@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -1,594 +0,0 @@
1
- {
2
- "Description": "Integration Test for aws-cloudfront-s3",
3
- "Resources": {
4
- "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7": {
5
- "Type": "AWS::S3::Bucket",
6
- "Properties": {
7
- "BucketEncryption": {
8
- "ServerSideEncryptionConfiguration": [
9
- {
10
- "ServerSideEncryptionByDefault": {
11
- "SSEAlgorithm": "AES256"
12
- }
13
- }
14
- ]
15
- },
16
- "PublicAccessBlockConfiguration": {
17
- "BlockPublicAcls": true,
18
- "BlockPublicPolicy": true,
19
- "IgnorePublicAcls": true,
20
- "RestrictPublicBuckets": true
21
- },
22
- "VersioningConfiguration": {
23
- "Status": "Enabled"
24
- }
25
- },
26
- "UpdateReplacePolicy": "Retain",
27
- "DeletionPolicy": "Retain",
28
- "Metadata": {
29
- "cfn_nag": {
30
- "rules_to_suppress": [
31
- {
32
- "id": "W35",
33
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
34
- }
35
- ]
36
- }
37
- }
38
- },
39
- "existings3bucketencryptedwiths3managedkeyS3LoggingBucketPolicy4358229C": {
40
- "Type": "AWS::S3::BucketPolicy",
41
- "Properties": {
42
- "Bucket": {
43
- "Ref": "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7"
44
- },
45
- "PolicyDocument": {
46
- "Statement": [
47
- {
48
- "Action": "s3:*",
49
- "Condition": {
50
- "Bool": {
51
- "aws:SecureTransport": "false"
52
- }
53
- },
54
- "Effect": "Deny",
55
- "Principal": {
56
- "AWS": "*"
57
- },
58
- "Resource": [
59
- {
60
- "Fn::GetAtt": [
61
- "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7",
62
- "Arn"
63
- ]
64
- },
65
- {
66
- "Fn::Join": [
67
- "",
68
- [
69
- {
70
- "Fn::GetAtt": [
71
- "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7",
72
- "Arn"
73
- ]
74
- },
75
- "/*"
76
- ]
77
- ]
78
- }
79
- ]
80
- },
81
- {
82
- "Action": "s3:PutObject",
83
- "Condition": {
84
- "ArnLike": {
85
- "aws:SourceArn": {
86
- "Fn::GetAtt": [
87
- "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
88
- "Arn"
89
- ]
90
- }
91
- },
92
- "StringEquals": {
93
- "aws:SourceAccount": {
94
- "Ref": "AWS::AccountId"
95
- }
96
- }
97
- },
98
- "Effect": "Allow",
99
- "Principal": {
100
- "Service": "logging.s3.amazonaws.com"
101
- },
102
- "Resource": {
103
- "Fn::Join": [
104
- "",
105
- [
106
- {
107
- "Fn::GetAtt": [
108
- "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7",
109
- "Arn"
110
- ]
111
- },
112
- "/*"
113
- ]
114
- ]
115
- }
116
- }
117
- ],
118
- "Version": "2012-10-17"
119
- }
120
- }
121
- },
122
- "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A": {
123
- "Type": "AWS::S3::Bucket",
124
- "Properties": {
125
- "BucketEncryption": {
126
- "ServerSideEncryptionConfiguration": [
127
- {
128
- "ServerSideEncryptionByDefault": {
129
- "SSEAlgorithm": "AES256"
130
- }
131
- }
132
- ]
133
- },
134
- "LifecycleConfiguration": {
135
- "Rules": [
136
- {
137
- "NoncurrentVersionTransitions": [
138
- {
139
- "StorageClass": "GLACIER",
140
- "TransitionInDays": 90
141
- }
142
- ],
143
- "Status": "Enabled"
144
- }
145
- ]
146
- },
147
- "LoggingConfiguration": {
148
- "DestinationBucketName": {
149
- "Ref": "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7"
150
- }
151
- },
