@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -1,926 +0,0 @@
1
- {
2
- "Description": "Integration Test for aws-cloudfront-s3",
3
- "Resources": {
4
- "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F": {
5
- "Type": "AWS::S3::Bucket",
6
- "Properties": {
7
- "BucketEncryption": {
8
- "ServerSideEncryptionConfiguration": [
9
- {
10
- "ServerSideEncryptionByDefault": {
11
- "SSEAlgorithm": "AES256"
12
- }
13
- }
14
- ]
15
- },
16
- "PublicAccessBlockConfiguration": {
17
- "BlockPublicAcls": true,
18
- "BlockPublicPolicy": true,
19
- "IgnorePublicAcls": true,
20
- "RestrictPublicBuckets": true
21
- },
22
- "Tags": [
23
- {
24
- "Key": "aws-cdk:auto-delete-objects",
25
- "Value": "true"
26
- }
27
- ],
28
- "VersioningConfiguration": {
29
- "Status": "Enabled"
30
- }
31
- },
32
- "UpdateReplacePolicy": "Delete",
33
- "DeletionPolicy": "Delete",
34
- "Metadata": {
35
- "cfn_nag": {
36
- "rules_to_suppress": [
37
- {
38
- "id": "W35",
39
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
40
- }
41
- ]
42
- }
43
- }
44
- },
45
- "testcloudfronts3nosecurityheadersS3LoggingBucketPolicy264DE8B6": {
46
- "Type": "AWS::S3::BucketPolicy",
47
- "Properties": {
48
- "Bucket": {
49
- "Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
50
- },
51
- "PolicyDocument": {
52
- "Statement": [
53
- {
54
- "Action": "s3:*",
55
- "Condition": {
56
- "Bool": {
57
- "aws:SecureTransport": "false"
58
- }
59
- },
60
- "Effect": "Deny",
61
- "Principal": {
62
- "AWS": "*"
63
- },
64
- "Resource": [
65
- {
66
- "Fn::GetAtt": [
67
- "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
68
- "Arn"
69
- ]
70
- },
71
- {
72
- "Fn::Join": [
73
- "",
74
- [
75
- {
76
- "Fn::GetAtt": [
77
- "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
78
- "Arn"
79
- ]
80
- },
81
- "/*"
82
- ]
83
- ]
84
- }
85
- ]
86
- },
87
- {
88
- "Action": [
89
- "s3:PutBucketPolicy",
90
- "s3:GetBucket*",
91
- "s3:List*",
92
- "s3:DeleteObject*"
93
- ],
94
- "Effect": "Allow",
95
- "Principal": {
96
- "AWS": {
97
- "Fn::GetAtt": [
98
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
99
- "Arn"
100
- ]
101
- }
102
- },
103
- "Resource": [
104
- {
105
- "Fn::GetAtt": [
106
- "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
107
- "Arn"
108
- ]
109
- },
110
- {
111
- "Fn::Join": [
112
- "",
113
- [
114
- {
115
- "Fn::GetAtt": [
116
- "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
117
- "Arn"
118
- ]
119
- },
120
- "/*"
121
- ]
122
- ]
123
- }
124
- ]
125
- },
126
- {
127
- "Action": "s3:PutObject",
128
- "Condition": {
129
- "ArnLike": {
130
- "aws:SourceArn": {
131
- "Fn::GetAtt": [
132
- "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
133
- "Arn"
134
- ]
135
- }
136
- },
137
- "StringEquals": {
138
- "aws:SourceAccount": {
139
- "Ref": "AWS::AccountId"
140
- }
141
- }
142
- },
143
- "Effect": "Allow",
144
- "Principal": {
145
- "Service": "logging.s3.amazonaws.com"
146
- },
147
- "Resource": {
148
- "Fn::Join": [
149
- "",
150
- [
151
- {
152
- "Fn::GetAtt": [
153
- "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
154
- "Arn"
155
- ]
156
- },
157
- "/*"
158
- ]
159
- ]
160
- }
161
- }
162
- ],
163
- "Version": "2012-10-17"
164
- }
165
- }
166
- },
167
