+ }
161
+ }
162
+ ],
163
+ "Version": "2012-10-17"
164
+ }
165
+ }
166
+ },
167
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketAutoDeleteObjectsCustomResourceB3A19532": {
168
+ "Type": "Custom::S3AutoDeleteObjects",
169
+ "Properties": {
170
+ "ServiceToken": {
171
+ "Fn::GetAtt": [
172
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
173
+ "Arn"
174
+ ]
175
+ },
176
+ "BucketName": {
177
+ "Ref": "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7"
178
+ }
179
+ },
180
+ "DependsOn": [
181
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketPolicy4358229C"
182
+ ],
183
+ "UpdateReplacePolicy": "Delete",
184
+ "DeletionPolicy": "Delete"
185
+ },
186
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
187
+ "Type": "AWS::IAM::Role",
188
+ "Properties": {
189
+ "AssumeRolePolicyDocument": {
190
+ "Version": "2012-10-17",
191
+ "Statement": [
192
+ {
193
+ "Action": "sts:AssumeRole",
194
+ "Effect": "Allow",
195
+ "Principal": {
196
+ "Service": "lambda.amazonaws.com"
197
+ }
198
+ }
199
+ ]
200
+ },
201
+ "ManagedPolicyArns": [
202
+ {
203
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
204
+ }
205
+ ]
206
+ }
207
+ },
208
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
209
+ "Type": "AWS::Lambda::Function",
210
+ "Properties": {
211
+ "Code": {
212
+ "S3Bucket": {
213
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
214
+ },
215
+ "S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
216
+ },
217
+ "Timeout": 900,
218
+ "MemorySize": 128,
219
+ "Handler": "index.handler",
220
+ "Role": {
221
+ "Fn::GetAtt": [
222
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
223
+ "Arn"
224
+ ]
225
+ },
226
+ "Runtime": {
227
+ "Fn::FindInMap": [
228
+ "LatestNodeRuntimeMap",
229
+ {
230
+ "Ref": "AWS::Region"
231
+ },
232
+ "value"
233
+ ]
234
+ },
235
+ "Description": {
236
+ "Fn::Join": [
237
+ "",
238
+ [
239
+ "Lambda function for auto-deleting objects in ",
240
+ {
241
+ "Ref": "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7"
242
+ },
243
+ " S3 bucket."
244
+ ]
245
+ ]
246
+ }
247
+ },
248
+ "DependsOn": [
249
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
250
+ ],
251
+ "Metadata": {
252
+ "cfn_nag": {
253
+ "rules_to_suppress": [
254
+ {
255
+ "id": "W58",
256
+ "reason": "CDK generated custom resource"
257
+ },
258
+ {
259
+ "id": "W89",
260
+ "reason": "CDK generated custom resource"
261
+ },
262
+ {
263
+ "id": "W92",
264
+ "reason": "CDK generated custom resource"
265
+ }
266
+ ]
267
+ }
268
+ }
269
+ },
270
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A": {
271
+ "Type": "AWS::S3::Bucket",
272
+ "Properties": {
273
+ "BucketEncryption": {
274
+ "ServerSideEncryptionConfiguration": [
275
+ {
276
+ "ServerSideEncryptionByDefault": {
277
+ "SSEAlgorithm": "AES256"
278
+ }
279
+ }
280
+ ]
281
+ },
282
+ "LifecycleConfiguration": {
283
+ "Rules": [
284
+ {
285
+ "NoncurrentVersionTransitions": [
286
+ {
287
+ "StorageClass": "GLACIER",
288
+ "TransitionInDays": 90
289
+ }
290
+ ],
291
+ "Status": "Enabled"
292
+ }
293
+ ]
294
+ },
295
+ "LoggingConfiguration": {
296
+ "DestinationBucketName": {
297
+ "Ref": "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7"
298
+ }
299
+ },
300
+ "PublicAccessBlockConfiguration": {
301
