@aws-solutions-constructs/aws-cloudfront-s3 2.58.0 → 2.59.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (82) hide show
  1. package/.jsii +77 -30
  2. package/README.md +10 -7
  3. package/lib/index.d.ts +32 -17
  4. package/lib/index.js +33 -3
  5. package/package.json +5 -5
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +16 -2
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +15 -2
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +340 -15
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +37 -19
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +342 -63
  12. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +16 -2
  13. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +15 -2
  15. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +340 -15
  16. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +37 -1
  17. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +318 -39
  18. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +2 -2
  19. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +0 -7
  20. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +1 -1
  21. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +31 -38
  22. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +13 -1
  23. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  24. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +15 -2
  25. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +274 -13
  26. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +27 -15
  27. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +279 -63
  28. package/test/integ.cfts3-custom-headers.js +5 -1
  29. package/test/integ.cfts3-custom-headers.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  30. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +5 -5
  31. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +1 -8
  32. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +1 -1
  33. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +48 -55
  34. package/test/integ.cfts3-custom-originPath.js +5 -1
  35. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  36. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +5 -5
  37. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +1 -8
  38. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +1 -1
  39. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +46 -53
  40. package/test/integ.cfts3-customLoggingBuckets.js +6 -2
  41. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  42. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +5 -5
  43. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +1 -21
  44. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +1 -1
  45. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +46 -66
  46. package/test/integ.cfts3-existing-bucket.js +5 -1
  47. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  48. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +5 -5
  49. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1 -8
  50. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +1 -1
  51. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +51 -58
  52. package/test/integ.cfts3-no-arguments.js +5 -1
  53. package/test/integ.cfts3-no-arguments.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  54. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +5 -5
  55. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +1 -8
  56. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +1 -1
  57. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +46 -53
  58. package/test/integ.cfts3-no-logging.js +56 -0
  59. package/test/integ.cfts3-no-logging.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  60. package/test/integ.cfts3-no-logging.js.snapshot/cdk.out +1 -0
  61. package/test/integ.cfts3-no-logging.js.snapshot/cfts3-no-logging.assets.json +32 -0
  62. package/test/integ.cfts3-no-logging.js.snapshot/cfts3-no-logging.template.json +434 -0
  63. package/test/integ.cfts3-no-logging.js.snapshot/cfts3nologgingIntegDefaultTestDeployAssert18393DDB.assets.json +19 -0
  64. package/test/integ.cfts3-no-logging.js.snapshot/cfts3nologgingIntegDefaultTestDeployAssert18393DDB.template.json +36 -0
  65. package/test/integ.cfts3-no-logging.js.snapshot/integ.json +12 -0