- "testcloudfronts3nosecurityheadersS3LoggingBucketAutoDeleteObjectsCustomResourceB6D397D3": {
168
- "Type": "Custom::S3AutoDeleteObjects",
169
- "Properties": {
170
- "ServiceToken": {
171
- "Fn::GetAtt": [
172
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
173
- "Arn"
174
- ]
175
- },
176
- "BucketName": {
177
- "Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
178
- }
179
- },
180
- "DependsOn": [
181
- "testcloudfronts3nosecurityheadersS3LoggingBucketPolicy264DE8B6"
182
- ],
183
- "UpdateReplacePolicy": "Delete",
184
- "DeletionPolicy": "Delete"
185
- },
186
- "testcloudfronts3nosecurityheadersS3Bucket4D06173D": {
187
- "Type": "AWS::S3::Bucket",
188
- "Properties": {
189
- "BucketEncryption": {
190
- "ServerSideEncryptionConfiguration": [
191
- {
192
- "ServerSideEncryptionByDefault": {
193
- "SSEAlgorithm": "AES256"
194
- }
195
- }
196
- ]
197
- },
198
- "LifecycleConfiguration": {
199
- "Rules": [
200
- {
201
- "NoncurrentVersionTransitions": [
202
- {
203
- "StorageClass": "GLACIER",
204
- "TransitionInDays": 90
205
- }
206
- ],
207
- "Status": "Enabled"
208
- }
209
- ]
210
- },
211
- "LoggingConfiguration": {
212
- "DestinationBucketName": {
213
- "Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
214
- }
215
- },
216
- "PublicAccessBlockConfiguration": {
217
- "BlockPublicAcls": true,
218
- "BlockPublicPolicy": true,
219
- "IgnorePublicAcls": true,
220
- "RestrictPublicBuckets": true
221
- },
222
- "Tags": [
223
- {
224
- "Key": "aws-cdk:auto-delete-objects",
225
- "Value": "true"
226
- }
227
- ],
228
- "VersioningConfiguration": {
229
- "Status": "Enabled"
230
- }
231
- },
232
- "UpdateReplacePolicy": "Delete",
233
- "DeletionPolicy": "Delete"
234
- },
235
- "testcloudfronts3nosecurityheadersS3BucketPolicy99D27ED1": {
236
- "Type": "AWS::S3::BucketPolicy",
237
- "Properties": {
238
- "Bucket": {
239
- "Ref": "testcloudfronts3nosecurityheadersS3Bucket4D06173D"
240
- },
241
- "PolicyDocument": {
242
- "Statement": [
243
- {
244
- "Action": "s3:*",
245
- "Condition": {
246
- "Bool": {
247
- "aws:SecureTransport": "false"
248
- }
249
- },
250
- "Effect": "Deny",
251
- "Principal": {
252
- "AWS": "*"
253
- },
254
- "Resource": [
255
- {
256
- "Fn::GetAtt": [
257
- "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
258
- "Arn"
259
- ]
260
- },
261
- {
262
- "Fn::Join": [
263
- "",
264
- [
265
- {
266
- "Fn::GetAtt": [
267
- "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
268
- "Arn"
269
- ]
270
- },
271
- "/*"
272
- ]
273
- ]
274
- }
275
- ]
276
- },
277
- {
278
- "Action": [
279
- "s3:PutBucketPolicy",
280
- "s3:GetBucket*",
281
- "s3:List*",
282
- "s3:DeleteObject*"
283
- ],
284
- "Effect": "Allow",
285
- "Principal": {
286
- "AWS": {
287
- "Fn::GetAtt": [
288
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
289
- "Arn"
290
- ]
291
- }
292
- },
293
- "Resource": [
294
- {
295
- "Fn::GetAtt": [
296
- "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
297
- "Arn"
298
- ]
299
- },
300
- {
301
- "Fn::Join": [
302
- "",
303
- [
304
- {
305
- "Fn::GetAtt": [
306
- "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
307
- "Arn"
308
- ]
309
- },
310
- "/*"
311
- ]
312
- ]
313
- }
314
- ]
315
- },
316
- {
317
- "Action": "s3:GetObject",
318
- "Condition": {
319
- "StringEquals": {
320
- "AWS:SourceArn": {
321
- "Fn::Join": [
322
- "",
323
- [
324
- "arn:aws:cloudfront::",
325
- {
326
- "Ref": "AWS::AccountId"
327
- },
328
- ":distribution/",
329
- {
330
- "Ref": "testcloudfronts3nosecurityheadersCloudFrontDistribution3BC8CDED"
331
- }
332
- ]
333
- ]
334
- }
335
- }
336
- },
337
- "Effect": "Allow",
338
- "Principal": {
339
- "Service": "cloudfront.amazonaws.com"
340
- },
341
- "Resource": {
342
- "Fn::Join": [
343
- "",
344
- [
345
- {
346
- "Fn::GetAtt": [
347
- "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
348
- "Arn"
349
- ]
350
- },
351
- "/*"
352
- ]
353
- ]
354
- }
355
- }
356
- ],
357
- "Version": "2012-10-17"
358
- }
359
- },
360
- "Metadata": {
361
- "cfn_nag": {
362
- "rules_to_suppress": [
363
- {
364
- "id": "F16",
365
- "reason": "Public website bucket policy requires a wildcard principal"
366
- }
367
- ]
368
- }
369
- }
370
- },
371
- "testcloudfronts3nosecurityheadersS3BucketAutoDeleteObjectsCustomResource7011F955": {
372
- "Type": "Custom::S3AutoDeleteObjects",
373
- "Properties": {
374
- "ServiceToken": {
375
- "Fn::GetAtt": [
376
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
377
- "Arn"
378
- ]
379
- },
380
- "BucketName": {
381
- "Ref": "testcloudfronts3nosecurityheadersS3Bucket4D06173D"
382
- }
383
- },
384
- "DependsOn": [
385
- "testcloudfronts3nosecurityheadersS3BucketPolicy99D27ED1"
386
- ],
387
- "UpdateReplacePolicy": "Delete",
388
- "DeletionPolicy": "Delete"
389
- },
390
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1": {
391
- "Type": "AWS::S3::Bucket",
392
- "Properties": {
393
- "BucketEncryption": {
394
- "ServerSideEncryptionConfiguration": [
395
- {
396
- "ServerSideEncryptionByDefault": {
397
- "SSEAlgorithm": "AES256"
398
- }
399
- }
400
- ]
401
- },
402
- "OwnershipControls": {
403
- "Rules": [
404
- {
405
- "ObjectOwnership": "ObjectWriter"
406
- }
407
- ]
408
- },
409
- "PublicAccessBlockConfiguration": {
410
- "BlockPublicAcls": true,
411
- "BlockPublicPolicy": true,
412
- "IgnorePublicAcls": true,
413
- "RestrictPublicBuckets": true
414
- },
415
- "Tags": [
416
- {
417
- "Key": "aws-cdk:auto-delete-objects",
418
- "Value": "true"
419
- }
420
- ],
421
- "VersioningConfiguration": {
422
- "Status": "Enabled"
423
- }
424
- },
425
- "UpdateReplacePolicy": "Delete",
426
- "DeletionPolicy": "Delete",
427
- "Metadata": {
428
- "cfn_nag": {
429
- "rules_to_suppress": [
430
- {
431
- "id": "W35",
432
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
433
- }
434
- ]
435
- }
436
- }
437
- },
438
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogPolicy3DF5F522": {
439
- "Type": "AWS::S3::BucketPolicy",
440
- "Properties": {
441
- "Bucket": {
442
- "Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1"
443
- },
444
- "PolicyDocument": {
445
- "Statement": [
446
- {
447
- "Action": "s3:*",
448
- "Condition": {
449
- "Bool": {
450
- "aws:SecureTransport": "false"
451
- }
452
- },
453
- "Effect": "Deny",
454
- "Principal": {
455
- "AWS": "*"
456
- },
457
- "Resource": [
458
- {
459
- "Fn::GetAtt": [
460
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
461
- "Arn"
462
- ]
463
- },
464
- {
465
- "Fn::Join": [
466
- "",
467
- [
468
- {
469
- "Fn::GetAtt": [
470
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
