@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -0,0 +1,1014 @@
1
+ {
2
+ "Resources": {
3
+ "scrapBucketLog7B53B25C": {
4
+ "Type": "AWS::S3::Bucket",
5
+ "Properties": {
6
+ "BucketEncryption": {
7
+ "ServerSideEncryptionConfiguration": [
8
+ {
9
+ "ServerSideEncryptionByDefault": {
10
+ "SSEAlgorithm": "AES256"
11
+ }
12
+ }
13
+ ]
14
+ },
15
+ "Tags": [
16
+ {
17
+ "Key": "aws-cdk:auto-delete-objects",
18
+ "Value": "true"
19
+ }
20
+ ],
21
+ "VersioningConfiguration": {
22
+ "Status": "Enabled"
23
+ }
24
+ },
25
+ "UpdateReplacePolicy": "Delete",
26
+ "DeletionPolicy": "Delete",
27
+ "Metadata": {
28
+ "cfn_nag": {
29
+ "rules_to_suppress": [
30
+ {
31
+ "id": "W35",
32
+ "reason": "This is a log bucket"
33
+ }
34
+ ]
35
+ }
36
+ }
37
+ },
38
+ "scrapBucketLogPolicy2972C573": {
39
+ "Type": "AWS::S3::BucketPolicy",
40
+ "Properties": {
41
+ "Bucket": {
42
+ "Ref": "scrapBucketLog7B53B25C"
43
+ },
44
+ "PolicyDocument": {
45
+ "Statement": [
46
+ {
47
+ "Action": "s3:*",
48
+ "Condition": {
49
+ "Bool": {
50
+ "aws:SecureTransport": "false"
51
+ }
52
+ },
53
+ "Effect": "Deny",
54
+ "Principal": {
55
+ "AWS": "*"
56
+ },
57
+ "Resource": [
58
+ {
59
+ "Fn::GetAtt": [
60
+ "scrapBucketLog7B53B25C",
61
+ "Arn"
62
+ ]
63
+ },
64
+ {
65
+ "Fn::Join": [
66
+ "",
67
+ [
68
+ {
69
+ "Fn::GetAtt": [
70
+ "scrapBucketLog7B53B25C",
71
+ "Arn"
72
+ ]
73
+ },
74
+ "/*"
75
+ ]
76
+ ]
77
+ }
78
+ ]
79
+ },
80
+ {
81
+ "Action": [
82
+ "s3:DeleteObject*",
83
+ "s3:GetBucket*",
84
+ "s3:List*",
85
+ "s3:PutBucketPolicy"
86
+ ],
87
+ "Effect": "Allow",
88
+ "Principal": {
89
+ "AWS": {
90
+ "Fn::GetAtt": [
91
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
92
+ "Arn"
93
+ ]
94
+ }
95
+ },
96
+ "Resource": [
97
+ {
98
+ "Fn::GetAtt": [
99
+ "scrapBucketLog7B53B25C",
100
+ "Arn"
101
+ ]
102
+ },
103
+ {
104
+ "Fn::Join": [
105
+ "",
106
+ [
107
+ {
108
+ "Fn::GetAtt": [
109
+ "scrapBucketLog7B53B25C",
110
+ "Arn"
111
+ ]
112
+ },
113
+ "/*"
114
+ ]
115
+ ]
116
+ }
117
+ ]
118
+ },
119
+ {
120
+ "Action": "s3:PutObject",
121
+ "Condition": {
122
+ "ArnLike": {
123
+ "aws:SourceArn": {
124
+ "Fn::GetAtt": [
125
+ "scrapBucketB11863B7",
126
+ "Arn"
127
+ ]
128
+ }
129
+ },
130
+ "StringEquals": {
131
+ "aws:SourceAccount": {
132
+ "Ref": "AWS::AccountId"
133
+ }
134
+ }
135
+ },
136
+ "Effect": "Allow",
137
+ "Principal": {
138
+ "Service": "logging.s3.amazonaws.com"
139
+ },
140
+ "Resource": {
141
+ "Fn::Join": [
142
+ "",
143
+ [
144
+ {
145
+ "Fn::GetAtt": [
146
+ "scrapBucketLog7B53B25C",
147
+ "Arn"
148
+ ]
149
+ },
150
+ "/*"
151
+ ]
152
+ ]
153
+ }
154
+ }
155
+ ],
156
+ "Version": "2012-10-17"
157
+ }
158
+ }
159
+ },
160
+ "scrapBucketLogAutoDeleteObjectsCustomResource307F3D47": {
161
+ "Type": "Custom::S3AutoDeleteObjects",
162
+ "Properties": {
163
+ "ServiceToken": {
164
+ "Fn::GetAtt": [
165
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
166
+ "Arn"
167
+ ]
168
+ },
169
