@aws-solutions-constructs/aws-cloudfront-s3 2.79.1 → 2.81.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (94) hide show
  1. package/.jsii +44 -44
  2. package/lib/index.js +1 -1
  3. package/package.json +8 -8
  4. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +1 -0
  5. package/test/{integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e → integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca}/outbound.js +1 -1
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +1 -0
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -1
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +6 -6
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +55 -40
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +1 -1
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +1 -1
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +481 -8
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1 -1610
  14. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -1
  15. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +3 -3
  16. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +4 -4
  17. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +1 -1
  18. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +1 -1
  19. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +152 -4
  20. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +153 -45
  21. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +1 -0
  22. package/test/{integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e → integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca}/outbound.js +1 -1
  23. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +1 -0
  24. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -1
  25. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +6 -6
  26. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +55 -40
  27. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +1 -1
  28. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +1 -1
  29. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +474 -8
  30. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1 -1547
  31. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -1
  32. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +3 -3
  33. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.template.json +4 -4
  34. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +1 -1
  35. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +1 -1
  36. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +175 -4
  37. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +174 -49
  38. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -1
  39. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +3 -3
  40. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.template.json +4 -4
  41. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +1 -1
  42. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +1 -1
  43. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +167 -4
  44. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +167 -47
  45. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -1
  46. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +3 -3
  47. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.template.json +4 -4
  48. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +1 -1
  49. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +1 -1
  50. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +205 -4
  51. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +199 -47
  52. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -1
  53. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +3 -3
  54. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.template.json +4 -4
  55. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +1 -1
  56. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +1 -1
  57. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +169 -4
  58. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +168 -52
  59. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -1
  60. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +3 -3
  61. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.template.json +4 -4
  62. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +1 -1
  63. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +1 -1
  64. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +167 -4
  65. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +167 -47
  66. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -1
  67. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/cfts3-no-cloudfront-s3-access-logs.assets.json +3 -3
  68. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/cfts3-no-cloudfront-s3-access-logs.template.json +4 -4
  69. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/cfts3nocloudfronts3accesslogsIntegDefaultTestDeployAssertAD28C87A.assets.json +1 -1
  70. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +1 -1
  71. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +111 -4
  72. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +117 -35
  73. package/test/integ.cfts3-no-logging.js.snapshot/cdk.out +1 -1
  74. package/test/integ.cfts3-no-logging.js.snapshot/cfts3-no-logging.assets.json +3 -3
  75. package/test/integ.cfts3-no-logging.js.snapshot/cfts3-no-logging.template.json +4 -4
  76. package/test/integ.cfts3-no-logging.js.snapshot/cfts3nologgingIntegDefaultTestDeployAssert18393DDB.assets.json +1 -1
  77. package/test/integ.cfts3-no-logging.js.snapshot/integ.json +1 -1
  78. package/test/integ.cfts3-no-logging.js.snapshot/manifest.json +83 -4
  79. package/test/integ.cfts3-no-logging.js.snapshot/tree.json +92 -29
  80. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -1
  81. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +3 -3
  82. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.template.json +4 -4
  83. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +1 -1
  84. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +1 -1
  85. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +152 -4
  86. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +153 -45
  87. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e/cfn-response.js +0 -1
  88. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e/util.js +0 -1
  89. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e/cfn-response.js +0 -1
  90. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e/util.js +0 -1
  91. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e → asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca}/consts.js +0 -0
