@aws-solutions-constructs/aws-cloudfront-s3 2.95.1 → 2.97.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/.jsii +4568 -233
  2. package/README.adoc +3 -5
  3. package/lib/index.d.ts +4 -2
  4. package/lib/index.js +2 -2
  5. package/package.json +8 -8
  6. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +1 -0
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/consts.js +1 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/framework.js +3 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/outbound.js +1 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +1 -0
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.d.ts +30 -0
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.js +129 -0
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cdk.out +1 -1
  15. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +4 -4
  16. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +1 -1
  17. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114.assets.json +1 -1
  18. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +2 -2
  19. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +66 -42
  20. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1 -1
  21. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +1 -0
  22. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/consts.js +1 -0
  23. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/framework.js +3 -0
  24. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/outbound.js +1 -0
  25. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +1 -0
  26. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.d.ts +30 -0
  27. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e/index.js +129 -0
  28. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  29. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cdk.out +1 -1
  30. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +4 -4
  31. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +1 -1
  32. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3cmkprovidedasbucketpropIntegDefaultTestDeployAssert38E63D55.assets.json +1 -1
  33. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +2 -2
  34. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +66 -42
  35. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1 -1
@@ -66,7 +66,7 @@
66
66
  "validateOnSynth": false,
67
67
  "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
68
68
  "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
69
- "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7fca516db65ed38cc4fc93c327f6756fcb6ef9f86bcdd7854163f48b94e412f3.json",
69
+ "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d18c67cb980c0f65d688822090b4c6849c46f50df7e7e743d58e8f286611061b.json",
70
70
  "requiresBootstrapStackVersion": 6,
71
71
  "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
72
72
  "additionalDependencies": [
@@ -524,7 +524,7 @@
524
524
  "runtime": "*",
525
525
  "handler": "*",
526
526
  "timeout": "*",
527
- "logFormat": "*",
527
+ "loggingFormat": "JSON",
528
528
  "applicationLogLevelV2": "FATAL",
529
529
  "logGroup": "*",
530
530
  "vpc": "*",
@@ -731,57 +731,48 @@
731
731
  "properties": {
732
732
  "module": "aws-cdk-lib",
733
733
  "flags": {
734
- "@aws-cdk/core:enableStackNameDuplicates": {
734
+ "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": {
735
735
  "recommendedValue": true,
736
- "explanation": "Allow multiple stacks with the same name"
737
- },
738
- "aws-cdk:enableDiffNoFail": {
739
- "recommendedValue": true,
740
- "explanation": "Make `cdk diff` not fail when there are differences"
736
+ "explanation": "Pass signingProfileName to CfnSigningProfile"
741
737
  },
742
738
  "@aws-cdk/core:newStyleStackSynthesis": {
743
739
  "recommendedValue": true,
744
- "explanation": "Switch to new stack synthesis method which enables CI/CD"
740
+ "explanation": "Switch to new stack synthesis method which enables CI/CD",
741
+ "unconfiguredBehavesLike": {
742
+ "v2": true
743
+ }
745
744
  },
746
745
  "@aws-cdk/core:stackRelativeExports": {
747
746
  "recommendedValue": true,
748
- "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path"
749
- },
750
- "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": {
751
- "recommendedValue": true,
752
- "explanation": "DockerImageAsset properly supports `.dockerignore` files by default"
753
- },
754
- "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": {
755
- "recommendedValue": true,
756
- "explanation": "Fix the referencing of SecretsManager names from ARNs"
757
- },
758
- "@aws-cdk/aws-kms:defaultKeyPolicies": {
759
- "recommendedValue": true,
760
- "explanation": "Tighten default KMS key policies"
761
- },
762
- "@aws-cdk/aws-s3:grantWriteWithoutAcl": {
763
- "recommendedValue": true,
764
- "explanation": "Remove `PutObjectAcl` from Bucket.grantWrite"
747
+ "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path",
748
+ "unconfiguredBehavesLike": {
749
+ "v2": true
750
+ }
765
751
  },
766
- "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": {
752
+ "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": {
767
753
  "recommendedValue": true,
768
- "explanation": "Do not specify a default DesiredCount for ECS services"
754
+ "explanation": "Disable implicit openListener when custom security groups are provided"
769
755
  },
770
756
  "@aws-cdk/aws-rds:lowercaseDbIdentifier": {
771
757
  "recommendedValue": true,
772
- "explanation": "Force lowercasing of RDS Cluster names in CDK"
758
+ "explanation": "Force lowercasing of RDS Cluster names in CDK",
759
+ "unconfiguredBehavesLike": {
760
+ "v2": true
761
+ }
773
762
  },
774
763
  "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": {
775
764
  "recommendedValue": true,
776
- "explanation": "Allow adding/removing multiple UsagePlanKeys independently"
777
- },
778
- "@aws-cdk/aws-efs:defaultEncryptionAtRest": {
779
- "recommendedValue": true,
780
- "explanation": "Enable this feature flag to have elastic file systems encrypted at rest by default."
