@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -0,0 +1,1326 @@
1
+ {
2
+ "version": "tree-0.1",
3
+ "tree": {
4
+ "id": "App",
5
+ "path": "",
6
+ "children": {
7
+ "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket": {
8
+ "id": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket",
9
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket",
10
+ "children": {
11
+ "cmkKey": {
12
+ "id": "cmkKey",
13
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey",
14
+ "children": {
15
+ "Resource": {
16
+ "id": "Resource",
17
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey/Resource",
18
+ "attributes": {
19
+ "aws:cdk:cloudformation:type": "AWS::KMS::Key",
20
+ "aws:cdk:cloudformation:props": {
21
+ "enableKeyRotation": true,
22
+ "keyPolicy": {
23
+ "Statement": [
24
+ {
25
+ "Action": "kms:*",
26
+ "Effect": "Allow",
27
+ "Principal": {
28
+ "AWS": {
29
+ "Fn::Join": [
30
+ "",
31
+ [
32
+ "arn:",
33
+ {
34
+ "Ref": "AWS::Partition"
35
+ },
36
+ ":iam::",
37
+ {
38
+ "Ref": "AWS::AccountId"
39
+ },
40
+ ":root"
41
+ ]
42
+ ]
43
+ }
44
+ },
45
+ "Resource": "*"
46
+ }
47
+ ],
48
+ "Version": "2012-10-17"
49
+ }
50
+ }
51
+ },
52
+ "constructInfo": {
53
+ "fqn": "aws-cdk-lib.aws_kms.CfnKey",
54
+ "version": "2.118.0"
55
+ }
56
+ }
57
+ },
58
+ "constructInfo": {
59
+ "fqn": "aws-cdk-lib.aws_kms.Key",
60
+ "version": "2.118.0"
61
+ }
62
+ },
63
+ "existing-s3-bucket-encrypted-with-cmkS3LoggingBucket": {
64
+ "id": "existing-s3-bucket-encrypted-with-cmkS3LoggingBucket",
65
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket",
66
+ "children": {
67
+ "Resource": {
68
+ "id": "Resource",
69
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Resource",
70
+ "attributes": {
71
+ "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
72
+ "aws:cdk:cloudformation:props": {
73
+ "bucketEncryption": {
74
+ "serverSideEncryptionConfiguration": [
75
+ {
76
+ "serverSideEncryptionByDefault": {
77
+ "sseAlgorithm": "AES256"
78
+ }
79
+ }
80
+ ]
81
+ },
82
+ "publicAccessBlockConfiguration": {
83
+ "blockPublicAcls": true,
84
+ "blockPublicPolicy": true,
85
+ "ignorePublicAcls": true,
86
+ "restrictPublicBuckets": true
87
+ },
88
+ "versioningConfiguration": {
89
+ "status": "Enabled"
90
+ }
91
+ }
92
+ },
93
+ "constructInfo": {
94
+ "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
95
+ "version": "2.118.0"
96
+ }
97
+ },
98
+ "Policy": {
99
+ "id": "Policy",
100
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy",
101
+ "children": {
102
+ "Resource": {
103
+ "id": "Resource",
104
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy/Resource",
105
+ "attributes": {
106
+ "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
107
+ "aws:cdk:cloudformation:props": {
108
+ "bucket": {
109
+ "Ref": "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"
110
+ },
111
+ "policyDocument": {
112
+ "Statement": [
113
+ {
114
+ "Action": "s3:*",
115
+ "Condition": {
116
+ "Bool": {
117
+ "aws:SecureTransport": "false"
118
+ }
119
+ },
120
+ "Effect": "Deny",
121
+ "Principal": {
122
+ "AWS": "*"
123
+ },
124
+ "Resource": [
125
+ {
126
+ "Fn::GetAtt": [
127
+ "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B",
128
+ "Arn"
129
+ ]
130
+ },
131
+ {
132
+ "Fn::Join": [
133
+ "",
134
+ [
135
+ {
136
+ "Fn::GetAtt": [
137
+ "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B",
138
+ "Arn"
139
+ ]
140
+ },
141
+ "/*"
142
+ ]
143
+ ]
144
+ }
145
+ ]
146
+ },
147
+ {
148
+ "Action": "s3:PutObject",
149
+ "Condition": {
150
+ "ArnLike": {
151
+ "aws:SourceArn": {
152
+ "Fn::GetAtt": [
153
+ "existings3bucketencryptedwithcmkS3BucketCC461491",
154
+ "Arn"
155
+ ]
156
+ }
157
+ },
158
+ "StringEquals": {
159
+ "aws:SourceAccount": {
160
+ "Ref": "AWS::AccountId"
161
+ }
162
+ }
163
+ },
164
+ "Effect": "Allow",
165
+ "Principal": {
166
+ "Service": "logging.s3.amazonaws.com"
167
+ },
168
+ "Resource": {
169
+ "Fn::Join": [
170
+ "",
171
+ [
172
+ {
173
+ "Fn::GetAtt": [
174
+ "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B",
