@aws-solutions-constructs/aws-lambda-kinesisstreams 2.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/.eslintignore +5 -0
  2. package/.jsii +3655 -0
  3. package/README.md +121 -0
  4. package/architecture.png +0 -0
  5. package/lib/index.d.ts +90 -0
  6. package/lib/index.js +64 -0
  7. package/package.json +92 -0
  8. package/test/integ.existingLambda.d.ts +13 -0
  9. package/test/integ.existingLambda.expected.json +232 -0
  10. package/test/integ.existingLambda.js +31 -0
  11. package/test/integ.existingStream.d.ts +13 -0
  12. package/test/integ.existingStream.expected.json +231 -0
  13. package/test/integ.existingStream.js +37 -0
  14. package/test/integ.existingStreamWithCmk.d.ts +13 -0
  15. package/test/integ.existingStreamWithCmk.expected.json +300 -0
  16. package/test/integ.existingStreamWithCmk.js +39 -0
  17. package/test/integ.existingVpc.d.ts +13 -0
  18. package/test/integ.existingVpc.expected.json +1068 -0
  19. package/test/integ.existingVpc.js +34 -0
  20. package/test/integ.newStreamFromProps.d.ts +13 -0
  21. package/test/integ.newStreamFromProps.expected.json +231 -0
  22. package/test/integ.newStreamFromProps.js +34 -0
  23. package/test/integ.newVpc.d.ts +13 -0
  24. package/test/integ.newVpc.expected.json +674 -0
  25. package/test/integ.newVpc.js +31 -0
  26. package/test/integ.newVpcFromProps.d.ts +13 -0
  27. package/test/integ.newVpcFromProps.expected.json +560 -0
  28. package/test/integ.newVpcFromProps.js +34 -0
  29. package/test/integ.noArguments.d.ts +13 -0
  30. package/test/integ.noArguments.expected.json +232 -0
  31. package/test/integ.noArguments.js +30 -0
  32. package/test/lambda/index.mjs +15 -0
  33. package/test/lambda-kinesisstream.test.d.ts +13 -0
  34. package/test/lambda-kinesisstream.test.js +472 -0
package/test/integ.existingVpc.expected.json ADDED
@@ -0,0 +1,1068 @@
1
+ {
2
+ "Resources": {
3
+ "Vpc8378EB38": {
4
+ "Type": "AWS::EC2::VPC",
5
+ "Properties": {
6
+ "CidrBlock": "10.0.0.0/16",
7
+ "EnableDnsHostnames": true,
8
+ "EnableDnsSupport": true,
9
+ "InstanceTenancy": "default",
10
+ "Tags": [
11
+ {
12
+ "Key": "Name",
13
+ "Value": "existingVpc/Vpc"
14
+ }
15
+ ]
16
+ }
17
+ },
18
+ "VpcPublicSubnet1Subnet5C2D37C4": {
19
+ "Type": "AWS::EC2::Subnet",
20
+ "Properties": {
21
+ "VpcId": {
22
+ "Ref": "Vpc8378EB38"
23
+ },
24
+ "AvailabilityZone": "test-region-1a",
25
+ "CidrBlock": "10.0.0.0/19",
26
+ "MapPublicIpOnLaunch": true,
27
+ "Tags": [
28
+ {
29
+ "Key": "aws-cdk:subnet-name",
30
+ "Value": "Public"
31
+ },
32
+ {
33
+ "Key": "aws-cdk:subnet-type",
34
+ "Value": "Public"
35
+ },
36
+ {
37
+ "Key": "Name",
38
+ "Value": "existingVpc/Vpc/PublicSubnet1"
39
+ }
40
+ ]
41
+ },
42
+ "Metadata": {
43
+ "cfn_nag": {
44
+ "rules_to_suppress": [
45
+ {
46
+ "id": "W33",
47
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
48
+ }
49
+ ]
50
+ }
51
+ }
52
+ },
53
+ "VpcPublicSubnet1RouteTable6C95E38E": {
54
+ "Type": "AWS::EC2::RouteTable",
55
+ "Properties": {
56
+ "VpcId": {
57
+ "Ref": "Vpc8378EB38"
58
+ },
59
+ "Tags": [
60
+ {
61
+ "Key": "Name",
62
+ "Value": "existingVpc/Vpc/PublicSubnet1"
63
+ }
64
+ ]
65
+ }
66
+ },
67
+ "VpcPublicSubnet1RouteTableAssociation97140677": {
68
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
69
+ "Properties": {
