@aws-solutions-constructs/aws-cloudfront-s3 2.96.0 → 2.98.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (99) hide show
  1. package/.jsii +4597 -233
  2. package/README.adoc +6 -8
  3. package/lib/index.d.ts +4 -2
  4. package/lib/index.js +2 -2
  5. package/package.json +8 -8
  6. package/test/integ.cfts3-additional-behavior.js.snapshot/integ.json +1 -1
  7. package/test/integ.cfts3-additional-behavior.js.snapshot/manifest.json +20 -11
  8. package/test/integ.cfts3-additional-behavior.js.snapshot/tree.json +1 -1
  9. package/test/{integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/framework.js +1 -1
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +7 -7
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +1 -1
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +1 -1
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +7 -23
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1 -1
  15. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -1
  17. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +1 -1
  18. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +1 -1
  19. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +2 -2
  20. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +68 -50
  21. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +1 -1
  22. package/test/{integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/framework.js +1 -1
  23. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +7 -7
  24. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +1 -1
  25. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +1 -1
  26. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +7 -23
  27. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1 -1
  28. package/test/integ.cfts3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  29. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -1
  30. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +1 -1
  31. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +1 -1
  32. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +2 -2
  33. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +68 -50
  34. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1 -1
  35. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  36. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -1
  37. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +1 -1
  38. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +1 -1
  39. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +2 -2
  40. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +68 -50
  41. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1 -1
  42. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  43. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -1
  44. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +1 -1
  45. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +1 -1
  46. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +2 -2
  47. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +68 -50
  48. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1 -1
  49. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  50. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -1
  51. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +1 -1
  52. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +1 -1
  53. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +2 -2
  54. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +68 -50
  55. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1 -1
  56. package/test/integ.cfts3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  57. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -1
  58. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +1 -1
  59. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +1 -1
  60. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +2 -2
  61. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +68 -50
  62. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1 -1
  63. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  64. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -1
  65. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/cfts3-no-cloudfront-s3-access-logs.assets.json +1 -1
  66. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/cfts3nocloudfronts3accesslogsIntegDefaultTestDeployAssertAD28C87A.assets.json +1 -1
  67. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +2 -2
  68. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +68 -50
  69. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +1 -1
  70. package/test/integ.cfts3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  71. package/test/integ.cfts3-no-logging.js.snapshot/cdk.out +1 -1
  72. package/test/integ.cfts3-no-logging.js.snapshot/cfts3-no-logging.assets.json +1 -1
  73. package/test/integ.cfts3-no-logging.js.snapshot/cfts3nologgingIntegDefaultTestDeployAssert18393DDB.assets.json +1 -1
  74. package/test/integ.cfts3-no-logging.js.snapshot/integ.json +2 -2
  75. package/test/integ.cfts3-no-logging.js.snapshot/manifest.json +68 -50
  76. package/test/integ.cfts3-no-logging.js.snapshot/tree.json +1 -1
  77. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  78. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -1
  79. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +1 -1
  80. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +1 -1
  81. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +2 -2
  82. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +68 -50
  83. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1 -1
  84. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +0 -1
  85. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +0 -19
  86. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +0 -552
  87. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +0 -19
  88. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +0 -36
  89. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +0 -12
