@aws-solutions-constructs/aws-fargate-stepfunctions 2.50.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +13 -12
  6. package/test/integ.farstp-new-resources.js +6 -2
  7. package/test/integ.farstp-new-resources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  8. package/test/integ.farstp-new-resources.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  9. package/test/integ.farstp-new-resources.js.snapshot/cdk.out +1 -0
  10. package/test/integ.farstp-new-resources.js.snapshot/farstp-new-resources.assets.json +34 -0
  11. package/test/integ.farstp-new-resources.js.snapshot/farstp-new-resources.template.json +1361 -0
  12. package/test/integ.farstp-new-resources.js.snapshot/farstpnewresourcesIntegDefaultTestDeployAssert36B3414D.assets.json +19 -0
  13. package/test/integ.farstp-new-resources.js.snapshot/farstpnewresourcesIntegDefaultTestDeployAssert36B3414D.template.json +36 -0
  14. package/test/integ.farstp-new-resources.js.snapshot/integ.json +12 -0
  15. package/test/integ.farstp-new-resources.js.snapshot/manifest.json +407 -0
  16. package/test/integ.farstp-new-resources.js.snapshot/tree.json +1963 -0
  17. package/test/integ.farstp-no-cloudwatch-alarms.js +6 -2
  18. package/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  19. package/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  20. package/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/cdk.out +1 -0
  21. package/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstp-no-cloudwatch-alarms.assets.json +34 -0
  22. package/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstp-no-cloudwatch-alarms.template.json +1298 -0
  23. package/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstpnocloudwatchalarmsIntegDefaultTestDeployAssertC4578F22.assets.json +19 -0
  24. package/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/farstpnocloudwatchalarmsIntegDefaultTestDeployAssertC4578F22.template.json +36 -0
  25. package/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/integ.json +12 -0
  26. package/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/manifest.json +389 -0
  27. package/test/integ.farstp-no-cloudwatch-alarms.js.snapshot/tree.json +1846 -0
  28. package/test/integ.farstp-new-resources.expected.json +0 -1398
  29. package/test/integ.farstp-no-cloudwatch-alarms.expected.json +0 -1335
@@ -0,0 +1,1298 @@
1
+ {
2
+ "Description": "Integration Test with existing VPC and Service and a new state machine with no CloudWatch alarms",
3
+ "Resources": {
4
+ "Vpc8378EB38": {
5
+ "Type": "AWS::EC2::VPC",
6
+ "Properties": {
7
+ "CidrBlock": "172.168.0.0/16",
8
+ "EnableDnsHostnames": true,
9
+ "EnableDnsSupport": true,
10
+ "InstanceTenancy": "default",
11
+ "Tags": [
12
+ {
13
+ "Key": "Name",
14
+ "Value": "farstp-no-cloudwatch-alarms/Vpc"
15
+ }
16
+ ]
17
+ }
18
+ },
19
+ "VpcPublicSubnet1Subnet5C2D37C4": {
20
+ "Type": "AWS::EC2::Subnet",
21
+ "Properties": {
22
+ "AvailabilityZone": {
23
+ "Fn::Select": [
24
+ 0,
25
+ {
26
+ "Fn::GetAZs": ""
27
+ }
28
+ ]
29
+ },
30
+ "CidrBlock": "172.168.0.0/18",
31
+ "MapPublicIpOnLaunch": true,
32
+ "Tags": [
33
+ {
34
+ "Key": "aws-cdk:subnet-name",
35
+ "Value": "Public"
36
+ },
37
+ {
38
+ "Key": "aws-cdk:subnet-type",
39
+ "Value": "Public"
40
+ },
41
+ {
42
+ "Key": "Name",
43
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PublicSubnet1"
44
+ }
45
+ ],
46
+ "VpcId": {
47
+ "Ref": "Vpc8378EB38"
48
+ }
49
+ },
50
+ "Metadata": {
51
+ "cfn_nag": {
52
+ "rules_to_suppress": [
53
+ {
54
+ "id": "W33",
55
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
56
+ }
57
+ ]
58
+ }
59
+ }
60
+ },
61
+ "VpcPublicSubnet1RouteTable6C95E38E": {
62
+ "Type": "AWS::EC2::RouteTable",
63
+ "Properties": {
64
+ "Tags": [
65
+ {
66
+ "Key": "Name",
67
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PublicSubnet1"
68
+ }
69
+ ],
70
+ "VpcId": {
71
+ "Ref": "Vpc8378EB38"
72
