@aws-solutions-constructs/aws-lambda-opensearch 2.50.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +50 -5
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +12 -11
  6. package/test/integ.lamopn-cluster-config.js +6 -2
  7. package/test/integ.lamopn-cluster-config.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  8. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  9. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  10. package/test/integ.lamopn-cluster-config.js.snapshot/cdk.out +1 -0
  11. package/test/integ.lamopn-cluster-config.js.snapshot/integ.json +12 -0
  12. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.assets.json +45 -0
  13. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.template.json +1295 -0
  14. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.assets.json +19 -0
  15. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.template.json +36 -0
  16. package/test/integ.lamopn-cluster-config.js.snapshot/manifest.json +323 -0
  17. package/test/integ.lamopn-cluster-config.js.snapshot/tree.json +1795 -0
  18. package/test/integ.lamopn-disabled-zone-awareness.js +6 -2
  19. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  20. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  21. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  22. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/cdk.out +1 -0
  23. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/integ.json +12 -0
  24. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.assets.json +45 -0
  25. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.template.json +1228 -0
  26. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.assets.json +19 -0
  27. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.template.json +36 -0
  28. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/manifest.json +305 -0
  29. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/tree.json +1687 -0
  30. package/test/integ.lamopn-domain-arguments.js +5 -2
  31. package/test/integ.lamopn-domain-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  32. package/test/integ.lamopn-domain-arguments.js.snapshot/cdk.out +1 -0
  33. package/test/integ.lamopn-domain-arguments.js.snapshot/integ.json +12 -0
  34. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.assets.json +32 -0
  35. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.template.json +846 -0
  36. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.assets.json +19 -0
  37. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.template.json +36 -0
  38. package/test/integ.lamopn-domain-arguments.js.snapshot/manifest.json +233 -0
  39. package/test/integ.lamopn-domain-arguments.js.snapshot/tree.json +1256 -0
  40. package/test/integ.lamopn-existing-vpc.js +12 -6
  41. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  42. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  43. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  44. package/test/integ.lamopn-existing-vpc.js.snapshot/cdk.out +1 -0
  45. package/test/integ.lamopn-existing-vpc.js.snapshot/integ.json +12 -0
  46. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.assets.json +48 -0
  47. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.template.json +1571 -0
  48. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.assets.json +19 -0
  49. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.template.json +36 -0
  50. package/test/integ.lamopn-existing-vpc.js.snapshot/manifest.json +419 -0
  51. package/test/integ.lamopn-existing-vpc.js.snapshot/tree.json +2207 -0
  52. package/test/integ.lamopn-no-arguments.js +5 -2
  53. package/test/integ.lamopn-no-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  54. package/test/integ.lamopn-no-arguments.js.snapshot/cdk.out +1 -0
  55. package/test/integ.lamopn-no-arguments.js.snapshot/integ.json +12 -0
  56. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.assets.json +32 -0
  57. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.template.json +846 -0
  58. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.assets.json +19 -0