765
+ "explanation": "Allow adding/removing multiple UsagePlanKeys independently",
766
+ "unconfiguredBehavesLike": {
767
+ "v2": true
768
+ }
781
769
  },
782
770
  "@aws-cdk/aws-lambda:recognizeVersionProps": {
783
771
  "recommendedValue": true,
784
- "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`."
772
+ "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.",
773
+ "unconfiguredBehavesLike": {
774
+ "v2": true
775
+ }
785
776
  },
786
777
  "@aws-cdk/aws-lambda:recognizeLayerVersion": {
787
778
  "userValue": true,
@@ -790,7 +781,10 @@
790
781
  },
791
782
  "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": {
792
783
  "recommendedValue": true,
793
- "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default."
784
+ "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.",
785
+ "unconfiguredBehavesLike": {
786
+ "v2": true
787
+ }
794
788
  },
795
789
  "@aws-cdk/core:checkSecretUsage": {
796
790
  "userValue": true,
@@ -867,7 +861,7 @@
867
861
  "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": {
868
862
  "userValue": true,
869
863
  "recommendedValue": true,
870
- "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in."
864
+ "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in."
871
865
  },
872
866
  "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": {
873
867
  "userValue": true,
@@ -1011,7 +1005,10 @@
1011
1005
  },
1012
1006
  "@aws-cdk/pipelines:reduceAssetRoleTrustScope": {
1013
1007
  "recommendedValue": true,
1014
- "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy"
1008
+ "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy",
1009
+ "unconfiguredBehavesLike": {
1010
+ "v2": true
1011
+ }
1015
1012
  },
1016
1013
  "@aws-cdk/aws-eks:nodegroupNameAttribute": {
1017
1014
  "userValue": true,
@@ -1040,7 +1037,10 @@
1040
1037
  },
1041
1038
  "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": {
1042
1039
  "recommendedValue": true,
1043
- "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model."
1040
+ "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.",
1041
+ "unconfiguredBehavesLike": {
1042
+ "v2": true
1043
+ }
1044
1044
  },
1045
1045
  "@aws-cdk/core:explicitStackTags": {
1046
1046
  "userValue": true,
@@ -1104,7 +1104,10 @@
1104
1104
  },
1105
1105
  "@aws-cdk/core:aspectStabilization": {
1106
1106
  "recommendedValue": true,
1107
- "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis."
