@aws-solutions-constructs/aws-cloudfront-s3 2.56.0 → 2.58.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +47 -8
- package/lib/index.js +3 -3
- package/package.json +8 -8
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc/cfn-response.js +1 -0
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94 → asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc}/framework.js +1 -1
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc/outbound.js +1 -0
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +5 -5
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +59 -71
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +27 -9
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +139 -159
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc/cfn-response.js +1 -0
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94 → asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc}/framework.js +1 -1
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc/outbound.js +1 -0
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +5 -5
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +59 -71
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +27 -9
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +139 -159
- package/test/test.cloudfront-s3.test.js +10 -3
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +0 -1
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +0 -1
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/cfn-response.js +0 -1
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94/outbound.js +0 -1
- /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94 → asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc}/consts.js +0 -0
- /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94 → asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc}/util.js +0 -0
- /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94 → asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc}/consts.js +0 -0
- /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.7382a0addb9f34974a1ea6c6c9b063882af874828f366f5c93b2b7b64db15c94 → asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc}/util.js +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.Retry=exports.safeHandler=exports.includeStackTraces=exports.submitResponse=exports.MISSING_PHYSICAL_ID_MARKER=exports.CREATE_FAILED_PHYSICAL_ID_MARKER=void 0;const url=require("url"),outbound_1=require("./outbound"),util_1=require("./util");exports.CREATE_FAILED_PHYSICAL_ID_MARKER="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",exports.MISSING_PHYSICAL_ID_MARKER="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";async function submitResponse(status,event,options={}){const json={Status:status,Reason:options.reason||status,StackId:event.StackId,RequestId:event.RequestId,PhysicalResourceId:event.PhysicalResourceId||exports.MISSING_PHYSICAL_ID_MARKER,LogicalResourceId:event.LogicalResourceId,NoEcho:options.noEcho,Data:event.Data},responseBody=JSON.stringify(json),parsedUrl=url.parse(event.ResponseURL),loggingSafeUrl=`${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`;(0,util_1.log)("submit response to cloudformation",loggingSafeUrl,json);const retryOptions={attempts:5,sleep:1e3};await(0,util_1.withRetries)(retryOptions,outbound_1.httpRequest)({hostname:parsedUrl.hostname,path:parsedUrl.