+ "BlockPublicAcls": true,
302
+ "BlockPublicPolicy": true,
303
+ "IgnorePublicAcls": true,
304
+ "RestrictPublicBuckets": true
305
+ },
306
+ "Tags": [
307
+ {
308
+ "Key": "aws-cdk:auto-delete-objects",
309
+ "Value": "true"
310
+ }
311
+ ],
312
+ "VersioningConfiguration": {
313
+ "Status": "Enabled"
314
+ }
315
+ },
316
+ "UpdateReplacePolicy": "Delete",
317
+ "DeletionPolicy": "Delete"
318
+ },
319
+ "existings3bucketencryptedwiths3managedkeyS3BucketPolicyFDA85248": {
320
+ "Type": "AWS::S3::BucketPolicy",
321
+ "Properties": {
322
+ "Bucket": {
323
+ "Ref": "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A"
324
+ },
325
+ "PolicyDocument": {
326
+ "Statement": [
327
+ {
328
+ "Action": "s3:*",
329
+ "Condition": {
330
+ "Bool": {
331
+ "aws:SecureTransport": "false"
332
+ }
333
+ },
334
+ "Effect": "Deny",
335
+ "Principal": {
336
+ "AWS": "*"
337
+ },
338
+ "Resource": [
339
+ {
340
+ "Fn::GetAtt": [
341
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
342
+ "Arn"
343
+ ]
344
+ },
345
+ {
346
+ "Fn::Join": [
347
+ "",
348
+ [
349
+ {
350
+ "Fn::GetAtt": [
351
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
352
+ "Arn"
353
+ ]
354
+ },
355
+ "/*"
356
+ ]
357
+ ]
358
+ }
359
+ ]
360
+ },
361
+ {
362
+ "Action": [
363
+ "s3:DeleteObject*",
364
+ "s3:GetBucket*",
365
+ "s3:List*",
366
+ "s3:PutBucketPolicy"
367
+ ],
368
+ "Effect": "Allow",
369
+ "Principal": {
370
+ "AWS": {
371
+ "Fn::GetAtt": [
372
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
373
+ "Arn"
374
+ ]
375
+ }
376
+ },
377
+ "Resource": [
378
+ {
379
+ "Fn::GetAtt": [
380
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
381
+ "Arn"
382
+ ]
383
+ },
384
+ {
385
+ "Fn::Join": [
386
+ "",
387
+ [
388
+ {
389
+ "Fn::GetAtt": [
390
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
391
+ "Arn"
392
+ ]
393
+ },
394
+ "/*"
395
+ ]
396
+ ]
397
+ }
398
+ ]
399
+ },
400
+ {
401
+ "Action": "s3:GetObject",
402
+ "Effect": "Allow",
403
+ "Principal": {
404
+ "CanonicalUser": {
405
+ "Fn::GetAtt": [
406
+ "testcloudfrontoais3managedkeyCloudFrontDistributionOrigin1S3OriginFC894C0D",
407
+ "S3CanonicalUserId"
408
+ ]
409
+ }
410
+ },
411
+ "Resource": {
412
+ "Fn::Join": [
413
+ "",
414
+ [
415
+ {
416
+ "Fn::GetAtt": [
417
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
418
+ "Arn"
419
+ ]
420
+ },
421
+ "/*"
422
+ ]
423
+ ]
424
+ }
425
+ },
426
+ {
427
+ "Action": "s3:GetObject",
428
+ "Condition": {
429
+ "StringEquals": {
430
+ "AWS:SourceArn": {
431
+ "Fn::Join": [
432
+ "",
433
+ [
434
+ "arn:",
435
+ {
436
+ "Ref": "AWS::Partition"
437
+ },
438
+ ":cloudfront::",
439
+ {
440
+ "Ref": "AWS::AccountId"
441
+ },
442
+ ":distribution/",
443
+ {
444
+ "Ref": "testcloudfrontoais3managedkeyCloudFrontDistributionD7203FE7"
445
+ }
446
+ ]
447
+ ]
448
+ }
449
+ }
450
+ },
451
+ "Effect": "Allow",
452
+ "Principal": {
453
+ "Service": "cloudfront.amazonaws.com"
454
+ },
455
+ "Resource": {
456
+ "Fn::Join": [
457
+ "",
458
+ [
459
+ {
460
+ "Fn::GetAtt": [
461
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
462
+ "Arn"
463
+ ]
464
+ },
465
+ "/*"
466
+ ]
467
+ ]
468
+ }
469
+ }
470
+ ],
471
+ "Version": "2012-10-17"
472
+ }
473
+ },
474
+ "Metadata": {
475
+ "cfn_nag": {
476
+ "rules_to_suppress": [
477
+ {
478
+ "id": "F16",