1107
+ "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.",
1108
+ "unconfiguredBehavesLike": {
1109
+ "v2": true
1110
+ }
1108
1111
  },
1109
1112
  "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": {
1110
1113
  "userValue": true,
@@ -1138,7 +1141,10 @@
1138
1141
  },
1139
1142
  "@aws-cdk/pipelines:reduceStageRoleTrustScope": {
1140
1143
  "recommendedValue": true,
1141
- "explanation": "Remove the root account principal from Stage addActions trust policy"
1144
+ "explanation": "Remove the root account principal from Stage addActions trust policy",
1145
+ "unconfiguredBehavesLike": {
1146
+ "v2": true
1147
+ }
1142
1148
  },
1143
1149
  "@aws-cdk/aws-events:requireEventBusPolicySid": {
1144
1150
  "userValue": true,
@@ -1161,7 +1167,10 @@
1161
1167
  },
1162
1168
  "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": {
1163
1169
  "recommendedValue": true,
1164
- "explanation": "When enabled, scopes down the trust policy for the cross-account action role"
1170
+ "explanation": "When enabled, scopes down the trust policy for the cross-account action role",
1171
+ "unconfiguredBehavesLike": {
1172
+ "v2": true
1173
+ }
1165
1174
  },
1166
1175
  "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": {
1167
1176
  "userValue": true,
@@ -1191,6 +1200,21 @@
1191
1200
  "userValue": true,
1192
1201
  "recommendedValue": true,
1193
1202
  "explanation": "When enabled, CDK creates and manages loggroup for the lambda function"
1203
+ },
1204
+ "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": {
1205
+ "recommendedValue": true,
1206
+ "explanation": "When enabled, Network Load Balancer will be created with a security group by default."
1207
+ },
1208
+ "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": {
1209
+ "recommendedValue": true,
1210
+ "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.",
1211
+ "unconfiguredBehavesLike": {
1212
+ "v2": true
1213
+ }
1214
+ },
1215
+ "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": {
1216
+ "recommendedValue": true,
1217
+ "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement"
1194
1218
  }
1195
1219
  }
1196
1220
  }
@@ -1 +1 @@
1
- {"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.206.0"},"children":{"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket":{"id":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.206.0"},"children":{"cmkKey":{"id":"cmkKey","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.Key","version":"2.206.0","metadata":[{"enableKeyRotation":true,"removalPolicy":"destroy"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.CfnKey","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::KMS::Key","aws:cdk:cloudformation:props":{"enableKeyRotation":true,"keyPolicy":{"Statement":[{"Action":"kms:*","Effect":"Allow","Principal":{"AWS":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::",{"Ref":"AWS::AccountId"},":root"]]}},"Resource":"*"}],"Version":"2012-10-17"}}}}}},"existing-s3-bucket-encrypted-with-cmkS3LoggingBucket":{"id":"existing-s3-bucket-encrypted-with-cmkS3LoggingBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.206.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.206.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.206.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.206.0"},"children":{"Staging":{"id":"Staging","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.206.0"}},"Role":{"id":"Role","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}},"Handler":{"id":"Handler","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}},"existing-s3-bucket-encrypted-with-cmkS3Bucket":{"id":"existing-s3-bucket-encrypted-with-cmkS3Bucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.206.0","metadata":[{"encryption":"KMS","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"serverAccessLogsBucket":"*","encryptionKey":"*","autoDeleteObjects":true},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms","kmsMasterKeyId":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"}},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.206.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"existings3bucketencryptedwithcmkS3BucketCC461491"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}},{"Action":"s3:ListBucket","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.206.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}}}},"test-cloudfront-s3-cmk-encryption-key":{"id":"test-cloudfront-s3-cmk-encryption-key","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key","constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.86.0"},"children":{"CloudfrontLoggingBucketAccessLog":{"id":"CloudfrontLoggingBucketAccessLog","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.206.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.206.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.206.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}}}},"CloudfrontLoggingBucket":{"id":"CloudfrontLoggingBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.206.