@aws-solutions-constructs/aws-cloudfront-s3 2.47.0 → 2.49.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/.eslintignore +2 -2
  2. package/.jsii +152 -35
  3. package/README.md +7 -6
  4. package/lib/index.d.ts +1 -0
  5. package/lib/index.js +70 -8
  6. package/package.json +7 -5
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +960 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +44 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +594 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +39 -0
  11. package/test/integ.cfts3-bucket-with-http-origin.d.ts +13 -0
  12. package/test/integ.cfts3-bucket-with-http-origin.expected.json +559 -0
  13. package/test/integ.cfts3-bucket-with-http-origin.js +44 -0
  14. package/test/integ.cfts3-cmk-encryption.expected.json +527 -0
  15. package/test/integ.cfts3-cmk-provided-as-bucket-prop.d.ts +13 -0
  16. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +960 -0
  17. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +41 -0
  18. package/test/integ.cfts3-custom-headers.expected.json +307 -25
  19. package/test/integ.cfts3-custom-headers.js +6 -2
  20. package/test/integ.cfts3-custom-originPath.expected.json +307 -25
  21. package/test/integ.cfts3-custom-originPath.js +6 -2
  22. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +54 -21
  23. package/test/integ.cfts3-customLoggingBuckets.d.ts +13 -0
  24. package/test/{integ.cfts3-customLoggingBucket.expected.json → integ.cfts3-customLoggingBuckets.expected.json} +285 -29
  25. package/test/integ.cfts3-customLoggingBuckets.js +58 -0
  26. package/test/integ.cfts3-existing-bucket.expected.json +493 -78
  27. package/test/integ.cfts3-existing-bucket.js +2 -2
  28. package/test/integ.cfts3-no-arguments.expected.json +430 -25
  29. package/test/integ.cfts3-no-arguments.js +5 -2
  30. package/test/integ.cfts3-no-security-headers.expected.json +307 -25
  31. package/test/integ.cfts3-no-security-headers.js +5 -1
  32. package/test/test.cloudfront-s3.test.js +160 -28
  33. package/test/integ.cfts3-customCloudFrontLoggingBucket.js +0 -39
  34. package/test/integ.cfts3-customLoggingBucket.js +0 -42
  35. /package/test/{integ.cfts3-customCloudFrontLoggingBucket.d.ts → integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.d.ts} +0 -0
  36. /package/test/{integ.cfts3-customLoggingBucket.d.ts → integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts} +0 -0
@@ -19,6 +19,12 @@
19
19
  "IgnorePublicAcls": true,
20
20
  "RestrictPublicBuckets": true
21
21
  },
22
+ "Tags": [
23
+ {
24
+ "Key": "aws-cdk:auto-delete-objects",
25
+ "Value": "true"
26
+ }
27
+ ],
22
28
  "VersioningConfiguration": {
23
29
  "Status": "Enabled"
24
30
  }
@@ -78,6 +84,45 @@
78
84
  }
79
85
  ]
80
86
  },
87
+ {
88
+ "Action": [
89
+ "s3:PutBucketPolicy",
90
+ "s3:GetBucket*",
91
+ "s3:List*",
92
+ "s3:DeleteObject*"
93
+ ],
94
+ "Effect": "Allow",
95
+ "Principal": {
96
+ "AWS": {
97
+ "Fn::GetAtt": [
98
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
99
+ "Arn"
100
+ ]
101
+ }
102
+ },
103
+ "Resource": [
104
+ {
105
+ "Fn::GetAtt": [
106
+ "testcloudfronts3S3LoggingBucket90D239DD",