  92. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e → asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca}/framework.js +0 -0
  93. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e → asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca}/consts.js +0 -0
  94. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e → asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca}/framework.js +0 -0
@@ -1,1547 +1 @@
1
- {
2
- "version": "tree-0.1",
3
- "tree": {
4
- "id": "App",
5
- "path": "",
6
- "children": {
7
- "cfts3-cmk-provided-as-bucket-prop": {
8
- "id": "cfts3-cmk-provided-as-bucket-prop",
9
- "path": "cfts3-cmk-provided-as-bucket-prop",
10
- "children": {
11
- "cmkKey": {
12
- "id": "cmkKey",
13
- "path": "cfts3-cmk-provided-as-bucket-prop/cmkKey",
14
- "children": {
15
- "Resource": {
16
- "id": "Resource",
17
- "path": "cfts3-cmk-provided-as-bucket-prop/cmkKey/Resource",
18
- "attributes": {
19
- "aws:cdk:cloudformation:type": "AWS::KMS::Key",
20
- "aws:cdk:cloudformation:props": {
21
- "enableKeyRotation": true,
22
- "keyPolicy": {
23
- "Statement": [
24
- {
25
- "Action": "kms:*",
26
- "Effect": "Allow",
27
- "Principal": {
28
- "AWS": {
29
- "Fn::Join": [
30
- "",
31
- [
32
- "arn:",
33
- {
34
- "Ref": "AWS::Partition"
35
- },
36
- ":iam::",
37
- {
38
- "Ref": "AWS::AccountId"
39
- },
40
- ":root"
41
- ]
42
- ]
43
- }
44
- },
45
- "Resource": "*"
46
- }
47
- ],
48
- "Version": "2012-10-17"
49
- }
50
- }
51
- },
52
- "constructInfo": {
53
- "fqn": "aws-cdk-lib.aws_kms.CfnKey",
54
- "version": "2.160.0"
55
- }
56
- }
57
- },
58
- "constructInfo": {
59
- "fqn": "aws-cdk-lib.aws_kms.Key",
60
- "version": "2.160.0"
61
- }
62
- },
63
- "test-cloudfront-s3-cmk-encryption-key": {
64
- "id": "test-cloudfront-s3-cmk-encryption-key",
65
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key",
66
- "children": {
67
- "S3LoggingBucket": {
68
- "id": "S3LoggingBucket",
69
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket",
70
- "children": {
71
- "Resource": {
72
- "id": "Resource",
73
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Resource",
74
- "attributes": {
75
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
76
- "aws:cdk:cloudformation:props": {
77
- "bucketEncryption": {
78
- "serverSideEncryptionConfiguration": [
79
- {
80
- "serverSideEncryptionByDefault": {
81
- "sseAlgorithm": "AES256"
82
- }
83
- }
84
- ]
85
- },
86
- "publicAccessBlockConfiguration": {
87
- "blockPublicAcls": true,
88
- "blockPublicPolicy": true,
89
- "ignorePublicAcls": true,
90
- "restrictPublicBuckets": true
91
- },
92
- "tags": [
93
- {
94
- "key": "aws-cdk:auto-delete-objects",
95
- "value": "true"
96
- }
97
- ],
98
- "versioningConfiguration": {
99
- "status": "Enabled"
100
- }
101
- }
102
- },
103
- "constructInfo": {
104
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
105
- "version": "2.160.0"
106
- }
107
- },
108
- "Policy": {
109
- "id": "Policy",
110
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy",
111
- "children": {
112
- "Resource": {
113
- "id": "Resource",
114
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy/Resource",
115
- "attributes": {
116
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
117
- "aws:cdk:cloudformation:props": {
118
- "bucket": {
119
- "Ref": "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"
120
- },
121
- "policyDocument": {
122
- "Statement": [
123
- {
124
- "Action": "s3:*",
125
- "Condition": {
126
- "Bool": {
127
- "aws:SecureTransport": "false"
128
- }
129
- },
130
- "Effect": "Deny",
131
- "Principal": {
132
- "AWS": "*"
133
- },
134
- "Resource": [
135
- {
136
- "Fn::GetAtt": [
137
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
138
- "Arn"
139
- ]
140
- },
141
- {
142
- "Fn::Join": [
143
- "",
144
- [
145
- {
146
- "Fn::GetAtt": [
147
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
148
- "Arn"
149
- ]
150
- },
151
- "/*"
152
- ]
153
- ]
154
- }
155
- ]
156
- },
157
- {
158
- "Action": [
159
- "s3:DeleteObject*",
160
- "s3:GetBucket*",
161
- "s3:List*",
162
- "s3:PutBucketPolicy"
163
- ],
164
- "Effect": "Allow",
165
- "Principal": {
166
- "AWS": {
167
- "Fn::GetAtt": [
168
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
169
- "Arn"
170
- ]
171
- }
172
- },
173
- "Resource": [
174
- {
175
- "Fn::GetAtt": [
176
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
177
- "Arn"
178
- ]
179
- },
180
- {
181
- "Fn::Join": [
182
- "",
183
- [
184
- {
185
- "Fn::GetAtt": [
186
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
187
- "Arn"
188
- ]
189
- },
190
- "/*"
191
- ]
192
- ]
193
- }
194
- ]
195
- },
196
- {
197
- "Action": "s3:PutObject",
198
- "Condition": {
199
- "ArnLike": {
200
- "aws:SourceArn": {
201
- "Fn::GetAtt": [
202
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
203
- "Arn"
204
- ]
205
- }
206
- },
207
- "StringEquals": {
208
- "aws:SourceAccount": {
209
- "Ref": "AWS::AccountId"
210
- }
211
- }
212
- },
213
- "Effect": "Allow",
214
- "Principal": {
215
- "Service": "logging.s3.amazonaws.com"
216
- },
217
- "Resource": {
218
- "Fn::Join": [
219
- "",
220
- [
221
- {
222
- "Fn::GetAtt": [
223
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
224
- "Arn"
225
- ]
226
- },
227
- "/*"
228
- ]
229
- ]
230
- }
231
- }
232
- ],
233
- "Version": "2012-10-17"
234
- }
235
- }
236
- },
237
- "constructInfo": {
238
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
239
- "version": "2.160.0"
240
- }
241
- }
242
- },
243
- "constructInfo": {
244
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
245
- "version": "2.160.0"
246
- }
247
- },
248
- "AutoDeleteObjectsCustomResource": {
249
- "id": "AutoDeleteObjectsCustomResource",
250
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource",
251
- "children": {
252
- "Default": {
253
- "id": "Default",
254
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource/Default",
255
- "constructInfo": {
256
- "fqn": "aws-cdk-lib.CfnResource",
257
- "version": "2.160.0"
258
- }
259
- }
260
- },
261
- "constructInfo": {
262
- "fqn": "aws-cdk-lib.CustomResource",
263
- "version": "2.160.0"
264
- }
265
- }
266
- },
267
- "constructInfo": {
268
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
269
- "version": "2.160.0"
270
- }
271
- },
272
- "S3Bucket": {
273
- "id": "S3Bucket",
274
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket",
275
- "children": {
276
- "Resource": {
277
- "id": "Resource",
278
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Resource",
279
- "attributes": {
280
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