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true,"objectOwnership":"ObjectWriter","serverAccessLogsBucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"}},"ownershipControls":{"rules":[{"objectOwnership":"ObjectWriter"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.206.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.206.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}}}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testn-key-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.206.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https"},"enableLogging":true,"logBucket":"*","defaultRootObject":"*"}]},"children":{"Origin1":{"id":"Origin1","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","RegionalDomainName"]},"id":"cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https"},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true,"logging":{"bucket":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","RegionalDomainName"]}}}}}}}},"LambdaFunctionServiceRole":{"id":"LambdaFunctionServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.206.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*"},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportLambdaFunctionServiceRole":{"id":"ImportLambdaFunctionServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.206.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"LambdaFunctionServiceRolePolicy","policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/*"]]}}],"Version":"2012-10-17"}}]}}}}},"LambdaFunction":{"id":"LambdaFunction","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.206.0","metadata":[{"role":"*","tracing":"Active","runtime":"*","handler":"*","description":"*","timeout":"*","memorySize":"*","code":"*"},{"addEnvironment":["*","*",{"removeInEdge":true}]}]},"children":{"Code":{"id":"Code","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.206.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.206.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.206.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"},"description":"Custom resource function that updates a provided key policy to allow CloudFront access.","environment":{"variables":{"AWS_NODEJS_CONNECTION_REUSE_ENABLED":"1"}},"handler":"index.handler","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D","Arn"]},"runtime":"nodejs20.x","tracingConfig":{"mode":"Active"}}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.206.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyLambdaFunctioninlinePolicyAddedToExecutionRole030BCEDF3","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}}}},"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy":{"id":"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.206.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["kms:DescribeKey","kms:GetKeyPolicy","kms:PutKeyPolicy"],"Effect":"Allow","Resource":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}},"KmsKeyPolicyUpdateProvider":{"id":"KmsKeyPolicyUpdateProvider","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider","constructInfo":{"fqn":"aws-cdk-lib.custom_resources.Provider","version":"2.206.0"},"children":{"framework-onEvent":{"id":"framework-onEvent","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.206.0","metadata":[{"code":"*","description":"*","runtime":"*","handler":"*","timeout":"*","logFormat":"*","applicationLogLevelV2":"FATAL","logGroup":"*","vpc":"*","vpcSubnets":"*","securityGroups":"*","role":"*","functionName":"*","environmentEncryption":"*"},{"addEnvironment":["*","*"]}]},"children":{"ServiceRole":{"id":"ServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.206.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.206.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.206.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:InvokeFunction","Effect":"Allow","Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},":*"]]}]}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}},"Code":{"id":"Code","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.206.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.206.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.206.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"},"description":"AWS CDK resource provider framework - onEvent (cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)","environment":{"variables":{"USER_ON_EVENT_FUNCTION_ARN":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}},"handler":"framework.onEvent","loggingConfig":{"logFormat":"JSON","applicationLogLevel":"FATAL"},"role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD","Arn"]},"runtime":"nodejs22.x","timeout":900}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.206.