152
- "PublicAccessBlockConfiguration": {
153
- "BlockPublicAcls": true,
154
- "BlockPublicPolicy": true,
155
- "IgnorePublicAcls": true,
156
- "RestrictPublicBuckets": true
157
- },
158
- "VersioningConfiguration": {
159
- "Status": "Enabled"
160
- }
161
- },
162
- "UpdateReplacePolicy": "Retain",
163
- "DeletionPolicy": "Retain"
164
- },
165
- "existings3bucketencryptedwiths3managedkeyS3BucketPolicyFDA85248": {
166
- "Type": "AWS::S3::BucketPolicy",
167
- "Properties": {
168
- "Bucket": {
169
- "Ref": "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A"
170
- },
171
- "PolicyDocument": {
172
- "Statement": [
173
- {
174
- "Action": "s3:*",
175
- "Condition": {
176
- "Bool": {
177
- "aws:SecureTransport": "false"
178
- }
179
- },
180
- "Effect": "Deny",
181
- "Principal": {
182
- "AWS": "*"
183
- },
184
- "Resource": [
185
- {
186
- "Fn::GetAtt": [
187
- "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
188
- "Arn"
189
- ]
190
- },
191
- {
192
- "Fn::Join": [
193
- "",
194
- [
195
- {
196
- "Fn::GetAtt": [
197
- "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
198
- "Arn"
199
- ]
200
- },
201
- "/*"
202
- ]
203
- ]
204
- }
205
- ]
206
- },
207
- {
208
- "Action": "s3:GetObject",
209
- "Condition": {
210
- "StringEquals": {
211
- "AWS:SourceArn": {
212
- "Fn::Join": [
213
- "",
214
- [
215
- "arn:aws:cloudfront::",
216
- {
217
- "Ref": "AWS::AccountId"
218
- },
219
- ":distribution/",
220
- {
221
- "Ref": "testcloudfronts3managedkeyCloudFrontDistributionE6431C62"
222
- }
223
- ]
224
- ]
225
- }
226
- }
227
- },
228
- "Effect": "Allow",
229
- "Principal": {
230
- "Service": "cloudfront.amazonaws.com"
231
- },
232
- "Resource": {
233
- "Fn::Join": [
234
- "",
235
- [
236
- {
237
- "Fn::GetAtt": [
238
- "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
239
- "Arn"
240
- ]
241
- },
242
- "/*"
243
- ]
244
- ]
245
- }
246
- }
247
- ],
248
- "Version": "2012-10-17"
249
- }
250
- },
251
- "Metadata": {
252
- "cfn_nag": {
253
- "rules_to_suppress": [
254
- {
255
- "id": "F16",
256
- "reason": "Public website bucket policy requires a wildcard principal"
257
- }
258
- ]
259
- }
260
- }
261
- },
262
- "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLog09A44955": {
263
- "Type": "AWS::S3::Bucket",
264
- "Properties": {
265
- "BucketEncryption": {
266
- "ServerSideEncryptionConfiguration": [
267
- {
268
- "ServerSideEncryptionByDefault": {
269
- "SSEAlgorithm": "AES256"
270
- }
271
- }
272
- ]
273
- },
274
- "OwnershipControls": {
275
- "Rules": [
276
- {
277
- "ObjectOwnership": "ObjectWriter"
278
- }
279
- ]
280
- },
281
- "PublicAccessBlockConfiguration": {
282
- "BlockPublicAcls": true,
283
- "BlockPublicPolicy": true,
284
- "IgnorePublicAcls": true,
285
- "RestrictPublicBuckets": true
286
- },
287
- "VersioningConfiguration": {
288
- "Status": "Enabled"
289
- }
290
- },
291
- "UpdateReplacePolicy": "Retain",
292
- "DeletionPolicy": "Retain",
293
- "Metadata": {
294
- "cfn_nag": {
295
- "rules_to_suppress": [
296
- {
297
- "id": "W35",
298
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
299
- }
300
- ]
301
- }
302
- }
303
- },
304
