@aws-solutions-constructs/aws-cloudfront-s3 2.58.1 → 2.60.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (82) hide show
  1. package/.jsii +105 -34
  2. package/README.md +10 -7
  3. package/lib/index.d.ts +32 -17
  4. package/lib/index.js +33 -3
  5. package/package.json +8 -8
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +16 -2
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +15 -2
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +340 -15
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +37 -19
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +342 -63
  12. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +16 -2
  13. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +15 -2
  15. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +340 -15
  16. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +37 -1
  17. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +318 -39
  18. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +2 -2
  19. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +0 -7
  20. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +1 -1
  21. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +31 -38
  22. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +13 -1
  23. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  24. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +15 -2
  25. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +274 -13
  26. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +27 -15
  27. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +279 -63
  28. package/test/integ.cfts3-custom-headers.js +5 -1
  29. package/test/integ.cfts3-custom-headers.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  30. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +5 -5
  31. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +1 -8
  32. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +1 -1
  33. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +48 -55
  34. package/test/integ.cfts3-custom-originPath.js +5 -1
  35. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  36. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +5 -5
  37. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +1 -8
  38. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +1 -1
  39. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +46 -53
  40. package/test/integ.cfts3-customLoggingBuckets.js +6 -2
  41. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  42. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +5 -5
  43. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +1 -21
  44. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +1 -1
  45. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +46 -66
  46. package/test/integ.cfts3-existing-bucket.js +5 -1
  47. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  48. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +5 -5
  49. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +1 -8
  50. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +1 -1
  51. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +51 -58
  52. package/test/integ.cfts3-no-arguments.js +5 -1
  53. package/test/integ.cfts3-no-arguments.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  54. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +5 -5
  55. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +1 -8
  56. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +1 -1
  57. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +46 -53
  58. package/test/integ.cfts3-no-logging.js +56 -0
  59. package/test/integ.cfts3-no-logging.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  60. package/test/integ.cfts3-no-logging.js.snapshot/cdk.out +1 -0
  61. package/test/integ.cfts3-no-logging.js.snapshot/cfts3-no-logging.assets.json +32 -0
  62. package/test/integ.cfts3-no-logging.js.snapshot/cfts3-no-logging.template.json +434 -0
  63. package/test/integ.cfts3-no-logging.js.snapshot/cfts3nologgingIntegDefaultTestDeployAssert18393DDB.assets.json +19 -0
  64. package/test/integ.cfts3-no-logging.js.snapshot/cfts3nologgingIntegDefaultTestDeployAssert18393DDB.template.json +36 -0
