@aws-solutions-constructs/aws-cloudfront-s3 2.50.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +51 -6
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +14 -13
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -1,987 +0,0 @@
1
- {
2
- "Resources": {
3
- "testcloudfronts3S3LoggingBucket90D239DD": {
4
- "Type": "AWS::S3::Bucket",
5
- "Properties": {
6
- "BucketEncryption": {
7
- "ServerSideEncryptionConfiguration": [
8
- {
9
- "ServerSideEncryptionByDefault": {
10
- "SSEAlgorithm": "AES256"
11
- }
12
- }
13
- ]
14
- },
15
- "LifecycleConfiguration": {
16
- "Rules": [
17
- {
18
- "Status": "Enabled",
19
- "Transitions": [
20
- {
21
- "StorageClass": "GLACIER",
22
- "TransitionInDays": 7
23
- }
24
- ]
25
- }
26
- ]
27
- },
28
- "PublicAccessBlockConfiguration": {
29
- "BlockPublicAcls": true,
30
- "BlockPublicPolicy": true,
31
- "IgnorePublicAcls": true,
32
- "RestrictPublicBuckets": true
33
- },
34
- "Tags": [
35
- {
36
- "Key": "aws-cdk:auto-delete-objects",
37
- "Value": "true"
38
- }
39
- ],
40
- "VersioningConfiguration": {
41
- "Status": "Enabled"
42
- }
43
- },
44
- "UpdateReplacePolicy": "Delete",
45
- "DeletionPolicy": "Delete",
46
- "Metadata": {
47
- "cfn_nag": {
48
- "rules_to_suppress": [
49
- {
50
- "id": "W35",
51
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
52
- }
53
- ]
54
- }
55
- }
56
- },
57
- "testcloudfronts3S3LoggingBucketPolicy529D4CFF": {
58
- "Type": "AWS::S3::BucketPolicy",
59
- "Properties": {
60
- "Bucket": {
61
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
62
- },
63
- "PolicyDocument": {
64
- "Statement": [
65
- {
66
- "Action": "s3:*",
67
- "Condition": {
68
- "Bool": {
69
- "aws:SecureTransport": "false"
70
- }
71
- },
72
- "Effect": "Deny",
73
- "Principal": {
74
- "AWS": "*"
75
- },
76
- "Resource": [
77
- {
78
- "Fn::GetAtt": [
79
- "testcloudfronts3S3LoggingBucket90D239DD",
80
- "Arn"
81
- ]
82
- },
83
- {
84
- "Fn::Join": [
85
- "",
86
- [
87
- {
88
- "Fn::GetAtt": [
89
- "testcloudfronts3S3LoggingBucket90D239DD",
90
- "Arn"
91
- ]
92
- },
93
- "/*"
94
- ]
95
- ]
96
- }
97
- ]
98
- },
99
- {
100
- "Action": [
101
- "s3:PutBucketPolicy",
102
- "s3:GetBucket*",
103
- "s3:List*",
104
- "s3:DeleteObject*"
105
- ],
106
- "Effect": "Allow",
107
- "Principal": {
108
- "AWS": {
109
- "Fn::GetAtt": [
110
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
111
- "Arn"
112
- ]
113
- }
114
- },
115
- "Resource": [
116
- {
117
- "Fn::GetAtt": [
118
- "testcloudfronts3S3LoggingBucket90D239DD",
119
- "Arn"
120
- ]
121
- },
122
- {
123
- "Fn::Join": [
124
- "",
125
- [
126
- {
127
- "Fn::GetAtt": [
128
- "testcloudfronts3S3LoggingBucket90D239DD",
129
- "Arn"
130
- ]
131
- },
132
- "/*"
133
- ]
134
- ]
135
- }
136
- ]
137
- },
138
- {
139
- "Action": "s3:PutObject",
140
- "Condition": {
141
- "ArnLike": {
142
- "aws:SourceArn": {
143
- "Fn::GetAtt": [
144
- "testcloudfronts3S3BucketE0C5F76E",
145
- "Arn"
146
- ]
147
- }
148
- },
149
- "StringEquals": {
150
- "aws:SourceAccount": {
151
- "Ref": "AWS::AccountId"
152
- }
153
- }
154
- },
155
- "Effect": "Allow",
156
- "Principal": {
157
- "Service": "logging.s3.amazonaws.com"
158
- },
159
- "Resource": {
160
- "Fn::Join": [
161
- "",
162
- [
163
- {
164
- "Fn::GetAtt": [
165
- "testcloudfronts3S3LoggingBucket90D239DD",
166
- "Arn"
167
- ]
168
- },
169
- "/*"
170
- ]
171
- ]
172
- }
173
- }
174
- ],
175
- "Version": "2012-10-17"
176
