@aws-solutions-constructs/aws-cloudfront-s3 2.50.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +51 -6
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +14 -13
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -0,0 +1,926 @@
1
+ {
2
+ "Description": "Integration Test for aws-cloudfront-s3",
3
+ "Resources": {
4
+ "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F": {
5
+ "Type": "AWS::S3::Bucket",
6
+ "Properties": {
7
+ "BucketEncryption": {
8
+ "ServerSideEncryptionConfiguration": [
9
+ {
10
+ "ServerSideEncryptionByDefault": {
11
+ "SSEAlgorithm": "AES256"
12
+ }
13
+ }
14
+ ]
15
+ },
16
+ "PublicAccessBlockConfiguration": {
17
+ "BlockPublicAcls": true,
18
+ "BlockPublicPolicy": true,
19
+ "IgnorePublicAcls": true,
20
+ "RestrictPublicBuckets": true
21
+ },
22
+ "Tags": [
23
+ {
24
+ "Key": "aws-cdk:auto-delete-objects",
25
+ "Value": "true"
26
+ }
27
+ ],
28
+ "VersioningConfiguration": {
29
+ "Status": "Enabled"
30
+ }
31
+ },
32
+ "UpdateReplacePolicy": "Delete",
33
+ "DeletionPolicy": "Delete",
34
+ "Metadata": {
35
+ "cfn_nag": {
36
+ "rules_to_suppress": [
37
+ {
38
+ "id": "W35",
39
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
40
+ }
41
+ ]
42
+ }
43
+ }
44
+ },
45
+ "testcloudfronts3nosecurityheadersS3LoggingBucketPolicy264DE8B6": {
46
+ "Type": "AWS::S3::BucketPolicy",
47
+ "Properties": {
48
+ "Bucket": {
49
+ "Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
50
+ },
51
+ "PolicyDocument": {
52
+ "Statement": [
53
+ {
54
+ "Action": "s3:*",
55
+ "Condition": {
56
+ "Bool": {
57
+ "aws:SecureTransport": "false"
58
+ }
59
+ },
60
+ "Effect": "Deny",
61
+ "Principal": {
62
+ "AWS": "*"
63
+ },
64
+ "Resource": [
65
+ {
66
+ "Fn::GetAtt": [
67
+ "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
68
+ "Arn"
69
+ ]
70
+ },
71
+ {
72
+ "Fn::Join": [
73
+ "",
74
+ [
75
+ {
76
+ "Fn::GetAtt": [
77
+ "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
78
+ "Arn"
79
+ ]
80
+ },
81
+ "/*"
82
+ ]
83
+ ]
84
+ }
85
+ ]
86
+ },
87
+ {
88
+ "Action": [
89
+ "s3:DeleteObject*",
90
+ "s3:GetBucket*",
91
+ "s3:List*",
92
+ "s3:PutBucketPolicy"
93
+ ],
94
+ "Effect": "Allow",
95
+ "Principal": {
96
+ "AWS": {
97
+ "Fn::GetAtt": [
98
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
99
+ "Arn"
100
+ ]
101
+ }
102
+ },
103
+ "Resource": [
104
+ {
105
+ "Fn::GetAtt": [
106
+ "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
107
+ "Arn"
108
+ ]
109
+ },
110
+ {
111
+ "Fn::Join": [
112
+ "",
113
+ [
114
+ {
115
+ "Fn::GetAtt": [
116
+ "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
117
+ "Arn"
118
+ ]
119
+ },
120
+ "/*"
121
+ ]
122
+ ]
123
+ }
124
+ ]
125
+ },
126
+ {
127
+ "Action": "s3:PutObject",
128
+ "Condition": {
129
+ "ArnLike": {
130
+ "aws:SourceArn": {
131
+ "Fn::GetAtt": [
132
+ "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
133
+ "Arn"
134
+ ]
135
+ }
136
+ },
137
+ "StringEquals": {
138
+ "aws:SourceAccount": {
139
+ "Ref": "AWS::AccountId"
140
+ }
141
+ }
142
+ },
143
+ "Effect": "Allow",
144
+ "Principal": {
145
+ "Service": "logging.s3.amazonaws.com"
146
+ },
147
+ "Resource": {
148
+ "Fn::Join": [
149
+ "",
150
+ [
151
+ {
152
+ "Fn::GetAtt": [
153
+ "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
154
+ "Arn"
155
+ ]
156
+ },
157