175
+ "Arn"
176
+ ]
177
+ },
178
+ "/*"
179
+ ]
180
+ ]
181
+ }
182
+ }
183
+ ],
184
+ "Version": "2012-10-17"
185
+ }
186
+ }
187
+ },
188
+ "constructInfo": {
189
+ "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
190
+ "version": "2.118.0"
191
+ }
192
+ }
193
+ },
194
+ "constructInfo": {
195
+ "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
196
+ "version": "2.118.0"
197
+ }
198
+ }
199
+ },
200
+ "constructInfo": {
201
+ "fqn": "aws-cdk-lib.aws_s3.Bucket",
202
+ "version": "2.118.0"
203
+ }
204
+ },
205
+ "existing-s3-bucket-encrypted-with-cmkS3Bucket": {
206
+ "id": "existing-s3-bucket-encrypted-with-cmkS3Bucket",
207
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket",
208
+ "children": {
209
+ "Resource": {
210
+ "id": "Resource",
211
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Resource",
212
+ "attributes": {
213
+ "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
214
+ "aws:cdk:cloudformation:props": {
215
+ "bucketEncryption": {
216
+ "serverSideEncryptionConfiguration": [
217
+ {
218
+ "serverSideEncryptionByDefault": {
219
+ "sseAlgorithm": "aws:kms",
220
+ "kmsMasterKeyId": {
221
+ "Fn::GetAtt": [
222
+ "cmkKey598B20B2",
223
+ "Arn"
224
+ ]
225
+ }
226
+ }
227
+ }
228
+ ]
229
+ },
230
+ "lifecycleConfiguration": {
231
+ "rules": [
232
+ {
233
+ "noncurrentVersionTransitions": [
234
+ {
235
+ "storageClass": "GLACIER",
236
+ "transitionInDays": 90
237
+ }
238
+ ],
239
+ "status": "Enabled"
240
+ }
241
+ ]
242
+ },
243
+ "loggingConfiguration": {
244
+ "destinationBucketName": {
245
+ "Ref": "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"
246
+ }
247
+ },
248
+ "publicAccessBlockConfiguration": {
249
+ "blockPublicAcls": true,
250
+ "blockPublicPolicy": true,
251
+ "ignorePublicAcls": true,
252
+ "restrictPublicBuckets": true
253
+ },
254
+ "versioningConfiguration": {
255
+ "status": "Enabled"
256
+ }
257
+ }
258
+ },
259
+ "constructInfo": {
260
+ "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
261
+ "version": "2.118.0"
262
+ }
263
+ },
264
+ "Policy": {
265
+ "id": "Policy",
266
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy",
267
+ "children": {
268
+ "Resource": {
269
+ "id": "Resource",
270
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy/Resource",
271
+ "attributes": {
272
+ "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
273
+ "aws:cdk:cloudformation:props": {
274
+ "bucket": {
275
+ "Ref": "existings3bucketencryptedwithcmkS3BucketCC461491"
276
+ },
277
+ "policyDocument": {
278
+ "Statement": [
279
+ {
280
+ "Action": "s3:*",
281
+ "Condition": {
282
+ "Bool": {
283
+ "aws:SecureTransport": "false"
284
+ }
285
+ },
286
+ "Effect": "Deny",
287
+ "Principal": {
288
+ "AWS": "*"
289
+ },
290
+ "Resource": [
291
+ {
292
+ "Fn::GetAtt": [
293
+ "existings3bucketencryptedwithcmkS3BucketCC461491",
294
+ "Arn"
295
+ ]
296
+ },
297
+ {
298
+ "Fn::Join": [
299
+ "",
300
+ [
301
+ {
302
+ "Fn::GetAtt": [
303
+ "existings3bucketencryptedwithcmkS3BucketCC461491",
304
+ "Arn"
305
+ ]
306
+ },
307
+ "/*"
308
+ ]
309
+ ]
310
+ }
311
+ ]
312
+ },
313
+ {
314
+ "Action": "s3:GetObject",
315
+ "Condition": {
316
+ "StringEquals": {
317
+ "AWS:SourceArn": {
318
+ "Fn::Join": [
319
+ "",
320
+ [
321
+ "arn:aws:cloudfront::",
322
+ {
323
+ "Ref": "AWS::AccountId"
324
+ },
325
+ ":distribution/",
326
+ {
327
+ "Ref": "testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"
328
+ }
329
+ ]
330
+ ]
331
+ }
332
+ }
333
+ },
334
+ "Effect": "Allow",
335
+ "Principal": {
336
+ "Service": "cloudfront.amazonaws.com"
337
+ },
338
+ "Resource": {
339
+ "Fn::Join": [
340
+ "",
341
+ [
342
+ {
343
+ "Fn::GetAtt": [
344
+ "existings3bucketencryptedwithcmkS3BucketCC461491",
345
+ "Arn"
346
+ ]
347
+ },
348
+ "/*"
349
+ ]
350
+ ]
351
+ }
352
+ }
353
+ ],
354
+ "Version": "2012-10-17"
355
+ }
356
+ }
357
+ },
358
+ "constructInfo": {
359
+ "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
360
+ "version": "2.118.0"
361
+ }
362
+ }
363
+ },
364
+ "constructInfo": {