  59. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.template.json +36 -0
  60. package/test/integ.lamopn-no-arguments.js.snapshot/manifest.json +233 -0
  61. package/test/integ.lamopn-no-arguments.js.snapshot/tree.json +1256 -0
  62. package/test/integ.lamopn-vpc-props.js +12 -6
  63. package/test/integ.lamopn-vpc-props.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  64. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  65. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  66. package/test/integ.lamopn-vpc-props.js.snapshot/cdk.out +1 -0
  67. package/test/integ.lamopn-vpc-props.js.snapshot/integ.json +12 -0
  68. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.assets.json +48 -0
  69. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.template.json +1287 -0
  70. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.assets.json +19 -0
  71. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.template.json +36 -0
  72. package/test/integ.lamopn-vpc-props.js.snapshot/manifest.json +323 -0
  73. package/test/integ.lamopn-vpc-props.js.snapshot/tree.json +1795 -0
  74. package/test/integ.lamopn-cluster-config.expected.json +0 -1153
  75. package/test/integ.lamopn-disabled-zone-awareness.expected.json +0 -1093
  76. package/test/integ.lamopn-domain-arguments.expected.json +0 -846
  77. package/test/integ.lamopn-existing-vpc.expected.json +0 -1602
  78. package/test/integ.lamopn-no-arguments.expected.json +0 -846
  79. package/test/integ.lamopn-vpc-props.expected.json +0 -1208
@@ -0,0 +1,1571 @@
1
+ {
2
+ "Resources": {
3
+ "Vpc8378EB38": {
4
+ "Type": "AWS::EC2::VPC",
5
+ "Properties": {
6
+ "CidrBlock": "172.168.0.0/16",
7
+ "EnableDnsHostnames": true,
8
+ "EnableDnsSupport": true,
9
+ "InstanceTenancy": "default",
10
+ "Tags": [
11
+ {
12
+ "Key": "Name",
13
+ "Value": "lamopn-existing-vpc/Vpc"
14
+ }
15
+ ]
16
+ }
17
+ },
18
+ "VpcPublicSubnet1Subnet5C2D37C4": {
19
+ "Type": "AWS::EC2::Subnet",
20
+ "Properties": {
21
+ "AvailabilityZone": {
22
+ "Fn::Select": [
23
+ 0,
24
+ {
25
+ "Fn::GetAZs": ""
26
+ }
27
+ ]
28
+ },
29
+ "CidrBlock": "172.168.0.0/18",
30
+ "MapPublicIpOnLaunch": true,
31
+ "Tags": [
32
+ {
33
+ "Key": "aws-cdk:subnet-name",
34
+ "Value": "Public"
35
+ },
36
+ {
37
+ "Key": "aws-cdk:subnet-type",
38
+ "Value": "Public"
39
+ },
40
+ {
41
+ "Key": "Name",
42
+ "Value": "lamopn-existing-vpc/Vpc/PublicSubnet1"
43
+ }
44
+ ],
45
+ "VpcId": {
46
+ "Ref": "Vpc8378EB38"
47
+ }
48
+ },
49
+ "Metadata": {
50
+ "cfn_nag": {
51
+ "rules_to_suppress": [
52
+ {
53
+ "id": "W33",
54
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
55
+ }
56
+ ]
57
+ }
58
+ }
59
+ },
60
+ "VpcPublicSubnet1RouteTable6C95E38E": {
61
+ "Type": "AWS::EC2::RouteTable",
62
+ "Properties": {
63
+ "Tags": [
64
+ {
65
+ "Key": "Name",
66
+ "Value": "lamopn-existing-vpc/Vpc/PublicSubnet1"
67
+ }
68
+ ],
69
+ "VpcId": {
70
+ "Ref": "Vpc8378EB38"
71
+ }
72
+ }
73
+ },
74
+ "VpcPublicSubnet1RouteTableAssociation97140677": {
75
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
76
+ "Properties": {
77
+ "RouteTableId": {
78
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
79
+ },
80
+ "SubnetId": {
81
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
82
+ }
83
+ }
84
+ },
85
+ "VpcPublicSubnet1DefaultRoute3DA9E72A": {
86
+ "Type": "AWS::EC2::Route",
87
+ "Properties": {
88
+ "DestinationCidrBlock": "0.0.0.0/0",
89
+ "GatewayId": {
90
+ "Ref": "VpcIGWD7BA715C"
91
+ },
92
+ "RouteTableId": {
93
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
94
+ }
95
+ },
96
+ "DependsOn": [
97
+ "VpcVPCGWBF912B6E"
98
+ ]
99
+ },
100
+ "VpcPublicSubnet1EIPD7E02669": {
101
+ "Type": "AWS::EC2::EIP",
102
+ "Properties": {
103
+ "Domain": "vpc",
104
+ "Tags": [
105
+ {
106
+ "Key": "Name",
107
+ "Value": "lamopn-existing-vpc/Vpc/PublicSubnet1"
108
+ }
109
+ ]
110
+ }
111
+ },
112
+ "VpcPublicSubnet1NATGateway4D7517AA": {
113
+ "Type": "AWS::EC2::NatGateway",
114
+ "Properties": {
115
+ "AllocationId": {
116
+ "Fn::GetAtt": [
117
+ "VpcPublicSubnet1EIPD7E02669",
118
+ "AllocationId"
119
+ ]
120
+ },
121
+ "SubnetId": {
122