70
+ "RouteTableId": {
71
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
72
+ },
73
+ "SubnetId": {
74
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
75
+ }
76
+ }
77
+ },
78
+ "VpcPublicSubnet1DefaultRoute3DA9E72A": {
79
+ "Type": "AWS::EC2::Route",
80
+ "Properties": {
81
+ "RouteTableId": {
82
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
83
+ },
84
+ "DestinationCidrBlock": "0.0.0.0/0",
85
+ "GatewayId": {
86
+ "Ref": "VpcIGWD7BA715C"
87
+ }
88
+ },
89
+ "DependsOn": [
90
+ "VpcVPCGWBF912B6E"
91
+ ]
92
+ },
93
+ "VpcPublicSubnet1EIPD7E02669": {
94
+ "Type": "AWS::EC2::EIP",
95
+ "Properties": {
96
+ "Domain": "vpc",
97
+ "Tags": [
98
+ {
99
+ "Key": "Name",
100
+ "Value": "existingVpc/Vpc/PublicSubnet1"
101
+ }
102
+ ]
103
+ }
104
+ },
105
+ "VpcPublicSubnet1NATGateway4D7517AA": {
106
+ "Type": "AWS::EC2::NatGateway",
107
+ "Properties": {
108
+ "SubnetId": {
109
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
110
+ },
111
+ "AllocationId": {
112
+ "Fn::GetAtt": [
113
+ "VpcPublicSubnet1EIPD7E02669",
114
+ "AllocationId"
115
+ ]
116
+ },
117
+ "Tags": [
118
+ {
119
+ "Key": "Name",
120
+ "Value": "existingVpc/Vpc/PublicSubnet1"
121
+ }
122
+ ]
123
+ },
124
+ "DependsOn": [
125
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
126
+ "VpcPublicSubnet1RouteTableAssociation97140677"
127
+ ]
128
+ },
129
+ "VpcPublicSubnet2Subnet691E08A3": {
130
+ "Type": "AWS::EC2::Subnet",
131
+ "Properties": {
132
+ "VpcId": {
133
+ "Ref": "Vpc8378EB38"
134
+ },
135
+ "AvailabilityZone": "test-region-1b",
136
+ "CidrBlock": "10.0.32.0/19",
137
+ "MapPublicIpOnLaunch": true,
138
+ "Tags": [
139
+ {
140
+ "Key": "aws-cdk:subnet-name",
141
+ "Value": "Public"
142
+ },
143
+ {
144
+ "Key": "aws-cdk:subnet-type",
145
+ "Value": "Public"
146
+ },
147
+ {
148
+ "Key": "Name",
149
+ "Value": "existingVpc/Vpc/PublicSubnet2"
150
+ }
151
+ ]
152
+ },
153
+ "Metadata": {
154
+ "cfn_nag": {
155
+ "rules_to_suppress": [
156
+ {
157
+ "id": "W33",
158
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
159
+ }
160
+ ]
161
+ }
162
+ }
163
+ },
164
+ "VpcPublicSubnet2RouteTable94F7E489": {
165
+ "Type": "AWS::EC2::RouteTable",
166
+ "Properties": {
167
+ "VpcId": {
168
+ "Ref": "Vpc8378EB38"
169
+ },
170
+ "Tags": [
171
+ {
172
+ "Key": "Name",
173
+ "Value": "existingVpc/Vpc/PublicSubnet2"
174
+ }
175
+ ]
176
+ }
177
+ },
178
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
179
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
180
+ "Properties": {
181
+ "RouteTableId": {
182
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
183
+ },
184
+ "SubnetId": {
185
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
186
+ }
187
+ }
188
+ },
189
+ "VpcPublicSubnet2DefaultRoute97F91067": {
190
+ "Type": "AWS::EC2::Route",
191
+ "Properties": {
192
+ "RouteTableId": {
193
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
194
+ },
195
+ "DestinationCidrBlock": "0.0.0.0/0",
196
+ "GatewayId": {
197
+ "Ref": "VpcIGWD7BA715C"
198
+ }
199
+ },
200
+ "DependsOn": [
201
+ "VpcVPCGWBF912B6E"
202
+ ]
203
+ },
204
+ "VpcPublicSubnet2EIP3C605A87": {
205
+ "Type": "AWS::EC2::EIP",
206
+ "Properties": {
207
+ "Domain": "vpc",
208
+ "Tags": [
209
+ {
210
+ "Key": "Name",
211
+ "Value": "existingVpc/Vpc/PublicSubnet2"
212
+ }
