@aws-solutions-constructs/aws-cloudfront-s3 2.80.0 → 2.81.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/.jsii +44 -5
  2. package/lib/index.js +1 -1
  3. package/package.json +8 -8
  4. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -1
  5. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +3 -3
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +50 -45
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +1 -1
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +1 -1
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +97 -55
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1 -1917
  11. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -1
  12. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +3 -3
  13. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +50 -45
  14. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +1 -1
  15. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +1 -1
  16. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +97 -55
  17. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1 -1850
@@ -1,1917 +1 @@
1
- {
2
- "version": "tree-0.1",
3
- "tree": {
4
- "id": "App",
5
- "path": "",
6
- "children": {
7
- "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket": {
8
- "id": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket",
9
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket",
10
- "children": {
11
- "cmkKey": {
12
- "id": "cmkKey",
13
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey",
14
- "children": {
15
- "Resource": {
16
- "id": "Resource",
17
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey/Resource",
18
- "attributes": {
19
- "aws:cdk:cloudformation:type": "AWS::KMS::Key",
20
- "aws:cdk:cloudformation:props": {
21
- "enableKeyRotation": true,
22
- "keyPolicy": {
23
- "Statement": [
24
- {
25
- "Action": "kms:*",
26
- "Effect": "Allow",
27
- "Principal": {
28
- "AWS": {
29
- "Fn::Join": [
30
- "",
31
- [
32
- "arn:",
33
- {
34
- "Ref": "AWS::Partition"
35
- },
36
- ":iam::",
37
- {
38
- "Ref": "AWS::AccountId"
39
- },
40
- ":root"
41
- ]
42
- ]
43
- }
44
- },
45
- "Resource": "*"
46
- }
47
- ],
48
- "Version": "2012-10-17"
49
- }
50
- }
51
- },
52
- "constructInfo": {
53
- "fqn": "aws-cdk-lib.aws_kms.CfnKey",
54
- "version": "2.179.0"
55
- }
56
- }
57
- },
58
- "constructInfo": {
59
- "fqn": "aws-cdk-lib.aws_kms.Key",
60
- "version": "2.179.0",
61
- "metadata": [
62
- {
63
- "enableKeyRotation": true,
64
- "removalPolicy": "destroy"
65
- }
66
- ]
67
- }
68
- },
69
- "existing-s3-bucket-encrypted-with-cmkS3LoggingBucket": {
70
- "id": "existing-s3-bucket-encrypted-with-cmkS3LoggingBucket",
71
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket",
72
- "children": {
73
- "Resource": {
74
- "id": "Resource",
75
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Resource",
76
- "attributes": {
77
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
78
- "aws:cdk:cloudformation:props": {
79
- "bucketEncryption": {
80
- "serverSideEncryptionConfiguration": [
81
- {
82
- "serverSideEncryptionByDefault": {
83
- "sseAlgorithm": "AES256"
84
- }
85
- }
86
- ]
87
- },
88
- "publicAccessBlockConfiguration": {
89
- "blockPublicAcls": true,
90
- "blockPublicPolicy": true,
91
- "ignorePublicAcls": true,
92
- "restrictPublicBuckets": true
93
- },
94
- "tags": [
95
- {
96
- "key": "aws-cdk:auto-delete-objects",
97
- "value": "true"
98
- }
99
- ],
100
- "versioningConfiguration": {
101
- "status": "Enabled"
102
- }
103
- }
104
- },
105
- "constructInfo": {
106
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
107
- "version": "2.179.0"
108
- }
109
- },
110
- "Policy": {
111
- "id": "Policy",
112
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy",
113
- "children": {
114
- "Resource": {
115
- "id": "Resource",
116
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy/Resource",
117
- "attributes": {
118
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
119
- "aws:cdk:cloudformation:props": {
120
- "bucket": {
121
- "Ref": "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"
122
- },
123
- "policyDocument": {
124
- "Statement": [
125
- {
126
- "Action": "s3:*",
127
- "Condition": {
128
- "Bool": {
129
- "aws:SecureTransport": "false"
130
- }
131
- },
132
- "Effect": "Deny",
133
- "Principal": {
134
- "AWS": "*"
135
- },
136
- "Resource": [
137
- {
138
- "Fn::GetAtt": [
139
- "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B",
140
- "Arn"
141
- ]
142
- },
143
- {
144
- "Fn::Join": [
145
- "",
146
- [
147
- {
148
- "Fn::GetAtt": [
149
- "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B",
150
- "Arn"
151
- ]
152
- },
153
- "/*"
154
- ]
155
- ]
156
- }
157
- ]
158
- },
159
- {
160
- "Action": [
161
- "s3:DeleteObject*",
162
- "s3:GetBucket*",
163
- "s3:List*",
164
- "s3:PutBucketPolicy"
165
- ],
166
- "Effect": "Allow",
167
- "Principal": {
168
- "AWS": {
169
- "Fn::GetAtt": [
170
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
171
- "Arn"
172
- ]
173
- }
174
- },
175
- "Resource": [
176
- {
177
- "Fn::GetAtt": [
178
- "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B",
179
- "Arn"
180
- ]
181
- },
182
- {
183
- "Fn::Join": [
184
- "",
185
- [
186
- {
187
- "Fn::GetAtt": [
188
- "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B",
189
- "Arn"
190
- ]
191
- },
192
- "/*"
193
- ]
194
- ]
195
- }
196
- ]
197
- },
198
- {
199
- "Action": "s3:PutObject",
200
- "Condition": {
201
- "ArnLike": {
202
- "aws:SourceArn": {
203
- "Fn::GetAtt": [
204
- "existings3bucketencryptedwithcmkS3BucketCC461491",
205
- "Arn"
206
- ]
207
- }
208
- },
209
- "StringEquals": {
210
- "aws:SourceAccount": {
211
- "Ref": "AWS::AccountId"
212
- }
213
- }
214
- },
215
- "Effect": "Allow",
216
- "Principal": {
217
- "Service": "logging.s3.amazonaws.com"
218
- },
219
- "Resource": {
220
- "Fn::Join": [
221
- "",
222
- [
223
- {
224
- "Fn::GetAtt": [
225
- "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B",
226
- "Arn"
227
- ]
228
- },
229
- "/*"
230
- ]
231
- ]
232
- }
233
- }
234
- ],
235
- "Version": "2012-10-17"
236
- }
237
- }
238
- },
239
- "constructInfo": {
240
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
241
- "version": "2.179.0"
242
- }
243
- }
244
- },
245
- "constructInfo": {
246
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
247
- "version": "2.179.0",
248
- "metadata": [
249
- {
250
- "bucket": "*"
251
- }
252
- ]
253
- }
254
- },
255
- "AutoDeleteObjectsCustomResource": {
256
- "id": "AutoDeleteObjectsCustomResource",
257
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource",
258
- "children": {
259
- "Default": {
260
- "id": "Default",
261
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource/Default",
262
- "constructInfo": {
263
