@aws-solutions-constructs/aws-cloudfront-s3 2.62.0 → 2.64.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. package/.jsii +20 -7
  2. package/lib/index.js +2 -2
  3. package/package.json +8 -8
  4. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +4 -4
  5. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.js +129 -0
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +5 -5
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +16 -1
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +1 -1
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +70 -70
  10. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +4 -4
  11. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +2 -2
  12. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +15 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +1 -1
  14. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +42 -42
  15. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +3 -3
  16. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.js +129 -0
  17. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +5 -5
  18. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +16 -1
  19. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +1 -1
  20. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +68 -68
  21. package/test/integ.cfts3-custom-headers.js +3 -3
  22. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +2 -2
  23. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +15 -0
  24. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +1 -1
  25. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +46 -46
  26. package/test/integ.cfts3-custom-originPath.js +3 -3
  27. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +2 -2
  28. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +15 -0
  29. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +1 -1
  30. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +44 -44
  31. package/test/integ.cfts3-customLoggingBuckets.js +3 -3
  32. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +2 -2
  33. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +15 -0
  34. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +1 -1
  35. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +44 -44
  36. package/test/integ.cfts3-existing-bucket.js +2 -2
  37. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +2 -2
  38. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +15 -0
  39. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +1 -1
  40. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +48 -48
  41. package/test/integ.cfts3-no-arguments.js +2 -2
  42. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +2 -2
  43. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +15 -0
  44. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +1 -1
  45. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +44 -44
  46. package/test/integ.cfts3-no-logging.js +2 -2
  47. package/test/integ.cfts3-no-logging.js.snapshot/cfts3-no-logging.assets.json +2 -2
  48. package/test/integ.cfts3-no-logging.js.snapshot/cfts3-no-logging.template.json +15 -0
  49. package/test/integ.cfts3-no-logging.js.snapshot/manifest.json +1 -1
  50. package/test/integ.cfts3-no-logging.js.snapshot/tree.json +26 -26
  51. package/test/integ.cfts3-no-security-headers.js +3 -3
  52. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +2 -2
  53. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +15 -0
  54. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +1 -1
  55. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +42 -42
  56. package/test/test.cloudfront-s3.test.js +3 -3
  57. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +0 -127
  58. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f/index.js +0 -127
  59. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f → asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e}/index.d.ts +0 -0
  60. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f → asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e}/index.d.ts +0 -0
@@ -66,7 +66,7 @@
66
66
  "validateOnSynth": false,
67
67
  "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
68
68
  "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
69
- "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/142c8f3e9da90bc74ce4f76f2affb74d2bb563e50c14705080422f8d4ff5a5f8.json",
69
+ "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/610a9f96763e71a36144d02b6a282132461f958137d7f830085f89b26e0fca93.json",
70
70
  "requiresBootstrapStackVersion": 6,
71
71
  "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
72
72
  "additionalDependencies": [
@@ -46,7 +46,7 @@
46
46
  },
47
47
  "constructInfo": {
48
48
  "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
49
- "version": "2.147.3"
49
+ "version": "2.149.0"
50
50
  }
51
51
  },
52
52
  "Policy": {
@@ -180,13 +180,13 @@
180
180
  },
181
181
  "constructInfo": {
182
182
  "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
183
- "version": "2.147.3"
183
+ "version": "2.149.0"
184
184
  }
185
185
  }
186
186
  },
187
187
  "constructInfo": {
188
188
  "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
189
- "version": "2.147.3"
189
+ "version": "2.149.0"
190
190
  }
191
191
  },
192
192
  "AutoDeleteObjectsCustomResource": {
@@ -198,19 +198,19 @@
198
198
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/existing-s3-bucket-encrypted-with-s3-managed-keyS3LoggingBucket/AutoDeleteObjectsCustomResource/Default",
199
199
  "constructInfo": {
200
200
  "fqn": "aws-cdk-lib.CfnResource",
201
- "version": "2.147.3"
201
+ "version": "2.149.0"
202
202
  }
203
203
  }
204
204
  },
205
205
  "constructInfo": {
206
206
  "fqn": "aws-cdk-lib.CustomResource",
207
- "version": "2.147.3"
207
+ "version": "2.149.0"
208
208
  }
209
209
  }
210
210
  },
211
211
  "constructInfo": {
212
212
  "fqn": "aws-cdk-lib.aws_s3.Bucket",
213
- "version": "2.147.3"
213
+ "version": "2.149.0"
214
214
  }
215
215
  },
216
216
  "LatestNodeRuntimeMap": {
@@ -218,7 +218,7 @@
218
218
