@aws-solutions-constructs/aws-cloudfront-s3 2.97.0 → 2.99.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (99) hide show
  1. package/.jsii +64 -6
  2. package/README.adoc +3 -3
  3. package/lib/index.d.ts +1 -1
  4. package/lib/index.js +2 -2
  5. package/package.json +8 -8
  6. package/test/integ.cfts3-additional-behavior.js.snapshot/integ.json +1 -1
  7. package/test/integ.cfts3-additional-behavior.js.snapshot/manifest.json +20 -11
  8. package/test/integ.cfts3-additional-behavior.js.snapshot/tree.json +1 -1
  9. package/test/{integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/framework.js +1 -1
  10. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.assets.json +7 -7
  11. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.template.json +1 -1
  12. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/integ.json +1 -1
  13. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/manifest.json +7 -23
  14. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/tree.json +1 -1
  15. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  16. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -1
  17. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +1 -1
  18. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16.assets.json +1 -1
  19. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +2 -2
  20. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +68 -50
  21. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +1 -1
  22. package/test/{integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/framework.js +1 -1
  23. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.assets.json +7 -7
  24. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/cfts3-cmk-provided-as-bucket-prop.template.json +1 -1
  25. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/integ.json +1 -1
  26. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/manifest.json +7 -23
  27. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/tree.json +1 -1
  28. package/test/integ.cfts3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  29. package/test/integ.cfts3-custom-headers.js.snapshot/cdk.out +1 -1
  30. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3-custom-headers.assets.json +1 -1
  31. package/test/integ.cfts3-custom-headers.js.snapshot/cfts3customheadersIntegDefaultTestDeployAssert6EEC9973.assets.json +1 -1
  32. package/test/integ.cfts3-custom-headers.js.snapshot/integ.json +2 -2
  33. package/test/integ.cfts3-custom-headers.js.snapshot/manifest.json +68 -50
  34. package/test/integ.cfts3-custom-headers.js.snapshot/tree.json +1 -1
  35. package/test/integ.cfts3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  36. package/test/integ.cfts3-custom-originPath.js.snapshot/cdk.out +1 -1
  37. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3-custom-originPath.assets.json +1 -1
  38. package/test/integ.cfts3-custom-originPath.js.snapshot/cfts3customoriginPathIntegDefaultTestDeployAssert61F499B2.assets.json +1 -1
  39. package/test/integ.cfts3-custom-originPath.js.snapshot/integ.json +2 -2
  40. package/test/integ.cfts3-custom-originPath.js.snapshot/manifest.json +68 -50
  41. package/test/integ.cfts3-custom-originPath.js.snapshot/tree.json +1 -1
  42. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  43. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cdk.out +1 -1
  44. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3-customLoggingBuckets.assets.json +1 -1
  45. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/cfts3customLoggingBucketsIntegDefaultTestDeployAssert4D171F9F.assets.json +1 -1
  46. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/integ.json +2 -2
  47. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/manifest.json +68 -50
  48. package/test/integ.cfts3-customLoggingBuckets.js.snapshot/tree.json +1 -1
  49. package/test/integ.cfts3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  50. package/test/integ.cfts3-existing-bucket.js.snapshot/cdk.out +1 -1
  51. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3-existing-bucket.assets.json +1 -1
  52. package/test/integ.cfts3-existing-bucket.js.snapshot/cfts3existingbucketIntegDefaultTestDeployAssertA6D4EB49.assets.json +1 -1
  53. package/test/integ.cfts3-existing-bucket.js.snapshot/integ.json +2 -2
  54. package/test/integ.cfts3-existing-bucket.js.snapshot/manifest.json +68 -50
  55. package/test/integ.cfts3-existing-bucket.js.snapshot/tree.json +1 -1
  56. package/test/integ.cfts3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  57. package/test/integ.cfts3-no-arguments.js.snapshot/cdk.out +1 -1
  58. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3-no-arguments.assets.json +1 -1
  59. package/test/integ.cfts3-no-arguments.js.snapshot/cfts3noargumentsIntegDefaultTestDeployAssertBA5AFA25.assets.json +1 -1
  60. package/test/integ.cfts3-no-arguments.js.snapshot/integ.json +2 -2
  61. package/test/integ.cfts3-no-arguments.js.snapshot/manifest.json +68 -50
