@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -0,0 +1,981 @@
1
+ {
2
+ "Description": "Integration Test for aws-cloudfront-s3",
3
+ "Resources": {
4
+ "MyFunction3BAA72D1": {
5
+ "Type": "AWS::CloudFront::Function",
6
+ "Properties": {
7
+ "AutoPublish": true,
8
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; base-uri 'self'; img-src 'self'; script-src 'self'; style-src 'self' https:; object-src 'none'; frame-ancestors 'none'; font-src 'self' https:; form-action 'self'; manifest-src 'self'; connect-src 'self'\" }; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; headers['referrer-policy'] = { value: 'same-origin' }; return response; }",
9
+ "FunctionConfig": {
10
+ "Comment": {
11
+ "Fn::Join": [
12
+ "",
13
+ [
14
+ {
15
+ "Ref": "AWS::Region"
16
+ },
17
+ "cfts3customheadersMyFunction7C965360"
18
+ ]
19
+ ]
20
+ },
21
+ "Runtime": "cloudfront-js-1.0"
22
+ },
23
+ "Name": {
24
+ "Fn::Join": [
25
+ "",
26
+ [
27
+ {
28
+ "Ref": "AWS::Region"
29
+ },
30
+ "cfts3customheadersMyFunction7C965360"
31
+ ]
32
+ ]
33
+ }
34
+ }
35
+ },
36
+ "testcloudfronts3S3LoggingBucket90D239DD": {
37
+ "Type": "AWS::S3::Bucket",
38
+ "Properties": {
39
+ "BucketEncryption": {
40
+ "ServerSideEncryptionConfiguration": [
41
+ {
42
+ "ServerSideEncryptionByDefault": {
43
+ "SSEAlgorithm": "AES256"
44
+ }
45
+ }
46
+ ]
47
+ },
48
+ "PublicAccessBlockConfiguration": {
49
+ "BlockPublicAcls": true,
50
+ "BlockPublicPolicy": true,
51
+ "IgnorePublicAcls": true,
52
+ "RestrictPublicBuckets": true
53
+ },
54
+ "Tags": [
55
+ {
56
+ "Key": "aws-cdk:auto-delete-objects",
57
+ "Value": "true"
58
+ }
59
+ ],
60
+ "VersioningConfiguration": {
61
+ "Status": "Enabled"
62
+ }
63
+ },
64
+ "UpdateReplacePolicy": "Delete",
65
+ "DeletionPolicy": "Delete",
66
+ "Metadata": {
67
+ "cfn_nag": {
68
+ "rules_to_suppress": [
69
+ {
70
+ "id": "W35",
71
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
72
+ }
73
+ ]
74
+ }
75
+ }
76
+ },
77
+ "testcloudfronts3S3LoggingBucketPolicy529D4CFF": {
78
+ "Type": "AWS::S3::BucketPolicy",
79
+ "Properties": {
80
+ "Bucket": {
81
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
82
+ },
83
+ "PolicyDocument": {
84
+ "Statement": [
85
+ {
86
+ "Action": "s3:*",
87
+ "Condition": {
88
+ "Bool": {
89
+ "aws:SecureTransport": "false"
90
+ }
91
+ },
92
+ "Effect": "Deny",
93
+ "Principal": {
94
+ "AWS": "*"
95
+ },
96
+ "Resource": [
97
+ {
98
+ "Fn::GetAtt": [
99
+ "testcloudfronts3S3LoggingBucket90D239DD",
100
+ "Arn"
101
+ ]
102
+ },
103
+ {
104
+ "Fn::Join": [
105
+ "",
106
+ [
107
+ {
108
+ "Fn::GetAtt": [
109
+ "testcloudfronts3S3LoggingBucket90D239DD",
110
+ "Arn"
111
+ ]
112
+ },
113
+ "/*"
114
+ ]
115
+ ]
116
+ }
117
+ ]
118
+ },
119
+ {
120
+ "Action": [
121
+ "s3:DeleteObject*",
122
+ "s3:GetBucket*",
123
+ "s3:List*",
124
+ "s3:PutBucketPolicy"
125
+ ],
126
+ "Effect": "Allow",
127
+ "Principal": {
128
+ "AWS": {
129
+ "Fn::GetAtt": [
130