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/LatestNodeRuntimeMap",
219
219
  "constructInfo": {
220
220
  "fqn": "aws-cdk-lib.CfnMapping",
221
- "version": "2.147.3"
221
+ "version": "2.149.0"
222
222
  }
223
223
  },
224
224
  "Custom::S3AutoDeleteObjectsCustomResourceProvider": {
@@ -230,7 +230,7 @@
230
230
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging",
231
231
  "constructInfo": {
232
232
  "fqn": "aws-cdk-lib.AssetStaging",
233
- "version": "2.147.3"
233
+ "version": "2.149.0"
234
234
  }
235
235
  },
236
236
  "Role": {
@@ -238,7 +238,7 @@
238
238
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role",
239
239
  "constructInfo": {
240
240
  "fqn": "aws-cdk-lib.CfnResource",
241
- "version": "2.147.3"
241
+ "version": "2.149.0"
242
242
  }
243
243
  },
244
244
  "Handler": {
@@ -246,13 +246,13 @@
246
246
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler",
247
247
  "constructInfo": {
248
248
  "fqn": "aws-cdk-lib.CfnResource",
249
- "version": "2.147.3"
249
+ "version": "2.149.0"
250
250
  }
251
251
  }
252
252
  },
253
253
  "constructInfo": {
254
254
  "fqn": "aws-cdk-lib.CustomResourceProviderBase",
255
- "version": "2.147.3"
255
+ "version": "2.149.0"
256
256
  }
257
257
  },
258
258
  "existing-s3-bucket-encrypted-with-s3-managed-keyS3Bucket": {
@@ -311,7 +311,7 @@
311
311
  },
312
312
  "constructInfo": {
313
313
  "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
314
- "version": "2.147.3"
314
+ "version": "2.149.0"
315
315
  }
316
316
  },
317
317
  "Policy": {
@@ -449,13 +449,13 @@
449
449
  },
450
450
  "constructInfo": {
451
451
  "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
452
- "version": "2.147.3"
452
+ "version": "2.149.0"
453
453
  }
454
454
  }
455
455
  },
456
456
  "constructInfo": {
457
457
  "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
458
- "version": "2.147.3"
458
+ "version": "2.149.0"
459
459
  }
460
460
  },
461
461
  "AutoDeleteObjectsCustomResource": {
@@ -467,19 +467,19 @@
467
467
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/existing-s3-bucket-encrypted-with-s3-managed-keyS3Bucket/AutoDeleteObjectsCustomResource/Default",
468
468
  "constructInfo": {
469
469
  "fqn": "aws-cdk-lib.CfnResource",
470
- "version": "2.147.3"
470
+ "version": "2.149.0"
471
471
  }
472
472
  }
473
473
  },
474
474
  "constructInfo": {
475
475
  "fqn": "aws-cdk-lib.CustomResource",
476
- "version": "2.147.3"
476
+ "version": "2.149.0"
477
477
  }
478
478
  }
479
479
  },
480
480
  "constructInfo": {
481
481
  "fqn": "aws-cdk-lib.aws_s3.Bucket",
482
- "version": "2.147.3"
482
+ "version": "2.149.0"
483
483
  }
484
484
  },
485
485
  "test-cloudfront-s3-managed-key": {
@@ -524,7 +524,7 @@
524
524
  },
525
525
  "constructInfo": {
526
526
  "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
527
- "version": "2.147.3"
527
+ "version": "2.149.0"
528
528
  }
529
529
  },
530
530
  "Policy": {
@@ -658,13 +658,13 @@
658
658
  },
659
659
  "constructInfo": {
660
660
  "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
661
- "version": "2.147.3"
661
+ "version": "2.149.0"
662
662
  }
663
663
  }
664
664
  },
665
665
  "constructInfo": {
666
666
  "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
667
- "version": "2.147.3"
667
+ "version": "2.149.0"
668
668
  }
669
669
  },
670
670
  "AutoDeleteObjectsCustomResource": {
@@ -676,19 +676,19 @@
676
676
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/test-cloudfront-s3-managed-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default",
677
677
  "constructInfo": {
678
678
  "fqn": "aws-cdk-lib.CfnResource",
679
- "version": "2.147.3"
679
+ "version": "2.149.0"
680
680
  }
681
681
  }
682
682
  },
683
683
  "constructInfo": {
684
684
  "fqn": "aws-cdk-lib.CustomResource",
685
- "version": "2.147.3"
685
+ "version": "2.149.0"
686
686
  }
687
687
  }
688
688
  },
689
689
  "constructInfo": {
690
690
  "fqn": "aws-cdk-lib.aws_s3.Bucket",
691
- "version": "2.147.3"
691
+ "version": "2.149.0"
692
692
  }
693
693
  },
694
694
  "CloudfrontLoggingBucket": {
@@ -741,7 +741,7 @@
741
741
  },
742
742
  "constructInfo": {
743
743
  "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
744
- "version": "2.147.3"
744
+ "version": "2.149.0"
745
745
  }
746
746
  },
747
747
  "Policy": {
@@ -839,13 +839,13 @@
839
839
  },
840
840
  "constructInfo": {
841
841
  "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
842
- "version": "2.147.3"
842
+ "version": "2.149.0"
843
843
  }
844
844
  }
845
845
  },
846
846
  "constructInfo": {
847
847
  "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
848
- "version": "2.147.3"
848
+ "version": "2.149.0"
849
849
  }
850
850
  },
851
851
  "AutoDeleteObjectsCustomResource": {
@@ -857,19 +857,19 @@
857
857
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/test-cloudfront-s3-managed-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default",
858
858
  "constructInfo": {
859
859
  "fqn": "aws-cdk-lib.CfnResource",
860
- "version": "2.147.3"
860
+ "version": "2.149.0"
861
861
  }
862
862
  }
863
863
  },
864
864
  "constructInfo": {
865
865
  "fqn": "aws-cdk-lib.CustomResource",
866
- "version": "2.147.3"
866
+ "version": "2.149.0"
867
867
  }
868
868
  }
869
869
  },
870
870
  "constructInfo": {
871
871
  "fqn": "aws-cdk-lib.aws_s3.Bucket",
872
- "version": "2.147.3"
872
+ "version": "2.149.0"
873
873
  }
874
874
  },
875
875
  "CloudFrontOac": {
@@ -909,7 +909,7 @@
909
909
  },
910
910
  "constructInfo": {
911
911
  "fqn": "aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl",
912
- "version": "2.147.3"
912
+ "version": "2.149.0"
913
913
  }
914
914
  },
915
915
  "CloudFrontDistribution": {
@@ -969,19 +969,19 @@
969
969
  },
970
970
  "constructInfo": {
971
971
  "fqn": "aws-cdk-lib.aws_cloudfront.CfnDistribution",
972
- "version": "2.147.3"
972
+ "version": "2.149.0"
973
973
  }
974
974
  }
975
975
  },
976
976
  "constructInfo": {
977
977
  "fqn": "aws-cdk-lib.aws_cloudfront.Distribution",
978
- "version": "2.147.3"
