@aws-solutions-constructs/aws-cloudfront-s3 2.95.0 → 2.96.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/.jsii +4 -4
  2. package/lib/index.js +1 -1
  3. package/package.json +5 -5
  4. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +1 -0
  5. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/consts.js +1 -0
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/framework.js +3 -0
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/outbound.js +1 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +1 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.d.ts +30 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.js +129 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -1
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +4 -4
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +1 -1
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +1 -1
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +2 -2
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +66 -42
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1 -1
  19. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +1 -0
  20. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/consts.js +1 -0
  21. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/framework.js +3 -0
  22. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/outbound.js +1 -0
  23. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +1 -0
  24. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.d.ts +30 -0
  25. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.js +129 -0
  26. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  27. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -1
  28. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +4 -4
  29. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +1 -1
  30. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +1 -1
  31. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +2 -2
  32. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +66 -42
  33. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1 -1
@@ -66,7 +66,7 @@
66
66
  "validateOnSynth": false,
67
67
  "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
68
68
  "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
69
- "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f27e0532dd14530e70eee4317923b5e3c922ce092c887925e8c948dfea7ee2dc.json",
69
+ "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/05ef190ff73a6e9ee2ec74f732704f72bbdf8bf89af6191f026a609eb11efebe.json",
70
70
  "requiresBootstrapStackVersion": 6,
71
71
  "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
72
72
  "additionalDependencies": [
@@ -493,7 +493,7 @@
493
493
  "runtime": "*",
494
494
  "handler": "*",
495
495
  "timeout": "*",
496
- "logFormat": "*",
496
+ "loggingFormat": "JSON",
497
497
  "applicationLogLevelV2": "FATAL",
498
498
  "logGroup": "*",
499
499
  "vpc": "*",
@@ -718,57 +718,48 @@
718
718
  "properties": {
719
719
  "module": "aws-cdk-lib",
720
720
  "flags": {
721
- "@aws-cdk/core:enableStackNameDuplicates": {
721
+ "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": {
722
722
  "recommendedValue": true,
723
- "explanation": "Allow multiple stacks with the same name"
724
- },
725
- "aws-cdk:enableDiffNoFail": {
726
- "recommendedValue": true,
727
- "explanation": "Make `cdk diff` not fail when there are differences"
723
+ "explanation": "Pass signingProfileName to CfnSigningProfile"
728
724
  },
729
725
  "@aws-cdk/core:newStyleStackSynthesis": {
730
726
  "recommendedValue": true,
731
- "explanation": "Switch to new stack synthesis method which enables CI/CD"
727
+ "explanation": "Switch to new stack synthesis method which enables CI/CD",
728
+ "unconfiguredBehavesLike": {
729
+ "v2": true
730
+ }
732
731
  },
733
732
  "@aws-cdk/core:stackRelativeExports": {
734
733
  "recommendedValue": true,
735
- "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path"
736
- },
737
- "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": {
738
- "recommendedValue": true,
739
- "explanation": "DockerImageAsset properly supports `.dockerignore` files by default"
740
- },
741
- "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": {
742
- "recommendedValue": true,
743
- "explanation": "Fix the referencing of SecretsManager names from ARNs"
744
- },
745
- "@aws-cdk/aws-kms:defaultKeyPolicies": {
746
- "recommendedValue": true,
747
- "explanation": "Tighten default KMS key policies"
748
- },
749
- "@aws-cdk/aws-s3:grantWriteWithoutAcl": {
750
- "recommendedValue": true,
751
- "explanation": "Remove `PutObjectAcl` from Bucket.grantWrite"
734
+ "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path",
735
+ "unconfiguredBehavesLike": {
736
+ "v2": true
737
+ }
752
738
  },
753
- "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": {
739
+ "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": {
754
740
  "recommendedValue": true,
755
- "explanation": "Do not specify a default DesiredCount for ECS services"
741
+ "explanation": "Disable implicit openListener when custom security groups are provided"
756
742
  },
757
743
  "@aws-cdk/aws-rds:lowercaseDbIdentifier": {
758
744
  "recommendedValue": true,
759
- "explanation": "Force lowercasing of RDS Cluster names in CDK"
745
+ "explanation": "Force lowercasing of RDS Cluster names in CDK",
746
+ "unconfiguredBehavesLike": {
747
+ "v2": true
748
+ }
760
749
  },
761
750
  "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": {
762
751
  "recommendedValue": true,
763
- "explanation": "Allow adding/removing multiple UsagePlanKeys independently"
764
- },
765
- "@aws-cdk/aws-efs:defaultEncryptionAtRest": {
766
- "recommendedValue": true,
767
- "explanation": "Enable this feature flag to have elastic file systems encrypted at rest by default."