  66. package/test/integ.cfts3-no-logging.js.snapshot/manifest.json +155 -0
  67. package/test/integ.cfts3-no-logging.js.snapshot/tree.json +506 -0
  68. package/test/integ.cfts3-no-security-headers.js +5 -1
  69. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  70. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +5 -5
  71. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +1 -8
  72. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +1 -1
  73. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +44 -51
  74. package/test/test.cloudfront-s3.test.js +288 -52
  75. package/test/integ.cfts3-bucket-with-http-origin.js +0 -47
  76. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  77. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  79. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  80. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  81. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  82. /package/test/{integ.cfts3-bucket-with-http-origin.d.ts → integ.cfts3-no-logging.d.ts} +0 -0
@@ -26,11 +26,25 @@ stack.templateOptions.description = 'Integration Test for aws-cloudfront-s3';
26
26
  // Definitions
27
27
  const existingBucketObj = core_1.buildS3Bucket(stack, {
28
28
  bucketProps: {
29
- encryption: aws_s3_1.BucketEncryption.S3_MANAGED
29
+ encryption: aws_s3_1.BucketEncryption.S3_MANAGED,
30
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
31
+ autoDeleteObjects: true
32
+ },
33
+ loggingBucketProps: {
34
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
35
+ autoDeleteObjects: true
30
36
  }
31
37
  }, 'existing-s3-bucket-encrypted-with-s3-managed-key').bucket;
32
38
  const props = {
33
39
  existingBucketObj,
40
+ cloudFrontLoggingBucketProps: {
41
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
42
+ autoDeleteObjects: true
43
+ },
44
+ cloudFrontLoggingBucketAccessLogBucketProps: {
45
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
46
+ autoDeleteObjects: true
47
+ },
34
48
  insertHttpSecurityHeaders: false
35
49
  };
36
50
  new lib_1.CloudFrontToS3(stack, 'test-cloudfront-s3-managed-key', props);
@@ -39,4 +53,4 @@ core_1.suppressCustomHandlerCfnNagWarnings(stack, 'Custom::S3AutoDeleteObjectsCu
39
53
  new integ_tests_alpha_1.IntegTest(stack, 'Integ', { testCases: [
40
54
  stack
41
55
  ] });
42
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0czMtYnVja2V0LWVuY3J5cHRlZC13aXRoLW1hbmFnZWQta2V5LXByb3ZpZGVkLWFzLWV4aXN0aW5nYnVja2V0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiaW50ZWcuY2Z0czMtYnVja2V0LWVuY3J5cHRlZC13aXRoLW1hbmFnZWQta2V5LXByb3ZpZGVkLWFzLWV4aXN0aW5nYnVja2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7R0FXRzs7QUFFSCxVQUFVO0FBQ1YsNkNBQXlDO0FBQ3pDLGdDQUE2RDtBQUM3RCx5REFBNEg7QUFDNUgsK0NBQXNEO0FBQ3RELGtFQUF1RDtBQUV2RCxRQUFRO0FBQ1IsTUFBTSxHQUFHLEdBQUcsSUFBSSxpQkFBRyxFQUFFLENBQUM7QUFDdEIsTUFBTSxLQUFLLEdBQUcsSUFBSSxtQkFBSyxDQUFDLEdBQUcsRUFBRSw2QkFBc0IsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0FBQ2pFLEtBQUssQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLGlEQUFpRCxFQUFFLElBQUksQ0FBQyxDQUFDO0FBQy9FLEtBQUssQ0FBQyxlQUFlLENBQUMsV0FBVyxHQUFHLHdDQUF3QyxDQUFDO0FBRTdFLGNBQWM7QUFDZCxNQUFNLGlCQUFpQixHQUFHLG9CQUFhLENBQUMsS0FBSyxFQUFFO0lBQzdDLFdBQVcsRUFBRTtRQUNYLFVBQVUsRUFBRSx5QkFBZ0IsQ0FBQyxVQUFVO0tBQ3hDO0NBQ0YsRUFBRSxrREFBa0QsQ0FBQyxDQUFDLE1BQU0sQ0FBQztBQUU5RCxNQUFNLEtBQUssR0FBd0I7SUFDakMsaUJBQWlCO0lBQ2pCLHlCQUF5QixFQUFFLEtBQUs7Q0FDakMsQ0FBQztBQUVGLElBQUksb0JBQWMsQ0FBQyxLQUFLLEVBQUUsZ0NBQWdDLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFFbkUsMENBQW1DLENBQUMsS0FBSyxFQUFFLG1EQUFtRCxDQUFDLENBQUM7QUFFaEcsUUFBUTtBQUNSLElBQUksNkJBQVMsQ0FBQyxLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUUsU0FBUyxFQUFFO1FBQ3pDLEtBQUs7S0FDTixFQUFFLENBQUMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogIENvcHlyaWdodCBBbWF6b24uY29tLCBJbmMuIG9yIGl0cyBhZmZpbGlhdGVzLiBBbGwgUmlnaHRzIFJlc2VydmVkLlxuICpcbiAqICBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgXCJMaWNlbnNlXCIpLiBZb3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlXG4gKiAgd2l0aCB0aGUgTGljZW5zZS4gQSBjb3B5IG9mIHRoZSBMaWNlbnNlIGlzIGxvY2F0ZWQgYXRcbiAqXG4gKiAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMFxuICpcbiAqICBvciBpbiB0aGUgJ2xpY2Vuc2UnIGZpbGUgYWNjb21wYW55aW5nIHRoaXMgZmlsZS4gVGhpcyBmaWxlIGlzIGRpc3RyaWJ1dGVkIG9uIGFuICdBUyBJUycgQkFTSVMsIFdJVEhPVVQgV0FSUkFOVElFU1xuICogIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGV4cHJlc3Mgb3IgaW1wbGllZC4gU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zXG4gKiAgYW5kIGxpbWl0YXRpb25zIHVuZGVyIHRoZSBMaWNlbnNlLlxuICovXG5cbi8vIEltcG9ydHNcbmltcG9ydCB7IEFwcCwgU3RhY2sgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IENsb3VkRnJvbnRUb1MzLCBDbG91ZEZyb250VG9TM1Byb3BzIH0gZnJvbSBcIi4uL2xpYlwiO1xuaW1wb3J0IHsgYnVpbGRTM0J1Y2tldCwgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZSwgc3VwcHJlc3NDdXN0b21IYW5kbGVyQ2ZuTmFnV2FybmluZ3MgfSBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuaW1wb3J0IHsgQnVja2V0RW5jcnlwdGlvbiB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczNcIjtcbmltcG9ydCB7IEludGVnVGVzdCB9IGZyb20gJ0Bhd3MtY2RrL2ludGVnLXRlc3RzLWFscGhhJztcblxuLy8gU2V0dXBcbmNvbnN0IGFwcCA9IG5ldyBBcHAoKTtcbmNvbnN0IHN0YWNrID0gbmV3IFN0YWNrKGFwcCwgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZShfX2ZpbGVuYW1lKSk7XG5zdGFjay5ub2RlLnNldENvbnRleHQoXCJAYXdzLWNkay9hd3MtczM6c2VydmVyQWNjZXNzTG9nc1VzZUJ1Y2tldFBvbGljeVwiLCB0cnVlKTtcbnN0YWNrLnRlbXBsYXRlT3B0aW9ucy5kZXNjcmlwdGlvbiA9ICdJbnRlZ3JhdGlvbiBUZXN0IGZvciBhd3MtY2xvdWRmcm9udC1zMyc7XG5cbi8vIERlZmluaXRpb25zXG5jb25zdCBleGlzdGluZ0J1Y2tldE9iaiA9IGJ1aWxkUzNCdWNrZXQoc3RhY2ssIHtcbiAgYnVja2V0UHJvcHM6IHtcbiAgICBlbmNyeXB0aW9uOiBCdWNrZXRFbmNyeXB0aW9uLlMzX01BTkFHRURcbiAgfVxufSwgJ2V4aXN0aW5nLXMzLWJ1Y2tldC1lbmNyeXB0ZWQtd2l0aC1zMy1tYW5hZ2VkLWtleScpLmJ1Y2tldDtcblxuY29uc3QgcHJvcHM6IENsb3VkRnJvbnRUb1MzUHJvcHMgPSB7XG4gIGV4aXN0aW5nQnVja2V0T2JqLFxuICBpbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzOiBmYWxzZVxufTtcblxubmV3IENsb3VkRnJvbnRUb1MzKHN0YWNrLCAndGVzdC1jbG91ZGZyb250LXMzLW1hbmFnZWQta2V5JywgcHJvcHMpO1xuXG5zdXBwcmVzc0N1c3RvbUhhbmRsZXJDZm5OYWdXYXJuaW5ncyhzdGFjaywgJ0N1c3RvbTo6UzNBdXRvRGVsZXRlT2JqZWN0c0N1c3RvbVJlc291cmNlUHJvdmlkZXInKTtcblxuLy8gU3ludGhcbm5ldyBJbnRlZ1Rlc3Qoc3RhY2ssICdJbnRlZycsIHsgdGVzdENhc2VzOiBbXG4gIHN0YWNrXG5dIH0pO1xuIl19
56
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0czMtYnVja2V0LWVuY3J5cHRlZC13aXRoLW1hbmFnZWQta2V5LXByb3ZpZGVkLWFzLWV4aXN0aW5nYnVja2V0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiaW50ZWcuY2Z0czMtYnVja2V0LWVuY3J5cHRlZC13aXRoLW1hbmFnZWQta2V5LXByb3ZpZGVkLWFzLWV4aXN0aW5nYnVja2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7R0FXRzs7QUFFSCxVQUFVO0FBQ1YsNkNBQXdEO0FBQ3hELGdDQUE2RDtBQUM3RCx5REFBNEg7QUFDNUgsK0NBQXNEO0FBQ3RELGtFQUF1RDtBQUV2RCxRQUFRO0FBQ1IsTUFBTSxHQUFHLEdBQUcsSUFBSSxpQkFBRyxFQUFFLENBQUM7QUFDdEIsTUFBTSxLQUFLLEdBQUcsSUFBSSxtQkFBSyxDQUFDLEdBQUcsRUFBRSw2QkFBc0IsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0FBQ2pFLEtBQUssQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLGlEQUFpRCxFQUFFLElBQUksQ0FBQyxDQUFDO0FBQy9FLEtBQUssQ0FBQyxlQUFlLENBQUMsV0FBVyxHQUFHLHdDQUF3QyxDQUFDO0FBRTdFLGNBQWM7QUFDZCxNQUFNLGlCQUFpQixHQUFHLG9CQUFhLENBQUMsS0FBSyxFQUFFO0lBQzdDLFdBQVcsRUFBRTtRQUNYLFVBQVUsRUFBRSx5QkFBZ0IsQ0FBQyxVQUFVO1FBQ3ZDLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87UUFDcEMsaUJBQWlCLEVBQUUsSUFBSTtLQUN4QjtJQUNELGtCQUFrQixFQUFFO1FBQ2xCLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87UUFDcEMsaUJBQWlCLEVBQUUsSUFBSTtLQUN4QjtDQUNGLEVBQUUsa0RBQWtELENBQUMsQ0FBQyxNQUFNLENBQUM7QUFFOUQsTUFBTSxLQUFLLEdBQXdCO0lBQ2pDLGlCQUFpQjtJQUNqQiw0QkFBNEIsRUFBRTtRQUM1QixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCwyQ0FBMkMsRUFBRTtRQUMzQyxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCx5QkFBeUIsRUFBRSxLQUFLO0NBQ2pDLENBQUM7QUFFRixJQUFJLG9CQUFjLENBQUMsS0FBSyxFQUFFLGdDQUFnQyxFQUFFLEtBQUssQ0FBQyxDQUFDO0FBRW5FLDBDQUFtQyxDQUFDLEtBQUssRUFBRSxtREFBbUQsQ0FBQyxDQUFDO0FBRWhHLFFBQVE7QUFDUixJQUFJLDZCQUFTLENBQUMsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFLFNBQVMsRUFBRTtRQUN6QyxLQUFLO0tBQ04sRUFBRSxDQUFDLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqICBDb3B5cmlnaHQgQW1hem9uLmNvbSwgSW5jLiBvciBpdHMgYWZmaWxpYXRlcy4gQWxsIFJpZ2h0cyBSZXNlcnZlZC5cbiAqXG4gKiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uIDIuMCAodGhlIFwiTGljZW5zZVwiKS4gWW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZVxuICogIHdpdGggdGhlIExpY2Vuc2UuIEEgY29weSBvZiB0aGUgTGljZW5zZSBpcyBsb2NhdGVkIGF0XG4gKlxuICogICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjBcbiAqXG4gKiAgb3IgaW4gdGhlICdsaWNlbnNlJyBmaWxlIGFjY29tcGFueWluZyB0aGlzIGZpbGUuIFRoaXMgZmlsZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAnQVMgSVMnIEJBU0lTLCBXSVRIT1VUIFdBUlJBTlRJRVNcbiAqICBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBleHByZXNzIG9yIGltcGxpZWQuIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9uc1xuICogIGFuZCBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS5cbiAqL1xuXG4vLyBJbXBvcnRzXG5pbXBvcnQgeyBBcHAsIFJlbW92YWxQb2xpY3ksIFN0YWNrIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBDbG91ZEZyb250VG9TMywgQ2xvdWRGcm9udFRvUzNQcm9wcyB9IGZyb20gXCIuLi9saWJcIjtcbmltcG9ydCB7IGJ1aWxkUzNCdWNrZXQsIGdlbmVyYXRlSW50ZWdTdGFja05hbWUsIHN1cHByZXNzQ3VzdG9tSGFuZGxlckNmbk5hZ1dhcm5pbmdzIH0gZnJvbSAnQGF3cy1zb2x1dGlvbnMtY29uc3RydWN0cy9jb3JlJztcbmltcG9ydCB7IEJ1Y2tldEVuY3J5cHRpb24gfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXMzXCI7XG5pbXBvcnQgeyBJbnRlZ1Rlc3QgfSBmcm9tICdAYXdzLWNkay9pbnRlZy10ZXN0cy1hbHBoYSc7XG5cbi8vIFNldHVwXG5jb25zdCBhcHAgPSBuZXcgQXBwKCk7XG5jb25zdCBzdGFjayA9IG5ldyBTdGFjayhhcHAsIGdlbmVyYXRlSW50ZWdTdGFja05hbWUoX19maWxlbmFtZSkpO1xuc3RhY2subm9kZS5zZXRDb250ZXh0KFwiQGF3cy1jZGsvYXdzLXMzOnNlcnZlckFjY2Vzc0xvZ3NVc2VCdWNrZXRQb2xpY3lcIiwgdHJ1ZSk7XG5zdGFjay50ZW1wbGF0ZU9wdGlvbnMuZGVzY3JpcHRpb24gPSAnSW50ZWdyYXRpb24gVGVzdCBmb3IgYXdzLWNsb3VkZnJvbnQtczMnO1xuXG4vLyBEZWZpbml0aW9uc1xuY29uc3QgZXhpc3RpbmdCdWNrZXRPYmogPSBidWlsZFMzQnVja2V0KHN0YWNrLCB7XG4gIGJ1Y2tldFByb3BzOiB7XG4gICAgZW5jcnlwdGlvbjogQnVja2V0RW5jcnlwdGlvbi5TM19NQU5BR0VELFxuICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICBhdXRvRGVsZXRlT2JqZWN0czogdHJ1ZVxuICB9LFxuICBsb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfVxufSwgJ2V4aXN0aW5nLXMzLWJ1Y2tldC1lbmNyeXB0ZWQtd2l0aC1zMy1tYW5hZ2VkLWtleScpLmJ1Y2tldDtcblxuY29uc3QgcHJvcHM6IENsb3VkRnJvbnRUb1MzUHJvcHMgPSB7XG4gIGV4aXN0aW5nQnVja2V0T2JqLFxuICBjbG91ZEZyb250TG9nZ2luZ0J1Y2tldFByb3BzOiB7XG4gICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgIGF1dG9EZWxldGVPYmplY3RzOiB0cnVlXG4gIH0sXG4gIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0QWNjZXNzTG9nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgaW5zZXJ0SHR0cFNlY3VyaXR5SGVhZGVyczogZmFsc2Vcbn07XG5cbm5ldyBDbG91ZEZyb250VG9TMyhzdGFjaywgJ3Rlc3QtY2xvdWRmcm9udC1zMy1tYW5hZ2VkLWtleScsIHByb3BzKTtcblxuc3VwcHJlc3NDdXN0b21IYW5kbGVyQ2ZuTmFnV2FybmluZ3Moc3RhY2ssICdDdXN0b206OlMzQXV0b0RlbGV0ZU9iamVjdHNDdXN0b21SZXNvdXJjZVByb3ZpZGVyJyk7XG5cbi8vIFN5bnRoXG5uZXcgSW50ZWdUZXN0KHN0YWNrLCAnSW50ZWcnLCB7IHRlc3RDYXNlczogW1xuICBzdGFja1xuXSB9KTtcbiJdfQ==
@@ -0,0 +1 @@
1
+ "use strict";var I=Object.create,i=Object.defineProperty,C=Object.getOwnPropertyDescriptor,w=Object.getOwnPropertyNames,P=Object.getPrototypeOf,A=Object.prototype.hasOwnProperty,B=(e,t)=>{for(var o in t)i(e,o,{get:t[o],enumerable:!0})},d=(e,t,o,r)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of w(t))!A.call(e,s)&&s!==o&&i(e,s,{get:()=>t[s],enumerable:!(r=C(t,s))||r.enumerable});return e},l=(e,t,o)=>(o=e!=null?I(P(e)):{},d(t||!e||!e.__esModule?i(o,"default",{value:e,enumerable:!0}):o,e)),L=e=>d(i({},"__esModule",{value:!0}),e),q={};B(q,{autoDeleteHandler:()=>S,handler:()=>F}),module.exports=L(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:T,log:O,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",k="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(e){return async(t,o)=>{let r={...t,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),t.RequestType==="Delete"&&t.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",t);return}try{let s=await e(r,o),n=D(t,s);await u("SUCCESS",n)}catch(s){let n={...t,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(t.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(t)}`)),await u("FAILED",n)}}}function D(e,t={}){let o=t.PhysicalResourceId??e.PhysicalResourceId??e.RequestId;if(e.RequestType==="Delete"&&o!==e.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${e.PhysicalResourceId}" to "${t.PhysicalResourceId}" during deletion`);return{...e,...t,PhysicalResourceId:o}}async function u(e,t){let o={Status:e,Reason:t.Reason??e,StackId:t.StackId,RequestId:t.RequestId,PhysicalResourceId:t.PhysicalResourceId||k,LogicalResourceId:t.LogicalResourceId,NoEcho:t.NoEcho,Data:t.Data},r=m.parse(t.