365
+ "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
366
+ "version": "2.118.0"
367
+ }
368
+ }
369
+ },
370
+ "constructInfo": {
371
+ "fqn": "aws-cdk-lib.aws_s3.Bucket",
372
+ "version": "2.118.0"
373
+ }
374
+ },
375
+ "test-cloudfront-s3-cmk-encryption-key": {
376
+ "id": "test-cloudfront-s3-cmk-encryption-key",
377
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key",
378
+ "children": {
379
+ "CloudfrontLoggingBucketAccessLog": {
380
+ "id": "CloudfrontLoggingBucketAccessLog",
381
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog",
382
+ "children": {
383
+ "Resource": {
384
+ "id": "Resource",
385
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource",
386
+ "attributes": {
387
+ "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
388
+ "aws:cdk:cloudformation:props": {
389
+ "bucketEncryption": {
390
+ "serverSideEncryptionConfiguration": [
391
+ {
392
+ "serverSideEncryptionByDefault": {
393
+ "sseAlgorithm": "AES256"
394
+ }
395
+ }
396
+ ]
397
+ },
398
+ "ownershipControls": {
399
+ "rules": [
400
+ {
401
+ "objectOwnership": "ObjectWriter"
402
+ }
403
+ ]
404
+ },
405
+ "publicAccessBlockConfiguration": {
406
+ "blockPublicAcls": true,
407
+ "blockPublicPolicy": true,
408
+ "ignorePublicAcls": true,
409
+ "restrictPublicBuckets": true
410
+ },
411
+ "versioningConfiguration": {
412
+ "status": "Enabled"
413
+ }
414
+ }
415
+ },
416
+ "constructInfo": {
417
+ "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
418
+ "version": "2.118.0"
419
+ }
420
+ },
421
+ "Policy": {
422
+ "id": "Policy",
423
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy",
424
+ "children": {
425
+ "Resource": {
426
+ "id": "Resource",
427
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource",
428
+ "attributes": {
429
+ "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
430
+ "aws:cdk:cloudformation:props": {
431
+ "bucket": {
432
+ "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"
433
+ },
434
+ "policyDocument": {
435
+ "Statement": [
436
+ {
437
+ "Action": "s3:*",
438
+ "Condition": {
439
+ "Bool": {
440
+ "aws:SecureTransport": "false"
441
+ }
442
+ },
443
+ "Effect": "Deny",
444
+ "Principal": {
445
+ "AWS": "*"
446
+ },
447
+ "Resource": [
448
+ {
449
+ "Fn::GetAtt": [
450
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
451
+ "Arn"
452
+ ]
453
+ },
454
+ {
455
+ "Fn::Join": [
456
+ "",
457
+ [
458
+ {
459
+ "Fn::GetAtt": [
460
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
461
+ "Arn"
462
+ ]
463
+ },
464
+ "/*"
465
+ ]
466
+ ]
467
+ }
468
+ ]
469
+ },
470
+ {
471
+ "Action": "s3:PutObject",
472
+ "Condition": {
473
+ "ArnLike": {
474
+ "aws:SourceArn": {
475
+ "Fn::GetAtt": [
476
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
477
+ "Arn"
478
+ ]
479
+ }
480
+ },
481
+ "StringEquals": {
482
+ "aws:SourceAccount": {
483
+ "Ref": "AWS::AccountId"
484
+ }
485
+ }
486
+ },
487
+ "Effect": "Allow",
488
+ "Principal": {
489
+ "Service": "logging.s3.amazonaws.com"
490
+ },
491
+ "Resource": {
492
+ "Fn::Join": [
493
+ "",
494
+ [
495
+ {
496
+ "Fn::GetAtt": [
497
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
498
+ "Arn"
499
+ ]
500
+ },
501
+ "/*"
502
+ ]
503
+ ]
504
+ }
505
+ }
506
+ ],
507
+ "Version": "2012-10-17"
508
+ }
509
+ }
510
+ },
511
+ "constructInfo": {
512
+ "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
513
+ "version": "2.118.0"
514
+ }
515
+ }
516
+ },
517
+ "constructInfo": {
518
+ "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
519
+ "version": "2.118.0"
520
+ }
521
+ }
522
+ },
523
+ "constructInfo": {
524
+ "fqn": "aws-cdk-lib.aws_s3.Bucket",
525
+ "version": "2.118.0"
526
+ }
527
+ },
528
+ "CloudfrontLoggingBucket": {
529
+ "id": "CloudfrontLoggingBucket",
530
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket",
531
+ "children": {
532
+ "Resource": {
533
+ "id": "Resource",
534
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource",
535
+ "attributes": {
536
+ "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
537