978
+ "version": "2.149.0"
979
979
  }
980
980
  }
981
981
  },
982
982
  "constructInfo": {
983
983
  "fqn": "@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3",
984
- "version": "2.60.0"
984
+ "version": "2.62.0"
985
985
  }
986
986
  },
987
987
  "Integ": {
@@ -1009,7 +1009,7 @@
1009
1009
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/BootstrapVersion",
1010
1010
  "constructInfo": {
1011
1011
  "fqn": "aws-cdk-lib.CfnParameter",
1012
- "version": "2.147.3"
1012
+ "version": "2.149.0"
1013
1013
  }
1014
1014
  },
1015
1015
  "CheckBootstrapVersion": {
@@ -1017,25 +1017,25 @@
1017
1017
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion",
1018
1018
  "constructInfo": {
1019
1019
  "fqn": "aws-cdk-lib.CfnRule",
1020
- "version": "2.147.3"
1020
+ "version": "2.149.0"
1021
1021
  }
1022
1022
  }
1023
1023
  },
1024
1024
  "constructInfo": {
1025
1025
  "fqn": "aws-cdk-lib.Stack",
1026
- "version": "2.147.3"
1026
+ "version": "2.149.0"
1027
1027
  }
1028
1028
  }
1029
1029
  },
1030
1030
  "constructInfo": {
1031
1031
  "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase",
1032
- "version": "2.147.3-alpha.0"
1032
+ "version": "2.149.0-alpha.0"
1033
1033
  }
1034
1034
  }
1035
1035
  },
1036
1036
  "constructInfo": {
1037
1037
  "fqn": "@aws-cdk/integ-tests-alpha.IntegTest",
1038
- "version": "2.147.3-alpha.0"
1038
+ "version": "2.149.0-alpha.0"
1039
1039
  }
1040
1040
  },
1041
1041
  "BootstrapVersion": {
@@ -1043,7 +1043,7 @@
1043
1043
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/BootstrapVersion",
1044
1044
  "constructInfo": {
1045
1045
  "fqn": "aws-cdk-lib.CfnParameter",
1046
- "version": "2.147.3"
1046
+ "version": "2.149.0"
1047
1047
  }
1048
1048
  },
1049
1049
  "CheckBootstrapVersion": {
@@ -1051,13 +1051,13 @@
1051
1051
  "path": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/CheckBootstrapVersion",
1052
1052
  "constructInfo": {
1053
1053
  "fqn": "aws-cdk-lib.CfnRule",
1054
- "version": "2.147.3"
1054
+ "version": "2.149.0"
1055
1055
  }
1056
1056
  }
1057
1057
  },
1058
1058
  "constructInfo": {
1059
1059
  "fqn": "aws-cdk-lib.Stack",
1060
- "version": "2.147.3"
1060
+ "version": "2.149.0"
1061
1061
  }
1062
1062
  },
1063
1063
  "Tree": {
@@ -1071,7 +1071,7 @@
1071
1071
  },
1072
1072
  "constructInfo": {
1073
1073
  "fqn": "aws-cdk-lib.App",
1074
- "version": "2.147.3"
1074
+ "version": "2.149.0"
1075
1075
  }
1076
1076
  }
1077
1077
  }
@@ -20,7 +20,7 @@ const aws_s3_1 = require("aws-cdk-lib/aws-s3");
20
20
  const integ_tests_alpha_1 = require("@aws-cdk/integ-tests-alpha");
21
21
  // Setup
22
22
  const app = new aws_cdk_lib_1.App();
23
- const stack = new aws_cdk_lib_1.Stack(app, core_1.generateIntegStackName(__filename));
23
+ const stack = new aws_cdk_lib_1.Stack(app, (0, core_1.generateIntegStackName)(__filename));
24
24
  stack.templateOptions.description = 'Integration Test for aws-cloudfront-s3';
25
25
  // Definitions
26
26
  const encryptionKey = new aws_cdk_lib_1.aws_kms.Key(stack, 'cmkKey', {
@@ -48,9 +48,9 @@ const props = {
48
48
  insertHttpSecurityHeaders: false
49
49
  };
50
50
  new lib_1.CloudFrontToS3(stack, 'test-cloudfront-s3-cmk-encryption-key', props);
51
- core_1.suppressCustomHandlerCfnNagWarnings(stack, 'Custom::S3AutoDeleteObjectsCustomResourceProvider');
51
+ (0, core_1.suppressCustomHandlerCfnNagWarnings)(stack, 'Custom::S3AutoDeleteObjectsCustomResourceProvider');
52
52
  // Synth
53
53
  new integ_tests_alpha_1.IntegTest(stack, 'Integ', { testCases: [
54
54
  stack
55
55
  ] });
56
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0czMtY21rLXByb3ZpZGVkLWFzLWJ1Y2tldC1wcm9wLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiaW50ZWcuY2Z0czMtY21rLXByb3ZpZGVkLWFzLWJ1Y2tldC1wcm9wLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7R0FXRzs7QUFFSCxVQUFVO0FBQ1YsNkNBQWlFO0FBQ2pFLGdDQUE2RDtBQUM3RCx5REFBNkc7QUFDN0csK0NBQXNEO0FBQ3RELGtFQUF1RDtBQUV2RCxRQUFRO0FBQ1IsTUFBTSxHQUFHLEdBQUcsSUFBSSxpQkFBRyxFQUFFLENBQUM7QUFDdEIsTUFBTSxLQUFLLEdBQUcsSUFBSSxtQkFBSyxDQUFDLEdBQUcsRUFBRSw2QkFBc0IsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0FBQ2pFLEtBQUssQ0FBQyxlQUFlLENBQUMsV0FBVyxHQUFHLHdDQUF3QyxDQUFDO0FBRTdFLGNBQWM7QUFDZCxNQUFNLGFBQWEsR0FBRyxJQUFJLHFCQUFPLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxRQUFRLEVBQUU7SUFDckQsaUJBQWlCLEVBQUUsSUFBSTtJQUN2QixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO0NBQ3JDLENBQUMsQ0FBQztBQUVILE1BQU0sS0FBSyxHQUF3QjtJQUNqQyxXQUFXLEVBQUU7UUFDWCxVQUFVLEVBQUUsSUFBSTtRQUNoQixVQUFVLEVBQUUseUJBQWdCLENBQUMsR0FBRztRQUNoQyxhQUFhO0tBQ2Q7SUFDRCw0QkFBNEIsRUFBRTtRQUM1QixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCxrQkFBa0IsRUFBRTtRQUNsQixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCwyQ0FBMkMsRUFBRTtRQUMzQyxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCx5QkFBeUIsRUFBRSxLQUFLO0NBQ2pDLENBQUM7QUFFRixJQUFJLG9CQUFjLENBQUMsS0FBSyxFQUFFLHVDQUF1QyxFQUFFLEtBQUssQ0FBQyxDQUFDO0FBRTFFLDBDQUFtQyxDQUFDLEtBQUssRUFBRSxtREFBbUQsQ0FBQyxDQUFDO0FBRWhHLFFBQVE7QUFDUixJQUFJLDZCQUFTLENBQUMsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFLFNBQVMsRUFBRTtRQUN6QyxLQUFLO0tBQ04sRUFBRSxDQUFDLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqICBDb3B5cmlnaHQgQW1hem9uLmNvbSwgSW5jLiBvciBpdHMgYWZmaWxpYXRlcy4gQWxsIFJpZ2h0cyBSZXNlcnZlZC5cbiAqXG4gKiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uIDIuMCAodGhlIFwiTGljZW5zZVwiKS4gWW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZVxuICogIHdpdGggdGhlIExpY2Vuc2UuIEEgY29weSBvZiB0aGUgTGljZW5zZSBpcyBsb2NhdGVkIGF0XG4gKlxuICogICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjBcbiAqXG4gKiAgb3IgaW4gdGhlICdsaWNlbnNlJyBmaWxlIGFjY29tcGFueWluZyB0aGlzIGZpbGUuIFRoaXMgZmlsZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAnQVMgSVMnIEJBU0lTLCBXSVRIT1VUIFdBUlJBTlRJRVNcbiAqICBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBleHByZXNzIG9yIGltcGxpZWQuIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9uc1xuICogIGFuZCBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS5cbiAqL1xuXG4vLyBJbXBvcnRzXG5pbXBvcnQgeyBBcHAsIFN0YWNrLCBSZW1vdmFsUG9saWN5LCBhd3Nfa21zIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBDbG91ZEZyb250VG9TMywgQ2xvdWRGcm9udFRvUzNQcm9wcyB9IGZyb20gXCIuLi9saWJcIjtcbmltcG9ydCB7IGdlbmVyYXRlSW50ZWdTdGFja05hbWUsIHN1cHByZXNzQ3VzdG9tSGFuZGxlckNmbk5hZ1dhcm5pbmdzIH0gZnJvbSAnQGF3cy1zb2x1dGlvbnMtY29uc3RydWN0cy9jb3JlJztcbmltcG9ydCB7IEJ1Y2tldEVuY3J5cHRpb24gfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXMzXCI7XG5pbXBvcnQgeyBJbnRlZ1Rlc3QgfSBmcm9tICdAYXdzLWNkay9pbnRlZy10ZXN0cy1hbHBoYSc7XG5cbi8vIFNldHVwXG5jb25zdCBhcHAgPSBuZXcgQXBwKCk7XG5jb25zdCBzdGFjayA9IG5ldyBTdGFjayhhcHAsIGdlbmVyYXRlSW50ZWdTdGFja05hbWUoX19maWxlbmFtZSkpO1xuc3RhY2sudGVtcGxhdGVPcHRpb25zLmRlc2NyaXB0aW9uID0gJ0ludGVncmF0aW9uIFRlc3QgZm9yIGF3cy1jbG91ZGZyb250LXMzJztcblxuLy8gRGVmaW5pdGlvbnNcbmNvbnN0IGVuY3J5cHRpb25LZXkgPSBuZXcgYXdzX2ttcy5LZXkoc3RhY2ssICdjbWtLZXknLCB7XG4gIGVuYWJsZUtleVJvdGF0aW9uOiB0cnVlLFxuICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1lcbn0pO1xuXG5jb25zdCBwcm9wczogQ2xvdWRGcm9udFRvUzNQcm9wcyA9IHtcbiAgYnVja2V0UHJvcHM6IHtcbiAgICBlbmZvcmNlU1NMOiB0cnVlLFxuICAgIGVuY3J5cHRpb246IEJ1Y2tldEVuY3J5cHRpb24uS01TLFxuICAgIGVuY3J5cHRpb25LZXlcbiAgfSxcbiAgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRQcm9wczoge1xuICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICBhdXRvRGVsZXRlT2JqZWN0czogdHJ1ZVxuICB9LFxuICBsb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXRQcm9wczoge1xuICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICBhdXRvRGVsZXRlT2JqZWN0czogdHJ1ZVxuICB9LFxuICBpbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzOiBmYWxzZVxufTtcblxubmV3IENsb3VkRnJvbnRUb1MzKHN0YWNrLCAndGVzdC1jbG91ZGZyb250LXMzLWNtay1lbmNyeXB0aW9uLWtleScsIHByb3BzKTtcblxuc3VwcHJlc3NDdXN0b21IYW5kbGVyQ2ZuTmFnV2FybmluZ3Moc3RhY2ssICdDdXN0b206OlMzQXV0b0RlbGV0ZU9iamVjdHNDdXN0b21SZXNvdXJjZVByb3ZpZGVyJyk7XG5cbi8vIFN5bnRoXG5uZXcgSW50ZWdUZXN0KHN0YWNrLCAnSW50ZWcnLCB7IHRlc3RDYXNlczogW1xuICBzdGFja1xuXSB9KTtcbiJdfQ==
56
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0czMtY21rLXByb3ZpZGVkLWFzLWJ1Y2tldC1wcm9wLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiaW50ZWcuY2Z0czMtY21rLXByb3ZpZGVkLWFzLWJ1Y2tldC1wcm9wLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7R0FXRzs7QUFFSCxVQUFVO0FBQ1YsNkNBQWlFO0FBQ2pFLGdDQUE2RDtBQUM3RCx5REFBNkc7QUFDN0csK0NBQXNEO0FBQ3RELGtFQUF1RDtBQUV2RCxRQUFRO0FBQ1IsTUFBTSxHQUFHLEdBQUcsSUFBSSxpQkFBRyxFQUFFLENBQUM7QUFDdEIsTUFBTSxLQUFLLEdBQUcsSUFBSSxtQkFBSyxDQUFDLEdBQUcsRUFBRSxJQUFBLDZCQUFzQixFQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7QUFDakUsS0FBSyxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsd0NBQXdDLENBQUM7QUFFN0UsY0FBYztBQUNkLE1BQU0sYUFBYSxHQUFHLElBQUkscUJBQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLFFBQVEsRUFBRTtJQUNyRCxpQkFBaUIsRUFBRSxJQUFJO0lBQ3ZCLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87Q0FDckMsQ0FBQyxDQUFDO0FBRUgsTUFBTSxLQUFLLEdBQXdCO0lBQ2pDLFdBQVcsRUFBRTtRQUNYLFVBQVUsRUFBRSxJQUFJO1FBQ2hCLFVBQVUsRUFBRSx5QkFBZ0IsQ0FBQyxHQUFHO1FBQ2hDLGFBQWE7S0FDZDtJQUNELDRCQUE0QixFQUFFO1FBQzVCLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87UUFDcEMsaUJBQWlCLEVBQUUsSUFBSTtLQUN4QjtJQUNELGtCQUFrQixFQUFFO1FBQ2xCLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87UUFDcEMsaUJBQWlCLEVBQUUsSUFBSTtLQUN4QjtJQUNELDJDQUEyQyxFQUFFO1FBQzNDLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87UUFDcEMsaUJBQWlCLEVBQUUsSUFBSTtLQUN4QjtJQUNELHlCQUF5QixFQUFFLEtBQUs7Q0FDakMsQ0FBQztBQUVGLElBQUksb0JBQWMsQ0FBQyxLQUFLLEVBQUUsdUNBQXVDLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFFMUUsSUFBQSwwQ0FBbUMsRUFBQyxLQUFLLEVBQUUsbURBQW1ELENBQUMsQ0FBQztBQUVoRyxRQUFRO0FBQ1IsSUFBSSw2QkFBUyxDQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRSxTQUFTLEVBQUU7UUFDekMsS0FBSztLQUNOLEVBQUUsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuLy8gSW1wb3J0c1xuaW1wb3J0IHsgQXBwLCBTdGFjaywgUmVtb3ZhbFBvbGljeSwgYXdzX2ttcyB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ2xvdWRGcm9udFRvUzMsIENsb3VkRnJvbnRUb1MzUHJvcHMgfSBmcm9tIFwiLi4vbGliXCI7XG5pbXBvcnQgeyBnZW5lcmF0ZUludGVnU3RhY2tOYW1lLCBzdXBwcmVzc0N1c3RvbUhhbmRsZXJDZm5OYWdXYXJuaW5ncyB9IGZyb20gJ0Bhd3Mtc29sdXRpb25zLWNvbnN0cnVjdHMvY29yZSc7XG5pbXBvcnQgeyBCdWNrZXRFbmNyeXB0aW9uIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1zM1wiO1xuaW1wb3J0IHsgSW50ZWdUZXN0IH0gZnJvbSAnQGF3cy1jZGsvaW50ZWctdGVzdHMtYWxwaGEnO1xuXG4vLyBTZXR1cFxuY29uc3QgYXBwID0gbmV3IEFwcCgpO1xuY29uc3Qgc3RhY2sgPSBuZXcgU3RhY2soYXBwLCBnZW5lcmF0ZUludGVnU3RhY2tOYW1lKF9fZmlsZW5hbWUpKTtcbnN0YWNrLnRlbXBsYXRlT3B0aW9ucy5kZXNjcmlwdGlvbiA9ICdJbnRlZ3JhdGlvbiBUZXN0IGZvciBhd3MtY2xvdWRmcm9udC1zMyc7XG5cbi8vIERlZmluaXRpb25zXG5jb25zdCBlbmNyeXB0aW9uS2V5ID0gbmV3IGF3c19rbXMuS2V5KHN0YWNrLCAnY21rS2V5Jywge1xuICBlbmFibGVLZXlSb3RhdGlvbjogdHJ1ZSxcbiAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZXG59KTtcblxuY29uc3QgcHJvcHM6IENsb3VkRnJvbnRUb1MzUHJvcHMgPSB7XG4gIGJ1Y2tldFByb3BzOiB7XG4gICAgZW5mb3JjZVNTTDogdHJ1ZSxcbiAgICBlbmNyeXB0aW9uOiBCdWNrZXRFbmNyeXB0aW9uLktNUyxcbiAgICBlbmNyeXB0aW9uS2V5XG4gIH0sXG4gIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgbG9nZ2luZ0J1Y2tldFByb3BzOiB7XG4gICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgIGF1dG9EZWxldGVPYmplY3RzOiB0cnVlXG4gIH0sXG4gIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0QWNjZXNzTG9nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgaW5zZXJ0SHR0cFNlY3VyaXR5SGVhZGVyczogZmFsc2Vcbn07XG5cbm5ldyBDbG91ZEZyb250VG9TMyhzdGFjaywgJ3Rlc3QtY2xvdWRmcm9udC1zMy1jbWstZW5jcnlwdGlvbi1rZXknLCBwcm9wcyk7XG5cbnN1cHByZXNzQ3VzdG9tSGFuZGxlckNmbk5hZ1dhcm5pbmdzKHN0YWNrLCAnQ3VzdG9tOjpTM0F1dG9EZWxldGVPYmplY3RzQ3VzdG9tUmVzb3VyY2VQcm92aWRlcicpO1xuXG4vLyBTeW50aFxubmV3IEludGVnVGVzdChzdGFjaywgJ0ludGVnJywgeyB0ZXN0Q2FzZXM6IFtcbiAgc3RhY2tcbl0gfSk7XG4iXX0=
@@ -0,0 +1,129 @@
1
+ "use strict";
2
+ /**
3
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4
+ *
5
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
6
+ * with the License. A copy of the License is located at
7
+ *
8
+ * http://www.apache.org/licenses/LICENSE-2.0
9
+ *
10
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
11
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
12
+ * and limitations under the License.
