@aws-solutions-constructs/aws-cloudfront-oai-s3 2.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/.jsii +4403 -0
  2. package/README.md +109 -0
  3. package/architecture.png +0 -0
  4. package/integ.config.json +7 -0
  5. package/lib/index.d.ts +118 -0
  6. package/lib/index.js +106 -0
  7. package/package.json +95 -0
  8. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts +13 -0
  9. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +56 -0
  10. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  11. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  12. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +32 -0
  13. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +1061 -0
  14. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.assets.json +19 -0
  15. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.template.json +36 -0
  16. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  17. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +215 -0
  18. package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +1105 -0
  19. package/test/integ.cftoais3-custom-headers.d.ts +13 -0
  20. package/test/integ.cftoais3-custom-headers.js +71 -0
  21. package/test/integ.cftoais3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  22. package/test/integ.cftoais3-custom-headers.js.snapshot/cdk.out +1 -0
  23. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.assets.json +32 -0
  24. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.template.json +1116 -0
  25. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.assets.json +19 -0
  26. package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.template.json +36 -0
  27. package/test/integ.cftoais3-custom-headers.js.snapshot/integ.json +12 -0
  28. package/test/integ.cftoais3-custom-headers.js.snapshot/manifest.json +227 -0
  29. package/test/integ.cftoais3-custom-headers.js.snapshot/tree.json +1196 -0
  30. package/test/integ.cftoais3-custom-originPath.d.ts +13 -0
  31. package/test/integ.cftoais3-custom-originPath.js +48 -0
  32. package/test/integ.cftoais3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  33. package/test/integ.cftoais3-custom-originPath.js.snapshot/cdk.out +1 -0
  34. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.assets.json +32 -0
  35. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.template.json +1085 -0
  36. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.assets.json +19 -0
  37. package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.template.json +36 -0
  38. package/test/integ.cftoais3-custom-originPath.js.snapshot/integ.json +12 -0
  39. package/test/integ.cftoais3-custom-originPath.js.snapshot/manifest.json +221 -0
  40. package/test/integ.cftoais3-custom-originPath.js.snapshot/tree.json +1147 -0
  41. package/test/integ.cftoais3-customLoggingBuckets.d.ts +13 -0
  42. package/test/integ.cftoais3-customLoggingBuckets.js +64 -0
  43. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  44. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  45. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.assets.json +32 -0
  46. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.template.json +1109 -0
  47. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.assets.json +19 -0
  48. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.template.json +36 -0
  49. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  50. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/manifest.json +221 -0
  51. package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/tree.json +1172 -0
  52. package/test/integ.cftoais3-existing-bucket.d.ts +13 -0
  53. package/test/integ.cftoais3-existing-bucket.js +59 -0
  54. package/test/integ.cftoais3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  55. package/test/integ.cftoais3-existing-bucket.js.snapshot/cdk.out +1 -0
  56. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.assets.json +32 -0