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(responseBody,"utf8")}},responseBody)}exports.submitResponse=submitResponse,exports.includeStackTraces=!0;function safeHandler(block){return async event=>{if(event.RequestType==="Delete"&&event.PhysicalResourceId===exports.CREATE_FAILED_PHYSICAL_ID_MARKER){(0,util_1.log)("ignoring DELETE event caused by a failed CREATE event"),await submitResponse("SUCCESS",event);return}try{await block(event)}catch(e){if(e instanceof Retry)throw(0,util_1.log)("retry requested by handler"),e;event.PhysicalResourceId||(event.RequestType==="Create"?((0,util_1.log)("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),event.PhysicalResourceId=exports.CREATE_FAILED_PHYSICAL_ID_MARKER):(0,util_1.log)(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify({...event,ResponseURL:"..."})}`)),await submitResponse("FAILED",event,{reason:exports.includeStackTraces?e.stack:e.message})}}}exports.safeHandler=safeHandler;class Retry extends Error{}exports.Retry=Retry;
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
"use strict";const cfnResponse=require("./cfn-response"),consts=require("./consts"),outbound_1=require("./outbound"),util_1=require("./util");async function onEvent(cfnRequest){const sanitizedRequest={...cfnRequest,ResponseURL:"..."};(0,util_1.log)("onEventHandler",sanitizedRequest),cfnRequest.ResourceProperties=cfnRequest.ResourceProperties||{};const onEventResult=await invokeUserFunction(consts.USER_ON_EVENT_FUNCTION_ARN_ENV,sanitizedRequest,cfnRequest.ResponseURL);(0,util_1.log)("onEvent returned:",onEventResult);const resourceEvent=createResponseEvent(cfnRequest,onEventResult);if((0,util_1.log)("event:",onEventResult),!process.env[consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV])return cfnResponse.submitResponse("SUCCESS",resourceEvent,{noEcho:resourceEvent.NoEcho});const waiter={stateMachineArn:(0,util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV),name:resourceEvent.RequestId,input:JSON.stringify(resourceEvent)};(0,util_1.log)("starting waiter",
|
|
1
|
+
"use strict";const cfnResponse=require("./cfn-response"),consts=require("./consts"),outbound_1=require("./outbound"),util_1=require("./util");async function onEvent(cfnRequest){const sanitizedRequest={...cfnRequest,ResponseURL:"..."};(0,util_1.log)("onEventHandler",sanitizedRequest),cfnRequest.ResourceProperties=cfnRequest.ResourceProperties||{};const onEventResult=await invokeUserFunction(consts.USER_ON_EVENT_FUNCTION_ARN_ENV,sanitizedRequest,cfnRequest.ResponseURL);(0,util_1.log)("onEvent returned:",onEventResult);const resourceEvent=createResponseEvent(cfnRequest,onEventResult);if((0,util_1.log)("event:",onEventResult),!process.env[consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV])return cfnResponse.submitResponse("SUCCESS",resourceEvent,{noEcho:resourceEvent.NoEcho});const waiter={stateMachineArn:(0,util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV),name:resourceEvent.RequestId,input:JSON.stringify(resourceEvent)};(0,util_1.log)("starting waiter",{stateMachineArn:(0,util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV),name:resourceEvent.RequestId}),await(0,outbound_1.startExecution)(waiter)}async function isComplete(event){const sanitizedRequest={...event,ResponseURL:"..."