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),f={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await b({attempts:5,sleep:1e3},a.sendHttpRequest)(f,n)}async function T(e,t){return new Promise((o,r)=>{try{let s=y.request(e,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(t),s.end()}catch(s){r(s)}})}function O(e,...t){console.log(e,...t)}function b(e,t){return async(...o)=>{let r=e.attempts,s=e.sleep;for(;;)try{return await t(...o)}catch(n){if(r--<=0)throw n;await x(Math.floor(Math.random()*s)),s*=2}}}async function x(e){return new Promise(t=>setTimeout(t,e))}var g="aws-cdk:auto-delete-objects",H=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),F=R(S);async function S(e){switch(e.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await _(e)).PhysicalResourceId};case"Delete":return W(e.ResourceProperties?.BucketName)}}async function _(e){let t=e,o=t.OldResourceProperties?.BucketName;return{PhysicalResourceId:t.ResourceProperties?.BucketName??o}}async function U(e){try{let t=(await c.getBucketPolicy({Bucket:e}))?.Policy??H,o=JSON.parse(t);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${e}/*`]}),await c.putBucketPolicy({Bucket:e,Policy:JSON.stringify(o)})}catch(t){if(t.name==="NoSuchBucket")throw t;console.log(`Could not set new object deny policy on bucket '${e}' prior to deletion.`)}}async function E(e){let t=await c.listObjectVersions({Bucket:e}),o=[...t.Versions??[],...t.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:e,Delete:{Objects:r}}),t?.IsTruncated&&await E(e)}async function W(e){if(!e)throw new Error("No BucketName was provided.");try{if(!await N(e)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await U(e),await E(e)}catch(t){if(t.name==="NoSuchBucket"){console.log(`Bucket '${e}' does not exist.`);return}throw t}}async function N(e){return(await c.getBucketTagging({Bucket:e})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1,7 +1,20 @@
1
1
  {
2
2
  "version": "36.0.0",
3
3
  "files": {
4
- "e7b5a5ddb6c94e12fc7698e48ed97f29526e8a6f1d5b21ec0c99afff6a6cbd62": {
4
+ "2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4": {
5
+ "source": {
6
+ "path": "asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4",
7
+ "packaging": "zip"
8
+ },
9
+ "destinations": {
10
+ "current_account-current_region": {
11
+ "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12
+ "objectKey": "2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4.zip",
13
+ "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
14
+ }
15
+ }
16
+ },
17
+ "d523cd6d078a61c19eb8c081d0b346a12e902cfbed3d0d26454eeecd53eaef78": {
5
18
  "source": {
6
19
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json",
7
20
  "packaging": "file"
@@ -9,7 +22,7 @@
9
22
  "destinations": {
10
23
  "current_account-current_region": {
11
24
  "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12
- "objectKey": "e7b5a5ddb6c94e12fc7698e48ed97f29526e8a6f1d5b21ec0c99afff6a6cbd62.json",
25
+ "objectKey": "d523cd6d078a61c19eb8c081d0b346a12e902cfbed3d0d26454eeecd53eaef78.json",
13
26
  "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
14
27
  }
15
28
  }
@@ -19,12 +19,18 @@
19
19
  "IgnorePublicAcls": true,
20
20
  "RestrictPublicBuckets": true
21
21
  },
22
+ "Tags": [
23
+ {
24
+ "Key": "aws-cdk:auto-delete-objects",
25
+ "Value": "true"
26
+ }
27
+ ],
22
28
  "VersioningConfiguration": {
23
29
  "Status": "Enabled"
24
30
  }
25
31
  },
26
- "UpdateReplacePolicy": "Retain",
27
- "DeletionPolicy": "Retain",
32
+ "UpdateReplacePolicy": "Delete",
33
+ "DeletionPolicy": "Delete",
28
34
  "Metadata": {
29
35
  "cfn_nag": {
30
36
  "rules_to_suppress": [
@@ -78,6 +84,45 @@
78
84
  }
79
85
  ]
80
86
  },
87
+ {
88
+ "Action": [
89
+ "s3:DeleteObject*",
90
+ "s3:GetBucket*",
91
+ "s3:List*",
92
+ "s3:PutBucketPolicy"
93
+ ],
94
+ "Effect": "Allow",
95
+ "Principal": {
96
+ "AWS": {
97
+ "Fn::GetAtt": [
98
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
99
+ "Arn"
100
+ ]
101
+ }
102
+ },
103
+ "Resource": [
104
+ {
105
+ "Fn::GetAtt": [
106
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7",
107
+ "Arn"
108
+ ]
109
+ },
110
+ {
111
+ "Fn::Join": [
112
+ "",
113
+ [
114
+ {
115
+ "Fn::GetAtt": [
116
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7",
117
+ "Arn"
118
+ ]
119
+ },
120
+ "/*"
121
+ ]
122
+ ]
123
+ }
124
+ ]
125
+ },
81
126
  {
82
127
  "Action": "s3:PutObject",
83
128
  "Condition": {
@@ -119,6 +164,101 @@
119
164
  }
120
165
  }
121
166
  },
167