  57. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.template.json +1131 -0
  58. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.assets.json +19 -0
  59. package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.template.json +36 -0
  60. package/test/integ.cftoais3-existing-bucket.js.snapshot/integ.json +12 -0
  61. package/test/integ.cftoais3-existing-bucket.js.snapshot/manifest.json +233 -0
  62. package/test/integ.cftoais3-existing-bucket.js.snapshot/tree.json +1240 -0
  63. package/test/integ.cftoais3-no-arguments.d.ts +13 -0
  64. package/test/integ.cftoais3-no-arguments.js +53 -0
  65. package/test/integ.cftoais3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  66. package/test/integ.cftoais3-no-arguments.js.snapshot/cdk.out +1 -0
  67. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.assets.json +32 -0
  68. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.template.json +1094 -0
  69. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.assets.json +19 -0
  70. package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.template.json +36 -0
  71. package/test/integ.cftoais3-no-arguments.js.snapshot/integ.json +12 -0
  72. package/test/integ.cftoais3-no-arguments.js.snapshot/manifest.json +356 -0
  73. package/test/integ.cftoais3-no-arguments.js.snapshot/tree.json +1146 -0
  74. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.d.ts +13 -0
  75. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js +60 -0
  76. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  77. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -0
  78. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.assets.json +32 -0
  79. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.template.json +743 -0
  80. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.assets.json +19 -0
  81. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.template.json +36 -0
  82. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +12 -0
  83. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +185 -0
  84. package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +726 -0
  85. package/test/integ.cftoais3-no-logging.d.ts +13 -0
  86. package/test/integ.cftoais3-no-logging.js +56 -0
  87. package/test/integ.cftoais3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  88. package/test/integ.cftoais3-no-logging.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.assets.json +32 -0
  90. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.template.json +576 -0
  91. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.assets.json +19 -0
  92. package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.template.json +36 -0
  93. package/test/integ.cftoais3-no-logging.js.snapshot/integ.json +12 -0
  94. package/test/integ.cftoais3-no-logging.js.snapshot/manifest.json +167 -0
  95. package/test/integ.cftoais3-no-logging.js.snapshot/tree.json +542 -0
  96. package/test/integ.cftoais3-no-security-headers.d.ts +13 -0
  97. package/test/integ.cftoais3-no-security-headers.js +50 -0
  98. package/test/integ.cftoais3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  99. package/test/integ.cftoais3-no-security-headers.js.snapshot/cdk.out +1 -0
  100. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.assets.json +32 -0
  101. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.template.json +1061 -0
  102. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.assets.json +19 -0
  103. package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.template.json +36 -0
  104. package/test/integ.cftoais3-no-security-headers.js.snapshot/integ.json +12 -0
  105. package/test/integ.cftoais3-no-security-headers.js.snapshot/manifest.json +215 -0
  106. package/test/integ.cftoais3-no-security-headers.js.snapshot/tree.json +1105 -0
  107. package/test/test.cloudfront-oai-s3.test.d.ts +13 -0
  108. package/test/test.cloudfront-oai-s3.test.js +702 -0
@@ -0,0 +1,1116 @@
1
+ {
2
