@aws-solutions-constructs/aws-cloudfront-s3 2.51.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +11 -10
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +6 -3
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +45 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +960 -0
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +19 -0
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.template.json +36 -0
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +221 -0
  21. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1326 -0
  22. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +6 -3
  23. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
  24. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +19 -0
  25. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +594 -0
  26. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +19 -0
  27. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.template.json +36 -0
  28. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
  29. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +167 -0
  30. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +790 -0
  31. package/test/integ.cfts3-bucket-with-http-origin.js +6 -3
  32. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +1 -0
  33. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +19 -0
  34. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +559 -0
  35. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +19 -0
  36. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +36 -0
  37. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +12 -0
  38. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +161 -0
  39. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +753 -0
  40. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +6 -3
  41. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.d.ts +30 -0
  42. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +127 -0
  43. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +1 -0
  44. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/consts.js +1 -0
  45. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/framework.js +3 -0
  46. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +1 -0
  47. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/util.js +1 -0
  48. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -0
  49. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +45 -0
  50. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +960 -0
  51. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +19 -0
  52. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.template.json +36 -0
  53. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +12 -0
  54. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +221 -0
  55. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1326 -0
  56. package/test/integ.cfts3-custom-headers.js +6 -3
  57. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  58. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -0
  59. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +32 -0
  60. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +981 -0
  61. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +19 -0
  62. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.template.json +36 -0
  63. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +12 -0
  64. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +215 -0
  65. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1167 -0
  66. package/test/integ.cfts3-custom-originPath.js +6 -3
  67. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  68. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -0
  69. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +32 -0
  70. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +950 -0
  71. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +19 -0
  72. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.template.json +36 -0