+ "/*"
158
+ ]
159
+ ]
160
+ }
161
+ }
162
+ ],
163
+ "Version": "2012-10-17"
164
+ }
165
+ }
166
+ },
167
+ "testcloudfronts3nosecurityheadersS3LoggingBucketAutoDeleteObjectsCustomResourceB6D397D3": {
168
+ "Type": "Custom::S3AutoDeleteObjects",
169
+ "Properties": {
170
+ "ServiceToken": {
171
+ "Fn::GetAtt": [
172
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
173
+ "Arn"
174
+ ]
175
+ },
176
+ "BucketName": {
177
+ "Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
178
+ }
179
+ },
180
+ "DependsOn": [
181
+ "testcloudfronts3nosecurityheadersS3LoggingBucketPolicy264DE8B6"
182
+ ],
183
+ "UpdateReplacePolicy": "Delete",
184
+ "DeletionPolicy": "Delete"
185
+ },
186
+ "testcloudfronts3nosecurityheadersS3Bucket4D06173D": {
187
+ "Type": "AWS::S3::Bucket",
188
+ "Properties": {
189
+ "BucketEncryption": {
190
+ "ServerSideEncryptionConfiguration": [
191
+ {
192
+ "ServerSideEncryptionByDefault": {
193
+ "SSEAlgorithm": "AES256"
194
+ }
195
+ }
196
+ ]
197
+ },
198
+ "LifecycleConfiguration": {
199
+ "Rules": [
200
+ {
201
+ "NoncurrentVersionTransitions": [
202
+ {
203
+ "StorageClass": "GLACIER",
204
+ "TransitionInDays": 90
205
+ }
206
+ ],
207
+ "Status": "Enabled"
208
+ }
209
+ ]
210
+ },
211
+ "LoggingConfiguration": {
212
+ "DestinationBucketName": {
213
+ "Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
214
+ }
215
+ },
216
+ "PublicAccessBlockConfiguration": {
217
+ "BlockPublicAcls": true,
218
+ "BlockPublicPolicy": true,
219
+ "IgnorePublicAcls": true,
220
+ "RestrictPublicBuckets": true
221
+ },
222
+ "Tags": [
223
+ {
224
+ "Key": "aws-cdk:auto-delete-objects",
225
+ "Value": "true"
226
+ }
227
+ ],
228
+ "VersioningConfiguration": {
229
+ "Status": "Enabled"
230
+ }
231
+ },
232
+ "UpdateReplacePolicy": "Delete",
233
+ "DeletionPolicy": "Delete"
234
+ },
235
+ "testcloudfronts3nosecurityheadersS3BucketPolicy99D27ED1": {
236
+ "Type": "AWS::S3::BucketPolicy",
237
+ "Properties": {
238
+ "Bucket": {
239
+ "Ref": "testcloudfronts3nosecurityheadersS3Bucket4D06173D"
240
+ },
241
+ "PolicyDocument": {
242
+ "Statement": [
243
+ {
244
+ "Action": "s3:*",
245
+ "Condition": {
246
+ "Bool": {
247
+ "aws:SecureTransport": "false"
248
+ }
249
+ },
250
+ "Effect": "Deny",
251
+ "Principal": {
252
+ "AWS": "*"
253
+ },
254
+ "Resource": [
255
+ {
256
+ "Fn::GetAtt": [
257
+ "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
258
+ "Arn"
259
+ ]
260
+ },
261
+ {
262
+ "Fn::Join": [
263
+ "",
264
+ [
265
+ {
266
+ "Fn::GetAtt": [
267
+ "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
268
+ "Arn"
269
+ ]
270
+ },
271
+ "/*"
272
+ ]
273
+ ]
274
+ }
275
+ ]
276
+ },
277
+ {
278
+ "Action": [
279
+ "s3:DeleteObject*",
280
+ "s3:GetBucket*",
281
+ "s3:List*",
282
+ "s3:PutBucketPolicy"
283
+ ],
284
+ "Effect": "Allow",
285
+ "Principal": {
286
+ "AWS": {
287
+ "Fn::GetAtt": [
288
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
289
+ "Arn"
290
+ ]
291
+ }
292
+ },
293
+ "Resource": [
294
+ {
295
+ "Fn::GetAtt": [
296
+ "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
297
+ "Arn"
298
+ ]
299
+ },
300
+ {
301
+ "Fn::Join": [
302
+ "",
303
+ [
304
+ {
305
+ "Fn::GetAtt": [
306
+ "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
307
+ "Arn"
308
+ ]
309
+ },
310
+ "/*"
311
+ ]
312