  62. package/test/integ.cfts3-no-arguments.js.snapshot/tree.json +1 -1
  63. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  64. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -1
  65. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/cfts3-no-cloudfront-s3-access-logs.assets.json +1 -1
  66. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/cfts3nocloudfronts3accesslogsIntegDefaultTestDeployAssertAD28C87A.assets.json +1 -1
  67. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +2 -2
  68. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +68 -50
  69. package/test/integ.cfts3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +1 -1
  70. package/test/integ.cfts3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  71. package/test/integ.cfts3-no-logging.js.snapshot/cdk.out +1 -1
  72. package/test/integ.cfts3-no-logging.js.snapshot/cfts3-no-logging.assets.json +1 -1
  73. package/test/integ.cfts3-no-logging.js.snapshot/cfts3nologgingIntegDefaultTestDeployAssert18393DDB.assets.json +1 -1
  74. package/test/integ.cfts3-no-logging.js.snapshot/integ.json +2 -2
  75. package/test/integ.cfts3-no-logging.js.snapshot/manifest.json +68 -50
  76. package/test/integ.cfts3-no-logging.js.snapshot/tree.json +1 -1
  77. package/test/integ.cfts3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
  78. package/test/integ.cfts3-no-security-headers.js.snapshot/cdk.out +1 -1
  79. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3-no-security-headers.assets.json +1 -1
  80. package/test/integ.cfts3-no-security-headers.js.snapshot/cfts3nosecurityheadersIntegDefaultTestDeployAssert38FE05BE.assets.json +1 -1
  81. package/test/integ.cfts3-no-security-headers.js.snapshot/integ.json +2 -2
  82. package/test/integ.cfts3-no-security-headers.js.snapshot/manifest.json +68 -50
  83. package/test/integ.cfts3-no-security-headers.js.snapshot/tree.json +1 -1
  84. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cdk.out +0 -1
  85. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.assets.json +0 -19
  86. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3-bucket-with-http-origin.template.json +0 -552
  87. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.assets.json +0 -19
  88. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/cfts3bucketwithhttporiginIntegDefaultTestDeployAssert75EB76AB.template.json +0 -36
  89. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/integ.json +0 -12
  90. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/manifest.json +0 -161
  91. package/test/integ.cfts3-bucket-with-http-origin.js.snapshot/tree.json +0 -746
  92. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/cfn-response.js +0 -0
  93. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/consts.js +0 -0
  94. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/outbound.js +0 -0
  95. /package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/util.js +0 -0
  96. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/cfn-response.js +0 -0
  97. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/consts.js +0 -0
  98. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/outbound.js +0 -0
  99. /package/test/integ.cfts3-cmk-provided-as-bucket-prop.js.snapshot/{asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca → asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57}/util.js +0 -0
@@ -9,5 +9,5 @@
9
9
  "assertionStackName": "cfts3bucketencryptedwithcmkprovidedasexistingbucketIntegDefaultTestDeployAssertF6031114"
10
10
  }
11
11
  },
12
- "minimumCliVersion": "2.1029.2"
12
+ "minimumCliVersion": "2.1033.0"
13
13
  }
@@ -66,7 +66,7 @@
66
66
  "validateOnSynth": false,
67
67
  "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
68
68
  "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
69
- "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d18c67cb980c0f65d688822090b4c6849c46f50df7e7e743d58e8f286611061b.json",
69
+ "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a2a4a962b23dc72b8266130f8bcd16986c27c678685085ee5e997f5a98247c4e.json",
70
70
  "requiresBootstrapStackVersion": 6,
71
71
  "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
72
72
  "additionalDependencies": [
@@ -547,18 +547,8 @@
547
547
  ],
548
548
  "/cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole": [
549
549
  {
550
- "type": "aws:cdk:analytics:construct",
551
- "data": {
552
- "assumedBy": {
553
- "principalAccount": "*",
554
- "assumeRoleAction": "*"
555
- },
556
- "managedPolicies": [
557
- {
558
- "managedPolicyArn": "*"
559
- }
560
- ]
561
- }
550
+ "type": "aws:cdk:warning",
551
+ "data": "Failed to add construct metadata for node [ServiceRole]. Reason: ValidationError: The result of fromAwsManagedPolicyName can not be used in this API [ack: @aws-cdk/core:addConstructMetadataFailed]"
562
552
  },
563
553
  {
564
554
  "type": "aws:cdk:analytics:method",
@@ -1047,16 +1037,6 @@
1047
1037
  "recommendedValue": true,
1048
1038
  "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack."