  90. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +0 -161
  91. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +0 -746
  92. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/cfn-response.js +0 -0
  93. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/consts.js +0 -0
  94. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/outbound.js +0 -0
  95. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/util.js +0 -0
  96. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/cfn-response.js +0 -0
  97. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/consts.js +0 -0
  98. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/outbound.js +0 -0
  99. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/util.js +0 -0
@@ -243,57 +243,48 @@
243
243
  "properties": {
244
244
  "module": "aws-cdk-lib",
245
245
  "flags": {
246
- "@aws-cdk/core:enableStackNameDuplicates": {
246
+ "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": {
247
247
  "recommendedValue": true,
248
- "explanation": "Allow multiple stacks with the same name"
249
- },
250
- "aws-cdk:enableDiffNoFail": {
251
- "recommendedValue": true,
252
- "explanation": "Make `cdk diff` not fail when there are differences"
248
+ "explanation": "Pass signingProfileName to CfnSigningProfile"
253
249
  },
254
250
  "@aws-cdk/core:newStyleStackSynthesis": {
255
251
  "recommendedValue": true,
256
- "explanation": "Switch to new stack synthesis method which enables CI/CD"
252
+ "explanation": "Switch to new stack synthesis method which enables CI/CD",
253
+ "unconfiguredBehavesLike": {
254
+ "v2": true
255
+ }
257
256
  },
258
257
  "@aws-cdk/core:stackRelativeExports": {
259
258
  "recommendedValue": true,
260
- "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path"
261
- },
262
- "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": {
263
- "recommendedValue": true,
264
- "explanation": "DockerImageAsset properly supports `.dockerignore` files by default"
265
- },
266
- "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": {
267
- "recommendedValue": true,
268
- "explanation": "Fix the referencing of SecretsManager names from ARNs"
269
- },
270
- "@aws-cdk/aws-kms:defaultKeyPolicies": {
271
- "recommendedValue": true,
272
- "explanation": "Tighten default KMS key policies"
273
- },
274
- "@aws-cdk/aws-s3:grantWriteWithoutAcl": {
275
- "recommendedValue": true,
276
- "explanation": "Remove `PutObjectAcl` from Bucket.grantWrite"
259
+ "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path",
260
+ "unconfiguredBehavesLike": {
261
+ "v2": true
262
+ }
277
263
  },
278
- "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": {
264
+ "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": {
279
265
  "recommendedValue": true,
280
- "explanation": "Do not specify a default DesiredCount for ECS services"
266
+ "explanation": "Disable implicit openListener when custom security groups are provided"
281
267
  },
282
268
  "@aws-cdk/aws-rds:lowercaseDbIdentifier": {
283
269
  "recommendedValue": true,
284
- "explanation": "Force lowercasing of RDS Cluster names in CDK"
270
+ "explanation": "Force lowercasing of RDS Cluster names in CDK",
271
+ "unconfiguredBehavesLike": {
272
+ "v2": true
273
+ }
285
274
  },
286
275
  "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": {
287
276
  "recommendedValue": true,
288
- "explanation": "Allow adding/removing multiple UsagePlanKeys independently"
289
- },
290
- "@aws-cdk/aws-efs:defaultEncryptionAtRest": {
291
- "recommendedValue": true,
292
- "explanation": "Enable this feature flag to have elastic file systems encrypted at rest by default."
277
+ "explanation": "Allow adding/removing multiple UsagePlanKeys independently",
278
+ "unconfiguredBehavesLike": {
279
+ "v2": true
280
+ }
293
281
  },
294
282
  "@aws-cdk/aws-lambda:recognizeVersionProps": {
295
283
  "recommendedValue": true,
296
- "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`."
284
+ "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.",
285
+ "unconfiguredBehavesLike": {
286
+ "v2": true
287
+ }
297
288
  },
298
289
  "@aws-cdk/aws-lambda:recognizeLayerVersion": {
299
290
  "userValue": true,
@@ -302,7 +293,10 @@
302
293
  },
303
294
  "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": {
304
295
  "recommendedValue": true,
305
- "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default."
296
+ "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.",
297
+ "unconfiguredBehavesLike": {
298
+ "v2": true
299
+ }
306
300
  },
307
301
  "@aws-cdk/core:checkSecretUsage": {
308
302
  "userValue": true,
@@ -379,7 +373,7 @@
379
373
  "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": {
380
374
  "userValue": true,
381
375
  "recommendedValue": true,
382
- "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in."
376
+ "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in."
383
377
  },
384
378
  "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": {
385
379
  "userValue": true,
@@ -523,7 +517,10 @@
523
517
  },
524
518
  "@aws-cdk/pipelines:reduceAssetRoleTrustScope": {
525
519
  "recommendedValue": true,
526
- "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy"
520
+ "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy",
521
+ "unconfiguredBehavesLike": {
522
+ "v2": true
523
+ }
527
524
  },
528
525
  "@aws-cdk/aws-eks:nodegroupNameAttribute": {
529
526
  "userValue": true,
@@ -552,23 +549,16 @@
552
549
  },
553
550
  "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": {
554
551
  "recommendedValue": true,
555
- "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model."
552
+ "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.",
553
+ "unconfiguredBehavesLike": {
554
+ "v2": true
555
+ }
556
556
  },
557
557
  "@aws-cdk/core:explicitStackTags": {
558
558
  "userValue": true,
559
559
  "recommendedValue": true,
560
560
  "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack."