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketAutoDeleteObjectsCustomResourceB3A19532": {
168
+ "Type": "Custom::S3AutoDeleteObjects",
169
+ "Properties": {
170
+ "ServiceToken": {
171
+ "Fn::GetAtt": [
172
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
173
+ "Arn"
174
+ ]
175
+ },
176
+ "BucketName": {
177
+ "Ref": "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7"
178
+ }
179
+ },
180
+ "DependsOn": [
181
+ "existings3bucketencryptedwiths3managedkeyS3LoggingBucketPolicy4358229C"
182
+ ],
183
+ "UpdateReplacePolicy": "Delete",
184
+ "DeletionPolicy": "Delete"
185
+ },
186
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
187
+ "Type": "AWS::IAM::Role",
188
+ "Properties": {
189
+ "AssumeRolePolicyDocument": {
190
+ "Version": "2012-10-17",
191
+ "Statement": [
192
+ {
193
+ "Action": "sts:AssumeRole",
194
+ "Effect": "Allow",
195
+ "Principal": {
196
+ "Service": "lambda.amazonaws.com"
197
+ }
198
+ }
199
+ ]
200
+ },
201
+ "ManagedPolicyArns": [
202
+ {
203
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
204
+ }
205
+ ]
206
+ }
207
+ },
208
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
209
+ "Type": "AWS::Lambda::Function",
210
+ "Properties": {
211
+ "Code": {
212
+ "S3Bucket": {
213
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
214
+ },
215
+ "S3Key": "2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4.zip"
216
+ },
217
+ "Timeout": 900,
218
+ "MemorySize": 128,
219
+ "Handler": "index.handler",
220
+ "Role": {
221
+ "Fn::GetAtt": [
222
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
223
+ "Arn"
224
+ ]
225
+ },
226
+ "Runtime": "nodejs18.x",
227
+ "Description": {
228
+ "Fn::Join": [
229
+ "",
230
+ [
231
+ "Lambda function for auto-deleting objects in ",
232
+ {
233
+ "Ref": "existings3bucketencryptedwiths3managedkeyS3LoggingBucketF861F6B7"
234
+ },
235
+ " S3 bucket."
236
+ ]
237
+ ]
238
+ }
239
+ },
240
+ "DependsOn": [
241
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
242
+ ],
243
+ "Metadata": {
244
+ "cfn_nag": {
245
+ "rules_to_suppress": [
246
+ {
247
+ "id": "W58",
248
+ "reason": "CDK generated custom resource"
249
+ },
250
+ {
251
+ "id": "W89",
252
+ "reason": "CDK generated custom resource"
253
+ },
254
+ {
255
+ "id": "W92",
256
+ "reason": "CDK generated custom resource"
257
+ }
258
+ ]
259
+ }
260
+ }
261
+ },
122
262
  "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A": {
123
263
  "Type": "AWS::S3::Bucket",
124
264
  "Properties": {
@@ -155,12 +295,18 @@
155
295
  "IgnorePublicAcls": true,
156
296
  "RestrictPublicBuckets": true
157
297
  },
298
+ "Tags": [
299
+ {
300
+ "Key": "aws-cdk:auto-delete-objects",
301
+ "Value": "true"
302
+ }
303
+ ],
158
304
  "VersioningConfiguration": {
159
305
  "Status": "Enabled"
160
306
  }
161
307
  },
162
- "UpdateReplacePolicy": "Retain",
163
- "DeletionPolicy": "Retain"
308
+ "UpdateReplacePolicy": "Delete",
309
+ "DeletionPolicy": "Delete"
164
310
  },
165
311
  "existings3bucketencryptedwiths3managedkeyS3BucketPolicyFDA85248": {
166
312
  "Type": "AWS::S3::BucketPolicy",
@@ -204,6 +350,45 @@
204
350
  }
205
351
  ]
206
352
  },
353
+ {
354
+ "Action": [
355
+ "s3:DeleteObject*",
356
+ "s3:GetBucket*",
357
+ "s3:List*",
358
+ "s3:PutBucketPolicy"
359
+ ],
360
+ "Effect": "Allow",
361
+ "Principal": {
362
+ "AWS": {
363
+ "Fn::GetAtt": [
364
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
365
+ "Arn"
366
+ ]
367
+ }
368
+ },
369
+ "Resource": [
370
+ {
371
+ "Fn::GetAtt": [
372
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
373
+ "Arn"
374
+ ]
375
+ },
376
+ {
377
+ "Fn::Join": [
378
+ "",
379
+ [
380
+ {
381
+ "Fn::GetAtt": [
382
+ "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A",
383
+ "Arn"
384
+ ]
385
+ },
386
+ "/*"
387
+ ]
388
+ ]
389
+ }
390
+ ]
391
+ },
207
392
  {
208
393
  "Action": "s3:GetObject",
209
394
  "Condition": {
@@ -259,6 +444,25 @@
259
444
  }
260
445
  }
261
446
  },
447
+ "existings3bucketencryptedwiths3managedkeyS3BucketAutoDeleteObjectsCustomResourceE3B1946C": {
448
+ "Type": "Custom::S3AutoDeleteObjects",
449
+ "Properties": {
450
+ "ServiceToken": {
451
+ "Fn::GetAtt": [
452
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
453
+ "Arn"
454
+ ]
455
+ },
456
+ "BucketName": {
457
