@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -1,981 +0,0 @@
1
- {
2
- "Description": "Integration Test for aws-cloudfront-s3",
3
- "Resources": {
4
- "MyFunction3BAA72D1": {
5
- "Type": "AWS::CloudFront::Function",
6
- "Properties": {
7
- "AutoPublish": true,
8
- "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; base-uri 'self'; img-src 'self'; script-src 'self'; style-src 'self' https:; object-src 'none'; frame-ancestors 'none'; font-src 'self' https:; form-action 'self'; manifest-src 'self'; connect-src 'self'\" }; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; headers['referrer-policy'] = { value: 'same-origin' }; return response; }",
9
- "FunctionConfig": {
10
- "Comment": {
11
- "Fn::Join": [
12
- "",
13
- [
14
- {
15
- "Ref": "AWS::Region"
16
- },
17
- "cfts3customheadersMyFunction7C965360"
18
- ]
19
- ]
20
- },
21
- "Runtime": "cloudfront-js-1.0"
22
- },
23
- "Name": {
24
- "Fn::Join": [
25
- "",
26
- [
27
- {
28
- "Ref": "AWS::Region"
29
- },
30
- "cfts3customheadersMyFunction7C965360"
31
- ]
32
- ]
33
- }
34
- }
35
- },
36
- "testcloudfronts3S3LoggingBucket90D239DD": {
37
- "Type": "AWS::S3::Bucket",
38
- "Properties": {
39
- "BucketEncryption": {
40
- "ServerSideEncryptionConfiguration": [
41
- {
42
- "ServerSideEncryptionByDefault": {
43
- "SSEAlgorithm": "AES256"
44
- }
45
- }
46
- ]
47
- },
48
- "PublicAccessBlockConfiguration": {
49
- "BlockPublicAcls": true,
50
- "BlockPublicPolicy": true,
51
- "IgnorePublicAcls": true,
52
- "RestrictPublicBuckets": true
53
- },
54
- "Tags": [
55
- {
56
- "Key": "aws-cdk:auto-delete-objects",
57
- "Value": "true"
58
- }
59
- ],
60
- "VersioningConfiguration": {
61
- "Status": "Enabled"
62
- }
63
- },
64
- "UpdateReplacePolicy": "Delete",
65
- "DeletionPolicy": "Delete",
66
- "Metadata": {
67
- "cfn_nag": {
68
- "rules_to_suppress": [
69
- {
70
- "id": "W35",
71
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
72
- }
73
- ]
74
- }
75
- }
76
- },
77
- "testcloudfronts3S3LoggingBucketPolicy529D4CFF": {
78
- "Type": "AWS::S3::BucketPolicy",
79
- "Properties": {
80
- "Bucket": {
81
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
82
- },
83
- "PolicyDocument": {
84
- "Statement": [
85
- {
86
- "Action": "s3:*",
87
- "Condition": {
88
- "Bool": {
89
- "aws:SecureTransport": "false"
90
- }
91
- },
92
- "Effect": "Deny",
93
- "Principal": {
94
- "AWS": "*"
95
- },
96
- "Resource": [
97
- {
98
- "Fn::GetAtt": [
99
- "testcloudfronts3S3LoggingBucket90D239DD",
100
- "Arn"
101
- ]
102
- },
103
- {
104
- "Fn::Join": [
105
- "",
106
- [
107
- {
108
- "Fn::GetAtt": [
109
- "testcloudfronts3S3LoggingBucket90D239DD",
110
- "Arn"
111
- ]
112
- },
113
- "/*"
114
- ]
115
- ]
116
- }
117
- ]
118
- },
119
- {
120
- "Action": [
121
- "s3:PutBucketPolicy",
122
- "s3:GetBucket*",
123
- "s3:List*",
124
- "s3:DeleteObject*"
125
- ],
126
- "Effect": "Allow",
127
- "Principal": {
128
- "AWS": {
129
- "Fn::GetAtt": [
130
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
131
- "Arn"
132
- ]
133
- }
134
- },
135
- "Resource": [
136
- {
137
- "Fn::GetAtt": [
138
- "testcloudfronts3S3LoggingBucket90D239DD",
139
- "Arn"
140
- ]
141
- },
142
- {
143
- "Fn::Join": [
144
- "",
145
- [
146
- {
147
- "Fn::GetAtt": [
148
- "testcloudfronts3S3LoggingBucket90D239DD",
149
- "Arn"
150
- ]
151
- },
152
- "/*"
153
- ]
154
- ]
155
- }
156
- ]
157
- },
158
- {
159
- "Action": "s3:PutObject",
160
- "Condition": {
161