213
+ ]
214
+ }
215
+ },
216
+ "VpcPublicSubnet2NATGateway9182C01D": {
217
+ "Type": "AWS::EC2::NatGateway",
218
+ "Properties": {
219
+ "SubnetId": {
220
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
221
+ },
222
+ "AllocationId": {
223
+ "Fn::GetAtt": [
224
+ "VpcPublicSubnet2EIP3C605A87",
225
+ "AllocationId"
226
+ ]
227
+ },
228
+ "Tags": [
229
+ {
230
+ "Key": "Name",
231
+ "Value": "existingVpc/Vpc/PublicSubnet2"
232
+ }
233
+ ]
234
+ },
235
+ "DependsOn": [
236
+ "VpcPublicSubnet2DefaultRoute97F91067",
237
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8"
238
+ ]
239
+ },
240
+ "VpcPublicSubnet3SubnetBE12F0B6": {
241
+ "Type": "AWS::EC2::Subnet",
242
+ "Properties": {
243
+ "VpcId": {
244
+ "Ref": "Vpc8378EB38"
245
+ },
246
+ "AvailabilityZone": "test-region-1c",
247
+ "CidrBlock": "10.0.64.0/19",
248
+ "MapPublicIpOnLaunch": true,
249
+ "Tags": [
250
+ {
251
+ "Key": "aws-cdk:subnet-name",
252
+ "Value": "Public"
253
+ },
254
+ {
255
+ "Key": "aws-cdk:subnet-type",
256
+ "Value": "Public"
257
+ },
258
+ {
259
+ "Key": "Name",
260
+ "Value": "existingVpc/Vpc/PublicSubnet3"
261
+ }
262
+ ]
263
+ },
264
+ "Metadata": {
265
+ "cfn_nag": {
266
+ "rules_to_suppress": [
267
+ {
268
+ "id": "W33",
269
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
270
+ }
271
+ ]
272
+ }
273
+ }
274
+ },
275
+ "VpcPublicSubnet3RouteTable93458DBB": {
276
+ "Type": "AWS::EC2::RouteTable",
277
+ "Properties": {
278
+ "VpcId": {
279
+ "Ref": "Vpc8378EB38"
280
+ },
281
+ "Tags": [
282
+ {
283
+ "Key": "Name",
284
+ "Value": "existingVpc/Vpc/PublicSubnet3"
285
+ }
286
+ ]
287
+ }
288
+ },
289
+ "VpcPublicSubnet3RouteTableAssociation1F1EDF02": {
290
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
291
+ "Properties": {
292
+ "RouteTableId": {
293
+ "Ref": "VpcPublicSubnet3RouteTable93458DBB"
294
+ },
295
+ "SubnetId": {
296
+ "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
297
+ }
298
+ }
299
+ },
300
+ "VpcPublicSubnet3DefaultRoute4697774F": {
301
+ "Type": "AWS::EC2::Route",
302
+ "Properties": {
303
+ "RouteTableId": {
304
+ "Ref": "VpcPublicSubnet3RouteTable93458DBB"
305
+ },
306
+ "DestinationCidrBlock": "0.0.0.0/0",
307
+ "GatewayId": {
308
+ "Ref": "VpcIGWD7BA715C"
309
+ }
310
+ },
311
+ "DependsOn": [
312
+ "VpcVPCGWBF912B6E"
313
+ ]
314
+ },
315
+ "VpcPublicSubnet3EIP3A666A23": {
316
+ "Type": "AWS::EC2::EIP",
317
+ "Properties": {
318
+ "Domain": "vpc",
319
+ "Tags": [
320
+ {
321
+ "Key": "Name",
322
+ "Value": "existingVpc/Vpc/PublicSubnet3"
323
+ }
324
+ ]
325
+ }
326
+ },
327
+ "VpcPublicSubnet3NATGateway7640CD1D": {
328
+ "Type": "AWS::EC2::NatGateway",
329
+ "Properties": {
330
+ "SubnetId": {
331
+ "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
332
+ },
333
+ "AllocationId": {
334
+ "Fn::GetAtt": [
335
+ "VpcPublicSubnet3EIP3A666A23",
336
+ "AllocationId"
337
+ ]
338
+ },
339
+ "Tags": [
340
+ {
341
+ "Key": "Name",
342
+ "Value": "existingVpc/Vpc/PublicSubnet3"
343
+ }
344
+ ]
345
+ },
346
+ "DependsOn": [
347
+ "VpcPublicSubnet3DefaultRoute4697774F",
348
+ "VpcPublicSubnet3RouteTableAssociation1F1EDF02"
349
+ ]
350
+ },
351
+ "VpcPrivateSubnet1Subnet536B997A": {
352
+ "Type": "AWS::EC2::Subnet",
353
+ "Properties": {
354
+ "VpcId": {
355
+ "Ref": "Vpc8378EB38"
356
+ },
357