479
+ "reason": "Public website bucket policy requires a wildcard principal"
480
+ }
481
+ ]
482
+ }
483
+ }
484
+ },
485
+ "existings3bucketencryptedwiths3managedkeyS3BucketAutoDeleteObjectsCustomResourceE3B1946C": {
486
+ "Type": "Custom::S3AutoDeleteObjects",
487
+ "Properties": {
488
+ "ServiceToken": {
489
+ "Fn::GetAtt": [
490
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
491
+ "Arn"
492
+ ]
493
+ },
494
+ "BucketName": {
495
+ "Ref": "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A"
496
+ }
497
+ },
498
+ "DependsOn": [
499
+ "existings3bucketencryptedwiths3managedkeyS3BucketPolicyFDA85248"
500
+ ],
501
+ "UpdateReplacePolicy": "Delete",
502
+ "DeletionPolicy": "Delete"
503
+ },
504
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLog2E3935E9": {
505
+ "Type": "AWS::S3::Bucket",
506
+ "Properties": {
507
+ "BucketEncryption": {
508
+ "ServerSideEncryptionConfiguration": [
509
+ {
510
+ "ServerSideEncryptionByDefault": {
511
+ "SSEAlgorithm": "AES256"
512
+ }
513
+ }
514
+ ]
515
+ },
516
+ "PublicAccessBlockConfiguration": {
517
+ "BlockPublicAcls": true,
518
+ "BlockPublicPolicy": true,
519
+ "IgnorePublicAcls": true,
520
+ "RestrictPublicBuckets": true
521
+ },
522
+ "Tags": [
523
+ {
524
+ "Key": "aws-cdk:auto-delete-objects",
525
+ "Value": "true"
526
+ }
527
+ ],
528
+ "VersioningConfiguration": {
529
+ "Status": "Enabled"
530
+ }
531
+ },
532
+ "UpdateReplacePolicy": "Delete",
533
+ "DeletionPolicy": "Delete",
534
+ "Metadata": {
535
+ "cfn_nag": {
536
+ "rules_to_suppress": [
537
+ {
538
+ "id": "W35",
539
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
540
+ }
541
+ ]
542
+ }
543
+ }
544
+ },
545
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLogPolicy6FCD1E7F": {
546
+ "Type": "AWS::S3::BucketPolicy",
547
+ "Properties": {
548
+ "Bucket": {
549
+ "Ref": "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLog2E3935E9"
550
+ },
551
+ "PolicyDocument": {
552
+ "Statement": [
553
+ {
554
+ "Action": "s3:*",
555
+ "Condition": {
556
+ "Bool": {
557
+ "aws:SecureTransport": "false"
558
+ }
559
+ },
560
+ "Effect": "Deny",
561
+ "Principal": {
562
+ "AWS": "*"
563
+ },
564
+ "Resource": [
565
+ {
566
+ "Fn::GetAtt": [
567
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLog2E3935E9",
568
+ "Arn"
569
+ ]
570
+ },
571
+ {
572
+ "Fn::Join": [
573
+ "",
574
+ [
575
+ {
576
+ "Fn::GetAtt": [
577
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLog2E3935E9",
578
+ "Arn"
579
+ ]
580
+ },
581
+ "/*"
582
+ ]
583
+ ]
584
+ }
585
+ ]
586
+ },
587
+ {
588
+ "Action": [
589
+ "s3:DeleteObject*",
590
+ "s3:GetBucket*",
591
+ "s3:List*",
592
+ "s3:PutBucketPolicy"
593
+ ],
594
+ "Effect": "Allow",
595
+ "Principal": {
596
+ "AWS": {
597
+ "Fn::GetAtt": [
598
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
599
+ "Arn"
600
+ ]
601
+ }
602
+ },
603
+ "Resource": [
604
+ {
605
+ "Fn::GetAtt": [
606
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLog2E3935E9",
607
+ "Arn"
608
+ ]
609
+ },
610
+ {
611
+ "Fn::Join": [
612
+ "",
613
+ [
614
+ {
615
+ "Fn::GetAtt": [
616
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLog2E3935E9",
617
+ "Arn"
618
+ ]
619
+ },
620
+ "/*"
621
+ ]
622
+ ]
623
+ }
624
+ ]
625
+ },
626
+ {
627
+ "Action": "s3:PutObject",
628
