@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -1,1014 +0,0 @@
1
- {
2
- "Resources": {
3
- "scrapBucketLog7B53B25C": {
4
- "Type": "AWS::S3::Bucket",
5
- "Properties": {
6
- "BucketEncryption": {
7
- "ServerSideEncryptionConfiguration": [
8
- {
9
- "ServerSideEncryptionByDefault": {
10
- "SSEAlgorithm": "AES256"
11
- }
12
- }
13
- ]
14
- },
15
- "Tags": [
16
- {
17
- "Key": "aws-cdk:auto-delete-objects",
18
- "Value": "true"
19
- }
20
- ],
21
- "VersioningConfiguration": {
22
- "Status": "Enabled"
23
- }
24
- },
25
- "UpdateReplacePolicy": "Delete",
26
- "DeletionPolicy": "Delete",
27
- "Metadata": {
28
- "cfn_nag": {
29
- "rules_to_suppress": [
30
- {
31
- "id": "W35",
32
- "reason": "This is a log bucket"
33
- }
34
- ]
35
- }
36
- }
37
- },
38
- "scrapBucketLogPolicy2972C573": {
39
- "Type": "AWS::S3::BucketPolicy",
40
- "Properties": {
41
- "Bucket": {
42
- "Ref": "scrapBucketLog7B53B25C"
43
- },
44
- "PolicyDocument": {
45
- "Statement": [
46
- {
47
- "Action": "s3:*",
48
- "Condition": {
49
- "Bool": {
50
- "aws:SecureTransport": "false"
51
- }
52
- },
53
- "Effect": "Deny",
54
- "Principal": {
55
- "AWS": "*"
56
- },
57
- "Resource": [
58
- {
59
- "Fn::GetAtt": [
60
- "scrapBucketLog7B53B25C",
61
- "Arn"
62
- ]
63
- },
64
- {
65
- "Fn::Join": [
66
- "",
67
- [
68
- {
69
- "Fn::GetAtt": [
70
- "scrapBucketLog7B53B25C",
71
- "Arn"
72
- ]
73
- },
74
- "/*"
75
- ]
76
- ]
77
- }
78
- ]
79
- },
80
- {
81
- "Action": [
82
- "s3:PutBucketPolicy",
83
- "s3:GetBucket*",
84
- "s3:List*",
85
- "s3:DeleteObject*"
86
- ],
87
- "Effect": "Allow",
88
- "Principal": {
89
- "AWS": {
90
- "Fn::GetAtt": [
91
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
92
- "Arn"
93
- ]
94
- }
95
- },
96
- "Resource": [
97
- {
98
- "Fn::GetAtt": [
99
- "scrapBucketLog7B53B25C",
100
- "Arn"
101
- ]
102
- },
103
- {
104
- "Fn::Join": [
105
- "",
106
- [
107
- {
108
- "Fn::GetAtt": [
109
- "scrapBucketLog7B53B25C",
110
- "Arn"
111
- ]
112
- },
113
- "/*"
114
- ]
115
- ]
116
- }
117
- ]
118
- },
119
- {
120
- "Action": "s3:PutObject",
121
- "Condition": {
122
- "ArnLike": {
123
- "aws:SourceArn": {
124
- "Fn::GetAtt": [
125
- "scrapBucketB11863B7",
126
- "Arn"
127
- ]
128
- }
129
- },
130
- "StringEquals": {
131
- "aws:SourceAccount": {
132
- "Ref": "AWS::AccountId"
133
- }
134
- }
135
- },
136
- "Effect": "Allow",
137
- "Principal": {
138
- "Service": "logging.s3.amazonaws.com"
139
- },
140
- "Resource": {
141
- "Fn::Join": [
142
- "",
143
- [
144
- {
145
- "Fn::GetAtt": [
146
- "scrapBucketLog7B53B25C",
147
- "Arn"
148
- ]
149
- },
150
- "/*"
151
- ]
152
- ]
153
- }
154
- }
155
- ],
156
- "Version": "2012-10-17"
157
- }
158
- }
159
- },
160
- "scrapBucketLogAutoDeleteObjectsCustomResource307F3D47": {
161
- "Type": "Custom::S3AutoDeleteObjects",
162
- "Properties": {
163
- "ServiceToken": {
164
- "Fn::GetAtt": [
165
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
166
- "Arn"
167
- ]
168
- },
169
- "BucketName": {
170
- "Ref": "scrapBucketLog7B53B25C"
171
- }
172
- },
173
- "DependsOn": [
174
- "scrapBucketLogPolicy2972C573"
175
- ],
176
- "UpdateReplacePolicy": "Delete",
177
- "DeletionPolicy": "Delete"
178
- },
179
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
180
- "Type": "AWS::IAM::Role",
181
- "Properties": {
182
- "AssumeRolePolicyDocument": {
183
- "Version": "2012-10-17",
184
- "Statement": [
185
- {
186
- "Action": "sts:AssumeRole",
187
- "Effect": "Allow",
188