752
+ "explanation": "Allow adding/removing multiple UsagePlanKeys independently",
753
+ "unconfiguredBehavesLike": {
754
+ "v2": true
755
+ }
768
756
  },
769
757
  "@aws-cdk/aws-lambda:recognizeVersionProps": {
770
758
  "recommendedValue": true,
771
- "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`."
759
+ "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.",
760
+ "unconfiguredBehavesLike": {
761
+ "v2": true
762
+ }
772
763
  },
773
764
  "@aws-cdk/aws-lambda:recognizeLayerVersion": {
774
765
  "userValue": true,
@@ -777,7 +768,10 @@
777
768
  },
778
769
  "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": {
779
770
  "recommendedValue": true,
780
- "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default."
771
+ "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.",
772
+ "unconfiguredBehavesLike": {
773
+ "v2": true
774
+ }
781
775
  },
782
776
  "@aws-cdk/core:checkSecretUsage": {
783
777
  "userValue": true,
@@ -854,7 +848,7 @@
854
848
  "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": {
855
849
  "userValue": true,
856
850
  "recommendedValue": true,
857
- "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in."
851
+ "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in."
858
852
  },
859
853
  "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": {
860
854
  "userValue": true,
@@ -998,7 +992,10 @@
998
992
  },
999
993
  "@aws-cdk/pipelines:reduceAssetRoleTrustScope": {
1000
994
  "recommendedValue": true,
1001
- "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy"
995
+ "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy",
996
+ "unconfiguredBehavesLike": {
997
+ "v2": true
998
+ }
1002
999
  },
1003
1000
  "@aws-cdk/aws-eks:nodegroupNameAttribute": {
1004
1001
  "userValue": true,
@@ -1027,7 +1024,10 @@
1027
1024
  },
1028
1025
  "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": {
1029
1026
  "recommendedValue": true,
1030
- "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model."
1027
+ "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.",
1028
+ "unconfiguredBehavesLike": {
1029
+ "v2": true
1030
+ }
1031
1031
  },
1032
1032
  "@aws-cdk/core:explicitStackTags": {
1033
1033
  "userValue": true,
@@ -1091,7 +1091,10 @@
1091
1091
  },
1092
1092
  "@aws-cdk/core:aspectStabilization": {
1093
1093
  "recommendedValue": true,
1094
- "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis."
1094
+ "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.",
1095
+ "unconfiguredBehavesLike": {
1096
+ "v2": true
1097
+ }
1095
1098
  },
1096
1099
  "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": {
1097
1100
  "userValue": true,
@@ -1125,7 +1128,10 @@
1125
1128
  },
1126
1129
  "@aws-cdk/pipelines:reduceStageRoleTrustScope": {
1127
1130
  "recommendedValue": true,
1128
- "explanation": "Remove the root account principal from Stage addActions trust policy"
1131
+ "explanation": "Remove the root account principal from Stage addActions trust policy",
1132
+ "unconfiguredBehavesLike": {
1133
+ "v2": true
1134
+ }
1129
1135
  },
1130
1136
  "@aws-cdk/aws-events:requireEventBusPolicySid": {
1131
1137
  "userValue": true,
@@ -1148,7 +1154,10 @@
1148
1154
  },
1149
1155
  "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": {
1150
1156
  "recommendedValue": true,
1151
- "explanation": "When enabled, scopes down the trust policy for the cross-account action role"
1157
+ "explanation": "When enabled, scopes down the trust policy for the cross-account action role",
1158
+ "unconfiguredBehavesLike": {
1159
+ "v2": true
1160
+ }
1152
1161
  },
1153
1162
  "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": {
1154
1163
  "userValue": true,
@@ -1178,6 +1187,21 @@
1178
1187
  "userValue": true,
1179
1188
  "recommendedValue": true,
1180
1189
  "explanation": "When enabled, CDK creates and manages loggroup for the lambda function"
1190
+ },
1191
+ "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": {
1192
+ "recommendedValue": true,
1193
+ "explanation": "When enabled, Network Load Balancer will be created with a security group by default."