+ "BucketName": {
170
+ "Ref": "scrapBucketLog7B53B25C"
171
+ }
172
+ },
173
+ "DependsOn": [
174
+ "scrapBucketLogPolicy2972C573"
175
+ ],
176
+ "UpdateReplacePolicy": "Delete",
177
+ "DeletionPolicy": "Delete"
178
+ },
179
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
180
+ "Type": "AWS::IAM::Role",
181
+ "Properties": {
182
+ "AssumeRolePolicyDocument": {
183
+ "Version": "2012-10-17",
184
+ "Statement": [
185
+ {
186
+ "Action": "sts:AssumeRole",
187
+ "Effect": "Allow",
188
+ "Principal": {
189
+ "Service": "lambda.amazonaws.com"
190
+ }
191
+ }
192
+ ]
193
+ },
194
+ "ManagedPolicyArns": [
195
+ {
196
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
197
+ }
198
+ ]
199
+ }
200
+ },
201
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
202
+ "Type": "AWS::Lambda::Function",
203
+ "Properties": {
204
+ "Code": {
205
+ "S3Bucket": {
206
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
207
+ },
208
+ "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
209
+ },
210
+ "Timeout": 900,
211
+ "MemorySize": 128,
212
+ "Handler": "index.handler",
213
+ "Role": {
214
+ "Fn::GetAtt": [
215
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
216
+ "Arn"
217
+ ]
218
+ },
219
+ "Runtime": "nodejs18.x",
220
+ "Description": {
221
+ "Fn::Join": [
222
+ "",
223
+ [
224
+ "Lambda function for auto-deleting objects in ",
225
+ {
226
+ "Ref": "scrapBucketLog7B53B25C"
227
+ },
228
+ " S3 bucket."
229
+ ]
230
+ ]
231
+ }
232
+ },
233
+ "DependsOn": [
234
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
235
+ ],
236
+ "Metadata": {
237
+ "cfn_nag": {
238
+ "rules_to_suppress": [
239
+ {
240
+ "id": "W58",
241
+ "reason": "CDK generated custom resource"
242
+ },
243
+ {
244
+ "id": "W89",
245
+ "reason": "CDK generated custom resource"
246
+ },
247
+ {
248
+ "id": "W92",
249
+ "reason": "CDK generated custom resource"
250
+ }
251
+ ]
252
+ }
253
+ }
254
+ },
255
+ "scrapBucketB11863B7": {
256
+ "Type": "AWS::S3::Bucket",
257
+ "Properties": {
258
+ "BucketEncryption": {
259
+ "ServerSideEncryptionConfiguration": [
260
+ {
261
+ "ServerSideEncryptionByDefault": {
262
+ "SSEAlgorithm": "AES256"
263
+ }
264
+ }
265
+ ]
266
+ },
267
+ "LoggingConfiguration": {
268
+ "DestinationBucketName": {
269
+ "Ref": "scrapBucketLog7B53B25C"
270
+ }
271
+ },
272
+ "Tags": [
273
+ {
274
+ "Key": "aws-cdk:auto-delete-objects",
275
+ "Value": "true"
276
+ }
277
+ ],
278
+ "VersioningConfiguration": {
279
+ "Status": "Enabled"
280
+ }
281
+ },
282
+ "UpdateReplacePolicy": "Delete",
283
+ "DeletionPolicy": "Delete"
284
+ },
285
+ "scrapBucketPolicy189B0607": {
286
+ "Type": "AWS::S3::BucketPolicy",
287
+ "Properties": {
288
+ "Bucket": {
289
+ "Ref": "scrapBucketB11863B7"
290
+ },
291
+ "PolicyDocument": {
292
+ "Statement": [
293
+ {
294
+ "Action": "s3:*",
295
+ "Condition": {
296
+ "Bool": {
297
+ "aws:SecureTransport": "false"
298
+ }
299
+ },
300
+ "Effect": "Deny",
301
+ "Principal": {
302
+ "AWS": "*"