- "fqn": "aws-cdk-lib.CfnResource",
264
- "version": "2.179.0"
265
- }
266
- }
267
- },
268
- "constructInfo": {
269
- "fqn": "aws-cdk-lib.CustomResource",
270
- "version": "2.179.0",
271
- "metadata": [
272
- "*"
273
- ]
274
- }
275
- }
276
- },
277
- "constructInfo": {
278
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
279
- "version": "2.179.0",
280
- "metadata": [
281
- {
282
- "encryption": "S3_MANAGED",
283
- "versioned": true,
284
- "blockPublicAccess": "*",
285
- "removalPolicy": "destroy",
286
- "enforceSSL": true,
287
- "autoDeleteObjects": true
288
- }
289
- ]
290
- }
291
- },
292
- "LatestNodeRuntimeMap": {
293
- "id": "LatestNodeRuntimeMap",
294
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/LatestNodeRuntimeMap",
295
- "constructInfo": {
296
- "fqn": "aws-cdk-lib.CfnMapping",
297
- "version": "2.179.0"
298
- }
299
- },
300
- "Custom::S3AutoDeleteObjectsCustomResourceProvider": {
301
- "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider",
302
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider",
303
- "children": {
304
- "Staging": {
305
- "id": "Staging",
306
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging",
307
- "constructInfo": {
308
- "fqn": "aws-cdk-lib.AssetStaging",
309
- "version": "2.179.0"
310
- }
311
- },
312
- "Role": {
313
- "id": "Role",
314
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role",
315
- "constructInfo": {
316
- "fqn": "aws-cdk-lib.CfnResource",
317
- "version": "2.179.0"
318
- }
319
- },
320
- "Handler": {
321
- "id": "Handler",
322
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler",
323
- "constructInfo": {
324
- "fqn": "aws-cdk-lib.CfnResource",
325
- "version": "2.179.0"
326
- }
327
- }
328
- },
329
- "constructInfo": {
330
- "fqn": "aws-cdk-lib.CustomResourceProviderBase",
331
- "version": "2.179.0"
332
- }
333
- },
334
- "existing-s3-bucket-encrypted-with-cmkS3Bucket": {
335
- "id": "existing-s3-bucket-encrypted-with-cmkS3Bucket",
336
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket",
337
- "children": {
338
- "Resource": {
339
- "id": "Resource",
340
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Resource",
341
- "attributes": {
342
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
343
- "aws:cdk:cloudformation:props": {
344
- "bucketEncryption": {
345
- "serverSideEncryptionConfiguration": [
346
- {
347
- "serverSideEncryptionByDefault": {
348
- "sseAlgorithm": "aws:kms",
349
- "kmsMasterKeyId": {
350
- "Fn::GetAtt": [
351
- "cmkKey598B20B2",
352
- "Arn"
353
- ]
354
- }
355
- }
356
- }
357
- ]
358
- },
359
- "lifecycleConfiguration": {
360
- "rules": [
361
- {
362
- "noncurrentVersionTransitions": [
363
- {
364
- "storageClass": "GLACIER",
365
- "transitionInDays": 90
366
- }
367
- ],
368
- "status": "Enabled"
369
- }
370
- ]
371
- },
372
- "loggingConfiguration": {
373
- "destinationBucketName": {
374
- "Ref": "existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"
375
- }
376
- },
377
- "publicAccessBlockConfiguration": {
378
- "blockPublicAcls": true,
379
- "blockPublicPolicy": true,
380
- "ignorePublicAcls": true,
381
- "restrictPublicBuckets": true
382
- },
383
- "tags": [
384
- {
385
- "key": "aws-cdk:auto-delete-objects",
386
- "value": "true"
387
- }
388
- ],
389
- "versioningConfiguration": {
390
- "status": "Enabled"
391
- }
392
- }
393
- },
394
- "constructInfo": {
395
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
396
- "version": "2.179.0"
397
- }
398
- },
399
- "Policy": {
400
- "id": "Policy",
401
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy",
402
- "children": {
403
- "Resource": {
404
- "id": "Resource",
405
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy/Resource",
406
- "attributes": {
407
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
408
- "aws:cdk:cloudformation:props": {
409
- "bucket": {
410
- "Ref": "existings3bucketencryptedwithcmkS3BucketCC461491"
411
- },
412
- "policyDocument": {
413
- "Statement": [
414
- {
415
- "Action": "s3:*",
416
- "Condition": {
417
- "Bool": {
418
- "aws:SecureTransport": "false"
419
- }
420
- },
421
- "Effect": "Deny",
422
- "Principal": {
423
- "AWS": "*"
424
- },
425
- "Resource": [
426
- {
427
- "Fn::GetAtt": [
428
- "existings3bucketencryptedwithcmkS3BucketCC461491",
429
- "Arn"
430
- ]
431
- },
432
- {
433
- "Fn::Join": [
434
- "",
435
- [
436
- {
437
- "Fn::GetAtt": [
438
- "existings3bucketencryptedwithcmkS3BucketCC461491",
439
- "Arn"
440
- ]
441
- },
442
- "/*"
443
- ]
444
- ]
445
- }
446
- ]
447
- },
448
- {
449
- "Action": [
450
- "s3:DeleteObject*",
451
- "s3:GetBucket*",
452
- "s3:List*",
453
- "s3:PutBucketPolicy"
454
- ],
455
- "Effect": "Allow",
456
- "Principal": {
457
- "AWS": {
458
- "Fn::GetAtt": [
459
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
460
- "Arn"
461
- ]
462
- }
463
- },
464
- "Resource": [
465
- {
466
- "Fn::GetAtt": [
467
- "existings3bucketencryptedwithcmkS3BucketCC461491",
468
- "Arn"
469
- ]
470
- },
471
- {
472
- "Fn::Join": [
473
- "",
474
- [
475
- {
476
- "Fn::GetAtt": [
477
- "existings3bucketencryptedwithcmkS3BucketCC461491",
478
- "Arn"
479
- ]
480
- },
481
- "/*"
482
- ]
483
- ]
484
- }
485
- ]
486
- },
487
- {
488
- "Action": "s3:GetObject",
489
- "Condition": {
490
- "StringEquals": {
491
- "AWS:SourceArn": {
492
- "Fn::Join": [
493
- "",
494
- [
495
- "arn:",
496
- {
497
- "Ref": "AWS::Partition"
498
- },
499
- ":cloudfront::",
500
- {
501
- "Ref": "AWS::AccountId"
502
- },
503
- ":distribution/",
504
- {
505
- "Ref": "testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"
506
- }
507
- ]
508
- ]
509
- }
510
- }
511
- },
512
- "Effect": "Allow",
513
- "Principal": {
514
- "Service": "cloudfront.amazonaws.com"
515
- },
516
- "Resource": {
517
- "Fn::Join": [
518
- "",
519
- [
520
- {
521
- "Fn::GetAtt": [
522
- "existings3bucketencryptedwithcmkS3BucketCC461491",
523
- "Arn"
524
- ]
525
- },
526
- "/*"
527
- ]
528
- ]
529
- }
530
- }
531
- ],
532
- "Version": "2012-10-17"
533
- }
534
- }
535
- },
536
- "constructInfo": {
537
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
538
- "version": "2.179.0"
539
- }
540
- }
541
- },
542
- "constructInfo": {
543
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
544
- "version": "2.179.0",
545
- "metadata": [
546
- {
547
- "bucket": "*"
548
- }
549
- ]
550
- }
551
- },
552
- "AutoDeleteObjectsCustomResource": {
553
- "id": "AutoDeleteObjectsCustomResource",
554
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource",
555
- "children": {
556
- "Default": {
557
- "id": "Default",
558
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource/Default",
559
- "constructInfo": {
560
- "fqn": "aws-cdk-lib.CfnResource",
561
- "version": "2.179.0"
562
- }
563