  65. package/test/integ.cfts3-no-logging.js.snapshot/integ.json +12 -0
  66. package/test/integ.cfts3-no-logging.js.snapshot/manifest.json +155 -0
  67. package/test/integ.cfts3-no-logging.js.snapshot/tree.json +506 -0
  68. package/test/integ.cfts3-no-security-headers.js +5 -1
  69. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4/index.js +1 -0
  70. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +5 -5
  71. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +1 -8
  72. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +1 -1
  73. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +44 -51
  74. package/test/test.cloudfront-s3.test.js +288 -52
  75. package/test/integ.cfts3-bucket-with-http-origin.js +0 -47
  76. package/test/integ.cfts3-custom-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  77. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  78. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  79. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  80. package/test/integ.cfts3-no-arguments.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  81. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.b7f33614a69548d6bafe224d751a7ef238cde19097415e553fe8b63a4c8fd8a6/index.js +0 -1
  82. /package/test/{integ.cfts3-bucket-with-http-origin.d.ts → integ.cfts3-no-logging.d.ts} +0 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aws-solutions-constructs/aws-cloudfront-s3",
3
- "version": "2.58.1",
3
+ "version": "2.60.0",
4
4
  "description": "CDK Constructs for AWS Cloudfront to AWS S3 integration.",
5
5
  "main": "lib/index.js",
6
6
  "types": "lib/index.d.ts",
@@ -53,16 +53,16 @@
53
53
  }
54
54
  },
55
55
  "dependencies": {
56
- "@aws-cdk/integ-tests-alpha": "2.143.0-alpha.0",
57
- "@aws-solutions-constructs/core": "2.58.1",
58
- "@aws-solutions-constructs/resources": "2.58.1",
56
+ "@aws-cdk/integ-tests-alpha": "2.145.0-alpha.0",
57
+ "@aws-solutions-constructs/core": "2.60.0",
58
+ "@aws-solutions-constructs/resources": "2.60.0",
59
59
  "constructs": "^10.0.0"
60
60
  },
61
61
  "devDependencies": {
62
62
  "@types/jest": "^27.4.0",
63
63
  "@types/node": "^10.3.0",
64
64
  "constructs": "^10.0.0",
65
- "aws-cdk-lib": "2.143.0"
65
+ "aws-cdk-lib": "2.145.0"
66
66
  },
67
67
  "jest": {
68
68
  "moduleFileExtensions": [
@@ -79,10 +79,10 @@
79
79
  ]
80
80
  },
81
81
  "peerDependencies": {
82
- "@aws-solutions-constructs/core": "2.58.1",
83
- "@aws-solutions-constructs/resources": "2.58.1",
82
+ "@aws-solutions-constructs/core": "2.60.0",
83
+ "@aws-solutions-constructs/resources": "2.60.0",
84
84
  "constructs": "^10.0.0",
85
- "aws-cdk-lib": "^2.143.0"
85
+ "aws-cdk-lib": "^2.145.0"
86
86
  },
87
87
  "keywords": [
88
88
  "aws",
@@ -31,11 +31,25 @@ const encryptionKey = new aws_cdk_lib_1.aws_kms.Key(stack, 'cmkKey', {
31
31
  const existingBucketObj = core_1.buildS3Bucket(stack, {
32
32
  bucketProps: {
33
33
  encryption: aws_s3_1.BucketEncryption.KMS,
34
- encryptionKey
34
+ encryptionKey,
35
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
36
+ autoDeleteObjects: true
37
+ },
38
+ loggingBucketProps: {
39
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
40
+ autoDeleteObjects: true
35
41
  }
36
42
  }, 'existing-s3-bucket-encrypted-with-cmk').bucket;
37
43
  const props = {
38
44
  existingBucketObj,
45
+ cloudFrontLoggingBucketProps: {
46
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
47
+ autoDeleteObjects: true
48
+ },
49
+ cloudFrontLoggingBucketAccessLogBucketProps: {
50
+ removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
51
+ autoDeleteObjects: true
52
+ },
39
53
  insertHttpSecurityHeaders: false
40
54
  };
41
55
  new lib_1.CloudFrontToS3(stack, 'test-cloudfront-s3-cmk-encryption-key', props);
@@ -44,4 +58,4 @@ core_1.suppressCustomHandlerCfnNagWarnings(stack, 'Custom::S3AutoDeleteObjectsCu
44
58
  new integ_tests_alpha_1.IntegTest(stack, 'Integ', { testCases: [
45
59
  stack
46
60
  ] });
47