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
131
+ "Arn"
132
+ ]
133
+ }
134
+ },
135
+ "Resource": [
136
+ {
137
+ "Fn::GetAtt": [
138
+ "testcloudfronts3S3LoggingBucket90D239DD",
139
+ "Arn"
140
+ ]
141
+ },
142
+ {
143
+ "Fn::Join": [
144
+ "",
145
+ [
146
+ {
147
+ "Fn::GetAtt": [
148
+ "testcloudfronts3S3LoggingBucket90D239DD",
149
+ "Arn"
150
+ ]
151
+ },
152
+ "/*"
153
+ ]
154
+ ]
155
+ }
156
+ ]
157
+ },
158
+ {
159
+ "Action": "s3:PutObject",
160
+ "Condition": {
161
+ "ArnLike": {
162
+ "aws:SourceArn": {
163
+ "Fn::GetAtt": [
164
+ "testcloudfronts3S3BucketE0C5F76E",
165
+ "Arn"
166
+ ]
167
+ }
168
+ },
169
+ "StringEquals": {
170
+ "aws:SourceAccount": {
171
+ "Ref": "AWS::AccountId"
172
+ }
173
+ }
174
+ },
175
+ "Effect": "Allow",
176
+ "Principal": {
177
+ "Service": "logging.s3.amazonaws.com"
178
+ },
179
+ "Resource": {
180
+ "Fn::Join": [
181
+ "",
182
+ [
183
+ {
184
+ "Fn::GetAtt": [
185
+ "testcloudfronts3S3LoggingBucket90D239DD",
186
+ "Arn"
187
+ ]
188
+ },
189
+ "/*"
190
+ ]
191
+ ]
192
+ }
193
+ }
194
+ ],
195
+ "Version": "2012-10-17"
196
+ }
197
+ }
198
+ },
199
+ "testcloudfronts3S3LoggingBucketAutoDeleteObjectsCustomResource6EE37727": {
200
+ "Type": "Custom::S3AutoDeleteObjects",
201
+ "Properties": {
202
+ "ServiceToken": {
203
+ "Fn::GetAtt": [
204
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
205
+ "Arn"
206
+ ]
207
+ },
208
+ "BucketName": {
209
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
210
+ }
211
+ },
212
+ "DependsOn": [
213
+ "testcloudfronts3S3LoggingBucketPolicy529D4CFF"
214
+ ],
215
+ "UpdateReplacePolicy": "Delete",
216
+ "DeletionPolicy": "Delete"
217
+ },
218
+ "testcloudfronts3S3BucketE0C5F76E": {
219
+ "Type": "AWS::S3::Bucket",
220
+ "Properties": {
221
+ "BucketEncryption": {
222
+ "ServerSideEncryptionConfiguration": [
223
+ {
224
+ "ServerSideEncryptionByDefault": {
225
+ "SSEAlgorithm": "AES256"
226
+ }
227
+ }
228
+ ]
229
+ },
230
+ "LifecycleConfiguration": {
231
+ "Rules": [
232
+ {
233
+ "NoncurrentVersionTransitions": [
234
+ {
235
+ "StorageClass": "GLACIER",
236
+ "TransitionInDays": 90
237
+ }
238
+ ],
239
+ "Status": "Enabled"
240
+ }
241
+ ]
242
+ },
243
+ "LoggingConfiguration": {
244
+ "DestinationBucketName": {
245
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
246
+ }
247
+ },
248
+ "PublicAccessBlockConfiguration": {
249
+ "BlockPublicAcls": true,
250
+ "BlockPublicPolicy": true,
251
+ "IgnorePublicAcls": true,
252
+ "RestrictPublicBuckets": true
253
+ },
254
+ "Tags": [
255
+ {
256
+ "Key": "aws-cdk:auto-delete-objects",
257
+ "Value": "true"
258
+ }
259
+ ],
260
+ "VersioningConfiguration": {
261
+ "Status": "Enabled"
262
+ }
263
+ },
264
+ "UpdateReplacePolicy": "Delete",
265
+ "DeletionPolicy": "Delete"
266
+ },
267
+ "testcloudfronts3S3BucketPolicy250F1F61": {
268
+ "Type": "AWS::S3::BucketPolicy",
269
+ "Properties": {
270
+ "Bucket": {
271