303
+ },
304
+ "Resource": [
305
+ {
306
+ "Fn::GetAtt": [
307
+ "scrapBucketB11863B7",
308
+ "Arn"
309
+ ]
310
+ },
311
+ {
312
+ "Fn::Join": [
313
+ "",
314
+ [
315
+ {
316
+ "Fn::GetAtt": [
317
+ "scrapBucketB11863B7",
318
+ "Arn"
319
+ ]
320
+ },
321
+ "/*"
322
+ ]
323
+ ]
324
+ }
325
+ ]
326
+ },
327
+ {
328
+ "Action": [
329
+ "s3:DeleteObject*",
330
+ "s3:GetBucket*",
331
+ "s3:List*",
332
+ "s3:PutBucketPolicy"
333
+ ],
334
+ "Effect": "Allow",
335
+ "Principal": {
336
+ "AWS": {
337
+ "Fn::GetAtt": [
338
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
339
+ "Arn"
340
+ ]
341
+ }
342
+ },
343
+ "Resource": [
344
+ {
345
+ "Fn::GetAtt": [
346
+ "scrapBucketB11863B7",
347
+ "Arn"
348
+ ]
349
+ },
350
+ {
351
+ "Fn::Join": [
352
+ "",
353
+ [
354
+ {
355
+ "Fn::GetAtt": [
356
+ "scrapBucketB11863B7",
357
+ "Arn"
358
+ ]
359
+ },
360
+ "/*"
361
+ ]
362
+ ]
363
+ }
364
+ ]
365
+ },
366
+ {
367
+ "Action": "s3:GetObject",
368
+ "Condition": {
369
+ "StringEquals": {
370
+ "AWS:SourceArn": {
371
+ "Fn::Join": [
372
+ "",
373
+ [
374
+ "arn:aws:cloudfront::",
375
+ {
376
+ "Ref": "AWS::AccountId"
377
+ },
378
+ ":distribution/",
379
+ {
380
+ "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
381
+ }
382
+ ]
383
+ ]
384
+ }
385
+ }
386
+ },
387
+ "Effect": "Allow",
388
+ "Principal": {
389
+ "Service": "cloudfront.amazonaws.com"
390
+ },
391
+ "Resource": {
392
+ "Fn::Join": [
393
+ "",
394
+ [
395
+ {
396
+ "Fn::GetAtt": [
397
+ "scrapBucketB11863B7",
398
+ "Arn"
399
+ ]
400
+ },
401
+ "/*"
402
+ ]
403
+ ]
404
+ }
405
+ },
406
+ {
407
+ "Action": "s3:GetObject",
408
+ "Effect": "Allow",
409
+ "Principal": {
410
+ "CanonicalUser": {
411
+ "Fn::GetAtt": [
412
+ "testcloudfronts3CloudFrontDistributionOrigin2S3OriginC54B5C65",
413
+ "S3CanonicalUserId"
414
+ ]
415
+ }
416
+ },
417
+ "Resource": {
418
+ "Fn::Join": [
419
+ "",
420
+ [
421
+ {
422
+ "Fn::GetAtt": [
423
+ "scrapBucketB11863B7",
424
+ "Arn"
425
+ ]
426
+ },
427
+ "/*"
428
+ ]
429
+ ]
430
+ }
431
+ }
432
+ ],
433
+ "Version": "2012-10-17"
434
+ }
435
+ },
436
+ "Metadata": {
437
+ "cfn_nag": {
438
+ "rules_to_suppress": [
439
+ {
440
+ "id": "F16",
441
+ "reason": "Public website bucket policy requires a wildcard principal"
442
+ }
443
+ ]
444
+ }
445
+ }
446
+ },
447
+ "scrapBucketAutoDeleteObjectsCustomResourceFFFC3275": {
448
+ "Type": "Custom::S3AutoDeleteObjects",
449
+ "Properties": {
450
+ "ServiceToken": {
451
+ "Fn::GetAtt": [
452
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
453
+ "Arn"
454
+ ]
455
+ },
456
+ "BucketName": {
457
+ "Ref": "scrapBucketB11863B7"
458
+ }
459
+ },
460
+ "DependsOn": [
461
+ "scrapBucketPolicy189B0607"
462
+ ],
463
+ "UpdateReplacePolicy": "Delete",
464
+ "DeletionPolicy": "Delete"
465
+ },
466
+ "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
467
+ "Type": "AWS::CloudFront::Function",
468
+ "Properties": {
469
+ "AutoPublish": true,
470
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