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0czMtYnVja2V0LWVuY3J5cHRlZC13aXRoLWNtay1wcm92aWRlZC1hcy1leGlzdGluZ2J1Y2tldC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbImludGVnLmNmdHMzLWJ1Y2tldC1lbmNyeXB0ZWQtd2l0aC1jbWstcHJvdmlkZWQtYXMtZXhpc3RpbmdidWNrZXQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBOzs7Ozs7Ozs7OztHQVdHOztBQUVILFVBQVU7QUFDViw2Q0FBaUU7QUFDakUsZ0NBQTZEO0FBQzdELHlEQUE0SDtBQUM1SCwrQ0FBc0Q7QUFDdEQsa0VBQXVEO0FBRXZELFFBQVE7QUFDUixNQUFNLEdBQUcsR0FBRyxJQUFJLGlCQUFHLEVBQUUsQ0FBQztBQUN0QixNQUFNLEtBQUssR0FBRyxJQUFJLG1CQUFLLENBQUMsR0FBRyxFQUFFLDZCQUFzQixDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7QUFDakUsS0FBSyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsaURBQWlELEVBQUUsSUFBSSxDQUFDLENBQUM7QUFDL0UsS0FBSyxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsd0NBQXdDLENBQUM7QUFFN0UsY0FBYztBQUNkLE1BQU0sYUFBYSxHQUFHLElBQUkscUJBQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLFFBQVEsRUFBRTtJQUNyRCxpQkFBaUIsRUFBRSxJQUFJO0lBQ3ZCLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87Q0FDckMsQ0FBQyxDQUFDO0FBRUgsTUFBTSxpQkFBaUIsR0FBRyxvQkFBYSxDQUFDLEtBQUssRUFBRTtJQUM3QyxXQUFXLEVBQUU7UUFDWCxVQUFVLEVBQUUseUJBQWdCLENBQUMsR0FBRztRQUNoQyxhQUFhO0tBQ2Q7Q0FDRixFQUFFLHVDQUF1QyxDQUFDLENBQUMsTUFBTSxDQUFDO0FBRW5ELE1BQU0sS0FBSyxHQUF3QjtJQUNqQyxpQkFBaUI7SUFDakIseUJBQXlCLEVBQUUsS0FBSztDQUNqQyxDQUFDO0FBRUYsSUFBSSxvQkFBYyxDQUFDLEtBQUssRUFBRSx1Q0FBdUMsRUFBRSxLQUFLLENBQUMsQ0FBQztBQUUxRSwwQ0FBbUMsQ0FBQyxLQUFLLEVBQUUsbURBQW1ELENBQUMsQ0FBQztBQUVoRyxRQUFRO0FBQ1IsSUFBSSw2QkFBUyxDQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRSxTQUFTLEVBQUU7UUFDekMsS0FBSztLQUNOLEVBQUUsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuLy8gSW1wb3J0c1xuaW1wb3J0IHsgQXBwLCBTdGFjaywgUmVtb3ZhbFBvbGljeSwgYXdzX2ttcyB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ2xvdWRGcm9udFRvUzMsIENsb3VkRnJvbnRUb1MzUHJvcHMgfSBmcm9tIFwiLi4vbGliXCI7XG5pbXBvcnQgeyBidWlsZFMzQnVja2V0LCBnZW5lcmF0ZUludGVnU3RhY2tOYW1lLCBzdXBwcmVzc0N1c3RvbUhhbmRsZXJDZm5OYWdXYXJuaW5ncyB9IGZyb20gJ0Bhd3Mtc29sdXRpb25zLWNvbnN0cnVjdHMvY29yZSc7XG5pbXBvcnQgeyBCdWNrZXRFbmNyeXB0aW9uIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1zM1wiO1xuaW1wb3J0IHsgSW50ZWdUZXN0IH0gZnJvbSAnQGF3cy1jZGsvaW50ZWctdGVzdHMtYWxwaGEnO1xuXG4vLyBTZXR1cFxuY29uc3QgYXBwID0gbmV3IEFwcCgpO1xuY29uc3Qgc3RhY2sgPSBuZXcgU3RhY2soYXBwLCBnZW5lcmF0ZUludGVnU3RhY2tOYW1lKF9fZmlsZW5hbWUpKTtcbnN0YWNrLm5vZGUuc2V0Q29udGV4dChcIkBhd3MtY2RrL2F3cy1zMzpzZXJ2ZXJBY2Nlc3NMb2dzVXNlQnVja2V0UG9saWN5XCIsIHRydWUpO1xuc3RhY2sudGVtcGxhdGVPcHRpb25zLmRlc2NyaXB0aW9uID0gJ0ludGVncmF0aW9uIFRlc3QgZm9yIGF3cy1jbG91ZGZyb250LXMzJztcblxuLy8gRGVmaW5pdGlvbnNcbmNvbnN0IGVuY3J5cHRpb25LZXkgPSBuZXcgYXdzX2ttcy5LZXkoc3RhY2ssICdjbWtLZXknLCB7XG4gIGVuYWJsZUtleVJvdGF0aW9uOiB0cnVlLFxuICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1lcbn0pO1xuXG5jb25zdCBleGlzdGluZ0J1Y2tldE9iaiA9IGJ1aWxkUzNCdWNrZXQoc3RhY2ssIHtcbiAgYnVja2V0UHJvcHM6IHtcbiAgICBlbmNyeXB0aW9uOiBCdWNrZXRFbmNyeXB0aW9uLktNUyxcbiAgICBlbmNyeXB0aW9uS2V5XG4gIH1cbn0sICdleGlzdGluZy1zMy1idWNrZXQtZW5jcnlwdGVkLXdpdGgtY21rJykuYnVja2V0O1xuXG5jb25zdCBwcm9wczogQ2xvdWRGcm9udFRvUzNQcm9wcyA9IHtcbiAgZXhpc3RpbmdCdWNrZXRPYmosXG4gIGluc2VydEh0dHBTZWN1cml0eUhlYWRlcnM6IGZhbHNlXG59O1xuXG5uZXcgQ2xvdWRGcm9udFRvUzMoc3RhY2ssICd0ZXN0LWNsb3VkZnJvbnQtczMtY21rLWVuY3J5cHRpb24ta2V5JywgcHJvcHMpO1xuXG5zdXBwcmVzc0N1c3RvbUhhbmRsZXJDZm5OYWdXYXJuaW5ncyhzdGFjaywgJ0N1c3RvbTo6UzNBdXRvRGVsZXRlT2JqZWN0c0N1c3RvbVJlc291cmNlUHJvdmlkZXInKTtcblxuLy8gU3ludGhcbm5ldyBJbnRlZ1Rlc3Qoc3RhY2ssICdJbnRlZycsIHsgdGVzdENhc2VzOiBbXG4gIHN0YWNrXG5dIH0pO1xuIl19
61
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0czMtYnVja2V0LWVuY3J5cHRlZC13aXRoLWNtay1wcm92aWRlZC1hcy1leGlzdGluZ2J1Y2tldC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbImludGVnLmNmdHMzLWJ1Y2tldC1lbmNyeXB0ZWQtd2l0aC1jbWstcHJvdmlkZWQtYXMtZXhpc3RpbmdidWNrZXQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBOzs7Ozs7Ozs7OztHQVdHOztBQUVILFVBQVU7QUFDViw2Q0FBaUU7QUFDakUsZ0NBQTZEO0FBQzdELHlEQUE0SDtBQUM1SCwrQ0FBc0Q7QUFDdEQsa0VBQXVEO0FBRXZELFFBQVE7QUFDUixNQUFNLEdBQUcsR0FBRyxJQUFJLGlCQUFHLEVBQUUsQ0FBQztBQUN0QixNQUFNLEtBQUssR0FBRyxJQUFJLG1CQUFLLENBQUMsR0FBRyxFQUFFLDZCQUFzQixDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7QUFDakUsS0FBSyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsaURBQWlELEVBQUUsSUFBSSxDQUFDLENBQUM7QUFDL0UsS0FBSyxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsd0NBQXdDLENBQUM7QUFFN0UsY0FBYztBQUNkLE1BQU0sYUFBYSxHQUFHLElBQUkscUJBQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLFFBQVEsRUFBRTtJQUNyRCxpQkFBaUIsRUFBRSxJQUFJO0lBQ3ZCLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87Q0FDckMsQ0FBQyxDQUFDO0FBRUgsTUFBTSxpQkFBaUIsR0FBRyxvQkFBYSxDQUFDLEtBQUssRUFBRTtJQUM3QyxXQUFXLEVBQUU7UUFDWCxVQUFVLEVBQUUseUJBQWdCLENBQUMsR0FBRztRQUNoQyxhQUFhO1FBQ2IsYUFBYSxFQUFFLDJCQUFhLENBQUMsT0FBTztRQUNwQyxpQkFBaUIsRUFBRSxJQUFJO0tBQ3hCO0lBQ0Qsa0JBQWtCLEVBQUU7UUFDbEIsYUFBYSxFQUFFLDJCQUFhLENBQUMsT0FBTztRQUNwQyxpQkFBaUIsRUFBRSxJQUFJO0tBQ3hCO0NBQ0YsRUFBRSx1Q0FBdUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQztBQUVuRCxNQUFNLEtBQUssR0FBd0I7SUFDakMsaUJBQWlCO0lBQ2pCLDRCQUE0QixFQUFFO1FBQzVCLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87UUFDcEMsaUJBQWlCLEVBQUUsSUFBSTtLQUN4QjtJQUNELDJDQUEyQyxFQUFFO1FBQzNDLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87UUFDcEMsaUJBQWlCLEVBQUUsSUFBSTtLQUN4QjtJQUNELHlCQUF5QixFQUFFLEtBQUs7Q0FDakMsQ0FBQztBQUVGLElBQUksb0JBQWMsQ0FBQyxLQUFLLEVBQUUsdUNBQXVDLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFFMUUsMENBQW1DLENBQUMsS0FBSyxFQUFFLG1EQUFtRCxDQUFDLENBQUM7QUFFaEcsUUFBUTtBQUNSLElBQUksNkJBQVMsQ0FBQyxLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUUsU0FBUyxFQUFFO1FBQ3pDLEtBQUs7S0FDTixFQUFFLENBQUMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogIENvcHlyaWdodCBBbWF6b24uY29tLCBJbmMuIG9yIGl0cyBhZmZpbGlhdGVzLiBBbGwgUmlnaHRzIFJlc2VydmVkLlxuICpcbiAqICBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgXCJMaWNlbnNlXCIpLiBZb3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlXG4gKiAgd2l0aCB0aGUgTGljZW5zZS4gQSBjb3B5IG9mIHRoZSBMaWNlbnNlIGlzIGxvY2F0ZWQgYXRcbiAqXG4gKiAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMFxuICpcbiAqICBvciBpbiB0aGUgJ2xpY2Vuc2UnIGZpbGUgYWNjb21wYW55aW5nIHRoaXMgZmlsZS4gVGhpcyBmaWxlIGlzIGRpc3RyaWJ1dGVkIG9uIGFuICdBUyBJUycgQkFTSVMsIFdJVEhPVVQgV0FSUkFOVElFU1xuICogIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGV4cHJlc3Mgb3IgaW1wbGllZC4gU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zXG4gKiAgYW5kIGxpbWl0YXRpb25zIHVuZGVyIHRoZSBMaWNlbnNlLlxuICovXG5cbi8vIEltcG9ydHNcbmltcG9ydCB7IEFwcCwgU3RhY2ssIFJlbW92YWxQb2xpY3ksIGF3c19rbXMgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IENsb3VkRnJvbnRUb1MzLCBDbG91ZEZyb250VG9TM1Byb3BzIH0gZnJvbSBcIi4uL2xpYlwiO1xuaW1wb3J0IHsgYnVpbGRTM0J1Y2tldCwgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZSwgc3VwcHJlc3NDdXN0b21IYW5kbGVyQ2ZuTmFnV2FybmluZ3MgfSBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuaW1wb3J0IHsgQnVja2V0RW5jcnlwdGlvbiB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczNcIjtcbmltcG9ydCB7IEludGVnVGVzdCB9IGZyb20gJ0Bhd3MtY2RrL2ludGVnLXRlc3RzLWFscGhhJztcblxuLy8gU2V0dXBcbmNvbnN0IGFwcCA9IG5ldyBBcHAoKTtcbmNvbnN0IHN0YWNrID0gbmV3IFN0YWNrKGFwcCwgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZShfX2ZpbGVuYW1lKSk7XG5zdGFjay5ub2RlLnNldENvbnRleHQoXCJAYXdzLWNkay9hd3MtczM6c2VydmVyQWNjZXNzTG9nc1VzZUJ1Y2tldFBvbGljeVwiLCB0cnVlKTtcbnN0YWNrLnRlbXBsYXRlT3B0aW9ucy5kZXNjcmlwdGlvbiA9ICdJbnRlZ3JhdGlvbiBUZXN0IGZvciBhd3MtY2xvdWRmcm9udC1zMyc7XG5cbi8vIERlZmluaXRpb25zXG5jb25zdCBlbmNyeXB0aW9uS2V5ID0gbmV3IGF3c19rbXMuS2V5KHN0YWNrLCAnY21rS2V5Jywge1xuICBlbmFibGVLZXlSb3RhdGlvbjogdHJ1ZSxcbiAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZXG59KTtcblxuY29uc3QgZXhpc3RpbmdCdWNrZXRPYmogPSBidWlsZFMzQnVja2V0KHN0YWNrLCB7XG4gIGJ1Y2tldFByb3BzOiB7XG4gICAgZW5jcnlwdGlvbjogQnVja2V0RW5jcnlwdGlvbi5LTVMsXG4gICAgZW5jcnlwdGlvbktleSxcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgbG9nZ2luZ0J1Y2tldFByb3BzOiB7XG4gICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgIGF1dG9EZWxldGVPYmplY3RzOiB0cnVlXG4gIH1cbn0sICdleGlzdGluZy1zMy1idWNrZXQtZW5jcnlwdGVkLXdpdGgtY21rJykuYnVja2V0O1xuXG5jb25zdCBwcm9wczogQ2xvdWRGcm9udFRvUzNQcm9wcyA9IHtcbiAgZXhpc3RpbmdCdWNrZXRPYmosXG4gIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXRQcm9wczoge1xuICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICBhdXRvRGVsZXRlT2JqZWN0czogdHJ1ZVxuICB9LFxuICBpbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzOiBmYWxzZVxufTtcblxubmV3IENsb3VkRnJvbnRUb1MzKHN0YWNrLCAndGVzdC1jbG91ZGZyb250LXMzLWNtay1lbmNyeXB0aW9uLWtleScsIHByb3BzKTtcblxuc3VwcHJlc3NDdXN0b21IYW5kbGVyQ2ZuTmFnV2FybmluZ3Moc3RhY2ssICdDdXN0b206OlMzQXV0b0RlbGV0ZU9iamVjdHNDdXN0b21SZXNvdXJjZVByb3ZpZGVyJyk7XG5cbi8vIFN5bnRoXG5uZXcgSW50ZWdUZXN0KHN0YWNrLCAnSW50ZWcnLCB7IHRlc3RDYXNlczogW1xuICBzdGFja1xuXSB9KTtcbiJdfQ==