+ "Ref": "testcloudfronts3S3BucketE0C5F76E"
272
+ },
273
+ "PolicyDocument": {
274
+ "Statement": [
275
+ {
276
+ "Action": "s3:*",
277
+ "Condition": {
278
+ "Bool": {
279
+ "aws:SecureTransport": "false"
280
+ }
281
+ },
282
+ "Effect": "Deny",
283
+ "Principal": {
284
+ "AWS": "*"
285
+ },
286
+ "Resource": [
287
+ {
288
+ "Fn::GetAtt": [
289
+ "testcloudfronts3S3BucketE0C5F76E",
290
+ "Arn"
291
+ ]
292
+ },
293
+ {
294
+ "Fn::Join": [
295
+ "",
296
+ [
297
+ {
298
+ "Fn::GetAtt": [
299
+ "testcloudfronts3S3BucketE0C5F76E",
300
+ "Arn"
301
+ ]
302
+ },
303
+ "/*"
304
+ ]
305
+ ]
306
+ }
307
+ ]
308
+ },
309
+ {
310
+ "Action": [
311
+ "s3:DeleteObject*",
312
+ "s3:GetBucket*",
313
+ "s3:List*",
314
+ "s3:PutBucketPolicy"
315
+ ],
316
+ "Effect": "Allow",
317
+ "Principal": {
318
+ "AWS": {
319
+ "Fn::GetAtt": [
320
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
321
+ "Arn"
322
+ ]
323
+ }
324
+ },
325
+ "Resource": [
326
+ {
327
+ "Fn::GetAtt": [
328
+ "testcloudfronts3S3BucketE0C5F76E",
329
+ "Arn"
330
+ ]
331
+ },
332
+ {
333
+ "Fn::Join": [
334
+ "",
335
+ [
336
+ {
337
+ "Fn::GetAtt": [
338
+ "testcloudfronts3S3BucketE0C5F76E",
339
+ "Arn"
340
+ ]
341
+ },
342
+ "/*"
343
+ ]
344
+ ]
345
+ }
346
+ ]
347
+ },
348
+ {
349
+ "Action": "s3:GetObject",
350
+ "Condition": {
351
+ "StringEquals": {
352
+ "AWS:SourceArn": {
353
+ "Fn::Join": [
354
+ "",
355
+ [
356
+ "arn:aws:cloudfront::",
357
+ {
358
+ "Ref": "AWS::AccountId"
359
+ },
360
+ ":distribution/",
361
+ {
362
+ "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
363
+ }
364
+ ]
365
+ ]
366
+ }
367
+ }
368
+ },
369
+ "Effect": "Allow",
370
+ "Principal": {
371
+ "Service": "cloudfront.amazonaws.com"
372
+ },
373
+ "Resource": {
374
+ "Fn::Join": [
375
+ "",
376
+ [
377
+ {
378
+ "Fn::GetAtt": [
379
+ "testcloudfronts3S3BucketE0C5F76E",
380
+ "Arn"
381
+ ]
382
+ },
383
+ "/*"
384
+ ]
385
+ ]
386
+ }
387
+ }
388
+ ],
389
+ "Version": "2012-10-17"
390
+ }
391
+ },
392
+ "Metadata": {
393
+ "cfn_nag": {
394
+ "rules_to_suppress": [
395
+ {
396
+ "id": "F16",
397
+ "reason": "Public website bucket policy requires a wildcard principal"
398
+ }
399
+ ]
400
+ }
401
+ }
402
+ },
403
+ "testcloudfronts3S3BucketAutoDeleteObjectsCustomResourceA13DD8F7": {
404
+ "Type": "Custom::S3AutoDeleteObjects",
405
+ "Properties": {
406
+ "ServiceToken": {
407
+ "Fn::GetAtt": [
408
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
409
+ "Arn"
410
+ ]
411
+ },
412
+ "BucketName": {
413
+ "Ref": "testcloudfronts3S3BucketE0C5F76E"
414
+ }
415
+ },
416
+ "DependsOn": [
417
+ "testcloudfronts3S3BucketPolicy250F1F61"
418
+ ],
419
+ "UpdateReplacePolicy": "Delete",
420
+ "DeletionPolicy": "Delete"
421
+ },
422
+ "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
423
+ "Type": "AWS::CloudFront::Function",
424
+ "Properties": {
425
+ "AutoPublish": true,
426
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
427
+ "FunctionConfig": {
428