+ ]
313
+ }
314
+ ]
315
+ },
316
+ {
317
+ "Action": "s3:GetObject",
318
+ "Condition": {
319
+ "StringEquals": {
320
+ "AWS:SourceArn": {
321
+ "Fn::Join": [
322
+ "",
323
+ [
324
+ "arn:aws:cloudfront::",
325
+ {
326
+ "Ref": "AWS::AccountId"
327
+ },
328
+ ":distribution/",
329
+ {
330
+ "Ref": "testcloudfronts3nosecurityheadersCloudFrontDistribution3BC8CDED"
331
+ }
332
+ ]
333
+ ]
334
+ }
335
+ }
336
+ },
337
+ "Effect": "Allow",
338
+ "Principal": {
339
+ "Service": "cloudfront.amazonaws.com"
340
+ },
341
+ "Resource": {
342
+ "Fn::Join": [
343
+ "",
344
+ [
345
+ {
346
+ "Fn::GetAtt": [
347
+ "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
348
+ "Arn"
349
+ ]
350
+ },
351
+ "/*"
352
+ ]
353
+ ]
354
+ }
355
+ }
356
+ ],
357
+ "Version": "2012-10-17"
358
+ }
359
+ },
360
+ "Metadata": {
361
+ "cfn_nag": {
362
+ "rules_to_suppress": [
363
+ {
364
+ "id": "F16",
365
+ "reason": "Public website bucket policy requires a wildcard principal"
366
+ }
367
+ ]
368
+ }
369
+ }
370
+ },
371
+ "testcloudfronts3nosecurityheadersS3BucketAutoDeleteObjectsCustomResource7011F955": {
372
+ "Type": "Custom::S3AutoDeleteObjects",
373
+ "Properties": {
374
+ "ServiceToken": {
375
+ "Fn::GetAtt": [
376
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
377
+ "Arn"
378
+ ]
379
+ },
380
+ "BucketName": {
381
+ "Ref": "testcloudfronts3nosecurityheadersS3Bucket4D06173D"
382
+ }
383
+ },
384
+ "DependsOn": [
385
+ "testcloudfronts3nosecurityheadersS3BucketPolicy99D27ED1"
386
+ ],
387
+ "UpdateReplacePolicy": "Delete",
388
+ "DeletionPolicy": "Delete"
389
+ },
390
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1": {
391
+ "Type": "AWS::S3::Bucket",
392
+ "Properties": {
393
+ "BucketEncryption": {
394
+ "ServerSideEncryptionConfiguration": [
395
+ {
396
+ "ServerSideEncryptionByDefault": {
397
+ "SSEAlgorithm": "AES256"
398
+ }
399
+ }
400
+ ]
401
+ },
402
+ "OwnershipControls": {
403
+ "Rules": [
404
+ {
405
+ "ObjectOwnership": "ObjectWriter"
406
+ }
407
+ ]
408
+ },
409
+ "PublicAccessBlockConfiguration": {
410
+ "BlockPublicAcls": true,
411
+ "BlockPublicPolicy": true,
412
+ "IgnorePublicAcls": true,
413
+ "RestrictPublicBuckets": true
414
+ },
415
+ "Tags": [
416
+ {
417
+ "Key": "aws-cdk:auto-delete-objects",
418
+ "Value": "true"
419
+ }
420
+ ],
421
+ "VersioningConfiguration": {
422
+ "Status": "Enabled"
423
+ }
424
+ },
425
+ "UpdateReplacePolicy": "Delete",
426
+ "DeletionPolicy": "Delete",
427
+ "Metadata": {
428
+ "cfn_nag": {
429
+ "rules_to_suppress": [
430
+ {
431
+ "id": "W35",
432
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
433
+ }
434
+ ]
435
+ }
436
+ }
437
+ },
438
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogPolicy3DF5F522": {
439
+ "Type": "AWS::S3::BucketPolicy",
440
+ "Properties": {
441
+ "Bucket": {
442
+ "Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1"
443
+ },
444
+ "PolicyDocument": {
445
+ "Statement": [
446
+ {
447
+ "Action": "s3:*",
448
+ "Condition": {
449
+ "Bool": {
450
+ "aws:SecureTransport": "false"
451
+ }
452
+ },
453
+ "Effect": "Deny",
454
+ "Principal": {
455
+ "AWS": "*"
456
+ },
457
+ "Resource": [
458
+ {
459
+ "Fn::GetAtt": [
460
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
461
+ "Arn"
462
+ ]
463
+ },
464
+ {
465
+ "Fn::Join": [
466