107
+ "Arn"
108
+ ]
109
+ },
110
+ {
111
+ "Fn::Join": [
112
+ "",
113
+ [
114
+ {
115
+ "Fn::GetAtt": [
116
+ "testcloudfronts3S3LoggingBucket90D239DD",
117
+ "Arn"
118
+ ]
119
+ },
120
+ "/*"
121
+ ]
122
+ ]
123
+ }
124
+ ]
125
+ },
81
126
  {
82
127
  "Action": "s3:PutObject",
83
128
  "Condition": {
@@ -119,6 +164,25 @@
119
164
  }
120
165
  }
121
166
  },
167
+ "testcloudfronts3S3LoggingBucketAutoDeleteObjectsCustomResource6EE37727": {
168
+ "Type": "Custom::S3AutoDeleteObjects",
169
+ "Properties": {
170
+ "ServiceToken": {
171
+ "Fn::GetAtt": [
172
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
173
+ "Arn"
174
+ ]
175
+ },
176
+ "BucketName": {
177
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
178
+ }
179
+ },
180
+ "DependsOn": [
181
+ "testcloudfronts3S3LoggingBucketPolicy529D4CFF"
182
+ ],
183
+ "UpdateReplacePolicy": "Delete",
184
+ "DeletionPolicy": "Delete"
185
+ },
122
186
  "testcloudfronts3S3BucketE0C5F76E": {
123
187
  "Type": "AWS::S3::Bucket",
124
188
  "Properties": {
@@ -251,14 +315,28 @@
251
315
  },
252
316
  {
253
317
  "Action": "s3:GetObject",
318
+ "Condition": {
319
+ "StringEquals": {
320
+ "AWS:SourceArn": {
321
+ "Fn::Join": [
322
+ "",
323
+ [
324
+ "arn:aws:cloudfront::",
325
+ {
326
+ "Ref": "AWS::AccountId"
327
+ },
328
+ ":distribution/",
329
+ {
330
+ "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
331
+ }
332
+ ]
333
+ ]
334
+ }
335
+ }
336
+ },
254
337
  "Effect": "Allow",
255
338
  "Principal": {
256
- "CanonicalUser": {
257
- "Fn::GetAtt": [
258
- "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058",
259
- "S3CanonicalUserId"
260
- ]
261
- }
339
+ "Service": "cloudfront.amazonaws.com"
262
340
  },
263
341
  "Resource": {
264
342
  "Fn::Join": [
@@ -321,10 +399,9 @@
321
399
  "Name": "SetHttpSecurityHeadersc8966f7b24c95d47868a69c8831fbd3ccac3fa3d70"
322
400
  }
323
401
  },
324
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
402
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
325
403
  "Type": "AWS::S3::Bucket",
326
404
  "Properties": {
327
- "AccessControl": "LogDeliveryWrite",
328
405
  "BucketEncryption": {
329
406
  "ServerSideEncryptionConfiguration": [
330
407
  {
@@ -364,12 +441,197 @@
364
441
  "rules_to_suppress": [
365
442
  {
366
443
  "id": "W35",
367
- "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution"
444
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
368
445
  }
369
446
  ]
370
447
  }
371
448
  }
372
449
  },
450
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
451
+ "Type": "AWS::S3::BucketPolicy",
452
+ "Properties": {
453
+ "Bucket": {
454
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
455
+ },
456
+ "PolicyDocument": {
457
+ "Statement": [
458
+ {
459
+ "Action": "s3:*",
460
+ "Condition": {
461
+ "Bool": {
462
+ "aws:SecureTransport": "false"
463
+ }
464
+ },
465
+ "Effect": "Deny",
466
+ "Principal": {
467
+ "AWS": "*"
468
+ },
469
+ "Resource": [
470
+ {
471
+ "Fn::GetAtt": [
472
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
473
+ "Arn"
474
+ ]
475
+ },
476
+ {
477
+ "Fn::Join": [
478
+ "",