  73. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +12 -0
  74. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +209 -0
  75. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1117 -0
  76. package/test/integ.cfts3-customLoggingBuckets.js +6 -3
  77. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
  79. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +32 -0
  80. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +987 -0
  81. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +19 -0
  82. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.template.json +36 -0
  83. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +12 -0
  84. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +209 -0
  85. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1156 -0
  86. package/test/integ.cfts3-existing-bucket.js +6 -3
  87. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  88. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -0
  89. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +32 -0
  90. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1014 -0
  91. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +19 -0
  92. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.template.json +36 -0
  93. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +12 -0
  94. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +221 -0
  95. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1229 -0
  96. package/test/integ.cfts3-no-arguments.js +6 -3
  97. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  98. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -0
  99. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +32 -0
  100. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +959 -0
  101. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +19 -0
  102. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.template.json +36 -0
  103. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +12 -0
  104. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +209 -0
  105. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1117 -0
  106. package/test/integ.cfts3-no-security-headers.js +6 -3
  107. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +1 -0
  108. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -0
  109. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +32 -0
  110. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +926 -0
  111. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +19 -0
  112. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.template.json +36 -0
  113. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +12 -0
  114. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +203 -0
  115. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1076 -0
  116. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +0 -960
  117. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +0 -594
  118. package/test/integ.cfts3-bucket-with-http-origin.expected.json +0 -559
  119. package/test/integ.cfts3-cmk-encryption.expected.json +0 -527
  120. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +0 -960
  121. package/test/integ.cfts3-custom-headers.expected.json +0 -981
  122. package/test/integ.cfts3-custom-originPath.expected.json +0 -950
  123. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +0 -700
  124. package/test/integ.cfts3-customLoggingBuckets.expected.json +0 -987
  125. package/test/integ.cfts3-existing-bucket.expected.json +0 -1014
  126. package/test/integ.cfts3-no-arguments.expected.json +0 -959
  127. package/test/integ.cfts3-no-security-headers.expected.json +0 -926
@@ -1,959 +0,0 @@
1
- {
2
- "Description": "Integration Test for aws-cloudfront-s3",
3
- "Resources": {
4
- "testcloudfronts3S3LoggingBucket90D239DD": {
5
- "Type": "AWS::S3::Bucket",
6
- "Properties": {
7
- "BucketEncryption": {
8
- "ServerSideEncryptionConfiguration": [
9
- {
10
