@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -1,559 +0,0 @@
1
- {
2
- "Description": "Integration Test for aws-cloudfront-s3",
3
- "Resources": {
4
- "testcloudfronts3legacyhttporiginS3LoggingBucketA3DB7D64": {
5
- "Type": "AWS::S3::Bucket",
6
- "Properties": {
7
- "BucketEncryption": {
8
- "ServerSideEncryptionConfiguration": [
9
- {
10
- "ServerSideEncryptionByDefault": {
11
- "SSEAlgorithm": "AES256"
12
- }
13
- }
14
- ]
15
- },
16
- "PublicAccessBlockConfiguration": {
17
- "BlockPublicAcls": true,
18
- "BlockPublicPolicy": true,
19
- "IgnorePublicAcls": true,
20
- "RestrictPublicBuckets": true
21
- },
22
- "VersioningConfiguration": {
23
- "Status": "Enabled"
24
- }
25
- },
26
- "UpdateReplacePolicy": "Retain",
27
- "DeletionPolicy": "Retain",
28
- "Metadata": {
29
- "cfn_nag": {
30
- "rules_to_suppress": [
31
- {
32
- "id": "W35",
33
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
34
- }
35
- ]
36
- }
37
- }
38
- },
39
- "testcloudfronts3legacyhttporiginS3LoggingBucketPolicyEC439975": {
40
- "Type": "AWS::S3::BucketPolicy",
41
- "Properties": {
42
- "Bucket": {
43
- "Ref": "testcloudfronts3legacyhttporiginS3LoggingBucketA3DB7D64"
44
- },
45
- "PolicyDocument": {
46
- "Statement": [
47
- {
48
- "Action": "s3:*",
49
- "Condition": {
50
- "Bool": {
51
- "aws:SecureTransport": "false"
52
- }
53
- },
54
- "Effect": "Deny",
55
- "Principal": {
56
- "AWS": "*"
57
- },
58
- "Resource": [
59
- {
60
- "Fn::GetAtt": [
61
- "testcloudfronts3legacyhttporiginS3LoggingBucketA3DB7D64",
62
- "Arn"
63
- ]
64
- },
65
- {
66
- "Fn::Join": [
67
- "",
68
- [
69
- {
70
- "Fn::GetAtt": [
71
- "testcloudfronts3legacyhttporiginS3LoggingBucketA3DB7D64",
72
- "Arn"
73
- ]
74
- },
75
- "/*"
76
- ]
77
- ]
78
- }
79
- ]
80
- },
81
- {
82
- "Action": "s3:PutObject",
83
- "Condition": {
84
- "ArnLike": {
85
- "aws:SourceArn": {
86
- "Fn::GetAtt": [
87
- "testcloudfronts3legacyhttporiginS3Bucket9C7276CA",
88
- "Arn"
89
- ]
90
- }
91
- },
92
- "StringEquals": {
93
- "aws:SourceAccount": {
94
- "Ref": "AWS::AccountId"
95
- }
96
- }
97
- },
98
- "Effect": "Allow",
99
- "Principal": {
100
- "Service": "logging.s3.amazonaws.com"
101
- },
102
- "Resource": {
103
- "Fn::Join": [
104
- "",
105
- [
106
- {
107
- "Fn::GetAtt": [
108
- "testcloudfronts3legacyhttporiginS3LoggingBucketA3DB7D64",
109
- "Arn"
110
- ]
111
- },
112
- "/*"
113
- ]
114
- ]
115
- }
116
- }
117
- ],
118
- "Version": "2012-10-17"
119
- }
120
- }
121
- },
122
- "testcloudfronts3legacyhttporiginS3Bucket9C7276CA": {
123
- "Type": "AWS::S3::Bucket",
124
- "Properties": {
125
- "BucketEncryption": {
126
- "ServerSideEncryptionConfiguration": [
127
- {
128
- "ServerSideEncryptionByDefault": {
129
- "SSEAlgorithm": "AES256"
130
- }
131
- }
132
- ]
133
- },
134
- "LifecycleConfiguration": {
135
- "Rules": [
136
- {
137
- "NoncurrentVersionTransitions": [
138
- {
139
- "StorageClass": "GLACIER",
140
- "TransitionInDays": 90
141
- }
142
- ],
143
- "Status": "Enabled"
