@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -0,0 +1,959 @@
1
+ {
2
+ "Description": "Integration Test for aws-cloudfront-s3",
3
+ "Resources": {
4
+ "testcloudfronts3S3LoggingBucket90D239DD": {
5
+ "Type": "AWS::S3::Bucket",
6
+ "Properties": {
7
+ "BucketEncryption": {
8
+ "ServerSideEncryptionConfiguration": [
9
+ {
10
+ "ServerSideEncryptionByDefault": {
11
+ "SSEAlgorithm": "AES256"
12
+ }
13
+ }
14
+ ]
15
+ },
16
+ "PublicAccessBlockConfiguration": {
17
+ "BlockPublicAcls": true,
18
+ "BlockPublicPolicy": true,
19
+ "IgnorePublicAcls": true,
20
+ "RestrictPublicBuckets": true
21
+ },
22
+ "Tags": [
23
+ {
24
+ "Key": "aws-cdk:auto-delete-objects",
25
+ "Value": "true"
26
+ }
27
+ ],
28
+ "VersioningConfiguration": {
29
+ "Status": "Enabled"
30
+ }
31
+ },
32
+ "UpdateReplacePolicy": "Delete",
33
+ "DeletionPolicy": "Delete",
34
+ "Metadata": {
35
+ "cfn_nag": {
36
+ "rules_to_suppress": [
37
+ {
38
+ "id": "W35",
39
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
40
+ }
41
+ ]
42
+ }
43
+ }
44
+ },
45
+ "testcloudfronts3S3LoggingBucketPolicy529D4CFF": {
46
+ "Type": "AWS::S3::BucketPolicy",
47
+ "Properties": {
48
+ "Bucket": {
49
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
50
+ },
51
+ "PolicyDocument": {
52
+ "Statement": [
53
+ {
54
+ "Action": "s3:*",
55
+ "Condition": {
56
+ "Bool": {
57
+ "aws:SecureTransport": "false"
58
+ }
59
+ },
60
+ "Effect": "Deny",
61
+ "Principal": {
62
+ "AWS": "*"
63
+ },
64
+ "Resource": [
65
+ {
66
+ "Fn::GetAtt": [
67
+ "testcloudfronts3S3LoggingBucket90D239DD",
68
+ "Arn"
69
+ ]
70
+ },
71
+ {
72
+ "Fn::Join": [
73
+ "",
74
+ [
75
+ {
76
+ "Fn::GetAtt": [
77
+ "testcloudfronts3S3LoggingBucket90D239DD",
78
+ "Arn"
79
+ ]
80
+ },
81
+ "/*"
82
+ ]
83
+ ]
84
+ }
85
+ ]
86
+ },
87
+ {
88
+ "Action": [
89
+ "s3:DeleteObject*",
90
+ "s3:GetBucket*",
91
+ "s3:List*",
92
+ "s3:PutBucketPolicy"
93
+ ],
94
+ "Effect": "Allow",
95
+ "Principal": {
96
+ "AWS": {
97
+ "Fn::GetAtt": [
98
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
99
+ "Arn"
100
+ ]
101
+ }
102
+ },
103
+ "Resource": [
104
+ {
105
+ "Fn::GetAtt": [
106
+ "testcloudfronts3S3LoggingBucket90D239DD",
107
+ "Arn"
108
+ ]
109
+ },
110
+ {
111
+ "Fn::Join": [
112
+ "",
113
+ [
114
+ {
115
+ "Fn::GetAtt": [
116
+ "testcloudfronts3S3LoggingBucket90D239DD",
117
+ "Arn"
118
+ ]
119
+ },
120
+ "/*"
121
+ ]
122
+ ]
123
+ }
124
+ ]
125
+ },
126
+ {
127
+ "Action": "s3:PutObject",
128
+ "Condition": {