- }
564
- },
565
- "constructInfo": {
566
- "fqn": "aws-cdk-lib.CustomResource",
567
- "version": "2.179.0",
568
- "metadata": [
569
- "*"
570
- ]
571
- }
572
- }
573
- },
574
- "constructInfo": {
575
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
576
- "version": "2.179.0",
577
- "metadata": [
578
- {
579
- "encryption": "KMS",
580
- "versioned": true,
581
- "blockPublicAccess": "*",
582
- "removalPolicy": "destroy",
583
- "enforceSSL": true,
584
- "lifecycleRules": [
585
- {
586
- "noncurrentVersionTransitions": [
587
- {
588
- "storageClass": "*"
589
- }
590
- ]
591
- }
592
- ],
593
- "serverAccessLogsBucket": "*",
594
- "encryptionKey": "*",
595
- "autoDeleteObjects": true
596
- },
597
- {
598
- "addLifecycleRule": [
599
- {
600
- "noncurrentVersionTransitions": [
601
- {
602
- "storageClass": "*"
603
- }
604
- ]
605
- },
606
- "*",
607
- "*"
608
- ]
609
- }
610
- ]
611
- }
612
- },
613
- "test-cloudfront-s3-cmk-encryption-key": {
614
- "id": "test-cloudfront-s3-cmk-encryption-key",
615
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key",
616
- "children": {
617
- "CloudfrontLoggingBucketAccessLog": {
618
- "id": "CloudfrontLoggingBucketAccessLog",
619
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog",
620
- "children": {
621
- "Resource": {
622
- "id": "Resource",
623
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource",
624
- "attributes": {
625
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
626
- "aws:cdk:cloudformation:props": {
627
- "bucketEncryption": {
628
- "serverSideEncryptionConfiguration": [
629
- {
630
- "serverSideEncryptionByDefault": {
631
- "sseAlgorithm": "AES256"
632
- }
633
- }
634
- ]
635
- },
636
- "publicAccessBlockConfiguration": {
637
- "blockPublicAcls": true,
638
- "blockPublicPolicy": true,
639
- "ignorePublicAcls": true,
640
- "restrictPublicBuckets": true
641
- },
642
- "tags": [
643
- {
644
- "key": "aws-cdk:auto-delete-objects",
645
- "value": "true"
646
- }
647
- ],
648
- "versioningConfiguration": {
649
- "status": "Enabled"
650
- }
651
- }
652
- },
653
- "constructInfo": {
654
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
655
- "version": "2.179.0"
656
- }
657
- },
658
- "Policy": {
659
- "id": "Policy",
660
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy",
661
- "children": {
662
- "Resource": {
663
- "id": "Resource",
664
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource",
665
- "attributes": {
666
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
667
- "aws:cdk:cloudformation:props": {
668
- "bucket": {
669
- "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"
670
- },
671
- "policyDocument": {
672
- "Statement": [
673
- {
674
- "Action": "s3:*",
675
- "Condition": {
676
- "Bool": {
677
- "aws:SecureTransport": "false"
678
- }
679
- },
680
- "Effect": "Deny",
681
- "Principal": {
682
- "AWS": "*"
683
- },
684
- "Resource": [
685
- {
686
- "Fn::GetAtt": [
687
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
688
- "Arn"
689
- ]
690
- },
691
- {
692
- "Fn::Join": [
693
- "",
694
- [
695
- {
696
- "Fn::GetAtt": [
697
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
698
- "Arn"
699
- ]
700
- },
701
- "/*"
702
- ]
703
- ]
704
- }
705
- ]
706
- },
707
- {
708
- "Action": [
709
- "s3:DeleteObject*",
710
- "s3:GetBucket*",
711
- "s3:List*",
712
- "s3:PutBucketPolicy"
713
- ],
714
- "Effect": "Allow",
715
- "Principal": {
716
- "AWS": {
717
- "Fn::GetAtt": [
718
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
719
- "Arn"
720
- ]
721
- }
722
- },
723
- "Resource": [
724
- {
725
- "Fn::GetAtt": [
726
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
727
- "Arn"
728
- ]
729
- },
730
- {
731
- "Fn::Join": [
732
- "",
733
- [
734
- {
735
- "Fn::GetAtt": [
736
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
737
- "Arn"
738
- ]
739
- },
740
- "/*"
741
- ]
742
- ]
743
- }
744
- ]
745
- },
746
- {
747
- "Action": "s3:PutObject",
748
- "Condition": {
749
- "ArnLike": {
750
- "aws:SourceArn": {
751
- "Fn::GetAtt": [
752
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
753
- "Arn"
754
- ]
755
- }
756
- },
757
- "StringEquals": {
758
- "aws:SourceAccount": {
759
- "Ref": "AWS::AccountId"
760
- }
761
- }
762
- },
763
- "Effect": "Allow",
764
- "Principal": {
765
- "Service": "logging.s3.amazonaws.com"
766
- },
767
- "Resource": {
768
- "Fn::Join": [
769
- "",
770
- [
771
- {
772
- "Fn::GetAtt": [
773
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
774
- "Arn"
775
- ]
776
- },
777
- "/*"
778
- ]
779
- ]
780
- }
781
- }
782
- ],
783
- "Version": "2012-10-17"
784
- }
785
- }
786
- },
787
- "constructInfo": {
788
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
789
- "version": "2.179.0"
790
- }
791
- }
792
- },
793
- "constructInfo": {
794
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
795
- "version": "2.179.0",
796
- "metadata": [
797
- {
798
- "bucket": "*"
799
- }
800
- ]
801
- }
802
- },
803
- "AutoDeleteObjectsCustomResource": {
804
- "id": "AutoDeleteObjectsCustomResource",
805
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource",
806
- "children": {
807
- "Default": {
808
- "id": "Default",
809
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default",
810
- "constructInfo": {
811
- "fqn": "aws-cdk-lib.CfnResource",
812
- "version": "2.179.0"
813
- }
814
- }
815
- },
816
- "constructInfo": {
817
- "fqn": "aws-cdk-lib.CustomResource",
818
- "version": "2.179.0",
819
- "metadata": [
820
- "*"
821
- ]
822
- }
823
- }
824
- },
825
- "constructInfo": {
826
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
827
- "version": "2.179.0",
828
- "metadata": [
829
- {
830
- "encryption": "S3_MANAGED",
831
- "versioned": true,
832
- "blockPublicAccess": "*",
833
- "removalPolicy": "destroy",
834
- "enforceSSL": true,
835
- "autoDeleteObjects": true
836
- }
837
- ]
838
- }
839
- },
840
- "CloudfrontLoggingBucket": {
841
- "id": "CloudfrontLoggingBucket",
842
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket",
843
- "children": {
844
- "Resource": {
845
- "id": "Resource",
846
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource",
847
- "attributes": {
848
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
849
- "aws:cdk:cloudformation:props": {
850
- "bucketEncryption": {
851
- "serverSideEncryptionConfiguration": [
852
- {
853
- "serverSideEncryptionByDefault": {
854
- "sseAlgorithm": "AES256"
855
- }
856
- }
857
- ]
858
- },
859
- "loggingConfiguration": {
860
- "destinationBucketName": {
861
- "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"
862
- }
863
- },
864
- "ownershipControls": {
865
- "rules": [
866
- {
867
- "objectOwnership": "ObjectWriter"
868
- }
869
- ]
870
- },
871
- "publicAccessBlockConfiguration": {
