@aws-solutions-constructs/aws-cloudfront-s3 2.80.0 → 2.82.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/.jsii +44 -5
  2. package/lib/index.js +1 -1
  3. package/package.json +8 -8
  4. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -1
  5. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +3 -3
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +50 -45
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +1 -1
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +1 -1
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +97 -55
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1 -1917
  11. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -1
  12. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +3 -3
  13. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +50 -45
  14. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +1 -1
  15. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +1 -1
  16. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +97 -55
  17. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1 -1850
@@ -1,1850 +1 @@
1
- {
2
- "version": "tree-0.1",
3
- "tree": {
4
- "id": "App",
5
- "path": "",
6
- "children": {
7
- "cfts3-cmk-provided-as-bucket-prop": {
8
- "id": "cfts3-cmk-provided-as-bucket-prop",
9
- "path": "cfts3-cmk-provided-as-bucket-prop",
10
- "children": {
11
- "cmkKey": {
12
- "id": "cmkKey",
13
- "path": "cfts3-cmk-provided-as-bucket-prop/cmkKey",
14
- "children": {
15
- "Resource": {
16
- "id": "Resource",
17
- "path": "cfts3-cmk-provided-as-bucket-prop/cmkKey/Resource",
18
- "attributes": {
19
- "aws:cdk:cloudformation:type": "AWS::KMS::Key",
20
- "aws:cdk:cloudformation:props": {
21
- "enableKeyRotation": true,
22
- "keyPolicy": {
23
- "Statement": [
24
- {
25
- "Action": "kms:*",
26
- "Effect": "Allow",
27
- "Principal": {
28
- "AWS": {
29
- "Fn::Join": [
30
- "",
31
- [
32
- "arn:",
33
- {
34
- "Ref": "AWS::Partition"
35
- },
36
- ":iam::",
37
- {
38
- "Ref": "AWS::AccountId"
39
- },
40
- ":root"
41
- ]
42
- ]
43
- }
44
- },
45
- "Resource": "*"
46
- }
47
- ],
48
- "Version": "2012-10-17"
49
- }
50
- }
51
- },
52
- "constructInfo": {
53
- "fqn": "aws-cdk-lib.aws_kms.CfnKey",
54
- "version": "2.179.0"
55
- }
56
- }
57
- },
58
- "constructInfo": {
59
- "fqn": "aws-cdk-lib.aws_kms.Key",
60
- "version": "2.179.0",
61
- "metadata": [
62
- {
63
- "enableKeyRotation": true,
64
- "removalPolicy": "destroy"
65
- }
66
- ]
67
- }
68
- },
69
- "test-cloudfront-s3-cmk-encryption-key": {
70
- "id": "test-cloudfront-s3-cmk-encryption-key",
71
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key",
72
- "children": {
73
- "S3LoggingBucket": {
74
- "id": "S3LoggingBucket",
75
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket",
76
- "children": {
77
- "Resource": {
78
- "id": "Resource",
79
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Resource",
80
- "attributes": {
81
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
82
- "aws:cdk:cloudformation:props": {
83
- "bucketEncryption": {
84
- "serverSideEncryptionConfiguration": [
85
- {
86
- "serverSideEncryptionByDefault": {
87
- "sseAlgorithm": "AES256"
88
- }
89
- }
90
- ]
91
- },
92
- "publicAccessBlockConfiguration": {
93
- "blockPublicAcls": true,
94
- "blockPublicPolicy": true,
95
- "ignorePublicAcls": true,
96
- "restrictPublicBuckets": true
97
- },
98
- "tags": [
99
- {
100
- "key": "aws-cdk:auto-delete-objects",
101
- "value": "true"
102
- }
103
- ],
104
- "versioningConfiguration": {
105
- "status": "Enabled"
106
- }
107
- }
108
- },
109
- "constructInfo": {
110
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
111
- "version": "2.179.0"
112
- }
113
- },
114
- "Policy": {
115
- "id": "Policy",
116
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy",
117
- "children": {
118
- "Resource": {
119
- "id": "Resource",
120
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy/Resource",
121
- "attributes": {
122
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
123
- "aws:cdk:cloudformation:props": {
124
- "bucket": {
125
- "Ref": "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"
126
- },
127
- "policyDocument": {
128
- "Statement": [
129
- {
130
- "Action": "s3:*",
131
- "Condition": {
132
- "Bool": {
133
- "aws:SecureTransport": "false"
134
- }
135
- },
136
- "Effect": "Deny",
137
- "Principal": {
138
- "AWS": "*"
139
- },
140
- "Resource": [
141
- {
142
- "Fn::GetAtt": [
143
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
144
- "Arn"
145
- ]
146
- },
147
- {
148
- "Fn::Join": [
149
- "",
150
- [
151
- {
152
- "Fn::GetAtt": [
153
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
154
- "Arn"
155
- ]
156
- },
157
- "/*"
158
- ]
159
- ]
160
- }
161
- ]
162
- },
163
- {
164
- "Action": [
165
- "s3:DeleteObject*",
166
- "s3:GetBucket*",
167
- "s3:List*",
168
- "s3:PutBucketPolicy"
169
- ],
170
- "Effect": "Allow",
171
- "Principal": {
172
- "AWS": {
173
- "Fn::GetAtt": [
174
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
175
- "Arn"
176
- ]
177
- }
178
- },
179
- "Resource": [
180
- {
181
- "Fn::GetAtt": [
182
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
183
- "Arn"
184
- ]
185
- },
186
- {
187
- "Fn::Join": [
188
- "",
189
- [
190
- {
191
- "Fn::GetAtt": [
192
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
193
- "Arn"
194
- ]
195
- },
196
- "/*"
197
- ]
198
- ]
199
- }
200
- ]
201
- },
202
- {
203
- "Action": "s3:PutObject",
204
- "Condition": {
205
- "ArnLike": {
206
- "aws:SourceArn": {
207
- "Fn::GetAtt": [
208
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
209
- "Arn"
210
- ]
211
- }
212
- },
213
- "StringEquals": {
214
- "aws:SourceAccount": {
215
- "Ref": "AWS::AccountId"
216
- }
217
- }
218
- },
219
- "Effect": "Allow",
220
- "Principal": {
221
- "Service": "logging.s3.amazonaws.com"
222
- },
223
- "Resource": {
224
- "Fn::Join": [
225
- "",
226
- [
227
- {
228
- "Fn::GetAtt": [
229
- "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209",
230
- "Arn"
231
- ]
232
- },
233
- "/*"
234
- ]
235
- ]
236
- }
237
- }
238
- ],
239
- "Version": "2012-10-17"
240
- }
241
- }
242
- },
243
- "constructInfo": {
244
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
245
- "version": "2.179.0"
246
- }
247
- }
248
- },
249
- "constructInfo": {
250
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
251
- "version": "2.179.0",
252
- "metadata": [
253
- {
254
- "bucket": "*"
255
- }
256
- ]
257
- }
258
- },
259
- "AutoDeleteObjectsCustomResource": {
260
- "id": "AutoDeleteObjectsCustomResource",
261