129
+ "ArnLike": {
130
+ "aws:SourceArn": {
131
+ "Fn::GetAtt": [
132
+ "testcloudfronts3S3BucketE0C5F76E",
133
+ "Arn"
134
+ ]
135
+ }
136
+ },
137
+ "StringEquals": {
138
+ "aws:SourceAccount": {
139
+ "Ref": "AWS::AccountId"
140
+ }
141
+ }
142
+ },
143
+ "Effect": "Allow",
144
+ "Principal": {
145
+ "Service": "logging.s3.amazonaws.com"
146
+ },
147
+ "Resource": {
148
+ "Fn::Join": [
149
+ "",
150
+ [
151
+ {
152
+ "Fn::GetAtt": [
153
+ "testcloudfronts3S3LoggingBucket90D239DD",
154
+ "Arn"
155
+ ]
156
+ },
157
+ "/*"
158
+ ]
159
+ ]
160
+ }
161
+ }
162
+ ],
163
+ "Version": "2012-10-17"
164
+ }
165
+ }
166
+ },
167
+ "testcloudfronts3S3LoggingBucketAutoDeleteObjectsCustomResource6EE37727": {
168
+ "Type": "Custom::S3AutoDeleteObjects",
169
+ "Properties": {
170
+ "ServiceToken": {
171
+ "Fn::GetAtt": [
172
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
173
+ "Arn"
174
+ ]
175
+ },
176
+ "BucketName": {
177
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
178
+ }
179
+ },
180
+ "DependsOn": [
181
+ "testcloudfronts3S3LoggingBucketPolicy529D4CFF"
182
+ ],
183
+ "UpdateReplacePolicy": "Delete",
184
+ "DeletionPolicy": "Delete"
185
+ },
186
+ "testcloudfronts3S3BucketE0C5F76E": {
187
+ "Type": "AWS::S3::Bucket",
188
+ "Properties": {
189
+ "BucketEncryption": {
190
+ "ServerSideEncryptionConfiguration": [
191
+ {
192
+ "ServerSideEncryptionByDefault": {
193
+ "SSEAlgorithm": "AES256"
194
+ }
195
+ }
196
+ ]
197
+ },
198
+ "LifecycleConfiguration": {
199
+ "Rules": [
200
+ {
201
+ "NoncurrentVersionTransitions": [
202
+ {
203
+ "StorageClass": "GLACIER",
204
+ "TransitionInDays": 90
205
+ }
206
+ ],
207
+ "Status": "Enabled"
208
+ }
209
+ ]
210
+ },
211
+ "LoggingConfiguration": {
212
+ "DestinationBucketName": {
213
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
214
+ }
215
+ },
216
+ "PublicAccessBlockConfiguration": {
217
+ "BlockPublicAcls": true,
218
+ "BlockPublicPolicy": true,
219
+ "IgnorePublicAcls": true,
220
+ "RestrictPublicBuckets": true
221
+ },
222
+ "Tags": [
223
+ {
224
+ "Key": "aws-cdk:auto-delete-objects",
225
+ "Value": "true"
226
+ }
227
+ ],
228
+ "VersioningConfiguration": {
229
+ "Status": "Enabled"
230
+ }
231
+ },
232
+ "UpdateReplacePolicy": "Delete",
233
+ "DeletionPolicy": "Delete",
234
+ "Metadata": {
235
+ "cfn_nag": {
236
+ "rules_to_suppress": [
237
+ {
238
+ "id": "W35",
239
+ "reason": "This S3 bucket is created for unit/ integration testing purposes only."