1194
+ },
1195
+ "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": {
1196
+ "recommendedValue": true,
1197
+ "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.",
1198
+ "unconfiguredBehavesLike": {
1199
+ "v2": true
1200
+ }
1201
+ },
1202
+ "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": {
1203
+ "recommendedValue": true,
1204
+ "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement"
1181
1205
  }
1182
1206
  }
1183
1207
  }
@@ -1 +1 @@
1
- {"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.206.0"},"children":{"cfts3-cmk-provided-as-bucket-prop":{"id":"cfts3-cmk-provided-as-bucket-prop","path":"cfts3-cmk-provided-as-bucket-prop","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.206.0"},"children":{"cmkKey":{"id":"cmkKey","path":"cfts3-cmk-provided-as-bucket-prop/cmkKey","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.Key","version":"2.206.0","metadata":[{"enableKeyRotation":true,"removalPolicy":"destroy"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/cmkKey/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.CfnKey","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::KMS::Key","aws:cdk:cloudformation:props":{"enableKeyRotation":true,"keyPolicy":{"Statement":[{"Action":"kms:*","Effect":"Allow","Principal":{"AWS":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::",{"Ref":"AWS::AccountId"},":root"]]}},"Resource":"*"}],"Version":"2012-10-17"}}}}}},"test-cloudfront-s3-cmk-encryption-key":{"id":"test-cloudfront-s3-cmk-encryption-key","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key","constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.86.0"},"children":{"S3LoggingBucket":{"id":"S3LoggingBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.206.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.206.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.206.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}}}},"S3Bucket":{"id":"S3Bucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.206.0","metadata":[{"encryption":"KMS","versioned":true,"blockPublicAccess":"*","removalPolicy":"retain","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"serverAccessLogsBucket":"*","encryptionKey":"*"},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms","kmsMasterKeyId":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"}},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.206.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},"/*"]]}},{"Action":"s3:ListBucket","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]}}],"Version":"2012-10-17"}}}}}}}},"CloudfrontLoggingBucketAccessLog":{"id":"CloudfrontLoggingBucketAccessLog","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.206.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.206.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.206.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}}}},"CloudfrontLoggingBucket":{"id":"CloudfrontLoggingBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.206.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true,"objectOwnership":"ObjectWriter","serverAccessLogsBucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"}},"ownershipControls":{"rules":[{"objectOwnership":"ObjectWriter"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.206.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.206.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}}}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testn-key-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.206.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https"},"enableLogging":true,"logBucket":"*","defaultRootObject":"*"}]},"children":{"Origin1":{"id":"Origin1","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","RegionalDomainName"]},"id":"cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https"},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true,"logging":{"bucket":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","RegionalDomainName"]}}}}}}}},"LambdaFunctionServiceRole":{"id":"LambdaFunctionServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.206.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*"},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportLambdaFunctionServiceRole":{"id":"ImportLambdaFunctionServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.206.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"LambdaFunctionServiceRolePolicy","policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/*"]]}}],"Version":"2012-10-17"}}]}}}}},"LambdaFunction":{"id":"LambdaFunction","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.206.0","metadata":[{"role":"*","tracing":"Active","runtime":"*","handler":"*","description":"*","timeout":"*","memorySize":"*","code":"*"},{"addEnvironment":["*","*",{"removeInEdge":true}]}]},"children":{"Code":{"id":"Code","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.206.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.206.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.206.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"},"description":"Custom resource function that updates a provided key policy to allow CloudFront access.","environment":{"variables":{"AWS_NODEJS_CONNECTION_REUSE_ENABLED":"1"}},"handler":"index.handler","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D","Arn"]},"runtime":"nodejs20.x","tracingConfig":{"mode":"Active"}}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.206.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyLambdaFunctioninlinePolicyAddedToExecutionRole030BCEDF3","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}}}},"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy":{"id":"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.206.