- "Principal": {
189
- "Service": "lambda.amazonaws.com"
190
- }
191
- }
192
- ]
193
- },
194
- "ManagedPolicyArns": [
195
- {
196
- "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
197
- }
198
- ]
199
- }
200
- },
201
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
202
- "Type": "AWS::Lambda::Function",
203
- "Properties": {
204
- "Code": {
205
- "S3Bucket": {
206
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
207
- },
208
- "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
209
- },
210
- "Timeout": 900,
211
- "MemorySize": 128,
212
- "Handler": "index.handler",
213
- "Role": {
214
- "Fn::GetAtt": [
215
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
216
- "Arn"
217
- ]
218
- },
219
- "Runtime": "nodejs18.x",
220
- "Description": {
221
- "Fn::Join": [
222
- "",
223
- [
224
- "Lambda function for auto-deleting objects in ",
225
- {
226
- "Ref": "scrapBucketLog7B53B25C"
227
- },
228
- " S3 bucket."
229
- ]
230
- ]
231
- }
232
- },
233
- "DependsOn": [
234
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
235
- ],
236
- "Metadata": {
237
- "cfn_nag": {
238
- "rules_to_suppress": [
239
- {
240
- "id": "W58",
241
- "reason": "CDK generated custom resource"
242
- },
243
- {
244
- "id": "W89",
245
- "reason": "CDK generated custom resource"
246
- },
247
- {
248
- "id": "W92",
249
- "reason": "CDK generated custom resource"
250
- }
251
- ]
252
- }
253
- }
254
- },
255
- "scrapBucketB11863B7": {
256
- "Type": "AWS::S3::Bucket",
257
- "Properties": {
258
- "BucketEncryption": {
259
- "ServerSideEncryptionConfiguration": [
260
- {
261
- "ServerSideEncryptionByDefault": {
262
- "SSEAlgorithm": "AES256"
263
- }
264
- }
265
- ]
266
- },
267
- "LoggingConfiguration": {
268
- "DestinationBucketName": {
269
- "Ref": "scrapBucketLog7B53B25C"
270
- }
271
- },
272
- "Tags": [
273
- {
274
- "Key": "aws-cdk:auto-delete-objects",
275
- "Value": "true"
276
- }
277
- ],
278
- "VersioningConfiguration": {
279
- "Status": "Enabled"
280
- }
281
- },
282
- "UpdateReplacePolicy": "Delete",
283
- "DeletionPolicy": "Delete"
284
- },
285
- "scrapBucketPolicy189B0607": {
286
- "Type": "AWS::S3::BucketPolicy",
287
- "Properties": {
288
- "Bucket": {
289
- "Ref": "scrapBucketB11863B7"
290
- },
291
- "PolicyDocument": {
292
- "Statement": [
293
- {
294
- "Action": "s3:*",
295
- "Condition": {
296
- "Bool": {
297
- "aws:SecureTransport": "false"
298
- }
299
- },
300
- "Effect": "Deny",
301
- "Principal": {
302
- "AWS": "*"
303
- },
304
- "Resource": [
305
- {
306
- "Fn::GetAtt": [
307
- "scrapBucketB11863B7",
308
- "Arn"
309
- ]
310
- },
311
- {
312
- "Fn::Join": [
313
- "",
314
- [
315
- {
316
- "Fn::GetAtt": [
317
- "scrapBucketB11863B7",
318
- "Arn"
319
- ]
320
- },
321
- "/*"
322
- ]
323
- ]
324
- }
325
- ]
326
- },
327
- {
328
- "Action": [
329
- "s3:PutBucketPolicy",
330
- "s3:GetBucket*",
331
- "s3:List*",
332
- "s3:DeleteObject*"
333
- ],
334
- "Effect": "Allow",
335
- "Principal": {
336
- "AWS": {
337
- "Fn::GetAtt": [
338
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
339
- "Arn"
340
- ]
341
- }
342
- },
343
- "Resource": [
344
- {
345
- "Fn::GetAtt": [
346
- "scrapBucketB11863B7",
347
- "Arn"
348
- ]
349
- },
350
- {
351
- "Fn::Join": [
352
- "",
353
- [
354
- {
355
- "Fn::GetAtt": [
356
- "scrapBucketB11863B7",
357
- "Arn"
358
- ]
359
- },
360
- "/*"
361
- ]
362
- ]
363
- }
364
- ]
365
- },
366
- {
367
- "Action": "s3:GetObject",
368
- "Condition": {
369
- "StringEquals": {