@@ -0,0 +1 @@
1
+ "use strict";var I=Object.create,i=Object.defineProperty,C=Object.getOwnPropertyDescriptor,w=Object.getOwnPropertyNames,P=Object.getPrototypeOf,A=Object.prototype.hasOwnProperty,B=(e,t)=>{for(var o in t)i(e,o,{get:t[o],enumerable:!0})},d=(e,t,o,r)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of w(t))!A.call(e,s)&&s!==o&&i(e,s,{get:()=>t[s],enumerable:!(r=C(t,s))||r.enumerable});return e},l=(e,t,o)=>(o=e!=null?I(P(e)):{},d(t||!e||!e.__esModule?i(o,"default",{value:e,enumerable:!0}):o,e)),L=e=>d(i({},"__esModule",{value:!0}),e),q={};B(q,{autoDeleteHandler:()=>S,handler:()=>F}),module.exports=L(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:T,log:O,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",k="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(e){return async(t,o)=>{let r={...t,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),t.RequestType==="Delete"&&t.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",t);return}try{let s=await e(r,o),n=D(t,s);await u("SUCCESS",n)}catch(s){let n={...t,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(t.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(t)}`)),await u("FAILED",n)}}}function D(e,t={}){let o=t.PhysicalResourceId??e.PhysicalResourceId??e.RequestId;if(e.RequestType==="Delete"&&o!==e.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${e.PhysicalResourceId}" to "${t.PhysicalResourceId}" during deletion`);return{...e,...t,PhysicalResourceId:o}}async function u(e,t){let o={Status:e,Reason:t.Reason??e,StackId:t.StackId,RequestId:t.RequestId,PhysicalResourceId:t.PhysicalResourceId||k,LogicalResourceId:t.LogicalResourceId,NoEcho:t.NoEcho,Data:t.Data},r=m.parse(t.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),f={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await b({attempts:5,sleep:1e3},a.sendHttpRequest)(f,n)}async function T(e,t){return new Promise((o,r)=>{try{let s=y.request(e,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(t),s.end()}catch(s){r(s)}})}function O(e,...t){console.log(e,...t)}function b(e,t){return async(...o)=>{let r=e.attempts,s=e.sleep;for(;;)try{return await t(...o)}catch(n){if(r--<=0)throw n;await x(Math.floor(Math.random()*s)),s*=2}}}async function x(e){return new Promise(t=>setTimeout(t,e))}var g="aws-cdk:auto-delete-objects",H=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),F=R(S);async function S(e){switch(e.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await _(e)).PhysicalResourceId};case"Delete":return W(e.ResourceProperties?.BucketName)}}async function _(e){let t=e,o=t.OldResourceProperties?.BucketName;return{PhysicalResourceId:t.ResourceProperties?.BucketName??o}}async function U(e){try{let t=(await c.getBucketPolicy({Bucket:e}))?.Policy??H,o=JSON.parse(t);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${e}/*`]}),await c.putBucketPolicy({Bucket:e,Policy:JSON.stringify(o)})}catch(t){if(t.name==="NoSuchBucket")throw t;console.log(`Could not set new object deny policy on bucket '${e}' prior to deletion.`)}}async function E(e){let t=await c.listObjectVersions({Bucket:e}),o=[...t.Versions??[],...t.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:e,Delete:{Objects:r}}),t?.IsTruncated&&await E(e)}async function W(e){if(!e)throw new Error("No BucketName was provided.");try{if(!await N(e)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await U(e),await E(e)}catch(t){if(t.name==="NoSuchBucket"){console.log(`Bucket '${e}' does not exist.`);return}throw t}}async function N(e){return(await c.getBucketTagging({Bucket:e})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1,6 +1,19 @@
1
1
  {
2
2
  "version": "36.0.0",
3
3
  "files": {
4
+ "2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4": {
5
+ "source": {
6
+ "path": "asset.2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4",
7
+ "packaging": "zip"
8
+ },
9
+ "destinations": {
10
+ "current_account-current_region": {
11
+ "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12
+ "objectKey": "2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4.zip",
13