};(0,util_1.log)("isComplete",sanitizedRequest);const isCompleteResult=await invokeUserFunction(consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV,sanitizedRequest,event.ResponseURL);if((0,util_1.log)("user isComplete returned:",isCompleteResult),!isCompleteResult.IsComplete)throw isCompleteResult.Data&&Object.keys(isCompleteResult.Data).length>0?new Error('"Data" is not allowed if "IsComplete" is "False"'):new cfnResponse.Retry(JSON.stringify(event));const response={...event,...isCompleteResult,Data:{...event.Data,...isCompleteResult.Data}};await cfnResponse.submitResponse("SUCCESS",response,{noEcho:event.NoEcho})}async function onTimeout(timeoutEvent){(0,util_1.log)("timeoutHandler",timeoutEvent);const isCompleteRequest=JSON.parse(JSON.parse(timeoutEvent.Cause).errorMessage);await cfnResponse.submitResponse("FAILED",isCompleteRequest,{reason:"Operation timed out"})}async function invokeUserFunction(functionArnEnv,sanitizedPayload,responseUrl){const functionArn=(0,util_1.getEnv)(functionArnEnv);(0,util_1.log)(`executing user function ${functionArn} with payload`,sanitizedPayload);const resp=await(0,outbound_1.invokeFunction)({FunctionName:functionArn,Payload:JSON.stringify({...sanitizedPayload,ResponseURL:responseUrl})});(0,util_1.log)("user function response:",resp,typeof resp);const jsonPayload=(0,util_1.parseJsonPayload)(resp.Payload);if(resp.FunctionError){(0,util_1.log)("user function threw an error:",resp.FunctionError);const errorMessage=jsonPayload.errorMessage||"error",arn=functionArn.split(":"),functionName=arn[arn.length-1],message=[errorMessage,"",`Logs: /aws/lambda/${functionName}`,""].join(`
|
|
2
2
|
`),e=new Error(message);throw jsonPayload.trace&&(e.stack=[message,...jsonPayload.trace.slice(1)].join(`
|
|
3
3
|
`)),e}return jsonPayload}function createResponseEvent(cfnRequest,onEventResult){onEventResult=onEventResult||{};const physicalResourceId=onEventResult.PhysicalResourceId||defaultPhysicalResourceId(cfnRequest);if(cfnRequest.RequestType==="Delete"&&physicalResourceId!==cfnRequest.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}" during deletion`);return cfnRequest.RequestType==="Update"&&physicalResourceId!==cfnRequest.PhysicalResourceId&&(0,util_1.log)(`UPDATE: changing physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}"`),{...cfnRequest,...onEventResult,PhysicalResourceId:physicalResourceId}}function defaultPhysicalResourceId(req){switch(req.RequestType){case"Create":return req.RequestId;case"Update":case"Delete":return req.PhysicalResourceId;default:throw new Error(`Invalid "RequestType" in request "${JSON.stringify(req)}"`)}}module.exports={[consts.FRAMEWORK_ON_EVENT_HANDLER_NAME]:cfnResponse.safeHandler(onEvent),[consts.FRAMEWORK_IS_COMPLETE_HANDLER_NAME]:cfnResponse.safeHandler(isComplete),[consts.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME]:onTimeout};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.httpRequest=exports.invokeFunction=exports.startExecution=void 0;const https=require("https"),client_lambda_1=require("@aws-sdk/client-lambda"),client_sfn_1=require("@aws-sdk/client-sfn"),FRAMEWORK_HANDLER_TIMEOUT=9e5,awsSdkConfig={httpOptions:{timeout:FRAMEWORK_HANDLER_TIMEOUT}};async function defaultHttpRequest(options,requestBody){return new Promise((resolve,reject)=>{try{const request=https.request(options,response=>{response.resume(),!response.statusCode||response.statusCode>=400?reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)):resolve()});request.on("error",reject),request.write(requestBody),request.end()}catch(e){reject(e)}})}let sfn,lambda;async function defaultStartExecution(req){return sfn||(sfn=new client_sfn_1.SFN(awsSdkConfig)),sfn.startExecution(req)}async function defaultInvokeFunction(req){lambda||(lambda=new client_lambda_1.Lambda(awsSdkConfig));try{return await lambda.invoke(req)}catch{return await(0,client_lambda_1.waitUntilFunctionActiveV2)({client:lambda,maxWaitTime:300},{FunctionName:req.FunctionName}),await lambda.invoke(req)}}exports.startExecution=defaultStartExecution,exports.invokeFunction=defaultInvokeFunction,exports.httpRequest=defaultHttpRequest;