370
- "AWS:SourceArn": {
371
- "Fn::Join": [
372
- "",
373
- [
374
- "arn:aws:cloudfront::",
375
- {
376
- "Ref": "AWS::AccountId"
377
- },
378
- ":distribution/",
379
- {
380
- "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
381
- }
382
- ]
383
- ]
384
- }
385
- }
386
- },
387
- "Effect": "Allow",
388
- "Principal": {
389
- "Service": "cloudfront.amazonaws.com"
390
- },
391
- "Resource": {
392
- "Fn::Join": [
393
- "",
394
- [
395
- {
396
- "Fn::GetAtt": [
397
- "scrapBucketB11863B7",
398
- "Arn"
399
- ]
400
- },
401
- "/*"
402
- ]
403
- ]
404
- }
405
- },
406
- {
407
- "Action": "s3:GetObject",
408
- "Effect": "Allow",
409
- "Principal": {
410
- "CanonicalUser": {
411
- "Fn::GetAtt": [
412
- "testcloudfronts3CloudFrontDistributionOrigin2S3OriginC54B5C65",
413
- "S3CanonicalUserId"
414
- ]
415
- }
416
- },
417
- "Resource": {
418
- "Fn::Join": [
419
- "",
420
- [
421
- {
422
- "Fn::GetAtt": [
423
- "scrapBucketB11863B7",
424
- "Arn"
425
- ]
426
- },
427
- "/*"
428
- ]
429
- ]
430
- }
431
- }
432
- ],
433
- "Version": "2012-10-17"
434
- }
435
- },
436
- "Metadata": {
437
- "cfn_nag": {
438
- "rules_to_suppress": [
439
- {
440
- "id": "F16",
441
- "reason": "Public website bucket policy requires a wildcard principal"
442
- }
443
- ]
444
- }
445
- }
446
- },
447
- "scrapBucketAutoDeleteObjectsCustomResourceFFFC3275": {
448
- "Type": "Custom::S3AutoDeleteObjects",
449
- "Properties": {
450
- "ServiceToken": {
451
- "Fn::GetAtt": [
452
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
453
- "Arn"
454
- ]
455
- },
456
- "BucketName": {
457
- "Ref": "scrapBucketB11863B7"
458
- }
459
- },
460
- "DependsOn": [
461
- "scrapBucketPolicy189B0607"
462
- ],
463
- "UpdateReplacePolicy": "Delete",
464
- "DeletionPolicy": "Delete"
465
- },
466
- "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
467
- "Type": "AWS::CloudFront::Function",
468
- "Properties": {
469
- "AutoPublish": true,
470
- "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
471
- "FunctionConfig": {
472
- "Comment": "SetHttpSecurityHeadersc8321a2c9fa54d380831d390bfbd7aff27f99fd427",
473
- "Runtime": "cloudfront-js-1.0"
474
- },
475
- "Name": "SetHttpSecurityHeadersc8321a2c9fa54d380831d390bfbd7aff27f99fd427"
476
- }
477
- },
478
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
479
- "Type": "AWS::S3::Bucket",
480
- "Properties": {
481
- "BucketEncryption": {
482
- "ServerSideEncryptionConfiguration": [
483
- {
484
- "ServerSideEncryptionByDefault": {
485
- "SSEAlgorithm": "AES256"
486
- }
487
- }
488
- ]
489
- },
490
- "OwnershipControls": {
491
- "Rules": [
492
- {
493
- "ObjectOwnership": "ObjectWriter"
494
- }
495
- ]
496
- },
497
- "PublicAccessBlockConfiguration": {
498
- "BlockPublicAcls": true,
499
- "BlockPublicPolicy": true,
500
- "IgnorePublicAcls": true,
501
- "RestrictPublicBuckets": true
502
- },
503
- "Tags": [
504
- {
505
- "Key": "aws-cdk:auto-delete-objects",
506
- "Value": "true"
507
- }
508
- ],
509
- "VersioningConfiguration": {
510
- "Status": "Enabled"
511
- }
512
- },
513
- "UpdateReplacePolicy": "Delete",
514
- "DeletionPolicy": "Delete",
515
- "Metadata": {
516
- "cfn_nag": {
517
- "rules_to_suppress": [
518
- {
519
- "id": "W35",
520
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
521
- }
522
- ]
523
- }
524
- }
525
- },
526
- "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
527
- "Type": "AWS::S3::BucketPolicy",
528
- "Properties": {
529
- "Bucket": {
530