- "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLogPolicy08C15592": {
305
- "Type": "AWS::S3::BucketPolicy",
306
- "Properties": {
307
- "Bucket": {
308
- "Ref": "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLog09A44955"
309
- },
310
- "PolicyDocument": {
311
- "Statement": [
312
- {
313
- "Action": "s3:*",
314
- "Condition": {
315
- "Bool": {
316
- "aws:SecureTransport": "false"
317
- }
318
- },
319
- "Effect": "Deny",
320
- "Principal": {
321
- "AWS": "*"
322
- },
323
- "Resource": [
324
- {
325
- "Fn::GetAtt": [
326
- "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLog09A44955",
327
- "Arn"
328
- ]
329
- },
330
- {
331
- "Fn::Join": [
332
- "",
333
- [
334
- {
335
- "Fn::GetAtt": [
336
- "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLog09A44955",
337
- "Arn"
338
- ]
339
- },
340
- "/*"
341
- ]
342
- ]
343
- }
344
- ]
345
- },
346
- {
347
- "Action": "s3:PutObject",
348
- "Condition": {
349
- "ArnLike": {
350
- "aws:SourceArn": {
351
- "Fn::GetAtt": [
352
- "testcloudfronts3managedkeyCloudfrontLoggingBucket4F6525D7",
353
- "Arn"
354
- ]
355
- }
356
- },
357
- "StringEquals": {
358
- "aws:SourceAccount": {
359
- "Ref": "AWS::AccountId"
360
- }
361
- }
362
- },
363
- "Effect": "Allow",
364
- "Principal": {
365
- "Service": "logging.s3.amazonaws.com"
366
- },
367
- "Resource": {
368
- "Fn::Join": [
369
- "",
370
- [
371
- {
372
- "Fn::GetAtt": [
373
- "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLog09A44955",
374
- "Arn"
375
- ]
376
- },
377
- "/*"
378
- ]
379
- ]
380
- }
381
- }
382
- ],
383
- "Version": "2012-10-17"
384
- }
385
- }
386
- },
387
- "testcloudfronts3managedkeyCloudfrontLoggingBucket4F6525D7": {
388
- "Type": "AWS::S3::Bucket",
389
- "Properties": {
390
- "AccessControl": "LogDeliveryWrite",
391
- "BucketEncryption": {
392
- "ServerSideEncryptionConfiguration": [
393
- {
394
- "ServerSideEncryptionByDefault": {
395
- "SSEAlgorithm": "AES256"
396
- }
397
- }
398
- ]
399
- },
400
- "LoggingConfiguration": {
401
- "DestinationBucketName": {
402
- "Ref": "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLog09A44955"
403
- }
404
- },
405
- "OwnershipControls": {
406
- "Rules": [
407
- {
408
- "ObjectOwnership": "ObjectWriter"
409
- }
410
- ]
411
- },
412
- "PublicAccessBlockConfiguration": {
413
- "BlockPublicAcls": true,
414
- "BlockPublicPolicy": true,
415
- "IgnorePublicAcls": true,
416
- "RestrictPublicBuckets": true
417
- },
418
- "VersioningConfiguration": {
419
- "Status": "Enabled"
420
- }
421
- },
422
- "UpdateReplacePolicy": "Retain",
423
- "DeletionPolicy": "Retain"
424
- },
425
- "testcloudfronts3managedkeyCloudfrontLoggingBucketPolicy8952C83B": {
426
- "Type": "AWS::S3::BucketPolicy",
427
- "Properties": {
428
- "Bucket": {
429
- "Ref": "testcloudfronts3managedkeyCloudfrontLoggingBucket4F6525D7"
430
- },
431
- "PolicyDocument": {
432
- "Statement": [
433
- {
434
- "Action": "s3:*",
435
- "Condition": {
436
- "Bool": {
437
- "aws:SecureTransport": "false"
438
- }
439
- },
440
- "Effect": "Deny",
441
- "Principal": {
442
- "AWS": "*"
443
- },
444
- "Resource": [
445
- {
446
- "Fn::GetAtt": [
447
- "testcloudfronts3managedkeyCloudfrontLoggingBucket4F6525D7",
448