872
- "blockPublicAcls": true,
873
- "blockPublicPolicy": true,
874
- "ignorePublicAcls": true,
875
- "restrictPublicBuckets": true
876
- },
877
- "tags": [
878
- {
879
- "key": "aws-cdk:auto-delete-objects",
880
- "value": "true"
881
- }
882
- ],
883
- "versioningConfiguration": {
884
- "status": "Enabled"
885
- }
886
- }
887
- },
888
- "constructInfo": {
889
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
890
- "version": "2.179.0"
891
- }
892
- },
893
- "Policy": {
894
- "id": "Policy",
895
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy",
896
- "children": {
897
- "Resource": {
898
- "id": "Resource",
899
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource",
900
- "attributes": {
901
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
902
- "aws:cdk:cloudformation:props": {
903
- "bucket": {
904
- "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"
905
- },
906
- "policyDocument": {
907
- "Statement": [
908
- {
909
- "Action": "s3:*",
910
- "Condition": {
911
- "Bool": {
912
- "aws:SecureTransport": "false"
913
- }
914
- },
915
- "Effect": "Deny",
916
- "Principal": {
917
- "AWS": "*"
918
- },
919
- "Resource": [
920
- {
921
- "Fn::GetAtt": [
922
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
923
- "Arn"
924
- ]
925
- },
926
- {
927
- "Fn::Join": [
928
- "",
929
- [
930
- {
931
- "Fn::GetAtt": [
932
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
933
- "Arn"
934
- ]
935
- },
936
- "/*"
937
- ]
938
- ]
939
- }
940
- ]
941
- },
942
- {
943
- "Action": [
944
- "s3:DeleteObject*",
945
- "s3:GetBucket*",
946
- "s3:List*",
947
- "s3:PutBucketPolicy"
948
- ],
949
- "Effect": "Allow",
950
- "Principal": {
951
- "AWS": {
952
- "Fn::GetAtt": [
953
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
954
- "Arn"
955
- ]
956
- }
957
- },
958
- "Resource": [
959
- {
960
- "Fn::GetAtt": [
961
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
962
- "Arn"
963
- ]
964
- },
965
- {
966
- "Fn::Join": [
967
- "",
968
- [
969
- {
970
- "Fn::GetAtt": [
971
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
972
- "Arn"
973
- ]
974
- },
975
- "/*"
976
- ]
977
- ]
978
- }
979
- ]
980
- }
981
- ],
982
- "Version": "2012-10-17"
983
- }
984
- }
985
- },
986
- "constructInfo": {
987
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
988
- "version": "2.179.0"
989
- }
990
- }
991
- },
992
- "constructInfo": {
993
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
994
- "version": "2.179.0",
995
- "metadata": [
996
- {
997
- "bucket": "*"
998
- }
999
- ]
1000
- }
1001
- },
1002
- "AutoDeleteObjectsCustomResource": {
1003
- "id": "AutoDeleteObjectsCustomResource",
1004
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource",
1005
- "children": {
1006
- "Default": {
1007
- "id": "Default",
1008
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default",
1009
- "constructInfo": {
1010
- "fqn": "aws-cdk-lib.CfnResource",
1011
- "version": "2.179.0"
1012
- }
1013
- }
1014
- },
1015
- "constructInfo": {
1016
- "fqn": "aws-cdk-lib.CustomResource",
1017
- "version": "2.179.0",
1018
- "metadata": [
1019
- "*"
1020
- ]
1021
- }
1022
- }
1023
- },
1024
- "constructInfo": {
1025
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
1026
- "version": "2.179.0",
1027
- "metadata": [
1028
- {
1029
- "encryption": "S3_MANAGED",
1030
- "versioned": true,
1031
- "blockPublicAccess": "*",
1032
- "removalPolicy": "destroy",
1033
- "enforceSSL": true,
1034
- "autoDeleteObjects": true,
1035
- "objectOwnership": "ObjectWriter",
1036
- "serverAccessLogsBucket": "*"
1037
- }
1038
- ]
1039
- }
1040
- },
1041
- "CloudFrontOac": {
1042
- "id": "CloudFrontOac",
1043
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac",
1044
- "attributes": {
1045
- "aws:cdk:cloudformation:type": "AWS::CloudFront::OriginAccessControl",
1046
- "aws:cdk:cloudformation:props": {
1047
- "originAccessControlConfig": {
1048
- "name": {
1049
- "Fn::Join": [
1050
- "",
1051
- [
1052
- "aws-cloudfront-s3-testn-key-",
1053
- {
1054
- "Fn::Select": [
1055
- 2,
1056
- {
1057
- "Fn::Split": [
1058
- "/",
1059
- {
1060
- "Ref": "AWS::StackId"
1061
- }
1062
- ]
1063
- }
1064
- ]
1065
- }
1066
- ]
1067
- ]
1068
- },
1069
- "originAccessControlOriginType": "s3",
1070
- "signingBehavior": "always",
1071
- "signingProtocol": "sigv4",
1072
- "description": "Origin access control provisioned by aws-cloudfront-s3"
1073
- }
1074
- }
1075
- },
1076
- "constructInfo": {
1077
- "fqn": "aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl",
1078
- "version": "2.179.0"
1079
- }
1080
- },
1081
- "CloudFrontDistribution": {
1082
- "id": "CloudFrontDistribution",
1083
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution",
1084
- "children": {
1085
- "Origin1": {
1086
- "id": "Origin1",
1087
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1",
1088
- "constructInfo": {
1089
- "fqn": "constructs.Construct",
1090
- "version": "10.4.2"
1091
- }
1092
- },
1093
- "Resource": {
1094
- "id": "Resource",
1095
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource",
1096
- "attributes": {
1097
- "aws:cdk:cloudformation:type": "AWS::CloudFront::Distribution",
1098
- "aws:cdk:cloudformation:props": {
1099
- "distributionConfig": {
1100
- "enabled": true,
1101
- "origins": [
1102
- {
1103
- "domainName": {
1104
- "Fn::GetAtt": [
1105
- "existings3bucketencryptedwithcmkS3BucketCC461491",
1106
- "RegionalDomainName"
1107
- ]
1108
- },
1109
- "id": "cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5",
1110
- "s3OriginConfig": {
1111
- "originAccessIdentity": ""
1112
- }
1113
- }
1114
- ],
1115
- "defaultCacheBehavior": {
1116
- "pathPattern": "*",
1117
- "targetOriginId": "cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5",
1118
- "cachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
1119
- "compress": true,
1120
- "viewerProtocolPolicy": "redirect-to-https"
1121
- },
1122
- "defaultRootObject": "index.html",
1123
- "httpVersion": "http2",
1124
- "ipv6Enabled": true,
1125
- "logging": {
1126
- "bucket": {
1127
- "Fn::GetAtt": [
1128
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
1129
- "RegionalDomainName"
1130
- ]
1131
- }
1132
- }
1133
- }
1134
- }
1135
- },
1136
- "constructInfo": {
1137
- "fqn": "aws-cdk-lib.aws_cloudfront.CfnDistribution",
1138
- "version": "2.179.0"
1139
- }
1140
- }
1141
- },
1142
- "constructInfo": {
1143
- "fqn": "aws-cdk-lib.aws_cloudfront.Distribution",
1144
- "version": "2.179.0",
1145
- "metadata": [
1146
- {
1147
- "defaultBehavior": {
1148
- "origin": "*",
1149
- "viewerProtocolPolicy": "redirect-to-https"
1150
- },
1151
- "enableLogging": true,
1152
- "logBucket": "*",
1153
- "defaultRootObject": "*"
1154
- }
1155
- ]
1156
- }
1157
- },
1158