- "ServerSideEncryptionByDefault": {
11
- "SSEAlgorithm": "AES256"
12
- }
13
- }
14
- ]
15
- },
16
- "PublicAccessBlockConfiguration": {
17
- "BlockPublicAcls": true,
18
- "BlockPublicPolicy": true,
19
- "IgnorePublicAcls": true,
20
- "RestrictPublicBuckets": true
21
- },
22
- "Tags": [
23
- {
24
- "Key": "aws-cdk:auto-delete-objects",
25
- "Value": "true"
26
- }
27
- ],
28
- "VersioningConfiguration": {
29
- "Status": "Enabled"
30
- }
31
- },
32
- "UpdateReplacePolicy": "Delete",
33
- "DeletionPolicy": "Delete",
34
- "Metadata": {
35
- "cfn_nag": {
36
- "rules_to_suppress": [
37
- {
38
- "id": "W35",
39
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
40
- }
41
- ]
42
- }
43
- }
44
- },
45
- "testcloudfronts3S3LoggingBucketPolicy529D4CFF": {
46
- "Type": "AWS::S3::BucketPolicy",
47
- "Properties": {
48
- "Bucket": {
49
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
50
- },
51
- "PolicyDocument": {
52
- "Statement": [
53
- {
54
- "Action": "s3:*",
55
- "Condition": {
56
- "Bool": {
57
- "aws:SecureTransport": "false"
58
- }
59
- },
60
- "Effect": "Deny",
61
- "Principal": {
62
- "AWS": "*"
63
- },
64
- "Resource": [
65
- {
66
- "Fn::GetAtt": [
67
- "testcloudfronts3S3LoggingBucket90D239DD",
68
- "Arn"
69
- ]
70
- },
71
- {
72
- "Fn::Join": [
73
- "",
74
- [
75
- {
76
- "Fn::GetAtt": [
77
- "testcloudfronts3S3LoggingBucket90D239DD",
78
- "Arn"
79
- ]
80
- },
81
- "/*"
82
- ]
83
- ]
84
- }
85
- ]
86
- },
87
- {
88
- "Action": [
89
- "s3:PutBucketPolicy",
90
- "s3:GetBucket*",
91
- "s3:List*",
92
- "s3:DeleteObject*"
93
- ],
94
- "Effect": "Allow",
95
- "Principal": {
96
- "AWS": {
97
- "Fn::GetAtt": [
98
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
99
- "Arn"
100
- ]
101
- }
102
- },
103
- "Resource": [
104
- {
105
- "Fn::GetAtt": [
106
- "testcloudfronts3S3LoggingBucket90D239DD",
107
- "Arn"
108
- ]
109
- },
110
- {
111
- "Fn::Join": [
112
- "",
113
- [
114
- {
115
- "Fn::GetAtt": [
116
- "testcloudfronts3S3LoggingBucket90D239DD",
117
- "Arn"
118
- ]
119
- },
120
- "/*"
121
- ]
122
- ]
123
- }
124
- ]
125
- },
126
- {
127
- "Action": "s3:PutObject",
128
- "Condition": {
129
- "ArnLike": {
130
- "aws:SourceArn": {
131
- "Fn::GetAtt": [
132
- "testcloudfronts3S3BucketE0C5F76E",
133
- "Arn"
134
- ]
135
- }
136
- },
137
- "StringEquals": {
138
- "aws:SourceAccount": {
139
- "Ref": "AWS::AccountId"
140
- }
141
- }
142
- },
143
- "Effect": "Allow",
144
- "Principal": {
145
- "Service": "logging.s3.amazonaws.com"
146
- },
147
- "Resource": {
148
- "Fn::Join": [
149
- "",
150
- [
151
- {
152
- "Fn::GetAtt": [
153
- "testcloudfronts3S3LoggingBucket90D239DD",
154
- "Arn"
155
- ]
156
- },
157
- "/*"
158
- ]
159
- ]
160
- }
161
- }
162
- ],
163
- "Version": "2012-10-17"
164
- }
165
- }
166
- },
167
- "testcloudfronts3S3LoggingBucketAutoDeleteObjectsCustomResource6EE37727": {
168
- "Type": "Custom::S3AutoDeleteObjects",
169
- "Properties": {
170
- "ServiceToken": {
171
- "Fn::GetAtt": [
172
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
173
- "Arn"
174
- ]
175
- },
176
- "BucketName": {
177
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
178
- }
179
- },
180
- "DependsOn": [
181
- "testcloudfronts3S3LoggingBucketPolicy529D4CFF"
182
- ],
183
- "UpdateReplacePolicy": "Delete",
184
- "DeletionPolicy": "Delete"
185
- },
186
- "testcloudfronts3S3BucketE0C5F76E": {
187
- "Type": "AWS::S3::Bucket",
188
- "Properties": {
189
- "BucketEncryption": {
190
- "ServerSideEncryptionConfiguration": [
191
- {
192
- "ServerSideEncryptionByDefault": {
193
- "SSEAlgorithm": "AES256"
194
- }
195
- }
196
- ]
197
- },
198
- "LifecycleConfiguration": {
199
- "Rules": [
200
- {
201
- "NoncurrentVersionTransitions": [
202
- {
203
- "StorageClass": "GLACIER",
204
- "TransitionInDays": 90
205
- }
206
- ],
207
- "Status": "Enabled"
208
- }
209
- ]
210
- },
211
- "LoggingConfiguration": {
212
- "DestinationBucketName": {
213