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource",
262
- "children": {
263
- "Default": {
264
- "id": "Default",
265
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource/Default",
266
- "constructInfo": {
267
- "fqn": "aws-cdk-lib.CfnResource",
268
- "version": "2.179.0"
269
- }
270
- }
271
- },
272
- "constructInfo": {
273
- "fqn": "aws-cdk-lib.CustomResource",
274
- "version": "2.179.0",
275
- "metadata": [
276
- "*"
277
- ]
278
- }
279
- }
280
- },
281
- "constructInfo": {
282
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
283
- "version": "2.179.0",
284
- "metadata": [
285
- {
286
- "encryption": "S3_MANAGED",
287
- "versioned": true,
288
- "blockPublicAccess": "*",
289
- "removalPolicy": "destroy",
290
- "enforceSSL": true,
291
- "autoDeleteObjects": true
292
- }
293
- ]
294
- }
295
- },
296
- "S3Bucket": {
297
- "id": "S3Bucket",
298
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket",
299
- "children": {
300
- "Resource": {
301
- "id": "Resource",
302
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Resource",
303
- "attributes": {
304
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
305
- "aws:cdk:cloudformation:props": {
306
- "bucketEncryption": {
307
- "serverSideEncryptionConfiguration": [
308
- {
309
- "serverSideEncryptionByDefault": {
310
- "sseAlgorithm": "aws:kms",
311
- "kmsMasterKeyId": {
312
- "Fn::GetAtt": [
313
- "cmkKey598B20B2",
314
- "Arn"
315
- ]
316
- }
317
- }
318
- }
319
- ]
320
- },
321
- "lifecycleConfiguration": {
322
- "rules": [
323
- {
324
- "noncurrentVersionTransitions": [
325
- {
326
- "storageClass": "GLACIER",
327
- "transitionInDays": 90
328
- }
329
- ],
330
- "status": "Enabled"
331
- }
332
- ]
333
- },
334
- "loggingConfiguration": {
335
- "destinationBucketName": {
336
- "Ref": "testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"
337
- }
338
- },
339
- "publicAccessBlockConfiguration": {
340
- "blockPublicAcls": true,
341
- "blockPublicPolicy": true,
342
- "ignorePublicAcls": true,
343
- "restrictPublicBuckets": true
344
- },
345
- "versioningConfiguration": {
346
- "status": "Enabled"
347
- }
348
- }
349
- },
350
- "constructInfo": {
351
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
352
- "version": "2.179.0"
353
- }
354
- },
355
- "Policy": {
356
- "id": "Policy",
357
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy",
358
- "children": {
359
- "Resource": {
360
- "id": "Resource",
361
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy/Resource",
362
- "attributes": {
363
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
364
- "aws:cdk:cloudformation:props": {
365
- "bucket": {
366
- "Ref": "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2"
367
- },
368
- "policyDocument": {
369
- "Statement": [
370
- {
371
- "Action": "s3:*",
372
- "Condition": {
373
- "Bool": {
374
- "aws:SecureTransport": "false"
375
- }
376
- },
377
- "Effect": "Deny",
378
- "Principal": {
379
- "AWS": "*"
380
- },
381
- "Resource": [
382
- {
383
- "Fn::GetAtt": [
384
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
385
- "Arn"
386
- ]
387
- },
388
- {
389
- "Fn::Join": [
390
- "",
391
- [
392
- {
393
- "Fn::GetAtt": [
394
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
395
- "Arn"
396
- ]
397
- },
398
- "/*"
399
- ]
400
- ]
401
- }
402
- ]
403
- },
404
- {
405
- "Action": "s3:GetObject",
406
- "Condition": {
407
- "StringEquals": {
408
- "AWS:SourceArn": {
409
- "Fn::Join": [
410
- "",
411
- [
412
- "arn:",
413
- {
414
- "Ref": "AWS::Partition"
415
- },
416
- ":cloudfront::",
417
- {
418
- "Ref": "AWS::AccountId"
419
- },
420
- ":distribution/",
421
- {
422
- "Ref": "testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"
423
- }
424
- ]
425
- ]
426
- }
427
- }
428
- },
429
- "Effect": "Allow",
430
- "Principal": {
431
- "Service": "cloudfront.amazonaws.com"
432
- },
433
- "Resource": {
434
- "Fn::Join": [
435
- "",
436
- [
437
- {
438
- "Fn::GetAtt": [
439
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
440
- "Arn"
441
- ]
442
- },
443
- "/*"
444
- ]
445
- ]
446
- }
447
- }
448
- ],
449
- "Version": "2012-10-17"
450
- }
451
- }
452
- },
453
- "constructInfo": {
454
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
455
- "version": "2.179.0"
456
- }
457
- }
458
- },
459
- "constructInfo": {
460
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
461
- "version": "2.179.0",
462
- "metadata": [
463
- {
464
- "bucket": "*"
465
- }
466
- ]
467
- }
468
- }
469
- },
470
- "constructInfo": {
471
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
472
- "version": "2.179.0",
473
- "metadata": [
474
- {
475
- "encryption": "KMS",
476
- "versioned": true,
477
- "blockPublicAccess": "*",
478
- "removalPolicy": "retain",
479
- "enforceSSL": true,
480
- "lifecycleRules": [
481
- {
482
- "noncurrentVersionTransitions": [
483
- {
484
- "storageClass": "*"
485
- }
486
- ]
487
- }
488
- ],
489
- "serverAccessLogsBucket": "*",
490
- "encryptionKey": "*"
491
- },
492
- {
493
- "addLifecycleRule": [
494
- {
495
- "noncurrentVersionTransitions": [
496
- {
497
- "storageClass": "*"
498
- }
499
- ]
500
- },
501
- "*",
502
- "*"
503
- ]
504
- }
505
- ]
506
- }
507
- },
508
- "CloudfrontLoggingBucketAccessLog": {
509
- "id": "CloudfrontLoggingBucketAccessLog",
510
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog",
511
- "children": {
512
- "Resource": {
513
- "id": "Resource",
514
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource",
515
- "attributes": {
516
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
517
- "aws:cdk:cloudformation:props": {
518
- "bucketEncryption": {
519
- "serverSideEncryptionConfiguration": [
520
- {
521
- "serverSideEncryptionByDefault": {
522
- "sseAlgorithm": "AES256"
523
- }
524
- }
525
- ]
526
- },
527
- "publicAccessBlockConfiguration": {
528
- "blockPublicAcls": true,
529
- "blockPublicPolicy": true,
530
- "ignorePublicAcls": true,
531
- "restrictPublicBuckets": true
532
- },
533
- "tags": [
534
- {
535
- "key": "aws-cdk:auto-delete-objects",
536
- "value": "true"
537
- }
538
- ],
539
- "versioningConfiguration": {
540
- "status": "Enabled"
541
- }
542
- }
543
- },
544
- "constructInfo": {
545
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
546
- "version": "2.179.0"
547
- }
548
- },
549
- "Policy": {
550
- "id": "Policy",
551
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy",
552
- "children": {
553
- "Resource": {
554
- "id": "Resource",
555
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource",
556
- "attributes": {
557
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