471
- "Arn"
472
- ]
473
- },
474
- "/*"
475
- ]
476
- ]
477
- }
478
- ]
479
- },
480
- {
481
- "Action": [
482
- "s3:PutBucketPolicy",
483
- "s3:GetBucket*",
484
- "s3:List*",
485
- "s3:DeleteObject*"
486
- ],
487
- "Effect": "Allow",
488
- "Principal": {
489
- "AWS": {
490
- "Fn::GetAtt": [
491
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
492
- "Arn"
493
- ]
494
- }
495
- },
496
- "Resource": [
497
- {
498
- "Fn::GetAtt": [
499
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
500
- "Arn"
501
- ]
502
- },
503
- {
504
- "Fn::Join": [
505
- "",
506
- [
507
- {
508
- "Fn::GetAtt": [
509
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
510
- "Arn"
511
- ]
512
- },
513
- "/*"
514
- ]
515
- ]
516
- }
517
- ]
518
- },
519
- {
520
- "Action": "s3:PutObject",
521
- "Condition": {
522
- "ArnLike": {
523
- "aws:SourceArn": {
524
- "Fn::GetAtt": [
525
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
526
- "Arn"
527
- ]
528
- }
529
- },
530
- "StringEquals": {
531
- "aws:SourceAccount": {
532
- "Ref": "AWS::AccountId"
533
- }
534
- }
535
- },
536
- "Effect": "Allow",
537
- "Principal": {
538
- "Service": "logging.s3.amazonaws.com"
539
- },
540
- "Resource": {
541
- "Fn::Join": [
542
- "",
543
- [
544
- {
545
- "Fn::GetAtt": [
546
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
547
- "Arn"
548
- ]
549
- },
550
- "/*"
551
- ]
552
- ]
553
- }
554
- }
555
- ],
556
- "Version": "2012-10-17"
557
- }
558
- }
559
- },
560
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource20738403": {
561
- "Type": "Custom::S3AutoDeleteObjects",
562
- "Properties": {
563
- "ServiceToken": {
564
- "Fn::GetAtt": [
565
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
566
- "Arn"
567
- ]
568
- },
569
- "BucketName": {
570
- "Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1"
571
- }
572
- },
573
- "DependsOn": [
574
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogPolicy3DF5F522"
575
- ],
576
- "UpdateReplacePolicy": "Delete",
577
- "DeletionPolicy": "Delete"
578
- },
579
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5": {
580
- "Type": "AWS::S3::Bucket",
581
- "Properties": {
582
- "AccessControl": "LogDeliveryWrite",
583
- "BucketEncryption": {
584
- "ServerSideEncryptionConfiguration": [
585
- {
586
- "ServerSideEncryptionByDefault": {
587
- "SSEAlgorithm": "AES256"
588
- }
589
- }
590
- ]
591
- },
592
- "LoggingConfiguration": {
593
- "DestinationBucketName": {
594
- "Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1"
595
- }
596
- },
597
- "OwnershipControls": {
598
- "Rules": [
599
- {
600
- "ObjectOwnership": "ObjectWriter"
601
- }
602
- ]
603
- },
604
- "PublicAccessBlockConfiguration": {
605
- "BlockPublicAcls": true,
606
- "BlockPublicPolicy": true,
607
- "IgnorePublicAcls": true,
608
- "RestrictPublicBuckets": true
609
- },
610
- "Tags": [
611
- {
612
- "Key": "aws-cdk:auto-delete-objects",
613
- "Value": "true"
614
- }
615
- ],
616
- "VersioningConfiguration": {
617
- "Status": "Enabled"
618
- }
619
- },
620
- "UpdateReplacePolicy": "Delete",
621
- "DeletionPolicy": "Delete"
622
- },
623
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketPolicy7D709982": {
624
- "Type": "AWS::S3::BucketPolicy",
625
- "Properties": {
626
- "Bucket": {