+ "Condition": {
629
+ "ArnLike": {
630
+ "aws:SourceArn": {
631
+ "Fn::GetAtt": [
632
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketE6FDAA72",
633
+ "Arn"
634
+ ]
635
+ }
636
+ },
637
+ "StringEquals": {
638
+ "aws:SourceAccount": {
639
+ "Ref": "AWS::AccountId"
640
+ }
641
+ }
642
+ },
643
+ "Effect": "Allow",
644
+ "Principal": {
645
+ "Service": "logging.s3.amazonaws.com"
646
+ },
647
+ "Resource": {
648
+ "Fn::Join": [
649
+ "",
650
+ [
651
+ {
652
+ "Fn::GetAtt": [
653
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLog2E3935E9",
654
+ "Arn"
655
+ ]
656
+ },
657
+ "/*"
658
+ ]
659
+ ]
660
+ }
661
+ }
662
+ ],
663
+ "Version": "2012-10-17"
664
+ }
665
+ }
666
+ },
667
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource8CDCC9A1": {
668
+ "Type": "Custom::S3AutoDeleteObjects",
669
+ "Properties": {
670
+ "ServiceToken": {
671
+ "Fn::GetAtt": [
672
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
673
+ "Arn"
674
+ ]
675
+ },
676
+ "BucketName": {
677
+ "Ref": "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLog2E3935E9"
678
+ }
679
+ },
680
+ "DependsOn": [
681
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLogPolicy6FCD1E7F"
682
+ ],
683
+ "UpdateReplacePolicy": "Delete",
684
+ "DeletionPolicy": "Delete"
685
+ },
686
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketE6FDAA72": {
687
+ "Type": "AWS::S3::Bucket",
688
+ "Properties": {
689
+ "AccessControl": "LogDeliveryWrite",
690
+ "BucketEncryption": {
691
+ "ServerSideEncryptionConfiguration": [
692
+ {
693
+ "ServerSideEncryptionByDefault": {
694
+ "SSEAlgorithm": "AES256"
695
+ }
696
+ }
697
+ ]
698
+ },
699
+ "LoggingConfiguration": {
700
+ "DestinationBucketName": {
701
+ "Ref": "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAccessLog2E3935E9"
702
+ }
703
+ },
704
+ "OwnershipControls": {
705
+ "Rules": [
706
+ {
707
+ "ObjectOwnership": "ObjectWriter"
708
+ }
709
+ ]
710
+ },
711
+ "PublicAccessBlockConfiguration": {
712
+ "BlockPublicAcls": true,
713
+ "BlockPublicPolicy": true,
714
+ "IgnorePublicAcls": true,
715
+ "RestrictPublicBuckets": true
716
+ },
717
+ "Tags": [
718
+ {
719
+ "Key": "aws-cdk:auto-delete-objects",
720
+ "Value": "true"
721
+ }
722
+ ],
723
+ "VersioningConfiguration": {
724
+ "Status": "Enabled"
725
+ }
726
+ },
727
+ "UpdateReplacePolicy": "Delete",
728
+ "DeletionPolicy": "Delete"
729
+ },
730
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketPolicyA31F4F70": {
731
+ "Type": "AWS::S3::BucketPolicy",
732
+ "Properties": {
733
+ "Bucket": {
734
+ "Ref": "testcloudfrontoais3managedkeyCloudfrontLoggingBucketE6FDAA72"
735
+ },
736
+ "PolicyDocument": {
737
+ "Statement": [
738
+ {
739
+ "Action": "s3:*",
740
+ "Condition": {
741
+ "Bool": {
742
+ "aws:SecureTransport": "false"
743
+ }
744
+ },
745
+ "Effect": "Deny",
746
+ "Principal": {
747
+ "AWS": "*"
748
+ },
749
+ "Resource": [
750
+ {
751
+ "Fn::GetAtt": [
752
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketE6FDAA72",
753
+ "Arn"
754
+ ]
755
+ },
756
+ {
757
+ "Fn::Join": [
758
+ "",
759
+ [
760
+ {
761
+ "Fn::GetAtt": [
762
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketE6FDAA72",
763
+ "Arn"
764
+ ]
765
+ },
766
+ "/*"
767
+ ]
768
+ ]
769
+ }
770
+ ]
771
+ },
772
+ {
773
+ "Action": [
774