558
- "aws:cdk:cloudformation:props": {
559
- "bucket": {
560
- "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"
561
- },
562
- "policyDocument": {
563
- "Statement": [
564
- {
565
- "Action": "s3:*",
566
- "Condition": {
567
- "Bool": {
568
- "aws:SecureTransport": "false"
569
- }
570
- },
571
- "Effect": "Deny",
572
- "Principal": {
573
- "AWS": "*"
574
- },
575
- "Resource": [
576
- {
577
- "Fn::GetAtt": [
578
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
579
- "Arn"
580
- ]
581
- },
582
- {
583
- "Fn::Join": [
584
- "",
585
- [
586
- {
587
- "Fn::GetAtt": [
588
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
589
- "Arn"
590
- ]
591
- },
592
- "/*"
593
- ]
594
- ]
595
- }
596
- ]
597
- },
598
- {
599
- "Action": [
600
- "s3:DeleteObject*",
601
- "s3:GetBucket*",
602
- "s3:List*",
603
- "s3:PutBucketPolicy"
604
- ],
605
- "Effect": "Allow",
606
- "Principal": {
607
- "AWS": {
608
- "Fn::GetAtt": [
609
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
610
- "Arn"
611
- ]
612
- }
613
- },
614
- "Resource": [
615
- {
616
- "Fn::GetAtt": [
617
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
618
- "Arn"
619
- ]
620
- },
621
- {
622
- "Fn::Join": [
623
- "",
624
- [
625
- {
626
- "Fn::GetAtt": [
627
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
628
- "Arn"
629
- ]
630
- },
631
- "/*"
632
- ]
633
- ]
634
- }
635
- ]
636
- },
637
- {
638
- "Action": "s3:PutObject",
639
- "Condition": {
640
- "ArnLike": {
641
- "aws:SourceArn": {
642
- "Fn::GetAtt": [
643
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
644
- "Arn"
645
- ]
646
- }
647
- },
648
- "StringEquals": {
649
- "aws:SourceAccount": {
650
- "Ref": "AWS::AccountId"
651
- }
652
- }
653
- },
654
- "Effect": "Allow",
655
- "Principal": {
656
- "Service": "logging.s3.amazonaws.com"
657
- },
658
- "Resource": {
659
- "Fn::Join": [
660
- "",
661
- [
662
- {
663
- "Fn::GetAtt": [
664
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C",
665
- "Arn"
666
- ]
667
- },
668
- "/*"
669
- ]
670
- ]
671
- }
672
- }
673
- ],
674
- "Version": "2012-10-17"
675
- }
676
- }
677
- },
678
- "constructInfo": {
679
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
680
- "version": "2.179.0"
681
- }
682
- }
683
- },
684
- "constructInfo": {
685
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
686
- "version": "2.179.0",
687
- "metadata": [
688
- {
689
- "bucket": "*"
690
- }
691
- ]
692
- }
693
- },
694
- "AutoDeleteObjectsCustomResource": {
695
- "id": "AutoDeleteObjectsCustomResource",
696
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource",
697
- "children": {
698
- "Default": {
699
- "id": "Default",
700
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default",
701
- "constructInfo": {
702
- "fqn": "aws-cdk-lib.CfnResource",
703
- "version": "2.179.0"
704
- }
705
- }
706
- },
707
- "constructInfo": {
708
- "fqn": "aws-cdk-lib.CustomResource",
709
- "version": "2.179.0",
710
- "metadata": [
711
- "*"
712
- ]
713
- }
714
- }
715
- },
716
- "constructInfo": {
717
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
718
- "version": "2.179.0",
719
- "metadata": [
720
- {
721
- "encryption": "S3_MANAGED",
722
- "versioned": true,
723
- "blockPublicAccess": "*",
724
- "removalPolicy": "destroy",
725
- "enforceSSL": true,
726
- "autoDeleteObjects": true
727
- }
728
- ]
729
- }
730
- },
731
- "CloudfrontLoggingBucket": {
732
- "id": "CloudfrontLoggingBucket",
733
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket",
734
- "children": {
735
- "Resource": {
736
- "id": "Resource",
737
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource",
738
- "attributes": {
739
- "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
740
- "aws:cdk:cloudformation:props": {
741
- "bucketEncryption": {
742
- "serverSideEncryptionConfiguration": [
743
- {
744
- "serverSideEncryptionByDefault": {
745
- "sseAlgorithm": "AES256"
746
- }
747
- }
748
- ]
749
- },
750
- "loggingConfiguration": {
751
- "destinationBucketName": {
752
- "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"
753
- }
754
- },
755
- "ownershipControls": {
756
- "rules": [
757
- {
758
- "objectOwnership": "ObjectWriter"
759
- }
760
- ]
761
- },
762
- "publicAccessBlockConfiguration": {
763
- "blockPublicAcls": true,
764
- "blockPublicPolicy": true,
765
- "ignorePublicAcls": true,
766
- "restrictPublicBuckets": true
767
- },
768
- "tags": [
769
- {
770
- "key": "aws-cdk:auto-delete-objects",
771
- "value": "true"
772
- }
773
- ],
774
- "versioningConfiguration": {
775
- "status": "Enabled"
776
- }
777
- }
778
- },
779
- "constructInfo": {
780
- "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
781
- "version": "2.179.0"
782
- }
783
- },
784
- "Policy": {
785
- "id": "Policy",
786
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy",
787
- "children": {
788
- "Resource": {
789
- "id": "Resource",
790
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource",
791
- "attributes": {
792
- "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy",
793
- "aws:cdk:cloudformation:props": {
794
- "bucket": {
795
- "Ref": "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"
796
- },
797
- "policyDocument": {
798
- "Statement": [
799
- {
800
- "Action": "s3:*",
801
- "Condition": {
802
- "Bool": {
803
- "aws:SecureTransport": "false"
804
- }
805
- },
806
- "Effect": "Deny",
807
- "Principal": {
808
- "AWS": "*"
809
- },
810
- "Resource": [
811
- {
812
- "Fn::GetAtt": [
813
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
814
- "Arn"
815
- ]
816
- },
817
- {
818
- "Fn::Join": [
819
- "",
820
- [
821
- {
822
- "Fn::GetAtt": [
823
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
824
- "Arn"
825
- ]
826
- },
827
- "/*"
828
- ]
829
- ]
830
- }
831
- ]
832
- },
833
- {
834
- "Action": [
835
- "s3:DeleteObject*",
836
- "s3:GetBucket*",
837
- "s3:List*",
838
- "s3:PutBucketPolicy"
839
- ],
840
- "Effect": "Allow",
841
- "Principal": {
842
- "AWS": {
843
- "Fn::GetAtt": [
844
- "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
845
- "Arn"
846
- ]
847
- }
848
- },
849
- "Resource": [
850
- {
851
- "Fn::GetAtt": [
852
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
853
- "Arn"
854
- ]
855
- },
856
- {
857
- "Fn::Join": [
858
- "",
859
- [
860
- {
861
- "Fn::GetAtt": [
862
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
863
- "Arn"
864
- ]
865
- },
866
- "/*"
867
- ]
868
- ]
869
- }
870
- ]
871
- }
872
- ],
873
- "Version": "2012-10-17"
874
- }
875
- }
876
- },
877
- "constructInfo": {
878
- "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy",