- }
177
- }
178
- },
179
- "testcloudfronts3S3LoggingBucketAutoDeleteObjectsCustomResource6EE37727": {
180
- "Type": "Custom::S3AutoDeleteObjects",
181
- "Properties": {
182
- "ServiceToken": {
183
- "Fn::GetAtt": [
184
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
185
- "Arn"
186
- ]
187
- },
188
- "BucketName": {
189
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
190
- }
191
- },
192
- "DependsOn": [
193
- "testcloudfronts3S3LoggingBucketPolicy529D4CFF"
194
- ],
195
- "UpdateReplacePolicy": "Delete",
196
- "DeletionPolicy": "Delete"
197
- },
198
- "testcloudfronts3S3BucketE0C5F76E": {
199
- "Type": "AWS::S3::Bucket",
200
- "Properties": {
201
- "BucketEncryption": {
202
- "ServerSideEncryptionConfiguration": [
203
- {
204
- "ServerSideEncryptionByDefault": {
205
- "SSEAlgorithm": "AES256"
206
- }
207
- }
208
- ]
209
- },
210
- "LifecycleConfiguration": {
211
- "Rules": [
212
- {
213
- "NoncurrentVersionTransitions": [
214
- {
215
- "StorageClass": "GLACIER",
216
- "TransitionInDays": 90
217
- }
218
- ],
219
- "Status": "Enabled"
220
- }
221
- ]
222
- },
223
- "LoggingConfiguration": {
224
- "DestinationBucketName": {
225
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
226
- }
227
- },
228
- "PublicAccessBlockConfiguration": {
229
- "BlockPublicAcls": true,
230
- "BlockPublicPolicy": true,
231
- "IgnorePublicAcls": true,
232
- "RestrictPublicBuckets": true
233
- },
234
- "Tags": [
235
- {
236
- "Key": "aws-cdk:auto-delete-objects",
237
- "Value": "true"
238
- }
239
- ],
240
- "VersioningConfiguration": {
241
- "Status": "Enabled"
242
- }
243
- },
244
- "UpdateReplacePolicy": "Delete",
245
- "DeletionPolicy": "Delete"
246
- },
247
- "testcloudfronts3S3BucketPolicy250F1F61": {
248
- "Type": "AWS::S3::BucketPolicy",
249
- "Properties": {
250
- "Bucket": {
251
- "Ref": "testcloudfronts3S3BucketE0C5F76E"
252
- },
253
- "PolicyDocument": {
254
- "Statement": [
255
- {
256
- "Action": "s3:*",
257
- "Condition": {
258
- "Bool": {
259
- "aws:SecureTransport": "false"
260
- }
261
- },
262
- "Effect": "Deny",
263
- "Principal": {
264
- "AWS": "*"
265
- },
266
- "Resource": [
267
- {
268
- "Fn::GetAtt": [
269
- "testcloudfronts3S3BucketE0C5F76E",
270
- "Arn"
271
- ]
272
- },
273
- {
274
- "Fn::Join": [
275
- "",
276
- [
277
- {
278
- "Fn::GetAtt": [
279
- "testcloudfronts3S3BucketE0C5F76E",
280
- "Arn"
281
- ]
282
- },
283
- "/*"
284
- ]
285
- ]
286
- }
287
- ]
288
- },
289
- {
290
- "Action": [
291
- "s3:PutBucketPolicy",
292
- "s3:GetBucket*",
293
- "s3:List*",
294
- "s3:DeleteObject*"
295
- ],
296
- "Effect": "Allow",
297
- "Principal": {
298
- "AWS": {
299
- "Fn::GetAtt": [
300
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
301
- "Arn"
302
- ]
303
- }
304
- },
305
- "Resource": [
306
- {
307
- "Fn::GetAtt": [
308
- "testcloudfronts3S3BucketE0C5F76E",
309
- "Arn"
310
- ]
311
- },
312
- {
313
- "Fn::Join": [
314
- "",
315
- [
316
- {
317
- "Fn::GetAtt": [
318
- "testcloudfronts3S3BucketE0C5F76E",
319
- "Arn"
320
- ]
321
- },
322
- "/*"
323
- ]
324
- ]
325
- }
326
- ]
327
- },
328
- {
329
- "Action": "s3:GetObject",
330
- "Condition": {
331
- "StringEquals": {
332
- "AWS:SourceArn": {
333
- "Fn::Join": [
334
- "",
335
- [
336
- "arn:aws:cloudfront::",
337
- {
338
- "Ref": "AWS::AccountId"
339
- },
340
- ":distribution/",
341
- {
342
- "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
343
- }
344
- ]
345