144
- }
145
- ]
146
- },
147
- "LoggingConfiguration": {
148
- "DestinationBucketName": {
149
- "Ref": "testcloudfronts3legacyhttporiginS3LoggingBucketA3DB7D64"
150
- }
151
- },
152
- "PublicAccessBlockConfiguration": {
153
- "BlockPublicAcls": false,
154
- "BlockPublicPolicy": false,
155
- "IgnorePublicAcls": false,
156
- "RestrictPublicBuckets": false
157
- },
158
- "VersioningConfiguration": {
159
- "Status": "Enabled"
160
- },
161
- "WebsiteConfiguration": {
162
- "IndexDocument": "index.html"
163
- }
164
- },
165
- "UpdateReplacePolicy": "Retain",
166
- "DeletionPolicy": "Retain"
167
- },
168
- "testcloudfronts3legacyhttporiginS3BucketPolicy7529C63D": {
169
- "Type": "AWS::S3::BucketPolicy",
170
- "Properties": {
171
- "Bucket": {
172
- "Ref": "testcloudfronts3legacyhttporiginS3Bucket9C7276CA"
173
- },
174
- "PolicyDocument": {
175
- "Statement": [
176
- {
177
- "Action": "s3:GetObject",
178
- "Effect": "Allow",
179
- "Principal": {
180
- "AWS": "*"
181
- },
182
- "Resource": {
183
- "Fn::Join": [
184
- "",
185
- [
186
- {
187
- "Fn::GetAtt": [
188
- "testcloudfronts3legacyhttporiginS3Bucket9C7276CA",
189
- "Arn"
190
- ]
191
- },
192
- "/*"
193
- ]
194
- ]
195
- }
196
- },
197
- {
198
- "Action": "s3:GetObject",
199
- "Condition": {
200
- "StringEquals": {
201
- "AWS:SourceArn": {
202
- "Fn::Join": [
203
- "",
204
- [
205
- "arn:aws:cloudfront::",
206
- {
207
- "Ref": "AWS::AccountId"
208
- },
209
- ":distribution/",
210
- {
211
- "Ref": "testcloudfronts3legacyhttporiginCloudFrontDistributionAF04EDAB"
212
- }
213
- ]
214
- ]
215
- }
216
- }
217
- },
218
- "Effect": "Allow",
219
- "Principal": {
220
- "Service": "cloudfront.amazonaws.com"
221
- },
222
- "Resource": {
223
- "Fn::Join": [
224
- "",
225
- [
226
- {
227
- "Fn::GetAtt": [
228
- "testcloudfronts3legacyhttporiginS3Bucket9C7276CA",
229
- "Arn"
230
- ]
231
- },
232
- "/*"
233
- ]
234
- ]
235
- }
236
- }
237
- ],
238
- "Version": "2012-10-17"
239
- }
240
- },
241
- "Metadata": {
242
- "cfn_nag": {
243
- "rules_to_suppress": [
244
- {
245
- "id": "F16",
246
- "reason": "Public website bucket policy requires a wildcard principal"
247
- }
248
- ]
249
- }
250
- }
251
- },
252
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketAccessLog3AE680E5": {
253
- "Type": "AWS::S3::Bucket",
254
- "Properties": {
255
- "BucketEncryption": {
256
- "ServerSideEncryptionConfiguration": [
257
- {
258
- "ServerSideEncryptionByDefault": {
259
- "SSEAlgorithm": "AES256"
260
- }
261
- }
262
- ]
263
- },
264
- "OwnershipControls": {
265
- "Rules": [
266
- {
267
- "ObjectOwnership": "ObjectWriter"
268
- }
269
- ]
270
- },
271
- "PublicAccessBlockConfiguration": {
272
- "BlockPublicAcls": true,
273
- "BlockPublicPolicy": true,
274
- "IgnorePublicAcls": true,
275
- "RestrictPublicBuckets": true
276
- },
277
- "VersioningConfiguration": {
278
- "Status": "Enabled"
279
- }
280
- },
281
- "UpdateReplacePolicy": "Retain",
282
- "DeletionPolicy": "Retain",
283