281
- "aws:cdk:cloudformation:props": {
282
- "bucketEncryption": {
283
- "serverSideEncryptionConfiguration": [
284
- {
285
- "serverSideEncryptionByDefault": {
286
- "sseAlgorithm": "aws:kms",
287
- "kmsMasterKeyId": {
288
- "Fn::GetAtt": [
289
- "cmkKey598B20B2",
290
- "Arn"
291
- ]
292
- }
293
- }
294
- }
295
- ]
296
- },
297
- "lifecycleConfiguration": {
298
- "rules": [
299
- {
300
- "noncurrentVersionTransitions": [
301
- {
302
- "storageClass": "GLACIER",
303
- "transitionInDays": 90
304
- }
305
- ],
306
- "status": "Enabled"
307
- }
308
- ]
309
- },
310
- "loggingConfiguration": {
311
- "destinationBucketName": {
312
- "Ref": "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"
313
- }
314
- },
315
- "publicAccessBlockConfiguration": {
316
- "blockPublicAcls": true,
317
- "blockPublicPolicy": true,
318
- "ignorePublicAcls": true,
319
- "restrictPublicBuckets": true
320
- },
321
- "versioningConfiguration": {
322
- "status": "Enabled"
323
- }
324
- }
325
- },
326
- "constructInfo": {
327
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
328
- "version": "2.160.0"
329
- }
330
- },
331
- "Policy": {
332
- "id": "Policy",
333
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy",
334
- "children": {
335
- "Resource": {
336
- "id": "Resource",
337
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy/Resource",
338
- "attributes": {
339
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
340
- "aws:cdk:cloudformation:props": {
341
- "bucket": {
342
- "Ref": "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2"
343
- },
344
- "policyDocument": {
345
- "Statement": [
346
- {
347
- "Action": "s3:*",
348
- "Condition": {
349
- "Bool": {
350
- "aws:SecureTransport": "false"
351
- }
352
- },
353
- "Effect": "Deny",
354
- "Principal": {
355
- "AWS": "*"
356
- },
357
- "Resource": [
358
- {
359
- "Fn::GetAtt": [
360
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
361
- "Arn"
362
- ]
363
- },
364
- {
365
- "Fn::Join": [
366
- "",
367
- [
368
- {
369
- "Fn::GetAtt": [
370
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
371
- "Arn"
372
- ]
373
- },
374
- "/*"
375
- ]
376
- ]
377
- }
378
- ]
379
- },
380
- {
381
- "Action": "s3:GetObject",
382
- "Condition": {
383
- "StringEquals": {
384
- "AWS:SourceArn": {
385
- "Fn::Join": [
386
- "",
387
- [
388
- "arn:",
389
- {
390
- "Ref": "AWS::Partition"
391
- },
392
- ":cloudfront::",
393
- {
394
- "Ref": "AWS::AccountId"
395
- },
396
- ":distribution/",
397
- {
398
- "Ref": "testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"
399
- }
400
- ]
401
- ]
402
- }
403
- }
404
- },
405
- "Effect": "Allow",
406
- "Principal": {
407
- "Service": "cloudfront.amazonaws.com"
408
- },
409
- "Resource": {
410
- "Fn::Join": [
411
- "",
412
- [
413
- {
414
- "Fn::GetAtt": [
415
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
416
- "Arn"
417
- ]
418
- },
419
- "/*"
420
- ]
421
- ]
422
- }
423
- }
424
- ],
425
- "Version": "2012-10-17"
426
- }
427
- }
428
- },
429
- "constructInfo": {
430
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
431
- "version": "2.160.0"
432
- }
433
- }
434
- },
435
- "constructInfo": {
436
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
437
- "version": "2.160.0"
438
- }
439
- }
440
- },
441
- "constructInfo": {
442
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
443
- "version": "2.160.0"
444
- }
445
- },
446
- "CloudfrontLoggingBucketAccessLog": {
447
- "id": "CloudfrontLoggingBucketAccessLog",
448
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog",
449
- "children": {
450
- "Resource": {
451
- "id": "Resource",
452
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource",
453
- "attributes": {
454
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
455
- "aws:cdk:cloudformation:props": {
456
- "bucketEncryption": {
457
- "serverSideEncryptionConfiguration": [
458
- {
459
- "serverSideEncryptionByDefault": {
460
- "sseAlgorithm": "AES256"
461
- }
462
- }
463
- ]
464
- },
465
- "publicAccessBlockConfiguration": {
466
- "blockPublicAcls": true,
467
- "blockPublicPolicy": true,
468
- "ignorePublicAcls": true,
469
- "restrictPublicBuckets": true
470
- },
471
- "tags": [
472
- {
473
- "key": "aws-cdk:auto-delete-objects",
474
- "value": "true"
475
- }
476
- ],
477
- "versioningConfiguration": {
478
- "status": "Enabled"
479
- }
480
- }
481
- },
482
- "constructInfo": {
483
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
484
- "version": "2.160.0"
485
- }
486
- },
487
- "Policy": {
488
- "id": "Policy",
489
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy",
490
- "children": {
491
- "Resource": {
492
- "id": "Resource",
493
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource",
494
- "attributes": {
495
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
496
- "aws:cdk:cloudformation:props": {
497
- "bucket": {
498
- "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"
499
- },
500
- "policyDocument": {
501
- "Statement": [
502
- {
503
- "Action": "s3:*",
504
- "Condition": {
505
- "Bool": {
506
- "aws:SecureTransport": "false"
507
- }
508
- },
509
- "Effect": "Deny",
510
- "Principal": {
511
- "AWS": "*"
512
- },
513
- "Resource": [
514
- {
515
- "Fn::GetAtt": [
516
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
517
- "Arn"
518
- ]
519
- },
520
- {
521
- "Fn::Join": [
522
- "",
523
- [
524
- {
525
- "Fn::GetAtt": [
526
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
527
- "Arn"
528
- ]
529
- },
530
- "/*"
531
- ]
532
- ]
533
- }
534
- ]
535
- },
536
- {
537
- "Action": [
538
- "s3:DeleteObject*",
539
- "s3:GetBucket*",
540
- "s3:List*",
541
- "s3:PutBucketPolicy"
542
- ],
543
- "Effect": "Allow",
544
- "Principal": {
545
- "AWS": {
546
- "Fn::GetAtt": [
547
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
548
- "Arn"
549
- ]
550
- }
551
- },
552
- "Resource": [
553
- {
554
- "Fn::GetAtt": [
555
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
556
- "Arn"
557
- ]
558
- },
559
- {
560
- "Fn::Join": [
561
- "",
562
- [
563
- {
564
- "Fn::GetAtt": [
565
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
566
- "Arn"
567
- ]
568
- },
569
- "/*"
570
- ]
571
- ]
572
- }
573
- ]
574
- },
575
- {
576
- "Action": "s3:PutObject",
577
- "Condition": {
578
- "ArnLike": {
579
- "aws:SourceArn": {
580
- "Fn::GetAtt": [
581
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
582
- "Arn"
583
- ]
584
- }
585
- },
586
- "StringEquals": {
587
- "aws:SourceAccount": {
588
- "Ref": "AWS::AccountId"
589
- }
590
- }
591
- },
592
- "Effect": "Allow",
593
- "Principal": {
594
