@aws-solutions-constructs/aws-cloudfront-s3 2.50.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +51 -6
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +14 -13
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -1,527 +0,0 @@
1
- {
2
- "Description": "Integration Test for aws-cloudfront-s3",
3
- "Resources": {
4
- "cmkKey598B20B2": {
5
- "Type": "AWS::KMS::Key",
6
- "Properties": {
7
- "EnableKeyRotation": true,
8
- "KeyPolicy": {
9
- "Statement": [
10
- {
11
- "Action": "kms:*",
12
- "Effect": "Allow",
13
- "Principal": {
14
- "AWS": {
15
- "Fn::Join": [
16
- "",
17
- [
18
- "arn:",
19
- {
20
- "Ref": "AWS::Partition"
21
- },
22
- ":iam::",
23
- {
24
- "Ref": "AWS::AccountId"
25
- },
26
- ":root"
27
- ]
28
- ]
29
- }
30
- },
31
- "Resource": "*"
32
- }
33
- ],
34
- "Version": "2012-10-17"
35
- }
36
- },
37
- "UpdateReplacePolicy": "Delete",
38
- "DeletionPolicy": "Delete"
39
- },
40
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209": {
41
- "Type": "AWS::S3::Bucket",
42
- "Properties": {
43
- "BucketEncryption": {
44
- "ServerSideEncryptionConfiguration": [
45
- {
46
- "ServerSideEncryptionByDefault": {
47
- "SSEAlgorithm": "AES256"
48
- }
49
- }
50
- ]
51
- },
52
- "PublicAccessBlockConfiguration": {
53
- "BlockPublicAcls": true,
54
- "BlockPublicPolicy": true,
55
- "IgnorePublicAcls": true,
56
- "RestrictPublicBuckets": true
57
- },
58
- "VersioningConfiguration": {
59
- "Status": "Enabled"
60
- }
61
- },
62
- "UpdateReplacePolicy": "Retain",
63
- "DeletionPolicy": "Retain",
64
- "Metadata": {
65
- "cfn_nag": {
66
- "rules_to_suppress": [
67
- {
68
- "id": "W35",
69
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
70
- }
71
- ]
72
- }
73
- }
74
- },
75
- "testcloudfronts3cmkencryptionkeyS3LoggingBucketPolicyF38CB6DD": {
76
- "Type": "AWS::S3::BucketPolicy",
77
- "Properties": {
78
- "Bucket": {
79
- "Ref": "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"
80
- },
81
- "PolicyDocument": {
82
- "Statement": [
83
- {
84
- "Action": "s3:*",
85
- "Condition": {
86
- "Bool": {
87
- "aws:SecureTransport": "false"
88
- }
89
- },
90
- "Effect": "Deny",
91
- "Principal": {
92
- "AWS": "*"
93
- },
94
- "Resource": [
95
- {
96
- "Fn::GetAtt": [
97
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
98
- "Arn"
99
- ]
100
- },
101
- {
102
- "Fn::Join": [
103
- "",
104
- [
105
- {
106
- "Fn::GetAtt": [
107
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
108
- "Arn"
109
- ]
110
- },
111
- "/*"
112
- ]
113
- ]
114
- }
115
- ]
116
- },
117
- {
118
- "Action": "s3:PutObject",
119
- "Condition": {
120
- "ArnLike": {
121
- "aws:SourceArn": {
122
- "Fn::GetAtt": [
123
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
124
- "Arn"
125
- ]
126
- }
127
- },
128
- "StringEquals": {
129
- "aws:SourceAccount": {
130
- "Ref": "AWS::AccountId"
131
- }
132
- }
133
- },
134
- "Effect": "Allow",
135
- "Principal": {
136
- "Service": "logging.s3.amazonaws.com"
137
- },
138
- "Resource": {
139
- "Fn::Join": [
140
- "",
141
- [
142
- {
143
- "Fn::GetAtt": [
144
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
145
- "Arn"
146
- ]
147
- },
148
- "/*"
149
- ]
150
- ]
151
- }
152
- }
153
- ],
154
- "Version": "2012-10-17"
155
- }
156
- }
157
- },
158
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2": {
159
- "Type": "AWS::S3::Bucket",
160
- "Properties": {
161
- "BucketEncryption": {
162
- "ServerSideEncryptionConfiguration": [
163
- {
164
- "ServerSideEncryptionByDefault": {
165
- "SSEAlgorithm": "AES256"
166
- }
167
- }
168
- ]
169
- },
170
- "LifecycleConfiguration": {
171
- "Rules": [
172
- {
173
- "NoncurrentVersionTransitions": [
174
- {
175
- "StorageClass": "GLACIER",
176
- "TransitionInDays": 90
177
- }
178
- ],
179
- "Status": "Enabled"
180
- }
181
- ]
182
- },
183