1049
1039
  },
1050
- "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": {
1051
- "userValue": false,
1052
- "recommendedValue": false,
1053
- "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**"
1054
- },
1055
- "@aws-cdk/aws-ecs:disableEcsImdsBlocking": {
1056
- "userValue": true,
1057
- "recommendedValue": true,
1058
- "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**"
1059
- },
1060
1040
  "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": {
1061
1041
  "userValue": true,
1062
1042
  "recommendedValue": true,
@@ -1215,6 +1195,10 @@
1215
1195
  "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": {
1216
1196
  "recommendedValue": true,
1217
1197
  "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement"
1198
+ },
1199
+ "@aws-cdk/aws-route53-patterns:useDistribution": {
1200
+ "recommendedValue": true,
1201
+ "explanation": "Use the `Distribution` resource instead of `CloudFrontWebDistribution`"
1218
1202
  }
1219
1203
  }
1220
1204
  }
@@ -1 +1 @@
1
- {"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.223.0"},"children":{"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket":{"id":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.223.0"},"children":{"cmkKey":{"id":"cmkKey","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.Key","version":"2.223.0","metadata":[{"enableKeyRotation":true,"removalPolicy":"destroy"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.CfnKey","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::KMS::Key","aws:cdk:cloudformation:props":{"enableKeyRotation":true,"keyPolicy":{"Statement":[{"Action":"kms:*","Effect":"Allow","Principal":{"AWS":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::",{"Ref":"AWS::AccountId"},":root"]]}},"Resource":"*"}],"Version":"2012-10-17"}}}}}},"existing-s3-bucket-encrypted-with-cmkS3LoggingBucket":{"id":"existing-s3-bucket-encrypted-with-cmkS3LoggingBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.223.0"},"children":{"Staging":{"id":"Staging","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.223.0"}},"Role":{"id":"Role","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}},"Handler":{"id":"Handler","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}},"existing-s3-bucket-encrypted-with-cmkS3Bucket":{"id":"existing-s3-bucket-encrypted-with-cmkS3Bucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"KMS","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"serverAccessLogsBucket":"*","encryptionKey":"*","autoDeleteObjects":true},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms","kmsMasterKeyId":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"}},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"existings3bucketencryptedwithcmkS3BucketCC461491"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}},{"Action":"s3:ListBucket","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"test-cloudfront-s3-cmk-encryption-key":{"id":"test-cloudfront-s3-cmk-encryption-key","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key","constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.95.1"},"children":{"CloudfrontLoggingBucketAccessLog":{"id":"CloudfrontLoggingBucketAccessLog","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"CloudfrontLoggingBucket":{"id":"CloudfrontLoggingBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.223.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true,"objectOwnership":"ObjectWriter","serverAccessLogsBucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"}},"ownershipControls":{"rules":[{"objectOwnership":"ObjectWriter"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.223.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testn-key-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.223.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https"},"enableLogging":true,"logBucket":"*","defaultRootObject":"*"}]},"children":{"Origin1":{"id":"Origin1","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","RegionalDomainName"]},"id":"cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https"},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true,"logging":{"bucket":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","RegionalDomainName"]}}}}}}}},"LambdaFunctionServiceRole":{"id":"LambdaFunctionServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.223.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*"},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportLambdaFunctionServiceRole":{"id":"ImportLambdaFunctionServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.223.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"LambdaFunctionServiceRolePolicy","policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/*"]]}}],"Version":"2012-10-17"}}]}}}}},"LambdaFunction":{"id":"LambdaFunction","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.223.0","metadata":[{"role":"*","tracing":"Active","runtime":"*","handler":"*","description":"*","timeout":"*","memorySize":"*","code":"*"},{"addEnvironment":["*","*",{"removeInEdge":true}]}]},"children":{"Code":{"id":"Code","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.223.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.223.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.223.