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["kms:DescribeKey","kms:GetKeyPolicy","kms:PutKeyPolicy"],"Effect":"Allow","Resource":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}},"KmsKeyPolicyUpdateProvider":{"id":"KmsKeyPolicyUpdateProvider","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider","constructInfo":{"fqn":"aws-cdk-lib.custom_resources.Provider","version":"2.206.0"},"children":{"framework-onEvent":{"id":"framework-onEvent","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.206.0","metadata":[{"code":"*","description":"*","runtime":"*","handler":"*","timeout":"*","logFormat":"*","applicationLogLevelV2":"FATAL","logGroup":"*","vpc":"*","vpcSubnets":"*","securityGroups":"*","role":"*","functionName":"*","environmentEncryption":"*"},{"addEnvironment":["*","*"]}]},"children":{"ServiceRole":{"id":"ServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.206.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.206.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.206.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:InvokeFunction","Effect":"Allow","Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},":*"]]}]}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}},"Code":{"id":"Code","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.206.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.206.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.206.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"},"description":"AWS CDK resource provider framework - onEvent (cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)","environment":{"variables":{"USER_ON_EVENT_FUNCTION_ARN":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}},"handler":"framework.onEvent","loggingConfig":{"logFormat":"JSON","applicationLogLevel":"FATAL"},"role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD","Arn"]},"runtime":"nodejs22.x","timeout":900}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.206.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:GetFunction","Effect":"Allow","Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventinlinePolicyAddedToExecutionRole0055AB010","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}}}},"KmsKeyPolicyUpdater":{"id":"KmsKeyPolicyUpdater","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.206.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.206.0"},"children":{"Staging":{"id":"Staging","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.206.0"}},"Role":{"id":"Role","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}},"Handler":{"id":"Handler","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}},"Integ":{"id":"Integ","path":"cfts3-cmk-provided-as-bucket-prop/Integ","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.206.0-alpha.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.206.0-alpha.0"},"children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.206.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.206.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.206.0"}}}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.206.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.206.0"}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}}
1
+ {"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.223.0"},"children":{"cfts3-cmk-provided-as-bucket-prop":{"id":"cfts3-cmk-provided-as-bucket-prop","path":"cfts3-cmk-provided-as-bucket-prop","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.223.0"},"children":{"cmkKey":{"id":"cmkKey","path":"cfts3-cmk-provided-as-bucket-prop/cmkKey","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.Key","version":"2.223.0","metadata":[{"enableKeyRotation":true,"removalPolicy":"destroy"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/cmkKey/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.CfnKey","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::KMS::Key","aws:cdk:cloudformation:props":{"enableKeyRotation":true,"keyPolicy":{"Statement":[{"Action":"kms:*","Effect":"Allow","Principal":{"AWS":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::",{"Ref":"AWS::AccountId"},":root"]]}},"Resource":"*"}],"Version":"2012-10-17"}}}}}},"test-cloudfront-s3-cmk-encryption-key":{"id":"test-cloudfront-s3-cmk-encryption-key","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key","constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.95.1"},"children":{"S3LoggingBucket":{"id":"S3LoggingBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3LoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"S3Bucket":{"id":"S3Bucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"KMS","versioned":true,"blockPublicAccess":"*","removalPolicy":"retain","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"serverAccessLogsBucket":"*","encryptionKey":"*"},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms","kmsMasterKeyId":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyS3LoggingBucket5CE52209"}},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/S3Bucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]},"/*"]]}},{"Action":"s3:ListBucket","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","Arn"]}}],"Version":"2012-10-17"}}}}}}}},"CloudfrontLoggingBucketAccessLog":{"id":"CloudfrontLoggingBucketAccessLog","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"CloudfrontLoggingBucket":{"id":"CloudfrontLoggingBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true,"objectOwnership":"ObjectWriter","serverAccessLogsBucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"}},"ownershipControls":{"rules":[{"objectOwnership":"ObjectWriter"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testn-key-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.223.