|
|
@@ -14,20 +14,20 @@
|
|
|
14
14
|
}
|
|
15
15
|
}
|
|
16
16
|
},
|
|
17
|
-
"
|
|
17
|
+
"3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc": {
|
|
18
18
|
"source": {
|
|
19
|
-
"path": "asset.
|
|
19
|
+
"path": "asset.3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc",
|
|
20
20
|
"packaging": "zip"
|
|
21
21
|
},
|
|
22
22
|
"destinations": {
|
|
23
23
|
"current_account-current_region": {
|
|
24
24
|
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
|
|
25
|
-
"objectKey": "
|
|
25
|
+
"objectKey": "3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip",
|
|
26
26
|
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
|
|
27
27
|
}
|
|
28
28
|
}
|
|
29
29
|
},
|
|
30
|
-
"
|
|
30
|
+
"e0d7afe8d647ed080aa3f4c25b80c6f219b563b026de08a047e13131033fb7e2": {
|
|
31
31
|
"source": {
|
|
32
32
|
"path": "cfts3-cmk-provided-as-bucket-prop.template.json",
|
|
33
33
|
"packaging": "file"
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
"destinations": {
|
|
36
36
|
"current_account-current_region": {
|
|
37
37
|
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
|
|
38
|
-
"objectKey": "
|
|
38
|
+
"objectKey": "e0d7afe8d647ed080aa3f4c25b80c6f219b563b026de08a047e13131033fb7e2.json",
|
|
39
39
|
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
|
|
40
40
|
}
|
|
41
41
|
}
|
|
@@ -598,7 +598,7 @@
|
|
|
598
598
|
}
|
|
599
599
|
}
|
|
600
600
|
},
|
|
601
|
-
"
|
|
601
|
+
"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D": {
|
|
602
602
|
"Type": "AWS::IAM::Role",
|
|
603
603
|
"Properties": {
|
|
604
604
|
"AssumeRolePolicyDocument": {
|
|
@@ -613,34 +613,47 @@
|
|
|
613
613
|
],
|
|
614
614
|
"Version": "2012-10-17"
|
|
615
615
|
},
|
|
616
|
-
"Description": "Role to update kms key policy to allow CloudFront access",
|
|
617
616
|
"Policies": [
|
|
618
617
|
{
|
|
619
618
|
"PolicyDocument": {
|
|
620
619
|
"Statement": [
|
|
621
620
|
{
|
|
622
621
|
"Action": [
|
|
623
|
-
"
|
|
624
|
-
"
|
|
625
|
-
"
|
|
622
|
+
"logs:CreateLogGroup",
|
|
623
|
+
"logs:CreateLogStream",
|
|
624
|
+
"logs:PutLogEvents"
|
|
626
625
|
],
|
|
627
626
|
"Effect": "Allow",
|
|
628
627
|
"Resource": {
|
|
629
|
-
"Fn::
|
|
630
|
-
"
|
|
631
|
-
|
|
628
|
+
"Fn::Join": [
|
|
629
|
+
"",
|
|
630
|
+
[
|
|
631
|
+
"arn:",
|
|
632
|
+
{
|
|
633
|
+
"Ref": "AWS::Partition"
|
|
634
|
+
},
|
|
635
|
+
":logs:",
|
|
636
|
+
{
|
|
637
|
+
"Ref": "AWS::Region"
|
|
638
|
+
},
|
|
639
|
+
":",
|
|
640
|
+
{
|
|
641
|
+
"Ref": "AWS::AccountId"
|
|
642
|
+
},
|
|
643
|
+
":log-group:/aws/lambda/*"
|
|
644
|
+
]
|
|
632
645
|
]
|
|
633
646
|
}
|
|
634
647
|
}
|
|
635
648
|
],
|
|
636
649
|
"Version": "2012-10-17"
|
|
637
650
|
},
|
|
638
|
-
"PolicyName": "
|
|
651
|
+
"PolicyName": "LambdaFunctionServiceRolePolicy"
|
|
639
652
|
}
|
|
640
653
|
]
|
|
641
654
|
}
|
|
642
655
|
},
|
|
643
|
-
"
|
|
656
|
+
"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRoleDefaultPolicyE566BC43": {
|
|
644
657
|
"Type": "AWS::IAM::Policy",
|
|
645
658
|
"Properties": {
|
|
646
659
|
"PolicyDocument": {
|
|
@@ -656,10 +669,10 @@
|
|
|
656
669
|
],
|
|
657
670
|
"Version": "2012-10-17"
|
|
658
671
|
},
|
|
659
|
-
"PolicyName": "
|
|
672
|
+
"PolicyName": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRoleDefaultPolicyE566BC43",
|
|
660
673