13
+ */
14
+ Object.defineProperty(exports, "__esModule", { value: true });
15
+ exports.updateKeyPolicy = exports.handler = void 0;
16
+ const client_kms_1 = require("@aws-sdk/client-kms");
17
+ const kmsClient = new client_kms_1.KMSClient();
18
+ const handler = async (event, context) => {
19
+ let status = 'SUCCESS';
20
+ let responseData = {};
21
+ if (event.RequestType === 'Create' || event.RequestType === 'Update') {
22
+ try {
23
+ const kmsKeyId = event.ResourceProperties.KmsKeyId;
24
+ const cloudFrontDistributionId = event.ResourceProperties.CloudFrontDistributionId;
25
+ const accountId = event.ResourceProperties.AccountId;
26
+ const region = process.env.AWS_REGION;
27
+ const describeKeyCommandResponse = await kmsClient.send(new client_kms_1.DescribeKeyCommand({
28
+ KeyId: kmsKeyId
29
+ }));
30
+ if (describeKeyCommandResponse.KeyMetadata?.KeyManager === client_kms_1.KeyManagerType.AWS) {
31
+ return {
32
+ Status: 'SUCCESS',
33
+ Reason: 'An AWS managed key was provided, no action needed from the custom resource, exiting now.',
34
+ PhysicalResourceId: event.PhysicalResourceId ?? context.logStreamName,
35
+ StackId: event.StackId,
36
+ RequestId: event.RequestId,
37
+ LogicalResourceId: event.LogicalResourceId,
38
+ Data: 'An AWS managed key was provided, no action needed from the custom resource, exiting now.',
39
+ };
40
+ }
41
+ // The PolicyName is specified as "default" below because that is the only valid name as
42
+ // written in the documentation for @aws-sdk/client-kms.GetKeyPolicyCommandInput:
43
+ // https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/GetKeyPolicyCommandInput/
44
+ const getKeyPolicyCommandResponse = await kmsClient.send(new client_kms_1.GetKeyPolicyCommand({
45
+ KeyId: kmsKeyId,
46
+ PolicyName: 'default'
47
+ }));
48
+ if (!getKeyPolicyCommandResponse.Policy) {
49
+ return {
50
+ Status: 'FAILED',
51
+ Reason: 'An error occurred while retrieving the key policy.',
52
+ PhysicalResourceId: event.PhysicalResourceId ?? context.logStreamName,
53
+ StackId: event.StackId,
54
+ RequestId: event.RequestId,
55
+ LogicalResourceId: event.LogicalResourceId,
56
+ Data: 'An error occurred while retrieving the key policy.',
57
+ };
58
+ }
59
+ // Define the updated key policy to allow CloudFront access
60
+ const keyPolicy = JSON.parse(getKeyPolicyCommandResponse?.Policy);
61
+ const keyPolicyStatement = {
62
+ Sid: 'Grant-CloudFront-Distribution-Key-Usage',
63
+ Effect: 'Allow',
64
+ Principal: {
65
+ Service: 'cloudfront.amazonaws.com',
66
+ },
67
+ Action: [
68
+ 'kms:Decrypt',
69
+ 'kms:Encrypt',
70
+ 'kms:GenerateDataKey*',
71
+ 'kms:ReEncrypt*'
72
+ ],
73
+ Resource: `arn:aws:kms:${region}:${accountId}:key/${kmsKeyId}`,
74
+ Condition: {
75
+ StringEquals: {
76
+ 'AWS:SourceArn': `arn:aws:cloudfront::${accountId}:distribution/${cloudFrontDistributionId}`
77
+ }
78
+ }
79
+ };
80
+ const updatedKeyPolicy = (0, exports.updateKeyPolicy)(keyPolicy, keyPolicyStatement);
81
+ await kmsClient.send(new client_kms_1.PutKeyPolicyCommand({
82
+ KeyId: kmsKeyId,
83
+ Policy: JSON.stringify(updatedKeyPolicy),
84
+ PolicyName: 'default'
85
+ }));
86
+ }
87
+ catch (err) {
88
+ status = 'FAILED';
89
+ responseData = {
90
+ Error: JSON.stringify(err)
91
+ };
92
+ }
93
+ }
94
+ return {
95
+ Status: status,
96
+ Reason: JSON.stringify(responseData),
97
+ PhysicalResourceId: event.PhysicalResourceId ?? context.logStreamName,
98
+ StackId: event.StackId,
99
+ RequestId: event.RequestId,
100
+ LogicalResourceId: event.LogicalResourceId,
101
+ Data: responseData,
102
+ };
103
+ };
104
+ exports.handler = handler;
105
+ /**
106
+ * Updates a provided key policy with a provided key policy statement. First checks whether the provided key policy statement
107
+ * already exists. If an existing key policy is found with a matching sid, the provided key policy will overwrite the existing
108
+ * key policy. If no matching key policy is found, the provided key policy will be appended onto the array of policy statements.
109
+ * @param keyPolicy - the JSON.parse'd result of the otherwise stringified key policy.
110
+ * @param keyPolicyStatement - the key policy statement to be added to the key policy.
111
+ * @returns keyPolicy - the updated key policy.
112
+ */
113
+ const updateKeyPolicy = (keyPolicy, keyPolicyStatement) => {
114
+ // Check to see if a duplicate key policy exists by matching on the sid. This is to prevent duplicate key policies
115
+ // from being added/updated in response to a stack being updated one or more times after initial creation.
116
+ const existingKeyPolicyIndex = keyPolicy.Statement.findIndex((statement) => statement.Sid === keyPolicyStatement.Sid);
117
+ // If a match is found, overwrite the key policy statement...