479
+ [
480
+ {
481
+ "Fn::GetAtt": [
482
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
483
+ "Arn"
484
+ ]
485
+ },
486
+ "/*"
487
+ ]
488
+ ]
489
+ }
490
+ ]
491
+ },
492
+ {
493
+ "Action": [
494
+ "s3:PutBucketPolicy",
495
+ "s3:GetBucket*",
496
+ "s3:List*",
497
+ "s3:DeleteObject*"
498
+ ],
499
+ "Effect": "Allow",
500
+ "Principal": {
501
+ "AWS": {
502
+ "Fn::GetAtt": [
503
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
504
+ "Arn"
505
+ ]
506
+ }
507
+ },
508
+ "Resource": [
509
+ {
510
+ "Fn::GetAtt": [
511
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
512
+ "Arn"
513
+ ]
514
+ },
515
+ {
516
+ "Fn::Join": [
517
+ "",
518
+ [
519
+ {
520
+ "Fn::GetAtt": [
521
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
522
+ "Arn"
523
+ ]
524
+ },
525
+ "/*"
526
+ ]
527
+ ]
528
+ }
529
+ ]
530
+ },
531
+ {
532
+ "Action": "s3:PutObject",
533
+ "Condition": {
534
+ "ArnLike": {
535
+ "aws:SourceArn": {
536
+ "Fn::GetAtt": [
537
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
538
+ "Arn"
539
+ ]
540
+ }
541
+ },
542
+ "StringEquals": {
543
+ "aws:SourceAccount": {
544
+ "Ref": "AWS::AccountId"
545
+ }
546
+ }
547
+ },
548
+ "Effect": "Allow",
549
+ "Principal": {
550
+ "Service": "logging.s3.amazonaws.com"
551
+ },
552
+ "Resource": {
553
+ "Fn::Join": [
554
+ "",
555
+ [
556
+ {
557
+ "Fn::GetAtt": [
558
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
559
+ "Arn"
560
+ ]
561
+ },
562
+ "/*"
563
+ ]
564
+ ]
565
+ }
566
+ }
567
+ ],
568
+ "Version": "2012-10-17"
569
+ }
570
+ }
571
+ },
572
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
573
+ "Type": "Custom::S3AutoDeleteObjects",
574
+ "Properties": {
575
+ "ServiceToken": {
576
+ "Fn::GetAtt": [
577
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
578
+ "Arn"
579
+ ]
580
+ },
581
+ "BucketName": {
582
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
583
+ }
584
+ },
585
+ "DependsOn": [
586
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
587
+ ],
588
+ "UpdateReplacePolicy": "Delete",
589
+ "DeletionPolicy": "Delete"
590
+ },
591
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
592
+ "Type": "AWS::S3::Bucket",
593
+ "Properties": {
594
+ "AccessControl": "LogDeliveryWrite",
595
+ "BucketEncryption": {
596
+ "ServerSideEncryptionConfiguration": [
597
+ {
598
+ "ServerSideEncryptionByDefault": {
599
+ "SSEAlgorithm": "AES256"
600
+ }
601
+ }
602
+ ]
603
+ },
604
+ "LoggingConfiguration": {
605
+ "DestinationBucketName": {
606
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
607
+ }
608
+ },
609
+ "OwnershipControls": {
610
+ "Rules": [
611
+ {
612
+ "ObjectOwnership": "ObjectWriter"
613
+ }
614
+ ]
615
+ },
616
+ "PublicAccessBlockConfiguration": {
617
+ "BlockPublicAcls": true,
618
+ "BlockPublicPolicy": true,
619
+ "IgnorePublicAcls": true,
620
+ "RestrictPublicBuckets": true
621
+ },
622
+ "Tags": [
623
+ {
624
+ "Key": "aws-cdk:auto-delete-objects",
625
+ "Value": "true"
626
+ }
627
+ ],
628
+ "VersioningConfiguration": {
629
+ "Status": "Enabled"
630
+ }
631
+ },
632
+ "UpdateReplacePolicy": "Delete",
633
+ "DeletionPolicy": "Delete"