+ "Description": "Integration Test for aws-cloudfront-oai-s3",
3
+ "Resources": {
4
+ "MyFunction3BAA72D1": {
5
+ "Type": "AWS::CloudFront::Function",
6
+ "Properties": {
7
+ "AutoPublish": true,
8
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; base-uri 'self'; img-src 'self'; script-src 'self'; style-src 'self' https:; object-src 'none'; frame-ancestors 'none'; font-src 'self' https:; form-action 'self'; manifest-src 'self'; connect-src 'self'\" }; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; headers['referrer-policy'] = { value: 'same-origin' }; return response; }",
9
+ "FunctionConfig": {
10
+ "Comment": {
11
+ "Fn::Join": [
12
+ "",
13
+ [
14
+ {
15
+ "Ref": "AWS::Region"
16
+ },
17
+ "cftoais3customheadersMyFunction8E246289"
18
+ ]
19
+ ]
20
+ },
21
+ "Runtime": "cloudfront-js-1.0"
22
+ },
23
+ "Name": {
24
+ "Fn::Join": [
25
+ "",
26
+ [
27
+ {
28
+ "Ref": "AWS::Region"
29
+ },
30
+ "cftoais3customheadersMyFunction8E246289"
31
+ ]
32
+ ]
33
+ }
34
+ }
35
+ },
36
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9": {
37
+ "Type": "AWS::S3::Bucket",
38
+ "Properties": {
39
+ "BucketEncryption": {
40
+ "ServerSideEncryptionConfiguration": [
41
+ {
42
+ "ServerSideEncryptionByDefault": {
43
+ "SSEAlgorithm": "AES256"
44
+ }
45
+ }
46
+ ]
47
+ },
48
+ "PublicAccessBlockConfiguration": {
49
+ "BlockPublicAcls": true,
50
+ "BlockPublicPolicy": true,
51
+ "IgnorePublicAcls": true,
52
+ "RestrictPublicBuckets": true
53
+ },
54
+ "Tags": [
55
+ {
56
+ "Key": "aws-cdk:auto-delete-objects",
57
+ "Value": "true"
58
+ }
59
+ ],
60
+ "VersioningConfiguration": {
61
+ "Status": "Enabled"
62
+ }
63
+ },
64
+ "UpdateReplacePolicy": "Delete",
65
+ "DeletionPolicy": "Delete",
66
+ "Metadata": {
67
+ "cfn_nag": {
68
+ "rules_to_suppress": [
69
+ {
70
+ "id": "W35",
71
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
72
+ }
73
+ ]
74
+ }
75
+ }
76
+ },
77
+ "testcloudfrontoais3S3LoggingBucketPolicy792609D7": {
78
+ "Type": "AWS::S3::BucketPolicy",
79
+ "Properties": {
80
+ "Bucket": {
81
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
82
+ },
83
+ "PolicyDocument": {
84
+ "Statement": [
85
+ {
86
+ "Action": "s3:*",
87
+ "Condition": {
88
+ "Bool": {
89
+ "aws:SecureTransport": "false"
90
+ }
91
+ },
92
+ "Effect": "Deny",
93
+ "Principal": {
94
+ "AWS": "*"
95
+ },
96
+ "Resource": [
97
+ {
98
+ "Fn::GetAtt": [
99
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
100
+ "Arn"
101
+ ]
102
+ },
103
+ {
104
+ "Fn::Join": [
105
+ "",
106
+ [
107
+ {
108
+ "Fn::GetAtt": [
109
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
110
+ "Arn"
111
+ ]
112
+ },
113
+ "/*"
114
+ ]
115
+ ]
116
+ }
117
+ ]
118
+ },
119
+ {
120
+ "Action": [
121
+ "s3:DeleteObject*",
122
+ "s3:GetBucket*",
123
+ "s3:List*",
124
+ "s3:PutBucketPolicy"
125
+ ],
126
+ "Effect": "Allow",
127
+ "Principal": {
128
+ "AWS": {
129
+ "Fn::GetAtt": [
130
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
131
+ "Arn"
132
+ ]
133
+ }
134
+ },
135
+ "Resource": [
136
+ {
137
+ "Fn::GetAtt": [
138
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
139
+ "Arn"
140
+ ]
141
+ },
142
+ {
143
+ "Fn::Join": [
144
+ "",
145
+ [
146
+ {
147
+ "Fn::GetAtt": [
148
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
149
+ "Arn"
150
+ ]
151
+ },
152
+ "/*"
153
+ ]
154
+ ]
155
+ }
156
+ ]
157
+ },
158
+ {
159
+ "Action": "s3:PutObject",
160
+ "Condition": {
161
+ "ArnLike": {
162
+ "aws:SourceArn": {
163
+ "Fn::GetAtt": [
164
+ "testcloudfrontoais3S3Bucket578AB9F3",
165
+ "Arn"
166
+ ]
167
+ }
168
+ },
169
+ "StringEquals": {
170
+ "aws:SourceAccount": {
171
+ "Ref": "AWS::AccountId"
172
+ }
173
+ }
174
+ },
175
+ "Effect": "Allow",
176
+ "Principal": {
177
+ "Service": "logging.s3.amazonaws.com"
178
+ },
179
+ "Resource": {
180
+ "Fn::Join": [
181
+ "",
182
+ [
183
+ {
184
+ "Fn::GetAtt": [
185
+ "testcloudfrontoais3S3LoggingBucketC8A21DD9",
186
+ "Arn"
187
+ ]
188
+ },
189
+ "/*"
190
+ ]
191
+ ]
192
+ }
193
+ }
194
+ ],
195