- "LambdaFunctionServiceRole": {
1159
- "id": "LambdaFunctionServiceRole",
1160
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole",
1161
- "children": {
1162
- "ImportLambdaFunctionServiceRole": {
1163
- "id": "ImportLambdaFunctionServiceRole",
1164
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole",
1165
- "constructInfo": {
1166
- "fqn": "aws-cdk-lib.Resource",
1167
- "version": "2.179.0",
1168
- "metadata": [
1169
- "*"
1170
- ]
1171
- }
1172
- },
1173
- "Resource": {
1174
- "id": "Resource",
1175
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource",
1176
- "attributes": {
1177
- "aws:cdk:cloudformation:type": "AWS::IAM::Role",
1178
- "aws:cdk:cloudformation:props": {
1179
- "assumeRolePolicyDocument": {
1180
- "Statement": [
1181
- {
1182
- "Action": "sts:AssumeRole",
1183
- "Effect": "Allow",
1184
- "Principal": {
1185
- "Service": "lambda.amazonaws.com"
1186
- }
1187
- }
1188
- ],
1189
- "Version": "2012-10-17"
1190
- },
1191
- "policies": [
1192
- {
1193
- "policyName": "LambdaFunctionServiceRolePolicy",
1194
- "policyDocument": {
1195
- "Statement": [
1196
- {
1197
- "Action": [
1198
- "logs:CreateLogGroup",
1199
- "logs:CreateLogStream",
1200
- "logs:PutLogEvents"
1201
- ],
1202
- "Effect": "Allow",
1203
- "Resource": {
1204
- "Fn::Join": [
1205
- "",
1206
- [
1207
- "arn:",
1208
- {
1209
- "Ref": "AWS::Partition"
1210
- },
1211
- ":logs:",
1212
- {
1213
- "Ref": "AWS::Region"
1214
- },
1215
- ":",
1216
- {
1217
- "Ref": "AWS::AccountId"
1218
- },
1219
- ":log-group:/aws/lambda/*"
1220
- ]
1221
- ]
1222
- }
1223
- }
1224
- ],
1225
- "Version": "2012-10-17"
1226
- }
1227
- }
1228
- ]
1229
- }
1230
- },
1231
- "constructInfo": {
1232
- "fqn": "aws-cdk-lib.aws_iam.CfnRole",
1233
- "version": "2.179.0"
1234
- }
1235
- },
1236
- "DefaultPolicy": {
1237
- "id": "DefaultPolicy",
1238
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/DefaultPolicy",
1239
- "children": {
1240
- "Resource": {
1241
- "id": "Resource",
1242
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/DefaultPolicy/Resource",
1243
- "attributes": {
1244
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
1245
- "aws:cdk:cloudformation:props": {
1246
- "policyDocument": {
1247
- "Statement": [
1248
- {
1249
- "Action": [
1250
- "xray:PutTelemetryRecords",
1251
- "xray:PutTraceSegments"
1252
- ],
1253
- "Effect": "Allow",
1254
- "Resource": "*"
1255
- }
1256
- ],
1257
- "Version": "2012-10-17"
1258
- },
1259
- "policyName": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRoleDefaultPolicyE566BC43",
1260
- "roles": [
1261
- {
1262
- "Ref": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"
1263
- }
1264
- ]
1265
- }
1266
- },
1267
- "constructInfo": {
1268
- "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
1269
- "version": "2.179.0"
1270
- }
1271
- }
1272
- },
1273
- "constructInfo": {
1274
- "fqn": "aws-cdk-lib.aws_iam.Policy",
1275
- "version": "2.179.0",
1276
- "metadata": [
1277
- "*",
1278
- {
1279
- "attachToRole": [
1280
- "*"
1281
- ]
1282
- },
1283
- {
1284
- "attachToRole": [
1285
- "*"
1286
- ]
1287
- },
1288
- {
1289
- "addStatements": [
1290
- {}
1291
- ]
1292
- }
1293
- ]
1294
- }
1295
- }
1296
- },
1297
- "constructInfo": {
1298
- "fqn": "aws-cdk-lib.aws_iam.Role",
1299
- "version": "2.179.0",
1300
- "metadata": [
1301
- {
1302
- "assumedBy": {
1303
- "principalAccount": "*",
1304
- "assumeRoleAction": "*"
1305
- },
1306
- "inlinePolicies": "*"
1307
- },
1308
- {
1309
- "addToPrincipalPolicy": [
1310
- {}
1311
- ]
1312
- },
1313
- {
1314
- "attachInlinePolicy": [
1315
- "*"
1316
- ]
1317
- },
1318
- {
1319
- "attachInlinePolicy": [
1320
- "*"
1321
- ]
1322
- },
1323
- {
1324
- "attachInlinePolicy": [
1325
- "*"
1326
- ]
1327
- },
1328
- {
1329
- "attachInlinePolicy": [
1330
- "*"
1331
- ]
1332
- }
1333
- ]
1334
- }
1335
- },
1336
- "LambdaFunction": {
1337
- "id": "LambdaFunction",
1338
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction",
1339
- "children": {
1340
- "Code": {
1341
- "id": "Code",
1342
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code",
1343
- "children": {
1344
- "Stage": {
1345
- "id": "Stage",
1346
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage",
1347
- "constructInfo": {
1348
- "fqn": "aws-cdk-lib.AssetStaging",
1349
- "version": "2.179.0"
1350
- }
1351
- },
1352
- "AssetBucket": {
1353
- "id": "AssetBucket",
1354
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket",
1355
- "constructInfo": {
1356
- "fqn": "aws-cdk-lib.aws_s3.BucketBase",
1357
- "version": "2.179.0",
1358
- "metadata": []
1359
- }
1360
- }
1361
- },
1362
- "constructInfo": {
1363
- "fqn": "aws-cdk-lib.aws_s3_assets.Asset",
1364
- "version": "2.179.0"
1365
- }
1366
- },
1367
- "Resource": {
1368
- "id": "Resource",
1369
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource",
1370
- "attributes": {
1371
- "aws:cdk:cloudformation:type": "AWS::Lambda::Function",
1372
- "aws:cdk:cloudformation:props": {
1373
- "code": {
1374
- "s3Bucket": {
1375
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1376
- },
1377
- "s3Key": "e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"
1378
- },
1379
- "description": "Custom resource function that updates a provided key policy to allow CloudFront access.",
1380
- "environment": {
1381
- "variables": {
1382
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
1383
- }
1384
- },
1385
- "handler": "index.handler",
1386
- "role": {
1387
- "Fn::GetAtt": [
1388
- "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D",
1389
- "Arn"
1390
- ]
1391
- },
1392
- "runtime": "nodejs20.x",
1393
- "tracingConfig": {
1394
- "mode": "Active"
1395
- }
1396
- }
1397
- },
1398
- "constructInfo": {
1399
- "fqn": "aws-cdk-lib.aws_lambda.CfnFunction",
1400
- "version": "2.179.0"
1401
- }
1402
- }
1403
- },
1404
- "constructInfo": {
1405
- "fqn": "aws-cdk-lib.aws_lambda.Function",
1406
- "version": "2.179.0",
1407
- "metadata": [
1408
- {
1409
- "role": "*",
1410
- "tracing": "Active",
1411
- "runtime": "*",
1412
- "handler": "*",
1413
- "description": "*",
1414
- "timeout": "*",
1415
- "memorySize": "*",
1416
- "code": "*"
1417
- },
1418
- {
1419
- "addEnvironment": [
1420
- "*",
1421
- "*",
1422
- {
1423
- "removeInEdge": true
1424
- }
1425
- ]
1426
- }
1427
- ]
1428
- }
1429
- },
1430
- "test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy": {
1431
- "id": "test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy",
1432
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy",
1433
- "children": {
1434
- "Resource": {
1435
- "id": "Resource",
1436
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource",
1437
- "attributes": {
1438
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
1439