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
214
- }
215
- },
216
- "PublicAccessBlockConfiguration": {
217
- "BlockPublicAcls": true,
218
- "BlockPublicPolicy": true,
219
- "IgnorePublicAcls": true,
220
- "RestrictPublicBuckets": true
221
- },
222
- "Tags": [
223
- {
224
- "Key": "aws-cdk:auto-delete-objects",
225
- "Value": "true"
226
- }
227
- ],
228
- "VersioningConfiguration": {
229
- "Status": "Enabled"
230
- }
231
- },
232
- "UpdateReplacePolicy": "Delete",
233
- "DeletionPolicy": "Delete",
234
- "Metadata": {
235
- "cfn_nag": {
236
- "rules_to_suppress": [
237
- {
238
- "id": "W35",
239
- "reason": "This S3 bucket is created for unit/ integration testing purposes only."
240
- }
241
- ]
242
- }
243
- }
244
- },
245
- "testcloudfronts3S3BucketPolicy250F1F61": {
246
- "Type": "AWS::S3::BucketPolicy",
247
- "Properties": {
248
- "Bucket": {
249
- "Ref": "testcloudfronts3S3BucketE0C5F76E"
250
- },
251
- "PolicyDocument": {
252
- "Statement": [
253
- {
254
- "Action": "s3:*",
255
- "Condition": {
256
- "Bool": {
257
- "aws:SecureTransport": "false"
258
- }
259
- },
260
- "Effect": "Deny",
261
- "Principal": {
262
- "AWS": "*"
263
- },
264
- "Resource": [
265
- {
266
- "Fn::GetAtt": [
267
- "testcloudfronts3S3BucketE0C5F76E",
268
- "Arn"
269
- ]
270
- },
271
- {
272
- "Fn::Join": [
273
- "",
274
- [
275
- {
276
- "Fn::GetAtt": [
277
- "testcloudfronts3S3BucketE0C5F76E",
278
- "Arn"
279
- ]
280
- },
281
- "/*"
282
- ]
283
- ]
284
- }
285
- ]
286
- },
287
- {
288
- "Action": [
289
- "s3:PutBucketPolicy",
290
- "s3:GetBucket*",
291
- "s3:List*",
292
- "s3:DeleteObject*"
293
- ],
294
- "Effect": "Allow",
295
- "Principal": {
296
- "AWS": {
297
- "Fn::GetAtt": [
298
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
299
- "Arn"
300
- ]
301
- }
302
- },
303
- "Resource": [
304
- {
305
- "Fn::GetAtt": [
306
- "testcloudfronts3S3BucketE0C5F76E",
307
- "Arn"
308
- ]
309
- },
310
- {
311
- "Fn::Join": [
312
- "",
313
- [
314
- {
315
- "Fn::GetAtt": [
316
- "testcloudfronts3S3BucketE0C5F76E",
317
- "Arn"
318
- ]
319
- },
320
- "/*"
321
- ]
322
- ]
323
- }
324
- ]
325
- },
326
- {
327
- "Action": "s3:GetObject",
328
- "Condition": {
329
- "StringEquals": {
330
- "AWS:SourceArn": {
331
- "Fn::Join": [
332
- "",
333
- [
334
- "arn:aws:cloudfront::",
335
- {
336
- "Ref": "AWS::AccountId"
337
- },
338
- ":distribution/",
339
- {
340
- "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
341
- }
342
- ]
343
- ]
344
- }
345
- }
346
- },
347
- "Effect": "Allow",
348
- "Principal": {
349
- "Service": "cloudfront.amazonaws.com"
350
- },
351
- "Resource": {
352
- "Fn::Join": [
353
- "",
354
- [
355
- {
356
- "Fn::GetAtt": [
357
- "testcloudfronts3S3BucketE0C5F76E",
358
- "Arn"
359
- ]
360
- },
361
- "/*"
362
- ]
363
- ]
364
- }
365
- }
366
- ],
367
- "Version": "2012-10-17"
368
- }
369
- },
370
- "Metadata": {
371
- "cfn_nag": {
372
- "rules_to_suppress": [
373
- {
374
- "id": "F16",
375
- "reason": "Public website bucket policy requires a wildcard principal"
376
- }
377
- ]
378
- }
379
- }
380
- },
381
- "testcloudfronts3S3BucketAutoDeleteObjectsCustomResourceA13DD8F7": {
382
- "Type": "Custom::S3AutoDeleteObjects",
383
- "Properties": {
384
- "ServiceToken": {
385
- "Fn::GetAtt": [
386
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
387
- "Arn"
388
- ]
389
- },
390
- "BucketName": {
391
- "Ref": "testcloudfronts3S3BucketE0C5F76E"
392
- }
393
- },
394
- "DependsOn": [
395
- "testcloudfronts3S3BucketPolicy250F1F61"
396
- ],
397
- "UpdateReplacePolicy": "Delete",
398
- "DeletionPolicy": "Delete"
399
- },
400
- "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
401
- "Type": "AWS::CloudFront::Function",
402
- "Properties": {
403
- "AutoPublish": true,
404
- "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
405
- "FunctionConfig": {
406
- "Comment": "SetHttpSecurityHeadersc88b3e0fe5ebfb7f401b410752c35f74a3678d5cb1",
407