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
123
+ },
124
+ "Tags": [
125
+ {
126
+ "Key": "Name",
127
+ "Value": "lamopn-existing-vpc/Vpc/PublicSubnet1"
128
+ }
129
+ ]
130
+ },
131
+ "DependsOn": [
132
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
133
+ "VpcPublicSubnet1RouteTableAssociation97140677"
134
+ ]
135
+ },
136
+ "VpcPublicSubnet2Subnet691E08A3": {
137
+ "Type": "AWS::EC2::Subnet",
138
+ "Properties": {
139
+ "AvailabilityZone": {
140
+ "Fn::Select": [
141
+ 1,
142
+ {
143
+ "Fn::GetAZs": ""
144
+ }
145
+ ]
146
+ },
147
+ "CidrBlock": "172.168.64.0/18",
148
+ "MapPublicIpOnLaunch": true,
149
+ "Tags": [
150
+ {
151
+ "Key": "aws-cdk:subnet-name",
152
+ "Value": "Public"
153
+ },
154
+ {
155
+ "Key": "aws-cdk:subnet-type",
156
+ "Value": "Public"
157
+ },
158
+ {
159
+ "Key": "Name",
160
+ "Value": "lamopn-existing-vpc/Vpc/PublicSubnet2"
161
+ }
162
+ ],
163
+ "VpcId": {
164
+ "Ref": "Vpc8378EB38"
165
+ }
166
+ },
167
+ "Metadata": {
168
+ "cfn_nag": {
169
+ "rules_to_suppress": [
170
+ {
171
+ "id": "W33",
172
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
173
+ }
174
+ ]
175
+ }
176
+ }
177
+ },
178
+ "VpcPublicSubnet2RouteTable94F7E489": {
179
+ "Type": "AWS::EC2::RouteTable",
180
+ "Properties": {
181
+ "Tags": [
182
+ {
183
+ "Key": "Name",
184
+ "Value": "lamopn-existing-vpc/Vpc/PublicSubnet2"
185
+ }
186
+ ],
187
+ "VpcId": {
188
+ "Ref": "Vpc8378EB38"
189
+ }
190
+ }
191
+ },
192
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
193
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
194
+ "Properties": {
195
+ "RouteTableId": {
196
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
197
+ },
198
+ "SubnetId": {
199
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
200
+ }
201
+ }
202
+ },
203
+ "VpcPublicSubnet2DefaultRoute97F91067": {
204
+ "Type": "AWS::EC2::Route",
205
+ "Properties": {
206
+ "DestinationCidrBlock": "0.0.0.0/0",
207
+ "GatewayId": {
208
+ "Ref": "VpcIGWD7BA715C"
209
+ },
210
+ "RouteTableId": {
211
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
212
+ }
213
+ },
214
+ "DependsOn": [
215
+ "VpcVPCGWBF912B6E"
216
+ ]
217
+ },
218
+ "VpcPublicSubnet2EIP3C605A87": {
219
+ "Type": "AWS::EC2::EIP",
220
+ "Properties": {
221
+ "Domain": "vpc",
222
+ "Tags": [
223
+ {
224
+ "Key": "Name",
225
+ "Value": "lamopn-existing-vpc/Vpc/PublicSubnet2"
226
+ }
227
+ ]
228
+ }
229
+ },
230
+ "VpcPublicSubnet2NATGateway9182C01D": {
231
+ "Type": "AWS::EC2::NatGateway",
232
+ "Properties": {
233
+ "AllocationId": {
234
+ "Fn::GetAtt": [
235
+ "VpcPublicSubnet2EIP3C605A87",
236
+ "AllocationId"
237
+ ]
238
+ },
239
+ "SubnetId": {
240
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
241
+ },
242
+ "Tags": [
243
+ {
244
+ "Key": "Name",
245
+ "Value": "lamopn-existing-vpc/Vpc/PublicSubnet2"
246
+ }
247
+ ]
248
+ },
249
+ "DependsOn": [
250
+ "VpcPublicSubnet2DefaultRoute97F91067",
251
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8"
252
+ ]
253
+ },
254
+ "VpcPrivateSubnet1Subnet536B997A": {
255
+ "Type": "AWS::EC2::Subnet",
256
+ "Properties": {
257
+ "AvailabilityZone": {
258
+ "Fn::Select": [
259
+ 0,
260
+ {
261
+ "Fn::GetAZs": ""
262
+ }
263
+ ]
264
+ },
265
+ "CidrBlock": "172.168.128.0/18",
266
+ "MapPublicIpOnLaunch": false,
267
+ "Tags": [
268
+ {
269
+ "Key": "aws-cdk:subnet-name",
270
+ "Value": "Private"
271
+ },
272
+ {
273
+ "Key": "aws-cdk:subnet-type",
274
+ "Value": "Private"
275
+ },
276
+ {
277
+ "Key": "Name",
278
+ "Value": "lamopn-existing-vpc/Vpc/PrivateSubnet1"
279
+ }
280
+ ],
281
+ "VpcId": {
282
+ "Ref": "Vpc8378EB38"
283
+ }
284
+ }
285
+ },
286
+ "VpcPrivateSubnet1RouteTableB2C5B500": {
287
+ "Type": "AWS::EC2::RouteTable",
288
+ "Properties": {
289
+ "Tags": [
290
+ {
291
+ "Key": "Name",
292
+ "Value": "lamopn-existing-vpc/Vpc/PrivateSubnet1"
293
+ }
294
+ ],
295
+ "VpcId": {
296
+ "Ref": "Vpc8378EB38"
297
+ }
298
+ }
299
+ },
300
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
301
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
302
+ "Properties": {
303
+ "RouteTableId": {
304
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