+ "Comment": "SetHttpSecurityHeadersc8da5865185980f6eb00e7dd351786a8b49cd2929e",
429
+ "Runtime": "cloudfront-js-1.0"
430
+ },
431
+ "Name": "SetHttpSecurityHeadersc8da5865185980f6eb00e7dd351786a8b49cd2929e"
432
+ }
433
+ },
434
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
435
+ "Type": "AWS::S3::Bucket",
436
+ "Properties": {
437
+ "BucketEncryption": {
438
+ "ServerSideEncryptionConfiguration": [
439
+ {
440
+ "ServerSideEncryptionByDefault": {
441
+ "SSEAlgorithm": "AES256"
442
+ }
443
+ }
444
+ ]
445
+ },
446
+ "OwnershipControls": {
447
+ "Rules": [
448
+ {
449
+ "ObjectOwnership": "ObjectWriter"
450
+ }
451
+ ]
452
+ },
453
+ "PublicAccessBlockConfiguration": {
454
+ "BlockPublicAcls": true,
455
+ "BlockPublicPolicy": true,
456
+ "IgnorePublicAcls": true,
457
+ "RestrictPublicBuckets": true
458
+ },
459
+ "Tags": [
460
+ {
461
+ "Key": "aws-cdk:auto-delete-objects",
462
+ "Value": "true"
463
+ }
464
+ ],
465
+ "VersioningConfiguration": {
466
+ "Status": "Enabled"
467
+ }
468
+ },
469
+ "UpdateReplacePolicy": "Delete",
470
+ "DeletionPolicy": "Delete",
471
+ "Metadata": {
472
+ "cfn_nag": {
473
+ "rules_to_suppress": [
474
+ {
475
+ "id": "W35",
476
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
477
+ }
478
+ ]
479
+ }
480
+ }
481
+ },
482
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
483
+ "Type": "AWS::S3::BucketPolicy",
484
+ "Properties": {
485
+ "Bucket": {
486
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
487
+ },
488
+ "PolicyDocument": {
489
+ "Statement": [
490
+ {
491
+ "Action": "s3:*",
492
+ "Condition": {
493
+ "Bool": {
494
+ "aws:SecureTransport": "false"
495
+ }
496
+ },
497
+ "Effect": "Deny",
498
+ "Principal": {
499
+ "AWS": "*"
500
+ },
501
+ "Resource": [
502
+ {
503
+ "Fn::GetAtt": [
504
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
505
+ "Arn"
506
+ ]
507
+ },
508
+ {
509
+ "Fn::Join": [
510
+ "",
511
+ [
512
+ {
513
+ "Fn::GetAtt": [
514
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
515
+ "Arn"
516
+ ]
517
+ },
518
+ "/*"
519
+ ]
520
+ ]
521
+ }
522
+ ]
523
+ },
524
+ {
525
+ "Action": [
526
+ "s3:DeleteObject*",
527
+ "s3:GetBucket*",
528
+ "s3:List*",
529
+ "s3:PutBucketPolicy"
530
+ ],
531
+ "Effect": "Allow",
532
+ "Principal": {
533
+ "AWS": {
534
+ "Fn::GetAtt": [
535
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
536
+ "Arn"
537
+ ]
538
+ }
539
+ },
540
+ "Resource": [
541
+ {
542
+ "Fn::GetAtt": [
543
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
544
+ "Arn"
545
+ ]
546
+ },
547
+ {
548
+ "Fn::Join": [
549
+ "",
550
+ [
551
+ {
552
+ "Fn::GetAtt": [
553
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
554
+ "Arn"
555
+ ]
556
+ },
557
+ "/*"
558
+ ]
559
+ ]
560
+ }
561
+ ]
562
+ },
563
+ {
564
+ "Action": "s3:PutObject",
565
+ "Condition": {
566
+ "ArnLike": {
567
+ "aws:SourceArn": {
568
+ "Fn::GetAtt": [
569
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
570