+ }
73
+ }
74
+ },
75
+ "VpcPublicSubnet1RouteTableAssociation97140677": {
76
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
77
+ "Properties": {
78
+ "RouteTableId": {
79
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
80
+ },
81
+ "SubnetId": {
82
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
83
+ }
84
+ }
85
+ },
86
+ "VpcPublicSubnet1DefaultRoute3DA9E72A": {
87
+ "Type": "AWS::EC2::Route",
88
+ "Properties": {
89
+ "DestinationCidrBlock": "0.0.0.0/0",
90
+ "GatewayId": {
91
+ "Ref": "VpcIGWD7BA715C"
92
+ },
93
+ "RouteTableId": {
94
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
95
+ }
96
+ },
97
+ "DependsOn": [
98
+ "VpcVPCGWBF912B6E"
99
+ ]
100
+ },
101
+ "VpcPublicSubnet1EIPD7E02669": {
102
+ "Type": "AWS::EC2::EIP",
103
+ "Properties": {
104
+ "Domain": "vpc",
105
+ "Tags": [
106
+ {
107
+ "Key": "Name",
108
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PublicSubnet1"
109
+ }
110
+ ]
111
+ }
112
+ },
113
+ "VpcPublicSubnet1NATGateway4D7517AA": {
114
+ "Type": "AWS::EC2::NatGateway",
115
+ "Properties": {
116
+ "AllocationId": {
117
+ "Fn::GetAtt": [
118
+ "VpcPublicSubnet1EIPD7E02669",
119
+ "AllocationId"
120
+ ]
121
+ },
122
+ "SubnetId": {
123
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
124
+ },
125
+ "Tags": [
126
+ {
127
+ "Key": "Name",
128
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PublicSubnet1"
129
+ }
130
+ ]
131
+ },
132
+ "DependsOn": [
133
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
134
+ "VpcPublicSubnet1RouteTableAssociation97140677"
135
+ ]
136
+ },
137
+ "VpcPublicSubnet2Subnet691E08A3": {
138
+ "Type": "AWS::EC2::Subnet",
139
+ "Properties": {
140
+ "AvailabilityZone": {
141
+ "Fn::Select": [
142
+ 1,
143
+ {
144
+ "Fn::GetAZs": ""
145
+ }
146
+ ]
147
+ },
148
+ "CidrBlock": "172.168.64.0/18",
149
+ "MapPublicIpOnLaunch": true,
150
+ "Tags": [
151
+ {
152
+ "Key": "aws-cdk:subnet-name",
153
+ "Value": "Public"
154
+ },
155
+ {
156
+ "Key": "aws-cdk:subnet-type",
157
+ "Value": "Public"
158
+ },
159
+ {
160
+ "Key": "Name",
161
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PublicSubnet2"
162
+ }
163
+ ],
164
+ "VpcId": {
165
+ "Ref": "Vpc8378EB38"
166
+ }
167
+ },
168
+ "Metadata": {
169
+ "cfn_nag": {
170
+ "rules_to_suppress": [
171
+ {
172
+ "id": "W33",
173
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
174
+ }
175
+ ]
176
+ }
177
+ }
178
+ },
179
+ "VpcPublicSubnet2RouteTable94F7E489": {
180
+ "Type": "AWS::EC2::RouteTable",
181
+ "Properties": {
182
+ "Tags": [
183
+ {
184
+ "Key": "Name",
185
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PublicSubnet2"
186
+ }
187
+ ],
188
+ "VpcId": {
189
+ "Ref": "Vpc8378EB38"
190
+ }
191
+ }
192
+ },
193
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
194
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
195
+ "Properties": {
196
+ "RouteTableId": {
197
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
198
+ },
199
+ "SubnetId": {
200
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
201
+ }
202
+ }
203
+ },
204
+ "VpcPublicSubnet2DefaultRoute97F91067": {
205
+ "Type": "AWS::EC2::Route",
206
+ "Properties": {
207
+ "DestinationCidrBlock": "0.0.0.0/0",
208
+ "GatewayId": {
209
+ "Ref": "VpcIGWD7BA715C"
210
+ },
211
+ "RouteTableId": {
212
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
213
+ }
214
+ },
215
+ "DependsOn": [
216
+ "VpcVPCGWBF912B6E"
217
+ ]
218
+ },
219
+ "VpcPublicSubnet2EIP3C605A87": {
220
+ "Type": "AWS::EC2::EIP",
221
+ "Properties": {
222
+ "Domain": "vpc",
223
+ "Tags": [
224
+ {
225
+ "Key": "Name",
226
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PublicSubnet2"
227
+ }
228
+ ]
229
+ }
230
+ },
231
+ "VpcPublicSubnet2NATGateway9182C01D": {
232
+ "Type": "AWS::EC2::NatGateway",
233
+ "Properties": {
234
+ "AllocationId": {
235
+ "Fn::GetAtt": [
236
+ "VpcPublicSubnet2EIP3C605A87",
237
+ "AllocationId"
238
+ ]
239