- "Metadata": {
284
- "cfn_nag": {
285
- "rules_to_suppress": [
286
- {
287
- "id": "W35",
288
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
289
- }
290
- ]
291
- }
292
- }
293
- },
294
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketAccessLogPolicyD1441BF6": {
295
- "Type": "AWS::S3::BucketPolicy",
296
- "Properties": {
297
- "Bucket": {
298
- "Ref": "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketAccessLog3AE680E5"
299
- },
300
- "PolicyDocument": {
301
- "Statement": [
302
- {
303
- "Action": "s3:*",
304
- "Condition": {
305
- "Bool": {
306
- "aws:SecureTransport": "false"
307
- }
308
- },
309
- "Effect": "Deny",
310
- "Principal": {
311
- "AWS": "*"
312
- },
313
- "Resource": [
314
- {
315
- "Fn::GetAtt": [
316
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketAccessLog3AE680E5",
317
- "Arn"
318
- ]
319
- },
320
- {
321
- "Fn::Join": [
322
- "",
323
- [
324
- {
325
- "Fn::GetAtt": [
326
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketAccessLog3AE680E5",
327
- "Arn"
328
- ]
329
- },
330
- "/*"
331
- ]
332
- ]
333
- }
334
- ]
335
- },
336
- {
337
- "Action": "s3:PutObject",
338
- "Condition": {
339
- "ArnLike": {
340
- "aws:SourceArn": {
341
- "Fn::GetAtt": [
342
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketC643C2EE",
343
- "Arn"
344
- ]
345
- }
346
- },
347
- "StringEquals": {
348
- "aws:SourceAccount": {
349
- "Ref": "AWS::AccountId"
350
- }
351
- }
352
- },
353
- "Effect": "Allow",
354
- "Principal": {
355
- "Service": "logging.s3.amazonaws.com"
356
- },
357
- "Resource": {
358
- "Fn::Join": [
359
- "",
360
- [
361
- {
362
- "Fn::GetAtt": [
363
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketAccessLog3AE680E5",
364
- "Arn"
365
- ]
366
- },
367
- "/*"
368
- ]
369
- ]
370
- }
371
- }
372
- ],
373
- "Version": "2012-10-17"
374
- }
375
- }
376
- },
377
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketC643C2EE": {
378
- "Type": "AWS::S3::Bucket",
379
- "Properties": {
380
- "AccessControl": "LogDeliveryWrite",
381
- "BucketEncryption": {
382
- "ServerSideEncryptionConfiguration": [
383
- {
384
- "ServerSideEncryptionByDefault": {
385
- "SSEAlgorithm": "AES256"
386
- }
387
- }
388
- ]
389
- },
390
- "LoggingConfiguration": {
391
- "DestinationBucketName": {
392
- "Ref": "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketAccessLog3AE680E5"
393
- }
394
- },
395
- "OwnershipControls": {
396
- "Rules": [
397
- {
398
- "ObjectOwnership": "ObjectWriter"
399
- }
400
- ]
401
- },
402
- "PublicAccessBlockConfiguration": {
403
- "BlockPublicAcls": true,
404
- "BlockPublicPolicy": true,
405
- "IgnorePublicAcls": true,
406
- "RestrictPublicBuckets": true
407
- },
408
- "VersioningConfiguration": {
409
- "Status": "Enabled"
410
- }
411
- },
412
- "UpdateReplacePolicy": "Retain",
413
- "DeletionPolicy": "Retain"
414
- },
415
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketPolicyF48109AD": {
416
- "Type": "AWS::S3::BucketPolicy",
417
- "Properties": {