+ "AvailabilityZone": "test-region-1a",
358
+ "CidrBlock": "10.0.96.0/19",
359
+ "MapPublicIpOnLaunch": false,
360
+ "Tags": [
361
+ {
362
+ "Key": "aws-cdk:subnet-name",
363
+ "Value": "Private"
364
+ },
365
+ {
366
+ "Key": "aws-cdk:subnet-type",
367
+ "Value": "Private"
368
+ },
369
+ {
370
+ "Key": "Name",
371
+ "Value": "existingVpc/Vpc/PrivateSubnet1"
372
+ }
373
+ ]
374
+ }
375
+ },
376
+ "VpcPrivateSubnet1RouteTableB2C5B500": {
377
+ "Type": "AWS::EC2::RouteTable",
378
+ "Properties": {
379
+ "VpcId": {
380
+ "Ref": "Vpc8378EB38"
381
+ },
382
+ "Tags": [
383
+ {
384
+ "Key": "Name",
385
+ "Value": "existingVpc/Vpc/PrivateSubnet1"
386
+ }
387
+ ]
388
+ }
389
+ },
390
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
391
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
392
+ "Properties": {
393
+ "RouteTableId": {
394
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
395
+ },
396
+ "SubnetId": {
397
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
398
+ }
399
+ }
400
+ },
401
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
402
+ "Type": "AWS::EC2::Route",
403
+ "Properties": {
404
+ "RouteTableId": {
405
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
406
+ },
407
+ "DestinationCidrBlock": "0.0.0.0/0",
408
+ "NatGatewayId": {
409
+ "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
410
+ }
411
+ }
412
+ },
413
+ "VpcPrivateSubnet2Subnet3788AAA1": {
414
+ "Type": "AWS::EC2::Subnet",
415
+ "Properties": {
416
+ "VpcId": {
417
+ "Ref": "Vpc8378EB38"
418
+ },
419
+ "AvailabilityZone": "test-region-1b",
420
+ "CidrBlock": "10.0.128.0/19",
421
+ "MapPublicIpOnLaunch": false,
422
+ "Tags": [
423
+ {
424
+ "Key": "aws-cdk:subnet-name",
425
+ "Value": "Private"
426
+ },
427
+ {
428
+ "Key": "aws-cdk:subnet-type",
429
+ "Value": "Private"
430
+ },
431
+ {
432
+ "Key": "Name",
433
+ "Value": "existingVpc/Vpc/PrivateSubnet2"
434
+ }
435
+ ]
436
+ }
437
+ },
438
+ "VpcPrivateSubnet2RouteTableA678073B": {
439
+ "Type": "AWS::EC2::RouteTable",
440
+ "Properties": {
441
+ "VpcId": {
442
+ "Ref": "Vpc8378EB38"
443
+ },
444
+ "Tags": [
445
+ {
446
+ "Key": "Name",
447
+ "Value": "existingVpc/Vpc/PrivateSubnet2"
448
+ }
449
+ ]
450
+ }
451
+ },
452
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
453
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
454
+ "Properties": {
455
+ "RouteTableId": {
456
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
457
+ },
458
+ "SubnetId": {
459
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
460
+ }
461
+ }
462
+ },
463
+ "VpcPrivateSubnet2DefaultRoute060D2087": {
464
+ "Type": "AWS::EC2::Route",
465
+ "Properties": {
466
+ "RouteTableId": {
467
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
468
+ },
469
+ "DestinationCidrBlock": "0.0.0.0/0",
470
+ "NatGatewayId": {
471
+ "Ref": "VpcPublicSubnet2NATGateway9182C01D"
472
+ }
473
+ }
474
+ },
475
+ "VpcPrivateSubnet3SubnetF258B56E": {
476
+ "Type": "AWS::EC2::Subnet",
477
+ "Properties": {
478
+ "VpcId": {
479
+ "Ref": "Vpc8378EB38"
480
+ },
481
+ "AvailabilityZone": "test-region-1c",
482
+ "CidrBlock": "10.0.160.0/19",
483
+ "MapPublicIpOnLaunch": false,
484
+ "Tags": [
485
+ {
486
+ "Key": "aws-cdk:subnet-name",
487
+ "Value": "Private"
488
+ },
489
+ {
490
+ "Key": "aws-cdk:subnet-type",
491