- ]
346
- }
347
- }
348
- },
349
- "Effect": "Allow",
350
- "Principal": {
351
- "Service": "cloudfront.amazonaws.com"
352
- },
353
- "Resource": {
354
- "Fn::Join": [
355
- "",
356
- [
357
- {
358
- "Fn::GetAtt": [
359
- "testcloudfronts3S3BucketE0C5F76E",
360
- "Arn"
361
- ]
362
- },
363
- "/*"
364
- ]
365
- ]
366
- }
367
- }
368
- ],
369
- "Version": "2012-10-17"
370
- }
371
- },
372
- "Metadata": {
373
- "cfn_nag": {
374
- "rules_to_suppress": [
375
- {
376
- "id": "F16",
377
- "reason": "Public website bucket policy requires a wildcard principal"
378
- }
379
- ]
380
- }
381
- }
382
- },
383
- "testcloudfronts3S3BucketAutoDeleteObjectsCustomResourceA13DD8F7": {
384
- "Type": "Custom::S3AutoDeleteObjects",
385
- "Properties": {
386
- "ServiceToken": {
387
- "Fn::GetAtt": [
388
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
389
- "Arn"
390
- ]
391
- },
392
- "BucketName": {
393
- "Ref": "testcloudfronts3S3BucketE0C5F76E"
394
- }
395
- },
396
- "DependsOn": [
397
- "testcloudfronts3S3BucketPolicy250F1F61"
398
- ],
399
- "UpdateReplacePolicy": "Delete",
400
- "DeletionPolicy": "Delete"
401
- },
402
- "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
403
- "Type": "AWS::CloudFront::Function",
404
- "Properties": {
405
- "AutoPublish": true,
406
- "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
407
- "FunctionConfig": {
408
- "Comment": "SetHttpSecurityHeadersc844fcbc00f82925aea73bcda195f6b5551bdcf3d4",
409
- "Runtime": "cloudfront-js-1.0"
410
- },
411
- "Name": "SetHttpSecurityHeadersc844fcbc00f82925aea73bcda195f6b5551bdcf3d4"
412
- }
413
- },
414
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
415
- "Type": "AWS::S3::Bucket",
416
- "Properties": {
417
- "BucketEncryption": {
418
- "ServerSideEncryptionConfiguration": [
419
- {
420
- "ServerSideEncryptionByDefault": {
421
- "SSEAlgorithm": "AES256"
422
- }
423
- }
424
- ]
425
- },
426
- "LifecycleConfiguration": {
427
- "Rules": [
428
- {
429
- "Status": "Enabled",
430
- "Transitions": [
431
- {
432
- "StorageClass": "GLACIER",
433
- "TransitionInDays": 7
434
- }
435
- ]
436
- }
437
- ]
438
- },
439
- "OwnershipControls": {
440
- "Rules": [
441
- {
442
- "ObjectOwnership": "ObjectWriter"
443
- }
444
- ]
445
- },
446
- "PublicAccessBlockConfiguration": {
447
- "BlockPublicAcls": true,
448
- "BlockPublicPolicy": true,
449
- "IgnorePublicAcls": true,
450
- "RestrictPublicBuckets": true
451
- },
452
- "Tags": [
453
- {
454
- "Key": "aws-cdk:auto-delete-objects",
455
- "Value": "true"
456
- }
457
- ],
458
- "VersioningConfiguration": {
459
- "Status": "Enabled"
460
- }
461
- },
462
- "UpdateReplacePolicy": "Delete",
463
- "DeletionPolicy": "Delete",
464
- "Metadata": {
465
- "cfn_nag": {
466
- "rules_to_suppress": [
467
- {
468
- "id": "W35",
469
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
470
- }
471
- ]
472
- }
473
- }
474
- },
475
- "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
476
- "Type": "AWS::S3::BucketPolicy",
477
- "Properties": {
478
- "Bucket": {
479
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
480
- },
481
- "PolicyDocument": {
482
- "Statement": [
483
- {
484
- "Action": "s3:*",
485
- "Condition": {
486
- "Bool": {
487
- "aws:SecureTransport": "false"
488
- }
489
- },
490
- "Effect": "Deny",
491
- "Principal": {
492
- "AWS": "*"
493
- },
494
- "Resource": [
495
- {
496
- "Fn::GetAtt": [
497
