@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -1,700 +0,0 @@
1
- {
2
- "Description": "Integration Test for aws-cloudfront-s3 custom CloudFront Logging Bubkcet",
3
- "Resources": {
4
- "testcloudfronts3S3LoggingBucket90D239DD": {
5
- "Type": "AWS::S3::Bucket",
6
- "Properties": {
7
- "BucketEncryption": {
8
- "ServerSideEncryptionConfiguration": [
9
- {
10
- "ServerSideEncryptionByDefault": {
11
- "SSEAlgorithm": "AES256"
12
- }
13
- }
14
- ]
15
- },
16
- "PublicAccessBlockConfiguration": {
17
- "BlockPublicAcls": true,
18
- "BlockPublicPolicy": true,
19
- "IgnorePublicAcls": true,
20
- "RestrictPublicBuckets": true
21
- },
22
- "VersioningConfiguration": {
23
- "Status": "Enabled"
24
- }
25
- },
26
- "UpdateReplacePolicy": "Delete",
27
- "DeletionPolicy": "Delete",
28
- "Metadata": {
29
- "cfn_nag": {
30
- "rules_to_suppress": [
31
- {
32
- "id": "W35",
33
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
34
- }
35
- ]
36
- }
37
- }
38
- },
39
- "testcloudfronts3S3LoggingBucketPolicy529D4CFF": {
40
- "Type": "AWS::S3::BucketPolicy",
41
- "Properties": {
42
- "Bucket": {
43
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
44
- },
45
- "PolicyDocument": {
46
- "Statement": [
47
- {
48
- "Action": "s3:*",
49
- "Condition": {
50
- "Bool": {
51
- "aws:SecureTransport": "false"
52
- }
53
- },
54
- "Effect": "Deny",
55
- "Principal": {
56
- "AWS": "*"
57
- },
58
- "Resource": [
59
- {
60
- "Fn::GetAtt": [
61
- "testcloudfronts3S3LoggingBucket90D239DD",
62
- "Arn"
63
- ]
64
- },
65
- {
66
- "Fn::Join": [
67
- "",
68
- [
69
- {
70
- "Fn::GetAtt": [
71
- "testcloudfronts3S3LoggingBucket90D239DD",
72
- "Arn"
73
- ]
74
- },
75
- "/*"
76
- ]
77
- ]
78
- }
79
- ]
80
- },
81
- {
82
- "Action": "s3:PutObject",
83
- "Condition": {
84
- "ArnLike": {
85
- "aws:SourceArn": {
86
- "Fn::GetAtt": [
87
- "testcloudfronts3S3BucketE0C5F76E",
88
- "Arn"
89
- ]
90
- }
91
- },
92
- "StringEquals": {
93
- "aws:SourceAccount": {
94
- "Ref": "AWS::AccountId"
95
- }
96
- }
97
- },
98
- "Effect": "Allow",
99
- "Principal": {
100
- "Service": "logging.s3.amazonaws.com"
101
- },
102
- "Resource": {
103
- "Fn::Join": [
104
- "",
105
- [
106
- {
107
- "Fn::GetAtt": [
108
- "testcloudfronts3S3LoggingBucket90D239DD",
109
- "Arn"
110
- ]
111
- },
112
- "/*"
113
- ]
114
- ]
115
- }
116
- }
117
- ],
118
- "Version": "2012-10-17"
119
- }
120
- }
121
- },
122
- "testcloudfronts3S3BucketE0C5F76E": {
123
- "Type": "AWS::S3::Bucket",
124
- "Properties": {
125
- "BucketEncryption": {
126
- "ServerSideEncryptionConfiguration": [
127
- {
128
- "ServerSideEncryptionByDefault": {
129
- "SSEAlgorithm": "AES256"
130
- }
131
- }
132
- ]
133
- },
134
- "LifecycleConfiguration": {
135
- "Rules": [
136
- {
137
- "NoncurrentVersionTransitions": [
138
- {
139
- "StorageClass": "GLACIER",
140
- "TransitionInDays": 90
141
- }
142
- ],
143
- "Status": "Enabled"
144
- }
145
- ]
146
- },
147
- "LoggingConfiguration": {
148
- "DestinationBucketName": {
149
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
150
- }
151
- },
152
- "PublicAccessBlockConfiguration": {
153
- "BlockPublicAcls": true,
154
- "BlockPublicPolicy": true,
155
- "IgnorePublicAcls": true,
156
- "RestrictPublicBuckets": true
157
- },
158
- "Tags": [
159
- {
160
- "Key": "aws-cdk:auto-delete-objects",
161
- "Value": "true"
162
- }
163
- ],
164
- "VersioningConfiguration": {
165
- "Status": "Enabled"
166
- }
167
- },
168
- "UpdateReplacePolicy": "Delete",
169
- "DeletionPolicy": "Delete"
170
- },
171
- "testcloudfronts3S3BucketPolicy250F1F61": {
172
- "Type": "AWS::S3::BucketPolicy",
173
- "Properties": {
174
- "Bucket": {
175