+ "Value": "Private"
492
+ },
493
+ {
494
+ "Key": "Name",
495
+ "Value": "existingVpc/Vpc/PrivateSubnet3"
496
+ }
497
+ ]
498
+ }
499
+ },
500
+ "VpcPrivateSubnet3RouteTableD98824C7": {
501
+ "Type": "AWS::EC2::RouteTable",
502
+ "Properties": {
503
+ "VpcId": {
504
+ "Ref": "Vpc8378EB38"
505
+ },
506
+ "Tags": [
507
+ {
508
+ "Key": "Name",
509
+ "Value": "existingVpc/Vpc/PrivateSubnet3"
510
+ }
511
+ ]
512
+ }
513
+ },
514
+ "VpcPrivateSubnet3RouteTableAssociation16BDDC43": {
515
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
516
+ "Properties": {
517
+ "RouteTableId": {
518
+ "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
519
+ },
520
+ "SubnetId": {
521
+ "Ref": "VpcPrivateSubnet3SubnetF258B56E"
522
+ }
523
+ }
524
+ },
525
+ "VpcPrivateSubnet3DefaultRoute94B74F0D": {
526
+ "Type": "AWS::EC2::Route",
527
+ "Properties": {
528
+ "RouteTableId": {
529
+ "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
530
+ },
531
+ "DestinationCidrBlock": "0.0.0.0/0",
532
+ "NatGatewayId": {
533
+ "Ref": "VpcPublicSubnet3NATGateway7640CD1D"
534
+ }
535
+ }
536
+ },
537
+ "VpcIGWD7BA715C": {
538
+ "Type": "AWS::EC2::InternetGateway",
539
+ "Properties": {
540
+ "Tags": [
541
+ {
542
+ "Key": "Name",
543
+ "Value": "existingVpc/Vpc"
544
+ }
545
+ ]
546
+ }
547
+ },
548
+ "VpcVPCGWBF912B6E": {
549
+ "Type": "AWS::EC2::VPCGatewayAttachment",
550
+ "Properties": {
551
+ "VpcId": {
552
+ "Ref": "Vpc8378EB38"
553
+ },
554
+ "InternetGatewayId": {
555
+ "Ref": "VpcIGWD7BA715C"
556
+ }
557
+ }
558
+ },
559
+ "VpcFlowLogIAMRole6A475D41": {
560
+ "Type": "AWS::IAM::Role",
561
+ "Properties": {
562
+ "AssumeRolePolicyDocument": {
563
+ "Statement": [
564
+ {
565
+ "Action": "sts:AssumeRole",
566
+ "Effect": "Allow",
567
+ "Principal": {
568
+ "Service": "vpc-flow-logs.amazonaws.com"
569
+ }
570
+ }
571
+ ],
572
+ "Version": "2012-10-17"
573
+ },
574
+ "Tags": [
575
+ {
576
+ "Key": "Name",
577
+ "Value": "existingVpc/Vpc"
578
+ }
579
+ ]
580
+ }
581
+ },
582
+ "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
583
+ "Type": "AWS::IAM::Policy",
584
+ "Properties": {
585
+ "PolicyDocument": {
586
+ "Statement": [
587
+ {
588
+ "Action": [
589
+ "logs:CreateLogStream",
590
+ "logs:PutLogEvents",
591
+ "logs:DescribeLogStreams"
592
+ ],
593
+ "Effect": "Allow",
594
+ "Resource": {
595
+ "Fn::GetAtt": [
596
+ "VpcFlowLogLogGroup7B5C56B9",
597
+ "Arn"
598
+ ]
599
+ }
600
+ },
601
+ {
602
+ "Action": "iam:PassRole",
603
+ "Effect": "Allow",
604
+ "Resource": {
605
+ "Fn::GetAtt": [
606
+ "VpcFlowLogIAMRole6A475D41",
607
+ "Arn"
608
+ ]
609
+ }
610
+ }
611
+ ],
612
+ "Version": "2012-10-17"
613
+ },
614
+ "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
615
+ "Roles": [
616
+ {
617
+ "Ref": "VpcFlowLogIAMRole6A475D41"
618
+ }
619
+ ]
620
+ }
621
+ },
622
+ "VpcFlowLogLogGroup7B5C56B9": {
623
+ "Type": "AWS::Logs::LogGroup",
624
+ "Properties": {
625
+ "RetentionInDays": 731,
626
+ "Tags": [
627
+ {
628
+ "Key": "Name",
629
+ "Value": "existingVpc/Vpc"
630
+ }
631
+ ]
632
+ },
633
+ "UpdateReplacePolicy": "Retain",
634
+ "DeletionPolicy": "Retain",
635
+ "Metadata": {
636
+ "cfn_nag": {
637
+ "rules_to_suppress": [
638
+ {
639
+ "id": "W84",
640
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
641
+ }
642
+ ]
643
+ }
644
+ }