+ "",
467
+ [
468
+ {
469
+ "Fn::GetAtt": [
470
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
471
+ "Arn"
472
+ ]
473
+ },
474
+ "/*"
475
+ ]
476
+ ]
477
+ }
478
+ ]
479
+ },
480
+ {
481
+ "Action": [
482
+ "s3:DeleteObject*",
483
+ "s3:GetBucket*",
484
+ "s3:List*",
485
+ "s3:PutBucketPolicy"
486
+ ],
487
+ "Effect": "Allow",
488
+ "Principal": {
489
+ "AWS": {
490
+ "Fn::GetAtt": [
491
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
492
+ "Arn"
493
+ ]
494
+ }
495
+ },
496
+ "Resource": [
497
+ {
498
+ "Fn::GetAtt": [
499
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
500
+ "Arn"
501
+ ]
502
+ },
503
+ {
504
+ "Fn::Join": [
505
+ "",
506
+ [
507
+ {
508
+ "Fn::GetAtt": [
509
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
510
+ "Arn"
511
+ ]
512
+ },
513
+ "/*"
514
+ ]
515
+ ]
516
+ }
517
+ ]
518
+ },
519
+ {
520
+ "Action": "s3:PutObject",
521
+ "Condition": {
522
+ "ArnLike": {
523
+ "aws:SourceArn": {
524
+ "Fn::GetAtt": [
525
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
526
+ "Arn"
527
+ ]
528
+ }
529
+ },
530
+ "StringEquals": {
531
+ "aws:SourceAccount": {
532
+ "Ref": "AWS::AccountId"
533
+ }
534
+ }
535
+ },
536
+ "Effect": "Allow",
537
+ "Principal": {
538
+ "Service": "logging.s3.amazonaws.com"
539
+ },
540
+ "Resource": {
541
+ "Fn::Join": [
542
+ "",
543
+ [
544
+ {
545
+ "Fn::GetAtt": [
546
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
547
+ "Arn"
548
+ ]
549
+ },
550
+ "/*"
551
+ ]
552
+ ]
553
+ }
554
+ }
555
+ ],
556
+ "Version": "2012-10-17"
557
+ }
558
+ }
559
+ },
560
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource20738403": {
561
+ "Type": "Custom::S3AutoDeleteObjects",
562
+ "Properties": {
563
+ "ServiceToken": {
564
+ "Fn::GetAtt": [
565
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
566
+ "Arn"
567
+ ]
568
+ },
569
+ "BucketName": {
570
+ "Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1"
571
+ }
572
+ },
573
+ "DependsOn": [
574
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogPolicy3DF5F522"
575
+ ],
576
+ "UpdateReplacePolicy": "Delete",
577
+ "DeletionPolicy": "Delete"
578
+ },
579
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5": {
580
+ "Type": "AWS::S3::Bucket",
581
+ "Properties": {
582
+ "AccessControl": "LogDeliveryWrite",
583
+ "BucketEncryption": {
584
+ "ServerSideEncryptionConfiguration": [
585
+ {
586
+ "ServerSideEncryptionByDefault": {
587
+ "SSEAlgorithm": "AES256"
588
+ }
589
+ }
590
+ ]
591
+ },
592
+ "LoggingConfiguration": {
593
+ "DestinationBucketName": {
594
+ "Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1"
595
+ }
596
+ },
597
+ "OwnershipControls": {
598
+ "Rules": [
599
+ {
600
+ "ObjectOwnership": "ObjectWriter"
601
+ }
602
+ ]
603
+ },
604
+ "PublicAccessBlockConfiguration": {
605
+ "BlockPublicAcls": true,
606
+ "BlockPublicPolicy": true,
607
+ "IgnorePublicAcls": true,
608
+ "RestrictPublicBuckets": true
609
+ },
610
+ "Tags": [
611
+ {
612
+ "Key": "aws-cdk:auto-delete-objects",
613
+ "Value": "true"
614
+ }
615
+ ],
616
+ "VersioningConfiguration": {
617
+ "Status": "Enabled"
618
+ }
619
+ },
620
+ "UpdateReplacePolicy": "Delete",
621
+ "DeletionPolicy": "Delete"
622
+ },
623
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketPolicy7D709982": {
624