+ },
240
+ "SubnetId": {
241
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
242
+ },
243
+ "Tags": [
244
+ {
245
+ "Key": "Name",
246
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PublicSubnet2"
247
+ }
248
+ ]
249
+ },
250
+ "DependsOn": [
251
+ "VpcPublicSubnet2DefaultRoute97F91067",
252
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8"
253
+ ]
254
+ },
255
+ "VpcPrivateSubnet1Subnet536B997A": {
256
+ "Type": "AWS::EC2::Subnet",
257
+ "Properties": {
258
+ "AvailabilityZone": {
259
+ "Fn::Select": [
260
+ 0,
261
+ {
262
+ "Fn::GetAZs": ""
263
+ }
264
+ ]
265
+ },
266
+ "CidrBlock": "172.168.128.0/18",
267
+ "MapPublicIpOnLaunch": false,
268
+ "Tags": [
269
+ {
270
+ "Key": "aws-cdk:subnet-name",
271
+ "Value": "Private"
272
+ },
273
+ {
274
+ "Key": "aws-cdk:subnet-type",
275
+ "Value": "Private"
276
+ },
277
+ {
278
+ "Key": "Name",
279
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PrivateSubnet1"
280
+ }
281
+ ],
282
+ "VpcId": {
283
+ "Ref": "Vpc8378EB38"
284
+ }
285
+ }
286
+ },
287
+ "VpcPrivateSubnet1RouteTableB2C5B500": {
288
+ "Type": "AWS::EC2::RouteTable",
289
+ "Properties": {
290
+ "Tags": [
291
+ {
292
+ "Key": "Name",
293
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PrivateSubnet1"
294
+ }
295
+ ],
296
+ "VpcId": {
297
+ "Ref": "Vpc8378EB38"
298
+ }
299
+ }
300
+ },
301
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
302
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
303
+ "Properties": {
304
+ "RouteTableId": {
305
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
306
+ },
307
+ "SubnetId": {
308
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
309
+ }
310
+ }
311
+ },
312
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
313
+ "Type": "AWS::EC2::Route",
314
+ "Properties": {
315
+ "DestinationCidrBlock": "0.0.0.0/0",
316
+ "NatGatewayId": {
317
+ "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
318
+ },
319
+ "RouteTableId": {
320
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
321
+ }
322
+ }
323
+ },
324
+ "VpcPrivateSubnet2Subnet3788AAA1": {
325
+ "Type": "AWS::EC2::Subnet",
326
+ "Properties": {
327
+ "AvailabilityZone": {
328
+ "Fn::Select": [
329
+ 1,
330
+ {
331
+ "Fn::GetAZs": ""
332
+ }
333
+ ]
334
+ },
335
+ "CidrBlock": "172.168.192.0/18",
336
+ "MapPublicIpOnLaunch": false,
337
+ "Tags": [
338
+ {
339
+ "Key": "aws-cdk:subnet-name",
340
+ "Value": "Private"
341
+ },
342
+ {
343
+ "Key": "aws-cdk:subnet-type",
344
+ "Value": "Private"
345
+ },
346
+ {
347
+ "Key": "Name",
348
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PrivateSubnet2"
349
+ }
350
+ ],
351
+ "VpcId": {
352
+ "Ref": "Vpc8378EB38"
353
+ }
354
+ }
355
+ },
356
+ "VpcPrivateSubnet2RouteTableA678073B": {
357
+ "Type": "AWS::EC2::RouteTable",
358
+ "Properties": {
359
+ "Tags": [
360
+ {
361
+ "Key": "Name",
362
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/PrivateSubnet2"
363
+ }
364
+ ],
365
+ "VpcId": {
366
+ "Ref": "Vpc8378EB38"
367
+ }
368
+ }
369
+ },
370
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
371
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
372
+ "Properties": {
373
+ "RouteTableId": {
374
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
375
+ },
376
+ "SubnetId": {
377
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
378
+ }
379
+ }
380
+ },
381
+ "VpcPrivateSubnet2DefaultRoute060D2087": {
382
+ "Type": "AWS::EC2::Route",
383
+ "Properties": {
384
+ "DestinationCidrBlock": "0.0.0.0/0",
385
+ "NatGatewayId": {
386
+ "Ref": "VpcPublicSubnet2NATGateway9182C01D"
387
+ },
388
+ "RouteTableId": {
389
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
390
+ }
391
+ }
392
+ },
393
+ "VpcIGWD7BA715C": {
394
+ "Type": "AWS::EC2::InternetGateway",
395
+ "Properties": {
396
+ "Tags": [
397
+ {
398
+ "Key": "Name",
399
+ "Value": "farstp-no-cloudwatch-alarms/Vpc"
400
+ }
401
+ ]
402
+ }
403
+ },
404