645
+ },
646
+ "VpcFlowLog8FF33A73": {
647
+ "Type": "AWS::EC2::FlowLog",
648
+ "Properties": {
649
+ "ResourceId": {
650
+ "Ref": "Vpc8378EB38"
651
+ },
652
+ "ResourceType": "VPC",
653
+ "DeliverLogsPermissionArn": {
654
+ "Fn::GetAtt": [
655
+ "VpcFlowLogIAMRole6A475D41",
656
+ "Arn"
657
+ ]
658
+ },
659
+ "LogDestinationType": "cloud-watch-logs",
660
+ "LogGroupName": {
661
+ "Ref": "VpcFlowLogLogGroup7B5C56B9"
662
+ },
663
+ "Tags": [
664
+ {
665
+ "Key": "Name",
666
+ "Value": "existingVpc/Vpc"
667
+ }
668
+ ],
669
+ "TrafficType": "ALL"
670
+ }
671
+ },
672
+ "VpcKINESISSTREAMSC07D91B5": {
673
+ "Type": "AWS::EC2::VPCEndpoint",
674
+ "Properties": {
675
+ "ServiceName": {
676
+ "Fn::Join": [
677
+ "",
678
+ [
679
+ "com.amazonaws.",
680
+ {
681
+ "Ref": "AWS::Region"
682
+ },
683
+ ".kinesis-streams"
684
+ ]
685
+ ]
686
+ },
687
+ "VpcId": {
688
+ "Ref": "Vpc8378EB38"
689
+ },
690
+ "PrivateDnsEnabled": true,
691
+ "SecurityGroupIds": [
692
+ {
693
+ "Fn::GetAtt": [
694
+ "existingVpcKINESISSTREAMSsecuritygroupDE0E9DB9",
695
+ "GroupId"
696
+ ]
697
+ }
698
+ ],
699
+ "SubnetIds": [
700
+ {
701
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
702
+ },
703
+ {
704
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
705
+ },
706
+ {
707
+ "Ref": "VpcPrivateSubnet3SubnetF258B56E"
708
+ }
709
+ ],
710
+ "VpcEndpointType": "Interface"
711
+ }
712
+ },
713
+ "testlambdakinesisstreamsLambdaFunctionServiceRole95206CF3": {
714
+ "Type": "AWS::IAM::Role",
715
+ "Properties": {
716
+ "AssumeRolePolicyDocument": {
717
+ "Statement": [
718
+ {
719
+ "Action": "sts:AssumeRole",
720
+ "Effect": "Allow",
721
+ "Principal": {
722
+ "Service": "lambda.amazonaws.com"
723
+ }
724
+ }
725
+ ],
726
+ "Version": "2012-10-17"
727
+ },
728
+ "Policies": [
729
+ {
730
+ "PolicyDocument": {
731
+ "Statement": [
732
+ {
733
+ "Action": [
734
+ "logs:CreateLogGroup",
735
+ "logs:CreateLogStream",
736
+ "logs:PutLogEvents"
737
+ ],
738
+ "Effect": "Allow",
739
+ "Resource": {
740
+ "Fn::Join": [
741
+ "",
742
+ [
743
+ "arn:",
744
+ {
745
+ "Ref": "AWS::Partition"
746
+ },
747
+ ":logs:",
748
+ {
749
+ "Ref": "AWS::Region"
750
+ },
751
+ ":",
752
+ {
753
+ "Ref": "AWS::AccountId"
754
+ },
755
+ ":log-group:/aws/lambda/*"
756
+ ]
757
+ ]
758
+ }
759
+ }
760
+ ],
761
+ "Version": "2012-10-17"
762
+ },
763
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
764
+ }
765
+ ]
766
+ }
767
+ },
768
+ "testlambdakinesisstreamsLambdaFunctionServiceRoleDefaultPolicyED972043": {
769
+ "Type": "AWS::IAM::Policy",
770
+ "Properties": {
771
+ "PolicyDocument": {
772
+ "Statement": [
773
+ {
774
+ "Action": [
775
+ "ec2:CreateNetworkInterface",
776
+ "ec2:DescribeNetworkInterfaces",
777
+ "ec2:DeleteNetworkInterface",
778
+ "ec2:AssignPrivateIpAddresses",
779
+ "ec2:UnassignPrivateIpAddresses"
780
+ ],
781
+ "Effect": "Allow",
782
+ "Resource": "*"
783
+ },
784
+ {
785
+ "Action": [
786
+ "xray:PutTraceSegments",
787
+ "xray:PutTelemetryRecords"
788
+ ],
789
+ "Effect": "Allow",
790
+ "Resource": "*"
791
+ },
792
+ {
793
+ "Action": [
794
+ "kinesis:ListShards",
795
+ "kinesis:PutRecord",
796
+ "kinesis:PutRecords"
797
+ ],
798
+ "Effect": "Allow",
799
+ "Resource": {
800
+ "Fn::GetAtt": [
801
+ "testlambdakinesisstreamsKinesisStream11A82116",
802