471
+ "FunctionConfig": {
472
+ "Comment": "SetHttpSecurityHeadersc8321a2c9fa54d380831d390bfbd7aff27f99fd427",
473
+ "Runtime": "cloudfront-js-1.0"
474
+ },
475
+ "Name": "SetHttpSecurityHeadersc8321a2c9fa54d380831d390bfbd7aff27f99fd427"
476
+ }
477
+ },
478
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
479
+ "Type": "AWS::S3::Bucket",
480
+ "Properties": {
481
+ "BucketEncryption": {
482
+ "ServerSideEncryptionConfiguration": [
483
+ {
484
+ "ServerSideEncryptionByDefault": {
485
+ "SSEAlgorithm": "AES256"
486
+ }
487
+ }
488
+ ]
489
+ },
490
+ "OwnershipControls": {
491
+ "Rules": [
492
+ {
493
+ "ObjectOwnership": "ObjectWriter"
494
+ }
495
+ ]
496
+ },
497
+ "PublicAccessBlockConfiguration": {
498
+ "BlockPublicAcls": true,
499
+ "BlockPublicPolicy": true,
500
+ "IgnorePublicAcls": true,
501
+ "RestrictPublicBuckets": true
502
+ },
503
+ "Tags": [
504
+ {
505
+ "Key": "aws-cdk:auto-delete-objects",
506
+ "Value": "true"
507
+ }
508
+ ],
509
+ "VersioningConfiguration": {
510
+ "Status": "Enabled"
511
+ }
512
+ },
513
+ "UpdateReplacePolicy": "Delete",
514
+ "DeletionPolicy": "Delete",
515
+ "Metadata": {
516
+ "cfn_nag": {
517
+ "rules_to_suppress": [
518
+ {
519
+ "id": "W35",
520
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
521
+ }
522
+ ]
523
+ }
524
+ }
525
+ },
526
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
527
+ "Type": "AWS::S3::BucketPolicy",
528
+ "Properties": {
529
+ "Bucket": {
530
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
531
+ },
532
+ "PolicyDocument": {
533
+ "Statement": [
534
+ {
535
+ "Action": "s3:*",
536
+ "Condition": {
537
+ "Bool": {
538
+ "aws:SecureTransport": "false"
539
+ }
540
+ },
541
+ "Effect": "Deny",
542
+ "Principal": {
543
+ "AWS": "*"
544
+ },
545
+ "Resource": [
546
+ {
547
+ "Fn::GetAtt": [
548
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
549
+ "Arn"
550
+ ]
551
+ },
552
+ {
553
+ "Fn::Join": [
554
+ "",
555
+ [
556
+ {
557
+ "Fn::GetAtt": [
558
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
559
+ "Arn"
560
+ ]
561
+ },
562
+ "/*"
563
+ ]
564
+ ]
565
+ }
566
+ ]
567
+ },
568
+ {
569
+ "Action": [
570
+ "s3:DeleteObject*",
571
+ "s3:GetBucket*",
572
+ "s3:List*",
573
+ "s3:PutBucketPolicy"
574
+ ],
575
+ "Effect": "Allow",
576
+ "Principal": {
577
+ "AWS": {
578
+ "Fn::GetAtt": [
579
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
580
+ "Arn"
581
+ ]
582
+ }
583
+ },
584
+ "Resource": [
585
+ {
586
+ "Fn::GetAtt": [
587
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
588
+ "Arn"
589
+ ]
590
+ },
591
+ {
592
+ "Fn::Join": [
593
+ "",
594
+ [
595
+ {
596
+ "Fn::GetAtt": [
597
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
598
+ "Arn"
599
+ ]
600
+ },
601
+ "/*"
602
+ ]
603
+ ]
604
+ }
605
+ ]
606
+ },
607
+ {
608
+ "Action": "s3:PutObject",
609
+ "Condition": {
610
+ "ArnLike": {
611
+ "aws:SourceArn": {
612
+ "Fn::GetAtt": [
613