+ "Arn"
571
+ ]
572
+ }
573
+ },
574
+ "StringEquals": {
575
+ "aws:SourceAccount": {
576
+ "Ref": "AWS::AccountId"
577
+ }
578
+ }
579
+ },
580
+ "Effect": "Allow",
581
+ "Principal": {
582
+ "Service": "logging.s3.amazonaws.com"
583
+ },
584
+ "Resource": {
585
+ "Fn::Join": [
586
+ "",
587
+ [
588
+ {
589
+ "Fn::GetAtt": [
590
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
591
+ "Arn"
592
+ ]
593
+ },
594
+ "/*"
595
+ ]
596
+ ]
597
+ }
598
+ }
599
+ ],
600
+ "Version": "2012-10-17"
601
+ }
602
+ }
603
+ },
604
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
605
+ "Type": "Custom::S3AutoDeleteObjects",
606
+ "Properties": {
607
+ "ServiceToken": {
608
+ "Fn::GetAtt": [
609
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
610
+ "Arn"
611
+ ]
612
+ },
613
+ "BucketName": {
614
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
615
+ }
616
+ },
617
+ "DependsOn": [
618
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
619
+ ],
620
+ "UpdateReplacePolicy": "Delete",
621
+ "DeletionPolicy": "Delete"
622
+ },
623
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
624
+ "Type": "AWS::S3::Bucket",
625
+ "Properties": {
626
+ "AccessControl": "LogDeliveryWrite",
627
+ "BucketEncryption": {
628
+ "ServerSideEncryptionConfiguration": [
629
+ {
630
+ "ServerSideEncryptionByDefault": {
631
+ "SSEAlgorithm": "AES256"
632
+ }
633
+ }
634
+ ]
635
+ },
636
+ "LoggingConfiguration": {
637
+ "DestinationBucketName": {
638
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
639
+ }
640
+ },
641
+ "OwnershipControls": {
642
+ "Rules": [
643
+ {
644
+ "ObjectOwnership": "ObjectWriter"
645
+ }
646
+ ]
647
+ },
648
+ "PublicAccessBlockConfiguration": {
649
+ "BlockPublicAcls": true,
650
+ "BlockPublicPolicy": true,
651
+ "IgnorePublicAcls": true,
652
+ "RestrictPublicBuckets": true
653
+ },
654
+ "Tags": [
655
+ {
656
+ "Key": "aws-cdk:auto-delete-objects",
657
+ "Value": "true"
658
+ }
659
+ ],
660
+ "VersioningConfiguration": {
661
+ "Status": "Enabled"
662
+ }
663
+ },
664
+ "UpdateReplacePolicy": "Delete",
665
+ "DeletionPolicy": "Delete"
666
+ },
667
+ "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
668
+ "Type": "AWS::S3::BucketPolicy",
669
+ "Properties": {
670
+ "Bucket": {
671
+ "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
672
+ },
673
+ "PolicyDocument": {
674
+ "Statement": [
675
+ {
676
+ "Action": "s3:*",
677
+ "Condition": {
678
+ "Bool": {
679
+ "aws:SecureTransport": "false"
680
+ }
681
+ },
682
+ "Effect": "Deny",
683
+ "Principal": {
684
+ "AWS": "*"
685
+ },
686
+ "Resource": [
687
+ {
688
+ "Fn::GetAtt": [
689
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
690
+ "Arn"
691
+ ]
692
+ },
693
+ {
694
+ "Fn::Join": [
695
+ "",
696
+ [
697
+ {
698
+ "Fn::GetAtt": [
699
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
700
+ "Arn"
701
+ ]
702
+ },
703
+ "/*"
704
+ ]
705
+ ]
706
+ }
707
+ ]
708
+ },
709
+ {
710
+ "Action": [