- "ArnLike": {
162
- "aws:SourceArn": {
163
- "Fn::GetAtt": [
164
- "testcloudfronts3S3BucketE0C5F76E",
165
- "Arn"
166
- ]
167
- }
168
- },
169
- "StringEquals": {
170
- "aws:SourceAccount": {
171
- "Ref": "AWS::AccountId"
172
- }
173
- }
174
- },
175
- "Effect": "Allow",
176
- "Principal": {
177
- "Service": "logging.s3.amazonaws.com"
178
- },
179
- "Resource": {
180
- "Fn::Join": [
181
- "",
182
- [
183
- {
184
- "Fn::GetAtt": [
185
- "testcloudfronts3S3LoggingBucket90D239DD",
186
- "Arn"
187
- ]
188
- },
189
- "/*"
190
- ]
191
- ]
192
- }
193
- }
194
- ],
195
- "Version": "2012-10-17"
196
- }
197
- }
198
- },
199
- "testcloudfronts3S3LoggingBucketAutoDeleteObjectsCustomResource6EE37727": {
200
- "Type": "Custom::S3AutoDeleteObjects",
201
- "Properties": {
202
- "ServiceToken": {
203
- "Fn::GetAtt": [
204
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
205
- "Arn"
206
- ]
207
- },
208
- "BucketName": {
209
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
210
- }
211
- },
212
- "DependsOn": [
213
- "testcloudfronts3S3LoggingBucketPolicy529D4CFF"
214
- ],
215
- "UpdateReplacePolicy": "Delete",
216
- "DeletionPolicy": "Delete"
217
- },
218
- "testcloudfronts3S3BucketE0C5F76E": {
219
- "Type": "AWS::S3::Bucket",
220
- "Properties": {
221
- "BucketEncryption": {
222
- "ServerSideEncryptionConfiguration": [
223
- {
224
- "ServerSideEncryptionByDefault": {
225
- "SSEAlgorithm": "AES256"
226
- }
227
- }
228
- ]
229
- },
230
- "LifecycleConfiguration": {
231
- "Rules": [
232
- {
233
- "NoncurrentVersionTransitions": [
234
- {
235
- "StorageClass": "GLACIER",
236
- "TransitionInDays": 90
237
- }
238
- ],
239
- "Status": "Enabled"
240
- }
241
- ]
242
- },
243
- "LoggingConfiguration": {
244
- "DestinationBucketName": {
245
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
246
- }
247
- },
248
- "PublicAccessBlockConfiguration": {
249
- "BlockPublicAcls": true,
250
- "BlockPublicPolicy": true,
251
- "IgnorePublicAcls": true,
252
- "RestrictPublicBuckets": true
253
- },
254
- "Tags": [
255
- {
256
- "Key": "aws-cdk:auto-delete-objects",
257
- "Value": "true"
258
- }
259
- ],
260
- "VersioningConfiguration": {
261
- "Status": "Enabled"
262
- }
263
- },
264
- "UpdateReplacePolicy": "Delete",
265
- "DeletionPolicy": "Delete"
266
- },
267
- "testcloudfronts3S3BucketPolicy250F1F61": {
268
- "Type": "AWS::S3::BucketPolicy",
269
- "Properties": {
270
- "Bucket": {
271
- "Ref": "testcloudfronts3S3BucketE0C5F76E"
272
- },
273
- "PolicyDocument": {
274
- "Statement": [
275
- {
276
- "Action": "s3:*",
277
- "Condition": {
278
- "Bool": {
279
- "aws:SecureTransport": "false"
280
- }
281
- },
282
- "Effect": "Deny",
283
- "Principal": {
284
- "AWS": "*"
285
- },
286
- "Resource": [
287
- {
288
- "Fn::GetAtt": [
289
- "testcloudfronts3S3BucketE0C5F76E",
290
- "Arn"
291
- ]
292
- },
293
- {
294
- "Fn::Join": [
295
- "",
296
- [
297
- {
298
- "Fn::GetAtt": [
299
- "testcloudfronts3S3BucketE0C5F76E",
300
- "Arn"
301
- ]
302
- },
303
- "/*"
304
- ]
305
- ]
306
- }
307
- ]
308
- },
309
- {
310
- "Action": [
311
- "s3:PutBucketPolicy",
312
- "s3:GetBucket*",
313
- "s3:List*",
314
- "s3:DeleteObject*"
315
- ],
316
- "Effect": "Allow",
317
- "Principal": {
318
- "AWS": {
319
- "Fn::GetAtt": [
320
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
321
- "Arn"
322
- ]
323
- }
324
- },
325
- "Resource": [
326
- {
327
- "Fn::GetAtt": [
328
- "testcloudfronts3S3BucketE0C5F76E",