- "Service": "logging.s3.amazonaws.com"
595
- },
596
- "Resource": {
597
- "Fn::Join": [
598
- "",
599
- [
600
- {
601
- "Fn::GetAtt": [
602
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
603
- "Arn"
604
- ]
605
- },
606
- "/*"
607
- ]
608
- ]
609
- }
610
- }
611
- ],
612
- "Version": "2012-10-17"
613
- }
614
- }
615
- },
616
- "constructInfo": {
617
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
618
- "version": "2.160.0"
619
- }
620
- }
621
- },
622
- "constructInfo": {
623
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
624
- "version": "2.160.0"
625
- }
626
- },
627
- "AutoDeleteObjectsCustomResource": {
628
- "id": "AutoDeleteObjectsCustomResource",
629
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource",
630
- "children": {
631
- "Default": {
632
- "id": "Default",
633
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default",
634
- "constructInfo": {
635
- "fqn": "aws-cdk-lib.CfnResource",
636
- "version": "2.160.0"
637
- }
638
- }
639
- },
640
- "constructInfo": {
641
- "fqn": "aws-cdk-lib.CustomResource",
642
- "version": "2.160.0"
643
- }
644
- }
645
- },
646
- "constructInfo": {
647
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
648
- "version": "2.160.0"
649
- }
650
- },
651
- "CloudfrontLoggingBucket": {
652
- "id": "CloudfrontLoggingBucket",
653
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket",
654
- "children": {
655
- "Resource": {
656
- "id": "Resource",
657
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource",
658
- "attributes": {
659
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
660
- "aws:cdk:cloudformation:props": {
661
- "bucketEncryption": {
662
- "serverSideEncryptionConfiguration": [
663
- {
664
- "serverSideEncryptionByDefault": {
665
- "sseAlgorithm": "AES256"
666
- }
667
- }
668
- ]
669
- },
670
- "loggingConfiguration": {
671
- "destinationBucketName": {
672
- "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"
673
- }
674
- },
675
- "ownershipControls": {
676
- "rules": [
677
- {
678
- "objectOwnership": "ObjectWriter"
679
- }
680
- ]
681
- },
682
- "publicAccessBlockConfiguration": {
683
- "blockPublicAcls": true,
684
- "blockPublicPolicy": true,
685
- "ignorePublicAcls": true,
686
- "restrictPublicBuckets": true
687
- },
688
- "tags": [
689
- {
690
- "key": "aws-cdk:auto-delete-objects",
691
- "value": "true"
692
- }
693
- ],
694
- "versioningConfiguration": {
695
- "status": "Enabled"
696
- }
697
- }
698
- },
699
- "constructInfo": {
700
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
701
- "version": "2.160.0"
702
- }
703
- },
704
- "Policy": {
705
- "id": "Policy",
706
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy",
707
- "children": {
708
- "Resource": {
709
- "id": "Resource",
710
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource",
711
- "attributes": {
712
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
713
- "aws:cdk:cloudformation:props": {
714
- "bucket": {
715
- "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"
716
- },
717
- "policyDocument": {
718
- "Statement": [
719
- {
720
- "Action": "s3:*",
721
- "Condition": {
722
- "Bool": {
723
- "aws:SecureTransport": "false"
724
- }
725
- },
726
- "Effect": "Deny",
727
- "Principal": {
728
- "AWS": "*"
729
- },
730
- "Resource": [
731
- {
732
- "Fn::GetAtt": [
733
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
734
- "Arn"
735
- ]
736
- },
737
- {
738
- "Fn::Join": [
739
- "",
740
- [
741
- {
742
- "Fn::GetAtt": [
743
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
744
- "Arn"
745
- ]
746
- },
747
- "/*"
748
- ]
749
- ]
750
- }
751
- ]
752
- },
753
- {
754
- "Action": [
755
- "s3:DeleteObject*",
756
- "s3:GetBucket*",
757
- "s3:List*",
758
- "s3:PutBucketPolicy"
759
- ],
760
- "Effect": "Allow",
761
- "Principal": {
762
- "AWS": {
763
- "Fn::GetAtt": [
764
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
765
- "Arn"
766
- ]
767
- }
768
- },
769
- "Resource": [
770
- {
771
- "Fn::GetAtt": [
772
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
773
- "Arn"
774
- ]
775
- },
776
- {
777
- "Fn::Join": [
778
- "",
779
- [
780
- {
781
- "Fn::GetAtt": [
782
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
783
- "Arn"
784
- ]
785
- },
786
- "/*"
787
- ]
788
- ]
789
- }
790
- ]
791
- }
792
- ],
793
- "Version": "2012-10-17"
794
- }
795
- }
796
- },
797
- "constructInfo": {
798
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
799
- "version": "2.160.0"
800
- }
801
- }
802
- },
803
- "constructInfo": {
804
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
805
- "version": "2.160.0"
806
- }
807
- },
808
- "AutoDeleteObjectsCustomResource": {
809
- "id": "AutoDeleteObjectsCustomResource",
810
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource",
811
- "children": {
812
- "Default": {
813
- "id": "Default",
814
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default",
815
- "constructInfo": {
816
- "fqn": "aws-cdk-lib.CfnResource",
817
- "version": "2.160.0"
818
- }
819
- }
820
- },
821
- "constructInfo": {
822
- "fqn": "aws-cdk-lib.CustomResource",
823
- "version": "2.160.0"
824
- }
825
- }
826
- },
827
- "constructInfo": {
828
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
829
- "version": "2.160.0"
830
- }
831
- },
832
- "CloudFrontOac": {
833
- "id": "CloudFrontOac",
834
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac",
835
- "attributes": {
836
- "aws:cdk:cloudformation:type": "AWS::CloudFront::OriginAccessControl",
837
- "aws:cdk:cloudformation:props": {
838
- "originAccessControlConfig": {
839
- "name": {
840
- "Fn::Join": [
841
- "",
842
- [
843
- "aws-cloudfront-s3-testn-key-",
844
- {
845
- "Fn::Select": [
846
- 2,
847
- {
848
- "Fn::Split": [
849
- "/",
850
- {
851
- "Ref": "AWS::StackId"
852
- }
853
- ]
854
- }
855
- ]
856
- }
857
- ]
858
- ]
859
- },
860
- "originAccessControlOriginType": "s3",
861
- "signingBehavior": "always",
862
- "signingProtocol": "sigv4",
863
- "description": "Origin access control provisioned by aws-cloudfront-s3"
864
- }
865
- }
866
- },
867
- "constructInfo": {
868
- "fqn": "aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl",
869
- "version": "2.160.0"
870
- }
871
- },
872
- "CloudFrontDistribution": {
873
- "id": "CloudFrontDistribution",
874
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution",
875
- "children": {
876
- "Origin1": {
877
- "id": "Origin1",
878
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1",
879
- "constructInfo": {
880
- "fqn": "constructs.Construct",
881
- "version": "10.3.0"
882
- }
883
- },
884
- "Resource": {
885