+ "VpcVPCGWBF912B6E": {
405
+ "Type": "AWS::EC2::VPCGatewayAttachment",
406
+ "Properties": {
407
+ "InternetGatewayId": {
408
+ "Ref": "VpcIGWD7BA715C"
409
+ },
410
+ "VpcId": {
411
+ "Ref": "Vpc8378EB38"
412
+ }
413
+ }
414
+ },
415
+ "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": {
416
+ "Type": "Custom::VpcRestrictDefaultSG",
417
+ "Properties": {
418
+ "ServiceToken": {
419
+ "Fn::GetAtt": [
420
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
421
+ "Arn"
422
+ ]
423
+ },
424
+ "DefaultSecurityGroupId": {
425
+ "Fn::GetAtt": [
426
+ "Vpc8378EB38",
427
+ "DefaultSecurityGroup"
428
+ ]
429
+ },
430
+ "Account": {
431
+ "Ref": "AWS::AccountId"
432
+ }
433
+ },
434
+ "UpdateReplacePolicy": "Delete",
435
+ "DeletionPolicy": "Delete"
436
+ },
437
+ "VpcFlowLogIAMRole6A475D41": {
438
+ "Type": "AWS::IAM::Role",
439
+ "Properties": {
440
+ "AssumeRolePolicyDocument": {
441
+ "Statement": [
442
+ {
443
+ "Action": "sts:AssumeRole",
444
+ "Effect": "Allow",
445
+ "Principal": {
446
+ "Service": "vpc-flow-logs.amazonaws.com"
447
+ }
448
+ }
449
+ ],
450
+ "Version": "2012-10-17"
451
+ },
452
+ "Tags": [
453
+ {
454
+ "Key": "Name",
455
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/FlowLog"
456
+ }
457
+ ]
458
+ }
459
+ },
460
+ "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
461
+ "Type": "AWS::IAM::Policy",
462
+ "Properties": {
463
+ "PolicyDocument": {
464
+ "Statement": [
465
+ {
466
+ "Action": [
467
+ "logs:CreateLogStream",
468
+ "logs:DescribeLogStreams",
469
+ "logs:PutLogEvents"
470
+ ],
471
+ "Effect": "Allow",
472
+ "Resource": {
473
+ "Fn::GetAtt": [
474
+ "VpcFlowLogLogGroup7B5C56B9",
475
+ "Arn"
476
+ ]
477
+ }
478
+ },
479
+ {
480
+ "Action": "iam:PassRole",
481
+ "Effect": "Allow",
482
+ "Resource": {
483
+ "Fn::GetAtt": [
484
+ "VpcFlowLogIAMRole6A475D41",
485
+ "Arn"
486
+ ]
487
+ }
488
+ }
489
+ ],
490
+ "Version": "2012-10-17"
491
+ },
492
+ "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
493
+ "Roles": [
494
+ {
495
+ "Ref": "VpcFlowLogIAMRole6A475D41"
496
+ }
497
+ ]
498
+ }
499
+ },
500
+ "VpcFlowLogLogGroup7B5C56B9": {
501
+ "Type": "AWS::Logs::LogGroup",
502
+ "Properties": {
503
+ "RetentionInDays": 731,
504
+ "Tags": [
505
+ {
506
+ "Key": "Name",
507
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/FlowLog"
508
+ }
509
+ ]
510
+ },
511
+ "UpdateReplacePolicy": "Retain",
512
+ "DeletionPolicy": "Retain",
513
+ "Metadata": {
514
+ "cfn_nag": {
515
+ "rules_to_suppress": [
516
+ {
517
+ "id": "W84",
518
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
519
+ }
520
+ ]
521
+ }
522
+ }
523
+ },
524
+ "VpcFlowLog8FF33A73": {
525
+ "Type": "AWS::EC2::FlowLog",
526
+ "Properties": {
527
+ "DeliverLogsPermissionArn": {
528
+ "Fn::GetAtt": [
529
+ "VpcFlowLogIAMRole6A475D41",
530
+ "Arn"
531
+ ]
532
+ },
533
+ "LogDestinationType": "cloud-watch-logs",
534
+ "LogGroupName": {
535
+ "Ref": "VpcFlowLogLogGroup7B5C56B9"
536
+ },
537
+ "ResourceId": {
538
+ "Ref": "Vpc8378EB38"
539
+ },
540
+ "ResourceType": "VPC",
541
+ "Tags": [
542
+ {
543
+ "Key": "Name",
544
+ "Value": "farstp-no-cloudwatch-alarms/Vpc/FlowLog"
545
+ }
546
+ ],
547
+ "TrafficType": "ALL"
548
+ }
549
+ },
550
+ "VpcECRAPI9A3B6A2B": {
551
+ "Type": "AWS::EC2::VPCEndpoint",
552
+ "Properties": {
553
+ "PrivateDnsEnabled": true,
554
+ "SecurityGroupIds": [
555
+ {
556
+ "Fn::GetAtt": [
557
+ "farstpnocloudwatchalarmsECRAPIsecuritygroup82DA60D3",
558
+ "GroupId"
559
+ ]
560
+ }
561
+ ],
562
+ "ServiceName": "com.amazonaws.us-east-1.ecr.api",
563
+ "SubnetIds": [
564
+ {
565
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
566
+ },
567
+ {
568
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
569
+ }
570
+ ],
571
+ "VpcEndpointType": "Interface",
572
+ "VpcId": {
573
+ "Ref": "Vpc8378EB38"
574
+ }
575
+ }
576
+ },
577
+ "VpcECRDKR604E039F": {
578
+ "Type": "AWS::EC2::VPCEndpoint",
579
+ "Properties": {