+ "Arn"
803
+ ]
804
+ }
805
+ }
806
+ ],
807
+ "Version": "2012-10-17"
808
+ },
809
+ "PolicyName": "testlambdakinesisstreamsLambdaFunctionServiceRoleDefaultPolicyED972043",
810
+ "Roles": [
811
+ {
812
+ "Ref": "testlambdakinesisstreamsLambdaFunctionServiceRole95206CF3"
813
+ }
814
+ ]
815
+ },
816
+ "Metadata": {
817
+ "cfn_nag": {
818
+ "rules_to_suppress": [
819
+ {
820
+ "id": "W12",
821
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
822
+ }
823
+ ]
824
+ }
825
+ }
826
+ },
827
+ "testlambdakinesisstreamsReplaceDefaultSecurityGroupsecuritygroupFB22266C": {
828
+ "Type": "AWS::EC2::SecurityGroup",
829
+ "Properties": {
830
+ "GroupDescription": "existingVpc/test-lambda-kinesisstreams/ReplaceDefaultSecurityGroup-security-group",
831
+ "SecurityGroupEgress": [
832
+ {
833
+ "CidrIp": "0.0.0.0/0",
834
+ "Description": "Allow all outbound traffic by default",
835
+ "IpProtocol": "-1"
836
+ }
837
+ ],
838
+ "VpcId": {
839
+ "Ref": "Vpc8378EB38"
840
+ }
841
+ },
842
+ "Metadata": {
843
+ "cfn_nag": {
844
+ "rules_to_suppress": [
845
+ {
846
+ "id": "W5",
847
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
848
+ },
849
+ {
850
+ "id": "W40",
851
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
852
+ }
853
+ ]
854
+ }
855
+ }
856
+ },
857
+ "testlambdakinesisstreamsLambdaFunction4348B6E4": {
858
+ "Type": "AWS::Lambda::Function",
859
+ "Properties": {
860
+ "Code": {
861
+ "S3Bucket": {
862
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
863
+ },
864
+ "S3Key": "c7dc0cc1b24bda1d2a5345f61897eee32184906649fdb1de93853c512e129dbf.zip"
865
+ },
866
+ "Role": {
867
+ "Fn::GetAtt": [
868
+ "testlambdakinesisstreamsLambdaFunctionServiceRole95206CF3",
869
+ "Arn"
870
+ ]
871
+ },
872
+ "Environment": {
873
+ "Variables": {
874
+ "KINESIS_DATASTREAM_NAME": {
875
+ "Ref": "testlambdakinesisstreamsKinesisStream11A82116"
876
+ }
877
+ }
878
+ },
879
+ "Handler": "index.handler",
880
+ "Runtime": "nodejs18.x",
881
+ "TracingConfig": {
882
+ "Mode": "Active"
883
+ },
884
+ "VpcConfig": {
885
+ "SecurityGroupIds": [
886
+ {
887
+ "Fn::GetAtt": [
888
+ "testlambdakinesisstreamsReplaceDefaultSecurityGroupsecuritygroupFB22266C",
889
+ "GroupId"
890
+ ]
891
+ }
892
+ ],
893
+ "SubnetIds": [
894
+ {
895
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
896
+ },
897
+ {
898
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
899
+ },
900
+ {
901
+ "Ref": "VpcPrivateSubnet3SubnetF258B56E"
902
+ }
903
+ ]
904
+ }
905
+ },
906
+ "DependsOn": [
907
+ "testlambdakinesisstreamsLambdaFunctionServiceRoleDefaultPolicyED972043",
908
+ "testlambdakinesisstreamsLambdaFunctionServiceRole95206CF3",
909
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
910
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
911
+ "VpcPrivateSubnet2DefaultRoute060D2087",
912
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
913
+ "VpcPrivateSubnet3DefaultRoute94B74F0D",
914
+ "VpcPrivateSubnet3RouteTableAssociation16BDDC43"
915
+ ],
916
+ "Metadata": {
917
+ "cfn_nag": {
918
+ "rules_to_suppress": [
919
+ {
920
+ "id": "W58",
921
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
922
+ },
923
+ {
924
+ "id": "W89",
925
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
926
+ },
927
+ {
928
+ "id": "W92",
929