- "id": "Resource",
886
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource",
887
- "attributes": {
888
- "aws:cdk:cloudformation:type": "AWS::CloudFront::Distribution",
889
- "aws:cdk:cloudformation:props": {
890
- "distributionConfig": {
891
- "enabled": true,
892
- "origins": [
893
- {
894
- "domainName": {
895
- "Fn::GetAtt": [
896
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
897
- "RegionalDomainName"
898
- ]
899
- },
900
- "id": "cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3",
901
- "s3OriginConfig": {
902
- "originAccessIdentity": ""
903
- }
904
- }
905
- ],
906
- "defaultCacheBehavior": {
907
- "pathPattern": "*",
908
- "targetOriginId": "cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3",
909
- "cachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
910
- "compress": true,
911
- "viewerProtocolPolicy": "redirect-to-https"
912
- },
913
- "defaultRootObject": "index.html",
914
- "httpVersion": "http2",
915
- "ipv6Enabled": true,
916
- "logging": {
917
- "bucket": {
918
- "Fn::GetAtt": [
919
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
920
- "RegionalDomainName"
921
- ]
922
- }
923
- }
924
- }
925
- }
926
- },
927
- "constructInfo": {
928
- "fqn": "aws-cdk-lib.aws_cloudfront.CfnDistribution",
929
- "version": "2.160.0"
930
- }
931
- }
932
- },
933
- "constructInfo": {
934
- "fqn": "aws-cdk-lib.aws_cloudfront.Distribution",
935
- "version": "2.160.0"
936
- }
937
- },
938
- "LambdaFunctionServiceRole": {
939
- "id": "LambdaFunctionServiceRole",
940
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole",
941
- "children": {
942
- "ImportLambdaFunctionServiceRole": {
943
- "id": "ImportLambdaFunctionServiceRole",
944
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole",
945
- "constructInfo": {
946
- "fqn": "aws-cdk-lib.Resource",
947
- "version": "2.160.0"
948
- }
949
- },
950
- "Resource": {
951
- "id": "Resource",
952
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource",
953
- "attributes": {
954
- "aws:cdk:cloudformation:type": "AWS::IAM::Role",
955
- "aws:cdk:cloudformation:props": {
956
- "assumeRolePolicyDocument": {
957
- "Statement": [
958
- {
959
- "Action": "sts:AssumeRole",
960
- "Effect": "Allow",
961
- "Principal": {
962
- "Service": "lambda.amazonaws.com"
963
- }
964
- }
965
- ],
966
- "Version": "2012-10-17"
967
- },
968
- "policies": [
969
- {
970
- "policyName": "LambdaFunctionServiceRolePolicy",
971
- "policyDocument": {
972
- "Statement": [
973
- {
974
- "Action": [
975
- "logs:CreateLogGroup",
976
- "logs:CreateLogStream",
977
- "logs:PutLogEvents"
978
- ],
979
- "Effect": "Allow",
980
- "Resource": {
981
- "Fn::Join": [
982
- "",
983
- [
984
- "arn:",
985
- {
986
- "Ref": "AWS::Partition"
987
- },
988
- ":logs:",
989
- {
990
- "Ref": "AWS::Region"
991
- },
992
- ":",
993
- {
994
- "Ref": "AWS::AccountId"
995
- },
996
- ":log-group:/aws/lambda/*"
997
- ]
998
- ]
999
- }
1000
- }
1001
- ],
1002
- "Version": "2012-10-17"
1003
- }
1004
- }
1005
- ]
1006
- }
1007
- },
1008
- "constructInfo": {
1009
- "fqn": "aws-cdk-lib.aws_iam.CfnRole",
1010
- "version": "2.160.0"
1011
- }
1012
- },
1013
- "DefaultPolicy": {
1014
- "id": "DefaultPolicy",
1015
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/DefaultPolicy",
1016
- "children": {
1017
- "Resource": {
1018
- "id": "Resource",
1019
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/DefaultPolicy/Resource",
1020
- "attributes": {
1021
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
1022
- "aws:cdk:cloudformation:props": {
1023
- "policyDocument": {
1024
- "Statement": [
1025
- {
1026
- "Action": [
1027
- "xray:PutTelemetryRecords",
1028
- "xray:PutTraceSegments"
1029
- ],
1030
- "Effect": "Allow",
1031
- "Resource": "*"
1032
- }
1033
- ],
1034
- "Version": "2012-10-17"
1035
- },
1036
- "policyName": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRoleDefaultPolicyE566BC43",
1037
- "roles": [
1038
- {
1039
- "Ref": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"
1040
- }
1041
- ]
1042
- }
1043
- },
1044
- "constructInfo": {
1045
- "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
1046
- "version": "2.160.0"
1047
- }
1048
- }
1049
- },
1050
- "constructInfo": {
1051
- "fqn": "aws-cdk-lib.aws_iam.Policy",
1052
- "version": "2.160.0"
1053
- }
1054
- }
1055
- },
1056
- "constructInfo": {
1057
- "fqn": "aws-cdk-lib.aws_iam.Role",
1058
- "version": "2.160.0"
1059
- }
1060
- },
1061
- "LambdaFunction": {
1062
- "id": "LambdaFunction",
1063
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction",
1064
- "children": {
1065
- "Code": {
1066
- "id": "Code",
1067
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code",
1068
- "children": {
1069
- "Stage": {
1070
- "id": "Stage",
1071
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage",
1072
- "constructInfo": {
1073
- "fqn": "aws-cdk-lib.AssetStaging",
1074
- "version": "2.160.0"
1075
- }
1076
- },
1077
- "AssetBucket": {
1078
- "id": "AssetBucket",
1079
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket",
1080
- "constructInfo": {
1081
- "fqn": "aws-cdk-lib.aws_s3.BucketBase",
1082
- "version": "2.160.0"
1083
- }
1084
- }
1085
- },
1086
- "constructInfo": {
1087
- "fqn": "aws-cdk-lib.aws_s3_assets.Asset",
1088
- "version": "2.160.0"
1089
- }
1090
- },
1091
- "Resource": {
1092
- "id": "Resource",
1093
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource",
1094
- "attributes": {
1095
- "aws:cdk:cloudformation:type": "AWS::Lambda::Function",
1096
- "aws:cdk:cloudformation:props": {
1097
- "code": {
1098
- "s3Bucket": {
1099
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1100
- },
1101
- "s3Key": "e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"
1102
- },
1103
- "description": "Custom resource function that updates a provided key policy to allow CloudFront access.",
1104
- "environment": {
1105
- "variables": {
1106
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
1107
- }
1108
- },
1109
- "handler": "index.handler",
1110
- "role": {
1111
- "Fn::GetAtt": [
1112
- "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D",
1113
- "Arn"
1114
- ]
1115
- },
1116
- "runtime": "nodejs20.x",
1117
- "tracingConfig": {
1118
- "mode": "Active"
1119
- }
1120
- }
1121
- },
1122
- "constructInfo": {
1123
- "fqn": "aws-cdk-lib.aws_lambda.CfnFunction",
1124
- "version": "2.160.0"
1125
- }
1126
- }
1127
- },
1128
- "constructInfo": {
1129
- "fqn": "aws-cdk-lib.aws_lambda.Function",
1130
- "version": "2.160.0"
1131
- }
1132
- },
1133
- "test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy": {
1134