329
- "Arn"
330
- ]
331
- },
332
- {
333
- "Fn::Join": [
334
- "",
335
- [
336
- {
337
- "Fn::GetAtt": [
338
- "testcloudfronts3S3BucketE0C5F76E",
339
- "Arn"
340
- ]
341
- },
342
- "/*"
343
- ]
344
- ]
345
- }
346
- ]
347
- },
348
- {
349
- "Action": "s3:GetObject",
350
- "Condition": {
351
- "StringEquals": {
352
- "AWS:SourceArn": {
353
- "Fn::Join": [
354
- "",
355
- [
356
- "arn:aws:cloudfront::",
357
- {
358
- "Ref": "AWS::AccountId"
359
- },
360
- ":distribution/",
361
- {
362
- "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
363
- }
364
- ]
365
- ]
366
- }
367
- }
368
- },
369
- "Effect": "Allow",
370
- "Principal": {
371
- "Service": "cloudfront.amazonaws.com"
372
- },
373
- "Resource": {
374
- "Fn::Join": [
375
- "",
376
- [
377
- {
378
- "Fn::GetAtt": [
379
- "testcloudfronts3S3BucketE0C5F76E",
380
- "Arn"
381
- ]
382
- },
383
- "/*"
384
- ]
385
- ]
386
- }
387
- }
388
- ],
389
- "Version": "2012-10-17"
390
- }
391
- },
392
- "Metadata": {
393
- "cfn_nag": {
394
- "rules_to_suppress": [
395
- {
396
- "id": "F16",
397
- "reason": "Public website bucket policy requires a wildcard principal"
398
- }
399
- ]
400
- }
401
- }
402
- },
403
- "testcloudfronts3S3BucketAutoDeleteObjectsCustomResourceA13DD8F7": {
404
- "Type": "Custom::S3AutoDeleteObjects",
405
- "Properties": {
406
- "ServiceToken": {
407
- "Fn::GetAtt": [
408
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
409
- "Arn"
410
- ]
411
- },
412
- "BucketName": {
413
- "Ref": "testcloudfronts3S3BucketE0C5F76E"
414
- }
415
- },
416
- "DependsOn": [
417
- "testcloudfronts3S3BucketPolicy250F1F61"
418
- ],
419
- "UpdateReplacePolicy": "Delete",
420
- "DeletionPolicy": "Delete"
421
- },
422
- "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
423
- "Type": "AWS::CloudFront::Function",
424
- "Properties": {
425
- "AutoPublish": true,
426
- "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
427
- "FunctionConfig": {
428
- "Comment": "SetHttpSecurityHeadersc8da5865185980f6eb00e7dd351786a8b49cd2929e",
429
- "Runtime": "cloudfront-js-1.0"
430
- },
431
- "Name": "SetHttpSecurityHeadersc8da5865185980f6eb00e7dd351786a8b49cd2929e"
432
- }
433
- },
434
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
435
- "Type": "AWS::S3::Bucket",
436
- "Properties": {
437
- "BucketEncryption": {
438
- "ServerSideEncryptionConfiguration": [
439
- {
440
- "ServerSideEncryptionByDefault": {
441
- "SSEAlgorithm": "AES256"
442
- }
443
- }
444
- ]
445
- },
446
- "OwnershipControls": {
447
- "Rules": [
448
- {
449
- "ObjectOwnership": "ObjectWriter"
450
- }
451
- ]
452
- },
453
- "PublicAccessBlockConfiguration": {
454
- "BlockPublicAcls": true,
455
- "BlockPublicPolicy": true,
456
- "IgnorePublicAcls": true,
457
- "RestrictPublicBuckets": true
458
- },
459
- "Tags": [
460
- {
461
- "Key": "aws-cdk:auto-delete-objects",
462
- "Value": "true"
463
- }
464
- ],
465
- "VersioningConfiguration": {
466
- "Status": "Enabled"
467
- }
468
- },
469
- "UpdateReplacePolicy": "Delete",
470
- "DeletionPolicy": "Delete",
471
- "Metadata": {
472
- "cfn_nag": {
473
- "rules_to_suppress": [
474
- {
475
- "id": "W35",
476
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
477
- }
478
- ]
479
- }
480
- }
481
- },
482
- "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
483
- "Type": "AWS::S3::BucketPolicy",
484
- "Properties": {
485
- "Bucket": {
486
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