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"},"description":"Custom resource function that updates a provided key policy to allow CloudFront access.","environment":{"variables":{"AWS_NODEJS_CONNECTION_REUSE_ENABLED":"1"}},"handler":"index.handler","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D","Arn"]},"runtime":"nodejs22.x","tracingConfig":{"mode":"Active"}}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyLambdaFunctioninlinePolicyAddedToExecutionRole030BCEDF3","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}}}},"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy":{"id":"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["kms:DescribeKey","kms:GetKeyPolicy","kms:PutKeyPolicy"],"Effect":"Allow","Resource":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}},"KmsKeyPolicyUpdateProvider":{"id":"KmsKeyPolicyUpdateProvider","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider","constructInfo":{"fqn":"aws-cdk-lib.custom_resources.Provider","version":"2.223.0"},"children":{"framework-onEvent":{"id":"framework-onEvent","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.223.0","metadata":[{"code":"*","description":"*","runtime":"*","handler":"*","timeout":"*","loggingFormat":"JSON","applicationLogLevelV2":"FATAL","logGroup":"*","vpc":"*","vpcSubnets":"*","securityGroups":"*","role":"*","functionName":"*","environmentEncryption":"*"},{"addEnvironment":["*","*"]}]},"children":{"ServiceRole":{"id":"ServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.223.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.223.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:InvokeFunction","Effect":"Allow","Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},":*"]]}]}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}},"Code":{"id":"Code","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.223.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.223.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.223.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"},"description":"AWS CDK resource provider framework - onEvent (cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)","environment":{"variables":{"USER_ON_EVENT_FUNCTION_ARN":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}},"handler":"framework.onEvent","loggingConfig":{"logFormat":"JSON","applicationLogLevel":"FATAL"},"role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD","Arn"]},"runtime":"nodejs22.x","timeout":900}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.223.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.223.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:GetFunction","Effect":"Allow","Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventinlinePolicyAddedToExecutionRole0055AB010","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}}}},"KmsKeyPolicyUpdater":{"id":"KmsKeyPolicyUpdater","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.223.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.223.0"}}}}}},"Integ":{"id":"Integ","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.223.0-alpha.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.223.0-alpha.0"},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.223.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.223.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.223.0"}}}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.223.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.223.0"}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}}
1
+ {"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"2.233.0"},"children":{"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket":{"id":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.233.0"},"children":{"cmkKey":{"id":"cmkKey","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.Key","version":"2.233.0","metadata":[{"enableKeyRotation":true,"removalPolicy":"destroy"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/cmkKey/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_kms.CfnKey","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::KMS::Key","aws:cdk:cloudformation:props":{"enableKeyRotation":true,"keyPolicy":{"Statement":[{"Action":"kms:*","Effect":"Allow","Principal":{"AWS":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::",{"Ref":"AWS::AccountId"},":root"]]}},"Resource":"*"}],"Version":"2012-10-17"}}}}}},"existing-s3-bucket-encrypted-with-cmkS3LoggingBucket":{"id":"existing-s3-bucket-encrypted-with-cmkS3LoggingBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.233.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.233.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.233.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3LoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.233.0"}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"2.233.0"},"children":{"Staging":{"id":"Staging","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.233.0"}},"Role":{"id":"Role","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.233.0"}},"Handler":{"id":"Handler","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.233.0"}}}},"existing-s3-bucket-encrypted-with-cmkS3Bucket":{"id":"existing-s3-bucket-encrypted-with-cmkS3Bucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.233.0","metadata":[{"encryption":"KMS","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"lifecycleRules":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]}],"serverAccessLogsBucket":"*","encryptionKey":"*","autoDeleteObjects":true},{"addLifecycleRule":[{"noncurrentVersionTransitions":[{"storageClass":"*"}]},"*","*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"aws:kms","kmsMasterKeyId":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}}]},"lifecycleConfiguration":{"rules":[{"noncurrentVersionTransitions":[{"storageClass":"GLACIER","transitionInDays":90}],"status":"Enabled"}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"existings3bucketencryptedwithcmkS3LoggingBucket2B2DE39B"}},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.233.