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
498
- "Arn"
499
- ]
500
- },
501
- {
502
- "Fn::Join": [
503
- "",
504
- [
505
- {
506
- "Fn::GetAtt": [
507
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
508
- "Arn"
509
- ]
510
- },
511
- "/*"
512
- ]
513
- ]
514
- }
515
- ]
516
- },
517
- {
518
- "Action": [
519
- "s3:PutBucketPolicy",
520
- "s3:GetBucket*",
521
- "s3:List*",
522
- "s3:DeleteObject*"
523
- ],
524
- "Effect": "Allow",
525
- "Principal": {
526
- "AWS": {
527
- "Fn::GetAtt": [
528
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
529
- "Arn"
530
- ]
531
- }
532
- },
533
- "Resource": [
534
- {
535
- "Fn::GetAtt": [
536
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
537
- "Arn"
538
- ]
539
- },
540
- {
541
- "Fn::Join": [
542
- "",
543
- [
544
- {
545
- "Fn::GetAtt": [
546
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
547
- "Arn"
548
- ]
549
- },
550
- "/*"
551
- ]
552
- ]
553
- }
554
- ]
555
- },
556
- {
557
- "Action": "s3:PutObject",
558
- "Condition": {
559
- "ArnLike": {
560
- "aws:SourceArn": {
561
- "Fn::GetAtt": [
562
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
563
- "Arn"
564
- ]
565
- }
566
- },
567
- "StringEquals": {
568
- "aws:SourceAccount": {
569
- "Ref": "AWS::AccountId"
570
- }
571
- }
572
- },
573
- "Effect": "Allow",
574
- "Principal": {
575
- "Service": "logging.s3.amazonaws.com"
576
- },
577
- "Resource": {
578
- "Fn::Join": [
579
- "",
580
- [
581
- {
582
- "Fn::GetAtt": [
583
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
584
- "Arn"
585
- ]
586
- },
587
- "/*"
588
- ]
589
- ]
590
- }
591
- }
592
- ],
593
- "Version": "2012-10-17"
594
- }
595
- }
596
- },
597
- "testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
598
- "Type": "Custom::S3AutoDeleteObjects",
599
- "Properties": {
600
- "ServiceToken": {
601
- "Fn::GetAtt": [
602
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
603
- "Arn"
604
- ]
605
- },
606
- "BucketName": {
607
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
608
- }
609
- },
610
- "DependsOn": [
611
- "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
612
- ],
613
- "UpdateReplacePolicy": "Delete",
614
- "DeletionPolicy": "Delete"
615
- },
616
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
617
- "Type": "AWS::S3::Bucket",
618
- "Properties": {
619
- "AccessControl": "LogDeliveryWrite",
620
- "BucketEncryption": {
621
- "ServerSideEncryptionConfiguration": [
622
- {
623
- "ServerSideEncryptionByDefault": {
624
- "SSEAlgorithm": "AES256"
625
- }
626
- }
627
- ]
628
- },
629
- "LifecycleConfiguration": {
630
- "Rules": [
631
- {
632
- "Status": "Enabled",
633
- "Transitions": [
634
- {
635
- "StorageClass": "GLACIER",
636
- "TransitionInDays": 7
637
- }
638
- ]
639
- }
640
- ]
641
- },
642
- "LoggingConfiguration": {
643
- "DestinationBucketName": {
644
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
645
- }
646
- },
647
- "OwnershipControls": {
648
- "Rules": [
649
- {
650
- "ObjectOwnership": "ObjectWriter"
651
- }
652
- ]
653
- },
654
- "PublicAccessBlockConfiguration": {
655
- "BlockPublicAcls": true,
656
- "BlockPublicPolicy": true,
657
- "IgnorePublicAcls": true,
658
- "RestrictPublicBuckets": true
659
- },
660
- "Tags": [
661
- {
662
- "Key": "aws-cdk:auto-delete-objects",
663
- "Value": "true"
664
- }
665
- ],
666
- "VersioningConfiguration": {
667
- "Status": "Enabled"
668
- }
669
- },
670
- "UpdateReplacePolicy": "Delete",