561
561
  },
562
- "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": {
563
- "userValue": false,
564
- "recommendedValue": false,
565
- "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**"
566
- },
567
- "@aws-cdk/aws-ecs:disableEcsImdsBlocking": {
568
- "userValue": true,
569
- "recommendedValue": true,
570
- "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**"
571
- },
572
562
  "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": {
573
563
  "userValue": true,
574
564
  "recommendedValue": true,
@@ -616,7 +606,10 @@
616
606
  },
617
607
  "@aws-cdk/core:aspectStabilization": {
618
608
  "recommendedValue": true,
619
- "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis."
609
+ "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.",
610
+ "unconfiguredBehavesLike": {
611
+ "v2": true
612
+ }
620
613
  },
621
614
  "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": {
622
615
  "userValue": true,
@@ -650,7 +643,10 @@
650
643
  },
651
644
  "@aws-cdk/pipelines:reduceStageRoleTrustScope": {
652
645
  "recommendedValue": true,
653
- "explanation": "Remove the root account principal from Stage addActions trust policy"
646
+ "explanation": "Remove the root account principal from Stage addActions trust policy",
647
+ "unconfiguredBehavesLike": {
648
+ "v2": true
649
+ }
654
650
  },
655
651
  "@aws-cdk/aws-events:requireEventBusPolicySid": {
656
652
  "userValue": true,
@@ -673,7 +669,10 @@
673
669
  },
674
670
  "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": {
675
671
  "recommendedValue": true,
676
- "explanation": "When enabled, scopes down the trust policy for the cross-account action role"
672
+ "explanation": "When enabled, scopes down the trust policy for the cross-account action role",
673
+ "unconfiguredBehavesLike": {
674
+ "v2": true
675
+ }
677
676
  },
678
677
  "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": {
679
678
  "userValue": true,
@@ -703,6 +702,25 @@
703
702
  "userValue": true,
704
703
  "recommendedValue": true,
705
704
  "explanation": "When enabled, CDK creates and manages loggroup for the lambda function"
705
+ },
706
+ "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": {
707
+ "recommendedValue": true,
708
+ "explanation": "When enabled, Network Load Balancer will be created with a security group by default."
709
+ },
710
+ "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": {
711
+ "recommendedValue": true,
712
+ "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.",
713
+ "unconfiguredBehavesLike": {
714
+ "v2": true
715
+ }
716
+ },
717
+ "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": {
718
+ "recommendedValue": true,
719
+ "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement"
720
+ },
721
+ "@aws-cdk/aws-route53-patterns:useDistribution": {
722
+ "recommendedValue": true,
723
+ "explanation": "Use the `Distribution` resource instead of `CloudFrontWebDistribution`"
706
724
  }
707
725
  }
708
726
  }
@@ -1 +1 @@
1
- {"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.206.0"},"children":{"cfts3-no-logging":{"id":"cfts3-no-logging","path":"cfts3-no-logging","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.206.0"},"children":{"test-cloudfront-s3":{"id":"test-cloudfront-s3","path":"cfts3-no-logging/test-cloudfront-s3","constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.86.0"},"children":{"S3Bucket":{"id":"S3Bucket","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.206.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"autoDeleteObjects":true},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.206.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3S3BucketE0C5F76E"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3CloudFrontDistribution0565DEE8"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]},"/*"]]}},{"Action":"s3:ListBucket","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3CloudFrontDistribution0565DEE8"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.206.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}}}},"SetHttpSecurityHeaders":{"id":"SetHttpSecurityHeaders","path":"cfts3-no-logging/test-cloudfront-s3/SetHttpSecurityHeaders","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Function","version":"2.206.0","metadata":[{"functionName":"*","code":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-no-logging/test-cloudfront-s3/SetHttpSecurityHeaders/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnFunction","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Function","aws:cdk:cloudformation:props":{"autoPublish":true,"functionCode":"function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }","functionConfig":{"comment":"SetHttpSecurityHeadersc8bdfbb6e2803af376fb302dc008562b2ae50a02bb","runtime":"cloudfront-js-1.0"},"name":"SetHttpSecurityHeadersc8bdfbb6e2803af376fb302dc008562b2ae50a02bb"}}}}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-no-logging/test-cloudfront-s3/CloudFrontOac","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testnt-s3-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-no-logging/test-cloudfront-s3/CloudFrontDistribution","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.206.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https","functionAssociations":[{"eventType":"viewer-response","function":"*"}]},"enableLogging":false,"logBucket":"*","defaultRootObject":"*"}]},"children":{"Origin1":{"id":"Origin1","path":"cfts3-no-logging/test-cloudfront-s3/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-no-logging/test-cloudfront-s3/CloudFrontDistribution/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.206.