580
+ "PrivateDnsEnabled": true,
581
+ "SecurityGroupIds": [
582
+ {
583
+ "Fn::GetAtt": [
584
+ "farstpnocloudwatchalarmsECRDKRsecuritygroup230C35AF",
585
+ "GroupId"
586
+ ]
587
+ }
588
+ ],
589
+ "ServiceName": "com.amazonaws.us-east-1.ecr.dkr",
590
+ "SubnetIds": [
591
+ {
592
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
593
+ },
594
+ {
595
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
596
+ }
597
+ ],
598
+ "VpcEndpointType": "Interface",
599
+ "VpcId": {
600
+ "Ref": "Vpc8378EB38"
601
+ }
602
+ }
603
+ },
604
+ "VpcS3A5408339": {
605
+ "Type": "AWS::EC2::VPCEndpoint",
606
+ "Properties": {
607
+ "RouteTableIds": [
608
+ {
609
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
610
+ },
611
+ {
612
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
613
+ },
614
+ {
615
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
616
+ },
617
+ {
618
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
619
+ }
620
+ ],
621
+ "ServiceName": {
622
+ "Fn::Join": [
623
+ "",
624
+ [
625
+ "com.amazonaws.",
626
+ {
627
+ "Ref": "AWS::Region"
628
+ },
629
+ ".s3"
630
+ ]
631
+ ]
632
+ },
633
+ "VpcEndpointType": "Gateway",
634
+ "VpcId": {
635
+ "Ref": "Vpc8378EB38"
636
+ }
637
+ }
638
+ },
639
+ "VpcSTEPFUNCTIONS550F8CB6": {
640
+ "Type": "AWS::EC2::VPCEndpoint",
641
+ "Properties": {
642
+ "PrivateDnsEnabled": true,
643
+ "SecurityGroupIds": [
644
+ {
645
+ "Fn::GetAtt": [
646
+ "farstpnocloudwatchalarmsSTEPFUNCTIONSsecuritygroup08C40421",
647
+ "GroupId"
648
+ ]
649
+ }
650
+ ],
651
+ "ServiceName": "com.amazonaws.us-east-1.states",
652
+ "SubnetIds": [
653
+ {
654
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
655
+ },
656
+ {
657
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
658
+ }
659
+ ],
660
+ "VpcEndpointType": "Interface",
661
+ "VpcId": {
662
+ "Ref": "Vpc8378EB38"
663
+ }
664
+ }
665
+ },
666
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
667
+ "Type": "AWS::IAM::Role",
668
+ "Properties": {
669
+ "AssumeRolePolicyDocument": {
670
+ "Version": "2012-10-17",
671
+ "Statement": [
672
+ {
673
+ "Action": "sts:AssumeRole",
674
+ "Effect": "Allow",
675
+ "Principal": {
676
+ "Service": "lambda.amazonaws.com"
677
+ }
678
+ }
679
+ ]
680
+ },
681
+ "ManagedPolicyArns": [
682
+ {
683
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
684
+ }
685
+ ],
686
+ "Policies": [
687
+ {
688
+ "PolicyName": "Inline",
689
+ "PolicyDocument": {
690
+ "Version": "2012-10-17",
691
+ "Statement": [
692
+ {
693
+ "Effect": "Allow",
694
+ "Action": [
695
+ "ec2:AuthorizeSecurityGroupIngress",
696
+ "ec2:AuthorizeSecurityGroupEgress",
697
+ "ec2:RevokeSecurityGroupIngress",
698
+ "ec2:RevokeSecurityGroupEgress"
699
+ ],
700
+ "Resource": [
701
+ {
702
+ "Fn::Join": [
703
+ "",
704
+ [
705
+ "arn:aws:ec2:us-east-1:",
706
+ {
707
+ "Ref": "AWS::AccountId"
708
+ },
709
+ ":security-group/",
710
+ {
711
+ "Fn::GetAtt": [
712
+ "Vpc8378EB38",
713
+ "DefaultSecurityGroup"
714
+ ]
715
+ }
716
+ ]
717
+ ]
718
+ }
719
+ ]
720
+ }
721
+ ]
722
+ }
723
+ }
724
+ ]
725
+ }
726
+ },
727
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
728
+ "Type": "AWS::Lambda::Function",
729
+ "Properties": {
730
+ "Code": {
731
+ "S3Bucket": {
732
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
733
+ },
734
+ "S3Key": "dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e.zip"
735
+ },
736
+ "Timeout": 900,
737
+ "MemorySize": 128,
738
+ "Handler": "__entrypoint__.handler",
739
+ "Role": {
740
+ "Fn::GetAtt": [
741
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
742
+ "Arn"
743
+ ]
744
+ },
745
+ "Runtime": "nodejs18.x",
746
+ "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
747
+ },
748
+ "DependsOn": [
749
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
750
+ ],
751
+ "Metadata": {
752
+ "cfn_nag": {
753
+ "rules_to_suppress": [
754
+ {
755
+ "id": "W58",
756