671
- "DeletionPolicy": "Delete"
672
- },
673
- "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
674
- "Type": "AWS::S3::BucketPolicy",
675
- "Properties": {
676
- "Bucket": {
677
- "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
678
- },
679
- "PolicyDocument": {
680
- "Statement": [
681
- {
682
- "Action": "s3:*",
683
- "Condition": {
684
- "Bool": {
685
- "aws:SecureTransport": "false"
686
- }
687
- },
688
- "Effect": "Deny",
689
- "Principal": {
690
- "AWS": "*"
691
- },
692
- "Resource": [
693
- {
694
- "Fn::GetAtt": [
695
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
696
- "Arn"
697
- ]
698
- },
699
- {
700
- "Fn::Join": [
701
- "",
702
- [
703
- {
704
- "Fn::GetAtt": [
705
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
706
- "Arn"
707
- ]
708
- },
709
- "/*"
710
- ]
711
- ]
712
- }
713
- ]
714
- },
715
- {
716
- "Action": [
717
- "s3:PutBucketPolicy",
718
- "s3:GetBucket*",
719
- "s3:List*",
720
- "s3:DeleteObject*"
721
- ],
722
- "Effect": "Allow",
723
- "Principal": {
724
- "AWS": {
725
- "Fn::GetAtt": [
726
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
727
- "Arn"
728
- ]
729
- }
730
- },
731
- "Resource": [
732
- {
733
- "Fn::GetAtt": [
734
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
735
- "Arn"
736
- ]
737
- },
738
- {
739
- "Fn::Join": [
740
- "",
741
- [
742
- {
743
- "Fn::GetAtt": [
744
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
745
- "Arn"
746
- ]
747
- },
748
- "/*"
749
- ]
750
- ]
751
- }
752
- ]
753
- }
754
- ],
755
- "Version": "2012-10-17"
756
- }
757
- }
758
- },
759
- "testcloudfronts3CloudfrontLoggingBucketAutoDeleteObjectsCustomResource19604D88": {
760
- "Type": "Custom::S3AutoDeleteObjects",
761
- "Properties": {
762
- "ServiceToken": {
763
- "Fn::GetAtt": [
764
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
765
- "Arn"
766
- ]
767
- },
768
- "BucketName": {
769
- "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
770
- }
771
- },
772
- "DependsOn": [
773
- "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B"
774
- ],
775
- "UpdateReplacePolicy": "Delete",
776
- "DeletionPolicy": "Delete"
777
- },
778
- "testcloudfronts3CloudFrontOac7A951AA6": {
779
- "Type": "AWS::CloudFront::OriginAccessControl",
780
- "Properties": {
781
- "OriginAccessControlConfig": {
782
- "Description": "Origin access control provisioned by aws-cloudfront-s3",
783
- "Name": {
784
- "Fn::Join": [
785
- "",
786
- [
787
- "aws-cloudfront-s3-testnt-s3-",
788
- {
789
- "Fn::Select": [
790
- 2,
791
- {
792
- "Fn::Split": [
793
- "/",
794
- {
795
- "Ref": "AWS::StackId"
796
- }
797
- ]
798
- }
799
- ]
800
- }
801
- ]
802
- ]
803
- },
804
- "OriginAccessControlOriginType": "s3",
805
- "SigningBehavior": "always",
806
- "SigningProtocol": "sigv4"
807
- }
808
- }
809
- },
810
- "testcloudfronts3CloudFrontDistribution0565DEE8": {
811
- "Type": "AWS::CloudFront::Distribution",
812
- "Properties": {
813
- "DistributionConfig": {
814
- "DefaultCacheBehavior": {
815
- "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
816
- "Compress": true,
817
- "FunctionAssociations": [
818
- {
819
- "EventType": "viewer-response",
820
- "FunctionARN": {
821
- "Fn::GetAtt": [
822
- "testcloudfronts3SetHttpSecurityHeaders6C5A1E69",
823
- "FunctionARN"
824
- ]
825
- }
826
- }
827
- ],
828
- "TargetOriginId": "cfts3customLoggingBucketstestcloudfronts3CloudFrontDistributionOrigin1BBEA7E26",