+ "Ref": "existings3bucketencryptedwiths3managedkeyS3BucketA8C4BE9A"
458
+ }
459
+ },
460
+ "DependsOn": [
461
+ "existings3bucketencryptedwiths3managedkeyS3BucketPolicyFDA85248"
462
+ ],
463
+ "UpdateReplacePolicy": "Delete",
464
+ "DeletionPolicy": "Delete"
465
+ },
262
466
  "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLog09A44955": {
263
467
  "Type": "AWS::S3::Bucket",
264
468
  "Properties": {
@@ -271,25 +475,24 @@
271
475
  }
272
476
  ]
273
477
  },
274
- "OwnershipControls": {
275
- "Rules": [
276
- {
277
- "ObjectOwnership": "ObjectWriter"
278
- }
279
- ]
280
- },
281
478
  "PublicAccessBlockConfiguration": {
282
479
  "BlockPublicAcls": true,
283
480
  "BlockPublicPolicy": true,
284
481
  "IgnorePublicAcls": true,
285
482
  "RestrictPublicBuckets": true
286
483
  },
484
+ "Tags": [
485
+ {
486
+ "Key": "aws-cdk:auto-delete-objects",
487
+ "Value": "true"
488
+ }
489
+ ],
287
490
  "VersioningConfiguration": {
288
491
  "Status": "Enabled"
289
492
  }
290
493
  },
291
- "UpdateReplacePolicy": "Retain",
292
- "DeletionPolicy": "Retain",
494
+ "UpdateReplacePolicy": "Delete",
495
+ "DeletionPolicy": "Delete",
293
496
  "Metadata": {
294
497
  "cfn_nag": {
295
498
  "rules_to_suppress": [
@@ -343,6 +546,45 @@
343
546
  }
344
547
  ]
345
548
  },
549
+ {
550
+ "Action": [
551
+ "s3:DeleteObject*",
552
+ "s3:GetBucket*",
553
+ "s3:List*",
554
+ "s3:PutBucketPolicy"
555
+ ],
556
+ "Effect": "Allow",
557
+ "Principal": {
558
+ "AWS": {
559
+ "Fn::GetAtt": [
560
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
561
+ "Arn"
562
+ ]
563
+ }
564
+ },
565
+ "Resource": [
566
+ {
567
+ "Fn::GetAtt": [
568
+ "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLog09A44955",
569
+ "Arn"
570
+ ]
571
+ },
572
+ {
573
+ "Fn::Join": [
574
+ "",
575
+ [
576
+ {
577
+ "Fn::GetAtt": [
578
+ "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLog09A44955",
579
+ "Arn"
580
+ ]
581
+ },
582
+ "/*"
583
+ ]
584
+ ]
585
+ }
586
+ ]
587
+ },
346
588
  {
347
589
  "Action": "s3:PutObject",
348
590
  "Condition": {
@@ -384,6 +626,25 @@
384
626
  }
385
627
  }
386
628
  },
629
+ "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource57833AF4": {
630
+ "Type": "Custom::S3AutoDeleteObjects",
631
+ "Properties": {
632
+ "ServiceToken": {
633
+ "Fn::GetAtt": [
634
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
635
+ "Arn"
636
+ ]
637
+ },
638
+ "BucketName": {
639
+ "Ref": "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLog09A44955"
640
+ }
641
+ },
642
+ "DependsOn": [
643
+ "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLogPolicy08C15592"
644
+ ],
645
+ "UpdateReplacePolicy": "Delete",
646
+ "DeletionPolicy": "Delete"
647
+ },
387
648
  "testcloudfronts3managedkeyCloudfrontLoggingBucket4F6525D7": {
388
649
  "Type": "AWS::S3::Bucket",
389
650
  "Properties": {
@@ -415,12 +676,18 @@
415
676
  "IgnorePublicAcls": true,
416
677
  "RestrictPublicBuckets": true
417
678
  },
679
+ "Tags": [
680
+ {
681
+ "Key": "aws-cdk:auto-delete-objects",
682
+ "Value": "true"
683
+ }
684
+ ],
418
685
  "VersioningConfiguration": {
419
686
  "Status": "Enabled"
420
687
  }
421
688
  },
422
- "UpdateReplacePolicy": "Retain",
423
- "DeletionPolicy": "Retain"
689
+ "UpdateReplacePolicy": "Delete",
690
+ "DeletionPolicy": "Delete"
424
691
  },
425
692
  "testcloudfronts3managedkeyCloudfrontLoggingBucketPolicy8952C83B": {
426
693
  "Type": "AWS::S3::BucketPolicy",
@@ -463,12 +730,70 @@
463
730
  ]
464
731
  }
465
732
  ]
733
+ },
734
+ {
735
+ "Action": [
736
+ "s3:DeleteObject*",
737
+ "s3:GetBucket*",
738
+ "s3:List*",
739
+ "s3:PutBucketPolicy"
740
+ ],
741
+ "Effect": "Allow",
742
+ "Principal": {
743
+ "AWS": {
744
+ "Fn::GetAtt": [
745
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
746
+ "Arn"
747
+ ]
748
+ }
749
+ },
750
+ "Resource": [
751
+ {
752
+ "Fn::GetAtt": [
753
+ "testcloudfronts3managedkeyCloudfrontLoggingBucket4F6525D7",
754
+ "Arn"
755
+ ]
756
+ },
757
+ {
758
+ "Fn::Join": [
759
+ "",
760
+ [
761
+ {
762
+ "Fn::GetAtt": [
763
+ "testcloudfronts3managedkeyCloudfrontLoggingBucket4F6525D7",
764
+ "Arn"
765
+ ]
766
+ },
767
+ "/*"
768
+ ]
769
+ ]
770
+ }
771
+ ]
466
772
  }
467
773
  ],
468
774
  "Version": "2012-10-17"
469
775
  }
470
776
  }
471
777
  },
778