- "Ref": "testcloudfronts3S3BucketE0C5F76E"
176
- },
177
- "PolicyDocument": {
178
- "Statement": [
179
- {
180
- "Action": "s3:*",
181
- "Condition": {
182
- "Bool": {
183
- "aws:SecureTransport": "false"
184
- }
185
- },
186
- "Effect": "Deny",
187
- "Principal": {
188
- "AWS": "*"
189
- },
190
- "Resource": [
191
- {
192
- "Fn::GetAtt": [
193
- "testcloudfronts3S3BucketE0C5F76E",
194
- "Arn"
195
- ]
196
- },
197
- {
198
- "Fn::Join": [
199
- "",
200
- [
201
- {
202
- "Fn::GetAtt": [
203
- "testcloudfronts3S3BucketE0C5F76E",
204
- "Arn"
205
- ]
206
- },
207
- "/*"
208
- ]
209
- ]
210
- }
211
- ]
212
- },
213
- {
214
- "Action": [
215
- "s3:PutBucketPolicy",
216
- "s3:GetBucket*",
217
- "s3:List*",
218
- "s3:DeleteObject*"
219
- ],
220
- "Effect": "Allow",
221
- "Principal": {
222
- "AWS": {
223
- "Fn::GetAtt": [
224
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
225
- "Arn"
226
- ]
227
- }
228
- },
229
- "Resource": [
230
- {
231
- "Fn::GetAtt": [
232
- "testcloudfronts3S3BucketE0C5F76E",
233
- "Arn"
234
- ]
235
- },
236
- {
237
- "Fn::Join": [
238
- "",
239
- [
240
- {
241
- "Fn::GetAtt": [
242
- "testcloudfronts3S3BucketE0C5F76E",
243
- "Arn"
244
- ]
245
- },
246
- "/*"
247
- ]
248
- ]
249
- }
250
- ]
251
- },
252
- {
253
- "Action": "s3:GetObject",
254
- "Condition": {
255
- "StringEquals": {
256
- "AWS:SourceArn": {
257
- "Fn::Join": [
258
- "",
259
- [
260
- "arn:aws:cloudfront::",
261
- {
262
- "Ref": "AWS::AccountId"
263
- },
264
- ":distribution/",
265
- {
266
- "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
267
- }
268
- ]
269
- ]
270
- }
271
- }
272
- },
273
- "Effect": "Allow",
274
- "Principal": {
275
- "Service": "cloudfront.amazonaws.com"
276
- },
277
- "Resource": {
278
- "Fn::Join": [
279
- "",
280
- [
281
- {
282
- "Fn::GetAtt": [
283
- "testcloudfronts3S3BucketE0C5F76E",
284
- "Arn"
285
- ]
286
- },
287
- "/*"
288
- ]
289
- ]
290
- }
291
- }
292
- ],
293
- "Version": "2012-10-17"
294
- }
295
- },
296
- "Metadata": {
297
- "cfn_nag": {
298
- "rules_to_suppress": [
299
- {
300
- "id": "F16",
301
- "reason": "Public website bucket policy requires a wildcard principal"
302
- }
303
- ]
304
- }
305
- }
306
- },
307
- "testcloudfronts3S3BucketAutoDeleteObjectsCustomResourceA13DD8F7": {
308
- "Type": "Custom::S3AutoDeleteObjects",
309
- "Properties": {
310
- "ServiceToken": {
311
- "Fn::GetAtt": [
312
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
313
- "Arn"
314
- ]
315
- },
316
- "BucketName": {
317
- "Ref": "testcloudfronts3S3BucketE0C5F76E"
318
- }
319
- },
320
- "DependsOn": [
321
- "testcloudfronts3S3BucketPolicy250F1F61"
322
- ],
323
- "UpdateReplacePolicy": "Delete",
324
- "DeletionPolicy": "Delete"
325
- },
326
- "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
327
- "Type": "AWS::CloudFront::Function",
328
- "Properties": {
329
- "AutoPublish": true,
330
- "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
331
- "FunctionConfig": {
332
- "Comment": "SetHttpSecurityHeadersc853f5cf48adabb9680b666a0c549e9b779fe54127",
333
- "Runtime": "cloudfront-js-1.0"
334
- },
335
- "Name": "SetHttpSecurityHeadersc853f5cf48adabb9680b666a0c549e9b779fe54127"
336
- }
337
- },
338
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
339
- "Type": "AWS::S3::Bucket",
340
- "Properties": {
341
- "AccessControl": "LogDeliveryWrite",
342
- "BucketEncryption": {
343
- "ServerSideEncryptionConfiguration": [
344
- {
345
- "ServerSideEncryptionByDefault": {
346
- "SSEAlgorithm": "AES256"
347
- }
348
- }
349
- ]
350
- },
351
- "OwnershipControls": {
352
- "Rules": [
353
- {
354
- "ObjectOwnership": "ObjectWriter"
355
- }
356
- ]
357
- },
358