305
+ },
306
+ "SubnetId": {
307
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
308
+ }
309
+ }
310
+ },
311
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
312
+ "Type": "AWS::EC2::Route",
313
+ "Properties": {
314
+ "DestinationCidrBlock": "0.0.0.0/0",
315
+ "NatGatewayId": {
316
+ "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
317
+ },
318
+ "RouteTableId": {
319
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
320
+ }
321
+ }
322
+ },
323
+ "VpcPrivateSubnet2Subnet3788AAA1": {
324
+ "Type": "AWS::EC2::Subnet",
325
+ "Properties": {
326
+ "AvailabilityZone": {
327
+ "Fn::Select": [
328
+ 1,
329
+ {
330
+ "Fn::GetAZs": ""
331
+ }
332
+ ]
333
+ },
334
+ "CidrBlock": "172.168.192.0/18",
335
+ "MapPublicIpOnLaunch": false,
336
+ "Tags": [
337
+ {
338
+ "Key": "aws-cdk:subnet-name",
339
+ "Value": "Private"
340
+ },
341
+ {
342
+ "Key": "aws-cdk:subnet-type",
343
+ "Value": "Private"
344
+ },
345
+ {
346
+ "Key": "Name",
347
+ "Value": "lamopn-existing-vpc/Vpc/PrivateSubnet2"
348
+ }
349
+ ],
350
+ "VpcId": {
351
+ "Ref": "Vpc8378EB38"
352
+ }
353
+ }
354
+ },
355
+ "VpcPrivateSubnet2RouteTableA678073B": {
356
+ "Type": "AWS::EC2::RouteTable",
357
+ "Properties": {
358
+ "Tags": [
359
+ {
360
+ "Key": "Name",
361
+ "Value": "lamopn-existing-vpc/Vpc/PrivateSubnet2"
362
+ }
363
+ ],
364
+ "VpcId": {
365
+ "Ref": "Vpc8378EB38"
366
+ }
367
+ }
368
+ },
369
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
370
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
371
+ "Properties": {
372
+ "RouteTableId": {
373
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
374
+ },
375
+ "SubnetId": {
376
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
377
+ }
378
+ }
379
+ },
380
+ "VpcPrivateSubnet2DefaultRoute060D2087": {
381
+ "Type": "AWS::EC2::Route",
382
+ "Properties": {
383
+ "DestinationCidrBlock": "0.0.0.0/0",
384
+ "NatGatewayId": {
385
+ "Ref": "VpcPublicSubnet2NATGateway9182C01D"
386
+ },
387
+ "RouteTableId": {
388
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
389
+ }
390
+ }
391
+ },
392
+ "VpcIGWD7BA715C": {
393
+ "Type": "AWS::EC2::InternetGateway",
394
+ "Properties": {
395
+ "Tags": [
396
+ {
397
+ "Key": "Name",
398
+ "Value": "lamopn-existing-vpc/Vpc"
399
+ }
400
+ ]
401
+ }
402
+ },
403
+ "VpcVPCGWBF912B6E": {
404
+ "Type": "AWS::EC2::VPCGatewayAttachment",
405
+ "Properties": {
406
+ "InternetGatewayId": {
407
+ "Ref": "VpcIGWD7BA715C"
408
+ },
409
+ "VpcId": {
410
+ "Ref": "Vpc8378EB38"
411
+ }
412
+ }
413
+ },
414
+ "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": {
415
+ "Type": "Custom::VpcRestrictDefaultSG",
416
+ "Properties": {
417
+ "ServiceToken": {
418
+ "Fn::GetAtt": [
419
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
420
+ "Arn"
421
+ ]
422
+ },
423
+ "DefaultSecurityGroupId": {
424
+ "Fn::GetAtt": [
425
+ "Vpc8378EB38",
426
+ "DefaultSecurityGroup"
427
+ ]
428
+ },
429
+ "Account": {
430
+ "Ref": "AWS::AccountId"
431
+ }
432
+ },
433
+ "UpdateReplacePolicy": "Delete",
434
+ "DeletionPolicy": "Delete"
435
+ },
436
+ "VpcFlowLogIAMRole6A475D41": {
437
+ "Type": "AWS::IAM::Role",
438
+ "Properties": {
439
+ "AssumeRolePolicyDocument": {
440
+ "Statement": [
441
+ {
442
+ "Action": "sts:AssumeRole",
443
+ "Effect": "Allow",
444
+ "Principal": {
445
+ "Service": "vpc-flow-logs.amazonaws.com"
446
+ }
447
+ }
448
+ ],
449
+ "Version": "2012-10-17"
450
+ },
451
+ "Tags": [
452
+ {
453
+ "Key": "Name",
454
+ "Value": "lamopn-existing-vpc/Vpc/FlowLog"
455
+ }
456
+ ]
457
+ }
458
+ },
459
+ "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
460
+ "Type": "AWS::IAM::Policy",
461
+ "Properties": {
462
+ "PolicyDocument": {
463
+ "Statement": [
464
+ {
465
+ "Action": [
466
+ "logs:CreateLogStream",
467
+ "logs:DescribeLogStreams",
468
+ "logs:PutLogEvents"
469
+ ],
470
+ "Effect": "Allow",
471
+ "Resource": {
472
+ "Fn::GetAtt": [
473
+ "VpcFlowLogLogGroup7B5C56B9",
474
+ "Arn"
475
+ ]
476
+ }
477
+ },
478
+ {
479
+ "Action": "iam:PassRole",
480
+ "Effect": "Allow",
481
+ "Resource": {
482
+ "Fn::GetAtt": [
483
+ "VpcFlowLogIAMRole6A475D41",