+ "aws:cdk:cloudformation:props": {
538
+ "bucketEncryption": {
539
+ "serverSideEncryptionConfiguration": [
540
+ {
541
+ "serverSideEncryptionByDefault": {
542
+ "sseAlgorithm": "AES256"
543
+ }
544
+ }
545
+ ]
546
+ },
547
+ "loggingConfiguration": {
548
+ "destinationBucketName": {
549
+ "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"
550
+ }
551
+ },
552
+ "ownershipControls": {
553
+ "rules": [
554
+ {
555
+ "objectOwnership": "ObjectWriter"
556
+ }
557
+ ]
558
+ },
559
+ "publicAccessBlockConfiguration": {
560
+ "blockPublicAcls": true,
561
+ "blockPublicPolicy": true,
562
+ "ignorePublicAcls": true,
563
+ "restrictPublicBuckets": true
564
+ },
565
+ "versioningConfiguration": {
566
+ "status": "Enabled"
567
+ }
568
+ }
569
+ },
570
+ "constructInfo": {
571
+ "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
572
+ "version": "2.118.0"
573
+ }
574
+ },
575
+ "Policy": {
576
+ "id": "Policy",
577
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy",
578
+ "children": {
579
+ "Resource": {
580
+ "id": "Resource",
581
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource",
582
+ "attributes": {
583
+ "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
584
+ "aws:cdk:cloudformation:props": {
585
+ "bucket": {
586
+ "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"
587
+ },
588
+ "policyDocument": {
589
+ "Statement": [
590
+ {
591
+ "Action": "s3:*",
592
+ "Condition": {
593
+ "Bool": {
594
+ "aws:SecureTransport": "false"
595
+ }
596
+ },
597
+ "Effect": "Deny",
598
+ "Principal": {
599
+ "AWS": "*"
600
+ },
601
+ "Resource": [
602
+ {
603
+ "Fn::GetAtt": [
604
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
605
+ "Arn"
606
+ ]
607
+ },
608
+ {
609
+ "Fn::Join": [
610
+ "",
611
+ [
612
+ {
613
+ "Fn::GetAtt": [
614
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
615
+ "Arn"
616
+ ]
617
+ },
618
+ "/*"
619
+ ]
620
+ ]
621
+ }
622
+ ]
623
+ }
624
+ ],
625
+ "Version": "2012-10-17"
626
+ }
627
+ }
628
+ },
629
+ "constructInfo": {
630
+ "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
631
+ "version": "2.118.0"
632
+ }
633
+ }
634
+ },
635
+ "constructInfo": {
636
+ "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
637
+ "version": "2.118.0"
638
+ }
639
+ }
640
+ },
641
+ "constructInfo": {
642
+ "fqn": "aws-cdk-lib.aws_s3.Bucket",
643
+ "version": "2.118.0"
644
+ }
645
+ },
646
+ "CloudFrontOac": {
647
+ "id": "CloudFrontOac",
648
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac",
649
+ "attributes": {
650
+ "aws:cdk:cloudformation:type": "AWS::CloudFront::OriginAccessControl",
651
+ "aws:cdk:cloudformation:props": {
652
+ "originAccessControlConfig": {
653
+ "name": {
654
+ "Fn::Join": [
655
+ "",
656
+ [
657
+ "aws-cloudfront-s3-testn-key-",
658
+ {
659
+ "Fn::Select": [
660
+ 2,
661
+ {
662
+ "Fn::Split": [
663
+ "/",
664
+ {
665
+ "Ref": "AWS::StackId"
666
+ }
667
+ ]
668
+ }
669
+ ]
670
+ }
671
+ ]
672
+ ]
673
+ },
674
+ "originAccessControlOriginType": "s3",
675
+ "signingBehavior": "always",
676
+ "signingProtocol": "sigv4",
677
+ "description": "Origin access control provisioned by aws-cloudfront-s3"
678
+ }
679
+ }
680
+ },
681
+ "constructInfo": {
682
+ "fqn": "aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl",
683
+ "version": "2.118.0"
684
+ }
685
+ },
686
+ "CloudFrontDistribution": {
687
+ "id": "CloudFrontDistribution",
688
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution",
689
+ "children": {
690
+ "Origin1": {
691
+ "id": "Origin1",
692
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1",
693
+ "constructInfo": {
694
+ "fqn": "constructs.Construct",
695
+ "version": "10.0.0"
696
+ }
697
+ },
698
+ "Resource": {
699
+ "id": "Resource",
700
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource",
701
+ "attributes": {
702
+ "aws:cdk:cloudformation:type": "AWS::CloudFront::Distribution",
703
+ "aws:cdk:cloudformation:props": {
704
+ "distributionConfig": {
705
+ "enabled": true,
706
+ "origins": [
707
+ {
708
+ "domainName": {
709
+ "Fn::GetAtt": [