711
+ "s3:DeleteObject*",
712
+ "s3:GetBucket*",
713
+ "s3:List*",
714
+ "s3:PutBucketPolicy"
715
+ ],
716
+ "Effect": "Allow",
717
+ "Principal": {
718
+ "AWS": {
719
+ "Fn::GetAtt": [
720
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
721
+ "Arn"
722
+ ]
723
+ }
724
+ },
725
+ "Resource": [
726
+ {
727
+ "Fn::GetAtt": [
728
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
729
+ "Arn"
730
+ ]
731
+ },
732
+ {
733
+ "Fn::Join": [
734
+ "",
735
+ [
736
+ {
737
+ "Fn::GetAtt": [
738
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
739
+ "Arn"
740
+ ]
741
+ },
742
+ "/*"
743
+ ]
744
+ ]
745
+ }
746
+ ]
747
+ }
748
+ ],
749
+ "Version": "2012-10-17"
750
+ }
751
+ }
752
+ },
753
+ "testcloudfronts3CloudfrontLoggingBucketAutoDeleteObjectsCustomResource19604D88": {
754
+ "Type": "Custom::S3AutoDeleteObjects",
755
+ "Properties": {
756
+ "ServiceToken": {
757
+ "Fn::GetAtt": [
758
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
759
+ "Arn"
760
+ ]
761
+ },
762
+ "BucketName": {
763
+ "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
764
+ }
765
+ },
766
+ "DependsOn": [
767
+ "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B"
768
+ ],
769
+ "UpdateReplacePolicy": "Delete",
770
+ "DeletionPolicy": "Delete"
771
+ },
772
+ "testcloudfronts3CloudFrontOac7A951AA6": {
773
+ "Type": "AWS::CloudFront::OriginAccessControl",
774
+ "Properties": {
775
+ "OriginAccessControlConfig": {
776
+ "Description": "Origin access control provisioned by aws-cloudfront-s3",
777
+ "Name": {
778
+ "Fn::Join": [
779
+ "",
780
+ [
781
+ "aws-cloudfront-s3-testnt-s3-",
782
+ {
783
+ "Fn::Select": [
784
+ 2,
785
+ {
786
+ "Fn::Split": [
787
+ "/",
788
+ {
789
+ "Ref": "AWS::StackId"
790
+ }
791
+ ]
792
+ }
793
+ ]
794
+ }
795
+ ]
796
+ ]
797
+ },
798
+ "OriginAccessControlOriginType": "s3",
799
+ "SigningBehavior": "always",
800
+ "SigningProtocol": "sigv4"
801
+ }
802
+ }
803
+ },
804
+ "testcloudfronts3CloudFrontDistribution0565DEE8": {
805
+ "Type": "AWS::CloudFront::Distribution",
806
+ "Properties": {
807
+ "DistributionConfig": {
808
+ "DefaultCacheBehavior": {
809
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
810
+ "Compress": true,
811
+ "FunctionAssociations": [
812
+ {
813
+ "EventType": "viewer-response",
814
+ "FunctionARN": {
815
+ "Fn::GetAtt": [
816
+ "MyFunction3BAA72D1",
817
+ "FunctionARN"
818
+ ]
819
+ }
820
+ }
821
+ ],
822
+ "TargetOriginId": "cfts3customheaderstestcloudfronts3CloudFrontDistributionOrigin126E0E496",
823
+ "ViewerProtocolPolicy": "redirect-to-https"
824
+ },
825
+ "DefaultRootObject": "index.html",
826
+ "Enabled": true,
827
+ "HttpVersion": "http2",
828
+ "IPV6Enabled": true,
829
+ "Logging": {
830
+ "Bucket": {
831
+ "Fn::GetAtt": [
832
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
833
+ "RegionalDomainName"
834
+ ]
835
+ }
836
+ },
837
+ "Origins": [
838
+ {
839
+ "DomainName": {
840
+ "Fn::GetAtt": [
841