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","RegionalDomainName"]},"id":"cfts3nologgingtestcloudfronts3CloudFrontDistributionOrigin1C951FD12","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3nologgingtestcloudfronts3CloudFrontDistributionOrigin1C951FD12","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https","functionAssociations":[{"functionArn":{"Fn::GetAtt":["testcloudfronts3SetHttpSecurityHeaders6C5A1E69","FunctionARN"]},"eventType":"viewer-response"}]},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true}}}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-no-logging/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.206.0"},"children":{"Staging":{"id":"Staging","path":"cfts3-no-logging/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.206.0"}},"Role":{"id":"Role","path":"cfts3-no-logging/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}},"Handler":{"id":"Handler","path":"cfts3-no-logging/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.206.0"}}}},"Integ":{"id":"Integ","path":"cfts3-no-logging/Integ","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.206.0-alpha.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-no-logging/Integ/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.206.0-alpha.0"},"children":{"Default":{"id":"Default","path":"cfts3-no-logging/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-no-logging/Integ/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.206.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-no-logging/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.206.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-no-logging/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.206.0"}}}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-no-logging/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.206.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-no-logging/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.206.0"}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}}
1
+ {"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.233.0"},"children":{"cfts3-no-logging":{"id":"cfts3-no-logging","path":"cfts3-no-logging","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.233.0"},"children":{"test-cloudfront-s3":{"id":"test-cloudfront-s3","path":"cfts3-no-logging/test-cloudfront-s3","constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.97.0"},"children":{"S3Bucket":{"id":"S3Bucket","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.233.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"autoDeleteObjects":true},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.233.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3S3BucketE0C5F76E"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3CloudFrontDistribution0565DEE8"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]},"/*"]]}},{"Action":"s3:ListBucket","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3CloudFrontDistribution0565DEE8"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","Arn"]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.233.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-no-logging/test-cloudfront-s3/S3Bucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.233.0"}}}}}},"SetHttpSecurityHeaders":{"id":"SetHttpSecurityHeaders","path":"cfts3-no-logging/test-cloudfront-s3/SetHttpSecurityHeaders","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Function","version":"2.233.0","metadata":[{"functionName":"*","code":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-no-logging/test-cloudfront-s3/SetHttpSecurityHeaders/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnFunction","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Function","aws:cdk:cloudformation:props":{"autoPublish":true,"functionCode":"function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }","functionConfig":{"comment":"SetHttpSecurityHeadersc8bdfbb6e2803af376fb302dc008562b2ae50a02bb","runtime":"cloudfront-js-1.0"},"name":"SetHttpSecurityHeadersc8bdfbb6e2803af376fb302dc008562b2ae50a02bb"}}}}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-no-logging/test-cloudfront-s3/CloudFrontOac","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testnt-s3-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-no-logging/test-cloudfront-s3/CloudFrontDistribution","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.233.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https","functionAssociations":[{"eventType":"viewer-response","function":"*"}]},"enableLogging":false,"logBucket":"*","defaultRootObject":"*"}]},"children":{"Origin1":{"id":"Origin1","path":"cfts3-no-logging/test-cloudfront-s3/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-no-logging/test-cloudfront-s3/CloudFrontDistribution/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["testcloudfronts3S3BucketE0C5F76E","RegionalDomainName"]},"id":"cfts3nologgingtestcloudfronts3CloudFrontDistributionOrigin1C951FD12","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3nologgingtestcloudfronts3CloudFrontDistributionOrigin1C951FD12","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https","functionAssociations":[{"functionArn":{"Fn::GetAtt":["testcloudfronts3SetHttpSecurityHeaders6C5A1E69","FunctionARN"]},"eventType":"viewer-response"}]},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true}}}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-no-logging/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.233.0"},"children":{"Staging":{"id":"Staging","path":"cfts3-no-logging/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.233.0"}},"Role":{"id":"Role","path":"cfts3-no-logging/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.233.0"}},"Handler":{"id":"Handler","path":"cfts3-no-logging/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.233.0"}}}},"Integ":{"id":"Integ","path":"cfts3-no-logging/Integ","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.233.0-alpha.