879
- "version": "2.179.0"
880
- }
881
- }
882
- },
883
- "constructInfo": {
884
- "fqn": "aws-cdk-lib.aws_s3.BucketPolicy",
885
- "version": "2.179.0",
886
- "metadata": [
887
- {
888
- "bucket": "*"
889
- }
890
- ]
891
- }
892
- },
893
- "AutoDeleteObjectsCustomResource": {
894
- "id": "AutoDeleteObjectsCustomResource",
895
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource",
896
- "children": {
897
- "Default": {
898
- "id": "Default",
899
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default",
900
- "constructInfo": {
901
- "fqn": "aws-cdk-lib.CfnResource",
902
- "version": "2.179.0"
903
- }
904
- }
905
- },
906
- "constructInfo": {
907
- "fqn": "aws-cdk-lib.CustomResource",
908
- "version": "2.179.0",
909
- "metadata": [
910
- "*"
911
- ]
912
- }
913
- }
914
- },
915
- "constructInfo": {
916
- "fqn": "aws-cdk-lib.aws_s3.Bucket",
917
- "version": "2.179.0",
918
- "metadata": [
919
- {
920
- "encryption": "S3_MANAGED",
921
- "versioned": true,
922
- "blockPublicAccess": "*",
923
- "removalPolicy": "destroy",
924
- "enforceSSL": true,
925
- "autoDeleteObjects": true,
926
- "objectOwnership": "ObjectWriter",
927
- "serverAccessLogsBucket": "*"
928
- }
929
- ]
930
- }
931
- },
932
- "CloudFrontOac": {
933
- "id": "CloudFrontOac",
934
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac",
935
- "attributes": {
936
- "aws:cdk:cloudformation:type": "AWS::CloudFront::OriginAccessControl",
937
- "aws:cdk:cloudformation:props": {
938
- "originAccessControlConfig": {
939
- "name": {
940
- "Fn::Join": [
941
- "",
942
- [
943
- "aws-cloudfront-s3-testn-key-",
944
- {
945
- "Fn::Select": [
946
- 2,
947
- {
948
- "Fn::Split": [
949
- "/",
950
- {
951
- "Ref": "AWS::StackId"
952
- }
953
- ]
954
- }
955
- ]
956
- }
957
- ]
958
- ]
959
- },
960
- "originAccessControlOriginType": "s3",
961
- "signingBehavior": "always",
962
- "signingProtocol": "sigv4",
963
- "description": "Origin access control provisioned by aws-cloudfront-s3"
964
- }
965
- }
966
- },
967
- "constructInfo": {
968
- "fqn": "aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl",
969
- "version": "2.179.0"
970
- }
971
- },
972
- "CloudFrontDistribution": {
973
- "id": "CloudFrontDistribution",
974
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution",
975
- "children": {
976
- "Origin1": {
977
- "id": "Origin1",
978
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1",
979
- "constructInfo": {
980
- "fqn": "constructs.Construct",
981
- "version": "10.4.2"
982
- }
983
- },
984
- "Resource": {
985
- "id": "Resource",
986
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource",
987
- "attributes": {
988
- "aws:cdk:cloudformation:type": "AWS::CloudFront::Distribution",
989
- "aws:cdk:cloudformation:props": {
990
- "distributionConfig": {
991
- "enabled": true,
992
- "origins": [
993
- {
994
- "domainName": {
995
- "Fn::GetAtt": [
996
- "testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2",
997
- "RegionalDomainName"
998
- ]
999
- },
1000
- "id": "cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3",
1001
- "s3OriginConfig": {
1002
- "originAccessIdentity": ""
1003
- }
1004
- }
1005
- ],
1006
- "defaultCacheBehavior": {
1007
- "pathPattern": "*",
1008
- "targetOriginId": "cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3",
1009
- "cachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
1010
- "compress": true,
1011
- "viewerProtocolPolicy": "redirect-to-https"
1012
- },
1013
- "defaultRootObject": "index.html",
1014
- "httpVersion": "http2",
1015
- "ipv6Enabled": true,
1016
- "logging": {
1017
- "bucket": {
1018
- "Fn::GetAtt": [
1019
- "testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD",
1020
- "RegionalDomainName"
1021
- ]
1022
- }
1023
- }
1024
- }
1025
- }
1026
- },
1027
- "constructInfo": {
1028
- "fqn": "aws-cdk-lib.aws_cloudfront.CfnDistribution",
1029
- "version": "2.179.0"
1030
- }
1031
- }
1032
- },
1033
- "constructInfo": {
1034
- "fqn": "aws-cdk-lib.aws_cloudfront.Distribution",
1035
- "version": "2.179.0",
1036
- "metadata": [
1037
- {
1038
- "defaultBehavior": {
1039
- "origin": "*",
1040
- "viewerProtocolPolicy": "redirect-to-https"
1041
- },
1042
- "enableLogging": true,
1043
- "logBucket": "*",
1044
- "defaultRootObject": "*"
1045
- }
1046
- ]
1047
- }
1048
- },
1049
- "LambdaFunctionServiceRole": {
1050
- "id": "LambdaFunctionServiceRole",
1051
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole",
1052
- "children": {
1053
- "ImportLambdaFunctionServiceRole": {
1054
- "id": "ImportLambdaFunctionServiceRole",
1055
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole",
1056
- "constructInfo": {
1057
- "fqn": "aws-cdk-lib.Resource",
1058
- "version": "2.179.0",
1059
- "metadata": [
1060
- "*"
1061
- ]
1062
- }
1063
- },
1064
- "Resource": {
1065
- "id": "Resource",
1066
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource",
1067
- "attributes": {
1068
- "aws:cdk:cloudformation:type": "AWS::IAM::Role",
1069
- "aws:cdk:cloudformation:props": {
1070
- "assumeRolePolicyDocument": {
1071
- "Statement": [
1072
- {
1073
- "Action": "sts:AssumeRole",
1074
- "Effect": "Allow",
1075
- "Principal": {
1076
- "Service": "lambda.amazonaws.com"
1077
- }
1078
- }
1079
- ],
1080
- "Version": "2012-10-17"
1081
- },
1082
- "policies": [
1083
- {
1084
- "policyName": "LambdaFunctionServiceRolePolicy",
1085
- "policyDocument": {
1086
- "Statement": [
1087
- {
1088
- "Action": [
1089
- "logs:CreateLogGroup",
1090
- "logs:CreateLogStream",
1091
- "logs:PutLogEvents"
1092
- ],
1093
- "Effect": "Allow",
1094
- "Resource": {
1095
- "Fn::Join": [
1096
- "",
1097
- [
1098
- "arn:",
1099
- {
1100
- "Ref": "AWS::Partition"
1101
- },
1102
- ":logs:",
1103
- {
1104
- "Ref": "AWS::Region"
1105
- },
1106
- ":",
1107
- {
1108
- "Ref": "AWS::AccountId"
1109
- },
1110
- ":log-group:/aws/lambda/*"
1111
- ]
1112
- ]
1113
- }
1114
- }
1115
- ],
1116
- "Version": "2012-10-17"
1117
- }
1118
- }
1119
- ]
1120
- }
1121
- },
1122
- "constructInfo": {
1123
- "fqn": "aws-cdk-lib.aws_iam.CfnRole",
1124
- "version": "2.179.0"
1125
- }
1126
- },
1127
- "DefaultPolicy": {
1128
- "id": "DefaultPolicy",
1129
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/DefaultPolicy",
1130
- "children": {
1131
- "Resource": {
1132
- "id": "Resource",
1133
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/DefaultPolicy/Resource",
1134
- "attributes": {
1135
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
1136
- "aws:cdk:cloudformation:props": {
1137
- "policyDocument": {
1138
- "Statement": [