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
614
+ "Arn"
615
+ ]
616
+ }
617
+ },
618
+ "StringEquals": {
619
+ "aws:SourceAccount": {
620
+ "Ref": "AWS::AccountId"
621
+ }
622
+ }
623
+ },
624
+ "Effect": "Allow",
625
+ "Principal": {
626
+ "Service": "logging.s3.amazonaws.com"
627
+ },
628
+ "Resource": {
629
+ "Fn::Join": [
630
+ "",
631
+ [
632
+ {
633
+ "Fn::GetAtt": [
634
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
635
+ "Arn"
636
+ ]
637
+ },
638
+ "/*"
639
+ ]
640
+ ]
641
+ }
642
+ }
643
+ ],
644
+ "Version": "2012-10-17"
645
+ }
646
+ }
647
+ },
648
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
649
+ "Type": "Custom::S3AutoDeleteObjects",
650
+ "Properties": {
651
+ "ServiceToken": {
652
+ "Fn::GetAtt": [
653
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
654
+ "Arn"
655
+ ]
656
+ },
657
+ "BucketName": {
658
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
659
+ }
660
+ },
661
+ "DependsOn": [
662
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
663
+ ],
664
+ "UpdateReplacePolicy": "Delete",
665
+ "DeletionPolicy": "Delete"
666
+ },
667
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
668
+ "Type": "AWS::S3::Bucket",
669
+ "Properties": {
670
+ "AccessControl": "LogDeliveryWrite",
671
+ "BucketEncryption": {
672
+ "ServerSideEncryptionConfiguration": [
673
+ {
674
+ "ServerSideEncryptionByDefault": {
675
+ "SSEAlgorithm": "AES256"
676
+ }
677
+ }
678
+ ]
679
+ },
680
+ "LoggingConfiguration": {
681
+ "DestinationBucketName": {
682
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
683
+ }
684
+ },
685
+ "OwnershipControls": {
686
+ "Rules": [
687
+ {
688
+ "ObjectOwnership": "ObjectWriter"
689
+ }
690
+ ]
691
+ },
692
+ "PublicAccessBlockConfiguration": {
693
+ "BlockPublicAcls": true,
694
+ "BlockPublicPolicy": true,
695
+ "IgnorePublicAcls": true,
696
+ "RestrictPublicBuckets": true
697
+ },
698
+ "Tags": [
699
+ {
700
+ "Key": "aws-cdk:auto-delete-objects",
701
+ "Value": "true"
702
+ }
703
+ ],
704
+ "VersioningConfiguration": {
705
+ "Status": "Enabled"
706
+ }
707
+ },
708
+ "UpdateReplacePolicy": "Delete",
709
+ "DeletionPolicy": "Delete"
710
+ },
711
+ "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
712
+ "Type": "AWS::S3::BucketPolicy",
713
+ "Properties": {
714
+ "Bucket": {
715
+ "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
716
+ },
717
+ "PolicyDocument": {
718
+ "Statement": [
719
+ {
720
+ "Action": "s3:*",
721
+ "Condition": {
722
+ "Bool": {
723
+ "aws:SecureTransport": "false"
724
+ }
725
+ },
726
+ "Effect": "Deny",
727
+ "Principal": {
728
+ "AWS": "*"
729
+ },
730
+ "Resource": [
731
+ {
732
+ "Fn::GetAtt": [
733
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
734
+ "Arn"
735
+ ]
736
+ },
737
+ {
738
+ "Fn::Join": [
739
+ "",
740
+ [
741
+ {
742
+ "Fn::GetAtt": [
743
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
744
+ "Arn"
745
+ ]
746
+ },
747
+ "/*"
748
+ ]
749
+ ]
750
+ }
751
+ ]
752
+ },
753
+ {