- "id": "test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy",
1135
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy",
1136
- "children": {
1137
- "Resource": {
1138
- "id": "Resource",
1139
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource",
1140
- "attributes": {
1141
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
1142
- "aws:cdk:cloudformation:props": {
1143
- "policyDocument": {
1144
- "Statement": [
1145
- {
1146
- "Action": [
1147
- "kms:DescribeKey",
1148
- "kms:GetKeyPolicy",
1149
- "kms:PutKeyPolicy"
1150
- ],
1151
- "Effect": "Allow",
1152
- "Resource": {
1153
- "Fn::GetAtt": [
1154
- "cmkKey598B20B2",
1155
- "Arn"
1156
- ]
1157
- }
1158
- }
1159
- ],
1160
- "Version": "2012-10-17"
1161
- },
1162
- "policyName": "testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975",
1163
- "roles": [
1164
- {
1165
- "Ref": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"
1166
- }
1167
- ]
1168
- }
1169
- },
1170
- "constructInfo": {
1171
- "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
1172
- "version": "2.160.0"
1173
- }
1174
- }
1175
- },
1176
- "constructInfo": {
1177
- "fqn": "aws-cdk-lib.aws_iam.Policy",
1178
- "version": "2.160.0"
1179
- }
1180
- },
1181
- "KmsKeyPolicyUpdateProvider": {
1182
- "id": "KmsKeyPolicyUpdateProvider",
1183
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider",
1184
- "children": {
1185
- "framework-onEvent": {
1186
- "id": "framework-onEvent",
1187
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent",
1188
- "children": {
1189
- "ServiceRole": {
1190
- "id": "ServiceRole",
1191
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole",
1192
- "children": {
1193
- "ImportServiceRole": {
1194
- "id": "ImportServiceRole",
1195
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole",
1196
- "constructInfo": {
1197
- "fqn": "aws-cdk-lib.Resource",
1198
- "version": "2.160.0"
1199
- }
1200
- },
1201
- "Resource": {
1202
- "id": "Resource",
1203
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource",
1204
- "attributes": {
1205
- "aws:cdk:cloudformation:type": "AWS::IAM::Role",
1206
- "aws:cdk:cloudformation:props": {
1207
- "assumeRolePolicyDocument": {
1208
- "Statement": [
1209
- {
1210
- "Action": "sts:AssumeRole",
1211
- "Effect": "Allow",
1212
- "Principal": {
1213
- "Service": "lambda.amazonaws.com"
1214
- }
1215
- }
1216
- ],
1217
- "Version": "2012-10-17"
1218
- },
1219
- "managedPolicyArns": [
1220
- {
1221
- "Fn::Join": [
1222
- "",
1223
- [
1224
- "arn:",
1225
- {
1226
- "Ref": "AWS::Partition"
1227
- },
1228
- ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1229
- ]
1230
- ]
1231
- }
1232
- ]
1233
- }
1234
- },
1235
- "constructInfo": {
1236
- "fqn": "aws-cdk-lib.aws_iam.CfnRole",
1237
- "version": "2.160.0"
1238
- }
1239
- },
1240
- "DefaultPolicy": {
1241
- "id": "DefaultPolicy",
1242
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy",
1243
- "children": {
1244
- "Resource": {
1245
- "id": "Resource",
1246
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource",
1247
- "attributes": {
1248
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
1249
- "aws:cdk:cloudformation:props": {
1250
- "policyDocument": {
1251
- "Statement": [
1252
- {
1253
- "Action": "lambda:InvokeFunction",
1254
- "Effect": "Allow",
1255
- "Resource": [
1256
- {
1257
- "Fn::GetAtt": [
1258
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1259
- "Arn"
1260
- ]
1261
- },
1262
- {
1263
- "Fn::Join": [
1264
- "",
1265
- [
1266
- {
1267
- "Fn::GetAtt": [
1268
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1269
- "Arn"
1270
- ]
1271
- },
1272
- ":*"
1273
- ]
1274
- ]
1275
- }
1276
- ]
1277
- }
1278
- ],
1279
- "Version": "2012-10-17"
1280
- },
1281
- "policyName": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751",
1282
- "roles": [
1283
- {
1284
- "Ref": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"
1285
- }
1286
- ]
1287
- }
1288
- },
1289
- "constructInfo": {
1290
- "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
1291
- "version": "2.160.0"
1292
- }
1293
- }
1294
- },
1295
- "constructInfo": {
1296
- "fqn": "aws-cdk-lib.aws_iam.Policy",
1297
- "version": "2.160.0"
1298
- }
1299
- }
1300
- },
1301
- "constructInfo": {
1302
- "fqn": "aws-cdk-lib.aws_iam.Role",
1303
- "version": "2.160.0"
1304
- }
1305
- },
1306
- "Code": {
1307
- "id": "Code",
1308
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code",
1309
- "children": {
1310
- "Stage": {
1311
- "id": "Stage",
1312
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage",
1313
- "constructInfo": {
1314
- "fqn": "aws-cdk-lib.AssetStaging",
1315
- "version": "2.160.0"
1316
- }
1317
- },
1318
- "AssetBucket": {
1319
- "id": "AssetBucket",
1320
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket",
1321
- "constructInfo": {
1322
- "fqn": "aws-cdk-lib.aws_s3.BucketBase",
1323
- "version": "2.160.0"
1324
- }
1325
- }
1326
- },
1327
- "constructInfo": {
1328
- "fqn": "aws-cdk-lib.aws_s3_assets.Asset",
1329
- "version": "2.160.0"
1330
- }
1331
- },
1332
- "Resource": {
1333
- "id": "Resource",
1334
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource",
1335
- "attributes": {
1336
- "aws:cdk:cloudformation:type": "AWS::Lambda::Function",
1337
- "aws:cdk:cloudformation:props": {
1338
- "code": {
1339
- "s3Bucket": {
1340
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1341
- },
1342
- "s3Key": "4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e.zip"
1343
- },
1344
- "description": "AWS CDK resource provider framework - onEvent (cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)",
1345
- "environment": {
1346
- "variables": {
1347
- "USER_ON_EVENT_FUNCTION_ARN": {
1348
- "Fn::GetAtt": [
1349
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1350
- "Arn"
1351
- ]
1352
- }
1353
- }
1354
- },
1355
- "handler": "framework.onEvent",
1356
- "role": {
1357
- "Fn::GetAtt": [
1358
- "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD",
1359
- "Arn"
1360
- ]
1361
- },
1362
- "runtime": {
1363
- "Fn::FindInMap": [
1364
- "LatestNodeRuntimeMap",
1365
- {
1366
- "Ref": "AWS::Region"
1367
- },
1368
- "value"
1369
- ]
1370
- },
1371
- "timeout": 900
1372
- }
1373
- },
1374
- "constructInfo": {
1375
- "fqn": "aws-cdk-lib.aws_lambda.CfnFunction",
1376
- "version": "2.160.0"
1377
- }
1378
- }
1379
- },
1380
- "constructInfo": {
1381
- "fqn": "aws-cdk-lib.aws_lambda.Function",
1382
- "version": "2.160.0"
1383
- }
1384
- }
1385
- },
1386
- "constructInfo": {
1387
- "fqn": "aws-cdk-lib.custom_resources.Provider",
1388
- "version": "2.160.0"
1389
- }
1390
- },