+ "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
14
+ }
15
+ }
16
+ },
4
17
  "4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f": {
5
18
  "source": {
6
19
  "path": "asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f",
@@ -27,7 +40,7 @@
27
40
  }
28
41
  }
29
42
  },
30
- "dc4873c297a66110326bbfedd2e906df9b9ff73790162fd4f09a490c0d6d0acc": {
43
+ "b5c890659cc73595bbd8f3fc00358dcdf0310920c7ad6c01e3f7aa3984921deb": {
31
44
  "source": {
32
45
  "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json",
33
46
  "packaging": "file"
@@ -35,7 +48,7 @@
35
48
  "destinations": {
36
49
  "current_account-current_region": {
37
50
  "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
38
- "objectKey": "dc4873c297a66110326bbfedd2e906df9b9ff73790162fd4f09a490c0d6d0acc.json",
51
+ "objectKey": "b5c890659cc73595bbd8f3fc00358dcdf0310920c7ad6c01e3f7aa3984921deb.json",
39
52
  "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
40
53
  }
41
54
  }
@@ -55,12 +55,18 @@
55
55
  "IgnorePublicAcls": true,
56
56
  "RestrictPublicBuckets": true
57
57
  },
58
+ "Tags": [
59
+ {
60
+ "Key": "aws-cdk:auto-delete-objects",
61
+ "Value": "true"
62
+ }
63
+ ],
58
64
  "VersioningConfiguration": {
59
65
  "Status": "Enabled"
60
66
  }
61
67
  },
62
- "UpdateReplacePolicy": "Retain",
63
- "DeletionPolicy": "Retain",
68
+ "UpdateReplacePolicy": "Delete",
69
+ "DeletionPolicy": "Delete",
64
70
  "Metadata": {
65
71
  "cfn_nag": {
66
72
  "rules_to_suppress": [
@@ -114,6 +120,45 @@
114
120
  }
115
121
  ]
116
122
  },
123
+ {
124
+ "Action": [
125
+ "s3:DeleteObject*",
126
+ "s3:GetBucket*",
127
+ "s3:List*",
128
+ "s3:PutBucketPolicy"
129
+ ],
130
+ "Effect": "Allow",
131
+ "Principal": {
132
+ "AWS": {
133
+ "Fn::GetAtt": [
134
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
135
+ "Arn"
136
+ ]
137
+ }
138
+ },
139
+ "Resource": [
140
+ {
141
+ "Fn::GetAtt": [
142
+ "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B",
143
+ "Arn"
144
+ ]
145
+ },
146
+ {
147
+ "Fn::Join": [
148
+ "",
149
+ [
150
+ {
151
+ "Fn::GetAtt": [
152
+ "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B",
153
+ "Arn"
154
+ ]
155
+ },
156
+ "/*"
157
+ ]
158
+ ]
159
+ }
160
+ ]
161
+ },
117
162
  {
118
163
  "Action": "s3:PutObject",
119
164
  "Condition": {
@@ -155,6 +200,101 @@
155
200
  }
156
201
  }
157
202
  },
203
+ "existings3bucketencryptedwithcmkS3LoggingBucketAutoDeleteObjectsCustomResource2638E7B9": {
204
+ "Type": "Custom::S3AutoDeleteObjects",
205
+ "Properties": {
206
+ "ServiceToken": {
207
+ "Fn::GetAtt": [
208
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
209
+ "Arn"
210
+ ]
211
+ },
212
+ "BucketName": {
213
+ "Ref": "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"
214
+ }
215
+ },
216
+ "DependsOn": [
217
+ "existings3bucketencryptedwithcmkS3LoggingBucketPolicy4A3AC1CB"
218
+ ],
219
+ "UpdateReplacePolicy": "Delete",
220
+ "DeletionPolicy": "Delete"
221
+ },
222
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
223
+ "Type": "AWS::IAM::Role",
224
+ "Properties": {
225
+ "AssumeRolePolicyDocument": {
226
+ "Version": "2012-10-17",
227
+ "Statement": [
228
+ {
229
+ "Action": "sts:AssumeRole",
230
+ "Effect": "Allow",
231
+ "Principal": {
232
+ "Service": "lambda.amazonaws.com"
233
+ }
234
+ }
235
+ ]
236
+ },
237
+ "ManagedPolicyArns": [
238
+ {
239
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
240
+ }
241
+ ]
242
+ }
243
+ },
244
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
245
+ "Type": "AWS::Lambda::Function",
246
+ "Properties": {
247
+ "Code": {
248
+ "S3Bucket": {
249
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
250
+ },
251
+ "S3Key": "2eb6a831b107939f63cfebf68e6316e1a40f79fc99cae0fee9b333bac8d29bc4.zip"
252
+ },
253
+ "Timeout": 900,
254
+ "MemorySize": 128,
255
+ "Handler": "index.handler",
256
+ "Role": {
257
+ "Fn::GetAtt": [
258
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
259
+ "Arn"
260
+ ]
261
+ },
262
+ "Runtime": "nodejs18.x",
263
+ "Description": {
264
+ "Fn::Join": [
265
+ "",
266
+ [
267
+ "Lambda function for auto-deleting objects in ",
268
+ {
269
+ "Ref": "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"
270
+ },
271
+ " S3 bucket."