754
+ "Action": [
755
+ "s3:DeleteObject*",
756
+ "s3:GetBucket*",
757
+ "s3:List*",
758
+ "s3:PutBucketPolicy"
759
+ ],
760
+ "Effect": "Allow",
761
+ "Principal": {
762
+ "AWS": {
763
+ "Fn::GetAtt": [
764
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
765
+ "Arn"
766
+ ]
767
+ }
768
+ },
769
+ "Resource": [
770
+ {
771
+ "Fn::GetAtt": [
772
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
773
+ "Arn"
774
+ ]
775
+ },
776
+ {
777
+ "Fn::Join": [
778
+ "",
779
+ [
780
+ {
781
+ "Fn::GetAtt": [
782
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
783
+ "Arn"
784
+ ]
785
+ },
786
+ "/*"
787
+ ]
788
+ ]
789
+ }
790
+ ]
791
+ }
792
+ ],
793
+ "Version": "2012-10-17"
794
+ }
795
+ }
796
+ },
797
+ "testcloudfronts3CloudfrontLoggingBucketAutoDeleteObjectsCustomResource19604D88": {
798
+ "Type": "Custom::S3AutoDeleteObjects",
799
+ "Properties": {
800
+ "ServiceToken": {
801
+ "Fn::GetAtt": [
802
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
803
+ "Arn"
804
+ ]
805
+ },
806
+ "BucketName": {
807
+ "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
808
+ }
809
+ },
810
+ "DependsOn": [
811
+ "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B"
812
+ ],
813
+ "UpdateReplacePolicy": "Delete",
814
+ "DeletionPolicy": "Delete"
815
+ },
816
+ "testcloudfronts3CloudFrontOac7A951AA6": {
817
+ "Type": "AWS::CloudFront::OriginAccessControl",
818
+ "Properties": {
819
+ "OriginAccessControlConfig": {
820
+ "Description": "Origin access control provisioned by aws-cloudfront-s3",
821
+ "Name": {
822
+ "Fn::Join": [
823
+ "",
824
+ [
825
+ "aws-cloudfront-s3-testnt-s3-",
826
+ {
827
+ "Fn::Select": [
828
+ 2,
829
+ {
830
+ "Fn::Split": [
831
+ "/",
832
+ {
833
+ "Ref": "AWS::StackId"
834
+ }
835
+ ]
836
+ }
837
+ ]
838
+ }
839
+ ]
840
+ ]
841
+ },
842
+ "OriginAccessControlOriginType": "s3",
843
+ "SigningBehavior": "always",
844
+ "SigningProtocol": "sigv4"
845
+ }
846
+ }
847
+ },
848
+ "testcloudfronts3CloudFrontDistribution0565DEE8": {
849
+ "Type": "AWS::CloudFront::Distribution",
850
+ "Properties": {
851
+ "DistributionConfig": {
852
+ "CacheBehaviors": [
853
+ {
854
+ "CachePolicyId": {
855
+ "Ref": "myCachePolicy16CE2FCF"
856
+ },
857
+ "Compress": true,
858
+ "PathPattern": "/images/*.jpg",
859
+ "TargetOriginId": "cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin28690577F",
860
+ "ViewerProtocolPolicy": "allow-all"
861
+ }
862
+ ],
863
+ "DefaultCacheBehavior": {
864
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
865
+ "Compress": true,
866
+ "FunctionAssociations": [
867
+ {
868
+ "EventType": "viewer-response",
869
+ "FunctionARN": {
870
+ "Fn::GetAtt": [
871
+ "testcloudfronts3SetHttpSecurityHeaders6C5A1E69",
872
+ "FunctionARN"
873
+ ]
874
+ }
875
+ }
876
+ ],
877
+ "TargetOriginId": "cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin10617473F",
878
+ "ViewerProtocolPolicy": "redirect-to-https"
879
+ },
880
+ "DefaultRootObject": "index.html",