+ "testcloudfronts3S3BucketE0C5F76E",
842
+ "RegionalDomainName"
843
+ ]
844
+ },
845
+ "Id": "cfts3customheaderstestcloudfronts3CloudFrontDistributionOrigin126E0E496",
846
+ "OriginAccessControlId": {
847
+ "Fn::GetAtt": [
848
+ "testcloudfronts3CloudFrontOac7A951AA6",
849
+ "Id"
850
+ ]
851
+ },
852
+ "S3OriginConfig": {
853
+ "OriginAccessIdentity": ""
854
+ }
855
+ }
856
+ ]
857
+ }
858
+ },
859
+ "Metadata": {
860
+ "cfn_nag": {
861
+ "rules_to_suppress": [
862
+ {
863
+ "id": "W70",
864
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
865
+ }
866
+ ]
867
+ }
868
+ }
869
+ },
870
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
871
+ "Type": "AWS::IAM::Role",
872
+ "Properties": {
873
+ "AssumeRolePolicyDocument": {
874
+ "Version": "2012-10-17",
875
+ "Statement": [
876
+ {
877
+ "Action": "sts:AssumeRole",
878
+ "Effect": "Allow",
879
+ "Principal": {
880
+ "Service": "lambda.amazonaws.com"
881
+ }
882
+ }
883
+ ]
884
+ },
885
+ "ManagedPolicyArns": [
886
+ {
887
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
888
+ }
889
+ ]
890
+ }
891
+ },
892
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
893
+ "Type": "AWS::Lambda::Function",
894
+ "Properties": {
895
+ "Code": {
896
+ "S3Bucket": {
897
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
898
+ },
899
+ "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
900
+ },
901
+ "Timeout": 900,
902
+ "MemorySize": 128,
903
+ "Handler": "index.handler",
904
+ "Role": {
905
+ "Fn::GetAtt": [
906
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
907
+ "Arn"
908
+ ]
909
+ },
910
+ "Runtime": "nodejs18.x",
911
+ "Description": {
912
+ "Fn::Join": [
913
+ "",
914
+ [
915
+ "Lambda function for auto-deleting objects in ",
916
+ {
917
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
918
+ },
919
+ " S3 bucket."
920
+ ]
921
+ ]
922
+ }
923
+ },
924
+ "DependsOn": [
925
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
926
+ ],
927
+ "Metadata": {
928
+ "cfn_nag": {
929
+ "rules_to_suppress": [
930
+ {
931
+ "id": "W58",
932
+ "reason": "CDK generated custom resource"
933
+ },
934
+ {
935
+ "id": "W89",
936
+ "reason": "CDK generated custom resource"
937
+ },
938
+ {
939
+ "id": "W92",
940
+ "reason": "CDK generated custom resource"
941
+ }
942
+ ]
943
+ }
944
+ }
945
+ }
946
+ },
947
+ "Parameters": {
948
+ "BootstrapVersion": {
949
+ "Type": "AWS::SSM::Parameter::Value<String>",
950
+ "Default": "/cdk-bootstrap/hnb659fds/version",
951
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
952
+ }
953
+ },
954
+ "Rules": {
955
+ "CheckBootstrapVersion": {
956
+ "Assertions": [
957
+ {
958
+ "Assert": {
959
+ "Fn::Not": [
960
+ {
961
+ "Fn::Contains": [
962
+ [
963
+ "1",
964
+ "2",
965
+ "3",
966
+ "4",
967
+ "5"
968
+ ],
969
+ {
970
+ "Ref": "BootstrapVersion"
971
+ }
972
+ ]
973
+ }
974
+ ]
975
+ },
976
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
977
+ }
978
+ ]
979
+ }
980
+ }
981
+ }