+ "Version": "2012-10-17"
196
+ }
197
+ }
198
+ },
199
+ "testcloudfrontoais3S3LoggingBucketAutoDeleteObjectsCustomResource24F8B1EE": {
200
+ "Type": "Custom::S3AutoDeleteObjects",
201
+ "Properties": {
202
+ "ServiceToken": {
203
+ "Fn::GetAtt": [
204
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
205
+ "Arn"
206
+ ]
207
+ },
208
+ "BucketName": {
209
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
210
+ }
211
+ },
212
+ "DependsOn": [
213
+ "testcloudfrontoais3S3LoggingBucketPolicy792609D7"
214
+ ],
215
+ "UpdateReplacePolicy": "Delete",
216
+ "DeletionPolicy": "Delete"
217
+ },
218
+ "testcloudfrontoais3S3Bucket578AB9F3": {
219
+ "Type": "AWS::S3::Bucket",
220
+ "Properties": {
221
+ "BucketEncryption": {
222
+ "ServerSideEncryptionConfiguration": [
223
+ {
224
+ "ServerSideEncryptionByDefault": {
225
+ "SSEAlgorithm": "AES256"
226
+ }
227
+ }
228
+ ]
229
+ },
230
+ "LifecycleConfiguration": {
231
+ "Rules": [
232
+ {
233
+ "NoncurrentVersionTransitions": [
234
+ {
235
+ "StorageClass": "GLACIER",
236
+ "TransitionInDays": 90
237
+ }
238
+ ],
239
+ "Status": "Enabled"
240
+ }
241
+ ]
242
+ },
243
+ "LoggingConfiguration": {
244
+ "DestinationBucketName": {
245
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
246
+ }
247
+ },
248
+ "PublicAccessBlockConfiguration": {
249
+ "BlockPublicAcls": true,
250
+ "BlockPublicPolicy": true,
251
+ "IgnorePublicAcls": true,
252
+ "RestrictPublicBuckets": true
253
+ },
254
+ "Tags": [
255
+ {
256
+ "Key": "aws-cdk:auto-delete-objects",
257
+ "Value": "true"
258
+ }
259
+ ],
260
+ "VersioningConfiguration": {
261
+ "Status": "Enabled"
262
+ }
263
+ },
264
+ "UpdateReplacePolicy": "Delete",
265
+ "DeletionPolicy": "Delete"
266
+ },
267
+ "testcloudfrontoais3S3BucketPolicyD2322CC3": {
268
+ "Type": "AWS::S3::BucketPolicy",
269
+ "Properties": {
270
+ "Bucket": {
271
+ "Ref": "testcloudfrontoais3S3Bucket578AB9F3"
272
+ },
273
+ "PolicyDocument": {
274
+ "Statement": [
275
+ {
276
+ "Action": "s3:*",
277
+ "Condition": {
278
+ "Bool": {
279
+ "aws:SecureTransport": "false"
280
+ }
281
+ },
282
+ "Effect": "Deny",
283
+ "Principal": {
284
+ "AWS": "*"
285
+ },
286
+ "Resource": [
287
+ {
288
+ "Fn::GetAtt": [
289
+ "testcloudfrontoais3S3Bucket578AB9F3",
290
+ "Arn"
291
+ ]
292
+ },
293
+ {
294
+ "Fn::Join": [
295
+ "",
296
+ [
297
+ {
298
+ "Fn::GetAtt": [
299
+ "testcloudfrontoais3S3Bucket578AB9F3",
300
+ "Arn"
301
+ ]
302
+ },
303
+ "/*"
304
+ ]
305
+ ]
306
+ }
307
+ ]
308
+ },
309
+ {
310
+ "Action": [
311
+ "s3:DeleteObject*",
312
+ "s3:GetBucket*",
313
+ "s3:List*",
314
+ "s3:PutBucketPolicy"
315
+ ],
316
+ "Effect": "Allow",
317
+ "Principal": {
318
+ "AWS": {
319
+ "Fn::GetAtt": [
320
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
321
+ "Arn"
322
+ ]
323
+ }
324
+ },
325
+ "Resource": [
326
+ {
327
+ "Fn::GetAtt": [
328
+ "testcloudfrontoais3S3Bucket578AB9F3",
329
+ "Arn"
330
+ ]
331
+ },
332
+ {
333
+ "Fn::Join": [
334
+ "",
335
+ [
336
+ {
337
+ "Fn::GetAtt": [
338
+ "testcloudfrontoais3S3Bucket578AB9F3",
339
+ "Arn"
340
+ ]
341
+ },
342
+ "/*"
343
+ ]
344
+ ]
345
+ }
346
+ ]
347
+ },
348
+ {
349
+ "Action": "s3:GetObject",
350
+ "Effect": "Allow",
351
+ "Principal": {
352
+ "CanonicalUser": {
353
+ "Fn::GetAtt": [
354
+ "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1",
355
+ "S3CanonicalUserId"
356
+ ]
357
+ }
358
+ },
359
+ "Resource": {
360
+ "Fn::Join": [
361
+ "",
362
+ [
363
+ {
364
+ "Fn::GetAtt": [
365
+ "testcloudfrontoais3S3Bucket578AB9F3",
366
+ "Arn"
367
+ ]
368
+ },
369
+ "/*"
370
+ ]
371
+ ]
372
+ }
373
+ },
374
+ {
375
+ "Action": "s3:GetObject",
376
+ "Condition": {
377
+ "StringEquals": {
378
+ "AWS:SourceArn": {
379
+ "Fn::Join": [
380
+ "",
381
+ [
382
+ "arn:",
383
+ {
384
+ "Ref": "AWS::Partition"
385
+ },
386
+ ":cloudfront::",
387
+ {
388
+ "Ref": "AWS::AccountId"
389
+ },
390
+ ":distribution/",
391
+ {
392
+ "Ref": "testcloudfrontoais3CloudFrontDistribution0E089CC5"
393
+ }
394