1391
- "KmsKeyPolicyUpdater": {
1392
- "id": "KmsKeyPolicyUpdater",
1393
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater",
1394
- "children": {
1395
- "Default": {
1396
- "id": "Default",
1397
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default",
1398
- "constructInfo": {
1399
- "fqn": "aws-cdk-lib.CfnResource",
1400
- "version": "2.160.0"
1401
- }
1402
- }
1403
- },
1404
- "constructInfo": {
1405
- "fqn": "aws-cdk-lib.CustomResource",
1406
- "version": "2.160.0"
1407
- }
1408
- }
1409
- },
1410
- "constructInfo": {
1411
- "fqn": "@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3",
1412
- "version": "2.71.0"
1413
- }
1414
- },
1415
- "LatestNodeRuntimeMap": {
1416
- "id": "LatestNodeRuntimeMap",
1417
- "path": "cfts3-cmk-provided-as-bucket-prop/LatestNodeRuntimeMap",
1418
- "constructInfo": {
1419
- "fqn": "aws-cdk-lib.CfnMapping",
1420
- "version": "2.160.0"
1421
- }
1422
- },
1423
- "Custom::S3AutoDeleteObjectsCustomResourceProvider": {
1424
- "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider",
1425
- "path": "cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider",
1426
- "children": {
1427
- "Staging": {
1428
- "id": "Staging",
1429
- "path": "cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging",
1430
- "constructInfo": {
1431
- "fqn": "aws-cdk-lib.AssetStaging",
1432
- "version": "2.160.0"
1433
- }
1434
- },
1435
- "Role": {
1436
- "id": "Role",
1437
- "path": "cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role",
1438
- "constructInfo": {
1439
- "fqn": "aws-cdk-lib.CfnResource",
1440
- "version": "2.160.0"
1441
- }
1442
- },
1443
- "Handler": {
1444
- "id": "Handler",
1445
- "path": "cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler",
1446
- "constructInfo": {
1447
- "fqn": "aws-cdk-lib.CfnResource",
1448
- "version": "2.160.0"
1449
- }
1450
- }
1451
- },
1452
- "constructInfo": {
1453
- "fqn": "aws-cdk-lib.CustomResourceProviderBase",
1454
- "version": "2.160.0"
1455
- }
1456
- },
1457
- "Integ": {
1458
- "id": "Integ",
1459
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ",
1460
- "children": {
1461
- "DefaultTest": {
1462
- "id": "DefaultTest",
1463
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest",
1464
- "children": {
1465
- "Default": {
1466
- "id": "Default",
1467
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/Default",
1468
- "constructInfo": {
1469
- "fqn": "constructs.Construct",
1470
- "version": "10.3.0"
1471
- }
1472
- },
1473
- "DeployAssert": {
1474
- "id": "DeployAssert",
1475
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert",
1476
- "children": {
1477
- "BootstrapVersion": {
1478
- "id": "BootstrapVersion",
1479
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/BootstrapVersion",
1480
- "constructInfo": {
1481
- "fqn": "aws-cdk-lib.CfnParameter",
1482
- "version": "2.160.0"
1483
- }
1484
- },
1485
- "CheckBootstrapVersion": {
1486
- "id": "CheckBootstrapVersion",
1487
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion",
1488
- "constructInfo": {
1489
- "fqn": "aws-cdk-lib.CfnRule",
1490
- "version": "2.160.0"
1491
- }
1492
- }
1493
- },
1494
- "constructInfo": {
1495
- "fqn": "aws-cdk-lib.Stack",
1496
- "version": "2.160.0"
1497
- }
1498
- }
1499
- },
1500
- "constructInfo": {
1501
- "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase",
1502
- "version": "2.160.0-alpha.0"
1503
- }
1504
- }
1505
- },
1506
- "constructInfo": {
1507
- "fqn": "@aws-cdk/integ-tests-alpha.IntegTest",
1508
- "version": "2.160.0-alpha.0"
1509
- }
1510
- },
1511
- "BootstrapVersion": {
1512
- "id": "BootstrapVersion",
1513
- "path": "cfts3-cmk-provided-as-bucket-prop/BootstrapVersion",
1514
- "constructInfo": {
1515
- "fqn": "aws-cdk-lib.CfnParameter",
1516
- "version": "2.160.0"
1517
- }
1518
- },
1519
- "CheckBootstrapVersion": {
1520
- "id": "CheckBootstrapVersion",
1521
- "path": "cfts3-cmk-provided-as-bucket-prop/CheckBootstrapVersion",
1522
- "constructInfo": {
1523
- "fqn": "aws-cdk-lib.CfnRule",
1524
- "version": "2.160.0"
1525
- }
1526
- }
1527
- },
1528
- "constructInfo": {
1529
- "fqn": "aws-cdk-lib.Stack",
1530
- "version": "2.160.0"
1531
- }
1532
- },
1533
- "Tree": {
1534
- "id": "Tree",
1535
- "path": "Tree",
1536
- "constructInfo": {
1537
- "fqn": "constructs.Construct",
1538
- "version": "10.3.0"
1539
- }
1540
- }
1541
- },
1542
- "constructInfo": {
1543
- "fqn": "aws-cdk-lib.App",
1544
- "version": "2.160.0"
1545
- }
1546
- }
1547
- }
1
+ {"version":"tree-0.1","tree":{"id":"App","path":"","children":{"cfts3-cmk-provided-as-bucket-prop":{"id":"cfts3-cmk-provided-as-bucket-prop","path":"cfts3-cmk-provided-as-bucket-prop","children":{"cmkKey":{"id":"cmkKey","path":"cfts3-cmk-provided-as-bucket-prop/cmkKey","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/cmkKey/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::KMS::Key","aws:cdk:cloudformation:props":{"enableKeyRotation":true,"keyPolicy":{"Statement":[{"Action":"kms:*","Effect":"Allow","Principal":{"AWS":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::",{"Ref":"AWS::AccountId"},":root"]]}},"Resource":"*"}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_kms.CfnKey","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_kms.Key","version":"2.186.0","metadata":[{"enableKeyRotation":true,"removalPolicy":"destroy"}]}},"test-cloudfront-s3-cmk-encryption-key":{"id":"test-cloudfront-s3-cmk-encryption-key","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key","children":{"S3LoggingBucket":{"id":"S3LoggingBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource","children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]}},"S3Bucket":{"id":"S3Bucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms","kmsMasterKeyId":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"}},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"KMS","versioned":true,"blockPublicAccess":"*","removalPolicy":"retain","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"serverAccessLogsBucket":"*","encryptionKey":"*"},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]}},"CloudfrontLoggingBucketAccessLog":{"id":"CloudfrontLoggingBucketAccessLog","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource","children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]}},"CloudfrontLoggingBucket":{"id":"CloudfrontLoggingBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"}},"ownershipControls":{"rules":[{"objectOwnership":"ObjectWriter"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource","children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true,"objectOwnership":"ObjectWriter","serverAccessLogsBucket":"*"}]}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac","attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testn-key-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.186.0"}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution","children":{"Origin1":{"id":"Origin1","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","RegionalDomainName"]},"id":"cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https"},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true,"logging":{"bucket":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","RegionalDomainName"]}}}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.186.