- "Runtime": "cloudfront-js-1.0"
408
- },
409
- "Name": "SetHttpSecurityHeadersc88b3e0fe5ebfb7f401b410752c35f74a3678d5cb1"
410
- }
411
- },
412
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
413
- "Type": "AWS::S3::Bucket",
414
- "Properties": {
415
- "BucketEncryption": {
416
- "ServerSideEncryptionConfiguration": [
417
- {
418
- "ServerSideEncryptionByDefault": {
419
- "SSEAlgorithm": "AES256"
420
- }
421
- }
422
- ]
423
- },
424
- "OwnershipControls": {
425
- "Rules": [
426
- {
427
- "ObjectOwnership": "ObjectWriter"
428
- }
429
- ]
430
- },
431
- "PublicAccessBlockConfiguration": {
432
- "BlockPublicAcls": true,
433
- "BlockPublicPolicy": true,
434
- "IgnorePublicAcls": true,
435
- "RestrictPublicBuckets": true
436
- },
437
- "Tags": [
438
- {
439
- "Key": "aws-cdk:auto-delete-objects",
440
- "Value": "true"
441
- }
442
- ],
443
- "VersioningConfiguration": {
444
- "Status": "Enabled"
445
- }
446
- },
447
- "UpdateReplacePolicy": "Delete",
448
- "DeletionPolicy": "Delete",
449
- "Metadata": {
450
- "cfn_nag": {
451
- "rules_to_suppress": [
452
- {
453
- "id": "W35",
454
- "reason": "This S3 bucket is used as the access logging bucket for another bucket"
455
- }
456
- ]
457
- }
458
- }
459
- },
460
- "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
461
- "Type": "AWS::S3::BucketPolicy",
462
- "Properties": {
463
- "Bucket": {
464
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
465
- },
466
- "PolicyDocument": {
467
- "Statement": [
468
- {
469
- "Action": "s3:*",
470
- "Condition": {
471
- "Bool": {
472
- "aws:SecureTransport": "false"
473
- }
474
- },
475
- "Effect": "Deny",
476
- "Principal": {
477
- "AWS": "*"
478
- },
479
- "Resource": [
480
- {
481
- "Fn::GetAtt": [
482
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
483
- "Arn"
484
- ]
485
- },
486
- {
487
- "Fn::Join": [
488
- "",
489
- [
490
- {
491
- "Fn::GetAtt": [
492
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
493
- "Arn"
494
- ]
495
- },
496
- "/*"
497
- ]
498
- ]
499
- }
500
- ]
501
- },
502
- {
503
- "Action": [
504
- "s3:PutBucketPolicy",
505
- "s3:GetBucket*",
506
- "s3:List*",
507
- "s3:DeleteObject*"
508
- ],
509
- "Effect": "Allow",
510
- "Principal": {
511
- "AWS": {
512
- "Fn::GetAtt": [
513
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
514
- "Arn"
515
- ]
516
- }
517
- },
518
- "Resource": [
519
- {
520
- "Fn::GetAtt": [
521
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
522
- "Arn"
523
- ]
524
- },
525
- {
526
- "Fn::Join": [
527
- "",
528
- [
529
- {
530
- "Fn::GetAtt": [
531
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
532
- "Arn"
533
- ]
534
- },
535
- "/*"
536
- ]
537
- ]
538
- }
539
- ]
540
- },
541
- {
542
- "Action": "s3:PutObject",
543
- "Condition": {
544
- "ArnLike": {
545
- "aws:SourceArn": {
546
- "Fn::GetAtt": [
547
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
548
- "Arn"
549
- ]
550
- }
551
- },
552
- "StringEquals": {
553
- "aws:SourceAccount": {
554
- "Ref": "AWS::AccountId"
555
- }
556
- }
557
- },
558
- "Effect": "Allow",
559
- "Principal": {
560
- "Service": "logging.s3.amazonaws.com"
561
- },
562
- "Resource": {
563
- "Fn::Join": [
564
- "",
565
- [
566
- {
567
- "Fn::GetAtt": [
568
- "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
569
- "Arn"
570
- ]
571
- },
572
- "/*"
573
- ]
574
- ]
575
- }
576
- }
577
- ],
578
- "Version": "2012-10-17"
579
- }
580
- }
581
- },
582
- "testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
583
- "Type": "Custom::S3AutoDeleteObjects",
584
- "Properties": {
585
- "ServiceToken": {
586
- "Fn::GetAtt": [
587
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
588
- "Arn"
589
- ]
590
- },
591
- "BucketName": {
592
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
593
- }
594
- },
595
- "DependsOn": [
596
- "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
597
- ],
598
- "UpdateReplacePolicy": "Delete",
599
- "DeletionPolicy": "Delete"