+ "reason": "Impossible for us to define the correct concurrency for clients"
930
+ }
931
+ ]
932
+ }
933
+ }
934
+ },
935
+ "testlambdakinesisstreamsKinesisStream11A82116": {
936
+ "Type": "AWS::Kinesis::Stream",
937
+ "Properties": {
938
+ "RetentionPeriodHours": 24,
939
+ "ShardCount": 1,
940
+ "StreamEncryption": {
941
+ "EncryptionType": "KMS",
942
+ "KeyId": "alias/aws/kinesis"
943
+ },
944
+ "StreamModeDetails": {
945
+ "StreamMode": "PROVISIONED"
946
+ }
947
+ }
948
+ },
949
+ "testlambdakinesisstreamsKinesisStreamGetRecordsIteratorAgeAlarmC4A0FF00": {
950
+ "Type": "AWS::CloudWatch::Alarm",
951
+ "Properties": {
952
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
953
+ "EvaluationPeriods": 1,
954
+ "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.",
955
+ "MetricName": "GetRecords.IteratorAgeMilliseconds",
956
+ "Namespace": "AWS/Kinesis",
957
+ "Period": 300,
958
+ "Statistic": "Maximum",
959
+ "Threshold": 43200000
960
+ }
961
+ },
962
+ "testlambdakinesisstreamsKinesisStreamReadProvisionedThroughputExceededAlarm9732E188": {
963
+ "Type": "AWS::CloudWatch::Alarm",
964
+ "Properties": {
965
+ "ComparisonOperator": "GreaterThanThreshold",
966
+ "EvaluationPeriods": 1,
967
+ "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.",
968
+ "MetricName": "ReadProvisionedThroughputExceeded",
969
+ "Namespace": "AWS/Kinesis",
970
+ "Period": 300,
971
+ "Statistic": "Average",
972
+ "Threshold": 0
973
+ }
974
+ },
975
+ "existingVpcKINESISSTREAMSsecuritygroupDE0E9DB9": {
976
+ "Type": "AWS::EC2::SecurityGroup",
977
+ "Properties": {
978
+ "GroupDescription": "existingVpc/existingVpc-KINESIS_STREAMS-security-group",
979
+ "SecurityGroupEgress": [
980
+ {
981
+ "CidrIp": "0.0.0.0/0",
982
+ "Description": "Allow all outbound traffic by default",
983
+ "IpProtocol": "-1"
984
+ }
985
+ ],
986
+ "SecurityGroupIngress": [
987
+ {
988
+ "CidrIp": {
989
+ "Fn::GetAtt": [
990
+ "Vpc8378EB38",
991
+ "CidrBlock"
992
+ ]
993
+ },
994
+ "Description": {
995
+ "Fn::Join": [
996
+ "",
997
+ [
998
+ "from ",
999
+ {
1000
+ "Fn::GetAtt": [
1001
+ "Vpc8378EB38",
1002
+ "CidrBlock"
1003
+ ]
1004
+ },
1005
+ ":443"
1006
+ ]
1007
+ ]
1008
+ },
1009
+ "FromPort": 443,
1010
+ "IpProtocol": "tcp",
1011
+ "ToPort": 443
1012
+ }
1013
+ ],
1014
+ "VpcId": {
1015
+ "Ref": "Vpc8378EB38"
1016
+ }
1017
+ },
1018
+ "Metadata": {
1019
+ "cfn_nag": {
1020
+ "rules_to_suppress": [
1021
+ {
1022
+ "id": "W5",
1023
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
1024
+ },
1025
+ {
1026
+ "id": "W40",
1027
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
1028
+ }
1029
+ ]
1030
+ }
1031
+ }
1032
+ }
1033
+ },
1034
+ "Parameters": {
1035
+ "BootstrapVersion": {
1036
+ "Type": "AWS::SSM::Parameter::Value<String>",
1037
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1038
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1039
+ }
1040
+ },
1041
+ "Rules": {
1042
+ "CheckBootstrapVersion": {
1043
+ "Assertions": [
1044
+ {
1045
+ "Assert": {
1046
+ "Fn::Not": [
1047
+ {
1048
+ "Fn::Contains": [
1049
+ [
1050
+ "1",
1051
+ "2",
1052
+ "3",
1053
+ "4",
1054
+ "5"
1055
+ ],
1056
+ {
1057
+ "Ref": "BootstrapVersion"
1058
+ }
1059
+ ]
1060
+ }
1061
+ ]
1062
+ },
1063
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1064
+ }
1065
+ ]
1066
+ }
1067
+ }
1068
+ }