118
+ // Otherwise, push the new key policy to the array of statements
119
+ if (existingKeyPolicyIndex > -1) {
120
+ keyPolicy.Statement[existingKeyPolicyIndex] = keyPolicyStatement;
121
+ }
122
+ else {
123
+ keyPolicy.Statement.push(keyPolicyStatement);
124
+ }
125
+ // Return the result
126
+ return keyPolicy;
127
+ };
128
+ exports.updateKeyPolicy = updateKeyPolicy;
129
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7Ozs7Ozs7Ozs7O0dBV0c7OztBQUVILG9EQUE4SDtBQUU5SCxNQUFNLFNBQVMsR0FBRyxJQUFJLHNCQUFTLEVBQUUsQ0FBQztBQUUzQixNQUFNLE9BQU8sR0FBRyxLQUFLLEVBQUUsS0FBVSxFQUFFLE9BQVksRUFBRSxFQUFFO0lBRXhELElBQUksTUFBTSxHQUFHLFNBQVMsQ0FBQztJQUN2QixJQUFJLFlBQVksR0FBRyxFQUFFLENBQUM7SUFFdEIsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBRXJFLElBQUksQ0FBQztZQUNILE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUM7WUFDbkQsTUFBTSx3QkFBd0IsR0FBRyxLQUFLLENBQUMsa0JBQWtCLENBQUMsd0JBQXdCLENBQUM7WUFDbkYsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQztZQUNyRCxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQztZQUV0QyxNQUFNLDBCQUEwQixHQUFHLE1BQU0sU0FBUyxDQUFDLElBQUksQ0FBQyxJQUFJLCtCQUFrQixDQUFDO2dCQUM3RSxLQUFLLEVBQUUsUUFBUTthQUNoQixDQUFDLENBQUMsQ0FBQztZQUVKLElBQUksMEJBQTBCLENBQUMsV0FBVyxFQUFFLFVBQVUsS0FBSywyQkFBYyxDQUFDLEdBQUcsRUFBRSxDQUFDO2dCQUM5RSxPQUFPO29CQUNMLE1BQU0sRUFBRSxTQUFTO29CQUNqQixNQUFNLEVBQUUsMEZBQTBGO29CQUNsRyxrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksT0FBTyxDQUFDLGFBQWE7b0JBQ3JFLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztvQkFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO29CQUMxQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO29CQUMxQyxJQUFJLEVBQUUsMEZBQTBGO2lCQUNqRyxDQUFDO1lBQ0osQ0FBQztZQUVELHdGQUF3RjtZQUN4RixpRkFBaUY7WUFDakYseUhBQXlIO1lBQ3pILE1BQU0sMkJBQTJCLEdBQUcsTUFBTSxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksZ0NBQW1CLENBQUM7Z0JBQy9FLEtBQUssRUFBRSxRQUFRO2dCQUNmLFVBQVUsRUFBRSxTQUFTO2FBQ3RCLENBQUMsQ0FBQyxDQUFDO1lBRUosSUFBSSxDQUFDLDJCQUEyQixDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUN4QyxPQUFPO29CQUNMLE1BQU0sRUFBRSxRQUFRO29CQUNoQixNQUFNLEVBQUUsb0RBQW9EO29CQUM1RCxrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksT0FBTyxDQUFDLGFBQWE7b0JBQ3JFLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztvQkFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO29CQUMxQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO29CQUMxQyxJQUFJLEVBQUUsb0RBQW9EO2lCQUMzRCxDQUFDO1lBQ0osQ0FBQztZQUVELDJEQUEyRDtZQUMzRCxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLDJCQUEyQixFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQ2xFLE1BQU0sa0JBQWtCLEdBQUc7Z0JBQ3pCLEdBQUcsRUFBRSx5Q0FBeUM7Z0JBQzlDLE1BQU0sRUFBRSxPQUFPO2dCQUNmLFNBQVMsRUFBRTtvQkFDVCxPQUFPLEVBQUUsMEJBQTBCO2lCQUNwQztnQkFDRCxNQUFNLEVBQUU7b0JBQ04sYUFBYTtvQkFDYixhQUFhO29CQUNiLHNCQUFzQjtvQkFDdEIsZ0JBQWdCO2lCQUNqQjtnQkFDRCxRQUFRLEVBQUUsZUFBZSxNQUFNLElBQUksU0FBUyxRQUFRLFFBQVEsRUFBRTtnQkFDOUQsU0FBUyxFQUFFO29CQUNULFlBQVksRUFBRTt3QkFDWixlQUFlLEVBQUUsdUJBQXVCLFNBQVMsaUJBQWlCLHdCQUF3QixFQUFFO3FCQUM3RjtpQkFDRjthQUNGLENBQUM7WUFDRixNQUFNLGdCQUFnQixHQUFHLElBQUEsdUJBQWUsRUFBQyxTQUFTLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztZQUV4RSxNQUFNLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxnQ0FBbUIsQ0FBQztnQkFDM0MsS0FBSyxFQUFFLFFBQVE7Z0JBQ2YsTUFBTSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLENBQUM7Z0JBQ3hDLFVBQVUsRUFBRSxTQUFTO2FBQ3RCLENBQUMsQ0FBQyxDQUFDO1FBQ04sQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLEdBQUcsUUFBUSxDQUFDO1lBQ2xCLFlBQVksR0FBRztnQkFDYixLQUFLLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUM7YUFDM0IsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTztRQUNMLE1BQU0sRUFBRSxNQUFNO1FBQ2QsTUFBTSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsWUFBWSxDQUFDO1FBQ3BDLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSxPQUFPLENBQUMsYUFBYTtRQUNyRSxPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87UUFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1FBQzFCLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxpQkFBaUI7UUFDMUMsSUFBSSxFQUFFLFlBQVk7S0FDbkIsQ0FBQztBQUNKLENBQUMsQ0FBQztBQTlGVyxRQUFBLE9BQU8sV0E4RmxCO0FBRUY7Ozs7Ozs7R0FPRztBQUNJLE1BQU0sZUFBZSxHQUFHLENBQUMsU0FBYyxFQUFFLGtCQUF1QixFQUFFLEVBQUU7SUFDekUsa0hBQWtIO0lBQ2xILDBHQUEwRztJQUMxRyxNQUFNLHNCQUFzQixHQUFHLFNBQVMsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLENBQUMsU0FBYyxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsR0FBRyxLQUFLLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzNILDZEQUE2RDtJQUM3RCxnRUFBZ0U7SUFDaEUsSUFBSSxzQkFBc0IsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ2hDLFNBQVMsQ0FBQyxTQUFTLENBQUMsc0JBQXNCLENBQUMsR0FBRyxrQkFBa0IsQ0FBQztJQUNuRSxDQUFDO1NBQU0sQ0FBQztRQUNOLFNBQVMsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUNELG9CQUFvQjtJQUNwQixPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDLENBQUM7QUFiVyxRQUFBLGVBQWUsbUJBYTFCIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuaW1wb3J0IHsgS01TQ2xpZW50LCBHZXRLZXlQb2xpY3lDb21tYW5kLCBEZXNjcmliZUtleUNvbW1hbmQsIFB1dEtleVBvbGljeUNvbW1hbmQsIEtleU1hbmFnZXJUeXBlIH0gZnJvbSBcIkBhd3Mtc2RrL2NsaWVudC1rbXNcIjtcblxuY29uc3Qga21zQ2xpZW50ID0gbmV3IEtNU0