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
531
- },
532
- "PolicyDocument": {
533
- "Statement": [
534
- {
535
- "Action": "s3:*",
536
- "Condition": {
537
- "Bool": {
538
- "aws:SecureTransport": "false"
539
- }
540
- },
541
- "Effect": "Deny",
542
- "Principal": {
543
- "AWS": "*"
544
- },
545
- "Resource": [
546
- {
547
- "Fn::GetAtt": [
548
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
549
- "Arn"
550
- ]
551
- },
552
- {
553
- "Fn::Join": [
554
- "",
555
- [
556
- {
557
- "Fn::GetAtt": [
558
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
559
- "Arn"
560
- ]
561
- },
562
- "/*"
563
- ]
564
- ]
565
- }
566
- ]
567
- },
568
- {
569
- "Action": [
570
- "s3:PutBucketPolicy",
571
- "s3:GetBucket*",
572
- "s3:List*",
573
- "s3:DeleteObject*"
574
- ],
575
- "Effect": "Allow",
576
- "Principal": {
577
- "AWS": {
578
- "Fn::GetAtt": [
579
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
580
- "Arn"
581
- ]
582
- }
583
- },
584
- "Resource": [
585
- {
586
- "Fn::GetAtt": [
587
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
588
- "Arn"
589
- ]
590
- },
591
- {
592
- "Fn::Join": [
593
- "",
594
- [
595
- {
596
- "Fn::GetAtt": [
597
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
598
- "Arn"
599
- ]
600
- },
601
- "/*"
602
- ]
603
- ]
604
- }
605
- ]
606
- },
607
- {
608
- "Action": "s3:PutObject",
609
- "Condition": {
610
- "ArnLike": {
611
- "aws:SourceArn": {
612
- "Fn::GetAtt": [
613
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
614
- "Arn"
615
- ]
616
- }
617
- },
618
- "StringEquals": {
619
- "aws:SourceAccount": {
620
- "Ref": "AWS::AccountId"
621
- }
622
- }
623
- },
624
- "Effect": "Allow",
625
- "Principal": {
626
- "Service": "logging.s3.amazonaws.com"
627
- },
628
- "Resource": {
629
- "Fn::Join": [
630
- "",
631
- [
632
- {
633
- "Fn::GetAtt": [
634
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
635
- "Arn"
636
- ]
637
- },
638
- "/*"
639
- ]
640
- ]
641
- }
642
- }
643
- ],
644
- "Version": "2012-10-17"
645
- }
646
- }
647
- },
648
- "testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
649
- "Type": "Custom::S3AutoDeleteObjects",
650
- "Properties": {
651
- "ServiceToken": {
652
- "Fn::GetAtt": [
653
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
654
- "Arn"
655
- ]
656
- },
657
- "BucketName": {
658
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
659
- }
660
- },
661
- "DependsOn": [
662
- "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
663
- ],
664
- "UpdateReplacePolicy": "Delete",
665
- "DeletionPolicy": "Delete"
666
- },
667
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
668
- "Type": "AWS::S3::Bucket",
669
- "Properties": {
670
- "AccessControl": "LogDeliveryWrite",
671
- "BucketEncryption": {
672
- "ServerSideEncryptionConfiguration": [
673
- {
674
- "ServerSideEncryptionByDefault": {
675
- "SSEAlgorithm": "AES256"
676
- }
677
- }
678
- ]
679
- },
680
- "LoggingConfiguration": {
681
- "DestinationBucketName": {
682
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
683
- }
684
- },
685
- "OwnershipControls": {
686
- "Rules": [
687
- {
688
- "ObjectOwnership": "ObjectWriter"
689
- }
690
- ]
691
- },
692
- "PublicAccessBlockConfiguration": {
693
- "BlockPublicAcls": true,
694
- "BlockPublicPolicy": true,
695
- "IgnorePublicAcls": true,
696
- "RestrictPublicBuckets": true
697
- },
698
- "Tags": [
699
- {
700
- "Key": "aws-cdk:auto-delete-objects",
701
- "Value": "true"
702