|
"Roles": [
|
|
661
674
|
{
|
|
662
|
-
"Ref": "
|
|
675
|
+
"Ref": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"
|
|
663
676
|
}
|
|
664
677
|
]
|
|
665
678
|
},
|
|
@@ -674,61 +687,6 @@
|
|
|
674
687
|
}
|
|
675
688
|
}
|
|
676
689
|
},
|
|
677
|
-
"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D": {
|
|
678
|
-
"Type": "AWS::IAM::Role",
|
|
679
|
-
"Properties": {
|
|
680
|
-
"AssumeRolePolicyDocument": {
|
|
681
|
-
"Statement": [
|
|
682
|
-
{
|
|
683
|
-
"Action": "sts:AssumeRole",
|
|
684
|
-
"Effect": "Allow",
|
|
685
|
-
"Principal": {
|
|
686
|
-
"Service": "lambda.amazonaws.com"
|
|
687
|
-
}
|
|
688
|
-
}
|
|
689
|
-
],
|
|
690
|
-
"Version": "2012-10-17"
|
|
691
|
-
},
|
|
692
|
-
"Policies": [
|
|
693
|
-
{
|
|
694
|
-
"PolicyDocument": {
|
|
695
|
-
"Statement": [
|
|
696
|
-
{
|
|
697
|
-
"Action": [
|
|
698
|
-
"logs:CreateLogGroup",
|
|
699
|
-
"logs:CreateLogStream",
|
|
700
|
-
"logs:PutLogEvents"
|
|
701
|
-
],
|
|
702
|
-
"Effect": "Allow",
|
|
703
|
-
"Resource": {
|
|
704
|
-
"Fn::Join": [
|
|
705
|
-
"",
|
|
706
|
-
[
|
|
707
|
-
"arn:",
|
|
708
|
-
{
|
|
709
|
-
"Ref": "AWS::Partition"
|
|
710
|
-
},
|
|
711
|
-
":logs:",
|
|
712
|
-
{
|
|
713
|
-
"Ref": "AWS::Region"
|
|
714
|
-
},
|
|
715
|
-
":",
|
|
716
|
-
{
|
|
717
|
-
"Ref": "AWS::AccountId"
|
|
718
|
-
},
|
|
719
|
-
":log-group:/aws/lambda/*"
|
|
720
|
-
]
|
|
721
|
-
]
|
|
722
|
-
}
|
|
723
|
-
}
|
|
724
|
-
],
|
|
725
|
-
"Version": "2012-10-17"
|
|
726
|
-
},
|
|
727
|
-
"PolicyName": "LambdaFunctionServiceRolePolicy"
|
|
728
|
-
}
|
|
729
|
-
]
|
|
730
|
-
}
|
|
731
|
-
},
|
|
732
690
|
"testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E": {
|
|
733
691
|
"Type": "AWS::Lambda::Function",
|
|
734
692
|
"Properties": {
|
|
@@ -742,7 +700,7 @@
|
|
|
742
700
|
"Handler": "index.handler",
|
|
743
701
|
"Role": {
|
|
744
702
|
"Fn::GetAtt": [
|
|
745
|
-
"
|
|
703
|
+
"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D",
|
|
746
704
|
"Arn"
|
|
747
705
|
]
|
|
748
706
|
},
|
|
@@ -752,8 +710,8 @@
|
|
|
752
710
|
}
|
|
753
711
|
},
|
|
754
712
|
"DependsOn": [
|
|
755
|
-
"
|
|
756
|
-
"
|
|
713
|
+
"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRoleDefaultPolicyE566BC43",
|
|
714
|
+
"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"
|
|
757
715
|
],
|
|
758
716
|
"Metadata": {
|
|
759
717
|
"cfn_nag": {
|
|
@@ -774,6 +732,36 @@
|
|
|
774
732
|
}
|
|
775
733
|
}
|
|
776
734
|
},
|
|
735
|
+
"testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975": {
|
|
736
|
+
"Type": "AWS::IAM::Policy",
|
|
737
|
+
"Properties": {
|
|
738
|
+
"PolicyDocument": {
|
|
739
|
+
"Statement": [
|
|
740
|
+
{
|
|
741
|
+
"Action": [
|
|
742
|
+
"kms:DescribeKey",
|
|
743
|
+
"kms:GetKeyPolicy",
|
|
744
|
+
"kms:PutKeyPolicy"
|
|
745
|
+
],
|
|
746
|
+
"Effect": "Allow",
|
|
747
|
+
"Resource": {
|
|
748
|
+
"Fn::GetAtt": [
|
|
749
|
+
"cmkKey598B20B2",
|
|
750
|
+
"Arn"
|
|
751
|
+
]
|
|
752
|
+
}
|
|
753
|
+
}
|
|
754
|
+
],
|
|
755
|
+
"Version": "2012-10-17"
|
|
756
|
+
},
|
|
757
|
+
"PolicyName": "testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975",
|
|
758
|
+
"Roles": [
|
|
759
|
+
{
|
|
760
|
+
"Ref": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"
|
|
761
|
+
}
|
|
762
|
+
]
|
|
763
|
+
}
|
|
764
|
+
},
|
|
777
765
|
"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD": {
|
|
778
766
|
"Type": "AWS::IAM::Role",
|
|
779
767
|
"Properties": {
|
|
@@ -854,7 +842,7 @@
|
|
|
854
842
|
"S3Bucket": {
|
|
855
843