600
- },
601
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
602
- "Type": "AWS::S3::Bucket",
603
- "Properties": {
604
- "AccessControl": "LogDeliveryWrite",
605
- "BucketEncryption": {
606
- "ServerSideEncryptionConfiguration": [
607
- {
608
- "ServerSideEncryptionByDefault": {
609
- "SSEAlgorithm": "AES256"
610
- }
611
- }
612
- ]
613
- },
614
- "LoggingConfiguration": {
615
- "DestinationBucketName": {
616
- "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
617
- }
618
- },
619
- "OwnershipControls": {
620
- "Rules": [
621
- {
622
- "ObjectOwnership": "ObjectWriter"
623
- }
624
- ]
625
- },
626
- "PublicAccessBlockConfiguration": {
627
- "BlockPublicAcls": true,
628
- "BlockPublicPolicy": true,
629
- "IgnorePublicAcls": true,
630
- "RestrictPublicBuckets": true
631
- },
632
- "Tags": [
633
- {
634
- "Key": "aws-cdk:auto-delete-objects",
635
- "Value": "true"
636
- }
637
- ],
638
- "VersioningConfiguration": {
639
- "Status": "Enabled"
640
- }
641
- },
642
- "UpdateReplacePolicy": "Delete",
643
- "DeletionPolicy": "Delete"
644
- },
645
- "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
646
- "Type": "AWS::S3::BucketPolicy",
647
- "Properties": {
648
- "Bucket": {
649
- "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
650
- },
651
- "PolicyDocument": {
652
- "Statement": [
653
- {
654
- "Action": "s3:*",
655
- "Condition": {
656
- "Bool": {
657
- "aws:SecureTransport": "false"
658
- }
659
- },
660
- "Effect": "Deny",
661
- "Principal": {
662
- "AWS": "*"
663
- },
664
- "Resource": [
665
- {
666
- "Fn::GetAtt": [
667
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
668
- "Arn"
669
- ]
670
- },
671
- {
672
- "Fn::Join": [
673
- "",
674
- [
675
- {
676
- "Fn::GetAtt": [
677
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
678
- "Arn"
679
- ]
680
- },
681
- "/*"
682
- ]
683
- ]
684
- }
685
- ]
686
- },
687
- {
688
- "Action": [
689
- "s3:PutBucketPolicy",
690
- "s3:GetBucket*",
691
- "s3:List*",
692
- "s3:DeleteObject*"
693
- ],
694
- "Effect": "Allow",
695
- "Principal": {
696
- "AWS": {
697
- "Fn::GetAtt": [
698
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
699
- "Arn"
700
- ]
701
- }
702
- },
703
- "Resource": [
704
- {
705
- "Fn::GetAtt": [
706
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
707
- "Arn"
708
- ]
709
- },
710
- {
711
- "Fn::Join": [
712
- "",
713
- [
714
- {
715
- "Fn::GetAtt": [
716
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
717
- "Arn"
718
- ]
719
- },
720
- "/*"
721
- ]
722
- ]
723
- }
724
- ]
725
- }
726
- ],
727
- "Version": "2012-10-17"
728
- }
729
- }
730
- },
731
- "testcloudfronts3CloudfrontLoggingBucketAutoDeleteObjectsCustomResource19604D88": {
732
- "Type": "Custom::S3AutoDeleteObjects",
733
- "Properties": {
734
- "ServiceToken": {
735
- "Fn::GetAtt": [
736
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
737
- "Arn"
738
- ]
739
- },
740
- "BucketName": {
741
- "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
742
- }
743
- },
744
- "DependsOn": [
745
- "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B"
746
- ],
747
- "UpdateReplacePolicy": "Delete",
748
- "DeletionPolicy": "Delete"
749
- },
750
- "testcloudfronts3CloudFrontOac7A951AA6": {
751
- "Type": "AWS::CloudFront::OriginAccessControl",
752
- "Properties": {
753
- "OriginAccessControlConfig": {
754
- "Description": "Origin access control provisioned by aws-cloudfront-s3",
755
- "Name": {
756
- "Fn::Join": [
757
- "",
758
- [
759
- "aws-cloudfront-s3-testnt-s3-",
760
- {
761
- "Fn::Select": [
762
- 2,
763
- {
764
- "Fn::Split": [
765
- "/",
766
- {
767
- "Ref": "AWS::StackId"
768
- }
769
- ]
770
- }
771
- ]
772
- }
773
- ]
774
- ]
775
- },
776
- "OriginAccessControlOriginType": "s3",
777
- "SigningBehavior": "always",
778
- "SigningProtocol": "sigv4"
779
- }
780
- }
781
- },
782
- "testcloudfronts3CloudFrontDistribution0565DEE8": {
783
- "Type": "AWS::CloudFront::Distribution",