+ "reason": "CDK generated custom resource"
757
+ },
758
+ {
759
+ "id": "W89",
760
+ "reason": "CDK generated custom resource"
761
+ },
762
+ {
763
+ "id": "W92",
764
+ "reason": "CDK generated custom resource"
765
+ }
766
+ ]
767
+ }
768
+ }
769
+ },
770
+ "farstpnocloudwatchalarmsECRAPIsecuritygroup82DA60D3": {
771
+ "Type": "AWS::EC2::SecurityGroup",
772
+ "Properties": {
773
+ "GroupDescription": "farstp-no-cloudwatch-alarms/farstp-no-cloudwatch-alarms-ECR_API-security-group",
774
+ "SecurityGroupEgress": [
775
+ {
776
+ "CidrIp": "0.0.0.0/0",
777
+ "Description": "Allow all outbound traffic by default",
778
+ "IpProtocol": "-1"
779
+ }
780
+ ],
781
+ "SecurityGroupIngress": [
782
+ {
783
+ "CidrIp": {
784
+ "Fn::GetAtt": [
785
+ "Vpc8378EB38",
786
+ "CidrBlock"
787
+ ]
788
+ },
789
+ "Description": {
790
+ "Fn::Join": [
791
+ "",
792
+ [
793
+ "from ",
794
+ {
795
+ "Fn::GetAtt": [
796
+ "Vpc8378EB38",
797
+ "CidrBlock"
798
+ ]
799
+ },
800
+ ":443"
801
+ ]
802
+ ]
803
+ },
804
+ "FromPort": 443,
805
+ "IpProtocol": "tcp",
806
+ "ToPort": 443
807
+ }
808
+ ],
809
+ "VpcId": {
810
+ "Ref": "Vpc8378EB38"
811
+ }
812
+ },
813
+ "Metadata": {
814
+ "cfn_nag": {
815
+ "rules_to_suppress": [
816
+ {
817
+ "id": "W5",
818
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
819
+ },
820
+ {
821
+ "id": "W40",
822
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
823
+ }
824
+ ]
825
+ }
826
+ }
827
+ },
828
+ "farstpnocloudwatchalarmsECRDKRsecuritygroup230C35AF": {
829
+ "Type": "AWS::EC2::SecurityGroup",
830
+ "Properties": {
831
+ "GroupDescription": "farstp-no-cloudwatch-alarms/farstp-no-cloudwatch-alarms-ECR_DKR-security-group",
832
+ "SecurityGroupEgress": [
833
+ {
834
+ "CidrIp": "0.0.0.0/0",
835
+ "Description": "Allow all outbound traffic by default",
836
+ "IpProtocol": "-1"
837
+ }
838
+ ],
839
+ "SecurityGroupIngress": [
840
+ {
841
+ "CidrIp": {
842
+ "Fn::GetAtt": [
843
+ "Vpc8378EB38",
844
+ "CidrBlock"
845
+ ]
846
+ },
847
+ "Description": {
848
+ "Fn::Join": [
849
+ "",
850
+ [
851
+ "from ",
852
+ {
853
+ "Fn::GetAtt": [
854
+ "Vpc8378EB38",
855
+ "CidrBlock"
856
+ ]
857
+ },
858
+ ":443"
859
+ ]
860
+ ]
861
+ },
862
+ "FromPort": 443,
863
+ "IpProtocol": "tcp",
864
+ "ToPort": 443
865
+ }
866
+ ],
867
+ "VpcId": {
868
+ "Ref": "Vpc8378EB38"
869
+ }
870
+ },
871
+ "Metadata": {
872
+ "cfn_nag": {
873
+ "rules_to_suppress": [
874
+ {
875
+ "id": "W5",
876
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
877
+ },
878
+ {
879
+ "id": "W40",
880
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
881
+ }
882
+ ]
883
+ }
884
+ }
885
+ },
886
+ "testclusterDF8B0D19": {
887
+ "Type": "AWS::ECS::Cluster"
888
+ },
889
+ "testtaskdefTaskRoleB2DEF113": {
890
+ "Type": "AWS::IAM::Role",
891
+ "Properties": {
892
+ "AssumeRolePolicyDocument": {
893
+ "Statement": [
894
+ {
895
+ "Action": "sts:AssumeRole",
896
+ "Effect": "Allow",
897
+ "Principal": {
898
+ "Service": "ecs-tasks.amazonaws.com"
899
+ }
900
+ }
901
+ ],
902
+ "Version": "2012-10-17"
903
+ }
904
+ }
905
+ },
906
+ "testtaskdefTaskRoleDefaultPolicy5D591D1C": {
907
+ "Type": "AWS::IAM::Policy",
908
+ "Properties": {
909
+ "PolicyDocument": {
910
+ "Statement": [
911
+ {
912
+ "Action": "states:StartExecution",
913
+ "Effect": "Allow",
914
+ "Resource": {
915
+ "Ref": "testconstructStateMachine3333AAA9"
916
+ }
917
+ }
918
+ ],
919
+ "Version": "2012-10-17"
920
+ },
921
+ "PolicyName": "testtaskdefTaskRoleDefaultPolicy5D591D1C",
922
+ "Roles": [
923
+ {
924
+ "Ref": "testtaskdefTaskRoleB2DEF113"
925
+ }
926
+ ]
927
+ }
928
+ },
929
+ "testtaskdefF924AD58": {
930
+ "Type": "AWS::ECS::TaskDefinition",
931
+ "Properties": {
932
+ "ContainerDefinitions": [
933
+ {
934
+ "Environment": [
935
+ {
936
+ "Name": "STATE_MACHINE_ARN",
937
+ "Value": {
938
+ "Ref": "testconstructStateMachine3333AAA9"
939
+ }
940
+ }
941
+ ],
942
+ "Essential": true,
943
+ "Image": "nginx",