+ ]
395
+ ]
396
+ }
397
+ }
398
+ },
399
+ "Effect": "Allow",
400
+ "Principal": {
401
+ "Service": "cloudfront.amazonaws.com"
402
+ },
403
+ "Resource": {
404
+ "Fn::Join": [
405
+ "",
406
+ [
407
+ {
408
+ "Fn::GetAtt": [
409
+ "testcloudfrontoais3S3Bucket578AB9F3",
410
+ "Arn"
411
+ ]
412
+ },
413
+ "/*"
414
+ ]
415
+ ]
416
+ }
417
+ }
418
+ ],
419
+ "Version": "2012-10-17"
420
+ }
421
+ },
422
+ "Metadata": {
423
+ "cfn_nag": {
424
+ "rules_to_suppress": [
425
+ {
426
+ "id": "F16",
427
+ "reason": "Public website bucket policy requires a wildcard principal"
428
+ }
429
+ ]
430
+ }
431
+ }
432
+ },
433
+ "testcloudfrontoais3S3BucketAutoDeleteObjectsCustomResourceA2545EE1": {
434
+ "Type": "Custom::S3AutoDeleteObjects",
435
+ "Properties": {
436
+ "ServiceToken": {
437
+ "Fn::GetAtt": [
438
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
439
+ "Arn"
440
+ ]
441
+ },
442
+ "BucketName": {
443
+ "Ref": "testcloudfrontoais3S3Bucket578AB9F3"
444
+ }
445
+ },
446
+ "DependsOn": [
447
+ "testcloudfrontoais3S3BucketPolicyD2322CC3"
448
+ ],
449
+ "UpdateReplacePolicy": "Delete",
450
+ "DeletionPolicy": "Delete"
451
+ },
452
+ "testcloudfrontoais3SetHttpSecurityHeaders4EB3C97B": {
453
+ "Type": "AWS::CloudFront::Function",
454
+ "Properties": {
455
+ "AutoPublish": true,
456
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
457
+ "FunctionConfig": {
458
+ "Comment": "SetHttpSecurityHeadersc87f22b85fa5318062da066fa89121f6ede9f39b90",
459
+ "Runtime": "cloudfront-js-1.0"
460
+ },
461
+ "Name": "SetHttpSecurityHeadersc87f22b85fa5318062da066fa89121f6ede9f39b90"
462
+ }
463
+ },
464
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80": {
465
+ "Type": "AWS::S3::Bucket",
466
+ "Properties": {
467
+ "BucketEncryption": {
468
+ "ServerSideEncryptionConfiguration": [
469
+ {
470
+ "ServerSideEncryptionByDefault": {
471
+ "SSEAlgorithm": "AES256"
472
+ }
473
+ }
474
+ ]
475
+ },
476
+ "PublicAccessBlockConfiguration": {
477
+ "BlockPublicAcls": true,
478
+ "BlockPublicPolicy": true,
479
+ "IgnorePublicAcls": true,
480
+ "RestrictPublicBuckets": true
481
+ },
482
+ "Tags": [
483
+ {
484
+ "Key": "aws-cdk:auto-delete-objects",
485
+ "Value": "true"
486
+ }
487
+ ],
488
+ "VersioningConfiguration": {
489
+ "Status": "Enabled"
490
+ }
491
+ },
492
+ "UpdateReplacePolicy": "Delete",
493
+ "DeletionPolicy": "Delete",
494
+ "Metadata": {
495
+ "cfn_nag": {
496
+ "rules_to_suppress": [
497
+ {
498
+ "id": "W35",
499
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
500
+ }
501
+ ]
502
+ }
503
+ }
504
+ },
505
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogPolicy0C078528": {
506
+ "Type": "AWS::S3::BucketPolicy",
507
+ "Properties": {
508
+ "Bucket": {
509
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
510
+ },
511
+ "PolicyDocument": {
512
+ "Statement": [
513
+ {
514
+ "Action": "s3:*",
515
+ "Condition": {
516
+ "Bool": {
517
+ "aws:SecureTransport": "false"
518
+ }
519
+ },
520
+ "Effect": "Deny",
521
+ "Principal": {
522
+ "AWS": "*"
523
+ },
524
+ "Resource": [
525
+ {
526
+ "Fn::GetAtt": [
527
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
528
+ "Arn"
529
+ ]
530
+ },
531
+ {
532
+ "Fn::Join": [
533
+ "",
534
+ [
535
+ {
536
+ "Fn::GetAtt": [
537
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
538
+ "Arn"
539
+ ]
540
+ },
541
+ "/*"
542
+ ]
543
+ ]
544
+ }
545
+ ]
546
+ },
547
+ {
548
+ "Action": [
549
+ "s3:DeleteObject*",
550
+ "s3:GetBucket*",
551
+ "s3:List*",
552
+ "s3:PutBucketPolicy"
553
+ ],
554
+ "Effect": "Allow",
555
+ "Principal": {
556
+ "AWS": {
557
+ "Fn::GetAtt": [
558
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
559
+ "Arn"
560
+ ]
561
+ }
562
+ },
563
+ "Resource": [
564
+ {
565
+ "Fn::GetAtt": [
566
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
567
+ "Arn"
568
+ ]
569
+ },
570
+ {
571
+ "Fn::Join": [
572
+ "",
573
+ [
574
+ {
575
+ "Fn::GetAtt": [
576
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
577
+ "Arn"