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"existings3bucketencryptedwithcmkS3BucketCC461491"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}]},{"Action":"s3:GetObject","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]},"/*"]]}},{"Action":"s3:ListBucket","Condition":{"StringEquals":{"AWS:SourceArn":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":cloudfront::",{"Ref":"AWS::AccountId"},":distribution/",{"Ref":"testcloudfronts3cmkencryptionkeyCloudFrontDistribution57C8A907"}]]}}},"Effect":"Allow","Principal":{"Service":"cloudfront.amazonaws.com"},"Resource":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","Arn"]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.233.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/existing-s3-bucket-encrypted-with-cmkS3Bucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.233.0"}}}}}},"test-cloudfront-s3-cmk-encryption-key":{"id":"test-cloudfront-s3-cmk-encryption-key","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key","constructInfo":{"fqn":"@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3","version":"2.97.0"},"children":{"CloudfrontLoggingBucketAccessLog":{"id":"CloudfrontLoggingBucketAccessLog","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.233.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.233.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}]},{"Action":"s3:PutObject","Condition":{"ArnLike":{"aws:SourceArn":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]}},"StringEquals":{"aws:SourceAccount":{"Ref":"AWS::AccountId"}}},"Effect":"Allow","Principal":{"Service":"logging.s3.amazonaws.com"},"Resource":{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C","Arn"]},"/*"]]}}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.233.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.233.0"}}}}}},"CloudfrontLoggingBucket":{"id":"CloudfrontLoggingBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"2.233.0","metadata":[{"encryption":"S3_MANAGED","versioned":true,"blockPublicAccess":"*","removalPolicy":"destroy","enforceSSL":true,"autoDeleteObjects":true,"objectOwnership":"ObjectWriter","serverAccessLogsBucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketEncryption":{"serverSideEncryptionConfiguration":[{"serverSideEncryptionByDefault":{"sseAlgorithm":"AES256"}}]},"loggingConfiguration":{"destinationBucketName":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucketAccessLog8863921C"}},"ownershipControls":{"rules":[{"objectOwnership":"ObjectWriter"}]},"publicAccessBlockConfiguration":{"blockPublicAcls":true,"blockPublicPolicy":true,"ignorePublicAcls":true,"restrictPublicBuckets":true},"tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}],"versioningConfiguration":{"status":"Enabled"}}}},"Policy":{"id":"Policy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"2.233.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD"},"policyDocument":{"Statement":[{"Action":"s3:*","Condition":{"Bool":{"aws:SecureTransport":"false"}},"Effect":"Deny","Principal":{"AWS":"*"},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]},{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.233.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.233.0"}}}}}},"CloudFrontOac":{"id":"CloudFrontOac","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontOac","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::OriginAccessControl","aws:cdk:cloudformation:props":{"originAccessControlConfig":{"name":{"Fn::Join":["",["aws-cloudfront-s3-testn-key-",{"Fn::Select":[2,{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]]},"originAccessControlOriginType":"s3","signingBehavior":"always","signingProtocol":"sigv4","description":"Origin access control provisioned by aws-cloudfront-s3"}}}},"CloudFrontDistribution":{"id":"CloudFrontDistribution","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.Distribution","version":"2.233.0","metadata":[{"defaultBehavior":{"origin":"*","viewerProtocolPolicy":"redirect-to-https"},"enableLogging":true,"logBucket":"*","defaultRootObject":"*"}]},"children":{"Origin1":{"id":"Origin1","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Origin1","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/CloudFrontDistribution/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cloudfront.CfnDistribution","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::CloudFront::Distribution","aws:cdk:cloudformation:props":{"distributionConfig":{"enabled":true,"origins":[{"domainName":{"Fn::GetAtt":["existings3bucketencryptedwithcmkS3BucketCC461491","RegionalDomainName"]},"id":"cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5","s3OriginConfig":{"originAccessIdentity":""}}],"defaultCacheBehavior":{"pathPattern":"*","targetOriginId":"cfts3bucketencryptedwithcmkprovidedasexistingbuckettestcloudfronts3cmkencryptionkeyCloudFrontDistributionOrigin128E2E2A5","cachePolicyId":"658327ea-f89d-4fab-a63d-7e88639e58f6","compress":true,"viewerProtocolPolicy":"redirect-to-https"},"defaultRootObject":"index.html","httpVersion":"http2","ipv6Enabled":true,"logging":{"bucket":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyCloudfrontLoggingBucket7C1787CD","RegionalDomainName"]}}}}}}}},"LambdaFunctionServiceRole":{"id":"LambdaFunctionServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.233.