1139
- {
1140
- "Action": [
1141
- "xray:PutTelemetryRecords",
1142
- "xray:PutTraceSegments"
1143
- ],
1144
- "Effect": "Allow",
1145
- "Resource": "*"
1146
- }
1147
- ],
1148
- "Version": "2012-10-17"
1149
- },
1150
- "policyName": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRoleDefaultPolicyE566BC43",
1151
- "roles": [
1152
- {
1153
- "Ref": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"
1154
- }
1155
- ]
1156
- }
1157
- },
1158
- "constructInfo": {
1159
- "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
1160
- "version": "2.179.0"
1161
- }
1162
- }
1163
- },
1164
- "constructInfo": {
1165
- "fqn": "aws-cdk-lib.aws_iam.Policy",
1166
- "version": "2.179.0",
1167
- "metadata": [
1168
- "*",
1169
- {
1170
- "attachToRole": [
1171
- "*"
1172
- ]
1173
- },
1174
- {
1175
- "attachToRole": [
1176
- "*"
1177
- ]
1178
- },
1179
- {
1180
- "addStatements": [
1181
- {}
1182
- ]
1183
- }
1184
- ]
1185
- }
1186
- }
1187
- },
1188
- "constructInfo": {
1189
- "fqn": "aws-cdk-lib.aws_iam.Role",
1190
- "version": "2.179.0",
1191
- "metadata": [
1192
- {
1193
- "assumedBy": {
1194
- "principalAccount": "*",
1195
- "assumeRoleAction": "*"
1196
- },
1197
- "inlinePolicies": "*"
1198
- },
1199
- {
1200
- "addToPrincipalPolicy": [
1201
- {}
1202
- ]
1203
- },
1204
- {
1205
- "attachInlinePolicy": [
1206
- "*"
1207
- ]
1208
- },
1209
- {
1210
- "attachInlinePolicy": [
1211
- "*"
1212
- ]
1213
- },
1214
- {
1215
- "attachInlinePolicy": [
1216
- "*"
1217
- ]
1218
- },
1219
- {
1220
- "attachInlinePolicy": [
1221
- "*"
1222
- ]
1223
- }
1224
- ]
1225
- }
1226
- },
1227
- "LambdaFunction": {
1228
- "id": "LambdaFunction",
1229
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction",
1230
- "children": {
1231
- "Code": {
1232
- "id": "Code",
1233
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code",
1234
- "children": {
1235
- "Stage": {
1236
- "id": "Stage",
1237
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage",
1238
- "constructInfo": {
1239
- "fqn": "aws-cdk-lib.AssetStaging",
1240
- "version": "2.179.0"
1241
- }
1242
- },
1243
- "AssetBucket": {
1244
- "id": "AssetBucket",
1245
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket",
1246
- "constructInfo": {
1247
- "fqn": "aws-cdk-lib.aws_s3.BucketBase",
1248
- "version": "2.179.0",
1249
- "metadata": []
1250
- }
1251
- }
1252
- },
1253
- "constructInfo": {
1254
- "fqn": "aws-cdk-lib.aws_s3_assets.Asset",
1255
- "version": "2.179.0"
1256
- }
1257
- },
1258
- "Resource": {
1259
- "id": "Resource",
1260
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource",
1261
- "attributes": {
1262
- "aws:cdk:cloudformation:type": "AWS::Lambda::Function",
1263
- "aws:cdk:cloudformation:props": {
1264
- "code": {
1265
- "s3Bucket": {
1266
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1267
- },
1268
- "s3Key": "e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"
1269
- },
1270
- "description": "Custom resource function that updates a provided key policy to allow CloudFront access.",
1271
- "environment": {
1272
- "variables": {
1273
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
1274
- }
1275
- },
1276
- "handler": "index.handler",
1277
- "role": {
1278
- "Fn::GetAtt": [
1279
- "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D",
1280
- "Arn"
1281
- ]
1282
- },
1283
- "runtime": "nodejs20.x",
1284
- "tracingConfig": {
1285
- "mode": "Active"
1286
- }
1287
- }
1288
- },
1289
- "constructInfo": {
1290
- "fqn": "aws-cdk-lib.aws_lambda.CfnFunction",
1291
- "version": "2.179.0"
1292
- }
1293
- }
1294
- },
1295
- "constructInfo": {
1296
- "fqn": "aws-cdk-lib.aws_lambda.Function",
1297
- "version": "2.179.0",
1298
- "metadata": [
1299
- {
1300
- "role": "*",
1301
- "tracing": "Active",
1302
- "runtime": "*",
1303
- "handler": "*",
1304
- "description": "*",
1305
- "timeout": "*",
1306
- "memorySize": "*",
1307
- "code": "*"
1308
- },
1309
- {
1310
- "addEnvironment": [
1311
- "*",
1312
- "*",
1313
- {
1314
- "removeInEdge": true
1315
- }
1316
- ]
1317
- }
1318
- ]
1319
- }
1320
- },
1321
- "test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy": {
1322
- "id": "test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy",
1323
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy",
1324
- "children": {
1325
- "Resource": {
1326
- "id": "Resource",
1327
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource",
1328
- "attributes": {
1329
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
1330
- "aws:cdk:cloudformation:props": {
1331
- "policyDocument": {
1332
- "Statement": [
1333
- {
1334
- "Action": [
1335
- "kms:DescribeKey",
1336
- "kms:GetKeyPolicy",
1337
- "kms:PutKeyPolicy"
1338
- ],
1339
- "Effect": "Allow",
1340
- "Resource": {
1341
- "Fn::GetAtt": [
1342
- "cmkKey598B20B2",
1343
- "Arn"
1344
- ]
1345
- }
1346
- }
1347
- ],
1348
- "Version": "2012-10-17"
1349
- },
1350
- "policyName": "testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975",
1351
- "roles": [
1352
- {
1353
- "Ref": "testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"
1354
- }
1355
- ]
1356
- }
1357
- },
1358
- "constructInfo": {
1359
- "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
1360
- "version": "2.179.0"
1361
- }
1362
- }
1363
- },
1364
- "constructInfo": {
1365
- "fqn": "aws-cdk-lib.aws_iam.Policy",
1366
- "version": "2.179.0",
1367
- "metadata": [
1368
- {
1369
- "statements": "*"
1370
- },
1371
- {
1372
- "addStatements": [
1373
- {}
1374
- ]
1375
- },
1376
- {
1377
- "attachToRole": [
1378
- "*"
1379
- ]
1380
- },
1381
- {
1382
- "attachToRole": [
1383
- "*"
1384
- ]
1385
- }
1386
- ]
1387
- }
1388
- },
1389
- "KmsKeyPolicyUpdateProvider": {
1390
- "id": "KmsKeyPolicyUpdateProvider",
1391
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider",
1392
- "children": {
1393
- "framework-onEvent": {
1394
- "id": "framework-onEvent",
1395
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent",
1396
- "children": {
1397
- "ServiceRole": {
1398
- "id": "ServiceRole",
1399
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole",
1400
- "children": {
1401
- "ImportServiceRole": {
1402
- "id": "ImportServiceRole",
1403
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole",
1404
- "constructInfo": {
1405
- "fqn": "aws-cdk-lib.Resource",
1406
- "version": "2.179.0",
1407
- "metadata": [
1408
- "*"
1409
- ]
1410
- }
1411
- },
1412
- "Resource": {
1413
- "id": "Resource",
1414
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource",
1415
- "attributes": {
1416
- "aws:cdk:cloudformation:type": "AWS::IAM::Role",