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-no-logging/Integ/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.233.0-alpha.0"},"children":{"Default":{"id":"Default","path":"cfts3-no-logging/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-no-logging/Integ/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.233.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-no-logging/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.233.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-no-logging/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.233.0"}}}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-no-logging/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.233.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-no-logging/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.233.0"}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}}
@@ -0,0 +1 @@
1
+ "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +1 @@
1
- {"version":"45.0.0"}
1
+ {"version":"48.0.0"}
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "45.0.0",
2
+ "version": "48.0.0",
3
3
  "files": {
4
4
  "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6": {
5
5
  "displayName": "cfts3-no-security-headers/Custom::S3AutoDeleteObjectsCustomResourceProvider Code",
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "45.0.0",
2
+ "version": "48.0.0",
3
3
  "files": {
4
4
  "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
5
5
  "displayName": "cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE Template",
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "45.0.0",
2
+ "version": "48.0.0",
3
3
  "testCases": {
4
4
  "cfts3-no-security-headers/Integ/DefaultTest": {
5
5
  "stacks": [
@@ -9,5 +9,5 @@
9
9
  "assertionStackName": "cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE"
10
10
  }
11
11
  },
12
- "minimumCliVersion": "2.1020.2"
12
+ "minimumCliVersion": "2.1033.0"
13
13
  }
@@ -360,57 +360,48 @@
360
360
  "properties": {
361
361
  "module": "aws-cdk-lib",
362
362
  "flags": {
363
- "@aws-cdk/core:enableStackNameDuplicates": {
363
+ "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": {
364
364
  "recommendedValue": true,
365
- "explanation": "Allow multiple stacks with the same name"
366
- },
367
- "aws-cdk:enableDiffNoFail": {
368
- "recommendedValue": true,
369
- "explanation": "Make `cdk diff` not fail when there are differences"
365
+ "explanation": "Pass signingProfileName to CfnSigningProfile"
370
366
  },
371
367
  "@aws-cdk/core:newStyleStackSynthesis": {
372
368
  "recommendedValue": true,
373
- "explanation": "Switch to new stack synthesis method which enables CI/CD"
369
+ "explanation": "Switch to new stack synthesis method which enables CI/CD",
370
+ "unconfiguredBehavesLike": {
371
+ "v2": true
372
+ }
374
373
  },
375
374
  "@aws-cdk/core:stackRelativeExports": {
376
375
  "recommendedValue": true,
377
- "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path"
378
- },
379
- "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": {
380
- "recommendedValue": true,
381
- "explanation": "DockerImageAsset properly supports `.dockerignore` files by default"
382
- },
383
- "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": {
384
- "recommendedValue": true,
385
- "explanation": "Fix the referencing of SecretsManager names from ARNs"
386
- },
387
- "@aws-cdk/aws-kms:defaultKeyPolicies": {
388
- "recommendedValue": true,
389
- "explanation": "Tighten default KMS key policies"
390
- },
391
- "@aws-cdk/aws-s3:grantWriteWithoutAcl": {
392
- "recommendedValue": true,
393
- "explanation": "Remove `PutObjectAcl` from Bucket.grantWrite"
376
+ "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path",
377
+ "unconfiguredBehavesLike": {
378
+ "v2": true
379
+ }
394
380
  },
395
- "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": {
381
+ "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": {
396
382
  "recommendedValue": true,
397
- "explanation": "Do not specify a default DesiredCount for ECS services"
383
+ "explanation": "Disable implicit openListener when custom security groups are provided"
398
384
  },
399
385
  "@aws-cdk/aws-rds:lowercaseDbIdentifier": {
400
386
  "recommendedValue": true,
401
- "explanation": "Force lowercasing of RDS Cluster names in CDK"
387
+ "explanation": "Force lowercasing of RDS Cluster names in CDK",
388
+ "unconfiguredBehavesLike": {
389
+ "v2": true
390
+ }
402
391
  },
403
392
  "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": {
404
393
  "recommendedValue": true,
405
- "explanation": "Allow adding/removing multiple UsagePlanKeys independently"
406
- },
407
- "@aws-cdk/aws-efs:defaultEncryptionAtRest": {
408
- "recommendedValue": true,
409
- "explanation": "Enable this feature flag to have elastic file systems encrypted at rest by default."
394
+ "explanation": "Allow adding/removing multiple UsagePlanKeys independently",
395
+ "unconfiguredBehavesLike": {
396
+ "v2": true
397
+ }
410
398
  },
411
399
  "@aws-cdk/aws-lambda:recognizeVersionProps": {
412
400
  "recommendedValue": true,
413
- "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`."