240
+ }
241
+ ]
242
+ }
243
+ }
244
+ },
245
+ "testcloudfronts3S3BucketPolicy250F1F61": {
246
+ "Type": "AWS::S3::BucketPolicy",
247
+ "Properties": {
248
+ "Bucket": {
249
+ "Ref": "testcloudfronts3S3BucketE0C5F76E"
250
+ },
251
+ "PolicyDocument": {
252
+ "Statement": [
253
+ {
254
+ "Action": "s3:*",
255
+ "Condition": {
256
+ "Bool": {
257
+ "aws:SecureTransport": "false"
258
+ }
259
+ },
260
+ "Effect": "Deny",
261
+ "Principal": {
262
+ "AWS": "*"
263
+ },
264
+ "Resource": [
265
+ {
266
+ "Fn::GetAtt": [
267
+ "testcloudfronts3S3BucketE0C5F76E",
268
+ "Arn"
269
+ ]
270
+ },
271
+ {
272
+ "Fn::Join": [
273
+ "",
274
+ [
275
+ {
276
+ "Fn::GetAtt": [
277
+ "testcloudfronts3S3BucketE0C5F76E",
278
+ "Arn"
279
+ ]
280
+ },
281
+ "/*"
282
+ ]
283
+ ]
284
+ }
285
+ ]
286
+ },
287
+ {
288
+ "Action": [
289
+ "s3:DeleteObject*",
290
+ "s3:GetBucket*",
291
+ "s3:List*",
292
+ "s3:PutBucketPolicy"
293
+ ],
294
+ "Effect": "Allow",
295
+ "Principal": {
296
+ "AWS": {
297
+ "Fn::GetAtt": [
298
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
299
+ "Arn"
300
+ ]
301
+ }
302
+ },
303
+ "Resource": [
304
+ {
305
+ "Fn::GetAtt": [
306
+ "testcloudfronts3S3BucketE0C5F76E",
307
+ "Arn"
308
+ ]
309
+ },
310
+ {
311
+ "Fn::Join": [
312
+ "",
313
+ [
314
+ {
315
+ "Fn::GetAtt": [
316
+ "testcloudfronts3S3BucketE0C5F76E",
317
+ "Arn"
318
+ ]
319
+ },
320
+ "/*"
321
+ ]
322
+ ]
323
+ }
324
+ ]
325
+ },
326
+ {
327
+ "Action": "s3:GetObject",
328
+ "Condition": {
329
+ "StringEquals": {
330
+ "AWS:SourceArn": {
331
+ "Fn::Join": [
332
+ "",
333
+ [
334
+ "arn:aws:cloudfront::",
335
+ {
336
+ "Ref": "AWS::AccountId"
337
+ },
338
+ ":distribution/",
339
+ {
340
+ "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
341
+ }
342
+ ]
343
+ ]
344
+ }
345
+ }
346
+ },
347
+ "Effect": "Allow",
348
+ "Principal": {
349
+ "Service": "cloudfront.amazonaws.com"
350
+ },
351
+ "Resource": {
352
+ "Fn::Join": [
353
+ "",
354
+ [
355
+ {
356
+ "Fn::GetAtt": [
357
+ "testcloudfronts3S3BucketE0C5F76E",
358
+ "Arn"
359
+ ]
360
+ },
361
+ "/*"
362
+ ]
363
+ ]
364
+ }
365
+ }
366
+ ],
367
+ "Version": "2012-10-17"
368
+ }
369
+ },
370
+ "Metadata": {
371
+ "cfn_nag": {
372
+ "rules_to_suppress": [
373
+ {
374
+ "id": "F16",
375
+ "reason": "Public website bucket policy requires a wildcard principal"
376
+ }
377
+ ]
378
+ }
379
+ }
380
+ },
381
+ "testcloudfronts3S3BucketAutoDeleteObjectsCustomResourceA13DD8F7": {
382
+ "Type": "Custom::S3AutoDeleteObjects",
383
+ "Properties": {
384
+ "ServiceToken": {
385
+ "Fn::GetAtt": [
386
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
387
+ "Arn"
388
+ ]
389
+ },
390
+ "BucketName": {
391
+ "Ref": "testcloudfronts3S3BucketE0C5F76E"
392
+ }
393
+ },
394
+ "DependsOn": [
395
+ "testcloudfronts3S3BucketPolicy250F1F61"
396
+ ],
397
+ "UpdateReplacePolicy": "Delete",
398
+ "DeletionPolicy": "Delete"
399
+ },
400
+ "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
401
+ "Type": "AWS::CloudFront::Function",