578
+ ]
579
+ },
580
+ "/*"
581
+ ]
582
+ ]
583
+ }
584
+ ]
585
+ },
586
+ {
587
+ "Action": "s3:PutObject",
588
+ "Condition": {
589
+ "ArnLike": {
590
+ "aws:SourceArn": {
591
+ "Fn::GetAtt": [
592
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
593
+ "Arn"
594
+ ]
595
+ }
596
+ },
597
+ "StringEquals": {
598
+ "aws:SourceAccount": {
599
+ "Ref": "AWS::AccountId"
600
+ }
601
+ }
602
+ },
603
+ "Effect": "Allow",
604
+ "Principal": {
605
+ "Service": "logging.s3.amazonaws.com"
606
+ },
607
+ "Resource": {
608
+ "Fn::Join": [
609
+ "",
610
+ [
611
+ {
612
+ "Fn::GetAtt": [
613
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80",
614
+ "Arn"
615
+ ]
616
+ },
617
+ "/*"
618
+ ]
619
+ ]
620
+ }
621
+ }
622
+ ],
623
+ "Version": "2012-10-17"
624
+ }
625
+ }
626
+ },
627
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource00DB3AC8": {
628
+ "Type": "Custom::S3AutoDeleteObjects",
629
+ "Properties": {
630
+ "ServiceToken": {
631
+ "Fn::GetAtt": [
632
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
633
+ "Arn"
634
+ ]
635
+ },
636
+ "BucketName": {
637
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
638
+ }
639
+ },
640
+ "DependsOn": [
641
+ "testcloudfrontoais3CloudfrontLoggingBucketAccessLogPolicy0C078528"
642
+ ],
643
+ "UpdateReplacePolicy": "Delete",
644
+ "DeletionPolicy": "Delete"
645
+ },
646
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC": {
647
+ "Type": "AWS::S3::Bucket",
648
+ "Properties": {
649
+ "AccessControl": "LogDeliveryWrite",
650
+ "BucketEncryption": {
651
+ "ServerSideEncryptionConfiguration": [
652
+ {
653
+ "ServerSideEncryptionByDefault": {
654
+ "SSEAlgorithm": "AES256"
655
+ }
656
+ }
657
+ ]
658
+ },
659
+ "LoggingConfiguration": {
660
+ "DestinationBucketName": {
661
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucketAccessLogBF5AAF80"
662
+ }
663
+ },
664
+ "OwnershipControls": {
665
+ "Rules": [
666
+ {
667
+ "ObjectOwnership": "ObjectWriter"
668
+ }
669
+ ]
670
+ },
671
+ "PublicAccessBlockConfiguration": {
672
+ "BlockPublicAcls": true,
673
+ "BlockPublicPolicy": true,
674
+ "IgnorePublicAcls": true,
675
+ "RestrictPublicBuckets": true
676
+ },
677
+ "Tags": [
678
+ {
679
+ "Key": "aws-cdk:auto-delete-objects",
680
+ "Value": "true"
681
+ }
682
+ ],
683
+ "VersioningConfiguration": {
684
+ "Status": "Enabled"
685
+ }
686
+ },
687
+ "UpdateReplacePolicy": "Delete",
688
+ "DeletionPolicy": "Delete"
689
+ },
690
+ "testcloudfrontoais3CloudfrontLoggingBucketPolicy2130EE92": {
691
+ "Type": "AWS::S3::BucketPolicy",
692
+ "Properties": {
693
+ "Bucket": {
694
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC"
695
+ },
696
+ "PolicyDocument": {
697
+ "Statement": [
698
+ {
699
+ "Action": "s3:*",
700
+ "Condition": {
701
+ "Bool": {
702
+ "aws:SecureTransport": "false"
703
+ }
704
+ },
705
+ "Effect": "Deny",
706
+ "Principal": {
707
+ "AWS": "*"
708
+ },
709
+ "Resource": [
710
+ {
711
+ "Fn::GetAtt": [
712
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
713
+ "Arn"
714
+ ]
715
+ },
716
+ {
717
+ "Fn::Join": [
718
+ "",
719
+ [
720
+ {
721
+ "Fn::GetAtt": [
722
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
723
+ "Arn"
724
+ ]
725
+ },
726
+ "/*"
727
+ ]
728
+ ]
729
+ }
730
+ ]
731
+ },
732
+ {
733
+ "Action": [
734
+ "s3:DeleteObject*",
735
+ "s3:GetBucket*",
736
+ "s3:List*",
737
+ "s3:PutBucketPolicy"
738
+ ],
739
+ "Effect": "Allow",
740
+ "Principal": {
741
+ "AWS": {
742
+ "Fn::GetAtt": [
743
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
744
+ "Arn"
745
+ ]
746
+ }
747
+ },
748
+ "Resource": [
749
+ {
750
+ "Fn::GetAtt": [
751
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
752
+ "Arn"
753
+ ]
754
+ },
755
+ {
756
+ "Fn::Join": [
757
+ "",
758
+ [
759
+ {
760
+ "Fn::GetAtt": [
761
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
762
+ "Arn"
763
+ ]
764
+ },
765
+ "/*"
766
+ ]
767
+ ]
768
+ }
769
+ ]
770
+ }
771
+ ],
772
+ "Version": "2012-10-17"
773
+ }
774
+ }
775