710
+ "existings3bucketencryptedwithcmkS3BucketCC461491",
711
+ "RegionalDomainName"
712
+ ]
713
+ },
714
+ "id": "cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5",
715
+ "s3OriginConfig": {
716
+ "originAccessIdentity": ""
717
+ }
718
+ }
719
+ ],
720
+ "defaultCacheBehavior": {
721
+ "pathPattern": "*",
722
+ "targetOriginId": "cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5",
723
+ "cachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
724
+ "compress": true,
725
+ "viewerProtocolPolicy": "redirect-to-https"
726
+ },
727
+ "defaultRootObject": "index.html",
728
+ "httpVersion": "http2",
729
+ "ipv6Enabled": true,
730
+ "logging": {
731
+ "bucket": {
732
+ "Fn::GetAtt": [
733
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
734
+ "RegionalDomainName"
735
+ ]
736
+ }
737
+ }
738
+ }
739
+ }
740
+ },
741
+ "constructInfo": {
742
+ "fqn": "aws-cdk-lib.aws_cloudfront.CfnDistribution",
743
+ "version": "2.118.0"
744
+ }
745
+ }
746
+ },
747
+ "constructInfo": {
748
+ "fqn": "aws-cdk-lib.aws_cloudfront.Distribution",
749
+ "version": "2.118.0"
750
+ }
751
+ },
752
+ "KmsKeyPolicyUpdateLambdaRole": {
753
+ "id": "KmsKeyPolicyUpdateLambdaRole",
754
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateLambdaRole",
755
+ "children": {
756
+ "ImportKmsKeyPolicyUpdateLambdaRole": {
757
+ "id": "ImportKmsKeyPolicyUpdateLambdaRole",
758
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateLambdaRole/ImportKmsKeyPolicyUpdateLambdaRole",
759
+ "constructInfo": {
760
+ "fqn": "aws-cdk-lib.Resource",
761
+ "version": "2.118.0"
762
+ }
763
+ },
764
+ "Resource": {
765
+ "id": "Resource",
766
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateLambdaRole/Resource",
767
+ "attributes": {
768
+ "aws:cdk:cloudformation:type": "AWS::IAM::Role",
769
+ "aws:cdk:cloudformation:props": {
770
+ "assumeRolePolicyDocument": {
771
+ "Statement": [
772
+ {
773
+ "Action": "sts:AssumeRole",
774
+ "Effect": "Allow",
775
+ "Principal": {
776
+ "Service": "lambda.amazonaws.com"
777
+ }
778
+ }
779
+ ],
780
+ "Version": "2012-10-17"
781
+ },
782
+ "description": "Role to update kms key policy to allow CloudFront access",
783
+ "policies": [
784
+ {
785
+ "policyName": "KmsPolicy",
786
+ "policyDocument": {
787
+ "Statement": [
788
+ {
789
+ "Action": [
790
+ "kms:DescribeKey",
791
+ "kms:GetKeyPolicy",
792
+ "kms:PutKeyPolicy"
793
+ ],
794
+ "Effect": "Allow",
795
+ "Resource": {
796
+ "Fn::GetAtt": [
797
+ "cmkKey598B20B2",
798
+ "Arn"
799
+ ]
800
+ }
801
+ }
802
+ ],
803
+ "Version": "2012-10-17"
804
+ }
805
+ }
806
+ ]
807
+ }
808
+ },
809
+ "constructInfo": {
810
+ "fqn": "aws-cdk-lib.aws_iam.CfnRole",
811
+ "version": "2.118.0"
812
+ }
813
+ },
814
+ "DefaultPolicy": {
815
+ "id": "DefaultPolicy",
816
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateLambdaRole/DefaultPolicy",
817
+ "children": {
818
+ "Resource": {
819
+ "id": "Resource",
820
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateLambdaRole/DefaultPolicy/Resource",
821
+ "attributes": {
822
+ "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
823
+ "aws:cdk:cloudformation:props": {
824
+ "policyDocument": {
825
+ "Statement": [
826
+ {
827
+ "Action": [
828
+ "xray:PutTelemetryRecords",
829
+ "xray:PutTraceSegments"
830
+ ],
831
+ "Effect": "Allow",
832
+ "Resource": "*"
833
+ }
834
+ ],
835
+ "Version": "2012-10-17"
836
+ },
837
+ "policyName": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateLambdaRoleDefaultPolicy0E93FCDF",
838
+ "roles": [
839
+ {
840
+ "Ref": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateLambdaRoleB7BBA8A2"
841
+ }
842
+ ]
843
+ }
844
+ },
845
+ "constructInfo": {
846
+ "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
847
+ "version": "2.118.0"
848
+ }
849
+ }
850
+ },
851
+ "constructInfo": {
852
+ "fqn": "aws-cdk-lib.aws_iam.Policy",
853
+ "version": "2.118.0"
854
+ }
855
+ }
856
+ },
857
+ "constructInfo": {
858
+ "fqn": "aws-cdk-lib.aws_iam.Role",
859
+ "version": "2.118.0"
860
+ }
861
+ },
862