627
- "Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5"
628
- },
629
- "PolicyDocument": {
630
- "Statement": [
631
- {
632
- "Action": "s3:*",
633
- "Condition": {
634
- "Bool": {
635
- "aws:SecureTransport": "false"
636
- }
637
- },
638
- "Effect": "Deny",
639
- "Principal": {
640
- "AWS": "*"
641
- },
642
- "Resource": [
643
- {
644
- "Fn::GetAtt": [
645
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
646
- "Arn"
647
- ]
648
- },
649
- {
650
- "Fn::Join": [
651
- "",
652
- [
653
- {
654
- "Fn::GetAtt": [
655
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
656
- "Arn"
657
- ]
658
- },
659
- "/*"
660
- ]
661
- ]
662
- }
663
- ]
664
- },
665
- {
666
- "Action": [
667
- "s3:PutBucketPolicy",
668
- "s3:GetBucket*",
669
- "s3:List*",
670
- "s3:DeleteObject*"
671
- ],
672
- "Effect": "Allow",
673
- "Principal": {
674
- "AWS": {
675
- "Fn::GetAtt": [
676
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
677
- "Arn"
678
- ]
679
- }
680
- },
681
- "Resource": [
682
- {
683
- "Fn::GetAtt": [
684
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
685
- "Arn"
686
- ]
687
- },
688
- {
689
- "Fn::Join": [
690
- "",
691
- [
692
- {
693
- "Fn::GetAtt": [
694
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
695
- "Arn"
696
- ]
697
- },
698
- "/*"
699
- ]
700
- ]
701
- }
702
- ]
703
- }
704
- ],
705
- "Version": "2012-10-17"
706
- }
707
- }
708
- },
709
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAutoDeleteObjectsCustomResource5BEC5CA0": {
710
- "Type": "Custom::S3AutoDeleteObjects",
711
- "Properties": {
712
- "ServiceToken": {
713
- "Fn::GetAtt": [
714
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
715
- "Arn"
716
- ]
717
- },
718
- "BucketName": {
719
- "Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5"
720
- }
721
- },
722
- "DependsOn": [
723
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketPolicy7D709982"
724
- ],
725
- "UpdateReplacePolicy": "Delete",
726
- "DeletionPolicy": "Delete"
727
- },
728
- "testcloudfronts3nosecurityheadersCloudFrontOac7954FB73": {
729
- "Type": "AWS::CloudFront::OriginAccessControl",
730
- "Properties": {
731
- "OriginAccessControlConfig": {
732
- "Description": "Origin access control provisioned by aws-cloudfront-s3",
733
- "Name": {
734
- "Fn::Join": [
735
- "",
736
- [
737
- "aws-cloudfront-s3-testaders-",
738
- {
739
- "Fn::Select": [
740
- 2,
741
- {
742
- "Fn::Split": [
743
- "/",
744
- {
745
- "Ref": "AWS::StackId"
746
- }
747
- ]
748
- }
749
- ]
750
- }
751
- ]
752
- ]
753
- },
754
- "OriginAccessControlOriginType": "s3",
755
- "SigningBehavior": "always",
756
- "SigningProtocol": "sigv4"
757
- }
758
- }
759
- },
760
- "testcloudfronts3nosecurityheadersCloudFrontDistribution3BC8CDED": {
761
- "Type": "AWS::CloudFront::Distribution",
762
- "Properties": {
763
- "DistributionConfig": {
764
- "DefaultCacheBehavior": {
765
- "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
766
- "Compress": true,
767
- "TargetOriginId": "cfts3nosecurityheaderstestcloudfronts3nosecurityheadersCloudFrontDistributionOrigin1A0125E27",
768
- "ViewerProtocolPolicy": "redirect-to-https"
769
- },
770
- "DefaultRootObject": "index.html",
771
- "Enabled": true,
772
- "HttpVersion": "http2",
773
- "IPV6Enabled": true,