NsaWVudCgpO1xuXG5leHBvcnQgY29uc3QgaGFuZGxlciA9IGFzeW5jIChldmVudDogYW55LCBjb250ZXh0OiBhbnkpID0+IHtcblxuICBsZXQgc3RhdHVzID0gJ1NVQ0NFU1MnO1xuICBsZXQgcmVzcG9uc2VEYXRhID0ge307XG5cbiAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnQ3JlYXRlJyB8fCBldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ1VwZGF0ZScpIHtcblxuICAgIHRyeSB7XG4gICAgICBjb25zdCBrbXNLZXlJZCA9IGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5LbXNLZXlJZDtcbiAgICAgIGNvbnN0IGNsb3VkRnJvbnREaXN0cmlidXRpb25JZCA9IGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5DbG91ZEZyb250RGlzdHJpYnV0aW9uSWQ7XG4gICAgICBjb25zdCBhY2NvdW50SWQgPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuQWNjb3VudElkO1xuICAgICAgY29uc3QgcmVnaW9uID0gcHJvY2Vzcy5lbnYuQVdTX1JFR0lPTjtcblxuICAgICAgY29uc3QgZGVzY3JpYmVLZXlDb21tYW5kUmVzcG9uc2UgPSBhd2FpdCBrbXNDbGllbnQuc2VuZChuZXcgRGVzY3JpYmVLZXlDb21tYW5kKHtcbiAgICAgICAgS2V5SWQ6IGttc0tleUlkXG4gICAgICB9KSk7XG5cbiAgICAgIGlmIChkZXNjcmliZUtleUNvbW1hbmRSZXNwb25zZS5LZXlNZXRhZGF0YT8uS2V5TWFuYWdlciA9PT0gS2V5TWFuYWdlclR5cGUuQVdTKSB7XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgU3RhdHVzOiAnU1VDQ0VTUycsXG4gICAgICAgICAgUmVhc29uOiAnQW4gQVdTIG1hbmFnZWQga2V5IHdhcyBwcm92aWRlZCwgbm8gYWN0aW9uIG5lZWRlZCBmcm9tIHRoZSBjdXN0b20gcmVzb3VyY2UsIGV4aXRpbmcgbm93LicsXG4gICAgICAgICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY29udGV4dC5sb2dTdHJlYW1OYW1lLFxuICAgICAgICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgICAgICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgICAgICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgICAgICAgIERhdGE6ICdBbiBBV1MgbWFuYWdlZCBrZXkgd2FzIHByb3ZpZGVkLCBubyBhY3Rpb24gbmVlZGVkIGZyb20gdGhlIGN1c3RvbSByZXNvdXJjZSwgZXhpdGluZyBub3cuJyxcbiAgICAgICAgfTtcbiAgICAgIH1cblxuICAgICAgLy8gVGhlIFBvbGljeU5hbWUgaXMgc3BlY2lmaWVkIGFzIFwiZGVmYXVsdFwiIGJlbG93IGJlY2F1c2UgdGhhdCBpcyB0aGUgb25seSB2YWxpZCBuYW1lIGFzXG4gICAgICAvLyB3cml0dGVuIGluIHRoZSBkb2N1bWVudGF0aW9uIGZvciBAYXdzLXNkay9jbGllbnQta21zLkdldEtleVBvbGljeUNvbW1hbmRJbnB1dDpcbiAgICAgIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL3YzL2xhdGVzdC9QYWNrYWdlLy1hd3Mtc2RrLWNsaWVudC1rbXMvSW50ZXJmYWNlL0dldEtleVBvbGljeUNvbW1hbmRJbnB1dC9cbiAgICAgIGNvbnN0IGdldEtleVBvbGljeUNvbW1hbmRSZXNwb25zZSA9IGF3YWl0IGttc0NsaWVudC5zZW5kKG5ldyBHZXRLZXlQb2xpY3lDb21tYW5kKHtcbiAgICAgICAgS2V5SWQ6IGttc0tleUlkLFxuICAgICAgICBQb2xpY3lOYW1lOiAnZGVmYXVsdCdcbiAgICAgIH0pKTtcblxuICAgICAgaWYgKCFnZXRLZXlQb2xpY3lDb21tYW5kUmVzcG9uc2UuUG9saWN5KSB7XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgU3RhdHVzOiAnRkFJTEVEJyxcbiAgICAgICAgICBSZWFzb246ICdBbiBlcnJvciBvY2N1cnJlZCB3aGlsZSByZXRyaWV2aW5nIHRoZSBrZXkgcG9saWN5LicsXG4gICAgICAgICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY29udGV4dC5sb2dTdHJlYW1OYW1lLFxuICAgICAgICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgICAgICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgICAgICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgICAgICAgIERhdGE6ICdBbiBlcnJvciBvY2N1cnJlZCB3aGlsZSByZXRyaWV2aW5nIHRoZSBrZXkgcG9saWN5LicsXG4gICAgICAgIH07XG4gICAgICB9XG5cbiAgICAgIC8vIERlZmluZSB0aGUgdXBkYXRlZCBrZXkgcG9saWN5IHRvIGFsbG93IENsb3VkRnJvbnQgYWNjZXNzXG4gICAgICBjb25zdCBrZXlQb2xpY3kgPSBKU09OLnBhcnNlKGdldEtleVBvbGljeUNvbW1hbmRSZXNwb25zZT8uUG9saWN5KTtcbiAgICAgIGNvbnN0IGtleVBvbGljeVN0YXRlbWVudCA9IHtcbiAgICAgICAgU2lkOiAnR3JhbnQtQ2xvdWRGcm9udC1EaXN0cmlidXRpb24tS2V5LVVzYWdlJyxcbiAgICAgICAgRWZmZWN0OiAnQWxsb3cnLFxuICAgICAgICBQcmluY2lwYWw6IHtcbiAgICAgICAgICBTZXJ2aWNlOiAnY2xvdWRmcm9udC5hbWF6b25hd3MuY29tJyxcbiAgICAgICAgfSxcbiAgICAgICAgQWN0aW9uOiBbXG4gICAgICAgICAgJ2ttczpEZWNyeXB0JyxcbiAgICAgICAgICAna21zOkVuY3J5cHQnLFxuICAgICAgICAgICdrbXM6R2VuZXJhdGVEYXRhS2V5KicsXG4gICAgICAgICAgJ2ttczpSZUVuY3J5cHQqJ1xuICAgICAgICBdLFxuICAgICAgICBSZXNvdXJjZTogYGFybjphd3M6a21zOiR7cmVnaW9ufToke2FjY291bnRJZH06a2V5LyR7a21zS2V5SWR9YCxcbiAgICAgICAgQ29uZGl0aW9uOiB7XG4gICAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgICAnQVdTOlNvdXJjZUFybic6IGBhcm46YXdzOmNsb3VkZnJvbnQ6OiR7YWNjb3VudElkfTpkaXN0cmlidXRpb24vJHtjbG91ZEZyb250RGlzdHJpYnV0aW9uSWR9YFxuICAgICAgICAgIH1cbiAgICAgICAgfVxuICAgICAgfTtcbiAgICAgIGNvbnN0IHVwZGF0ZWRLZXlQb2xpY3kgPSB1cGRhdGVLZXlQb2xpY3koa2V5UG9saWN5LCBrZXlQb2xpY3lTdGF0ZW1lbnQpO1xuXG4gICAgICBhd2FpdCBrbXNDbGllbnQuc2VuZChuZXcgUHV0S2V5UG9saWN5Q29tbWFuZCh7XG4gICAgICAgIEtleUlkOiBrbXNLZXlJZCxcbiAgICAgICAgUG9saWN5OiBKU09OLnN0cmluZ2lmeSh1cGRhdGVkS2V5UG9saWN5KSxcbiAgICAgICAgUG9saWN5TmFtZTogJ2RlZmF1bHQnXG4gICAgICB9KSk7XG4gICAgfSBjYXRjaCAoZXJyKSB7XG4gICAgICBzdGF0dXMgPSAnRkFJTEVEJztcbiAgICAgIHJlc3BvbnNlRGF0YSA9IHtcbiAgICAgICAgRXJyb3I6IEpTT04uc3RyaW5naWZ5KGVycilcbiAgICAgIH07XG4gICAgfVxuICB9XG5cbiAgcmV0dXJuIHtcbiAgICBTdGF0dXM6IHN0YXR1cyxcbiAgICBSZWFzb246IEpTT04uc3RyaW5naWZ5KHJlc3BvbnNlRGF0YSksXG4gICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY29udGV4dC5sb2dTdHJlYW1OYW1lLFxuICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgIERhdGE6IHJlc3BvbnNlRGF0YSxcbiAgfTtcbn07XG5cbi8qKlxuICogVXBkYXRlcyBhIHByb3ZpZGVkIGtleSBwb2xpY3kgd2l0aCBhIHByb3ZpZGVkIGtleSBwb2xpY3kgc3RhdGVtZW50LiBGaXJzdCBjaGVja3Mgd2hldGhlciB0aGUgcHJvdmlkZWQga2V5IHBvbGljeSBzdGF0ZW1lbnRcbiAqIGFscmVhZHkgZXhpc3RzLiBJZiBhbiBleGlzdGluZyBrZXkgcG9saWN5IGlzIGZvdW5kIHdpdGggYSBtYXRjaGluZyBzaWQsIHRoZSBwcm92aWRlZCBrZXkgcG9saWN5IHdpbGwgb3ZlcndyaXRlIHRoZSBleGlzdGluZ1xuICoga2V5IHBvbGljeS4gSWYgbm8gbWF0Y2hpbmcga2V5IHBvbGljeSBpcyBmb3VuZCwgdGhlIHByb3ZpZGVkIGtleSBwb2xpY3kgd2lsbCBiZSBhcHBlbmRlZCBvbnRvIHRoZSBhcnJheSBvZiBwb2xpY3kgc3RhdGVtZW50cy5cbiAqIEBwYXJhbSBrZXlQb2xpY3kgLSB0aGUgSlNPTi5wYXJzZSdkIHJlc3VsdCBvZiB0aGUgb3RoZXJ3aXNlIHN0cmluZ2lmaWVkIGtleSBwb2xpY3kuXG4gKiBAcGFyYW0ga2V5UG9saWN5U3RhdGVtZW50IC0gdGhlIGtleSBwb2xpY3kgc3RhdGVtZW50IHRvIGJlIGFkZGVkIHRvIHRoZSBrZXkgcG9saWN5LlxuICogQHJldHVybnMga2V5UG9saWN5IC0gdGhlIHVwZGF0ZWQga2V5IHBvbGljeS5cbiAqL1xuZXhwb3J0IGNvbnN0IHVwZGF0ZUtleVBvbGljeSA9IChrZXlQb2xpY3k6IGFueSwga2V5UG9saWN5U3RhdGVtZW50OiBhbnkpID0+IHtcbiAgLy8gQ2hlY2sgdG8gc2VlIGlmIGEgZHVwbGljYXRlIGtleSBwb2xpY3kgZXhpc3RzIGJ5IG1hdGNoaW5nIG9uIHRoZSBzaWQuIFRoaXMgaXMgdG8gcHJldmVudCBkdXBsaWNhdGUga2V5IHBvbGljaWVzXG4gIC8vIGZyb20gYmVpbmcgYWRkZWQvdXBkYXRlZCBpbiByZXNwb25zZSB0byBhIHN0YWNrIGJlaW5nIHVwZGF0ZWQgb25lIG9yIG1vcmUgdGltZXMgYWZ0ZXIgaW5pdGlhbCBjcmVhdGlvbi5cbiAgY29uc3QgZXhpc3RpbmdLZXlQb2xpY3lJbmRleCA9IGtleVBvbGljeS5TdGF0ZW1lbnQuZmluZEluZGV4KChzdGF0ZW1lbnQ6IGFueSkgPT4gc3RhdGVtZW50LlNpZCA9PT0ga2V5UG9saWN5U3RhdGVtZW50LlNpZCk7XG4gIC8vIElmIGEgbWF0Y2ggaXMgZm91bmQsIG92ZXJ3cml0ZSB0aGUga2V5IHBvbGljeSBzdGF0ZW1lbnQuLi5cbiAgLy8gT3RoZXJ3aXNlLCBwdXNoIHRoZSBuZXcga2V5IHBvbGljeSB0byB0aGUgYXJyYXkgb2Ygc3RhdGVtZW50c1xuICBpZiAoZXhpc3RpbmdLZXlQb2xpY3lJbmRleCA+IC0xKSB7XG4gICAga2V5UG9saWN5LlN0YXRlbWVudFtleGlzdGluZ0tleVBvbGljeUluZGV4XSA9IGtleVBvbGljeVN0YXRlbWVudDtcbiAgfSBlbHNlIHtcbiAgICBrZXlQb2xpY3kuU3RhdGVtZW50LnB1c2goa2V5UG9saWN5U3RhdGVtZW50KTtcbiAgfVxuICAvLyBSZXR1cm4gdGhlIHJlc3VsdFxuICByZXR1cm4ga2V5UG9saWN5O1xufTtcbiJdfQ==
@@ -14,15 +14,15 @@
14
14
  }
15
15
  }
16
16
  },
17
- "4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f": {
17
+ "e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e": {
18
18
  "source": {
19
- "path": "asset.4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f",
19
+ "path": "asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e",
20
20
  "packaging": "zip"
21
21
  },
22
22
  "destinations": {
23
23
  "current_account-current_region": {
24
24
  "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
25
- "objectKey": "4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f.zip",
25
+ "objectKey": "e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip",
26
26
  "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
27
27
  }
28
28
  }
@@ -40,7 +40,7 @@
40
40
  }
41
41
  }
42
42
  },
43
- "68db7c60542ae375f494fcb6deeb6e4e22c8fc1698d1e0988d5329665db4ccfe": {
43
+ "721dbf5b1f818c7bd529d1421b8df9407c94d7b824309db50590a949a0a201e1": {
44
44
  "source": {
45
45
  "path": "cfts3-cmk-provided-as-bucket-prop.template.json",
46
46
  "packaging": "file"
@@ -48,7 +48,7 @@
48
48
  "destinations": {
49
49
  "current_account-current_region": {
50
50
  "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
51
- "objectKey": "68db7c60542ae375f494fcb6deeb6e4e22c8fc1698d1e0988d5329665db4ccfe.json",
51
+ "objectKey": "721dbf5b1f818c7bd529d1421b8df9407c94d7b824309db50590a949a0a201e1.json",
52
52
  "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
53
53
  }
54
54
  }
@@ -879,7 +879,7 @@
879
879
  "S3Bucket": {
880
880
  "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
881
881
  },
882
- "S3Key": "4a4b024f310aca2784b69bcb790e9ccaef785e9ad5d1b73624144f88c4465b4f.zip"
882
+ "S3Key": "e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"
883
883
  },
884
884
  "Description": "Custom resource function that updates a provided key policy to allow CloudFront access.",
885
885
  "Environment": {
@@ -1228,9 +1228,18 @@
1228
1228
  "ap-southeast-4": {
1229
1229
  "value": "nodejs20.x"
1230
1230
  },
1231
+ "ap-southeast-5": {
1232
+ "value": "nodejs20.x"
1233
+ },
1234
+ "ap-southeast-7": {
1235
+ "value": "nodejs20.x"
1236
+ },
1231
1237
  "ca-central-1": {
1232
1238
  "value": "nodejs20.x"
1233
1239
  },
1240
+ "ca-west-1": {
1241
+ "value": "nodejs20.x"
1242
+ },
1234
1243
  "cn-north-1": {
1235
1244
  "value": "nodejs18.x"
1236
1245
  },
@@ -1243,6 +1252,9 @@
1243
1252
  "eu-central-2": {
1244
1253
  "value": "nodejs20.x"
1245
1254
  },
1255
+ "eu-isoe-west-1": {
1256
+ "value": "nodejs18.x"
1257
+ },
1246
1258
  "eu-north-1": {
1247
1259
  "value": "nodejs20.x"
1248
1260
  },
@@ -1270,6 +1282,9 @@
1270
1282
  "me-south-1": {
1271
1283
  "value": "nodejs20.x"
1272
1284
  },
1285
+ "mx-central-1": {
1286
+ "value": "nodejs20.x"
1287
+ },
1273
1288
  "sa-east-1": {
1274
1289
  "value": "nodejs20.x"
1275
1290
  },
@@ -66,7 +66,7 @@
66
66
  "validateOnSynth": false,
67
67
  "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
68
68
  "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
69
- "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/68db7c60542ae375f494fcb6deeb6e4e22c8fc1698d1e0988d5329665db4ccfe.json",
69
+ "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/721dbf5b1f818c7bd529d1421b8df9407c94d7b824309db50590a949a0a201e1.json",
70
70
  "requiresBootstrapStackVersion": 6,
71
71
  "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
72
72
  "additionalDependencies": [