+ "Type": "AWS::S3::BucketPolicy",
625
+ "Properties": {
626
+ "Bucket": {
627
+ "Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5"
628
+ },
629
+ "PolicyDocument": {
630
+ "Statement": [
631
+ {
632
+ "Action": "s3:*",
633
+ "Condition": {
634
+ "Bool": {
635
+ "aws:SecureTransport": "false"
636
+ }
637
+ },
638
+ "Effect": "Deny",
639
+ "Principal": {
640
+ "AWS": "*"
641
+ },
642
+ "Resource": [
643
+ {
644
+ "Fn::GetAtt": [
645
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
646
+ "Arn"
647
+ ]
648
+ },
649
+ {
650
+ "Fn::Join": [
651
+ "",
652
+ [
653
+ {
654
+ "Fn::GetAtt": [
655
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
656
+ "Arn"
657
+ ]
658
+ },
659
+ "/*"
660
+ ]
661
+ ]
662
+ }
663
+ ]
664
+ },
665
+ {
666
+ "Action": [
667
+ "s3:DeleteObject*",
668
+ "s3:GetBucket*",
669
+ "s3:List*",
670
+ "s3:PutBucketPolicy"
671
+ ],
672
+ "Effect": "Allow",
673
+ "Principal": {
674
+ "AWS": {
675
+ "Fn::GetAtt": [
676
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
677
+ "Arn"
678
+ ]
679
+ }
680
+ },
681
+ "Resource": [
682
+ {
683
+ "Fn::GetAtt": [
684
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
685
+ "Arn"
686
+ ]
687
+ },
688
+ {
689
+ "Fn::Join": [
690
+ "",
691
+ [
692
+ {
693
+ "Fn::GetAtt": [
694
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
695
+ "Arn"
696
+ ]
697
+ },
698
+ "/*"
699
+ ]
700
+ ]
701
+ }
702
+ ]
703
+ }
704
+ ],
705
+ "Version": "2012-10-17"
706
+ }
707
+ }
708
+ },
709
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAutoDeleteObjectsCustomResource5BEC5CA0": {
710
+ "Type": "Custom::S3AutoDeleteObjects",
711
+ "Properties": {
712
+ "ServiceToken": {
713
+ "Fn::GetAtt": [
714
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
715
+ "Arn"
716
+ ]
717
+ },
718
+ "BucketName": {
719
+ "Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5"
720
+ }
721
+ },
722
+ "DependsOn": [
723
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketPolicy7D709982"
724
+ ],
725
+ "UpdateReplacePolicy": "Delete",
726
+ "DeletionPolicy": "Delete"
727
+ },
728
+ "testcloudfronts3nosecurityheadersCloudFrontOac7954FB73": {
729
+ "Type": "AWS::CloudFront::OriginAccessControl",
730
+ "Properties": {
731
+ "OriginAccessControlConfig": {
732
+ "Description": "Origin access control provisioned by aws-cloudfront-s3",
733
+ "Name": {
734
+ "Fn::Join": [
735
+ "",
736
+ [
737
+ "aws-cloudfront-s3-testaders-",
738
+ {
739
+ "Fn::Select": [
740
+ 2,
741
+ {
742
+ "Fn::Split": [
743
+ "/",
744
+ {
745
+ "Ref": "AWS::StackId"
746
+ }
747
+ ]
748
+ }
749
+ ]
750
+ }
751
+ ]
752
+ ]
753
+ },
754
+ "OriginAccessControlOriginType": "s3",
755
+ "SigningBehavior": "always",
756
+ "SigningProtocol": "sigv4"
757
+ }
758
+ }
759
+ },
760
+ "testcloudfronts3nosecurityheadersCloudFrontDistribution3BC8CDED": {
761
+ "Type": "AWS::CloudFront::Distribution",
762
+ "Properties": {
763
+ "DistributionConfig": {
764
+ "DefaultCacheBehavior": {
765
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
766
+ "Compress": true,
767
+ "TargetOriginId": "cfts3nosecurityheaderstestcloudfronts3nosecurityheadersCloudFrontDistributionOrigin1A0125E27",
768
+ "ViewerProtocolPolicy": "redirect-to-https"
769
+ },
770
+ "DefaultRootObject": "index.html",
771
+ "Enabled": true,
772
+ "HttpVersion": "http2",