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:GetFunction","Effect":"Allow","Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventinlinePolicyAddedToExecutionRole0055AB010","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}}}},"KmsKeyPolicyUpdater":{"id":"KmsKeyPolicyUpdater","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.206.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}}}},"Integ":{"id":"Integ","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.206.0-alpha.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.206.0-alpha.0"},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.206.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.206.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.206.0"}}}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.206.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.206.0"}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}}
1
+ {"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.223.0"},"children":{"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket":{"id":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.223.0"},"children":{"cmkKey":{"id":"cmkKey","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.Key","version":"2.223.0","metadata":[{"enableKeyRotation":true,"removalPolicy":"destroy"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.CfnKey","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::KMS::Key","aws:cdk:cloudformation:props":{"enableKeyRotation":true,"keyPolicy":{"Statement":[{"Action":"kms:*","Effect":"Allow","Principal":{"AWS":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::",{"Ref":"AWS::AccountId"},":root"]]}},"Resource":"*"}],"Version":"2012-10-17"}}}}}},"existing-s3-bucket-encrypted-with-cmkS3LoggingBucket":{"id":"existing-s3-bucket-encrypted-with-cmkS3LoggingBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.223.0"},"children":{"Staging":{"id":"Staging","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.223.0"}},"Role":{"id":"Role","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}},"Handler":{"id":"Handler","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}},"existing-s3-bucket-encrypted-with-cmkS3Bucket":{"id":"existing-s3-bucket-encrypted-with-cmkS3Bucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"KMS","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"serverAccessLogsBucket":"*","encryptionKey":"*","autoDeleteObjects":true},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms","kmsMasterKeyId":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"}},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"existings3bucketencryptedwithcmkS3BucketCC461491"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}},{"Action":"s3:ListBucket","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"test-cloudfront-s3-cmk-encryption-key":{"id":"test-cloudfront-s3-cmk-encryption-key","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key","constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.95.1"},"children":{"CloudfrontLoggingBucketAccessLog":{"id":"CloudfrontLoggingBucketAccessLog","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"CloudfrontLoggingBucket":{"id":"CloudfrontLoggingBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true,"objectOwnership":"ObjectWriter","serverAccessLogsBucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"}},"ownershipControls":{"rules":[{"objectOwnership":"ObjectWriter"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testn-key-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.223.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https"},"enableLogging":true,"logBucket":"*","defaultRootObject":"*"}]},"children":{"Origin1":{"id":"Origin1","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","RegionalDomainName"]},"id":"cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https"},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true,"logging":{"bucket":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","RegionalDomainName"]}}}}}}}},"LambdaFunctionServiceRole":{"id":"LambdaFunctionServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.223.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*"},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportLambdaFunctionServiceRole":{"id":"ImportLambdaFunctionServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.223.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"LambdaFunctionServiceRolePolicy","policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/*"]]}}],"Version":"2012-10-17"}}]}}}}},"LambdaFunction":{"id":"LambdaFunction","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.223.0","metadata":[{"role":"*","tracing":"Active","runtime":"*","handler":"*","description":"*","timeout":"*","memorySize":"*","code":"*"},{"addEnvironment":["*","*",{"removeInEdge":true}]}]},"children":{"Code":{"id":"Code","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.223.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.223.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.223.