1417
- "aws:cdk:cloudformation:props": {
1418
- "assumeRolePolicyDocument": {
1419
- "Statement": [
1420
- {
1421
- "Action": "sts:AssumeRole",
1422
- "Effect": "Allow",
1423
- "Principal": {
1424
- "Service": "lambda.amazonaws.com"
1425
- }
1426
- }
1427
- ],
1428
- "Version": "2012-10-17"
1429
- },
1430
- "managedPolicyArns": [
1431
- {
1432
- "Fn::Join": [
1433
- "",
1434
- [
1435
- "arn:",
1436
- {
1437
- "Ref": "AWS::Partition"
1438
- },
1439
- ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1440
- ]
1441
- ]
1442
- }
1443
- ]
1444
- }
1445
- },
1446
- "constructInfo": {
1447
- "fqn": "aws-cdk-lib.aws_iam.CfnRole",
1448
- "version": "2.179.0"
1449
- }
1450
- },
1451
- "DefaultPolicy": {
1452
- "id": "DefaultPolicy",
1453
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy",
1454
- "children": {
1455
- "Resource": {
1456
- "id": "Resource",
1457
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource",
1458
- "attributes": {
1459
- "aws:cdk:cloudformation:type": "AWS::IAM::Policy",
1460
- "aws:cdk:cloudformation:props": {
1461
- "policyDocument": {
1462
- "Statement": [
1463
- {
1464
- "Action": "lambda:InvokeFunction",
1465
- "Effect": "Allow",
1466
- "Resource": [
1467
- {
1468
- "Fn::GetAtt": [
1469
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1470
- "Arn"
1471
- ]
1472
- },
1473
- {
1474
- "Fn::Join": [
1475
- "",
1476
- [
1477
- {
1478
- "Fn::GetAtt": [
1479
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1480
- "Arn"
1481
- ]
1482
- },
1483
- ":*"
1484
- ]
1485
- ]
1486
- }
1487
- ]
1488
- },
1489
- {
1490
- "Action": "lambda:GetFunction",
1491
- "Effect": "Allow",
1492
- "Resource": {
1493
- "Fn::GetAtt": [
1494
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1495
- "Arn"
1496
- ]
1497
- }
1498
- }
1499
- ],
1500
- "Version": "2012-10-17"
1501
- },
1502
- "policyName": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751",
1503
- "roles": [
1504
- {
1505
- "Ref": "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"
1506
- }
1507
- ]
1508
- }
1509
- },
1510
- "constructInfo": {
1511
- "fqn": "aws-cdk-lib.aws_iam.CfnPolicy",
1512
- "version": "2.179.0"
1513
- }
1514
- }
1515
- },
1516
- "constructInfo": {
1517
- "fqn": "aws-cdk-lib.aws_iam.Policy",
1518
- "version": "2.179.0",
1519
- "metadata": [
1520
- "*",
1521
- {
1522
- "attachToRole": [
1523
- "*"
1524
- ]
1525
- },
1526
- {
1527
- "attachToRole": [
1528
- "*"
1529
- ]
1530
- },
1531
- {
1532
- "addStatements": [
1533
- {}
1534
- ]
1535
- },
1536
- {
1537
- "addStatements": [
1538
- {}
1539
- ]
1540
- }
1541
- ]
1542
- }
1543
- }
1544
- },
1545
- "constructInfo": {
1546
- "fqn": "aws-cdk-lib.aws_iam.Role",
1547
- "version": "2.179.0",
1548
- "metadata": [
1549
- {
1550
- "assumedBy": {
1551
- "principalAccount": "*",
1552
- "assumeRoleAction": "*"
1553
- },
1554
- "managedPolicies": [
1555
- {
1556
- "managedPolicyArn": "*"
1557
- }
1558
- ]
1559
- },
1560
- {
1561
- "addToPrincipalPolicy": [
1562
- {}
1563
- ]
1564
- },
1565
- {
1566
- "attachInlinePolicy": [
1567
- "*"
1568
- ]
1569
- },
1570
- {
1571
- "attachInlinePolicy": [
1572
- "*"
1573
- ]
1574
- },
1575
- {
1576
- "addToPrincipalPolicy": [
1577
- {}
1578
- ]
1579
- }
1580
- ]
1581
- }
1582
- },
1583
- "Code": {
1584
- "id": "Code",
1585
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code",
1586
- "children": {
1587
- "Stage": {
1588
- "id": "Stage",
1589
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage",
1590
- "constructInfo": {
1591
- "fqn": "aws-cdk-lib.AssetStaging",
1592
- "version": "2.179.0"
1593
- }
1594
- },
1595
- "AssetBucket": {
1596
- "id": "AssetBucket",
1597
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket",
1598
- "constructInfo": {
1599
- "fqn": "aws-cdk-lib.aws_s3.BucketBase",
1600
- "version": "2.179.0",
1601
- "metadata": []
1602
- }
1603
- }
1604
- },
1605
- "constructInfo": {
1606
- "fqn": "aws-cdk-lib.aws_s3_assets.Asset",
1607
- "version": "2.179.0"
1608
- }
1609
- },
1610
- "Resource": {
1611
- "id": "Resource",
1612
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource",
1613
- "attributes": {
1614
- "aws:cdk:cloudformation:type": "AWS::Lambda::Function",
1615
- "aws:cdk:cloudformation:props": {
1616
- "code": {
1617
- "s3Bucket": {
1618
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1619
- },
1620
- "s3Key": "bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"
1621
- },
1622
- "description": "AWS CDK resource provider framework - onEvent (cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)",
1623
- "environment": {
1624
- "variables": {
1625
- "USER_ON_EVENT_FUNCTION_ARN": {
1626
- "Fn::GetAtt": [
1627
- "testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E",
1628
- "Arn"
1629
- ]
1630
- }
1631
- }
1632
- },
1633
- "handler": "framework.onEvent",
1634
- "role": {
1635
- "Fn::GetAtt": [
1636
- "testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD",
1637
- "Arn"
1638
- ]
1639
- },
1640
- "runtime": {
1641
- "Fn::FindInMap": [
1642
- "LatestNodeRuntimeMap",
1643
- {
1644
- "Ref": "AWS::Region"
1645
- },
1646
- "value"
1647
- ]
1648
- },
1649
- "timeout": 900
1650
- }
1651
- },
1652
- "constructInfo": {
1653
- "fqn": "aws-cdk-lib.aws_lambda.CfnFunction",
1654
- "version": "2.179.0"
1655
- }
1656
- }
1657
- },
1658
- "constructInfo": {
1659
- "fqn": "aws-cdk-lib.aws_lambda.Function",
1660
- "version": "2.179.0",
1661
- "metadata": [
1662
- {
1663
- "code": "*",
1664
- "description": "*",
1665
- "runtime": "*",
1666
- "handler": "*",
1667
- "timeout": "*",
1668
- "logGroup": "*",
1669
- "vpc": "*",
1670
- "vpcSubnets": "*",
1671
- "securityGroups": "*",
1672
- "role": "*",
1673
- "functionName": "*",
1674
- "environmentEncryption": "*"
1675
- },
1676
- {
1677
- "addEnvironment": [
1678
- "*",
1679
- "*"
1680
- ]
1681
- }
1682
- ]
1683
- }
1684
- }
1685
- },
1686
- "constructInfo": {
1687
- "fqn": "aws-cdk-lib.custom_resources.Provider",
1688
- "version": "2.179.0"
1689
- }
1690
- },
1691
- "KmsKeyPolicyUpdater": {
1692
- "id": "KmsKeyPolicyUpdater",
1693
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater",
1694
- "children": {
1695
- "Default": {
1696
- "id": "Default",
1697
- "path": "cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default",
1698
- "constructInfo": {
1699
- "fqn": "aws-cdk-lib.CfnResource",
1700
- "version": "2.179.0"
1701
- }
1702
- }
1703
- },
1704
- "constructInfo": {
1705
- "fqn": "aws-cdk-lib.CustomResource",
1706
- "version": "2.179.0",
1707
- "metadata": [
1708
- "*"
1709
- ]
1710
- }
1711
- }
1712
- },
1713
- "constructInfo": {