487
- },
488
- "PolicyDocument": {
489
- "Statement": [
490
- {
491
- "Action": "s3:*",
492
- "Condition": {
493
- "Bool": {
494
- "aws:SecureTransport": "false"
495
- }
496
- },
497
- "Effect": "Deny",
498
- "Principal": {
499
- "AWS": "*"
500
- },
501
- "Resource": [
502
- {
503
- "Fn::GetAtt": [
504
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
505
- "Arn"
506
- ]
507
- },
508
- {
509
- "Fn::Join": [
510
- "",
511
- [
512
- {
513
- "Fn::GetAtt": [
514
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
515
- "Arn"
516
- ]
517
- },
518
- "/*"
519
- ]
520
- ]
521
- }
522
- ]
523
- },
524
- {
525
- "Action": [
526
- "s3:PutBucketPolicy",
527
- "s3:GetBucket*",
528
- "s3:List*",
529
- "s3:DeleteObject*"
530
- ],
531
- "Effect": "Allow",
532
- "Principal": {
533
- "AWS": {
534
- "Fn::GetAtt": [
535
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
536
- "Arn"
537
- ]
538
- }
539
- },
540
- "Resource": [
541
- {
542
- "Fn::GetAtt": [
543
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
544
- "Arn"
545
- ]
546
- },
547
- {
548
- "Fn::Join": [
549
- "",
550
- [
551
- {
552
- "Fn::GetAtt": [
553
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
554
- "Arn"
555
- ]
556
- },
557
- "/*"
558
- ]
559
- ]
560
- }
561
- ]
562
- },
563
- {
564
- "Action": "s3:PutObject",
565
- "Condition": {
566
- "ArnLike": {
567
- "aws:SourceArn": {
568
- "Fn::GetAtt": [
569
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
570
- "Arn"
571
- ]
572
- }
573
- },
574
- "StringEquals": {
575
- "aws:SourceAccount": {
576
- "Ref": "AWS::AccountId"
577
- }
578
- }
579
- },
580
- "Effect": "Allow",
581
- "Principal": {
582
- "Service": "logging.s3.amazonaws.com"
583
- },
584
- "Resource": {
585
- "Fn::Join": [
586
- "",
587
- [
588
- {
589
- "Fn::GetAtt": [
590
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
591
- "Arn"
592
- ]
593
- },
594
- "/*"
595
- ]
596
- ]
597
- }
598
- }
599
- ],
600
- "Version": "2012-10-17"
601
- }
602
- }
603
- },
604
- "testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
605
- "Type": "Custom::S3AutoDeleteObjects",
606
- "Properties": {
607
- "ServiceToken": {
608
- "Fn::GetAtt": [
609
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
610
- "Arn"
611
- ]
612
- },
613
- "BucketName": {
614
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
615
- }
616
- },
617
- "DependsOn": [
618
- "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
619
- ],
620
- "UpdateReplacePolicy": "Delete",
621
- "DeletionPolicy": "Delete"
622
- },
623
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
624
- "Type": "AWS::S3::Bucket",
625
- "Properties": {
626
- "AccessControl": "LogDeliveryWrite",
627
- "BucketEncryption": {
628
- "ServerSideEncryptionConfiguration": [
629
- {
630
- "ServerSideEncryptionByDefault": {
631
- "SSEAlgorithm": "AES256"
632
- }
633
- }
634
- ]
635
- },
636
- "LoggingConfiguration": {
637
- "DestinationBucketName": {
638
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
639
- }
640
- },
641
- "OwnershipControls": {
642
- "Rules": [
643
- {
644
- "ObjectOwnership": "ObjectWriter"
645
- }
646
- ]
647
- },
648
- "PublicAccessBlockConfiguration": {
649
- "BlockPublicAcls": true,
650
- "BlockPublicPolicy": true,
651
- "IgnorePublicAcls": true,
652
- "RestrictPublicBuckets": true
653
- },
654
- "Tags": [
655
- {
656
- "Key": "aws-cdk:auto-delete-objects",
657
- "Value": "true"
658
- }
659
- ],
660