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"},"description":"Custom resource function that updates a provided key policy to allow CloudFront access.","environment":{"variables":{"AWS_NODEJS_CONNECTION_REUSE_ENABLED":"1"}},"handler":"index.handler","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D","Arn"]},"runtime":"nodejs22.x","tracingConfig":{"mode":"Active"}}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyLambdaFunctioninlinePolicyAddedToExecutionRole030BCEDF3","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}}}},"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy":{"id":"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["kms:DescribeKey","kms:GetKeyPolicy","kms:PutKeyPolicy"],"Effect":"Allow","Resource":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}},"KmsKeyPolicyUpdateProvider":{"id":"KmsKeyPolicyUpdateProvider","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider","constructInfo":{"fqn":"aws-cdk-lib.custom_resources.Provider","version":"2.223.0"},"children":{"framework-onEvent":{"id":"framework-onEvent","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.223.0","metadata":[{"code":"*","description":"*","runtime":"*","handler":"*","timeout":"*","loggingFormat":"JSON","applicationLogLevelV2":"FATAL","logGroup":"*","vpc":"*","vpcSubnets":"*","securityGroups":"*","role":"*","functionName":"*","environmentEncryption":"*"},{"addEnvironment":["*","*"]}]},"children":{"ServiceRole":{"id":"ServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.223.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.223.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:InvokeFunction","Effect":"Allow","Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},":*"]]}]}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}},"Code":{"id":"Code","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.223.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.223.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.223.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"},"description":"AWS CDK resource provider framework - onEvent (cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)","environment":{"variables":{"USER_ON_EVENT_FUNCTION_ARN":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}},"handler":"framework.onEvent","loggingConfig":{"logFormat":"JSON","applicationLogLevel":"FATAL"},"role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD","Arn"]},"runtime":"nodejs22.x","timeout":900}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:GetFunction","Effect":"Allow","Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventinlinePolicyAddedToExecutionRole0055AB010","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}}}},"KmsKeyPolicyUpdater":{"id":"KmsKeyPolicyUpdater","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"Integ":{"id":"Integ","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.223.0-alpha.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.223.0-alpha.0"},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.223.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.223.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.223.0"}}}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.223.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.223.0"}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}}
@@ -0,0 +1 @@
1
+ "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.Retry=exports.includeStackTraces=exports.MISSING_PHYSICAL_ID_MARKER=exports.CREATE_FAILED_PHYSICAL_ID_MARKER=void 0,exports.submitResponse=submitResponse,exports.safeHandler=safeHandler,exports.redactDataFromPayload=redactDataFromPayload;const url=require("url"),outbound_1=require("./outbound"),util_1=require("./util");exports.CREATE_FAILED_PHYSICAL_ID_MARKER="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",exports.MISSING_PHYSICAL_ID_MARKER="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";async function submitResponse(status,event,options={}){const json={Status:status,Reason:options.reason||status,StackId:event.StackId,RequestId:event.RequestId,PhysicalResourceId:event.PhysicalResourceId||exports.MISSING_PHYSICAL_ID_MARKER,LogicalResourceId:event.LogicalResourceId,NoEcho:options.noEcho,Data:event.Data},responseBody=JSON.stringify(json),parsedUrl=url.parse(event.ResponseURL),loggingSafeUrl=`${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`;options?.noEcho?(0,util_1.log)("submit redacted response to cloudformation",loggingSafeUrl,redactDataFromPayload(json)):(0,util_1.log)("submit response to cloudformation",loggingSafeUrl,json);const retryOptions={attempts:5,sleep:1e3};await(0,util_1.withRetries)(retryOptions,outbound_1.httpRequest)({hostname:parsedUrl.hostname,path:parsedUrl.