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"inlinePolicies":"*"},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportLambdaFunctionServiceRole":{"id":"ImportLambdaFunctionServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/ImportLambdaFunctionServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.233.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunctionServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"policies":[{"policyName":"LambdaFunctionServiceRolePolicy","policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/*"]]}}],"Version":"2012-10-17"}}]}}}}},"LambdaFunction":{"id":"LambdaFunction","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.233.0","metadata":[{"role":"*","tracing":"Active","runtime":"*","handler":"*","description":"*","timeout":"*","memorySize":"*","code":"*"},{"addEnvironment":["*","*",{"removeInEdge":true}]}]},"children":{"Code":{"id":"Code","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.233.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.233.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.233.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"e97825c838d70ceb13ba2f6223a7d94ed35687b70bfb224a0b9128e698e3f28e.zip"},"description":"Custom resource function that updates a provided key policy to allow CloudFront access.","environment":{"variables":{"AWS_NODEJS_CONNECTION_REUSE_ENABLED":"1"}},"handler":"index.handler","role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D","Arn"]},"runtime":"nodejs22.x","tracingConfig":{"mode":"Active"}}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.233.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/LambdaFunction/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyLambdaFunctioninlinePolicyAddedToExecutionRole030BCEDF3","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}}}},"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy":{"id":"test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.233.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/test-cloudfront-s3-cmk-encryption-keyResourceCmkPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["kms:DescribeKey","kms:GetKeyPolicy","kms:PutKeyPolicy"],"Effect":"Allow","Resource":{"Fn::GetAtt":["cmkKey598B20B2","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeytestcloudfronts3cmkencryptionkeyResourceCmkPolicyBD4BA975","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyLambdaFunctionServiceRole85783D1D"}]}}}}},"KmsKeyPolicyUpdateProvider":{"id":"KmsKeyPolicyUpdateProvider","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider","constructInfo":{"fqn":"aws-cdk-lib.custom_resources.Provider","version":"2.233.0"},"children":{"framework-onEvent":{"id":"framework-onEvent","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"2.233.0","metadata":[{"code":"*","description":"*","runtime":"*","handler":"*","timeout":"*","loggingFormat":"JSON","applicationLogLevelV2":"FATAL","logGroup":"*","vpc":"*","vpcSubnets":"*","securityGroups":"*","role":"*","functionName":"*","environmentEncryption":"*"},{"addEnvironment":["*","*"]}]},"children":{"ServiceRole":{"id":"ServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"2.233.0","metadata":[{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"2.233.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.233.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:InvokeFunction","Effect":"Allow","Resource":[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]},":*"]]}]}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRoleDefaultPolicy066CD751","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}},"Code":{"id":"Code","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"2.233.0"},"children":{"Stage":{"id":"Stage","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"2.233.0"}},"AssetBucket":{"id":"AssetBucket","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"2.233.0","metadata":[]}}}},"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"s3Bucket":{"Fn::Sub":"cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"},"s3Key":"07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57.zip"},"description":"AWS CDK resource provider framework - onEvent (cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider)","environment":{"variables":{"USER_ON_EVENT_FUNCTION_ARN":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}},"handler":"framework.onEvent","loggingConfig":{"logFormat":"JSON","applicationLogLevel":"FATAL"},"role":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD","Arn"]},"runtime":"nodejs22.x","timeout":900}}},"inlinePolicyAddedToExecutionRole-0":{"id":"inlinePolicyAddedToExecutionRole-0","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"2.233.0","metadata":[{"statements":"*"},{"addStatements":[{}]},{"attachToRole":["*"]},{"attachToRole":["*"]}]},"children":{"Resource":{"id":"Resource","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdateProvider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"2.233.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":"lambda:GetFunction","Effect":"Allow","Resource":{"Fn::GetAtt":["testcloudfronts3cmkencryptionkeyLambdaFunction4DCD662E","Arn"]}}],"Version":"2012-10-17"},"policyName":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventinlinePolicyAddedToExecutionRole0055AB010","roles":[{"Ref":"testcloudfronts3cmkencryptionkeyKmsKeyPolicyUpdateProviderframeworkonEventServiceRole3D4040AD"}]}}}}}}}}},"KmsKeyPolicyUpdater":{"id":"KmsKeyPolicyUpdater","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"2.233.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/test-cloudfront-s3-cmk-encryption-key/KmsKeyPolicyUpdater/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"2.233.0"}}}}}},"Integ":{"id":"Integ","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"2.233.0-alpha.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"2.233.0-alpha.0"},"children":{"Default":{"id":"Default","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"2.233.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.233.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.233.0"}}}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"2.233.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"2.233.0"}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}}