402
+ "Properties": {
403
+ "AutoPublish": true,
404
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
405
+ "FunctionConfig": {
406
+ "Comment": "SetHttpSecurityHeadersc88b3e0fe5ebfb7f401b410752c35f74a3678d5cb1",
407
+ "Runtime": "cloudfront-js-1.0"
408
+ },
409
+ "Name": "SetHttpSecurityHeadersc88b3e0fe5ebfb7f401b410752c35f74a3678d5cb1"
410
+ }
411
+ },
412
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
413
+ "Type": "AWS::S3::Bucket",
414
+ "Properties": {
415
+ "BucketEncryption": {
416
+ "ServerSideEncryptionConfiguration": [
417
+ {
418
+ "ServerSideEncryptionByDefault": {
419
+ "SSEAlgorithm": "AES256"
420
+ }
421
+ }
422
+ ]
423
+ },
424
+ "OwnershipControls": {
425
+ "Rules": [
426
+ {
427
+ "ObjectOwnership": "ObjectWriter"
428
+ }
429
+ ]
430
+ },
431
+ "PublicAccessBlockConfiguration": {
432
+ "BlockPublicAcls": true,
433
+ "BlockPublicPolicy": true,
434
+ "IgnorePublicAcls": true,
435
+ "RestrictPublicBuckets": true
436
+ },
437
+ "Tags": [
438
+ {
439
+ "Key": "aws-cdk:auto-delete-objects",
440
+ "Value": "true"
441
+ }
442
+ ],
443
+ "VersioningConfiguration": {
444
+ "Status": "Enabled"
445
+ }
446
+ },
447
+ "UpdateReplacePolicy": "Delete",
448
+ "DeletionPolicy": "Delete",
449
+ "Metadata": {
450
+ "cfn_nag": {
451
+ "rules_to_suppress": [
452
+ {
453
+ "id": "W35",
454
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
455
+ }
456
+ ]
457
+ }
458
+ }
459
+ },
460
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
461
+ "Type": "AWS::S3::BucketPolicy",
462
+ "Properties": {
463
+ "Bucket": {
464
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
465
+ },
466
+ "PolicyDocument": {
467
+ "Statement": [
468
+ {
469
+ "Action": "s3:*",
470
+ "Condition": {
471
+ "Bool": {
472
+ "aws:SecureTransport": "false"
473
+ }
474
+ },
475
+ "Effect": "Deny",
476
+ "Principal": {
477
+ "AWS": "*"
478
+ },
479
+ "Resource": [
480
+ {
481
+ "Fn::GetAtt": [
482
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
483
+ "Arn"
484
+ ]
485
+ },
486
+ {
487
+ "Fn::Join": [
488
+ "",
489
+ [
490
+ {
491
+ "Fn::GetAtt": [
492
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
493
+ "Arn"
494
+ ]
495
+ },
496
+ "/*"
497
+ ]
498
+ ]
499
+ }
500
+ ]
501
+ },
502
+ {
503
+ "Action": [
504
+ "s3:DeleteObject*",
505
+ "s3:GetBucket*",
506
+ "s3:List*",
507
+ "s3:PutBucketPolicy"
508
+ ],
509
+ "Effect": "Allow",
510
+ "Principal": {
511
+ "AWS": {
512
+ "Fn::GetAtt": [
513
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
514
+ "Arn"
515
+ ]
516
+ }
517
+ },
518
+ "Resource": [
519
+ {
520
+ "Fn::GetAtt": [
521
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
522
+ "Arn"
523
+ ]
524
+ },
525
+ {
526
+ "Fn::Join": [
527
+ "",
528
+ [
529
+ {
530
+ "Fn::GetAtt": [
531
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
532
+ "Arn"
533
+ ]
534
+ },
535
+ "/*"
536
+ ]
537
+ ]
538
+ }
539
+ ]
540
+ },
541
+ {
542
+ "Action": "s3:PutObject",
543
+ "Condition": {
544
+ "ArnLike": {
545