- "VersioningConfiguration": {
661
- "Status": "Enabled"
662
- }
663
- },
664
- "UpdateReplacePolicy": "Delete",
665
- "DeletionPolicy": "Delete"
666
- },
667
- "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
668
- "Type": "AWS::S3::BucketPolicy",
669
- "Properties": {
670
- "Bucket": {
671
- "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
672
- },
673
- "PolicyDocument": {
674
- "Statement": [
675
- {
676
- "Action": "s3:*",
677
- "Condition": {
678
- "Bool": {
679
- "aws:SecureTransport": "false"
680
- }
681
- },
682
- "Effect": "Deny",
683
- "Principal": {
684
- "AWS": "*"
685
- },
686
- "Resource": [
687
- {
688
- "Fn::GetAtt": [
689
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
690
- "Arn"
691
- ]
692
- },
693
- {
694
- "Fn::Join": [
695
- "",
696
- [
697
- {
698
- "Fn::GetAtt": [
699
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
700
- "Arn"
701
- ]
702
- },
703
- "/*"
704
- ]
705
- ]
706
- }
707
- ]
708
- },
709
- {
710
- "Action": [
711
- "s3:PutBucketPolicy",
712
- "s3:GetBucket*",
713
- "s3:List*",
714
- "s3:DeleteObject*"
715
- ],
716
- "Effect": "Allow",
717
- "Principal": {
718
- "AWS": {
719
- "Fn::GetAtt": [
720
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
721
- "Arn"
722
- ]
723
- }
724
- },
725
- "Resource": [
726
- {
727
- "Fn::GetAtt": [
728
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
729
- "Arn"
730
- ]
731
- },
732
- {
733
- "Fn::Join": [
734
- "",
735
- [
736
- {
737
- "Fn::GetAtt": [
738
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
739
- "Arn"
740
- ]
741
- },
742
- "/*"
743
- ]
744
- ]
745
- }
746
- ]
747
- }
748
- ],
749
- "Version": "2012-10-17"
750
- }
751
- }
752
- },
753
- "testcloudfronts3CloudfrontLoggingBucketAutoDeleteObjectsCustomResource19604D88": {
754
- "Type": "Custom::S3AutoDeleteObjects",
755
- "Properties": {
756
- "ServiceToken": {
757
- "Fn::GetAtt": [
758
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
759
- "Arn"
760
- ]
761
- },
762
- "BucketName": {
763
- "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
764
- }
765
- },
766
- "DependsOn": [
767
- "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B"
768
- ],
769
- "UpdateReplacePolicy": "Delete",
770
- "DeletionPolicy": "Delete"
771
- },
772
- "testcloudfronts3CloudFrontOac7A951AA6": {
773
- "Type": "AWS::CloudFront::OriginAccessControl",
774
- "Properties": {
775
- "OriginAccessControlConfig": {
776
- "Description": "Origin access control provisioned by aws-cloudfront-s3",
777
- "Name": {
778
- "Fn::Join": [
779
- "",
780
- [
781
- "aws-cloudfront-s3-testnt-s3-",
782
- {
783
- "Fn::Select": [
784
- 2,
785
- {
786
- "Fn::Split": [
787
- "/",
788
- {
789
- "Ref": "AWS::StackId"
790
- }
791
- ]
792
- }
793
- ]
794
- }
795
- ]
796
- ]
797
- },
798
- "OriginAccessControlOriginType": "s3",
799
- "SigningBehavior": "always",
800
- "SigningProtocol": "sigv4"
801
- }
802
- }
803
- },
804
- "testcloudfronts3CloudFrontDistribution0565DEE8": {
805
- "Type": "AWS::CloudFront::Distribution",
806
- "Properties": {
807
- "DistributionConfig": {
808
- "DefaultCacheBehavior": {
809
- "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
810
- "Compress": true,
811
- "FunctionAssociations": [
812
- {
813
- "EventType": "viewer-response",
814
- "FunctionARN": {
815
- "Fn::GetAtt": [
816
- "MyFunction3BAA72D1",
817
- "FunctionARN"
818
- ]
819
- }
820
- }
821
- ],
822