+ "testcloudfronts3managedkeyCloudfrontLoggingBucketAutoDeleteObjectsCustomResource0CEC3BE0": {
779
+ "Type": "Custom::S3AutoDeleteObjects",
780
+ "Properties": {
781
+ "ServiceToken": {
782
+ "Fn::GetAtt": [
783
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
784
+ "Arn"
785
+ ]
786
+ },
787
+ "BucketName": {
788
+ "Ref": "testcloudfronts3managedkeyCloudfrontLoggingBucket4F6525D7"
789
+ }
790
+ },
791
+ "DependsOn": [
792
+ "testcloudfronts3managedkeyCloudfrontLoggingBucketPolicy8952C83B"
793
+ ],
794
+ "UpdateReplacePolicy": "Delete",
795
+ "DeletionPolicy": "Delete"
796
+ },
472
797
  "testcloudfronts3managedkeyCloudFrontOac1422B0A1": {
473
798
  "Type": "AWS::CloudFront::OriginAccessControl",
474
799
  "Properties": {
@@ -66,7 +66,7 @@
66
66
  "validateOnSynth": false,
67
67
  "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
68
68
  "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
69
- "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e7b5a5ddb6c94e12fc7698e48ed97f29526e8a6f1d5b21ec0c99afff6a6cbd62.json",
69
+ "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d523cd6d078a61c19eb8c081d0b346a12e902cfbed3d0d26454eeecd53eaef78.json",
70
70
  "requiresBootstrapStackVersion": 6,
71
71
  "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
72
72
  "additionalDependencies": [
@@ -94,6 +94,24 @@
94
94
  "data": "existings3bucketencryptedwiths3managedkeyS3LoggingBucketPolicy4358229C"
95
95
  }
96
96
  ],
97
+ "/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/existing-s3-bucket-encrypted-with-s3-managed-keyS3LoggingBucket/AutoDeleteObjectsCustomResource/Default": [
98
+ {
99
+ "type": "aws:cdk:logicalId",
100
+ "data": "existings3bucketencryptedwiths3managedkeyS3LoggingBucketAutoDeleteObjectsCustomResourceB3A19532"
101
+ }
102
+ ],
103
+ "/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [
104
+ {
105
+ "type": "aws:cdk:logicalId",
106
+ "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
107
+ }
108
+ ],
109
+ "/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [
110
+ {
111
+ "type": "aws:cdk:logicalId",
112
+ "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F"
113
+ }
114
+ ],
97
115
  "/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/existing-s3-bucket-encrypted-with-s3-managed-keyS3Bucket/Resource": [
98
116
  {
99
117
  "type": "aws:cdk:logicalId",
@@ -106,6 +124,12 @@
106
124
  "data": "existings3bucketencryptedwiths3managedkeyS3BucketPolicyFDA85248"
107
125
  }
108
126
  ],
127
+ "/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/existing-s3-bucket-encrypted-with-s3-managed-keyS3Bucket/AutoDeleteObjectsCustomResource/Default": [
128
+ {
129
+ "type": "aws:cdk:logicalId",
130
+ "data": "existings3bucketencryptedwiths3managedkeyS3BucketAutoDeleteObjectsCustomResourceE3B1946C"
131
+ }
132
+ ],
109
133
  "/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/test-cloudfront-s3-managed-key/CloudfrontLoggingBucketAccessLog/Resource": [
110
134
  {
111
135
  "type": "aws:cdk:logicalId",
@@ -118,6 +142,12 @@
118
142
  "data": "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLogPolicy08C15592"
119
143
  }
120
144
  ],
145
+ "/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/test-cloudfront-s3-managed-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default": [
146
+ {
147
+ "type": "aws:cdk:logicalId",
148
+ "data": "testcloudfronts3managedkeyCloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource57833AF4"
149
+ }
150
+ ],
121
151
  "/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/test-cloudfront-s3-managed-key/CloudfrontLoggingBucket/Resource": [
122
152
  {
123
153
  "type": "aws:cdk:logicalId",
@@ -130,6 +160,12 @@
130
160
  "data": "testcloudfronts3managedkeyCloudfrontLoggingBucketPolicy8952C83B"
131
161
  }
132
162
  ],
163
+ "/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/test-cloudfront-s3-managed-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default": [
164
+ {
165
+ "type": "aws:cdk:logicalId",
166
+ "data": "testcloudfronts3managedkeyCloudfrontLoggingBucketAutoDeleteObjectsCustomResource0CEC3BE0"
167
+ }
168
+ ],
133
169
  "/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/test-cloudfront-s3-managed-key/CloudFrontOac": [
134
170
  {
135
171
  "type": "aws:cdk:logicalId",