634
+ },
373
635
  "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
374
636
  "Type": "AWS::S3::BucketPolicy",
375
637
  "Properties": {
@@ -475,11 +737,35 @@
475
737
  "UpdateReplacePolicy": "Delete",
476
738
  "DeletionPolicy": "Delete"
477
739
  },
478
- "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058": {
479
- "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
740
+ "testcloudfronts3CloudFrontOac7A951AA6": {
741
+ "Type": "AWS::CloudFront::OriginAccessControl",
480
742
  "Properties": {
481
- "CloudFrontOriginAccessIdentityConfig": {
482
- "Comment": "Identity for cfts3customoriginPathtestcloudfronts3CloudFrontDistributionOrigin1AE2DDD7C"
743
+ "OriginAccessControlConfig": {
744
+ "Description": "Origin access control provisioned by aws-cloudfront-s3",
745
+ "Name": {
746
+ "Fn::Join": [
747
+ "",
748
+ [
749
+ "aws-cloudfront-s3-testnt-s3-",
750
+ {
751
+ "Fn::Select": [
752
+ 2,
753
+ {
754
+ "Fn::Split": [
755
+ "/",
756
+ {
757
+ "Ref": "AWS::StackId"
758
+ }
759
+ ]
760
+ }
761
+ ]
762
+ }
763
+ ]
764
+ ]
765
+ },
766
+ "OriginAccessControlOriginType": "s3",
767
+ "SigningBehavior": "always",
768
+ "SigningProtocol": "sigv4"
483
769
  }
484
770
  }
485
771
  },
@@ -525,19 +811,15 @@
525
811
  ]
526
812
  },
527
813
  "Id": "cfts3customoriginPathtestcloudfronts3CloudFrontDistributionOrigin1AE2DDD7C",
814
+ "OriginAccessControlId": {
815
+ "Fn::GetAtt": [
816
+ "testcloudfronts3CloudFrontOac7A951AA6",
817
+ "Id"
818
+ ]
819
+ },
528
820
  "OriginPath": "/testPath",
529
821
  "S3OriginConfig": {
530
- "OriginAccessIdentity": {
531
- "Fn::Join": [
532
- "",
533
- [
534
- "origin-access-identity/cloudfront/",
535
- {
536
- "Ref": "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058"
537
- }
538
- ]
539
- ]
540
- }
822
+ "OriginAccessIdentity": ""
541
823
  }
542
824
  }
543
825
  ]
@@ -601,7 +883,7 @@
601
883
  [
602
884
  "Lambda function for auto-deleting objects in ",
603
885
  {
604
- "Ref": "testcloudfronts3S3BucketE0C5F76E"
886
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
605
887
  },
606
888
  " S3 bucket."
607
889
  ]
@@ -29,9 +29,13 @@ new lib_1.CloudFrontToS3(stack, 'test-cloudfront-s3', {
29
29
  bucketProps: {
30
30
  removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
31
31
  autoDeleteObjects: true
32
- }
32
+ },
33
+ loggingBucketProps: {
34
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
35
+ autoDeleteObjects: true
36
+ },
33
37
  });
34
38
  core_1.suppressAutoDeleteHandlerWarnings(stack);
35
39
  // Synth
36
40
  app.synth();
37
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0czMtY3VzdG9tLW9yaWdpblBhdGguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbnRlZy5jZnRzMy1jdXN0b20tb3JpZ2luUGF0aC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7Ozs7Ozs7Ozs7O0dBV0c7O0FBRUgsVUFBVTtBQUNWLDZDQUF3RDtBQUN4RCxnQ0FBd0M7QUFDeEMseURBQTJHO0FBRTNHLFFBQVE7QUFDUixNQUFNLEdBQUcsR0FBRyxJQUFJLGlCQUFHLEVBQUUsQ0FBQztBQUN0QixNQUFNLEtBQUssR0FBRyxJQUFJLG1CQUFLLENBQUMsR0FBRyxFQUFFLDZCQUFzQixDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7QUFDakUsS0FBSyxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsd0RBQXdELENBQUM7QUFFN0YsSUFBSSxvQkFBYyxDQUFDLEtBQUssRUFBRSxvQkFBb0IsRUFBRTtJQUM5Qyw0QkFBNEIsRUFBRTtRQUM1QixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCxVQUFVLEVBQUUsV0FBVztJQUN2QixXQUFXLEVBQUU7UUFDWCxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7Q0FDRixDQUFDLENBQUM7QUFFSCx3Q0FBaUMsQ0FBQyxLQUFLLENBQUMsQ0FBQztBQUN6QyxRQUFRO0FBQ1IsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuLy8gSW1wb3J0c1xuaW1wb3J0IHsgQXBwLCBSZW1vdmFsUG9saWN5LCBTdGFjayB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ2xvdWRGcm9udFRvUzMgfSBmcm9tIFwiLi4vbGliXCI7XG5pbXBvcnQgeyBnZW5lcmF0ZUludGVnU3RhY2tOYW1lLCBzdXBwcmVzc0F1dG9EZWxldGVIYW5kbGVyV2FybmluZ3MgfSBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuXG4vLyBTZXR1cFxuY29uc3QgYXBwID0gbmV3IEFwcCgpO1xuY29uc3Qgc3RhY2sgPSBuZXcgU3RhY2soYXBwLCBnZW5lcmF0ZUludGVnU3RhY2tOYW1lKF9fZmlsZW5hbWUpKTtcbnN0YWNrLnRlbXBsYXRlT3B0aW9ucy5kZXNjcmlwdGlvbiA9ICdJbnRlZ3JhdGlvbiBUZXN0IGZvciBvcmlnaW5QYXRoIHdpdGggYXdzLWNsb3VkZnJvbnQtczMnO1xuXG5uZXcgQ2xvdWRGcm9udFRvUzMoc3RhY2ssICd0ZXN0LWNsb3VkZnJvbnQtczMnLCB7XG4gIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgb3JpZ2luUGF0aDogJy90ZXN0UGF0aCcsXG4gIGJ1Y2tldFByb3BzOiB7XG4gICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgIGF1dG9EZWxldGVPYmplY3RzOiB0cnVlXG4gIH1cbn0pO1xuXG5zdXBwcmVzc0F1dG9EZWxldGVIYW5kbGVyV2FybmluZ3Moc3RhY2spO1xuLy8gU3ludGhcbmFwcC5zeW50aCgpOyJdfQ==
41
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0czMtY3VzdG9tLW9yaWdpblBhdGguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbnRlZy5jZnRzMy1jdXN0b20tb3JpZ2luUGF0aC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7Ozs7Ozs7Ozs7O0dBV0c7O0FBRUgsVUFBVTtBQUNWLDZDQUF3RDtBQUN4RCxnQ0FBd0M7QUFDeEMseURBQTJHO0FBRTNHLFFBQVE7QUFDUixNQUFNLEdBQUcsR0FBRyxJQUFJLGlCQUFHLEVBQUUsQ0FBQztBQUN0QixNQUFNLEtBQUssR0FBRyxJQUFJLG1CQUFLLENBQUMsR0FBRyxFQUFFLDZCQUFzQixDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7QUFDakUsS0FBSyxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsd0RBQXdELENBQUM7QUFFN0YsSUFBSSxvQkFBYyxDQUFDLEtBQUssRUFBRSxvQkFBb0IsRUFBRTtJQUM5Qyw0QkFBNEIsRUFBRTtRQUM1QixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCxVQUFVLEVBQUUsV0FBVztJQUN2QixXQUFXLEVBQUU7UUFDWCxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCxrQkFBa0IsRUFBRTtRQUNsQixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7Q0FDRixDQUFDLENBQUM7QUFFSCx3Q0FBaUMsQ0FBQyxLQUFLLENBQUMsQ0FBQztBQUN6QyxRQUFRO0FBQ1IsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuLy8gSW1wb3J0c1xuaW1wb3J0IHsgQXBwLCBSZW1vdmFsUG9saWN5LCBTdGFjayB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ2xvdWRGcm9udFRvUzMgfSBmcm9tIFwiLi4vbGliXCI7XG5pbXBvcnQgeyBnZW5lcmF0ZUludGVnU3RhY2tOYW1lLCBzdXBwcmVzc0F1dG9EZWxldGVIYW5kbGVyV2FybmluZ3MgfSBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuXG4vLyBTZXR1cFxuY29uc3QgYXBwID0gbmV3IEFwcCgpO1xuY29uc3Qgc3RhY2sgPSBuZXcgU3RhY2soYXBwLCBnZW5lcmF0ZUludGVnU3RhY2tOYW1lKF9fZmlsZW5hbWUpKTtcbnN0YWNrLnRlbXBsYXRlT3B0aW9ucy5kZXNjcmlwdGlvbiA9ICdJbnRlZ3JhdGlvbiBUZXN0IGZvciBvcmlnaW5QYXRoIHdpdGggYXdzLWNsb3VkZnJvbnQtczMnO1xuXG5uZXcgQ2xvdWRGcm9udFRvUzMoc3RhY2ssICd0ZXN0LWNsb3VkZnJvbnQtczMnLCB7XG4gIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgb3JpZ2luUGF0aDogJy90ZXN0UGF0aCcsXG4gIGJ1Y2tldFByb3BzOiB7XG4gICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgIGF1dG9EZWxldGVPYmplY3RzOiB0cnVlXG4gIH0sXG4gIGxvZ2dpbmdCdWNrZXRQcm9wczoge1xuICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICBhdXRvRGVsZXRlT2JqZWN0czogdHJ1ZVxuICB9LFxufSk7XG5cbnN1cHByZXNzQXV0b0RlbGV0ZUhhbmRsZXJXYXJuaW5ncyhzdGFjayk7XG4vLyBTeW50aFxuYXBwLnN5bnRoKCk7Il19