- "LoggingConfiguration": {
184
- "DestinationBucketName": {
185
- "Ref": "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"
186
- }
187
- },
188
- "PublicAccessBlockConfiguration": {
189
- "BlockPublicAcls": true,
190
- "BlockPublicPolicy": true,
191
- "IgnorePublicAcls": true,
192
- "RestrictPublicBuckets": true
193
- },
194
- "VersioningConfiguration": {
195
- "Status": "Enabled"
196
- }
197
- },
198
- "UpdateReplacePolicy": "Retain",
199
- "DeletionPolicy": "Retain"
200
- },
201
- "testcloudfronts3cmkencryptionkeyS3BucketPolicy5DF57B01": {
202
- "Type": "AWS::S3::BucketPolicy",
203
- "Properties": {
204
- "Bucket": {
205
- "Ref": "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2"
206
- },
207
- "PolicyDocument": {
208
- "Statement": [
209
- {
210
- "Action": "s3:*",
211
- "Condition": {
212
- "Bool": {
213
- "aws:SecureTransport": "false"
214
- }
215
- },
216
- "Effect": "Deny",
217
- "Principal": {
218
- "AWS": "*"
219
- },
220
- "Resource": [
221
- {
222
- "Fn::GetAtt": [
223
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
224
- "Arn"
225
- ]
226
- },
227
- {
228
- "Fn::Join": [
229
- "",
230
- [
231
- {
232
- "Fn::GetAtt": [
233
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
234
- "Arn"
235
- ]
236
- },
237
- "/*"
238
- ]
239
- ]
240
- }
241
- ]
242
- },
243
- {
244
- "Action": "s3:GetObject",
245
- "Effect": "Allow",
246
- "Principal": {
247
- "CanonicalUser": {
248
- "Fn::GetAtt": [
249
- "testcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1S3OriginA6F11959",
250
- "S3CanonicalUserId"
251
- ]
252
- }
253
- },
254
- "Resource": {
255
- "Fn::Join": [
256
- "",
257
- [
258
- {
259
- "Fn::GetAtt": [
260
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
261
- "Arn"
262
- ]
263
- },
264
- "/*"
265
- ]
266
- ]
267
- }
268
- },
269
- {
270
- "Action": "s3:GetObject",
271
- "Condition": {
272
- "StringEquals": {
273
- "AWS:SourceArn": {
274
- "Fn::Join": [
275
- "",
276
- [
277
- "arn:",
278
- {
279
- "Ref": "AWS::Partition"
280
- },
281
- ":cloudfront::",
282
- {
283
- "Ref": "AWS::AccountId"
284
- },
285
- ":distribution/",
286
- {
287
- "Ref": "testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"
288
- }
289
- ]
290
- ]
291
- }
292
- }
293
- },
294
- "Effect": "Allow",
295
- "Principal": {
296
- "Service": "cloudfront.amazonaws.com"
297
- },
298
- "Resource": {
299
- "Fn::Join": [
300
- "",
301
- [
302
- {
303
- "Fn::GetAtt": [
304
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
305
- "Arn"
306
- ]
307
- },
308
- "/*"
309
- ]
310
- ]
311
- }
312
- }
313
- ],
314
- "Version": "2012-10-17"
315
- }
316
- },
317
- "Metadata": {
318
- "cfn_nag": {
319
- "rules_to_suppress": [
320
- {
321
- "id": "F16",
322
- "reason": "Public website bucket policy requires a wildcard principal"
323
- }
324
- ]
325
- }
326
- }
327
- },
328
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD": {
329
- "Type": "AWS::S3::Bucket",
330
- "Properties": {
331
- "AccessControl": "LogDeliveryWrite",
332
- "BucketEncryption": {
333
- "ServerSideEncryptionConfiguration": [
334
- {
335
- "ServerSideEncryptionByDefault": {
336
- "SSEAlgorithm": "AES256"
337
- }
338
- }
339
- ]
340
- },
341
- "OwnershipControls": {
342
- "Rules": [
343
- {
344
- "ObjectOwnership": "ObjectWriter"
345
- }
346
- ]
347
- },
348
- "PublicAccessBlockConfiguration": {
349
- "BlockPublicAcls": true,
350
- "BlockPublicPolicy": true,
351
- "IgnorePublicAcls": true,
352
- "RestrictPublicBuckets": true
353
- },
354
- "VersioningConfiguration": {
355
- "Status": "Enabled"
356
- }
357
- },
358
- "UpdateReplacePolicy": "Retain",
359
- "DeletionPolicy": "Retain",
360
- "Metadata": {
361
- "cfn_nag": {
362
- "rules_to_suppress": [
363
- {
364
- "id": "W35",
365
- "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution"