@@ -0,0 +1 @@
1
+ "use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
@@ -1 +1 @@
1
- {"version":"45.0.0"}
1
+ {"version":"48.0.0"}
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "45.0.0",
2
+ "version": "48.0.0",
3
3
  "files": {
4
4
  "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6": {
5
5
  "displayName": "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/Custom::S3AutoDeleteObjectsCustomResourceProvider Code",
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "45.0.0",
2
+ "version": "48.0.0",
3
3
  "files": {
4
4
  "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
5
5
  "displayName": "cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16 Template",
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "45.0.0",
2
+ "version": "48.0.0",
3
3
  "testCases": {
4
4
  "cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket/Integ/DefaultTest": {
5
5
  "stacks": [
@@ -9,5 +9,5 @@
9
9
  "assertionStackName": "cfts3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert03A82C16"
10
10
  }
11
11
  },
12
- "minimumCliVersion": "2.1020.2"
12
+ "minimumCliVersion": "2.1033.0"
13
13
  }
@@ -360,57 +360,48 @@
360
360
  "properties": {
361
361
  "module": "aws-cdk-lib",
362
362
  "flags": {
363
- "@aws-cdk/core:enableStackNameDuplicates": {
363
+ "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": {
364
364
  "recommendedValue": true,
365
- "explanation": "Allow multiple stacks with the same name"
366
- },
367
- "aws-cdk:enableDiffNoFail": {
368
- "recommendedValue": true,
369
- "explanation": "Make `cdk diff` not fail when there are differences"
365
+ "explanation": "Pass signingProfileName to CfnSigningProfile"
370
366
  },
371
367
  "@aws-cdk/core:newStyleStackSynthesis": {
372
368
  "recommendedValue": true,
373
- "explanation": "Switch to new stack synthesis method which enables CI/CD"
369
+ "explanation": "Switch to new stack synthesis method which enables CI/CD",
370
+ "unconfiguredBehavesLike": {
371
+ "v2": true
372
+ }
374
373
  },
375
374
  "@aws-cdk/core:stackRelativeExports": {
376
375
  "recommendedValue": true,
377
- "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path"
378
- },
379
- "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": {
380
- "recommendedValue": true,
381
- "explanation": "DockerImageAsset properly supports `.dockerignore` files by default"
382
- },
383
- "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": {
384
- "recommendedValue": true,
385
- "explanation": "Fix the referencing of SecretsManager names from ARNs"
386
- },
387
- "@aws-cdk/aws-kms:defaultKeyPolicies": {
388
- "recommendedValue": true,
389
- "explanation": "Tighten default KMS key policies"
390
- },
391
- "@aws-cdk/aws-s3:grantWriteWithoutAcl": {
392
- "recommendedValue": true,
393
- "explanation": "Remove `PutObjectAcl` from Bucket.grantWrite"
376
+ "explanation": "Name exports based on the construct paths relative to the stack, rather than the global construct path",
377
+ "unconfiguredBehavesLike": {
378
+ "v2": true
379
+ }
394
380
  },
395
- "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": {
381
+ "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": {
396
382
  "recommendedValue": true,
397
- "explanation": "Do not specify a default DesiredCount for ECS services"
383
+ "explanation": "Disable implicit openListener when custom security groups are provided"
398
384
  },
399
385
  "@aws-cdk/aws-rds:lowercaseDbIdentifier": {
400
386
  "recommendedValue": true,
401
- "explanation": "Force lowercasing of RDS Cluster names in CDK"
387
+ "explanation": "Force lowercasing of RDS Cluster names in CDK",
388
+ "unconfiguredBehavesLike": {
389
+ "v2": true
390
+ }
402
391
  },
403
392
  "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": {
404
393
  "recommendedValue": true,
405
- "explanation": "Allow adding/removing multiple UsagePlanKeys independently"
406
- },
407
- "@aws-cdk/aws-efs:defaultEncryptionAtRest": {
408
- "recommendedValue": true,
409
- "explanation": "Enable this feature flag to have elastic file systems encrypted at rest by default."
394
+ "explanation": "Allow adding/removing multiple UsagePlanKeys independently",
395
+ "unconfiguredBehavesLike": {
396
+ "v2": true
397
+ }
410
398
  },
411
399
  "@aws-cdk/aws-lambda:recognizeVersionProps": {
412
400
  "recommendedValue": true,
413
- "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`."
401
+ "explanation": "Enable this feature flag to opt in to the updated logical id calculation for Lambda Version created using the `fn.currentVersion`.",
402
+ "unconfiguredBehavesLike": {
403
+ "v2": true
404
+ }
414
405
  },
415
406
  "@aws-cdk/aws-lambda:recognizeLayerVersion": {
416
407
  "userValue": true,
@@ -419,7 +410,10 @@
419
410
  },
420
411
  "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": {
421
412
  "recommendedValue": true,
422
- "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default."