773
+ "IPV6Enabled": true,
774
+ "Logging": {
775
+ "Bucket": {
776
+ "Fn::GetAtt": [
777
+ "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
778
+ "RegionalDomainName"
779
+ ]
780
+ }
781
+ },
782
+ "Origins": [
783
+ {
784
+ "DomainName": {
785
+ "Fn::GetAtt": [
786
+ "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
787
+ "RegionalDomainName"
788
+ ]
789
+ },
790
+ "Id": "cfts3nosecurityheaderstestcloudfronts3nosecurityheadersCloudFrontDistributionOrigin1A0125E27",
791
+ "OriginAccessControlId": {
792
+ "Fn::GetAtt": [
793
+ "testcloudfronts3nosecurityheadersCloudFrontOac7954FB73",
794
+ "Id"
795
+ ]
796
+ },
797
+ "S3OriginConfig": {
798
+ "OriginAccessIdentity": ""
799
+ }
800
+ }
801
+ ]
802
+ }
803
+ },
804
+ "Metadata": {
805
+ "cfn_nag": {
806
+ "rules_to_suppress": [
807
+ {
808
+ "id": "W70",
809
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
810
+ }
811
+ ]
812
+ }
813
+ }
814
+ },
815
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
816
+ "Type": "AWS::IAM::Role",
817
+ "Properties": {
818
+ "AssumeRolePolicyDocument": {
819
+ "Version": "2012-10-17",
820
+ "Statement": [
821
+ {
822
+ "Action": "sts:AssumeRole",
823
+ "Effect": "Allow",
824
+ "Principal": {
825
+ "Service": "lambda.amazonaws.com"
826
+ }
827
+ }
828
+ ]
829
+ },
830
+ "ManagedPolicyArns": [
831
+ {
832
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
833
+ }
834
+ ]
835
+ }
836
+ },
837
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
838
+ "Type": "AWS::Lambda::Function",
839
+ "Properties": {
840
+ "Code": {
841
+ "S3Bucket": {
842
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
843
+ },
844
+ "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
845
+ },
846
+ "Timeout": 900,
847
+ "MemorySize": 128,
848
+ "Handler": "index.handler",
849
+ "Role": {
850
+ "Fn::GetAtt": [
851
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
852
+ "Arn"
853
+ ]
854
+ },
855
+ "Runtime": "nodejs18.x",
856
+ "Description": {
857
+ "Fn::Join": [
858
+ "",
859
+ [
860
+ "Lambda function for auto-deleting objects in ",
861
+ {
862
+ "Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
863
+ },
864
+ " S3 bucket."
865
+ ]
866
+ ]
867
+ }
868
+ },
869
+ "DependsOn": [
870
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
871
+ ],
872
+ "Metadata": {
873
+ "cfn_nag": {
874
+ "rules_to_suppress": [
875
+ {
876
+ "id": "W58",
877
+ "reason": "CDK generated custom resource"
878
+ },
879
+ {
880
+ "id": "W89",
881
+ "reason": "CDK generated custom resource"
882
+ },
883
+ {
884
+ "id": "W92",
885
+ "reason": "CDK generated custom resource"
886
+ }
887
+ ]
888
+ }
889
+ }
890
+ }
891
+ },
892
+ "Parameters": {
893
+ "BootstrapVersion": {
894
+ "Type": "AWS::SSM::Parameter::Value<String>",
895
+ "Default": "/cdk-bootstrap/hnb659fds/version",
896
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
897
+ }
898
+ },
899
+ "Rules": {
900
+ "CheckBootstrapVersion": {
901
+ "Assertions": [
902
+ {
903
+ "Assert": {
904
+ "Fn::Not": [
905
+ {
906
+ "Fn::Contains": [
907
+ [
908
+ "1",
909
+ "2",
910
+ "3",
911
+ "4",
912
+ "5"
913
+ ],
914
+ {
915
+ "Ref": "BootstrapVersion"
916
+ }
917
+ ]
918
+ }
919
+ ]
920
+ },
921
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
922
+ }
923
+ ]
924
+ }
925
+ }
926
+ }