- }
703
- ],
704
- "VersioningConfiguration": {
705
- "Status": "Enabled"
706
- }
707
- },
708
- "UpdateReplacePolicy": "Delete",
709
- "DeletionPolicy": "Delete"
710
- },
711
- "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
712
- "Type": "AWS::S3::BucketPolicy",
713
- "Properties": {
714
- "Bucket": {
715
- "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
716
- },
717
- "PolicyDocument": {
718
- "Statement": [
719
- {
720
- "Action": "s3:*",
721
- "Condition": {
722
- "Bool": {
723
- "aws:SecureTransport": "false"
724
- }
725
- },
726
- "Effect": "Deny",
727
- "Principal": {
728
- "AWS": "*"
729
- },
730
- "Resource": [
731
- {
732
- "Fn::GetAtt": [
733
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
734
- "Arn"
735
- ]
736
- },
737
- {
738
- "Fn::Join": [
739
- "",
740
- [
741
- {
742
- "Fn::GetAtt": [
743
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
744
- "Arn"
745
- ]
746
- },
747
- "/*"
748
- ]
749
- ]
750
- }
751
- ]
752
- },
753
- {
754
- "Action": [
755
- "s3:PutBucketPolicy",
756
- "s3:GetBucket*",
757
- "s3:List*",
758
- "s3:DeleteObject*"
759
- ],
760
- "Effect": "Allow",
761
- "Principal": {
762
- "AWS": {
763
- "Fn::GetAtt": [
764
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
765
- "Arn"
766
- ]
767
- }
768
- },
769
- "Resource": [
770
- {
771
- "Fn::GetAtt": [
772
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
773
- "Arn"
774
- ]
775
- },
776
- {
777
- "Fn::Join": [
778
- "",
779
- [
780
- {
781
- "Fn::GetAtt": [
782
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
783
- "Arn"
784
- ]
785
- },
786
- "/*"
787
- ]
788
- ]
789
- }
790
- ]
791
- }
792
- ],
793
- "Version": "2012-10-17"
794
- }
795
- }
796
- },
797
- "testcloudfronts3CloudfrontLoggingBucketAutoDeleteObjectsCustomResource19604D88": {
798
- "Type": "Custom::S3AutoDeleteObjects",
799
- "Properties": {
800
- "ServiceToken": {
801
- "Fn::GetAtt": [
802
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
803
- "Arn"
804
- ]
805
- },
806
- "BucketName": {
807
- "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
808
- }
809
- },
810
- "DependsOn": [
811
- "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B"
812
- ],
813
- "UpdateReplacePolicy": "Delete",
814
- "DeletionPolicy": "Delete"
815
- },
816
- "testcloudfronts3CloudFrontOac7A951AA6": {
817
- "Type": "AWS::CloudFront::OriginAccessControl",
818
- "Properties": {
819
- "OriginAccessControlConfig": {
820
- "Description": "Origin access control provisioned by aws-cloudfront-s3",
821
- "Name": {
822
- "Fn::Join": [
823
- "",
824
- [
825
- "aws-cloudfront-s3-testnt-s3-",
826
- {
827
- "Fn::Select": [
828
- 2,
829
- {
830
- "Fn::Split": [
831
- "/",
832
- {
833
- "Ref": "AWS::StackId"
834
- }
835
- ]
836
- }
837
- ]
838
- }
839
- ]
840
- ]
841
- },
842
- "OriginAccessControlOriginType": "s3",
843
- "SigningBehavior": "always",
844
- "SigningProtocol": "sigv4"
845
- }
846
- }
847
- },
848
- "testcloudfronts3CloudFrontDistribution0565DEE8": {
849
- "Type": "AWS::CloudFront::Distribution",
850
- "Properties": {
851
- "DistributionConfig": {
852
- "CacheBehaviors": [
853
- {
854
- "CachePolicyId": {
855
- "Ref": "myCachePolicy16CE2FCF"
856
- },
857
- "Compress": true,
858
- "PathPattern": "/images/*.jpg",
859
- "TargetOriginId": "cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin28690577F",
860
- "ViewerProtocolPolicy": "allow-all"
861
- }
862
- ],
863
- "DefaultCacheBehavior": {
864