1714
- "fqn": "@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3",
1715
- "version": "2.79.1"
1716
- }
1717
- },
1718
- "LatestNodeRuntimeMap": {
1719
- "id": "LatestNodeRuntimeMap",
1720
- "path": "cfts3-cmk-provided-as-bucket-prop/LatestNodeRuntimeMap",
1721
- "constructInfo": {
1722
- "fqn": "aws-cdk-lib.CfnMapping",
1723
- "version": "2.179.0"
1724
- }
1725
- },
1726
- "Custom::S3AutoDeleteObjectsCustomResourceProvider": {
1727
- "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider",
1728
- "path": "cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider",
1729
- "children": {
1730
- "Staging": {
1731
- "id": "Staging",
1732
- "path": "cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging",
1733
- "constructInfo": {
1734
- "fqn": "aws-cdk-lib.AssetStaging",
1735
- "version": "2.179.0"
1736
- }
1737
- },
1738
- "Role": {
1739
- "id": "Role",
1740
- "path": "cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role",
1741
- "constructInfo": {
1742
- "fqn": "aws-cdk-lib.CfnResource",
1743
- "version": "2.179.0"
1744
- }
1745
- },
1746
- "Handler": {
1747
- "id": "Handler",
1748
- "path": "cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler",
1749
- "constructInfo": {
1750
- "fqn": "aws-cdk-lib.CfnResource",
1751
- "version": "2.179.0"
1752
- }
1753
- }
1754
- },
1755
- "constructInfo": {
1756
- "fqn": "aws-cdk-lib.CustomResourceProviderBase",
1757
- "version": "2.179.0"
1758
- }
1759
- },
1760
- "Integ": {
1761
- "id": "Integ",
1762
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ",
1763
- "children": {
1764
- "DefaultTest": {
1765
- "id": "DefaultTest",
1766
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest",
1767
- "children": {
1768
- "Default": {
1769
- "id": "Default",
1770
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/Default",
1771
- "constructInfo": {
1772
- "fqn": "constructs.Construct",
1773
- "version": "10.4.2"
1774
- }
1775
- },
1776
- "DeployAssert": {
1777
- "id": "DeployAssert",
1778
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert",
1779
- "children": {
1780
- "BootstrapVersion": {
1781
- "id": "BootstrapVersion",
1782
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/BootstrapVersion",
1783
- "constructInfo": {
1784
- "fqn": "aws-cdk-lib.CfnParameter",
1785
- "version": "2.179.0"
1786
- }
1787
- },
1788
- "CheckBootstrapVersion": {
1789
- "id": "CheckBootstrapVersion",
1790
- "path": "cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion",
1791
- "constructInfo": {
1792
- "fqn": "aws-cdk-lib.CfnRule",
1793
- "version": "2.179.0"
1794
- }
1795
- }
1796
- },
1797
- "constructInfo": {
1798
- "fqn": "aws-cdk-lib.Stack",
1799
- "version": "2.179.0"
1800
- }
1801
- }
1802
- },
1803
- "constructInfo": {
1804
- "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase",
1805
- "version": "2.179.0-alpha.0"
1806
- }
1807
- }
1808
- },
1809
- "constructInfo": {
1810
- "fqn": "@aws-cdk/integ-tests-alpha.IntegTest",
1811
- "version": "2.179.0-alpha.0"
1812
- }
1813
- },
1814
- "BootstrapVersion": {
1815
- "id": "BootstrapVersion",
1816
- "path": "cfts3-cmk-provided-as-bucket-prop/BootstrapVersion",
1817
- "constructInfo": {
1818
- "fqn": "aws-cdk-lib.CfnParameter",
1819
- "version": "2.179.0"
1820
- }
1821
- },
1822
- "CheckBootstrapVersion": {
1823
- "id": "CheckBootstrapVersion",
1824
- "path": "cfts3-cmk-provided-as-bucket-prop/CheckBootstrapVersion",
1825
- "constructInfo": {
1826
- "fqn": "aws-cdk-lib.CfnRule",
1827
- "version": "2.179.0"
1828
- }
1829
- }
1830
- },
1831
- "constructInfo": {
1832
- "fqn": "aws-cdk-lib.Stack",
1833
- "version": "2.179.0"
1834
- }
1835
- },
1836
- "Tree": {
1837
- "id": "Tree",
1838
- "path": "Tree",
1839
- "constructInfo": {
1840
- "fqn": "constructs.Construct",
1841
- "version": "10.4.2"
1842
- }
1843
- }
1844
- },
1845
- "constructInfo": {
1846
- "fqn": "aws-cdk-lib.App",
1847
- "version": "2.179.0"
1848
- }
1849
- }
1850
- }
1
+ {"version":"tree-0.1","tree":{"id":"App","path":"","children":{"cfts3-cmk-provided-as-bucket-prop":{"id":"cfts3-cmk-provided-as-bucket-prop","path":"cfts3-cmk-provided-as-bucket-prop","children":{"cmkKey":{"id":"cmkKey","path":"cfts3-cmk-provided-as-bucket-prop/cmkKey","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/cmkKey/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::KMS::Key","aws:cdk:cloudformation:props":{"enableKeyRotation":true,"keyPolicy":{"Statement":[{"Action":"kms:*","Effect":"Allow","Principal":{"AWS":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::",{"Ref":"AWS::AccountId"},":root"]]}},"Resource":"*"}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_kms.CfnKey","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_kms.Key","version":"2.186.0","metadata":[{"enableKeyRotation":true,"removalPolicy":"destroy"}]}},"test-cloudfront-s3-cmk-encryption-key":{"id":"test-cloudfront-s3-cmk-encryption-key","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key","children":{"S3LoggingBucket":{"id":"S3LoggingBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource","children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]}},"S3Bucket":{"id":"S3Bucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms","kmsMasterKeyId":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"}},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"KMS","versioned":true,"blockPublicAccess":"*","removalPolicy":"retain","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"serverAccessLogsBucket":"*","encryptionKey":"*"},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]}},"CloudfrontLoggingBucketAccessLog":{"id":"CloudfrontLoggingBucketAccessLog","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource","children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]}},"CloudfrontLoggingBucket":{"id":"CloudfrontLoggingBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"}},"ownershipControls":{"rules":[{"objectOwnership":"ObjectWriter"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.186.0"}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.186.0","metadata":[{"bucket":"*"}]}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource","children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.186.