@@ -251,14 +251,28 @@
251
251
  },
252
252
  {
253
253
  "Action": "s3:GetObject",
254
+ "Condition": {
255
+ "StringEquals": {
256
+ "AWS:SourceArn": {
257
+ "Fn::Join": [
258
+ "",
259
+ [
260
+ "arn:aws:cloudfront::",
261
+ {
262
+ "Ref": "AWS::AccountId"
263
+ },
264
+ ":distribution/",
265
+ {
266
+ "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
267
+ }
268
+ ]
269
+ ]
270
+ }
271
+ }
272
+ },
254
273
  "Effect": "Allow",
255
274
  "Principal": {
256
- "CanonicalUser": {
257
- "Fn::GetAtt": [
258
- "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058",
259
- "S3CanonicalUserId"
260
- ]
261
- }
275
+ "Service": "cloudfront.amazonaws.com"
262
276
  },
263
277
  "Resource": {
264
278
  "Fn::Join": [
@@ -475,11 +489,34 @@
475
489
  "UpdateReplacePolicy": "Delete",
476
490
  "DeletionPolicy": "Delete"
477
491
  },
478
- "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058": {
479
- "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
492
+ "testcloudfronts3CloudFrontOac7A951AA6": {
493
+ "Type": "AWS::CloudFront::OriginAccessControl",
480
494
  "Properties": {
481
- "CloudFrontOriginAccessIdentityConfig": {
482
- "Comment": "Identity for cfts3customCloudFrontLoggingBuckettestcloudfronts3CloudFrontDistributionOrigin18A4ECB64"
495
+ "OriginAccessControlConfig": {
496
+ "Name": {
497
+ "Fn::Join": [
498
+ "",
499
+ [
500
+ "-",
501
+ {
502
+ "Fn::Select": [
503
+ 2,
504
+ {
505
+ "Fn::Split": [
506
+ "/",
507
+ {
508
+ "Ref": "AWS::StackId"
509
+ }
510
+ ]
511
+ }
512
+ ]
513
+ }
514
+ ]
515
+ ]
516
+ },
517
+ "OriginAccessControlOriginType": "s3",
518
+ "SigningBehavior": "always",
519
+ "SigningProtocol": "sigv4"
483
520
  }
484
521
  }
485
522
  },
@@ -525,18 +562,14 @@
525
562
  ]
526
563
  },
527
564
  "Id": "cfts3customCloudFrontLoggingBuckettestcloudfronts3CloudFrontDistributionOrigin18A4ECB64",
565
+ "OriginAccessControlId": {
566
+ "Fn::GetAtt": [
567
+ "testcloudfronts3CloudFrontOac7A951AA6",
568
+ "Id"
569
+ ]
570
+ },
528
571
  "S3OriginConfig": {
529
- "OriginAccessIdentity": {
530
- "Fn::Join": [
531
- "",
532
- [
533
- "origin-access-identity/cloudfront/",
534
- {
535
- "Ref": "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058"
536
- }
537
- ]
538
- ]
539
- }
572
+ "OriginAccessIdentity": ""
540
573
  }
541
574
  }
542
575
  ]
@@ -0,0 +1,13 @@
1
+ /**
2
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ *
4
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
+ * with the License. A copy of the License is located at
6
+ *
7
+ * http://www.apache.org/licenses/LICENSE-2.0
8
+ *
9
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
+ * and limitations under the License.
12
+ */
13
+ export {};