272
+ ]
273
+ ]
274
+ }
275
+ },
276
+ "DependsOn": [
277
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
278
+ ],
279
+ "Metadata": {
280
+ "cfn_nag": {
281
+ "rules_to_suppress": [
282
+ {
283
+ "id": "W58",
284
+ "reason": "CDK generated custom resource"
285
+ },
286
+ {
287
+ "id": "W89",
288
+ "reason": "CDK generated custom resource"
289
+ },
290
+ {
291
+ "id": "W92",
292
+ "reason": "CDK generated custom resource"
293
+ }
294
+ ]
295
+ }
296
+ }
297
+ },
158
298
  "existings3bucketencryptedwithcmkS3BucketCC461491": {
159
299
  "Type": "AWS::S3::Bucket",
160
300
  "Properties": {
@@ -197,12 +337,18 @@
197
337
  "IgnorePublicAcls": true,
198
338
  "RestrictPublicBuckets": true
199
339
  },
340
+ "Tags": [
341
+ {
342
+ "Key": "aws-cdk:auto-delete-objects",
343
+ "Value": "true"
344
+ }
345
+ ],
200
346
  "VersioningConfiguration": {
201
347
  "Status": "Enabled"
202
348
  }
203
349
  },
204
- "UpdateReplacePolicy": "Retain",
205
- "DeletionPolicy": "Retain"
350
+ "UpdateReplacePolicy": "Delete",
351
+ "DeletionPolicy": "Delete"
206
352
  },
207
353
  "existings3bucketencryptedwithcmkS3BucketPolicyA1A37425": {
208
354
  "Type": "AWS::S3::BucketPolicy",
@@ -246,6 +392,45 @@
246
392
  }
247
393
  ]
248
394
  },
395
+ {
396
+ "Action": [
397
+ "s3:DeleteObject*",
398
+ "s3:GetBucket*",
399
+ "s3:List*",
400
+ "s3:PutBucketPolicy"
401
+ ],
402
+ "Effect": "Allow",
403
+ "Principal": {
404
+ "AWS": {
405
+ "Fn::GetAtt": [
406
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
407
+ "Arn"
408
+ ]
409
+ }
410
+ },
411
+ "Resource": [
412
+ {
413
+ "Fn::GetAtt": [
414
+ "existings3bucketencryptedwithcmkS3BucketCC461491",
415
+ "Arn"
416
+ ]
417
+ },
418
+ {
419
+ "Fn::Join": [
420
+ "",
421
+ [
422
+ {
423
+ "Fn::GetAtt": [
424
+ "existings3bucketencryptedwithcmkS3BucketCC461491",
425
+ "Arn"
426
+ ]
427
+ },
428
+ "/*"
429
+ ]
430
+ ]
431
+ }
432
+ ]
433
+ },
249
434
  {
250
435
  "Action": "s3:GetObject",
251
436
  "Condition": {
@@ -301,6 +486,25 @@
301
486
  }
302
487
  }
303
488
  },
489
+ "existings3bucketencryptedwithcmkS3BucketAutoDeleteObjectsCustomResource22D65ADB": {
490
+ "Type": "Custom::S3AutoDeleteObjects",
491
+ "Properties": {
492
+ "ServiceToken": {
493
+ "Fn::GetAtt": [
494
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
495
+ "Arn"
496
+ ]
497
+ },
498
+ "BucketName": {
499
+ "Ref": "existings3bucketencryptedwithcmkS3BucketCC461491"
500
+ }
501
+ },
502
+ "DependsOn": [
503
+ "existings3bucketencryptedwithcmkS3BucketPolicyA1A37425"
504
+ ],
505
+ "UpdateReplacePolicy": "Delete",
506
+ "DeletionPolicy": "Delete"
507
+ },
304
508
  "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C": {
305
509
  "Type": "AWS::S3::Bucket",
306
510
  "Properties": {
@@ -313,25 +517,24 @@
313
517
  }
314
518
  ]
315
519
  },
316
- "OwnershipControls": {
317
- "Rules": [
318
- {
319
- "ObjectOwnership": "ObjectWriter"
320
- }
321
- ]
322
- },
323
520
  "PublicAccessBlockConfiguration": {
324
521
  "BlockPublicAcls": true,
325
522
  "BlockPublicPolicy": true,
326
523
  "IgnorePublicAcls": true,
327
524
  "RestrictPublicBuckets": true
328
525
  },
526
+ "Tags": [
527
+ {
528
+ "Key": "aws-cdk:auto-delete-objects",
529
+ "Value": "true"
530
+ }
531
+ ],
329
532
  "VersioningConfiguration": {
330
533
  "Status": "Enabled"
331
534
  }
332
535
  },
333
- "UpdateReplacePolicy": "Retain",
334
- "DeletionPolicy": "Retain",
536
+ "UpdateReplacePolicy": "Delete",
537
+ "DeletionPolicy": "Delete",
335
538
  "Metadata": {
336
539
  "cfn_nag": {
337
540
  "rules_to_suppress": [
@@ -385,6 +588,45 @@
385
588
  }
386
589
  ]
387
590
  },
591
+ {
592
+ "Action": [