+ },
776
+ "testcloudfrontoais3CloudfrontLoggingBucketAutoDeleteObjectsCustomResourceE88BD625": {
777
+ "Type": "Custom::S3AutoDeleteObjects",
778
+ "Properties": {
779
+ "ServiceToken": {
780
+ "Fn::GetAtt": [
781
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
782
+ "Arn"
783
+ ]
784
+ },
785
+ "BucketName": {
786
+ "Ref": "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC"
787
+ }
788
+ },
789
+ "DependsOn": [
790
+ "testcloudfrontoais3CloudfrontLoggingBucketPolicy2130EE92"
791
+ ],
792
+ "UpdateReplacePolicy": "Delete",
793
+ "DeletionPolicy": "Delete"
794
+ },
795
+ "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1": {
796
+ "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
797
+ "Properties": {
798
+ "CloudFrontOriginAccessIdentityConfig": {
799
+ "Comment": "Identity for cftoais3customheaderstestcloudfrontoais3CloudFrontDistributionOrigin10B386180"
800
+ }
801
+ }
802
+ },
803
+ "testcloudfrontoais3CloudFrontDistribution0E089CC5": {
804
+ "Type": "AWS::CloudFront::Distribution",
805
+ "Properties": {
806
+ "DistributionConfig": {
807
+ "DefaultCacheBehavior": {
808
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
809
+ "Compress": true,
810
+ "FunctionAssociations": [
811
+ {
812
+ "EventType": "viewer-response",
813
+ "FunctionARN": {
814
+ "Fn::GetAtt": [
815
+ "MyFunction3BAA72D1",
816
+ "FunctionARN"
817
+ ]
818
+ }
819
+ }
820
+ ],
821
+ "TargetOriginId": "cftoais3customheaderstestcloudfrontoais3CloudFrontDistributionOrigin10B386180",
822
+ "ViewerProtocolPolicy": "redirect-to-https"
823
+ },
824
+ "DefaultRootObject": "index.html",
825
+ "Enabled": true,
826
+ "HttpVersion": "http2",
827
+ "IPV6Enabled": true,
828
+ "Logging": {
829
+ "Bucket": {
830
+ "Fn::GetAtt": [
831
+ "testcloudfrontoais3CloudfrontLoggingBucket55AA79FC",
832
+ "RegionalDomainName"
833
+ ]
834
+ }
835
+ },
836
+ "Origins": [
837
+ {
838
+ "DomainName": {
839
+ "Fn::GetAtt": [
840
+ "testcloudfrontoais3S3Bucket578AB9F3",
841
+ "RegionalDomainName"
842
+ ]
843
+ },
844
+ "Id": "cftoais3customheaderstestcloudfrontoais3CloudFrontDistributionOrigin10B386180",
845
+ "S3OriginConfig": {
846
+ "OriginAccessIdentity": {
847
+ "Fn::Join": [
848
+ "",
849
+ [
850
+ "origin-access-identity/cloudfront/",
851
+ {
852
+ "Ref": "testcloudfrontoais3CloudFrontDistributionOrigin1S3OriginF57A3CB1"
853
+ }
854
+ ]
855
+ ]
856
+ }
857
+ }
858
+ }
859
+ ]
860
+ }
861
+ },
862
+ "Metadata": {
863
+ "cfn_nag": {
864
+ "rules_to_suppress": [
865
+ {
866
+ "id": "W70",
867
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
868
+ }
869
+ ]
870
+ }
871
+ }
872
+ },
873
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
874
+ "Type": "AWS::IAM::Role",
875
+ "Properties": {
876
+ "AssumeRolePolicyDocument": {
877
+ "Version": "2012-10-17",
878
+ "Statement": [
879
+ {
880
+ "Action": "sts:AssumeRole",
881
+ "Effect": "Allow",
882
+ "Principal": {
883
+ "Service": "lambda.amazonaws.com"
884
+ }
885
+ }
886
+ ]
887
+ },
888
+ "ManagedPolicyArns": [
889
+ {
890
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
891
+ }
892
+ ]
893
+ }
894
+ },
895
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
896
+ "Type": "AWS::Lambda::Function",
897
+ "Properties": {
898
+ "Code": {
899
+ "S3Bucket": {
900
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
901
+ },
902
+ "S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
903
+ },
904
+ "Timeout": 900,
905
+ "MemorySize": 128,
906
+ "Handler": "index.handler",
907
+ "Role": {
908
+ "Fn::GetAtt": [
909
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
910
+ "Arn"
911
+ ]
912
+ },
913
+ "Runtime": {
914
+ "Fn::FindInMap": [
915
+ "LatestNodeRuntimeMap",
916
+ {
917
+ "Ref": "AWS::Region"
918
+ },
919
+ "value"
920
+ ]
921
+ },
922
+ "Description": {
923
+ "Fn::Join": [
924
+ "",
925
+ [
926
+ "Lambda function for auto-deleting objects in ",
927
+ {
928
+ "Ref": "testcloudfrontoais3S3LoggingBucketC8A21DD9"
929
+ },
930
+ " S3 bucket."