+ "LambdaFunctionServiceRole": {
863
+ "id": "LambdaFunctionServiceRole",
864
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole",
865
+ "children": {
866
+ "ImportLambdaFunctionServiceRole": {
867
+ "id": "ImportLambdaFunctionServiceRole",
868
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole",
869
+ "constructInfo": {
870
+ "fqn": "aws-cdk-lib.Resource",
871
+ "version": "2.118.0"
872
+ }
873
+ },
874
+ "Resource": {
875
+ "id": "Resource",
876
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource",
877
+ "attributes": {
878
+ "aws:cdk:cloudformation:type": "AWS::IAM::Role",
879
+ "aws:cdk:cloudformation:props": {
880
+ "assumeRolePolicyDocument": {
881
+ "Statement": [
882
+ {
883
+ "Action": "sts:AssumeRole",
884
+ "Effect": "Allow",
885
+ "Principal": {
886
+ "Service": "lambda.amazonaws.com"
887
+ }
888
+ }
889
+ ],
890
+ "Version": "2012-10-17"
891
+ },
892
+ "policies": [
893
+ {
894
+ "policyName": "LambdaFunctionServiceRolePolicy",
895
+ "policyDocument": {
896
+ "Statement": [
897
+ {
898
+ "Action": [
899
+ "logs:CreateLogGroup",
900
+ "logs:CreateLogStream",
901
+ "logs:PutLogEvents"
902
+ ],
903
+ "Effect": "Allow",
904
+ "Resource": {
905
+ "Fn::Join": [
906
+ "",
907
+ [
908
+ "arn:",
909
+ {
910
+ "Ref": "AWS::Partition"
911
+ },
912
+ ":logs:",
913
+ {
914
+ "Ref": "AWS::Region"
915
+ },
916
+ ":",
917
+ {
918
+ "Ref": "AWS::AccountId"
919
+ },
920
+ ":log-group:/aws/lambda/*"
921
+ ]
922
+ ]
923
+ }
924
+ }
925
+ ],
926
+ "Version": "2012-10-17"
927
+ }
928
+ }
929
+ ]
930
+ }
931
+ },
932
+ "constructInfo": {
933
+ "fqn": "aws-cdk-lib.aws_iam.CfnRole",
934
+ "version": "2.118.0"
935
+ }
936
+ }
937
+ },
938
+ "constructInfo": {
939
+ "fqn": "aws-cdk-lib.aws_iam.Role",
940
+ "version": "2.118.0"
941
+ }
942
+ },
943
+ "LambdaFunction": {
944
+ "id": "LambdaFunction",
945
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction",
946
+ "children": {
947
+ "Code": {
948
+ "id": "Code",
949
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code",
950
+ "children": {
951
+ "Stage": {
952
+ "id": "Stage",
953
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage",
954
+ "constructInfo": {
955
+ "fqn": "aws-cdk-lib.AssetStaging",
956
+ "version": "2.118.0"
957
+ }
958
+ },
959
+ "AssetBucket": {
960
+ "id": "AssetBucket",
961
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket",
962
+ "constructInfo": {
963
+ "fqn": "aws-cdk-lib.aws_s3.BucketBase",
964
+ "version": "2.118.0"
965
+ }
966
+ }
967
+ },
968
+ "constructInfo": {
969
+ "fqn": "aws-cdk-lib.aws_s3_assets.Asset",
970
+ "version": "2.118.0"
971
+ }
972
+ },
973
+ "Resource": {
974
+ "id": "Resource",
975
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource",
976
+ "attributes": {
977
+ "aws:cdk:cloudformation:type": "AWS::Lambda::Function",
978
+ "aws:cdk:cloudformation:props": {
979
+ "code": {
980
+ "s3Bucket": {
981
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
982
+ },
983
+ "s3Key": "4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f.zip"
984
+ },
985
+ "description": "Custom resource function that updates a provided key policy to allow CloudFront access.",
986
+ "handler": "index.handler",
987
+ "role": {
988
+ "Fn::GetAtt": [
989
+ "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateLambdaRoleB7BBA8A2",
990
+ "Arn"
991
+ ]
992
+ },
993
+ "runtime": "nodejs18.x",
994
+ "tracingConfig": {
995
+ "mode": "Active"
996
+ }
997
+ }
998
+ },
999
+ "constructInfo": {
1000
+ "fqn": "aws-cdk-lib.aws_lambda.CfnFunction",
1001
+ "version": "2.118.0"
1002
+ }
1003
+ }
1004
+ },
1005
+ "constructInfo": {
1006
+ "fqn": "aws-cdk-lib.aws_lambda.Function",
1007
+ "version": "2.118.0"
1008
+ }
1009
+ },
1010
+ "KmsKeyPolicyUpdateProvider": {
1011
+ "id": "KmsKeyPolicyUpdateProvider",
1012
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider",
1013
+ "children": {
1014
+ "framework-onEvent": {
1015
+ "id": "framework-onEvent",
1016
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent",
1017
+ "children": {
1018
+ "ServiceRole": {