593
+ "s3:DeleteObject*",
594
+ "s3:GetBucket*",
595
+ "s3:List*",
596
+ "s3:PutBucketPolicy"
597
+ ],
598
+ "Effect": "Allow",
599
+ "Principal": {
600
+ "AWS": {
601
+ "Fn::GetAtt": [
602
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
603
+ "Arn"
604
+ ]
605
+ }
606
+ },
607
+ "Resource": [
608
+ {
609
+ "Fn::GetAtt": [
610
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
611
+ "Arn"
612
+ ]
613
+ },
614
+ {
615
+ "Fn::Join": [
616
+ "",
617
+ [
618
+ {
619
+ "Fn::GetAtt": [
620
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
621
+ "Arn"
622
+ ]
623
+ },
624
+ "/*"
625
+ ]
626
+ ]
627
+ }
628
+ ]
629
+ },
388
630
  {
389
631
  "Action": "s3:PutObject",
390
632
  "Condition": {
@@ -426,6 +668,25 @@
426
668
  }
427
669
  }
428
670
  },
671
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource4FF8A4C5": {
672
+ "Type": "Custom::S3AutoDeleteObjects",
673
+ "Properties": {
674
+ "ServiceToken": {
675
+ "Fn::GetAtt": [
676
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
677
+ "Arn"
678
+ ]
679
+ },
680
+ "BucketName": {
681
+ "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"
682
+ }
683
+ },
684
+ "DependsOn": [
685
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLogPolicy8F931BD7"
686
+ ],
687
+ "UpdateReplacePolicy": "Delete",
688
+ "DeletionPolicy": "Delete"
689
+ },
429
690
  "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD": {
430
691
  "Type": "AWS::S3::Bucket",
431
692
  "Properties": {
@@ -457,12 +718,18 @@
457
718
  "IgnorePublicAcls": true,
458
719
  "RestrictPublicBuckets": true
459
720
  },
721
+ "Tags": [
722
+ {
723
+ "Key": "aws-cdk:auto-delete-objects",
724
+ "Value": "true"
725
+ }
726
+ ],
460
727
  "VersioningConfiguration": {
461
728
  "Status": "Enabled"
462
729
  }
463
730
  },
464
- "UpdateReplacePolicy": "Retain",
465
- "DeletionPolicy": "Retain"
731
+ "UpdateReplacePolicy": "Delete",
732
+ "DeletionPolicy": "Delete"
466
733
  },
467
734
  "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketPolicy5E737735": {
468
735
  "Type": "AWS::S3::BucketPolicy",
@@ -505,12 +772,70 @@
505
772
  ]
506
773
  }
507
774
  ]
775
+ },
776
+ {
777
+ "Action": [
778
+ "s3:DeleteObject*",
779
+ "s3:GetBucket*",
780
+ "s3:List*",
781
+ "s3:PutBucketPolicy"
782
+ ],
783
+ "Effect": "Allow",
784
+ "Principal": {
785
+ "AWS": {
786
+ "Fn::GetAtt": [
787
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
788
+ "Arn"
789
+ ]
790
+ }
791
+ },
792
+ "Resource": [
793
+ {
794
+ "Fn::GetAtt": [
795
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
796
+ "Arn"
797
+ ]
798
+ },
799
+ {
800
+ "Fn::Join": [
801
+ "",
802
+ [
803
+ {
804
+ "Fn::GetAtt": [
805
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
806
+ "Arn"
807
+ ]
808
+ },
809
+ "/*"
810
+ ]
811
+ ]
812
+ }
813
+ ]
508
814
  }
509
815
  ],
510
816
  "Version": "2012-10-17"
511
817
  }
512
818
  }
513
819
  },
820
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAutoDeleteObjectsCustomResourceB088BCC7": {
821
+ "Type": "Custom::S3AutoDeleteObjects",
822
+ "Properties": {
823
+ "ServiceToken": {
824
+ "Fn::GetAtt": [
825
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
826
+ "Arn"
827
+ ]
828
+ },
829
+ "BucketName": {
830
+ "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"
831
+ }
832
+ },
833
+ "DependsOn": [
834
+ "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketPolicy5E737735"
835
+ ],
836
+ "UpdateReplacePolicy": "Delete",
837
+ "DeletionPolicy": "Delete"
838
+ },
514
839
  "testcloudfronts3cmkencryptionkeyCloudFrontOac4EFECBD9": {
515
840
  "Type": "AWS::CloudFront::OriginAccessControl",
516
841
  "Properties": {