413
+ "explanation": "Enable this feature flag to have cloudfront distributions use the security policy TLSv1.2_2021 by default.",
414
+ "unconfiguredBehavesLike": {
415
+ "v2": true
416
+ }
423
417
  },
424
418
  "@aws-cdk/core:checkSecretUsage": {
425
419
  "userValue": true,
@@ -496,7 +490,7 @@
496
490
  "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": {
497
491
  "userValue": true,
498
492
  "recommendedValue": true,
499
- "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in."
493
+ "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in."
500
494
  },
501
495
  "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": {
502
496
  "userValue": true,
@@ -640,7 +634,10 @@
640
634
  },
641
635
  "@aws-cdk/pipelines:reduceAssetRoleTrustScope": {
642
636
  "recommendedValue": true,
643
- "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy"
637
+ "explanation": "Remove the root account principal from PipelineAssetsFileRole trust policy",
638
+ "unconfiguredBehavesLike": {
639
+ "v2": true
640
+ }
644
641
  },
645
642
  "@aws-cdk/aws-eks:nodegroupNameAttribute": {
646
643
  "userValue": true,
@@ -669,23 +666,16 @@
669
666
  },
670
667
  "@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask": {
671
668
  "recommendedValue": true,
672
- "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model."
669
+ "explanation": "When enabled, use new props for S3 URI field in task definition of state machine for bedrock invoke model.",
670
+ "unconfiguredBehavesLike": {
671
+ "v2": true
672
+ }
673
673
  },
674
674
  "@aws-cdk/core:explicitStackTags": {
675
675
  "userValue": true,
676
676
  "recommendedValue": true,
677
677
  "explanation": "When enabled, stack tags need to be assigned explicitly on a Stack."
678
678
  },
679
- "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": {
680
- "userValue": false,
681
- "recommendedValue": false,
682
- "explanation": "When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)**"
683
- },
684
- "@aws-cdk/aws-ecs:disableEcsImdsBlocking": {
685
- "userValue": true,
686
- "recommendedValue": true,
687
- "explanation": "When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)**"
688
- },
689
679
  "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": {
690
680
  "userValue": true,
691
681
  "recommendedValue": true,
@@ -733,7 +723,10 @@
733
723
  },
734
724
  "@aws-cdk/core:aspectStabilization": {
735
725
  "recommendedValue": true,
736
- "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis."
726
+ "explanation": "When enabled, a stabilization loop will be run when invoking Aspects during synthesis.",
727
+ "unconfiguredBehavesLike": {
728
+ "v2": true
729
+ }
737
730
  },
738
731
  "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": {
739
732
  "userValue": true,
@@ -767,7 +760,10 @@
767
760
  },
768
761
  "@aws-cdk/pipelines:reduceStageRoleTrustScope": {
769
762
  "recommendedValue": true,
770
- "explanation": "Remove the root account principal from Stage addActions trust policy"
763
+ "explanation": "Remove the root account principal from Stage addActions trust policy",
764
+ "unconfiguredBehavesLike": {
765
+ "v2": true
766
+ }
771
767
  },
772
768
  "@aws-cdk/aws-events:requireEventBusPolicySid": {
773
769
  "userValue": true,
@@ -790,7 +786,10 @@
790
786
  },
791
787
  "@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope": {
792
788
  "recommendedValue": true,
793
- "explanation": "When enabled, scopes down the trust policy for the cross-account action role"
789
+ "explanation": "When enabled, scopes down the trust policy for the cross-account action role",
790
+ "unconfiguredBehavesLike": {
791
+ "v2": true
792
+ }
794
793
  },
795
794
  "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": {
796
795
  "userValue": true,
@@ -820,6 +819,25 @@
820
819
  "userValue": true,
821
820
  "recommendedValue": true,
822
821
  "explanation": "When enabled, CDK creates and manages loggroup for the lambda function"
822
+ },
823
+ "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": {
824
+ "recommendedValue": true,
825
+ "explanation": "When enabled, Network Load Balancer will be created with a security group by default."
826
+ },
827
+ "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": {
828
+ "recommendedValue": true,
829
+ "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.",
830
+ "unconfiguredBehavesLike": {
831
+ "v2": true
832
+ }
833
+ },
834
+ "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": {
835
+ "recommendedValue": true,
836
+ "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement"
837
+ },
838
+ "@aws-cdk/aws-route53-patterns:useDistribution": {
839
+ "recommendedValue": true,
840
+ "explanation": "Use the `Distribution` resource instead of `CloudFrontWebDistribution`"
823
841
  }
824
842
  }
825
843
  }