- "PublicAccessBlockConfiguration": {
359
- "BlockPublicAcls": true,
360
- "BlockPublicPolicy": true,
361
- "IgnorePublicAcls": true,
362
- "RestrictPublicBuckets": true
363
- },
364
- "Tags": [
365
- {
366
- "Key": "aws-cdk:auto-delete-objects",
367
- "Value": "true"
368
- }
369
- ],
370
- "VersioningConfiguration": {
371
- "Status": "Enabled"
372
- }
373
- },
374
- "UpdateReplacePolicy": "Delete",
375
- "DeletionPolicy": "Delete",
376
- "Metadata": {
377
- "cfn_nag": {
378
- "rules_to_suppress": [
379
- {
380
- "id": "W35",
381
- "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution"
382
- }
383
- ]
384
- }
385
- }
386
- },
387
- "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
388
- "Type": "AWS::S3::BucketPolicy",
389
- "Properties": {
390
- "Bucket": {
391
- "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
392
- },
393
- "PolicyDocument": {
394
- "Statement": [
395
- {
396
- "Action": "s3:*",
397
- "Condition": {
398
- "Bool": {
399
- "aws:SecureTransport": "false"
400
- }
401
- },
402
- "Effect": "Deny",
403
- "Principal": {
404
- "AWS": "*"
405
- },
406
- "Resource": [
407
- {
408
- "Fn::GetAtt": [
409
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
410
- "Arn"
411
- ]
412
- },
413
- {
414
- "Fn::Join": [
415
- "",
416
- [
417
- {
418
- "Fn::GetAtt": [
419
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
420
- "Arn"
421
- ]
422
- },
423
- "/*"
424
- ]
425
- ]
426
- }
427
- ]
428
- },
429
- {
430
- "Action": [
431
- "s3:PutBucketPolicy",
432
- "s3:GetBucket*",
433
- "s3:List*",
434
- "s3:DeleteObject*"
435
- ],
436
- "Effect": "Allow",
437
- "Principal": {
438
- "AWS": {
439
- "Fn::GetAtt": [
440
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
441
- "Arn"
442
- ]
443
- }
444
- },
445
- "Resource": [
446
- {
447
- "Fn::GetAtt": [
448
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
449
- "Arn"
450
- ]
451
- },
452
- {
453
- "Fn::Join": [
454
- "",
455
- [
456
- {
457
- "Fn::GetAtt": [
458
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
459
- "Arn"
460
- ]
461
- },
462
- "/*"
463
- ]
464
- ]
465
- }
466
- ]
467
- }
468
- ],
469
- "Version": "2012-10-17"
470
- }
471
- }
472
- },
473
- "testcloudfronts3CloudfrontLoggingBucketAutoDeleteObjectsCustomResource19604D88": {
474
- "Type": "Custom::S3AutoDeleteObjects",
475
- "Properties": {
476
- "ServiceToken": {
477
- "Fn::GetAtt": [
478
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
479
- "Arn"
480
- ]
481
- },
482
- "BucketName": {
483
- "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
484
- }
485
- },
486
- "DependsOn": [
487
- "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B"
488
- ],
489
- "UpdateReplacePolicy": "Delete",
490
- "DeletionPolicy": "Delete"
491
- },
492
- "testcloudfronts3CloudFrontOac7A951AA6": {
493
- "Type": "AWS::CloudFront::OriginAccessControl",
494
- "Properties": {
495
- "OriginAccessControlConfig": {
496
- "Name": {
497
- "Fn::Join": [
498
- "",
499
- [
500
- "-",
501
- {
502
- "Fn::Select": [
503
- 2,
504
- {
505
- "Fn::Split": [
506
- "/",
507
- {
508
- "Ref": "AWS::StackId"
509
- }
510
- ]
511
- }
512
- ]
513
- }
514
- ]
515
- ]
516
- },
517
- "OriginAccessControlOriginType": "s3",
518
- "SigningBehavior": "always",
519
- "SigningProtocol": "sigv4"
520
- }
521
- }
522
- },
523
- "testcloudfronts3CloudFrontDistribution0565DEE8": {
524
- "Type": "AWS::CloudFront::Distribution",
525
- "Properties": {
526
- "DistributionConfig": {
527
- "DefaultCacheBehavior": {
528
- "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
529
- "Compress": true,
530
- "FunctionAssociations": [
531
- {
532
- "EventType": "viewer-response",
533