- "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
865
- "Compress": true,
866
- "FunctionAssociations": [
867
- {
868
- "EventType": "viewer-response",
869
- "FunctionARN": {
870
- "Fn::GetAtt": [
871
- "testcloudfronts3SetHttpSecurityHeaders6C5A1E69",
872
- "FunctionARN"
873
- ]
874
- }
875
- }
876
- ],
877
- "TargetOriginId": "cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin10617473F",
878
- "ViewerProtocolPolicy": "redirect-to-https"
879
- },
880
- "DefaultRootObject": "index.html",
881
- "Enabled": true,
882
- "HttpVersion": "http2",
883
- "IPV6Enabled": true,
884
- "Logging": {
885
- "Bucket": {
886
- "Fn::GetAtt": [
887
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
888
- "RegionalDomainName"
889
- ]
890
- }
891
- },
892
- "Origins": [
893
- {
894
- "DomainName": {
895
- "Fn::GetAtt": [
896
- "scrapBucketB11863B7",
897
- "RegionalDomainName"
898
- ]
899
- },
900
- "Id": "cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin10617473F",
901
- "OriginAccessControlId": {
902
- "Fn::GetAtt": [
903
- "testcloudfronts3CloudFrontOac7A951AA6",
904
- "Id"
905
- ]
906
- },
907
- "S3OriginConfig": {
908
- "OriginAccessIdentity": ""
909
- }
910
- },
911
- {
912
- "DomainName": {
913
- "Fn::GetAtt": [
914
- "scrapBucketB11863B7",
915
- "RegionalDomainName"
916
- ]
917
- },
918
- "Id": "cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin28690577F",
919
- "S3OriginConfig": {
920
- "OriginAccessIdentity": {
921
- "Fn::Join": [
922
- "",
923
- [
924
- "origin-access-identity/cloudfront/",
925
- {
926
- "Ref": "testcloudfronts3CloudFrontDistributionOrigin2S3OriginC54B5C65"
927
- }
928
- ]
929
- ]
930
- }
931
- }
932
- }
933
- ]
934
- }
935
- },
936
- "Metadata": {
937
- "cfn_nag": {
938
- "rules_to_suppress": [
939
- {
940
- "id": "W70",
941
- "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
942
- }
943
- ]
944
- }
945
- }
946
- },
947
- "testcloudfronts3CloudFrontDistributionOrigin2S3OriginC54B5C65": {
948
- "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
949
- "Properties": {
950
- "CloudFrontOriginAccessIdentityConfig": {
951
- "Comment": "Identity for cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin28690577F"
952
- }
953
- }
954
- },
955
- "myCachePolicy16CE2FCF": {
956
- "Type": "AWS::CloudFront::CachePolicy",
957
- "Properties": {
958
- "CachePolicyConfig": {
959
- "DefaultTTL": 0,
960
- "MaxTTL": 0,
961
- "MinTTL": 0,
962
- "Name": "MyPolicy",
963
- "ParametersInCacheKeyAndForwardedToOrigin": {
964
- "CookiesConfig": {
965
- "CookieBehavior": "none"
966
- },
967
- "EnableAcceptEncodingBrotli": false,
968
- "EnableAcceptEncodingGzip": false,
969
- "HeadersConfig": {
970
- "HeaderBehavior": "none"
971
- },
972
- "QueryStringsConfig": {
973
- "QueryStringBehavior": "none"
974
- }
975
- }
976
- }
977
- }
978
- }
979
- },
980
- "Parameters": {
981
- "BootstrapVersion": {
982
- "Type": "AWS::SSM::Parameter::Value<String>",
983
- "Default": "/cdk-bootstrap/hnb659fds/version",
984
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
985
- }
986
- },
987
- "Rules": {
988
- "CheckBootstrapVersion": {
989
- "Assertions": [
990
- {
991
- "Assert": {
992
- "Fn::Not": [
993
- {
994
- "Fn::Contains": [
995
- [
996
- "1",
997
- "2",
998
- "3",
999
- "4",
1000
- "5"
1001
- ],
1002
- {
1003
- "Ref": "BootstrapVersion"
1004
- }
1005
- ]
1006
- }
1007
- ]
1008
- },
1009
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1010
- }
1011
- ]
1012
- }
1013
- }
1014
- }