484
+ "Arn"
485
+ ]
486
+ }
487
+ }
488
+ ],
489
+ "Version": "2012-10-17"
490
+ },
491
+ "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
492
+ "Roles": [
493
+ {
494
+ "Ref": "VpcFlowLogIAMRole6A475D41"
495
+ }
496
+ ]
497
+ }
498
+ },
499
+ "VpcFlowLogLogGroup7B5C56B9": {
500
+ "Type": "AWS::Logs::LogGroup",
501
+ "Properties": {
502
+ "RetentionInDays": 731,
503
+ "Tags": [
504
+ {
505
+ "Key": "Name",
506
+ "Value": "lamopn-existing-vpc/Vpc/FlowLog"
507
+ }
508
+ ]
509
+ },
510
+ "UpdateReplacePolicy": "Retain",
511
+ "DeletionPolicy": "Retain",
512
+ "Metadata": {
513
+ "cfn_nag": {
514
+ "rules_to_suppress": [
515
+ {
516
+ "id": "W84",
517
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
518
+ }
519
+ ]
520
+ }
521
+ }
522
+ },
523
+ "VpcFlowLog8FF33A73": {
524
+ "Type": "AWS::EC2::FlowLog",
525
+ "Properties": {
526
+ "DeliverLogsPermissionArn": {
527
+ "Fn::GetAtt": [
528
+ "VpcFlowLogIAMRole6A475D41",
529
+ "Arn"
530
+ ]
531
+ },
532
+ "LogDestinationType": "cloud-watch-logs",
533
+ "LogGroupName": {
534
+ "Ref": "VpcFlowLogLogGroup7B5C56B9"
535
+ },
536
+ "ResourceId": {
537
+ "Ref": "Vpc8378EB38"
538
+ },
539
+ "ResourceType": "VPC",
540
+ "Tags": [
541
+ {
542
+ "Key": "Name",
543
+ "Value": "lamopn-existing-vpc/Vpc/FlowLog"
544
+ }
545
+ ],
546
+ "TrafficType": "ALL"
547
+ }
548
+ },
549
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
550
+ "Type": "AWS::IAM::Role",
551
+ "Properties": {
552
+ "AssumeRolePolicyDocument": {
553
+ "Version": "2012-10-17",
554
+ "Statement": [
555
+ {
556
+ "Action": "sts:AssumeRole",
557
+ "Effect": "Allow",
558
+ "Principal": {
559
+ "Service": "lambda.amazonaws.com"
560
+ }
561
+ }
562
+ ]
563
+ },
564
+ "ManagedPolicyArns": [
565
+ {
566
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
567
+ }
568
+ ],
569
+ "Policies": [
570
+ {
571
+ "PolicyName": "Inline",
572
+ "PolicyDocument": {
573
+ "Version": "2012-10-17",
574
+ "Statement": [
575
+ {
576
+ "Effect": "Allow",
577
+ "Action": [
578
+ "ec2:AuthorizeSecurityGroupIngress",
579
+ "ec2:AuthorizeSecurityGroupEgress",
580
+ "ec2:RevokeSecurityGroupIngress",
581
+ "ec2:RevokeSecurityGroupEgress"
582
+ ],
583
+ "Resource": [
584
+ {
585
+ "Fn::Join": [
586
+ "",
587
+ [
588
+ "arn:aws:ec2:us-east-1:",
589
+ {
590
+ "Ref": "AWS::AccountId"
591
+ },
592
+ ":security-group/",
593
+ {
594
+ "Fn::GetAtt": [
595
+ "Vpc8378EB38",
596
+ "DefaultSecurityGroup"
597
+ ]
598
+ }
599
+ ]
600
+ ]
601
+ }
602
+ ]
603
+ }
604
+ ]
605
+ }
606
+ }
607
+ ]
608
+ }
609
+ },
610
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
611
+ "Type": "AWS::Lambda::Function",
612
+ "Properties": {
613
+ "Code": {
614
+ "S3Bucket": {
615
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
616
+ },
617
+ "S3Key": "dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e.zip"
618
+ },
619
+ "Timeout": 900,
620
+ "MemorySize": 128,
621
+ "Handler": "__entrypoint__.handler",
622
+ "Role": {
623
+ "Fn::GetAtt": [
624
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
625
+ "Arn"
626
+ ]
627
+ },
628
+ "Runtime": "nodejs18.x",
629
+ "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
630
+ },
631
+ "DependsOn": [
632
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
633
+ ],
634
+ "Metadata": {
635
+ "cfn_nag": {
636
+ "rules_to_suppress": [
637
+ {
638
+ "id": "W58",
639
+ "reason": "CDK generated custom resource"
640
+ },
641
+ {
642
+ "id": "W89",
643
+ "reason": "CDK generated custom resource"
644
+ },
645
+ {
646
+ "id": "W92",
647
+ "reason": "CDK generated custom resource"
648
+ }
649
+ ]
650
+ }
651
+ }
652
+ },
653
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9": {
654
+ "Type": "AWS::IAM::Role",
655
+ "Properties": {
656
+ "AssumeRolePolicyDocument": {
657
+ "Statement": [
658
+ {
659
+ "Action": "sts:AssumeRole",
660
+ "Effect": "Allow",
661
+ "Principal": {
662
+ "Service": "lambda.amazonaws.com"
663
+ }
664
+ }
665
+ ],
666
+ "Version": "2012-10-17"
667
+ },
668
+ "Policies": [
669
+ {
670
+ "PolicyDocument": {
671
+ "Statement": [
672
+ {
673
+ "Action": [
674
+ "logs:CreateLogGroup",
675
+ "logs:CreateLogStream",