+ "aws:SourceArn": {
546
+ "Fn::GetAtt": [
547
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
548
+ "Arn"
549
+ ]
550
+ }
551
+ },
552
+ "StringEquals": {
553
+ "aws:SourceAccount": {
554
+ "Ref": "AWS::AccountId"
555
+ }
556
+ }
557
+ },
558
+ "Effect": "Allow",
559
+ "Principal": {
560
+ "Service": "logging.s3.amazonaws.com"
561
+ },
562
+ "Resource": {
563
+ "Fn::Join": [
564
+ "",
565
+ [
566
+ {
567
+ "Fn::GetAtt": [
568
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
569
+ "Arn"
570
+ ]
571
+ },
572
+ "/*"
573
+ ]
574
+ ]
575
+ }
576
+ }
577
+ ],
578
+ "Version": "2012-10-17"
579
+ }
580
+ }
581
+ },
582
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
583
+ "Type": "Custom::S3AutoDeleteObjects",
584
+ "Properties": {
585
+ "ServiceToken": {
586
+ "Fn::GetAtt": [
587
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
588
+ "Arn"
589
+ ]
590
+ },
591
+ "BucketName": {
592
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
593
+ }
594
+ },
595
+ "DependsOn": [
596
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
597
+ ],
598
+ "UpdateReplacePolicy": "Delete",
599
+ "DeletionPolicy": "Delete"
600
+ },
601
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
602
+ "Type": "AWS::S3::Bucket",
603
+ "Properties": {
604
+ "AccessControl": "LogDeliveryWrite",
605
+ "BucketEncryption": {
606
+ "ServerSideEncryptionConfiguration": [
607
+ {
608
+ "ServerSideEncryptionByDefault": {
609
+ "SSEAlgorithm": "AES256"
610
+ }
611
+ }
612
+ ]
613
+ },
614
+ "LoggingConfiguration": {
615
+ "DestinationBucketName": {
616
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
617
+ }
618
+ },
619
+ "OwnershipControls": {
620
+ "Rules": [
621
+ {
622
+ "ObjectOwnership": "ObjectWriter"
623
+ }
624
+ ]
625
+ },
626
+ "PublicAccessBlockConfiguration": {
627
+ "BlockPublicAcls": true,
628
+ "BlockPublicPolicy": true,
629
+ "IgnorePublicAcls": true,
630
+ "RestrictPublicBuckets": true
631
+ },
632
+ "Tags": [
633
+ {
634
+ "Key": "aws-cdk:auto-delete-objects",
635
+ "Value": "true"
636
+ }
637
+ ],
638
+ "VersioningConfiguration": {
639
+ "Status": "Enabled"
640
+ }
641
+ },
642
+ "UpdateReplacePolicy": "Delete",
643
+ "DeletionPolicy": "Delete"
644
+ },
645
+ "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
646
+ "Type": "AWS::S3::BucketPolicy",
647
+ "Properties": {
648
+ "Bucket": {
649
+ "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
650
+ },
651
+ "PolicyDocument": {
652
+ "Statement": [
653
+ {
654
+ "Action": "s3:*",
655
+ "Condition": {
656
+ "Bool": {
657
+ "aws:SecureTransport": "false"
658
+ }
659
+ },
660
+ "Effect": "Deny",
661
+ "Principal": {
662
+ "AWS": "*"
663
+ },
664
+ "Resource": [
665
+ {
666
+ "Fn::GetAtt": [
667
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
668
+ "Arn"
669
+ ]
670
+ },
671
+ {
672
+ "Fn::Join": [
673
+ "",
674
+ [
675
+ {
676
+ "Fn::GetAtt": [
677
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
678
+ "Arn"
679
+ ]
680
+ },
681
+ "/*"