931
+ ]
932
+ ]
933
+ }
934
+ },
935
+ "DependsOn": [
936
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
937
+ ],
938
+ "Metadata": {
939
+ "cfn_nag": {
940
+ "rules_to_suppress": [
941
+ {
942
+ "id": "W58",
943
+ "reason": "CDK generated custom resource"
944
+ },
945
+ {
946
+ "id": "W89",
947
+ "reason": "CDK generated custom resource"
948
+ },
949
+ {
950
+ "id": "W92",
951
+ "reason": "CDK generated custom resource"
952
+ }
953
+ ]
954
+ }
955
+ }
956
+ }
957
+ },
958
+ "Mappings": {
959
+ "LatestNodeRuntimeMap": {
960
+ "af-south-1": {
961
+ "value": "nodejs20.x"
962
+ },
963
+ "ap-east-1": {
964
+ "value": "nodejs20.x"
965
+ },
966
+ "ap-northeast-1": {
967
+ "value": "nodejs20.x"
968
+ },
969
+ "ap-northeast-2": {
970
+ "value": "nodejs20.x"
971
+ },
972
+ "ap-northeast-3": {
973
+ "value": "nodejs20.x"
974
+ },
975
+ "ap-south-1": {
976
+ "value": "nodejs20.x"
977
+ },
978
+ "ap-south-2": {
979
+ "value": "nodejs20.x"
980
+ },
981
+ "ap-southeast-1": {
982
+ "value": "nodejs20.x"
983
+ },
984
+ "ap-southeast-2": {
985
+ "value": "nodejs20.x"
986
+ },
987
+ "ap-southeast-3": {
988
+ "value": "nodejs20.x"
989
+ },
990
+ "ap-southeast-4": {
991
+ "value": "nodejs20.x"
992
+ },
993
+ "ap-southeast-5": {
994
+ "value": "nodejs20.x"
995
+ },
996
+ "ap-southeast-7": {
997
+ "value": "nodejs20.x"
998
+ },
999
+ "ca-central-1": {
1000
+ "value": "nodejs20.x"
1001
+ },
1002
+ "ca-west-1": {
1003
+ "value": "nodejs20.x"
1004
+ },
1005
+ "cn-north-1": {
1006
+ "value": "nodejs18.x"
1007
+ },
1008
+ "cn-northwest-1": {
1009
+ "value": "nodejs18.x"
1010
+ },
1011
+ "eu-central-1": {
1012
+ "value": "nodejs20.x"
1013
+ },
1014
+ "eu-central-2": {
1015
+ "value": "nodejs20.x"
1016
+ },
1017
+ "eu-isoe-west-1": {
1018
+ "value": "nodejs18.x"
1019
+ },
1020
+ "eu-north-1": {
1021
+ "value": "nodejs20.x"
1022
+ },
1023
+ "eu-south-1": {
1024
+ "value": "nodejs20.x"
1025
+ },
1026
+ "eu-south-2": {
1027
+ "value": "nodejs20.x"
1028
+ },
1029
+ "eu-west-1": {
1030
+ "value": "nodejs20.x"
1031
+ },
1032
+ "eu-west-2": {
1033
+ "value": "nodejs20.x"
1034
+ },
1035
+ "eu-west-3": {
1036
+ "value": "nodejs20.x"
1037
+ },
1038
+ "il-central-1": {
1039
+ "value": "nodejs20.x"
1040
+ },
1041
+ "me-central-1": {
1042
+ "value": "nodejs20.x"
1043
+ },
1044
+ "me-south-1": {
1045
+ "value": "nodejs20.x"
1046
+ },
1047
+ "mx-central-1": {
1048
+ "value": "nodejs20.x"
1049
+ },
1050
+ "sa-east-1": {
1051
+ "value": "nodejs20.x"
1052
+ },
1053
+ "us-east-1": {
1054
+ "value": "nodejs20.x"
1055
+ },
1056
+ "us-east-2": {
1057
+ "value": "nodejs20.x"
1058
+ },
1059
+ "us-gov-east-1": {
1060
+ "value": "nodejs18.x"
1061
+ },
1062
+ "us-gov-west-1": {
1063
+ "value": "nodejs18.x"
1064
+ },
1065
+ "us-iso-east-1": {
1066
+ "value": "nodejs18.x"
1067
+ },
1068
+ "us-iso-west-1": {
1069
+ "value": "nodejs18.x"
1070
+ },
1071
+ "us-isob-east-1": {
1072
+ "value": "nodejs18.x"
1073
+ },
1074
+ "us-west-1": {
1075
+ "value": "nodejs20.x"
1076
+ },
1077
+ "us-west-2": {
1078
+ "value": "nodejs20.x"
1079
+ }
1080
+ }
1081
+ },
1082
+ "Parameters": {
1083
+ "BootstrapVersion": {
1084
+ "Type": "AWS::SSM::Parameter::Value<String>",
1085
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1086
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1087
+ }
1088
+ },
1089
+ "Rules": {
1090
+ "CheckBootstrapVersion": {
1091
+ "Assertions": [
1092
+ {
1093
+ "Assert": {
1094
+ "Fn::Not": [
1095
+ {
1096
+ "Fn::Contains": [
1097
+ [
1098
+ "1",
1099
+ "2",
1100
+ "3",
1101
+ "4",
1102
+ "5"
1103
+ ],
1104
+ {
1105
+ "Ref": "BootstrapVersion"
1106
+ }
1107
+ ]
1108
+ }
1109
+ ]
1110
+ },
1111
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1112
+ }
1113
+ ]
1114
+ }
1115
+ }
1116
+ }