|
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
|
|
856
844
|
},
|
|
857
|
-
"S3Key": "
|
|
845
|
+
"S3Key": "3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
|
|
858
846
|
},
|
|
859
847
|
"Description": "AWS CDK resource provider framework - onEvent (cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)",
|
|
860
848
|
"Environment": {
|
|
@@ -66,7 +66,7 @@
|
|
|
66
66
|
"validateOnSynth": false,
|
|
67
67
|
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
|
|
68
68
|
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
|
|
69
|
-
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/
|
|
69
|
+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e0d7afe8d647ed080aa3f4c25b80c6f219b563b026de08a047e13131033fb7e2.json",
|
|
70
70
|
"requiresBootstrapStackVersion": 6,
|
|
71
71
|
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
|
|
72
72
|
"additionalDependencies": [
|
|
@@ -148,28 +148,28 @@
|
|
|
148
148
|
"data": "testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"
|
|
149
149
|
}
|
|
150
150
|
],
|
|
151
|
-
"/cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/
|
|
151
|
+
"/cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource": [
|
|
152
152
|
{
|
|
153
153
|
"type": "aws:cdk:logicalId",
|
|
154
|
-
"data": "
|
|
154
|
+
"data": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"
|
|
155
155
|
}
|
|
156
156
|
],
|
|
157
|
-
"/cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/
|
|
157
|
+
"/cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/DefaultPolicy/Resource": [
|
|
158
158
|
{
|
|
159
159
|
"type": "aws:cdk:logicalId",
|
|
160
|
-
"data": "
|
|
160
|
+
"data": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRoleDefaultPolicyE566BC43"
|
|
161
161
|
}
|
|
162
162
|
],
|
|
163
|
-
"/cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/
|
|
163
|
+
"/cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource": [
|
|
164
164
|
{
|
|
165
165
|
"type": "aws:cdk:logicalId",
|
|
166
|
-
"data": "
|
|
166
|
+
"data": "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E"
|
|
167
167
|
}
|
|
168
168
|
],
|
|
169
|
-
"/cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/
|
|
169
|
+
"/cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource": [
|
|
170
170
|
{
|
|
171
171
|
"type": "aws:cdk:logicalId",
|
|
172
|
-
"data": "
|
|
172
|
+
"data": "testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975"
|
|
173
173
|
}
|
|
174
174
|
],
|
|
175
175
|
"/cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource": [
|
|
@@ -207,6 +207,24 @@
|
|
|
207
207
|
"type": "aws:cdk:logicalId",
|
|
208
208
|
"data": "CheckBootstrapVersion"
|
|
209
209
|
}
|
|
210
|
+
],
|
|
211
|
+
"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateLambdaRoleB7BBA8A2": [
|
|
212
|
+
{
|
|
213
|
+
"type": "aws:cdk:logicalId",
|
|
214
|
+
"data": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateLambdaRoleB7BBA8A2",
|
|
215
|
+
"trace": [
|
|
216
|
+
"!!DESTRUCTIVE_CHANGES: WILL_DESTROY"
|
|
217
|
+
]
|
|
218
|
+
}
|
|
219
|
+
],
|
|
220
|
+
"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateLambdaRoleDefaultPolicy0E93FCDF": [
|
|
221
|
+
{
|
|
222
|
+
"type": "aws:cdk:logicalId",
|
|
223
|
+
"data": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateLambdaRoleDefaultPolicy0E93FCDF",
|
|
224
|
+
"trace": [
|
|
225
|
+
"!!DESTRUCTIVE_CHANGES: WILL_DESTROY"
|
|
226
|
+
]
|
|
227
|
+
}
|
|
210
228
|
]
|
|
211
229
|
},
|
|
212
230
|
"displayName": "cfts3-cmk-provided-as-bucket-prop"
|