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(responseBody,"utf8")}},responseBody)}exports.includeStackTraces=!0;function safeHandler(block){return async event=>{if(event.RequestType==="Delete"&&event.PhysicalResourceId===exports.CREATE_FAILED_PHYSICAL_ID_MARKER){(0,util_1.log)("ignoring DELETE event caused by a failed CREATE event"),await submitResponse("SUCCESS",event);return}try{await block(event)}catch(e){if(e instanceof Retry)throw(0,util_1.log)("retry requested by handler"),e;event.PhysicalResourceId||(event.RequestType==="Create"?((0,util_1.log)("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),event.PhysicalResourceId=exports.CREATE_FAILED_PHYSICAL_ID_MARKER):(0,util_1.log)(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify({...event,ResponseURL:"..."})}`)),await submitResponse("FAILED",event,{reason:exports.includeStackTraces?e.stack:e.message})}}}function redactDataFromPayload(payload){const redactedPayload=JSON.parse(JSON.stringify(payload));if(redactedPayload.Data){const keys=Object.keys(redactedPayload.Data);for(const key of keys)redactedPayload.Data[key]="*****"}return redactedPayload}class Retry extends Error{}exports.Retry=Retry;
@@ -0,0 +1 @@
1
+ "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME=exports.FRAMEWORK_IS_COMPLETE_HANDLER_NAME=exports.FRAMEWORK_ON_EVENT_HANDLER_NAME=exports.WAITER_STATE_MACHINE_ARN_ENV=exports.USER_IS_COMPLETE_FUNCTION_ARN_ENV=exports.USER_ON_EVENT_FUNCTION_ARN_ENV=void 0,exports.USER_ON_EVENT_FUNCTION_ARN_ENV="USER_ON_EVENT_FUNCTION_ARN",exports.USER_IS_COMPLETE_FUNCTION_ARN_ENV="USER_IS_COMPLETE_FUNCTION_ARN",exports.WAITER_STATE_MACHINE_ARN_ENV="WAITER_STATE_MACHINE_ARN",exports.FRAMEWORK_ON_EVENT_HANDLER_NAME="onEvent",exports.FRAMEWORK_IS_COMPLETE_HANDLER_NAME="isComplete",exports.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME="onTimeout";
@@ -0,0 +1,3 @@
1
+ "use strict";const cfnResponse=require("./cfn-response"),consts=require("./consts"),outbound_1=require("./outbound"),util_1=require("./util");async function onEvent(cfnRequest){const sanitizedRequest={...cfnRequest,ResponseURL:"..."};(0,util_1.log)("onEventHandler",sanitizedRequest),cfnRequest.ResourceProperties=cfnRequest.ResourceProperties||{};const onEventResult=await invokeUserFunction(consts.USER_ON_EVENT_FUNCTION_ARN_ENV,sanitizedRequest,cfnRequest.ResponseURL);onEventResult?.NoEcho?(0,util_1.log)("redacted onEvent returned:",cfnResponse.redactDataFromPayload(onEventResult)):(0,util_1.log)("onEvent returned:",onEventResult);const resourceEvent=createResponseEvent(cfnRequest,onEventResult),sanitizedEvent={...resourceEvent,ResponseURL:"..."};if(onEventResult?.NoEcho?(0,util_1.log)("readacted event:",cfnResponse.redactDataFromPayload(sanitizedEvent)):(0,util_1.log)("event:",sanitizedEvent),!process.env[consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV])return cfnResponse.submitResponse("SUCCESS",resourceEvent,{noEcho:resourceEvent.NoEcho});const waiter={stateMachineArn:(0,util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV),name:resourceEvent.RequestId,input:JSON.stringify(resourceEvent)};(0,util_1.log)("starting waiter",{stateMachineArn:(0,util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV),name:resourceEvent.RequestId}),await(0,outbound_1.startExecution)(waiter)}async function isComplete(event){const sanitizedRequest={...event,ResponseURL:"..."};event?.NoEcho?(0,util_1.log)("redacted isComplete request",cfnResponse.redactDataFromPayload(sanitizedRequest)):(0,util_1.log)("isComplete",sanitizedRequest);const isCompleteResult=await invokeUserFunction(consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV,sanitizedRequest,event.ResponseURL);if(event?.NoEcho?(0,util_1.log)("redacted user isComplete returned:",cfnResponse.redactDataFromPayload(isCompleteResult)):(0,util_1.log)("user isComplete returned:",isCompleteResult),!isCompleteResult.IsComplete)throw isCompleteResult.Data&&Object.keys(isCompleteResult.Data).length>0?new Error('"Data" is not allowed if "IsComplete" is "False"'):new cfnResponse.Retry(JSON.stringify(event));const response={...event,...isCompleteResult,Data:{...event.Data,...isCompleteResult.Data}};await cfnResponse.submitResponse("SUCCESS",response,{noEcho:event.NoEcho})}async function onTimeout(timeoutEvent){(0,util_1.log)("timeoutHandler",timeoutEvent);const isCompleteRequest=JSON.parse(JSON.parse(timeoutEvent.Cause).errorMessage);await cfnResponse.submitResponse("FAILED",isCompleteRequest,{reason:"Operation timed out"})}async function invokeUserFunction(functionArnEnv,sanitizedPayload,responseUrl){const functionArn=(0,util_1.getEnv)(functionArnEnv);(0,util_1.log)(`executing user function ${functionArn} with payload`,sanitizedPayload);const resp=await(0,outbound_1.invokeFunction)({FunctionName:functionArn,Payload:JSON.stringify({...sanitizedPayload,ResponseURL:responseUrl})});(0,util_1.log)("user function response:",resp,typeof resp);const jsonPayload=(0,util_1.parseJsonPayload)(resp.Payload);if(resp.FunctionError){(0,util_1.log)("user function threw an error:",resp.FunctionError);const errorMessage=jsonPayload.errorMessage||"error",arn=functionArn.split(":"),functionName=arn[arn.length-1],message=[errorMessage,"",`Logs: /aws/lambda/${functionName}`,""].join(`
