@aws-solutions-constructs/aws-cloudfront-s3 1.125.0 → 1.129.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,425 @@
1
+ {
2
+ "Description": "Integration Test for originPath with aws-cloudfront-s3",
3
+ "Resources": {
4
+ "testcloudfronts3S3LoggingBucket90D239DD": {
5
+ "Type": "AWS::S3::Bucket",
6
+ "Properties": {
7
+ "AccessControl": "LogDeliveryWrite",
8
+ "BucketEncryption": {
9
+ "ServerSideEncryptionConfiguration": [
10
+ {
11
+ "ServerSideEncryptionByDefault": {
12
+ "SSEAlgorithm": "AES256"
13
+ }
14
+ }
15
+ ]
16
+ },
17
+ "PublicAccessBlockConfiguration": {
18
+ "BlockPublicAcls": true,
19
+ "BlockPublicPolicy": true,
20
+ "IgnorePublicAcls": true,
21
+ "RestrictPublicBuckets": true
22
+ },
23
+ "VersioningConfiguration": {
24
+ "Status": "Enabled"
25
+ }
26
+ },
27
+ "UpdateReplacePolicy": "Retain",
28
+ "DeletionPolicy": "Retain",
29
+ "Metadata": {
30
+ "cfn_nag": {
31
+ "rules_to_suppress": [
32
+ {
33
+ "id": "W35",
34
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
35
+ }
36
+ ]
37
+ }
38
+ }
39
+ },
40
+ "testcloudfronts3S3LoggingBucketPolicy529D4CFF": {
41
+ "Type": "AWS::S3::BucketPolicy",
42
+ "Properties": {
43
+ "Bucket": {
44
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
45
+ },
46
+ "PolicyDocument": {
47
+ "Statement": [
48
+ {
49
+ "Action": "*",
50
+ "Condition": {
51
+ "Bool": {
52
+ "aws:SecureTransport": "false"
53
+ }
54
+ },
55
+ "Effect": "Deny",
56
+ "Principal": {
57
+ "AWS": "*"
58
+ },
59
+ "Resource": [
60
+ {
61
+ "Fn::Join": [
62
+ "",
63
+ [
64
+ {
65
+ "Fn::GetAtt": [
66
+ "testcloudfronts3S3LoggingBucket90D239DD",
67
+ "Arn"
68
+ ]
69
+ },
70
+ "/*"
71
+ ]
72
+ ]
73
+ },
74
+ {
75
+ "Fn::GetAtt": [
76
+ "testcloudfronts3S3LoggingBucket90D239DD",
77
+ "Arn"
78
+ ]
79
+ }
80
+ ],
81
+ "Sid": "HttpsOnly"
82
+ }
83
+ ],
84
+ "Version": "2012-10-17"
85
+ }
86
+ }
87
+ },
88
+ "testcloudfronts3S3BucketE0C5F76E": {
89
+ "Type": "AWS::S3::Bucket",
90
+ "Properties": {
91
+ "BucketEncryption": {
92
+ "ServerSideEncryptionConfiguration": [
93
+ {
94
+ "ServerSideEncryptionByDefault": {
95
+ "SSEAlgorithm": "AES256"
96
+ }
97
+ }
98
+ ]
99
+ },
100
+ "LifecycleConfiguration": {
101
+ "Rules": [
102
+ {
103
+ "NoncurrentVersionTransitions": [
104
+ {
105
+ "StorageClass": "GLACIER",
106
+ "TransitionInDays": 90
107
+ }
108
+ ],
109
+ "Status": "Enabled"
110
+ }
111
+ ]
112
+ },
113
+ "LoggingConfiguration": {
114
+ "DestinationBucketName": {
115
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
116
+ }
117
+ },
118
+ "PublicAccessBlockConfiguration": {
119
+ "BlockPublicAcls": true,
120
+ "BlockPublicPolicy": true,
121
+ "IgnorePublicAcls": true,
122
+ "RestrictPublicBuckets": true
123
+ },
124
+ "VersioningConfiguration": {
125
+ "Status": "Enabled"
126
+ }
127
+ },
128
+ "UpdateReplacePolicy": "Retain",
129
+ "DeletionPolicy": "Retain"
130
+ },
131
+ "testcloudfronts3S3BucketPolicy250F1F61": {
132
+ "Type": "AWS::S3::BucketPolicy",
133
+ "Properties": {
134
+ "Bucket": {
135
+ "Ref": "testcloudfronts3S3BucketE0C5F76E"
136
+ },
137
+ "PolicyDocument": {
138
+ "Statement": [
139
+ {
140
+ "Action": "*",
141
+ "Condition": {
142
+ "Bool": {
143
+ "aws:SecureTransport": "false"
144
+ }
145
+ },
146
+ "Effect": "Deny",
147