784
- "Properties": {
785
- "DistributionConfig": {
786
- "DefaultCacheBehavior": {
787
- "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
788
- "Compress": true,
789
- "FunctionAssociations": [
790
- {
791
- "EventType": "viewer-response",
792
- "FunctionARN": {
793
- "Fn::GetAtt": [
794
- "testcloudfronts3SetHttpSecurityHeaders6C5A1E69",
795
- "FunctionARN"
796
- ]
797
- }
798
- }
799
- ],
800
- "TargetOriginId": "cfts3noargumentstestcloudfronts3CloudFrontDistributionOrigin1203032D1",
801
- "ViewerProtocolPolicy": "redirect-to-https"
802
- },
803
- "DefaultRootObject": "index.html",
804
- "Enabled": true,
805
- "HttpVersion": "http2",
806
- "IPV6Enabled": true,
807
- "Logging": {
808
- "Bucket": {
809
- "Fn::GetAtt": [
810
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
811
- "RegionalDomainName"
812
- ]
813
- }
814
- },
815
- "Origins": [
816
- {
817
- "DomainName": {
818
- "Fn::GetAtt": [
819
- "testcloudfronts3S3BucketE0C5F76E",
820
- "RegionalDomainName"
821
- ]
822
- },
823
- "Id": "cfts3noargumentstestcloudfronts3CloudFrontDistributionOrigin1203032D1",
824
- "OriginAccessControlId": {
825
- "Fn::GetAtt": [
826
- "testcloudfronts3CloudFrontOac7A951AA6",
827
- "Id"
828
- ]
829
- },
830
- "S3OriginConfig": {
831
- "OriginAccessIdentity": ""
832
- }
833
- }
834
- ]
835
- }
836
- },
837
- "Metadata": {
838
- "cfn_nag": {
839
- "rules_to_suppress": [
840
- {
841
- "id": "W70",
842
- "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
843
- }
844
- ]
845
- }
846
- }
847
- },
848
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
849
- "Type": "AWS::IAM::Role",
850
- "Properties": {
851
- "AssumeRolePolicyDocument": {
852
- "Version": "2012-10-17",
853
- "Statement": [
854
- {
855
- "Action": "sts:AssumeRole",
856
- "Effect": "Allow",
857
- "Principal": {
858
- "Service": "lambda.amazonaws.com"
859
- }
860
- }
861
- ]
862
- },
863
- "ManagedPolicyArns": [
864
- {
865
- "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
866
- }
867
- ]
868
- }
869
- },
870
- "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
871
- "Type": "AWS::Lambda::Function",
872
- "Properties": {
873
- "Code": {
874
- "S3Bucket": {
875
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
876
- },
877
- "S3Key": "b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6.zip"
878
- },
879
- "Timeout": 900,
880
- "MemorySize": 128,
881
- "Handler": "index.handler",
882
- "Role": {
883
- "Fn::GetAtt": [
884
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
885
- "Arn"
886
- ]
887
- },
888
- "Runtime": "nodejs18.x",
889
- "Description": {
890
- "Fn::Join": [
891
- "",
892
- [
893
- "Lambda function for auto-deleting objects in ",
894
- {
895
- "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
896
- },
897
- " S3 bucket."
898
- ]
899
- ]
900
- }
901
- },
902
- "DependsOn": [
903
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
904
- ],
905
- "Metadata": {
906
- "cfn_nag": {
907
- "rules_to_suppress": [
908
- {
909
- "id": "W58",
910
- "reason": "CDK generated custom resource"
911
- },
912
- {
913
- "id": "W89",
914
- "reason": "CDK generated custom resource"
915
- },
916
- {
917
- "id": "W92",
918
- "reason": "CDK generated custom resource"
919
- }
920
- ]
921
- }
922
- }
923
- }
924
- },
925
- "Parameters": {
926
- "BootstrapVersion": {
927
- "Type": "AWS::SSM::Parameter::Value<String>",
928
- "Default": "/cdk-bootstrap/hnb659fds/version",
929
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
930
- }
931
- },
932
- "Rules": {
933
- "CheckBootstrapVersion": {
934
- "Assertions": [
935
- {
936
- "Assert": {
937
- "Fn::Not": [
938
- {
939
- "Fn::Contains": [
940
- [
941
- "1",
942
- "2",
943
- "3",
944
- "4",
945
- "5"
946
- ],
947
- {
948
- "Ref": "BootstrapVersion"
949
- }
950
- ]
951
- }
952
- ]
953
- },
954
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
955
- }
956
- ]
957
- }
958
- }
959
- }