- "aws:cdk:cloudformation:props": {
1440
- "policyDocument": {
1441
- "Statement": [
1442
- {
1443
- "Action": [
1444
- "kms:DescribeKey",
1445
- "kms:GetKeyPolicy",
1446
- "kms:PutKeyPolicy"
1447
- ],
1448
- "Effect": "Allow",
1449
- "Resource": {
1450
- "Fn::GetAtt": [
1451
- "cmkKey598B20B2",
1452
- "Arn"
1453
- ]
1454
- }
1455
- }
1456
- ],
1457
- "Version": "2012-10-17"
1458
- },
1459
- "policyName": "testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975",
1460
- "roles": [
1461
- {
1462
- "Ref": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"
1463
- }
1464
- ]
1465
- }
1466
- },
1467
- "constructInfo": {
1468
- "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
1469
- "version": "2.179.0"
1470
- }
1471
- }
1472
- },
1473
- "constructInfo": {
1474
- "fqn": "aws-cdk-lib.aws_iam.Policy",
1475
- "version": "2.179.0",
1476
- "metadata": [
1477
- {
1478
- "statements": "*"
1479
- },
1480
- {
1481
- "addStatements": [
1482
- {}
1483
- ]
1484
- },
1485
- {
1486
- "attachToRole": [
1487
- "*"
1488
- ]
1489
- },
1490
- {
1491
- "attachToRole": [
1492
- "*"
1493
- ]
1494
- }
1495
- ]
1496
- }
1497
- },
1498
- "KmsKeyPolicyUpdateProvider": {
1499
- "id": "KmsKeyPolicyUpdateProvider",
1500
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider",
1501
- "children": {
1502
- "framework-onEvent": {
1503
- "id": "framework-onEvent",
1504
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent",
1505
- "children": {
1506
- "ServiceRole": {
1507
- "id": "ServiceRole",
1508
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole",
1509
- "children": {
1510
- "ImportServiceRole": {
1511
- "id": "ImportServiceRole",
1512
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole",
1513
- "constructInfo": {
1514
- "fqn": "aws-cdk-lib.Resource",
1515
- "version": "2.179.0",
1516
- "metadata": [
1517
- "*"
1518
- ]
1519
- }
1520
- },
1521
- "Resource": {
1522
- "id": "Resource",
1523
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource",
1524
- "attributes": {
1525
- "aws:cdk:cloudformation:type": "AWS::IAM::Role",
1526
- "aws:cdk:cloudformation:props": {
1527
- "assumeRolePolicyDocument": {
1528
- "Statement": [
1529
- {
1530
- "Action": "sts:AssumeRole",
1531
- "Effect": "Allow",
1532
- "Principal": {
1533
- "Service": "lambda.amazonaws.com"
1534
- }
1535
- }
1536
- ],
1537
- "Version": "2012-10-17"
1538
- },
1539
- "managedPolicyArns": [
1540
- {
1541
- "Fn::Join": [
1542
- "",
1543
- [
1544
- "arn:",
1545
- {
1546
- "Ref": "AWS::Partition"
1547
- },
1548
- ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1549
- ]
1550
- ]
1551
- }
1552
- ]
1553
- }
1554
- },
1555
- "constructInfo": {
1556
- "fqn": "aws-cdk-lib.aws_iam.CfnRole",
1557
- "version": "2.179.0"
1558
- }
1559
- },
1560
- "DefaultPolicy": {
1561
- "id": "DefaultPolicy",
1562
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy",
1563
- "children": {
1564
- "Resource": {
1565
- "id": "Resource",
1566
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource",
1567
- "attributes": {
1568
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
1569
- "aws:cdk:cloudformation:props": {
1570
- "policyDocument": {
1571
- "Statement": [
1572
- {
1573
- "Action": "lambda:InvokeFunction",
1574
- "Effect": "Allow",
1575
- "Resource": [
1576
- {
1577
- "Fn::GetAtt": [
1578
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1579
- "Arn"
1580
- ]
1581
- },
1582
- {
1583
- "Fn::Join": [
1584
- "",
1585
- [
1586
- {
1587
- "Fn::GetAtt": [
1588
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1589
- "Arn"
1590
- ]
1591
- },
1592
- ":*"
1593
- ]
1594
- ]
1595
- }
1596
- ]
1597
- },
1598
- {
1599
- "Action": "lambda:GetFunction",
1600
- "Effect": "Allow",
1601
- "Resource": {
1602
- "Fn::GetAtt": [
1603
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1604
- "Arn"
1605
- ]
1606
- }
1607
- }
1608
- ],
1609
- "Version": "2012-10-17"
1610
- },
1611
- "policyName": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751",
1612
- "roles": [
1613
- {
1614
- "Ref": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"
1615
- }
1616
- ]
1617
- }
1618
- },
1619
- "constructInfo": {
1620
- "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
1621
- "version": "2.179.0"
1622
- }
1623
- }
1624
- },
1625
- "constructInfo": {
1626
- "fqn": "aws-cdk-lib.aws_iam.Policy",
1627
- "version": "2.179.0",
1628
- "metadata": [
1629
- "*",
1630
- {
1631
- "attachToRole": [
1632
- "*"
1633
- ]
1634
- },
1635
- {
1636
- "attachToRole": [
1637
- "*"
1638
- ]
1639
- },
1640
- {
1641
- "addStatements": [
1642
- {}
1643
- ]
1644
- },
1645
- {
1646
- "addStatements": [
1647
- {}
1648
- ]
1649
- }
1650
- ]
1651
- }
1652
- }
1653
- },
1654
- "constructInfo": {
1655
- "fqn": "aws-cdk-lib.aws_iam.Role",
1656
- "version": "2.179.0",
1657
- "metadata": [
1658
- {
1659
- "assumedBy": {
1660
- "principalAccount": "*",
1661
- "assumeRoleAction": "*"
1662
- },
1663
- "managedPolicies": [
1664
- {
1665
- "managedPolicyArn": "*"
1666
- }
1667
- ]
1668
- },
1669
- {
1670
- "addToPrincipalPolicy": [
1671
- {}
1672
- ]
1673
- },
1674
- {
1675
- "attachInlinePolicy": [
1676
- "*"
1677
- ]
1678
- },
1679
- {
1680
- "attachInlinePolicy": [
1681
- "*"
1682
- ]
1683
- },
1684
- {
1685
- "addToPrincipalPolicy": [
1686
- {}
1687
- ]
1688
- }
1689
- ]
1690
- }
1691
- },
1692
- "Code": {
1693
- "id": "Code",
1694
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code",
1695
- "children": {
1696
- "Stage": {
1697
- "id": "Stage",
1698
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage",
1699
- "constructInfo": {
1700
- "fqn": "aws-cdk-lib.AssetStaging",
1701
- "version": "2.179.0"
1702
- }
1703
- },
1704
- "AssetBucket": {
1705
- "id": "AssetBucket",
1706
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket",
1707
- "constructInfo": {
1708
- "fqn": "aws-cdk-lib.aws_s3.BucketBase",
1709
- "version": "2.179.0",
1710
- "metadata": []
1711
- }
1712
- }
1713
- },
1714
- "constructInfo": {
1715
- "fqn": "aws-cdk-lib.aws_s3_assets.Asset",
1716
- "version": "2.179.0"
1717
- }
1718
- },
1719
- "Resource": {
1720
- "id": "Resource",
1721
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource",
1722
- "attributes": {
1723
- "aws:cdk:cloudformation:type": "AWS::Lambda::Function",
1724
- "aws:cdk:cloudformation:props": {
1725
- "code": {
1726
- "s3Bucket": {
1727
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1728
- },
1729
- "s3Key": "bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"
1730
- },
1731
- "description": "AWS CDK resource provider framework - onEvent (cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)",
1732
- "environment": {
1733
- "variables": {
1734
- "USER_ON_EVENT_FUNCTION_ARN": {
1735
- "Fn::GetAtt": [
1736