- "TargetOriginId": "cfts3customheaderstestcloudfronts3CloudFrontDistributionOrigin126E0E496",
823
- "ViewerProtocolPolicy": "redirect-to-https"
824
- },
825
- "DefaultRootObject": "index.html",
826
- "Enabled": true,
827
- "HttpVersion": "http2",
828
- "IPV6Enabled": true,
829
- "Logging": {
830
- "Bucket": {
831
- "Fn::GetAtt": [
832
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
833
- "RegionalDomainName"
834
- ]
835
- }
836
- },
837
- "Origins": [
838
- {
839
- "DomainName": {
840
- "Fn::GetAtt": [
841
- "testcloudfronts3S3BucketE0C5F76E",
842
- "RegionalDomainName"
843
- ]
844
- },
845
- "Id": "cfts3customheaderstestcloudfronts3CloudFrontDistributionOrigin126E0E496",
846
- "OriginAccessControlId": {
847
- "Fn::GetAtt": [
848
- "testcloudfronts3CloudFrontOac7A951AA6",
849
- "Id"
850
- ]
851
- },
852
- "S3OriginConfig": {
853
- "OriginAccessIdentity": ""
854
- }
855
- }
856
- ]
857
- }
858
- },
859
- "Metadata": {
860
- "cfn_nag": {
861
- "rules_to_suppress": [
862
- {
863
- "id": "W70",
864
- "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
865
- }
866
- ]
867
- }
868
- }
869
- },
870
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
871
- "Type": "AWS::IAM::Role",
872
- "Properties": {
873
- "AssumeRolePolicyDocument": {
874
- "Version": "2012-10-17",
875
- "Statement": [
876
- {
877
- "Action": "sts:AssumeRole",
878
- "Effect": "Allow",
879
- "Principal": {
880
- "Service": "lambda.amazonaws.com"
881
- }
882
- }
883
- ]
884
- },
885
- "ManagedPolicyArns": [
886
- {
887
- "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
888
- }
889
- ]
890
- }
891
- },
892
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
893
- "Type": "AWS::Lambda::Function",
894
- "Properties": {
895
- "Code": {
896
- "S3Bucket": {
897
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
898
- },
899
- "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
900
- },
901
- "Timeout": 900,
902
- "MemorySize": 128,
903
- "Handler": "index.handler",
904
- "Role": {
905
- "Fn::GetAtt": [
906
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
907
- "Arn"
908
- ]
909
- },
910
- "Runtime": "nodejs18.x",
911
- "Description": {
912
- "Fn::Join": [
913
- "",
914
- [
915
- "Lambda function for auto-deleting objects in ",
916
- {
917
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
918
- },
919
- " S3 bucket."
920
- ]
921
- ]
922
- }
923
- },
924
- "DependsOn": [
925
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
926
- ],
927
- "Metadata": {
928
- "cfn_nag": {
929
- "rules_to_suppress": [
930
- {
931
- "id": "W58",
932
- "reason": "CDK generated custom resource"
933
- },
934
- {
935
- "id": "W89",
936
- "reason": "CDK generated custom resource"
937
- },
938
- {
939
- "id": "W92",
940
- "reason": "CDK generated custom resource"
941
- }
942
- ]
943
- }
944
- }
945
- }
946
- },
947
- "Parameters": {
948
- "BootstrapVersion": {
949
- "Type": "AWS::SSM::Parameter::Value<String>",
950
- "Default": "/cdk-bootstrap/hnb659fds/version",
951
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
952
- }
953
- },
954
- "Rules": {
955
- "CheckBootstrapVersion": {
956
- "Assertions": [
957
- {
958
- "Assert": {
959
- "Fn::Not": [
960
- {
961
- "Fn::Contains": [
962
- [
963
- "1",
964
- "2",
965
- "3",
966
- "4",
967
- "5"
968
- ],
969
- {
970
- "Ref": "BootstrapVersion"
971
- }
972
- ]
973
- }
974
- ]
975
- },
976
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
977
- }
978
- ]
979
- }
980
- }
981
- }