2
+ `),e=new Error(message);throw jsonPayload.trace&&(e.stack=[message,...jsonPayload.trace.slice(1)].join(`
3
+ `)),e}return jsonPayload}function createResponseEvent(cfnRequest,onEventResult){onEventResult=onEventResult||{};const physicalResourceId=onEventResult.PhysicalResourceId||defaultPhysicalResourceId(cfnRequest);if(cfnRequest.RequestType==="Delete"&&physicalResourceId!==cfnRequest.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}" during deletion`);return cfnRequest.RequestType==="Update"&&physicalResourceId!==cfnRequest.PhysicalResourceId&&(0,util_1.log)(`UPDATE: changing physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}"`),{...cfnRequest,...onEventResult,PhysicalResourceId:physicalResourceId}}function defaultPhysicalResourceId(req){switch(req.RequestType){case"Create":return req.RequestId;case"Update":case"Delete":return req.PhysicalResourceId;default:throw new Error(`Invalid "RequestType" in request "${JSON.stringify(req)}"`)}}module.exports={[consts.FRAMEWORK_ON_EVENT_HANDLER_NAME]:cfnResponse.safeHandler(onEvent),[consts.FRAMEWORK_IS_COMPLETE_HANDLER_NAME]:cfnResponse.safeHandler(isComplete),[consts.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME]:onTimeout};
@@ -0,0 +1 @@
1
+ "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.httpRequest=exports.invokeFunction=exports.startExecution=void 0;const https=require("https"),client_lambda_1=require("@aws-sdk/client-lambda"),client_sfn_1=require("@aws-sdk/client-sfn"),FRAMEWORK_HANDLER_TIMEOUT=9e5,awsSdkConfig={httpOptions:{timeout:FRAMEWORK_HANDLER_TIMEOUT}};async function defaultHttpRequest(options,requestBody){return new Promise((resolve,reject)=>{try{const request=https.request(options,response=>{response.resume(),!response.statusCode||response.statusCode>=400?reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)):resolve()});request.on("error",reject),request.write(requestBody),request.end()}catch(e){reject(e)}})}let sfn,lambda;async function defaultStartExecution(req){return sfn||(sfn=new client_sfn_1.SFN(awsSdkConfig)),sfn.startExecution(req)}async function defaultInvokeFunction(req){lambda||(lambda=new client_lambda_1.Lambda(awsSdkConfig));try{return await lambda.invoke(req)}catch{return await(0,client_lambda_1.waitUntilFunctionActiveV2)({client:lambda,maxWaitTime:300},{FunctionName:req.FunctionName}),lambda.invoke(req)}}exports.startExecution=defaultStartExecution,exports.invokeFunction=defaultInvokeFunction,exports.httpRequest=defaultHttpRequest;
@@ -0,0 +1 @@
1
+ "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.getEnv=getEnv,exports.log=log,exports.withRetries=withRetries,exports.parseJsonPayload=parseJsonPayload;function getEnv(name){const value=process.env[name];if(!value)throw new Error(`The environment variable "${name}" is not defined`);return value}function log(title,...args){console.log("[provider-framework]",title,...args.map(x=>typeof x=="object"?JSON.stringify(x,void 0,2):x))}function withRetries(options,fn){return async(...xs)=>{let attempts=options.attempts,ms=options.sleep;for(;;)try{return await fn(...xs)}catch(e){if(attempts--<=0)throw e;await sleep(Math.floor(Math.random()*ms)),ms*=2}}}async function sleep(ms){return new Promise(ok=>setTimeout(ok,ms))}function parseJsonPayload(payload){const text=new TextDecoder().decode(Buffer.from(payload??""));if(!text)return{};try{return JSON.parse(text)}catch{throw new Error(`return values from user-handlers must be JSON objects. got: "${text}"`)}}
@@ -0,0 +1,30 @@
1
+ /**
2
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ *
4
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
+ * with the License. A copy of the License is located at
6
+ *
7
+ * http://www.apache.org/licenses/LICENSE-2.0
8
+ *
9
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
+ * and limitations under the License.
12
+ */
13
+ export declare const handler: (event: any, context: any) => Promise<{
14
+ Status: string;
15
+ Reason: string;
16
+ PhysicalResourceId: any;
17
+ StackId: any;
18
+ RequestId: any;
19
+ LogicalResourceId: any;
20
+ Data: {};
21
+ }>;
22
+ /**
23
+ * Updates a provided key policy with a provided key policy statement. First checks whether the provided key policy statement
24
+ * already exists. If an existing key policy is found with a matching sid, the provided key policy will overwrite the existing
25
+ * key policy. If no matching key policy is found, the provided key policy will be appended onto the array of policy statements.
26
+ * @param keyPolicy - the JSON.parse'd result of the otherwise stringified key policy.
27
+ * @param keyPolicyStatement - the key policy statement to be added to the key policy.
28
+ * @returns keyPolicy - the updated key policy.
29
+ */
30
+ export declare const updateKeyPolicy: (keyPolicy: any, keyPolicyStatement: any) => any;