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https"},"enableLogging":true,"logBucket":"*","defaultRootObject":"*"}]}},"LambdaFunctionServiceRole":{"id":"LambdaFunctionServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole","children":{"ImportLambdaFunctionServiceRole":{"id":"ImportLambdaFunctionServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.186.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"LambdaFunctionServiceRolePolicy","policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/*"]]}}],"Version":"2012-10-17"}}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.186.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*"},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]}},"LambdaFunction":{"id":"LambdaFunction","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction","children":{"Code":{"id":"Code","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code","children":{"Stage":{"id":"Stage","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.186.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.186.0","metadata":[]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.186.0"}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"},"description":"Custom resource function that updates a provided key policy to allow CloudFront access.","environment":{"variables":{"AWS_NODEJS_CONNECTION_REUSE_ENABLED":"1"}},"handler":"index.handler","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D","Arn"]},"runtime":"nodejs20.x","tracingConfig":{"mode":"Active"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.186.0"}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyLambdaFunctioninlinePolicyAddedToExecutionRole030BCEDF3","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.186.0","metadata":[{"role":"*","tracing":"Active","runtime":"*","handler":"*","description":"*","timeout":"*","memorySize":"*","code":"*"},{"addEnvironment":["*","*",{"removeInEdge":true}]}]}},"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy":{"id":"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["kms:DescribeKey","kms:GetKeyPolicy","kms:PutKeyPolicy"],"Effect":"Allow","Resource":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]}},"KmsKeyPolicyUpdateProvider":{"id":"KmsKeyPolicyUpdateProvider","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider","children":{"framework-onEvent":{"id":"framework-onEvent","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent","children":{"ServiceRole":{"id":"ServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole","children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.186.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.186.0"}},"DefaultPolicy":{"id":"DefaultPolicy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:InvokeFunction","Effect":"Allow","Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},":*"]]}]}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.186.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]}},"Code":{"id":"Code","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code","children":{"Stage":{"id":"Stage","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.186.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.186.0","metadata":[]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.186.0"}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"},"description":"AWS CDK resource provider framework - onEvent (cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)","environment":{"variables":{"USER_ON_EVENT_FUNCTION_ARN":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}},"handler":"framework.onEvent","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD","Arn"]},"runtime":{"Fn::FindInMap":["LatestNodeRuntimeMap",{"Ref":"AWS::Region"},"value"]},"timeout":900}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.186.0"}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:GetFunction","Effect":"Allow","Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventinlinePolicyAddedToExecutionRole0055AB010","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.186.0","metadata":[{"code":"*","description":"*","runtime":"*","handler":"*","timeout":"*","logGroup":"*","vpc":"*","vpcSubnets":"*","securityGroups":"*","role":"*","functionName":"*","environmentEncryption":"*"},{"addEnvironment":["*","*"]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.custom_resources.Provider","version":"2.186.0"}},"KmsKeyPolicyUpdater":{"id":"KmsKeyPolicyUpdater","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater","children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.80.0"}},"LatestNodeRuntimeMap":{"id":"LatestNodeRuntimeMap","path":"cfts3-cmk-provided-as-bucket-prop/LatestNodeRuntimeMap","constructInfo":{"fqn":"aws-cdk-lib.CfnMapping","version":"2.186.0"}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider","children":{"Staging":{"id":"Staging","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.186.0"}},"Role":{"id":"Role","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}},"Handler":{"id":"Handler","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.186.0"}},"Integ":{"id":"Integ","path":"cfts3-cmk-provided-as-bucket-prop/Integ","children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest","children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert","children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.186.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.186.0"}}},"constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.186.0-alpha.0"}}},"constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.186.0-alpha.0"}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.186.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.186.0"}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}},"constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.186.0"}}}