+ "s3:DeleteObject*",
775
+ "s3:GetBucket*",
776
+ "s3:List*",
777
+ "s3:PutBucketPolicy"
778
+ ],
779
+ "Effect": "Allow",
780
+ "Principal": {
781
+ "AWS": {
782
+ "Fn::GetAtt": [
783
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
784
+ "Arn"
785
+ ]
786
+ }
787
+ },
788
+ "Resource": [
789
+ {
790
+ "Fn::GetAtt": [
791
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketE6FDAA72",
792
+ "Arn"
793
+ ]
794
+ },
795
+ {
796
+ "Fn::Join": [
797
+ "",
798
+ [
799
+ {
800
+ "Fn::GetAtt": [
801
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketE6FDAA72",
802
+ "Arn"
803
+ ]
804
+ },
805
+ "/*"
806
+ ]
807
+ ]
808
+ }
809
+ ]
810
+ }
811
+ ],
812
+ "Version": "2012-10-17"
813
+ }
814
+ }
815
+ },
816
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketAutoDeleteObjectsCustomResourceD8646547": {
817
+ "Type": "Custom::S3AutoDeleteObjects",
818
+ "Properties": {
819
+ "ServiceToken": {
820
+ "Fn::GetAtt": [
821
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
822
+ "Arn"
823
+ ]
824
+ },
825
+ "BucketName": {
826
+ "Ref": "testcloudfrontoais3managedkeyCloudfrontLoggingBucketE6FDAA72"
827
+ }
828
+ },
829
+ "DependsOn": [
830
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketPolicyA31F4F70"
831
+ ],
832
+ "UpdateReplacePolicy": "Delete",
833
+ "DeletionPolicy": "Delete"
834
+ },
835
+ "testcloudfrontoais3managedkeyCloudFrontDistributionOrigin1S3OriginFC894C0D": {
836
+ "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
837
+ "Properties": {
838
+ "CloudFrontOriginAccessIdentityConfig": {
839
+ "Comment": "Identity for cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbuckettestcloudfrontoais3managedkeyCloudFrontDistributionOri"
840
+ }
841
+ }
842
+ },
843
+ "testcloudfrontoais3managedkeyCloudFrontDistributionD7203FE7": {
844
+ "Type": "AWS::CloudFront::Distribution",
845
+ "Properties": {
846
+ "DistributionConfig": {
847
+ "DefaultCacheBehavior": {
848
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
849
+ "Compress": true,
850
+ "TargetOriginId": "cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbuckettestcloudfrontoais3managedkeyCloudFrontDistributionOrigin1B257510C",
851
+ "ViewerProtocolPolicy": "redirect-to-https"
852
+ },
853
+ "DefaultRootObject": "index.html",
854
+ "Enabled": true,
855
+ "HttpVersion": "http2",
856
+ "IPV6Enabled": true,
857
+ "Logging": {
858
+ "Bucket": {
859
+ "Fn::GetAtt": [
860
+ "testcloudfrontoais3managedkeyCloudfrontLoggingBucketE6FDAA72",
861
+ "RegionalDomainName"
862
+ ]
863
+ }
864
+ },
865
+ "Origins": [
866
+ {
867
+ "DomainName": {
868
+ "Fn::GetAtt": [
869
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
870
+ "RegionalDomainName"
871
+ ]
872
+ },
873
+ "Id": "cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbuckettestcloudfrontoais3managedkeyCloudFrontDistributionOrigin1B257510C",
874
+ "S3OriginConfig": {
875
+ "OriginAccessIdentity": {
876
+ "Fn::Join": [
877
+ "",
878
+ [
879
+ "origin-access-identity/cloudfront/",
880
+ {
881
+ "Ref": "testcloudfrontoais3managedkeyCloudFrontDistributionOrigin1S3OriginFC894C0D"
882
+ }
883
+ ]
884
+ ]
885
+ }
886
+ }
887
+ }
888
+ ]
889
+ }
890
+ },
891
+ "Metadata": {
892
+ "cfn_nag": {
893
+ "rules_to_suppress": [
894
+ {
895
+ "id": "W70",
896