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1737
- "Arn"
1738
- ]
1739
- }
1740
- }
1741
- },
1742
- "handler": "framework.onEvent",
1743
- "role": {
1744
- "Fn::GetAtt": [
1745
- "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD",
1746
- "Arn"
1747
- ]
1748
- },
1749
- "runtime": {
1750
- "Fn::FindInMap": [
1751
- "LatestNodeRuntimeMap",
1752
- {
1753
- "Ref": "AWS::Region"
1754
- },
1755
- "value"
1756
- ]
1757
- },
1758
- "timeout": 900
1759
- }
1760
- },
1761
- "constructInfo": {
1762
- "fqn": "aws-cdk-lib.aws_lambda.CfnFunction",
1763
- "version": "2.179.0"
1764
- }
1765
- }
1766
- },
1767
- "constructInfo": {
1768
- "fqn": "aws-cdk-lib.aws_lambda.Function",
1769
- "version": "2.179.0",
1770
- "metadata": [
1771
- {
1772
- "code": "*",
1773
- "description": "*",
1774
- "runtime": "*",
1775
- "handler": "*",
1776
- "timeout": "*",
1777
- "logGroup": "*",
1778
- "vpc": "*",
1779
- "vpcSubnets": "*",
1780
- "securityGroups": "*",
1781
- "role": "*",
1782
- "functionName": "*",
1783
- "environmentEncryption": "*"
1784
- },
1785
- {
1786
- "addEnvironment": [
1787
- "*",
1788
- "*"
1789
- ]
1790
- }
1791
- ]
1792
- }
1793
- }
1794
- },
1795
- "constructInfo": {
1796
- "fqn": "aws-cdk-lib.custom_resources.Provider",
1797
- "version": "2.179.0"
1798
- }
1799
- },
1800
- "KmsKeyPolicyUpdater": {
1801
- "id": "KmsKeyPolicyUpdater",
1802
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater",
1803
- "children": {
1804
- "Default": {
1805
- "id": "Default",
1806
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default",
1807
- "constructInfo": {
1808
- "fqn": "aws-cdk-lib.CfnResource",
1809
- "version": "2.179.0"
1810
- }
1811
- }
1812
- },
1813
- "constructInfo": {
1814
- "fqn": "aws-cdk-lib.CustomResource",
1815
- "version": "2.179.0",
1816
- "metadata": [
1817
- "*"
1818
- ]
1819
- }
1820
- }
1821
- },
1822
- "constructInfo": {
1823
- "fqn": "@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3",
1824
- "version": "2.79.1"
1825
- }
1826
- },
1827
- "Integ": {
1828
- "id": "Integ",
1829
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ",
1830
- "children": {
1831
- "DefaultTest": {
1832
- "id": "DefaultTest",
1833
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest",
1834
- "children": {
1835
- "Default": {
1836
- "id": "Default",
1837
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/Default",
1838
- "constructInfo": {
1839
- "fqn": "constructs.Construct",
1840
- "version": "10.4.2"
1841
- }
1842
- },
1843
- "DeployAssert": {
1844
- "id": "DeployAssert",
1845
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert",
1846
- "children": {
1847
- "BootstrapVersion": {
1848
- "id": "BootstrapVersion",
1849
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/BootstrapVersion",
1850
- "constructInfo": {
1851
- "fqn": "aws-cdk-lib.CfnParameter",
1852
- "version": "2.179.0"
1853
- }
1854
- },
1855
- "CheckBootstrapVersion": {
1856
- "id": "CheckBootstrapVersion",
1857
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion",
1858
- "constructInfo": {
1859
- "fqn": "aws-cdk-lib.CfnRule",
1860
- "version": "2.179.0"
1861
- }
1862
- }
1863
- },
1864
- "constructInfo": {
1865
- "fqn": "aws-cdk-lib.Stack",
1866
- "version": "2.179.0"
1867
- }
1868
- }
1869
- },
1870
- "constructInfo": {
1871
- "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase",
1872
- "version": "2.179.0-alpha.0"
1873
- }
1874
- }
1875
- },
1876
- "constructInfo": {
1877
- "fqn": "@aws-cdk/integ-tests-alpha.IntegTest",
1878
- "version": "2.179.0-alpha.0"
1879
- }
1880
- },
1881
- "BootstrapVersion": {
1882
- "id": "BootstrapVersion",
1883
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/BootstrapVersion",
1884
- "constructInfo": {
1885
- "fqn": "aws-cdk-lib.CfnParameter",
1886
- "version": "2.179.0"
1887
- }
1888
- },
1889
- "CheckBootstrapVersion": {
1890
- "id": "CheckBootstrapVersion",
1891
- "path": "cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/CheckBootstrapVersion",
1892
- "constructInfo": {
1893
- "fqn": "aws-cdk-lib.CfnRule",
1894
- "version": "2.179.0"
1895
- }
1896
- }
1897
- },
1898
- "constructInfo": {
1899
- "fqn": "aws-cdk-lib.Stack",
1900
- "version": "2.179.0"
1901
- }
1902
- },
1903
- "Tree": {
1904
- "id": "Tree",
1905
- "path": "Tree",
1906
- "constructInfo": {
1907
- "fqn": "constructs.Construct",
1908
- "version": "10.4.2"
1909
- }
1910
- }
1911
- },
1912
- "constructInfo": {
1913
- "fqn": "aws-cdk-lib.App",
1914
- "version": "2.179.0"
1915
- }
1916
- }
1917
- }
1
+ {"version":"tree-0.1","tree":{"id":"App","path":"","children":{"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket":{"id":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket","children":{"cmkKey":{"id":"cmkKey","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::KMS::Key","aws:cdk:cloudformation:props":{"enableKeyRotation":true,"keyPolicy":{"Statement":[{"Action":"kms:*","Effect":"Allow","Principal":{"AWS":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::",{"Ref":"AWS::AccountId"},":root"]]}},"Resource":"*"}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_kms.CfnKey","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_kms.Key","version":"2.186.0","metadata":[{"enableKeyRotation":true,"removalPolicy":"destroy"}]}},"existing-s3-bucket-encrypted-with-cmkS3LoggingBucket":{"id":"existing-s3-bucket-encrypted-with-cmkS3LoggingBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource","children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]}},"LatestNodeRuntimeMap":{"id":"LatestNodeRuntimeMap","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/LatestNodeRuntimeMap","constructInfo":{"fqn":"aws-cdk-lib.CfnMapping","version":"2.186.0"}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider","children":{"Staging":{"id":"Staging","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.186.0"}},"Role":{"id":"Role","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}},"Handler":{"id":"Handler","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.186.0"}},"existing-s3-bucket-encrypted-with-cmkS3Bucket":{"id":"existing-s3-bucket-encrypted-with-cmkS3Bucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms","kmsMasterKeyId":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"}},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"existings3bucketencryptedwithcmkS3BucketCC461491"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource","children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"KMS","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"serverAccessLogsBucket":"*","encryptionKey":"*","autoDeleteObjects":true},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]}},"test-cloudfront-s3-cmk-encryption-key":{"id":"test-cloudfront