+ "Principal": {
148
+ "AWS": "*"
149
+ },
150
+ "Resource": [
151
+ {
152
+ "Fn::Join": [
153
+ "",
154
+ [
155
+ {
156
+ "Fn::GetAtt": [
157
+ "testcloudfronts3S3BucketE0C5F76E",
158
+ "Arn"
159
+ ]
160
+ },
161
+ "/*"
162
+ ]
163
+ ]
164
+ },
165
+ {
166
+ "Fn::GetAtt": [
167
+ "testcloudfronts3S3BucketE0C5F76E",
168
+ "Arn"
169
+ ]
170
+ }
171
+ ],
172
+ "Sid": "HttpsOnly"
173
+ },
174
+ {
175
+ "Action": "s3:GetObject",
176
+ "Effect": "Allow",
177
+ "Principal": {
178
+ "CanonicalUser": {
179
+ "Fn::GetAtt": [
180
+ "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058",
181
+ "S3CanonicalUserId"
182
+ ]
183
+ }
184
+ },
185
+ "Resource": {
186
+ "Fn::Join": [
187
+ "",
188
+ [
189
+ {
190
+ "Fn::GetAtt": [
191
+ "testcloudfronts3S3BucketE0C5F76E",
192
+ "Arn"
193
+ ]
194
+ },
195
+ "/*"
196
+ ]
197
+ ]
198
+ }
199
+ }
200
+ ],
201
+ "Version": "2012-10-17"
202
+ }
203
+ },
204
+ "Metadata": {
205
+ "cfn_nag": {
206
+ "rules_to_suppress": [
207
+ {
208
+ "id": "F16",
209
+ "reason": "Public website bucket policy requires a wildcard principal"
210
+ }
211
+ ]
212
+ }
213
+ }
214
+ },
215
+ "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
216
+ "Type": "AWS::CloudFront::Function",
217
+ "Properties": {
218
+ "Name": "SetHttpSecurityHeadersc824484dfea4176847245e871498ffd7e454223fe4",
219
+ "AutoPublish": true,
220
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
221
+ "FunctionConfig": {
222
+ "Comment": "SetHttpSecurityHeadersc824484dfea4176847245e871498ffd7e454223fe4",
223
+ "Runtime": "cloudfront-js-1.0"
224
+ }
225
+ }
226
+ },
227
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
228
+ "Type": "AWS::S3::Bucket",
229
+ "Properties": {
230
+ "AccessControl": "LogDeliveryWrite",
231
+ "BucketEncryption": {
232
+ "ServerSideEncryptionConfiguration": [
233
+ {
234
+ "ServerSideEncryptionByDefault": {
235
+ "SSEAlgorithm": "AES256"
236
+ }
237
+ }
238
+ ]
239
+ },
240
+ "PublicAccessBlockConfiguration": {
241
+ "BlockPublicAcls": true,
242
+ "BlockPublicPolicy": true,
243
+ "IgnorePublicAcls": true,
244
+ "RestrictPublicBuckets": true
245
+ },
246
+ "VersioningConfiguration": {
247
+ "Status": "Enabled"
248
+ }
249
+ },
250
+ "UpdateReplacePolicy": "Retain",
251
+ "DeletionPolicy": "Retain",
252
+ "Metadata": {
253
+ "cfn_nag": {
254
+ "rules_to_suppress": [
255
+ {
256
+ "id": "W35",
257
+ "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution"
258
+ }
259
+ ]
260
+ }
261
+ }
262
+ },
263
+ "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
264
+ "Type": "AWS::S3::BucketPolicy",
265
+ "Properties": {
266
+ "Bucket": {
267
+ "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
268
+ },
269
+ "PolicyDocument": {
270
+ "Statement": [
271
+ {
272
+ "Action": "*",
273
+ "Condition": {
274
+ "Bool": {
275
+ "aws:SecureTransport": "false"
276
+ }
277
+ },
278
+ "Effect": "Deny",
279
+ "Principal": {
280
+ "AWS": "*"
281
+ },
282
+ "Resource": [
283
+ {
284
+ "Fn::Join": [
285
+ "",
286
+ [
287
+ {
288
+ "Fn::GetAtt": [
289
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
290
+ "Arn"
291
+ ]
292
+ },
293
+ "/*"
294
+ ]
295
+ ]
296
+ },
297
+ {
298
+ "Fn::GetAtt": [
299
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
300
+ "Arn"
301
+ ]
302