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
897
+ }
898
+ ]
899
+ }
900
+ }
901
+ }
902
+ },
903
+ "Mappings": {
904
+ "LatestNodeRuntimeMap": {
905
+ "af-south-1": {
906
+ "value": "nodejs20.x"
907
+ },
908
+ "ap-east-1": {
909
+ "value": "nodejs20.x"
910
+ },
911
+ "ap-northeast-1": {
912
+ "value": "nodejs20.x"
913
+ },
914
+ "ap-northeast-2": {
915
+ "value": "nodejs20.x"
916
+ },
917
+ "ap-northeast-3": {
918
+ "value": "nodejs20.x"
919
+ },
920
+ "ap-south-1": {
921
+ "value": "nodejs20.x"
922
+ },
923
+ "ap-south-2": {
924
+ "value": "nodejs20.x"
925
+ },
926
+ "ap-southeast-1": {
927
+ "value": "nodejs20.x"
928
+ },
929
+ "ap-southeast-2": {
930
+ "value": "nodejs20.x"
931
+ },
932
+ "ap-southeast-3": {
933
+ "value": "nodejs20.x"
934
+ },
935
+ "ap-southeast-4": {
936
+ "value": "nodejs20.x"
937
+ },
938
+ "ap-southeast-5": {
939
+ "value": "nodejs20.x"
940
+ },
941
+ "ap-southeast-7": {
942
+ "value": "nodejs20.x"
943
+ },
944
+ "ca-central-1": {
945
+ "value": "nodejs20.x"
946
+ },
947
+ "ca-west-1": {
948
+ "value": "nodejs20.x"
949
+ },
950
+ "cn-north-1": {
951
+ "value": "nodejs18.x"
952
+ },
953
+ "cn-northwest-1": {
954
+ "value": "nodejs18.x"
955
+ },
956
+ "eu-central-1": {
957
+ "value": "nodejs20.x"
958
+ },
959
+ "eu-central-2": {
960
+ "value": "nodejs20.x"
961
+ },
962
+ "eu-isoe-west-1": {
963
+ "value": "nodejs18.x"
964
+ },
965
+ "eu-north-1": {
966
+ "value": "nodejs20.x"
967
+ },
968
+ "eu-south-1": {
969
+ "value": "nodejs20.x"
970
+ },
971
+ "eu-south-2": {
972
+ "value": "nodejs20.x"
973
+ },
974
+ "eu-west-1": {
975
+ "value": "nodejs20.x"
976
+ },
977
+ "eu-west-2": {
978
+ "value": "nodejs20.x"
979
+ },
980
+ "eu-west-3": {
981
+ "value": "nodejs20.x"
982
+ },
983
+ "il-central-1": {
984
+ "value": "nodejs20.x"
985
+ },
986
+ "me-central-1": {
987
+ "value": "nodejs20.x"
988
+ },
989
+ "me-south-1": {
990
+ "value": "nodejs20.x"
991
+ },
992
+ "mx-central-1": {
993
+ "value": "nodejs20.x"
994
+ },
995
+ "sa-east-1": {
996
+ "value": "nodejs20.x"
997
+ },
998
+ "us-east-1": {
999
+ "value": "nodejs20.x"
1000
+ },
1001
+ "us-east-2": {
1002
+ "value": "nodejs20.x"
1003
+ },
1004
+ "us-gov-east-1": {
1005
+ "value": "nodejs18.x"
1006
+ },
1007
+ "us-gov-west-1": {
1008
+ "value": "nodejs18.x"
1009
+ },
1010
+ "us-iso-east-1": {
1011
+ "value": "nodejs18.x"
1012
+ },
1013
+ "us-iso-west-1": {
1014
+ "value": "nodejs18.x"
1015
+ },
1016
+ "us-isob-east-1": {
1017
+ "value": "nodejs18.x"
1018
+ },
1019
+ "us-west-1": {
1020
+ "value": "nodejs20.x"
1021
+ },
1022
+ "us-west-2": {
1023
+ "value": "nodejs20.x"
1024
+ }
1025
+ }
1026
+ },
1027
+ "Parameters": {
1028
+ "BootstrapVersion": {
1029
+ "Type": "AWS::SSM::Parameter::Value<String>",
1030
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1031
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1032
+ }
1033
+ },
1034
+ "Rules": {
1035
+ "CheckBootstrapVersion": {
1036
+ "Assertions": [
1037
+ {
1038
+ "Assert": {
1039
+ "Fn::Not": [
1040
+ {
1041
+ "Fn::Contains": [
1042
+ [
1043
+ "1",
1044
+ "2",
1045
+ "3",
1046
+ "4",
1047
+ "5"
1048
+ ],
1049
+ {
1050
+ "Ref": "BootstrapVersion"
1051
+ }
1052
+ ]
1053
+ }
1054
+ ]
1055
+ },
1056
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1057
+ }
1058
+ ]
1059
+ }
1060
+ }
1061
+ }