418
- "Bucket": {
419
- "Ref": "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketC643C2EE"
420
- },
421
- "PolicyDocument": {
422
- "Statement": [
423
- {
424
- "Action": "s3:*",
425
- "Condition": {
426
- "Bool": {
427
- "aws:SecureTransport": "false"
428
- }
429
- },
430
- "Effect": "Deny",
431
- "Principal": {
432
- "AWS": "*"
433
- },
434
- "Resource": [
435
- {
436
- "Fn::GetAtt": [
437
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketC643C2EE",
438
- "Arn"
439
- ]
440
- },
441
- {
442
- "Fn::Join": [
443
- "",
444
- [
445
- {
446
- "Fn::GetAtt": [
447
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketC643C2EE",
448
- "Arn"
449
- ]
450
- },
451
- "/*"
452
- ]
453
- ]
454
- }
455
- ]
456
- }
457
- ],
458
- "Version": "2012-10-17"
459
- }
460
- }
461
- },
462
- "testcloudfronts3legacyhttporiginCloudFrontDistributionAF04EDAB": {
463
- "Type": "AWS::CloudFront::Distribution",
464
- "Properties": {
465
- "DistributionConfig": {
466
- "DefaultCacheBehavior": {
467
- "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
468
- "Compress": true,
469
- "TargetOriginId": "cfts3bucketwithhttporigintestcloudfronts3legacyhttporiginCloudFrontDistributionOrigin15A81BB36",
470
- "ViewerProtocolPolicy": "redirect-to-https"
471
- },
472
- "DefaultRootObject": "index.html",
473
- "Enabled": true,
474
- "HttpVersion": "http2",
475
- "IPV6Enabled": true,
476
- "Logging": {
477
- "Bucket": {
478
- "Fn::GetAtt": [
479
- "testcloudfronts3legacyhttporiginCloudfrontLoggingBucketC643C2EE",
480
- "RegionalDomainName"
481
- ]
482
- }
483
- },
484
- "Origins": [
485
- {
486
- "CustomOriginConfig": {
487
- "OriginProtocolPolicy": "http-only",
488
- "OriginSSLProtocols": [
489
- "TLSv1.2"
490
- ]
491
- },
492
- "DomainName": {
493
- "Fn::Select": [
494
- 2,
495
- {
496
- "Fn::Split": [
497
- "/",
498
- {
499
- "Fn::GetAtt": [
500
- "testcloudfronts3legacyhttporiginS3Bucket9C7276CA",
501
- "WebsiteURL"
502
- ]
503
- }
504
- ]
505
- }
506
- ]
507
- },
508
- "Id": "cfts3bucketwithhttporigintestcloudfronts3legacyhttporiginCloudFrontDistributionOrigin15A81BB36"
509
- }
510
- ]
511
- }
512
- },
513
- "Metadata": {
514
- "cfn_nag": {
515
- "rules_to_suppress": [
516
- {
517
- "id": "W70",
518
- "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
519
- }
520
- ]
521
- }
522
- }
523
- }
524
- },
525
- "Parameters": {
526
- "BootstrapVersion": {
527
- "Type": "AWS::SSM::Parameter::Value<String>",
528
- "Default": "/cdk-bootstrap/hnb659fds/version",
529
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
530
- }
531
- },
532
- "Rules": {
533
- "CheckBootstrapVersion": {
534
- "Assertions": [
535
- {
536
- "Assert": {
537
- "Fn::Not": [
538
- {
539
- "Fn::Contains": [
540
- [
541
- "1",
542
- "2",
543
- "3",
544
- "4",
545
- "5"
546
- ],
547
- {
548
- "Ref": "BootstrapVersion"
549
- }
550
- ]
551
- }
552
- ]
553
- },
554
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
555
- }
556
- ]
557
- }
558
- }
559
- }