+ }
303
+ ],
304
+ "Sid": "HttpsOnly"
305
+ }
306
+ ],
307
+ "Version": "2012-10-17"
308
+ }
309
+ }
310
+ },
311
+ "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058": {
312
+ "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
313
+ "Properties": {
314
+ "CloudFrontOriginAccessIdentityConfig": {
315
+ "Comment": "Identity for customoriginPathtestcloudfronts3CloudFrontDistributionOrigin1B44CC042"
316
+ }
317
+ }
318
+ },
319
+ "testcloudfronts3CloudFrontDistribution0565DEE8": {
320
+ "Type": "AWS::CloudFront::Distribution",
321
+ "Properties": {
322
+ "DistributionConfig": {
323
+ "DefaultCacheBehavior": {
324
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
325
+ "Compress": true,
326
+ "FunctionAssociations": [
327
+ {
328
+ "EventType": "viewer-response",
329
+ "FunctionARN": {
330
+ "Fn::GetAtt": [
331
+ "testcloudfronts3SetHttpSecurityHeaders6C5A1E69",
332
+ "FunctionARN"
333
+ ]
334
+ }
335
+ }
336
+ ],
337
+ "TargetOriginId": "customoriginPathtestcloudfronts3CloudFrontDistributionOrigin1B44CC042",
338
+ "ViewerProtocolPolicy": "redirect-to-https"
339
+ },
340
+ "DefaultRootObject": "index.html",
341
+ "Enabled": true,
342
+ "HttpVersion": "http2",
343
+ "IPV6Enabled": true,
344
+ "Logging": {
345
+ "Bucket": {
346
+ "Fn::GetAtt": [
347
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
348
+ "RegionalDomainName"
349
+ ]
350
+ }
351
+ },
352
+ "Origins": [
353
+ {
354
+ "DomainName": {
355
+ "Fn::GetAtt": [
356
+ "testcloudfronts3S3BucketE0C5F76E",
357
+ "RegionalDomainName"
358
+ ]
359
+ },
360
+ "Id": "customoriginPathtestcloudfronts3CloudFrontDistributionOrigin1B44CC042",
361
+ "OriginPath": "/testPath",
362
+ "S3OriginConfig": {
363
+ "OriginAccessIdentity": {
364
+ "Fn::Join": [
365
+ "",
366
+ [
367
+ "origin-access-identity/cloudfront/",
368
+ {
369
+ "Ref": "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058"
370
+ }
371
+ ]
372
+ ]
373
+ }
374
+ }
375
+ }
376
+ ]
377
+ }
378
+ },
379
+ "Metadata": {
380
+ "cfn_nag": {
381
+ "rules_to_suppress": [
382
+ {
383
+ "id": "W70",
384
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
385
+ }
386
+ ]
387
+ }
388
+ }
389
+ }
390
+ },
391
+ "Parameters": {
392
+ "BootstrapVersion": {
393
+ "Type": "AWS::SSM::Parameter::Value<String>",
394
+ "Default": "/cdk-bootstrap/hnb659fds/version",
395
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store."
396
+ }
397
+ },
398
+ "Rules": {
399
+ "CheckBootstrapVersion": {
400
+ "Assertions": [
401
+ {
402
+ "Assert": {
403
+ "Fn::Not": [
404
+ {
405
+ "Fn::Contains": [
406
+ [
407
+ "1",
408
+ "2",
409
+ "3",
410
+ "4",
411
+ "5"
412
+ ],
413
+ {
414
+ "Ref": "BootstrapVersion"
415
+ }
416
+ ]
417
+ }
418
+ ]
419
+ },
420
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
421
+ }
422
+ ]
423
+ }
424
+ }
425
+ }
@@ -0,0 +1,28 @@
1
+ "use strict";
2
+ /**
3
+ * Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4
+ *
5
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
6
+ * with the License. A copy of the License is located at
7
+ *
8
+ * http://www.apache.org/licenses/LICENSE-2.0
9
+ *
10
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
11
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
12
+ * and limitations under the License.