944
+ "MemoryReservation": 512,
945
+ "Name": "test-container",
946
+ "PortMappings": [
947
+ {
948
+ "ContainerPort": 8080,
949
+ "Protocol": "tcp"
950
+ }
951
+ ]
952
+ }
953
+ ],
954
+ "Cpu": "256",
955
+ "Family": "farstpnocloudwatchalarmstesttaskdef4B93DE32",
956
+ "Memory": "512",
957
+ "NetworkMode": "awsvpc",
958
+ "RequiresCompatibilities": [
959
+ "FARGATE"
960
+ ],
961
+ "TaskRoleArn": {
962
+ "Fn::GetAtt": [
963
+ "testtaskdefTaskRoleB2DEF113",
964
+ "Arn"
965
+ ]
966
+ }
967
+ }
968
+ },
969
+ "testsg872EB48A": {
970
+ "Type": "AWS::EC2::SecurityGroup",
971
+ "Properties": {
972
+ "GroupDescription": "Construct created security group",
973
+ "SecurityGroupEgress": [
974
+ {
975
+ "CidrIp": "0.0.0.0/0",
976
+ "Description": "Allow all outbound traffic by default",
977
+ "IpProtocol": "-1"
978
+ }
979
+ ],
980
+ "VpcId": {
981
+ "Ref": "Vpc8378EB38"
982
+ }
983
+ },
984
+ "Metadata": {
985
+ "cfn_nag": {
986
+ "rules_to_suppress": [
987
+ {
988
+ "id": "W5",
989
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
990
+ },
991
+ {
992
+ "id": "W40",
993
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
994
+ }
995
+ ]
996
+ }
997
+ }
998
+ },
999
+ "testserviceService2730C249": {
1000
+ "Type": "AWS::ECS::Service",
1001
+ "Properties": {
1002
+ "Cluster": {
1003
+ "Ref": "testclusterDF8B0D19"
1004
+ },
1005
+ "DeploymentConfiguration": {
1006
+ "Alarms": {
1007
+ "AlarmNames": [],
1008
+ "Enable": false,
1009
+ "Rollback": false
1010
+ },
1011
+ "MaximumPercent": 150,
1012
+ "MinimumHealthyPercent": 75
1013
+ },
1014
+ "DesiredCount": 2,
1015
+ "EnableECSManagedTags": false,
1016
+ "LaunchType": "FARGATE",
1017
+ "NetworkConfiguration": {
1018
+ "AwsvpcConfiguration": {
1019
+ "AssignPublicIp": "DISABLED",
1020
+ "SecurityGroups": [
1021
+ {
1022
+ "Fn::GetAtt": [
1023
+ "testsg872EB48A",
1024
+ "GroupId"
1025
+ ]
1026
+ }
1027
+ ],
1028
+ "Subnets": [
1029
+ {
1030
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
1031
+ },
1032
+ {
1033
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
1034
+ }
1035
+ ]
1036
+ }
1037
+ },
1038
+ "PlatformVersion": "LATEST",
1039
+ "TaskDefinition": {
1040
+ "Ref": "testtaskdefF924AD58"
1041
+ }
1042
+ },
1043
+ "DependsOn": [
1044
+ "testtaskdefTaskRoleDefaultPolicy5D591D1C",
1045
+ "testtaskdefTaskRoleB2DEF113"
1046
+ ]
1047
+ },
1048
+ "testconstructStateMachineLogGroup2EB4F48B": {
1049
+ "Type": "AWS::Logs::LogGroup",
1050
+ "Properties": {
1051
+ "LogGroupName": {
1052
+ "Fn::Join": [
1053
+ "",
1054
+ [
1055
+ "/aws/vendedlogs/states/constructs/farstp-no-cloudwatch-alarmstest-constructStateMachineLog-",
1056
+ {
1057
+ "Fn::Select": [
1058
+ 2,
1059
+ {
1060
+ "Fn::Split": [
1061
+ "/",
1062
+ {
1063
+ "Ref": "AWS::StackId"
1064
+ }
1065
+ ]
1066
+ }
1067
+ ]
1068
+ }
1069
+ ]
1070
+ ]
1071
+ }
1072
+ },
1073
+ "UpdateReplacePolicy": "Delete",
1074
+ "DeletionPolicy": "Delete",
1075
+ "Metadata": {
1076
+ "cfn_nag": {
1077
+ "rules_to_suppress": [
1078
+ {
1079
+ "id": "W86",
1080
+ "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely"
1081
+ },
1082
+ {
1083
+ "id": "W84",
1084
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
1085
+ }
1086
+ ]
1087
+ }
1088
+ }
1089
+ },
1090
+ "testconstructStateMachineRoleA396E5D3": {
1091
+ "Type": "AWS::IAM::Role",
1092
+ "Properties": {
1093
+ "AssumeRolePolicyDocument": {
1094
+ "Statement": [
1095
+ {
1096
+ "Action": "sts:AssumeRole",
1097
+ "Effect": "Allow",
1098
+ "Principal": {
1099
+ "Service": "states.amazonaws.com"
1100
+ }
1101
+ }
1102
+ ],
1103
+ "Version": "2012-10-17"
1104
+ }
1105
+ }
1106
+ },
1107
+ "testconstructStateMachineRoleDefaultPolicyF10A684E": {
1108
+ "Type": "AWS::IAM::Policy",
1109
+ "Properties": {
1110
+ "PolicyDocument": {
1111
+ "Statement": [
1112
+ {
1113
+ "Action": [
1114
+ "logs:CreateLogDelivery",
1115
+ "logs:GetLogDelivery",
1116
+ "logs:UpdateLogDelivery",