676
+ "logs:PutLogEvents"
677
+ ],
678
+ "Effect": "Allow",
679
+ "Resource": {
680
+ "Fn::Join": [
681
+ "",
682
+ [
683
+ "arn:",
684
+ {
685
+ "Ref": "AWS::Partition"
686
+ },
687
+ ":logs:",
688
+ {
689
+ "Ref": "AWS::Region"
690
+ },
691
+ ":",
692
+ {
693
+ "Ref": "AWS::AccountId"
694
+ },
695
+ ":log-group:/aws/lambda/*"
696
+ ]
697
+ ]
698
+ }
699
+ }
700
+ ],
701
+ "Version": "2012-10-17"
702
+ },
703
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
704
+ }
705
+ ]
706
+ }
707
+ },
708
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5": {
709
+ "Type": "AWS::IAM::Policy",
710
+ "Properties": {
711
+ "PolicyDocument": {
712
+ "Statement": [
713
+ {
714
+ "Action": [
715
+ "ec2:AssignPrivateIpAddresses",
716
+ "ec2:CreateNetworkInterface",
717
+ "ec2:DeleteNetworkInterface",
718
+ "ec2:DescribeNetworkInterfaces",
719
+ "ec2:UnassignPrivateIpAddresses",
720
+ "xray:PutTelemetryRecords",
721
+ "xray:PutTraceSegments"
722
+ ],
723
+ "Effect": "Allow",
724
+ "Resource": "*"
725
+ }
726
+ ],
727
+ "Version": "2012-10-17"
728
+ },
729
+ "PolicyName": "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5",
730
+ "Roles": [
731
+ {
732
+ "Ref": "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9"
733
+ }
734
+ ]
735
+ },
736
+ "Metadata": {
737
+ "cfn_nag": {
738
+ "rules_to_suppress": [
739
+ {
740
+ "id": "W12",
741
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
742
+ }
743
+ ]
744
+ }
745
+ }
746
+ },
747
+ "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92": {
748
+ "Type": "AWS::EC2::SecurityGroup",
749
+ "Properties": {
750
+ "GroupDescription": "lamopn-existing-vpc/test-lambda-elasticsearch-kibana4/ReplaceDefaultSecurityGroup-security-group",
751
+ "SecurityGroupEgress": [
752
+ {
753
+ "CidrIp": "0.0.0.0/0",
754
+ "Description": "Allow all outbound traffic by default",
755
+ "IpProtocol": "-1"
756
+ }
757
+ ],
758
+ "VpcId": {
759
+ "Ref": "Vpc8378EB38"
760
+ }
761
+ },
762
+ "Metadata": {
763
+ "cfn_nag": {
764
+ "rules_to_suppress": [
765
+ {
766
+ "id": "W5",
767
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
768
+ },
769
+ {
770
+ "id": "W40",
771
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
772
+ }
773
+ ]
774
+ }
775
+ }
776
+ },
777
+ "testlambdaelasticsearchkibana4LambdaFunction2C5856DF": {
778
+ "Type": "AWS::Lambda::Function",
779
+ "Properties": {
780
+ "Code": {
781
+ "S3Bucket": {
782
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1"
783
+ },
784
+ "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
785
+ },
786
+ "Environment": {
787
+ "Variables": {
788
+ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
789
+ "DOMAIN_ENDPOINT": {
790
+ "Fn::GetAtt": [
791
+ "testlambdaelasticsearchkibana4OpenSearchDomain94EAD3A3",
792
+ "DomainEndpoint"
793
+ ]
794
+ }
795
+ }
796
+ },
797
+ "Handler": "index.handler",
798
+ "Role": {
799
+ "Fn::GetAtt": [
800
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
801
+ "Arn"
802
+ ]
803
+ },
804
+ "Runtime": "nodejs16.x",
805
+ "TracingConfig": {
806
+ "Mode": "Active"
807
+ },
808
+ "VpcConfig": {
809
+ "SecurityGroupIds": [
810
+ {
811
+ "Fn::GetAtt": [
812
+ "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92",
813
+ "GroupId"
814
+ ]
815
+ }
816
+ ],
817
+ "SubnetIds": [
818
+ {
819
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
820
+ },
821
+ {
822
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
823
+ }
824
+ ]
825
+ }
826
+ },
827
+ "DependsOn": [
828
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5",
829
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
830
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
831
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
832
+ "VpcPrivateSubnet2DefaultRoute060D2087",
833
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56"
834
+ ],
835
+ "Metadata": {
836
+ "cfn_nag": {
837
+ "rules_to_suppress": [
838
+ {
839
+ "id": "W58",
840
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
841
+ },
842
+ {
843
+ "id": "W89",
844
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
845
+ },
846
+ {
847
+ "id": "W92",
848