13
+ */
14
+ Object.defineProperty(exports, "__esModule", { value: true });
15
+ // Imports
16
+ const core_1 = require("@aws-cdk/core");
17
+ const lib_1 = require("../lib");
18
+ const core_2 = require("@aws-solutions-constructs/core");
19
+ // Setup
20
+ const app = new core_1.App();
21
+ const stack = new core_1.Stack(app, core_2.generateIntegStackName(__filename));
22
+ stack.templateOptions.description = 'Integration Test for originPath with aws-cloudfront-s3';
23
+ new lib_1.CloudFrontToS3(stack, 'test-cloudfront-s3', {
24
+ originPath: '/testPath'
25
+ });
26
+ // Synth
27
+ app.synth();
28
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY3VzdG9tLW9yaWdpblBhdGguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbnRlZy5jdXN0b20tb3JpZ2luUGF0aC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7Ozs7Ozs7Ozs7O0dBV0c7O0FBRUgsVUFBVTtBQUNWLHdDQUEyQztBQUMzQyxnQ0FBd0M7QUFDeEMseURBQXdFO0FBRXhFLFFBQVE7QUFDUixNQUFNLEdBQUcsR0FBRyxJQUFJLFVBQUcsRUFBRSxDQUFDO0FBQ3RCLE1BQU0sS0FBSyxHQUFHLElBQUksWUFBSyxDQUFDLEdBQUcsRUFBRSw2QkFBc0IsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0FBQ2pFLEtBQUssQ0FBQyxlQUFlLENBQUMsV0FBVyxHQUFHLHdEQUF3RCxDQUFDO0FBRTdGLElBQUksb0JBQWMsQ0FBQyxLQUFLLEVBQUUsb0JBQW9CLEVBQUU7SUFDOUMsVUFBVSxFQUFFLFdBQVc7Q0FDeEIsQ0FBQyxDQUFDO0FBRUgsUUFBUTtBQUNSLEdBQUcsQ0FBQyxLQUFLLEVBQUUsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogIENvcHlyaWdodCAyMDIxIEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuLy8gSW1wb3J0c1xuaW1wb3J0IHsgQXBwLCBTdGFjayB9IGZyb20gXCJAYXdzLWNkay9jb3JlXCI7XG5pbXBvcnQgeyBDbG91ZEZyb250VG9TMyB9IGZyb20gXCIuLi9saWJcIjtcbmltcG9ydCB7IGdlbmVyYXRlSW50ZWdTdGFja05hbWUgfSBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuXG4vLyBTZXR1cFxuY29uc3QgYXBwID0gbmV3IEFwcCgpO1xuY29uc3Qgc3RhY2sgPSBuZXcgU3RhY2soYXBwLCBnZW5lcmF0ZUludGVnU3RhY2tOYW1lKF9fZmlsZW5hbWUpKTtcbnN0YWNrLnRlbXBsYXRlT3B0aW9ucy5kZXNjcmlwdGlvbiA9ICdJbnRlZ3JhdGlvbiBUZXN0IGZvciBvcmlnaW5QYXRoIHdpdGggYXdzLWNsb3VkZnJvbnQtczMnO1xuXG5uZXcgQ2xvdWRGcm9udFRvUzMoc3RhY2ssICd0ZXN0LWNsb3VkZnJvbnQtczMnLCB7XG4gIG9yaWdpblBhdGg6ICcvdGVzdFBhdGgnXG59KTtcblxuLy8gU3ludGhcbmFwcC5zeW50aCgpOyJdfQ==
@@ -0,0 +1,13 @@
1
+ /**
2
+ * Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ *
4
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
+ * with the License. A copy of the License is located at
6
+ *
7
+ * http://www.apache.org/licenses/LICENSE-2.0
8
+ *
9
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
+ * and limitations under the License.
12
+ */
13
+ export {};