1117
+ "logs:DeleteLogDelivery",
1118
+ "logs:ListLogDeliveries"
1119
+ ],
1120
+ "Effect": "Allow",
1121
+ "Resource": "*"
1122
+ },
1123
+ {
1124
+ "Action": [
1125
+ "logs:DescribeLogGroups",
1126
+ "logs:DescribeResourcePolicies",
1127
+ "logs:PutResourcePolicy"
1128
+ ],
1129
+ "Effect": "Allow",
1130
+ "Resource": {
1131
+ "Fn::Join": [
1132
+ "",
1133
+ [
1134
+ "arn:",
1135
+ {
1136
+ "Ref": "AWS::Partition"
1137
+ },
1138
+ ":logs:",
1139
+ {
1140
+ "Ref": "AWS::Region"
1141
+ },
1142
+ ":",
1143
+ {
1144
+ "Ref": "AWS::AccountId"
1145
+ },
1146
+ ":*"
1147
+ ]
1148
+ ]
1149
+ }
1150
+ }
1151
+ ],
1152
+ "Version": "2012-10-17"
1153
+ },
1154
+ "PolicyName": "testconstructStateMachineRoleDefaultPolicyF10A684E",
1155
+ "Roles": [
1156
+ {
1157
+ "Ref": "testconstructStateMachineRoleA396E5D3"
1158
+ }
1159
+ ]
1160
+ },
1161
+ "Metadata": {
1162
+ "cfn_nag": {
1163
+ "rules_to_suppress": [
1164
+ {
1165
+ "id": "W12",
1166
+ "reason": "The 'LogDelivery' actions do not support resource-level authorizations"
1167
+ }
1168
+ ]
1169
+ }
1170
+ }
1171
+ },
1172
+ "testconstructStateMachine3333AAA9": {
1173
+ "Type": "AWS::StepFunctions::StateMachine",
1174
+ "Properties": {
1175
+ "DefinitionString": "{\"StartAt\":\"StartState\",\"States\":{\"StartState\":{\"Type\":\"Pass\",\"End\":true}}}",
1176
+ "LoggingConfiguration": {
1177
+ "Destinations": [
1178
+ {
1179
+ "CloudWatchLogsLogGroup": {
1180
+ "LogGroupArn": {
1181
+ "Fn::GetAtt": [
1182
+ "testconstructStateMachineLogGroup2EB4F48B",
1183
+ "Arn"
1184
+ ]
1185
+ }
1186
+ }
1187
+ }
1188
+ ],
1189
+ "Level": "ERROR"
1190
+ },
1191
+ "RoleArn": {
1192
+ "Fn::GetAtt": [
1193
+ "testconstructStateMachineRoleA396E5D3",
1194
+ "Arn"
1195
+ ]
1196
+ }
1197
+ },
1198
+ "DependsOn": [
1199
+ "testconstructStateMachineRoleDefaultPolicyF10A684E",
1200
+ "testconstructStateMachineRoleA396E5D3"
1201
+ ],
1202
+ "UpdateReplacePolicy": "Delete",
1203
+ "DeletionPolicy": "Delete"
1204
+ },
1205
+ "farstpnocloudwatchalarmsSTEPFUNCTIONSsecuritygroup08C40421": {
1206
+ "Type": "AWS::EC2::SecurityGroup",
1207
+ "Properties": {
1208
+ "GroupDescription": "farstp-no-cloudwatch-alarms/farstp-no-cloudwatch-alarms-STEP_FUNCTIONS-security-group",
1209
+ "SecurityGroupEgress": [
1210
+ {
1211
+ "CidrIp": "0.0.0.0/0",
1212
+ "Description": "Allow all outbound traffic by default",
1213
+ "IpProtocol": "-1"
1214
+ }
1215
+ ],
1216
+ "SecurityGroupIngress": [
1217
+ {
1218
+ "CidrIp": {
1219
+ "Fn::GetAtt": [
1220
+ "Vpc8378EB38",
1221
+ "CidrBlock"
1222
+ ]
1223
+ },
1224
+ "Description": {
1225
+ "Fn::Join": [
1226
+ "",
1227
+ [
1228
+ "from ",
1229
+ {
1230
+ "Fn::GetAtt": [
1231
+ "Vpc8378EB38",
1232
+ "CidrBlock"
1233
+ ]
1234
+ },
1235
+ ":443"
1236
+ ]
1237
+ ]
1238
+ },
1239
+ "FromPort": 443,
1240
+ "IpProtocol": "tcp",
1241
+ "ToPort": 443
1242
+ }
1243
+ ],
1244
+ "VpcId": {
1245
+ "Ref": "Vpc8378EB38"
1246
+ }
1247
+ },
1248
+ "Metadata": {
1249
+ "cfn_nag": {
1250
+ "rules_to_suppress": [
1251
+ {
1252
+ "id": "W5",
1253
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
1254
+ },
1255
+ {
1256
+ "id": "W40",
1257
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
1258
+ }
1259
+ ]
1260
+ }
1261
+ }
1262
+ }
1263
+ },
1264
+ "Parameters": {
1265
+ "BootstrapVersion": {
1266
+ "Type": "AWS::SSM::Parameter::Value<String>",
1267
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1268
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1269
+ }
1270
+ },
1271
+ "Rules": {
1272
+ "CheckBootstrapVersion": {
1273
+ "Assertions": [
1274
+ {
1275
+ "Assert": {
1276
+ "Fn::Not": [
1277
+ {
1278
+ "Fn::Contains": [
1279
+ [
1280
+ "1",
1281
+ "2",
1282
+ "3",
1283
+ "4",
1284
+ "5"
1285
+ ],
1286
+ {
1287
+ "Ref": "BootstrapVersion"
1288
+ }
1289
+ ]
1290
+ }
1291
+ ]
1292
+ },
1293
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1294
+ }
1295
+ ]
1296
+ }
1297
+ }
1298
+ }