+ "reason": "Impossible for us to define the correct concurrency for clients"
849
+ }
850
+ ]
851
+ }
852
+ }
853
+ },
854
+ "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1": {
855
+ "Type": "AWS::Cognito::UserPool",
856
+ "Properties": {
857
+ "AccountRecoverySetting": {
858
+ "RecoveryMechanisms": [
859
+ {
860
+ "Name": "verified_phone_number",
861
+ "Priority": 1
862
+ },
863
+ {
864
+ "Name": "verified_email",
865
+ "Priority": 2
866
+ }
867
+ ]
868
+ },
869
+ "AdminCreateUserConfig": {
870
+ "AllowAdminCreateUserOnly": true
871
+ },
872
+ "EmailVerificationMessage": "The verification code to your new account is {####}",
873
+ "EmailVerificationSubject": "Verify your new account",
874
+ "SmsVerificationMessage": "The verification code to your new account is {####}",
875
+ "UserPoolAddOns": {
876
+ "AdvancedSecurityMode": "ENFORCED"
877
+ },
878
+ "VerificationMessageTemplate": {
879
+ "DefaultEmailOption": "CONFIRM_WITH_CODE",
880
+ "EmailMessage": "The verification code to your new account is {####}",
881
+ "EmailSubject": "Verify your new account",
882
+ "SmsMessage": "The verification code to your new account is {####}"
883
+ }
884
+ },
885
+ "UpdateReplacePolicy": "Retain",
886
+ "DeletionPolicy": "Retain"
887
+ },
888
+ "testlambdaelasticsearchkibana4CognitoUserPoolClientABBF34C4": {
889
+ "Type": "AWS::Cognito::UserPoolClient",
890
+ "Properties": {
891
+ "AllowedOAuthFlows": [
892
+ "implicit",
893
+ "code"
894
+ ],
895
+ "AllowedOAuthFlowsUserPoolClient": true,
896
+ "AllowedOAuthScopes": [
897
+ "profile",
898
+ "phone",
899
+ "email",
900
+ "openid",
901
+ "aws.cognito.signin.user.admin"
902
+ ],
903
+ "CallbackURLs": [
904
+ "https://example.com"
905
+ ],
906
+ "SupportedIdentityProviders": [
907
+ "COGNITO"
908
+ ],
909
+ "UserPoolId": {
910
+ "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
911
+ }
912
+ }
913
+ },
914
+ "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793": {
915
+ "Type": "AWS::Cognito::IdentityPool",
916
+ "Properties": {
917
+ "AllowUnauthenticatedIdentities": false,
918
+ "CognitoIdentityProviders": [
919
+ {
920
+ "ClientId": {
921
+ "Ref": "testlambdaelasticsearchkibana4CognitoUserPoolClientABBF34C4"
922
+ },
923
+ "ProviderName": {
924
+ "Fn::GetAtt": [
925
+ "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1",
926
+ "ProviderName"
927
+ ]
928
+ },
929
+ "ServerSideTokenCheck": true
930
+ }
931
+ ]
932
+ }
933
+ },
934
+ "testlambdaelasticsearchkibana4UserPoolDomain4CAAF2F6": {
935
+ "Type": "AWS::Cognito::UserPoolDomain",
936
+ "Properties": {
937
+ "Domain": {
938
+ "Fn::Join": [
939
+ "-",
940
+ [
941
+ "dmn",
942
+ {
943
+ "Fn::Select": [
944
+ 4,
945
+ {
946
+ "Fn::Split": [
947
+ "-",
948
+ {
949
+ "Fn::Select": [
950
+ 2,
951
+ {
952
+ "Fn::Split": [
953
+ "/",
954
+ {
955
+ "Ref": "AWS::StackId"
956
+ }
957
+ ]
958
+ }
959
+ ]
960
+ }
961
+ ]
962
+ }
963
+ ]
964
+ }
965
+ ]
966
+ ]
967
+ },
968
+ "UserPoolId": {
969
+ "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
970
+ }
971
+ },
972
+ "DependsOn": [
973
+ "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
974
+ ]
975
+ },
976
+ "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392": {
977
+ "Type": "AWS::IAM::Role",
978
+ "Properties": {
979
+ "AssumeRolePolicyDocument": {
980
+ "Statement": [
981
+ {
982
+ "Action": "sts:AssumeRoleWithWebIdentity",
983
+ "Condition": {
984
+ "StringEquals": {
985
+ "cognito-identity.amazonaws.com:aud": {
986
+ "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
987
+ }
988
+ },
989
+ "ForAnyValue:StringLike": {
990
+ "cognito-identity.amazonaws.com:amr": "authenticated"
991
+ }
992
+ },
993
+ "Effect": "Allow",
994
+ "Principal": {
995
+ "Federated": "cognito-identity.amazonaws.com"
996
+ }
997
+ }
998
+ ],
999
+ "Version": "2012-10-17"
1000
+ },
1001
+ "Policies": [
1002
+ {
1003
+ "PolicyDocument": {
1004
+ "Statement": [
1005
+ {
1006
+ "Action": "es:ESHttp*",
1007
+ "Effect": "Allow",
1008
+ "Resource": {
1009
+ "Fn::Join": [
1010
+ "",
1011
+ [
1012
+ "arn:",
1013
+ {
1014
+ "Ref": "AWS::Partition"
1015
+ },
1016
+ ":es:",
1017
+ {
1018
+ "Ref": "AWS::Region"