682
+ ]
683
+ ]
684
+ }
685
+ ]
686
+ },
687
+ {
688
+ "Action": [
689
+ "s3:DeleteObject*",
690
+ "s3:GetBucket*",
691
+ "s3:List*",
692
+ "s3:PutBucketPolicy"
693
+ ],
694
+ "Effect": "Allow",
695
+ "Principal": {
696
+ "AWS": {
697
+ "Fn::GetAtt": [
698
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
699
+ "Arn"
700
+ ]
701
+ }
702
+ },
703
+ "Resource": [
704
+ {
705
+ "Fn::GetAtt": [
706
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
707
+ "Arn"
708
+ ]
709
+ },
710
+ {
711
+ "Fn::Join": [
712
+ "",
713
+ [
714
+ {
715
+ "Fn::GetAtt": [
716
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
717
+ "Arn"
718
+ ]
719
+ },
720
+ "/*"
721
+ ]
722
+ ]
723
+ }
724
+ ]
725
+ }
726
+ ],
727
+ "Version": "2012-10-17"
728
+ }
729
+ }
730
+ },
731
+ "testcloudfronts3CloudfrontLoggingBucketAutoDeleteObjectsCustomResource19604D88": {
732
+ "Type": "Custom::S3AutoDeleteObjects",
733
+ "Properties": {
734
+ "ServiceToken": {
735
+ "Fn::GetAtt": [
736
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
737
+ "Arn"
738
+ ]
739
+ },
740
+ "BucketName": {
741
+ "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
742
+ }
743
+ },
744
+ "DependsOn": [
745
+ "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B"
746
+ ],
747
+ "UpdateReplacePolicy": "Delete",
748
+ "DeletionPolicy": "Delete"
749
+ },
750
+ "testcloudfronts3CloudFrontOac7A951AA6": {
751
+ "Type": "AWS::CloudFront::OriginAccessControl",
752
+ "Properties": {
753
+ "OriginAccessControlConfig": {
754
+ "Description": "Origin access control provisioned by aws-cloudfront-s3",
755
+ "Name": {
756
+ "Fn::Join": [
757
+ "",
758
+ [
759
+ "aws-cloudfront-s3-testnt-s3-",
760
+ {
761
+ "Fn::Select": [
762
+ 2,
763
+ {
764
+ "Fn::Split": [
765
+ "/",
766
+ {
767
+ "Ref": "AWS::StackId"
768
+ }
769
+ ]
770
+ }
771
+ ]
772
+ }
773
+ ]
774
+ ]
775
+ },
776
+ "OriginAccessControlOriginType": "s3",
777
+ "SigningBehavior": "always",
778
+ "SigningProtocol": "sigv4"
779
+ }
780
+ }
781
+ },
782
+ "testcloudfronts3CloudFrontDistribution0565DEE8": {
783
+ "Type": "AWS::CloudFront::Distribution",
784
+ "Properties": {
785
+ "DistributionConfig": {
786
+ "DefaultCacheBehavior": {
787
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
788
+ "Compress": true,
789
+ "FunctionAssociations": [
790
+ {
791
+ "EventType": "viewer-response",
792
+ "FunctionARN": {
793
+ "Fn::GetAtt": [
794
+ "testcloudfronts3SetHttpSecurityHeaders6C5A1E69",
795
+ "FunctionARN"
796
+ ]
797
+ }
798
+ }
799
+ ],
800
+ "TargetOriginId": "cfts3noargumentstestcloudfronts3CloudFrontDistributionOrigin1203032D1",
801
+ "ViewerProtocolPolicy": "redirect-to-https"
802
+ },
803
+ "DefaultRootObject": "index.html",
804
+ "Enabled": true,
805
+ "HttpVersion": "http2",
806
+ "IPV6Enabled": true,
807
+ "Logging": {
808
+ "Bucket": {
809
+ "Fn::GetAtt": [
810
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
811
+ "RegionalDomainName"
812
+ ]
813
+ }
814
+ },
815
+ "Origins": [
816
+ {
817