774
- "Logging": {
775
- "Bucket": {
776
- "Fn::GetAtt": [
777
- "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
778
- "RegionalDomainName"
779
- ]
780
- }
781
- },
782
- "Origins": [
783
- {
784
- "DomainName": {
785
- "Fn::GetAtt": [
786
- "testcloudfronts3nosecurityheadersS3Bucket4D06173D",
787
- "RegionalDomainName"
788
- ]
789
- },
790
- "Id": "cfts3nosecurityheaderstestcloudfronts3nosecurityheadersCloudFrontDistributionOrigin1A0125E27",
791
- "OriginAccessControlId": {
792
- "Fn::GetAtt": [
793
- "testcloudfronts3nosecurityheadersCloudFrontOac7954FB73",
794
- "Id"
795
- ]
796
- },
797
- "S3OriginConfig": {
798
- "OriginAccessIdentity": ""
799
- }
800
- }
801
- ]
802
- }
803
- },
804
- "Metadata": {
805
- "cfn_nag": {
806
- "rules_to_suppress": [
807
- {
808
- "id": "W70",
809
- "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
810
- }
811
- ]
812
- }
813
- }
814
- },
815
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
816
- "Type": "AWS::IAM::Role",
817
- "Properties": {
818
- "AssumeRolePolicyDocument": {
819
- "Version": "2012-10-17",
820
- "Statement": [
821
- {
822
- "Action": "sts:AssumeRole",
823
- "Effect": "Allow",
824
- "Principal": {
825
- "Service": "lambda.amazonaws.com"
826
- }
827
- }
828
- ]
829
- },
830
- "ManagedPolicyArns": [
831
- {
832
- "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
833
- }
834
- ]
835
- }
836
- },
837
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
838
- "Type": "AWS::Lambda::Function",
839
- "Properties": {
840
- "Code": {
841
- "S3Bucket": {
842
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
843
- },
844
- "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
845
- },
846
- "Timeout": 900,
847
- "MemorySize": 128,
848
- "Handler": "index.handler",
849
- "Role": {
850
- "Fn::GetAtt": [
851
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
852
- "Arn"
853
- ]
854
- },
855
- "Runtime": "nodejs18.x",
856
- "Description": {
857
- "Fn::Join": [
858
- "",
859
- [
860
- "Lambda function for auto-deleting objects in ",
861
- {
862
- "Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
863
- },
864
- " S3 bucket."
865
- ]
866
- ]
867
- }
868
- },
869
- "DependsOn": [
870
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
871
- ],
872
- "Metadata": {
873
- "cfn_nag": {
874
- "rules_to_suppress": [
875
- {
876
- "id": "W58",
877
- "reason": "CDK generated custom resource"
878
- },
879
- {
880
- "id": "W89",
881
- "reason": "CDK generated custom resource"
882
- },
883
- {
884
- "id": "W92",
885
- "reason": "CDK generated custom resource"
886
- }
887
- ]
888
- }
889
- }
890
- }
891
- },
892
- "Parameters": {
893
- "BootstrapVersion": {
894
- "Type": "AWS::SSM::Parameter::Value<String>",
895
- "Default": "/cdk-bootstrap/hnb659fds/version",
896
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
897
- }
898
- },
899
- "Rules": {
900
- "CheckBootstrapVersion": {
901
- "Assertions": [
902
- {
903
- "Assert": {
904
- "Fn::Not": [
905
- {
906
- "Fn::Contains": [
907
- [
908
- "1",
909
- "2",
910
- "3",
911
- "4",
912
- "5"
913
- ],
914
- {
915
- "Ref": "BootstrapVersion"
916
- }
917
- ]
918
- }
919
- ]
920
- },
921
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
922
- }
923
- ]
924
- }
925
- }
926
- }