401
+ "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.",
402
+ "unconfiguredBehavesLike": {
403
+ "v2": true
404
+ }
414
405
  },
415
406
  "@aws-cdk/aws-lambda:recognizeLayerVersion": {
416
407
  "userValue": true,
@@ -419,7 +410,10 @@
419
410
  },
420
411
  "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": {
421
412
  "recommendedValue": true,
422
- "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default."
413
+ "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.",
414
+ "unconfiguredBehavesLike": {
415
+ "v2": true
416
+ }
423
417
  },
424
418
  "@aws-cdk/core:checkSecretUsage": {
425
419
  "userValue": true,
@@ -496,7 +490,7 @@
496
490
  "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": {
497
491
  "userValue": true,
498
492
  "recommendedValue": true,
499
- "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in."
493
+ "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in."
500
494
  },
501
495
  "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": {
502
496
  "userValue": true,
@@ -640,7 +634,10 @@
640
634
  },
641
635
  "@aws-cdk/pipelines:reduceAssetRoleTrustScope": {
642
636
  "recommendedValue": true,
643
- "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy"
637
+ "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy",
638
+ "unconfiguredBehavesLike": {
639
+ "v2": true
640
+ }
644
641
  },
645
642
  "@aws-cdk/aws-eks:nodegroupNameAttribute": {
646
643
  "userValue": true,
@@ -669,23 +666,16 @@
669
666
  },
670
667
  "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": {
671
668
  "recommendedValue": true,
672
- "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model."
669
+ "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.",
670
+ "unconfiguredBehavesLike": {
671
+ "v2": true
672
+ }
673
673
  },
674
674
  "@aws-cdk/core:explicitStackTags": {
675
675
  "userValue": true,
676
676
  "recommendedValue": true,
677
677
  "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack."
678
678
  },
679
- "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": {
680
- "userValue": false,
681
- "recommendedValue": false,
682
- "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**"
683
- },
684
- "@aws-cdk/aws-ecs:disableEcsImdsBlocking": {
685
- "userValue": true,
686
- "recommendedValue": true,
687
- "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**"
688
- },
689
679
  "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": {
690
680
  "userValue": true,
691
681
  "recommendedValue": true,
@@ -733,7 +723,10 @@
733
723
  },
734
724
  "@aws-cdk/core:aspectStabilization": {
735
725
  "recommendedValue": true,
736
- "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis."
726
+ "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.",
727
+ "unconfiguredBehavesLike": {
728
+ "v2": true
729
+ }
737
730
  },
738
731
  "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": {
739
732
  "userValue": true,
@@ -767,7 +760,10 @@
767
760
  },
768
761
  "@aws-cdk/pipelines:reduceStageRoleTrustScope": {
769
762
  "recommendedValue": true,
770
- "explanation": "Remove the root account principal from Stage addActions trust policy"
763
+ "explanation": "Remove the root account principal from Stage addActions trust policy",
764
+ "unconfiguredBehavesLike": {
765
+ "v2": true
766
+ }
771
767
  },
772
768
  "@aws-cdk/aws-events:requireEventBusPolicySid": {
773
769
  "userValue": true,
@@ -790,7 +786,10 @@
790
786
  },
791
787
  "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": {
792
788
  "recommendedValue": true,
793
- "explanation": "When enabled, scopes down the trust policy for the cross-account action role"
789
+ "explanation": "When enabled, scopes down the trust policy for the cross-account action role",
790
+ "unconfiguredBehavesLike": {
791
+ "v2": true
792
+ }
794
793
  },
795
794
  "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": {
796
795
  "userValue": true,
@@ -820,6 +819,25 @@
820
819
  "userValue": true,
821
820
  "recommendedValue": true,
822
821
  "explanation": "When enabled, CDK creates and manages loggroup for the lambda function"
822
+ },
823
+ "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": {
824
+ "recommendedValue": true,
825
+ "explanation": "When enabled, Network Load Balancer will be created with a security group by default."
826
+ },
827
+ "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": {
828
+ "recommendedValue": true,
829
+ "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.",
830
+ "unconfiguredBehavesLike": {
831
+ "v2": true
832
+ }
833
+ },
834
+ "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": {
835
+ "recommendedValue": true,
836
+ "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement"
837
+ },
838
+ "@aws-cdk/aws-route53-patterns:useDistribution": {
839
+ "recommendedValue": true,
840
+ "explanation": "Use the `Distribution` resource instead of `CloudFrontWebDistribution`"
823
841
  }
824
842
  }
825
843
  }