829
- "ViewerProtocolPolicy": "redirect-to-https"
830
- },
831
- "DefaultRootObject": "index.html",
832
- "Enabled": true,
833
- "HttpVersion": "http2",
834
- "IPV6Enabled": true,
835
- "Logging": {
836
- "Bucket": {
837
- "Fn::GetAtt": [
838
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
839
- "RegionalDomainName"
840
- ]
841
- }
842
- },
843
- "Origins": [
844
- {
845
- "DomainName": {
846
- "Fn::GetAtt": [
847
- "testcloudfronts3S3BucketE0C5F76E",
848
- "RegionalDomainName"
849
- ]
850
- },
851
- "Id": "cfts3customLoggingBucketstestcloudfronts3CloudFrontDistributionOrigin1BBEA7E26",
852
- "OriginAccessControlId": {
853
- "Fn::GetAtt": [
854
- "testcloudfronts3CloudFrontOac7A951AA6",
855
- "Id"
856
- ]
857
- },
858
- "S3OriginConfig": {
859
- "OriginAccessIdentity": ""
860
- }
861
- }
862
- ]
863
- }
864
- },
865
- "Metadata": {
866
- "cfn_nag": {
867
- "rules_to_suppress": [
868
- {
869
- "id": "W70",
870
- "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
871
- }
872
- ]
873
- }
874
- }
875
- },
876
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
877
- "Type": "AWS::IAM::Role",
878
- "Properties": {
879
- "AssumeRolePolicyDocument": {
880
- "Version": "2012-10-17",
881
- "Statement": [
882
- {
883
- "Action": "sts:AssumeRole",
884
- "Effect": "Allow",
885
- "Principal": {
886
- "Service": "lambda.amazonaws.com"
887
- }
888
- }
889
- ]
890
- },
891
- "ManagedPolicyArns": [
892
- {
893
- "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
894
- }
895
- ]
896
- }
897
- },
898
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
899
- "Type": "AWS::Lambda::Function",
900
- "Properties": {
901
- "Code": {
902
- "S3Bucket": {
903
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
904
- },
905
- "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
906
- },
907
- "Timeout": 900,
908
- "MemorySize": 128,
909
- "Handler": "index.handler",
910
- "Role": {
911
- "Fn::GetAtt": [
912
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
913
- "Arn"
914
- ]
915
- },
916
- "Runtime": "nodejs18.x",
917
- "Description": {
918
- "Fn::Join": [
919
- "",
920
- [
921
- "Lambda function for auto-deleting objects in ",
922
- {
923
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
924
- },
925
- " S3 bucket."
926
- ]
927
- ]
928
- }
929
- },
930
- "DependsOn": [
931
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
932
- ],
933
- "Metadata": {
934
- "cfn_nag": {
935
- "rules_to_suppress": [
936
- {
937
- "id": "W58",
938
- "reason": "CDK generated custom resource"
939
- },
940
- {
941
- "id": "W89",
942
- "reason": "CDK generated custom resource"
943
- },
944
- {
945
- "id": "W92",
946
- "reason": "CDK generated custom resource"
947
- }
948
- ]
949
- }
950
- }
951
- }
952
- },
953
- "Parameters": {
954
- "BootstrapVersion": {
955
- "Type": "AWS::SSM::Parameter::Value<String>",
956
- "Default": "/cdk-bootstrap/hnb659fds/version",
957
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
958
- }
959
- },
960
- "Rules": {
961
- "CheckBootstrapVersion": {
962
- "Assertions": [
963
- {
964
- "Assert": {
965
- "Fn::Not": [
966
- {
967
- "Fn::Contains": [
968
- [
969
- "1",
970
- "2",
971
- "3",
972
- "4",
973
- "5"
974
- ],
975
- {
976
- "Ref": "BootstrapVersion"
977
- }
978
- ]
979
- }
980
- ]
981
- },
982
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
983
- }
984
- ]
985
- }
986
- }
987
- }