+ "DomainName": {
818
+ "Fn::GetAtt": [
819
+ "testcloudfronts3S3BucketE0C5F76E",
820
+ "RegionalDomainName"
821
+ ]
822
+ },
823
+ "Id": "cfts3noargumentstestcloudfronts3CloudFrontDistributionOrigin1203032D1",
824
+ "OriginAccessControlId": {
825
+ "Fn::GetAtt": [
826
+ "testcloudfronts3CloudFrontOac7A951AA6",
827
+ "Id"
828
+ ]
829
+ },
830
+ "S3OriginConfig": {
831
+ "OriginAccessIdentity": ""
832
+ }
833
+ }
834
+ ]
835
+ }
836
+ },
837
+ "Metadata": {
838
+ "cfn_nag": {
839
+ "rules_to_suppress": [
840
+ {
841
+ "id": "W70",
842
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
843
+ }
844
+ ]
845
+ }
846
+ }
847
+ },
848
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
849
+ "Type": "AWS::IAM::Role",
850
+ "Properties": {
851
+ "AssumeRolePolicyDocument": {
852
+ "Version": "2012-10-17",
853
+ "Statement": [
854
+ {
855
+ "Action": "sts:AssumeRole",
856
+ "Effect": "Allow",
857
+ "Principal": {
858
+ "Service": "lambda.amazonaws.com"
859
+ }
860
+ }
861
+ ]
862
+ },
863
+ "ManagedPolicyArns": [
864
+ {
865
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
866
+ }
867
+ ]
868
+ }
869
+ },
870
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
871
+ "Type": "AWS::Lambda::Function",
872
+ "Properties": {
873
+ "Code": {
874
+ "S3Bucket": {
875
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
876
+ },
877
+ "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
878
+ },
879
+ "Timeout": 900,
880
+ "MemorySize": 128,
881
+ "Handler": "index.handler",
882
+ "Role": {
883
+ "Fn::GetAtt": [
884
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
885
+ "Arn"
886
+ ]
887
+ },
888
+ "Runtime": "nodejs18.x",
889
+ "Description": {
890
+ "Fn::Join": [
891
+ "",
892
+ [
893
+ "Lambda function for auto-deleting objects in ",
894
+ {
895
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
896
+ },
897
+ " S3 bucket."
898
+ ]
899
+ ]
900
+ }
901
+ },
902
+ "DependsOn": [
903
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
904
+ ],
905
+ "Metadata": {
906
+ "cfn_nag": {
907
+ "rules_to_suppress": [
908
+ {
909
+ "id": "W58",
910
+ "reason": "CDK generated custom resource"
911
+ },
912
+ {
913
+ "id": "W89",
914
+ "reason": "CDK generated custom resource"
915
+ },
916
+ {
917
+ "id": "W92",
918
+ "reason": "CDK generated custom resource"
919
+ }
920
+ ]
921
+ }
922
+ }
923
+ }
924
+ },
925
+ "Parameters": {
926
+ "BootstrapVersion": {
927
+ "Type": "AWS::SSM::Parameter::Value<String>",
928
+ "Default": "/cdk-bootstrap/hnb659fds/version",
929
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
930
+ }
931
+ },
932
+ "Rules": {
933
+ "CheckBootstrapVersion": {
934
+ "Assertions": [
935
+ {
936
+ "Assert": {
937
+ "Fn::Not": [
938
+ {
939
+ "Fn::Contains": [
940
+ [
941
+ "1",
942
+ "2",
943
+ "3",
944
+ "4",
945
+ "5"
946
+ ],
947
+ {
948
+ "Ref": "BootstrapVersion"
949
+ }
950
+ ]
951
+ }
952
+ ]
953
+ },
954
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
955
+ }
956
+ ]
957
+ }
958
+ }
959
+ }