881
+ "Enabled": true,
882
+ "HttpVersion": "http2",
883
+ "IPV6Enabled": true,
884
+ "Logging": {
885
+ "Bucket": {
886
+ "Fn::GetAtt": [
887
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
888
+ "RegionalDomainName"
889
+ ]
890
+ }
891
+ },
892
+ "Origins": [
893
+ {
894
+ "DomainName": {
895
+ "Fn::GetAtt": [
896
+ "scrapBucketB11863B7",
897
+ "RegionalDomainName"
898
+ ]
899
+ },
900
+ "Id": "cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin10617473F",
901
+ "OriginAccessControlId": {
902
+ "Fn::GetAtt": [
903
+ "testcloudfronts3CloudFrontOac7A951AA6",
904
+ "Id"
905
+ ]
906
+ },
907
+ "S3OriginConfig": {
908
+ "OriginAccessIdentity": ""
909
+ }
910
+ },
911
+ {
912
+ "DomainName": {
913
+ "Fn::GetAtt": [
914
+ "scrapBucketB11863B7",
915
+ "RegionalDomainName"
916
+ ]
917
+ },
918
+ "Id": "cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin28690577F",
919
+ "S3OriginConfig": {
920
+ "OriginAccessIdentity": {
921
+ "Fn::Join": [
922
+ "",
923
+ [
924
+ "origin-access-identity/cloudfront/",
925
+ {
926
+ "Ref": "testcloudfronts3CloudFrontDistributionOrigin2S3OriginC54B5C65"
927
+ }
928
+ ]
929
+ ]
930
+ }
931
+ }
932
+ }
933
+ ]
934
+ }
935
+ },
936
+ "Metadata": {
937
+ "cfn_nag": {
938
+ "rules_to_suppress": [
939
+ {
940
+ "id": "W70",
941
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
942
+ }
943
+ ]
944
+ }
945
+ }
946
+ },
947
+ "testcloudfronts3CloudFrontDistributionOrigin2S3OriginC54B5C65": {
948
+ "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
949
+ "Properties": {
950
+ "CloudFrontOriginAccessIdentityConfig": {
951
+ "Comment": "Identity for cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin28690577F"
952
+ }
953
+ }
954
+ },
955
+ "myCachePolicy16CE2FCF": {
956
+ "Type": "AWS::CloudFront::CachePolicy",
957
+ "Properties": {
958
+ "CachePolicyConfig": {
959
+ "DefaultTTL": 0,
960
+ "MaxTTL": 0,
961
+ "MinTTL": 0,
962
+ "Name": "MyPolicy",
963
+ "ParametersInCacheKeyAndForwardedToOrigin": {
964
+ "CookiesConfig": {
965
+ "CookieBehavior": "none"
966
+ },
967
+ "EnableAcceptEncodingBrotli": false,
968
+ "EnableAcceptEncodingGzip": false,
969
+ "HeadersConfig": {
970
+ "HeaderBehavior": "none"
971
+ },
972
+ "QueryStringsConfig": {
973
+ "QueryStringBehavior": "none"
974
+ }
975
+ }
976
+ }
977
+ }
978
+ }
979
+ },
980
+ "Parameters": {
981
+ "BootstrapVersion": {
982
+ "Type": "AWS::SSM::Parameter::Value<String>",
983
+ "Default": "/cdk-bootstrap/hnb659fds/version",
984
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
985
+ }
986
+ },
987
+ "Rules": {
988
+ "CheckBootstrapVersion": {
989
+ "Assertions": [
990
+ {
991
+ "Assert": {
992
+ "Fn::Not": [
993
+ {
994
+ "Fn::Contains": [
995
+ [
996
+ "1",
997
+ "2",
998
+ "3",
999
+ "4",
1000
+ "5"
1001
+ ],
1002
+ {
1003
+ "Ref": "BootstrapVersion"
1004
+ }
1005
+ ]
1006
+ }
1007
+ ]
1008
+ },
1009
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1010
+ }
1011
+ ]
1012
+ }
1013
+ }
1014
+ }