- "Arn"
449
- ]
450
- },
451
- {
452
- "Fn::Join": [
453
- "",
454
- [
455
- {
456
- "Fn::GetAtt": [
457
- "testcloudfronts3managedkeyCloudfrontLoggingBucket4F6525D7",
458
- "Arn"
459
- ]
460
- },
461
- "/*"
462
- ]
463
- ]
464
- }
465
- ]
466
- }
467
- ],
468
- "Version": "2012-10-17"
469
- }
470
- }
471
- },
472
- "testcloudfronts3managedkeyCloudFrontOac1422B0A1": {
473
- "Type": "AWS::CloudFront::OriginAccessControl",
474
- "Properties": {
475
- "OriginAccessControlConfig": {
476
- "Description": "Origin access control provisioned by aws-cloudfront-s3",
477
- "Name": {
478
- "Fn::Join": [
479
- "",
480
- [
481
- "aws-cloudfront-s3-testd-key-",
482
- {
483
- "Fn::Select": [
484
- 2,
485
- {
486
- "Fn::Split": [
487
- "/",
488
- {
489
- "Ref": "AWS::StackId"
490
- }
491
- ]
492
- }
493
- ]
494
- }
495
- ]
496
- ]
497
- },
498
- "OriginAccessControlOriginType": "s3",
499
- "SigningBehavior": "always",
500
- "SigningProtocol": "sigv4"
501
- }
502
- }
503
- },
504
- "testcloudfronts3managedkeyCloudFrontDistributionE6431C62": {
505
- "Type": "AWS::CloudFront::Distribution",
506
- "Properties": {
507
- "DistributionConfig": {
508
- "DefaultCacheBehavior": {
509
- "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
510
- "Compress": true,
511
- "TargetOriginId": "cfts3bucketencryptedwithmanagedkeyprovidedasexistingbuckettestcloudfronts3managedkeyCloudFrontDistributionOrigin17C5092B4",
512
- "ViewerProtocolPolicy": "redirect-to-https"
513
- },
514
- "DefaultRootObject": "index.html",
515
- "Enabled": true,
516
- "HttpVersion": "http2",
517
- "IPV6Enabled": true,
518
- "Logging": {
519
- "Bucket": {
520
- "Fn::GetAtt": [
521
- "testcloudfronts3managedkeyCloudfrontLoggingBucket4F6525D7",
522
- "RegionalDomainName"
523
- ]
524
- }
525
- },
526
- "Origins": [
527
- {
528
- "DomainName": {
529
- "Fn::GetAtt": [
530
- "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
531
- "RegionalDomainName"
532
- ]
533
- },
534
- "Id": "cfts3bucketencryptedwithmanagedkeyprovidedasexistingbuckettestcloudfronts3managedkeyCloudFrontDistributionOrigin17C5092B4",
535
- "OriginAccessControlId": {
536
- "Fn::GetAtt": [
537
- "testcloudfronts3managedkeyCloudFrontOac1422B0A1",
538
- "Id"
539
- ]
540
- },
541
- "S3OriginConfig": {
542
- "OriginAccessIdentity": ""
543
- }
544
- }
545
- ]
546
- }
547
- },
548
- "Metadata": {
549
- "cfn_nag": {
550
- "rules_to_suppress": [
551
- {
552
- "id": "W70",
553
- "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
554
- }
555
- ]
556
- }
557
- }
558
- }
559
- },
560
- "Parameters": {
561
- "BootstrapVersion": {
562
- "Type": "AWS::SSM::Parameter::Value<String>",
563
- "Default": "/cdk-bootstrap/hnb659fds/version",
564
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
565
- }
566
- },
567
- "Rules": {
568
- "CheckBootstrapVersion": {
569
- "Assertions": [
570
- {
571
- "Assert": {
572
- "Fn::Not": [
573
- {
574
- "Fn::Contains": [
575
- [
576
- "1",
577
- "2",
578
- "3",
579
- "4",
580
- "5"
581
- ],
582
- {
583
- "Ref": "BootstrapVersion"
584
- }
585
- ]
586
- }
587
- ]
588
- },
589
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
590
- }
591
- ]
592
- }
593
- }
594
- }