-s3-cmk-encryption-key","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key","children":{"CloudfrontLoggingBucketAccessLog":{"id":"CloudfrontLoggingBucketAccessLog","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource","children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]}},"CloudfrontLoggingBucket":{"id":"CloudfrontLoggingBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"}},"ownershipControls":{"rules":[{"objectOwnership":"ObjectWriter"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource","children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true,"objectOwnership":"ObjectWriter","serverAccessLogsBucket":"*"}]}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac","attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testn-key-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.186.0"}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution","children":{"Origin1":{"id":"Origin1","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","RegionalDomainName"]},"id":"cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https"},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true,"logging":{"bucket":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","RegionalDomainName"]}}}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.186.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https"},"enableLogging":true,"logBucket":"*","defaultRootObject":"*"}]}},"LambdaFunctionServiceRole":{"id":"LambdaFunctionServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole","children":{"ImportLambdaFunctionServiceRole":{"id":"ImportLambdaFunctionServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.186.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"LambdaFunctionServiceRolePolicy","policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/*"]]}}],"Version":"2012-10-17"}}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.186.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*"},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]}},"LambdaFunction":{"id":"LambdaFunction","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction","children":{"Code":{"id":"Code","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code","children":{"Stage":{"id":"Stage","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.186.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.186.0","metadata":[]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.186.0"}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"},"description":"Custom resource function that updates a provided key policy to allow CloudFront access.","environment":{"variables":{"AWS_NODEJS_CONNECTION_REUSE_ENABLED":"1"}},"handler":"index.handler","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D","Arn"]},"runtime":"nodejs20.x","tracingConfig":{"mode":"Active"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.186.0"}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyLambdaFunctioninlinePolicyAddedToExecutionRole030BCEDF3","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.186.0","metadata":[{"role":"*","tracing":"Active","runtime":"*","handler":"*","description":"*","timeout":"*","memorySize":"*","code":"*"},{"addEnvironment":["*","*",{"removeInEdge":true}]}]}},"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy":{"id":"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["kms:DescribeKey","kms:GetKeyPolicy","kms:PutKeyPolicy"],"Effect":"Allow","Resource":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]}},"KmsKeyPolicyUpdateProvider":{"id":"KmsKeyPolicyUpdateProvider","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider","children":{"framework-onEvent":{"id":"framework-onEvent","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent","children":{"ServiceRole":{"id":"ServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole","children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.186.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.186.0"}},"DefaultPolicy":{"id":"DefaultPolicy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:InvokeFunction","Effect":"Allow","Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},":*"]]}]}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.186.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]}},"Code":{"id":"Code","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code","children":{"Stage":{"id":"Stage","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.186.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.186.0","metadata":[]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.186.0"}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"},"description":"AWS CDK resource provider framework - onEvent (cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)","environment":{"variables":{"USER_ON_EVENT_FUNCTION_ARN":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}},"handler":"framework.onEvent","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD","Arn"]},"runtime":{"Fn::FindInMap":["LatestNodeRuntimeMap",{"Ref":"AWS::Region"},"value"]},"timeout":900}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.186.0"}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0","children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:GetFunction","Effect":"Allow","Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventinlinePolicyAddedToExecutionRole0055AB010","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.186.0","metadata":[{"code":"*","description":"*","runtime":"*","handler":"*","timeout":"*","logGroup":"*","vpc":"*","vpcSubnets":"*","securityGroups":"*","role":"*","functionName":"*","environmentEncryption":"*"},{"addEnvironment":["*","*"]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.custom_resources.Provider","version":"2.186.0"}},"KmsKeyPolicyUpdater":{"id":"KmsKeyPolicyUpdater","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater","children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.80.0"}},"Integ":{"id":"Integ","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ","children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest","children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert","children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.186.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.186.0"}}},"constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.186.0-alpha.0"}}},"constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.186.0-alpha.0"}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.186.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.186.0"}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}},"constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.186.0"}}}