1019
+ "id": "ServiceRole",
1020
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole",
1021
+ "children": {
1022
+ "ImportServiceRole": {
1023
+ "id": "ImportServiceRole",
1024
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole",
1025
+ "constructInfo": {
1026
+ "fqn": "aws-cdk-lib.Resource",
1027
+ "version": "2.118.0"
1028
+ }
1029
+ },
1030
+ "Resource": {
1031
+ "id": "Resource",
1032
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource",
1033
+ "attributes": {
1034
+ "aws:cdk:cloudformation:type": "AWS::IAM::Role",
1035
+ "aws:cdk:cloudformation:props": {
1036
+ "assumeRolePolicyDocument": {
1037
+ "Statement": [
1038
+ {
1039
+ "Action": "sts:AssumeRole",
1040
+ "Effect": "Allow",
1041
+ "Principal": {
1042
+ "Service": "lambda.amazonaws.com"
1043
+ }
1044
+ }
1045
+ ],
1046
+ "Version": "2012-10-17"
1047
+ },
1048
+ "managedPolicyArns": [
1049
+ {
1050
+ "Fn::Join": [
1051
+ "",
1052
+ [
1053
+ "arn:",
1054
+ {
1055
+ "Ref": "AWS::Partition"
1056
+ },
1057
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1058
+ ]
1059
+ ]
1060
+ }
1061
+ ]
1062
+ }
1063
+ },
1064
+ "constructInfo": {
1065
+ "fqn": "aws-cdk-lib.aws_iam.CfnRole",
1066
+ "version": "2.118.0"
1067
+ }
1068
+ },
1069
+ "DefaultPolicy": {
1070
+ "id": "DefaultPolicy",
1071
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy",
1072
+ "children": {
1073
+ "Resource": {
1074
+ "id": "Resource",
1075
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource",
1076
+ "attributes": {
1077
+ "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
1078
+ "aws:cdk:cloudformation:props": {
1079
+ "policyDocument": {
1080
+ "Statement": [
1081
+ {
1082
+ "Action": "lambda:InvokeFunction",
1083
+ "Effect": "Allow",
1084
+ "Resource": [
1085
+ {
1086
+ "Fn::GetAtt": [
1087
+ "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1088
+ "Arn"
1089
+ ]
1090
+ },
1091
+ {
1092
+ "Fn::Join": [
1093
+ "",
1094
+ [
1095
+ {
1096
+ "Fn::GetAtt": [
1097
+ "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1098
+ "Arn"
1099
+ ]
1100
+ },
1101
+ ":*"
1102
+ ]
1103
+ ]
1104
+ }
1105
+ ]
1106
+ }
1107
+ ],
1108
+ "Version": "2012-10-17"
1109
+ },
1110
+ "policyName": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751",
1111
+ "roles": [
1112
+ {
1113
+ "Ref": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"
1114
+ }
1115
+ ]
1116
+ }
1117
+ },
1118
+ "constructInfo": {
1119
+ "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
1120
+ "version": "2.118.0"
1121
+ }
1122
+ }
1123
+ },
1124
+ "constructInfo": {
1125
+ "fqn": "aws-cdk-lib.aws_iam.Policy",
1126
+ "version": "2.118.0"
1127
+ }
1128
+ }
1129
+ },
1130
+ "constructInfo": {
1131
+ "fqn": "aws-cdk-lib.aws_iam.Role",
1132
+ "version": "2.118.0"
1133
+ }
1134
+ },
1135
+ "Code": {
1136
+ "id": "Code",
1137
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code",
1138
+ "children": {
1139
+ "Stage": {
1140
+ "id": "Stage",
1141
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage",
1142
+ "constructInfo": {
1143
+ "fqn": "aws-cdk-lib.AssetStaging",
1144
+ "version": "2.118.0"
1145
+ }
1146
+ },
1147
+ "AssetBucket": {
1148
+ "id": "AssetBucket",
1149
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket",
1150
+ "constructInfo": {
1151
+ "fqn": "aws-cdk-lib.aws_s3.BucketBase",
1152
+ "version": "2.118.0"
1153
+ }
1154
+ }
1155
+ },
1156
+ "constructInfo": {
1157
+ "fqn": "aws-cdk-lib.aws_s3_assets.Asset",
1158
+ "version": "2.118.0"
1159
+ }
1160
+ },
1161
+ "Resource": {
1162
+ "id": "Resource",
1163
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource",
1164
+ "attributes": {
1165
+ "aws:cdk:cloudformation:type": "AWS::Lambda::Function",
1166
+ "aws:cdk:cloudformation:props": {
1167
+ "code": {
1168
+ "s3Bucket": {
1169
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1170
+ },
1171
+ "s3Key": "7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94.zip"
1172
+ },
1173
+ "description": "AWS CDK resource provider framework - onEvent (cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)",