366
- }
367
- ]
368
- }
369
- }
370
- },
371
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketPolicy5E737735": {
372
- "Type": "AWS::S3::BucketPolicy",
373
- "Properties": {
374
- "Bucket": {
375
- "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"
376
- },
377
- "PolicyDocument": {
378
- "Statement": [
379
- {
380
- "Action": "s3:*",
381
- "Condition": {
382
- "Bool": {
383
- "aws:SecureTransport": "false"
384
- }
385
- },
386
- "Effect": "Deny",
387
- "Principal": {
388
- "AWS": "*"
389
- },
390
- "Resource": [
391
- {
392
- "Fn::GetAtt": [
393
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
394
- "Arn"
395
- ]
396
- },
397
- {
398
- "Fn::Join": [
399
- "",
400
- [
401
- {
402
- "Fn::GetAtt": [
403
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
404
- "Arn"
405
- ]
406
- },
407
- "/*"
408
- ]
409
- ]
410
- }
411
- ]
412
- }
413
- ],
414
- "Version": "2012-10-17"
415
- }
416
- }
417
- },
418
- "testcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1S3OriginA6F11959": {
419
- "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
420
- "Properties": {
421
- "CloudFrontOriginAccessIdentityConfig": {
422
- "Comment": "Identity for cfts3cmkencryptiontestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin10F84B155"
423
- }
424
- }
425
- },
426
- "testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907": {
427
- "Type": "AWS::CloudFront::Distribution",
428
- "Properties": {
429
- "DistributionConfig": {
430
- "DefaultCacheBehavior": {
431
- "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
432
- "Compress": true,
433
- "TargetOriginId": "cfts3cmkencryptiontestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin10F84B155",
434
- "ViewerProtocolPolicy": "redirect-to-https"
435
- },
436
- "DefaultRootObject": "index.html",
437
- "Enabled": true,
438
- "HttpVersion": "http2",
439
- "IPV6Enabled": true,
440
- "Logging": {
441
- "Bucket": {
442
- "Fn::GetAtt": [
443
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
444
- "RegionalDomainName"
445
- ]
446
- }
447
- },
448
- "Origins": [
449
- {
450
- "DomainName": {
451
- "Fn::GetAtt": [
452
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
453
- "RegionalDomainName"
454
- ]
455
- },
456
- "Id": "cfts3cmkencryptiontestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin10F84B155",
457
- "OriginAccessControlId": {
458
- "Fn::GetAtt": [
459
- "testcloudfronts3cmkencryptionkeyCloudFrontOac4EFECBD9",
460
- "Id"
461
- ]
462
- },
463
- "S3OriginConfig": {
464
- "OriginAccessIdentity": ""
465
- }
466
- }
467
- ]
468
- }
469
- },
470
- "Metadata": {
471
- "cfn_nag": {
472
- "rules_to_suppress": [
473
- {
474
- "id": "W70",
475
- "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
476
- }
477
- ]
478
- }
479
- }
480
- },
481
- "testcloudfronts3cmkencryptionkeyCloudFrontOac4EFECBD9": {
482
- "Type": "AWS::CloudFront::OriginAccessControl",
483
- "Properties": {
484
- "OriginAccessControlConfig": {
485
- "Name": "cloudfront-default-oac-18c3b751f02",
486
- "OriginAccessControlOriginType": "s3",
487
- "SigningBehavior": "always",
488
- "SigningProtocol": "sigv4"
489
- }
490
- }
491
- }
492
- },
493
- "Parameters": {
494
- "BootstrapVersion": {
495
- "Type": "AWS::SSM::Parameter::Value<String>",
496
- "Default": "/cdk-bootstrap/hnb659fds/version",
497
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
498
- }
499
- },
500
- "Rules": {
501
- "CheckBootstrapVersion": {
502
- "Assertions": [
503
- {
504
- "Assert": {
505
- "Fn::Not": [
506
- {
507
- "Fn::Contains": [
508
- [
509
- "1",
510
- "2",
511
- "3",
512
- "4",
513
- "5"
514
- ],
515
- {
516
- "Ref": "BootstrapVersion"
517
- }
518
- ]
519
- }
520
- ]
521
- },
522
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
523
- }
524
- ]
525
- }
526
- }
527
- }