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true,"objectOwnership":"ObjectWriter","serverAccessLogsBucket":"*"}]}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac","attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testn-key-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.186.0"}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution","children":{"Origin1":{"id":"Origin1","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","RegionalDomainName"]},"id":"cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https"},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true,"logging":{"bucket":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","RegionalDomainName"]}}}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.186.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https"},"enableLogging":true,"logBucket":"*","defaultRootObject":"*"}]}},"LambdaFunctionServiceRole":{"id":"LambdaFunctionServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole","children":{"ImportLambdaFunctionServiceRole":{"id":"ImportLambdaFunctionServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.186.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"LambdaFunctionServiceRolePolicy","policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/*"]]}}],"Version":"2012-10-17"}}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.186.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*"},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]}},"LambdaFunction":{"id":"LambdaFunction","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction","children":{"Code":{"id":"Code","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code","children":{"Stage":{"id":"Stage","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.186.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.186.0","metadata":[]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.186.0"}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"},"description":"Custom resource function that updates a provided key policy to allow CloudFront access.","environment":{"variables":{"AWS_NODEJS_CONNECTION_REUSE_ENABLED":"1"}},"handler":"index.handler","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D","Arn"]},"runtime":"nodejs20.x","tracingConfig":{"mode":"Active"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.186.0"}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyLambdaFunctioninlinePolicyAddedToExecutionRole030BCEDF3","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.186.0","metadata":[{"role":"*","tracing":"Active","runtime":"*","handler":"*","description":"*","timeout":"*","memorySize":"*","code":"*"},{"addEnvironment":["*","*",{"removeInEdge":true}]}]}},"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy":{"id":"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["kms:DescribeKey","kms:GetKeyPolicy","kms:PutKeyPolicy"],"Effect":"Allow","Resource":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]}},"KmsKeyPolicyUpdateProvider":{"id":"KmsKeyPolicyUpdateProvider","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider","children":{"framework-onEvent":{"id":"framework-onEvent","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent","children":{"ServiceRole":{"id":"ServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole","children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.186.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.186.0"}},"DefaultPolicy":{"id":"DefaultPolicy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:InvokeFunction","Effect":"Allow","Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},":*"]]}]}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.186.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]}},"Code":{"id":"Code","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code","children":{"Stage":{"id":"Stage","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.186.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.186.0","metadata":[]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.186.0"}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"},"description":"AWS CDK resource provider framework - onEvent (cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)","environment":{"variables":{"USER_ON_EVENT_FUNCTION_ARN":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}},"handler":"framework.onEvent","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD","Arn"]},"runtime":{"Fn::FindInMap":["LatestNodeRuntimeMap",{"Ref":"AWS::Region"},"value"]},"timeout":900}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.186.0"}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0","children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:GetFunction","Effect":"Allow","Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventinlinePolicyAddedToExecutionRole0055AB010","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.186.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.186.0","metadata":[{"code":"*","description":"*","runtime":"*","handler":"*","timeout":"*","logGroup":"*","vpc":"*","vpcSubnets":"*","securityGroups":"*","role":"*","functionName":"*","environmentEncryption":"*"},{"addEnvironment":["*","*"]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.custom_resources.Provider","version":"2.186.0"}},"KmsKeyPolicyUpdater":{"id":"KmsKeyPolicyUpdater","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater","children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.186.0","metadata":["*"]}}},"constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.80.0"}},"LatestNodeRuntimeMap":{"id":"LatestNodeRuntimeMap","path":"cfts3-cmk-provided-as-bucket-prop/LatestNodeRuntimeMap","constructInfo":{"fqn":"aws-cdk-lib.CfnMapping","version":"2.186.0"}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider","children":{"Staging":{"id":"Staging","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.186.0"}},"Role":{"id":"Role","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}},"Handler":{"id":"Handler","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.186.0"}},"Integ":{"id":"Integ","path":"cfts3-cmk-provided-as-bucket-prop/Integ","children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest","children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert","children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.186.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.186.0"}}},"constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.186.0-alpha.0"}}},"constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.186.0-alpha.0"}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.186.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.186.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.186.0"}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}},"constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.186.0"}}}