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https"},"enableLogging":true,"logBucket":"*","defaultRootObject":"*"}]},"children":{"Origin1":{"id":"Origin1","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyS3Bucket0E74E5D2","RegionalDomainName"]},"id":"cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3cmkprovidedasbucketproptestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin1FA4541E3","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https"},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true,"logging":{"bucket":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","RegionalDomainName"]}}}}}}}},"LambdaFunctionServiceRole":{"id":"LambdaFunctionServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.223.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*"},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportLambdaFunctionServiceRole":{"id":"ImportLambdaFunctionServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.223.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"LambdaFunctionServiceRolePolicy","policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/*"]]}}],"Version":"2012-10-17"}}]}}}}},"LambdaFunction":{"id":"LambdaFunction","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.223.0","metadata":[{"role":"*","tracing":"Active","runtime":"*","handler":"*","description":"*","timeout":"*","memorySize":"*","code":"*"},{"addEnvironment":["*","*",{"removeInEdge":true}]}]},"children":{"Code":{"id":"Code","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.223.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.223.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.223.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"},"description":"Custom resource function that updates a provided key policy to allow CloudFront access.","environment":{"variables":{"AWS_NODEJS_CONNECTION_REUSE_ENABLED":"1"}},"handler":"index.handler","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D","Arn"]},"runtime":"nodejs22.x","tracingConfig":{"mode":"Active"}}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyLambdaFunctioninlinePolicyAddedToExecutionRole030BCEDF3","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}}}},"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy":{"id":"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["kms:DescribeKey","kms:GetKeyPolicy","kms:PutKeyPolicy"],"Effect":"Allow","Resource":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}},"KmsKeyPolicyUpdateProvider":{"id":"KmsKeyPolicyUpdateProvider","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider","constructInfo":{"fqn":"aws-cdk-lib.custom_resources.Provider","version":"2.223.0"},"children":{"framework-onEvent":{"id":"framework-onEvent","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.223.0","metadata":[{"code":"*","description":"*","runtime":"*","handler":"*","timeout":"*","loggingFormat":"JSON","applicationLogLevelV2":"FATAL","logGroup":"*","vpc":"*","vpcSubnets":"*","securityGroups":"*","role":"*","functionName":"*","environmentEncryption":"*"},{"addEnvironment":["*","*"]}]},"children":{"ServiceRole":{"id":"ServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.223.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.223.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:InvokeFunction","Effect":"Allow","Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},":*"]]}]}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}},"Code":{"id":"Code","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.223.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.223.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.223.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"},"description":"AWS CDK resource provider framework - onEvent (cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)","environment":{"variables":{"USER_ON_EVENT_FUNCTION_ARN":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}},"handler":"framework.onEvent","loggingConfig":{"logFormat":"JSON","applicationLogLevel":"FATAL"},"role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD","Arn"]},"runtime":"nodejs22.x","timeout":900}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:GetFunction","Effect":"Allow","Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventinlinePolicyAddedToExecutionRole0055AB010","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}}}},"KmsKeyPolicyUpdater":{"id":"KmsKeyPolicyUpdater","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.223.0"},"children":{"Staging":{"id":"Staging","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.223.0"}},"Role":{"id":"Role","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}},"Handler":{"id":"Handler","path":"cfts3-cmk-provided-as-bucket-prop/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}},"Integ":{"id":"Integ","path":"cfts3-cmk-provided-as-bucket-prop/Integ","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.223.0-alpha.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.223.0-alpha.0"},"children":{"Default":{"id":"Default","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.223.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.223.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.223.0"}}}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.223.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-cmk-provided-as-bucket-prop/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.223.0"}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}}