1174
+ "environment": {
1175
+ "variables": {
1176
+ "USER_ON_EVENT_FUNCTION_ARN": {
1177
+ "Fn::GetAtt": [
1178
+ "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1179
+ "Arn"
1180
+ ]
1181
+ }
1182
+ }
1183
+ },
1184
+ "handler": "framework.onEvent",
1185
+ "role": {
1186
+ "Fn::GetAtt": [
1187
+ "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD",
1188
+ "Arn"
1189
+ ]
1190
+ },
1191
+ "runtime": "nodejs18.x",
1192
+ "timeout": 900
1193
+ }
1194
+ },
1195
+ "constructInfo": {
1196
+ "fqn": "aws-cdk-lib.aws_lambda.CfnFunction",
1197
+ "version": "2.118.0"
1198
+ }
1199
+ }
1200
+ },
1201
+ "constructInfo": {
1202
+ "fqn": "aws-cdk-lib.aws_lambda.Function",
1203
+ "version": "2.118.0"
1204
+ }
1205
+ }
1206
+ },
1207
+ "constructInfo": {
1208
+ "fqn": "aws-cdk-lib.custom_resources.Provider",
1209
+ "version": "2.118.0"
1210
+ }
1211
+ },
1212
+ "KmsKeyPolicyUpdater": {
1213
+ "id": "KmsKeyPolicyUpdater",
1214
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater",
1215
+ "children": {
1216
+ "Default": {
1217
+ "id": "Default",
1218
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default",
1219
+ "constructInfo": {
1220
+ "fqn": "aws-cdk-lib.CfnResource",
1221
+ "version": "2.118.0"
1222
+ }
1223
+ }
1224
+ },
1225
+ "constructInfo": {
1226
+ "fqn": "aws-cdk-lib.CustomResource",
1227
+ "version": "2.118.0"
1228
+ }
1229
+ }
1230
+ },
1231
+ "constructInfo": {
1232
+ "fqn": "@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3",
1233
+ "version": "2.50.0"
1234
+ }
1235
+ },
1236
+ "Integ": {
1237
+ "id": "Integ",
1238
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ",
1239
+ "children": {
1240
+ "DefaultTest": {
1241
+ "id": "DefaultTest",
1242
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest",
1243
+ "children": {
1244
+ "Default": {
1245
+ "id": "Default",
1246
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/Default",
1247
+ "constructInfo": {
1248
+ "fqn": "constructs.Construct",
1249
+ "version": "10.0.0"
1250
+ }
1251
+ },
1252
+ "DeployAssert": {
1253
+ "id": "DeployAssert",
1254
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert",
1255
+ "children": {
1256
+ "BootstrapVersion": {
1257
+ "id": "BootstrapVersion",
1258
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/BootstrapVersion",
1259
+ "constructInfo": {
1260
+ "fqn": "aws-cdk-lib.CfnParameter",
1261
+ "version": "2.118.0"
1262
+ }
1263
+ },
1264
+ "CheckBootstrapVersion": {
1265
+ "id": "CheckBootstrapVersion",
1266
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion",
1267
+ "constructInfo": {
1268
+ "fqn": "aws-cdk-lib.CfnRule",
1269
+ "version": "2.118.0"
1270
+ }
1271
+ }
1272
+ },
1273
+ "constructInfo": {
1274
+ "fqn": "aws-cdk-lib.Stack",
1275
+ "version": "2.118.0"
1276
+ }
1277
+ }
1278
+ },
1279
+ "constructInfo": {
1280
+ "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase",
1281
+ "version": "2.118.0-alpha.0"
1282
+ }
1283
+ }
1284
+ },
1285
+ "constructInfo": {
1286
+ "fqn": "@aws-cdk/integ-tests-alpha.IntegTest",
1287
+ "version": "2.118.0-alpha.0"
1288
+ }
1289
+ },
1290
+ "BootstrapVersion": {
1291
+ "id": "BootstrapVersion",
1292
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/BootstrapVersion",
1293
+ "constructInfo": {
1294
+ "fqn": "aws-cdk-lib.CfnParameter",
1295
+ "version": "2.118.0"
1296
+ }
1297
+ },
1298
+ "CheckBootstrapVersion": {
1299
+ "id": "CheckBootstrapVersion",
1300
+ "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/CheckBootstrapVersion",
1301
+ "constructInfo": {
1302
+ "fqn": "aws-cdk-lib.CfnRule",
1303
+ "version": "2.118.0"
1304
+ }
1305
+ }
1306
+ },
1307
+ "constructInfo": {
1308
+ "fqn": "aws-cdk-lib.Stack",
1309
+ "version": "2.118.0"
1310
+ }
1311
+ },
1312
+ "Tree": {
1313
+ "id": "Tree",
1314
+ "path": "Tree",
1315
+ "constructInfo": {
1316
+ "fqn": "constructs.Construct",
1317
+ "version": "10.0.0"
1318
+ }
1319
+ }
1320
+ },
1321
+ "constructInfo": {
1322
+ "fqn": "aws-cdk-lib.App",
1323
+ "version": "2.118.0"
1324
+ }
1325
+ }
1326
+ }