- "FunctionARN": {
534
- "Fn::GetAtt": [
535
- "testcloudfronts3SetHttpSecurityHeaders6C5A1E69",
536
- "FunctionARN"
537
- ]
538
- }
539
- }
540
- ],
541
- "TargetOriginId": "cfts3customCloudFrontLoggingBuckettestcloudfronts3CloudFrontDistributionOrigin18A4ECB64",
542
- "ViewerProtocolPolicy": "redirect-to-https"
543
- },
544
- "DefaultRootObject": "index.html",
545
- "Enabled": true,
546
- "HttpVersion": "http2",
547
- "IPV6Enabled": true,
548
- "Logging": {
549
- "Bucket": {
550
- "Fn::GetAtt": [
551
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
552
- "RegionalDomainName"
553
- ]
554
- }
555
- },
556
- "Origins": [
557
- {
558
- "DomainName": {
559
- "Fn::GetAtt": [
560
- "testcloudfronts3S3BucketE0C5F76E",
561
- "RegionalDomainName"
562
- ]
563
- },
564
- "Id": "cfts3customCloudFrontLoggingBuckettestcloudfronts3CloudFrontDistributionOrigin18A4ECB64",
565
- "OriginAccessControlId": {
566
- "Fn::GetAtt": [
567
- "testcloudfronts3CloudFrontOac7A951AA6",
568
- "Id"
569
- ]
570
- },
571
- "S3OriginConfig": {
572
- "OriginAccessIdentity": ""
573
- }
574
- }
575
- ]
576
- }
577
- },
578
- "Metadata": {
579
- "cfn_nag": {
580
- "rules_to_suppress": [
581
- {
582
- "id": "W70",
583
- "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
584
- }
585
- ]
586
- }
587
- }
588
- },
589
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
590
- "Type": "AWS::IAM::Role",
591
- "Properties": {
592
- "AssumeRolePolicyDocument": {
593
- "Version": "2012-10-17",
594
- "Statement": [
595
- {
596
- "Action": "sts:AssumeRole",
597
- "Effect": "Allow",
598
- "Principal": {
599
- "Service": "lambda.amazonaws.com"
600
- }
601
- }
602
- ]
603
- },
604
- "ManagedPolicyArns": [
605
- {
606
- "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
607
- }
608
- ]
609
- }
610
- },
611
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
612
- "Type": "AWS::Lambda::Function",
613
- "Properties": {
614
- "Code": {
615
- "S3Bucket": {
616
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
617
- },
618
- "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
619
- },
620
- "Timeout": 900,
621
- "MemorySize": 128,
622
- "Handler": "index.handler",
623
- "Role": {
624
- "Fn::GetAtt": [
625
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
626
- "Arn"
627
- ]
628
- },
629
- "Runtime": "nodejs18.x",
630
- "Description": {
631
- "Fn::Join": [
632
- "",
633
- [
634
- "Lambda function for auto-deleting objects in ",
635
- {
636
- "Ref": "testcloudfronts3S3BucketE0C5F76E"
637
- },
638
- " S3 bucket."
639
- ]
640
- ]
641
- }
642
- },
643
- "DependsOn": [
644
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
645
- ],
646
- "Metadata": {
647
- "cfn_nag": {
648
- "rules_to_suppress": [
649
- {
650
- "id": "W58",
651
- "reason": "CDK generated custom resource"
652
- },
653
- {
654
- "id": "W89",
655
- "reason": "CDK generated custom resource"
656
- },
657
- {
658
- "id": "W92",
659
- "reason": "CDK generated custom resource"
660
- }
661
- ]
662
- }
663
- }
664
- }
665
- },
666
- "Parameters": {
667
- "BootstrapVersion": {
668
- "Type": "AWS::SSM::Parameter::Value<String>",
669
- "Default": "/cdk-bootstrap/hnb659fds/version",
670
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
671
- }
672
- },
673
- "Rules": {
674
- "CheckBootstrapVersion": {
675
- "Assertions": [
676
- {
677
- "Assert": {
678
- "Fn::Not": [
679
- {
680
- "Fn::Contains": [
681
- [
682
- "1",
683
- "2",
684
- "3",
685
- "4",
686
- "5"
687
- ],
688
- {
689
- "Ref": "BootstrapVersion"
690
- }
691
- ]
692
- }
693
- ]
694
- },
695
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
696
- }
697
- ]
698
- }
699
- }
700
- }