1019
+ },
1020
+ ":",
1021
+ {
1022
+ "Ref": "AWS::AccountId"
1023
+ },
1024
+ ":domain/",
1025
+ {
1026
+ "Fn::Join": [
1027
+ "-",
1028
+ [
1029
+ "dmn",
1030
+ {
1031
+ "Fn::Select": [
1032
+ 4,
1033
+ {
1034
+ "Fn::Split": [
1035
+ "-",
1036
+ {
1037
+ "Fn::Select": [
1038
+ 2,
1039
+ {
1040
+ "Fn::Split": [
1041
+ "/",
1042
+ {
1043
+ "Ref": "AWS::StackId"
1044
+ }
1045
+ ]
1046
+ }
1047
+ ]
1048
+ }
1049
+ ]
1050
+ }
1051
+ ]
1052
+ }
1053
+ ]
1054
+ ]
1055
+ },
1056
+ "/*"
1057
+ ]
1058
+ ]
1059
+ }
1060
+ }
1061
+ ],
1062
+ "Version": "2012-10-17"
1063
+ },
1064
+ "PolicyName": "CognitoAccessPolicy"
1065
+ }
1066
+ ]
1067
+ }
1068
+ },
1069
+ "testlambdaelasticsearchkibana4IdentityPoolRoleMapping9378D177": {
1070
+ "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
1071
+ "Properties": {
1072
+ "IdentityPoolId": {
1073
+ "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
1074
+ },
1075
+ "Roles": {
1076
+ "authenticated": {
1077
+ "Fn::GetAtt": [
1078
+ "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392",
1079
+ "Arn"
1080
+ ]
1081
+ }
1082
+ }
1083
+ }
1084
+ },
1085
+ "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C": {
1086
+ "Type": "AWS::IAM::Role",
1087
+ "Properties": {
1088
+ "AssumeRolePolicyDocument": {
1089
+ "Statement": [
1090
+ {
1091
+ "Action": "sts:AssumeRole",
1092
+ "Effect": "Allow",
1093
+ "Principal": {
1094
+ "Service": "es.amazonaws.com"
1095
+ }
1096
+ }
1097
+ ],
1098
+ "Version": "2012-10-17"
1099
+ }
1100
+ }
1101
+ },
1102
+ "testlambdaelasticsearchkibana4CognitoDashboardConfigureRolePolicy1D82A101": {
1103
+ "Type": "AWS::IAM::Policy",
1104
+ "Properties": {
1105
+ "PolicyDocument": {
1106
+ "Statement": [
1107
+ {
1108
+ "Action": [
1109
+ "cognito-identity:DescribeIdentityPool",
1110
+ "cognito-identity:GetIdentityPoolRoles",
1111
+ "cognito-identity:SetIdentityPoolRoles",
1112
+ "cognito-identity:UpdateIdentityPool",
1113
+ "cognito-idp:AdminInitiateAuth",
1114
+ "cognito-idp:AdminUserGlobalSignOut",
1115
+ "cognito-idp:CreateUserPoolClient",
1116
+ "cognito-idp:DeleteUserPoolClient",
1117
+ "cognito-idp:DescribeUserPool",
1118
+ "cognito-idp:DescribeUserPoolClient",
1119
+ "cognito-idp:ListUserPoolClients",
1120
+ "es:UpdateDomainConfig"
1121
+ ],
1122
+ "Effect": "Allow",
1123
+ "Resource": [
1124
+ {
1125
+ "Fn::GetAtt": [
1126
+ "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1",
1127
+ "Arn"
1128
+ ]
1129
+ },
1130
+ {
1131
+ "Fn::Join": [
1132
+ "",
1133
+ [
1134
+ "arn:",
1135
+ {
1136
+ "Ref": "AWS::Partition"
1137
+ },
1138
+ ":cognito-identity:",
1139
+ {
1140
+ "Ref": "AWS::Region"
1141
+ },
1142
+ ":",
1143
+ {
1144
+ "Ref": "AWS::AccountId"
1145
+ },
1146
+ ":identitypool/",
1147
+ {
1148
+ "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
1149
+ }
1150
+ ]
1151
+ ]
1152
+ },
1153
+ {
1154
+ "Fn::Join": [
1155
+ "",
1156
+ [
1157
+ "arn:",
1158
+ {
1159
+ "Ref": "AWS::Partition"
1160
+ },
1161
+ ":es:",
1162
+ {
1163
+ "Ref": "AWS::Region"
1164
+ },
1165
+ ":",
1166
+ {
1167
+ "Ref": "AWS::AccountId"
1168
+ },
1169
+ ":domain/",
1170
+ {
1171
+ "Fn::Join": [
1172
+ "-",
1173
+ [
1174
+ "dmn",
1175
+ {
1176
+ "Fn::Select": [
1177
+ 4,
1178
+ {
1179
+ "Fn::Split": [
1180
+ "-",
1181
+ {
1182
+ "Fn::Select": [
1183
+ 2,
1184
+ {
1185
+ "Fn::Split": [
1186
+ "/",
1187
+ {
1188
+ "Ref": "AWS::StackId"
1189
+ }
1190
+ ]
1191
+ }
1192
+ ]
1193
+ }
1194
+ ]
1195
+ }
1196
+ ]
1197
+ }
1198
+ ]
1199
+ ]
1200
+ }
1201
+ ]
1202
+ ]
1203
+ }
1204
+ ]
1205
+ },
1206
+ {
1207
+ "Action": "iam:PassRole",
1208
+ "Condition": {
1209
+ "StringLike": {
1210
+ "iam:PassedToService": "cognito-identity.amazonaws.com"
1211
+ }
1212
+ },
1213
+ "Effect": "Allow",
1214
+ "Resource": {
1215
+ "Fn::GetAtt": [
1216
+ "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C",
1217
+ "Arn"
1218
+ ]
1219
+ }
1220
+ }
1221
+ ],
1222
+ "Version": "2012-10-17"
1223
+ },
1224
+ "PolicyName": "testlambdaelasticsearchkibana4CognitoDashboardConfigureRolePolicy1D82A101",
1225
+ "Roles": [
1226
+ {
1227
+ "Ref": "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C"
1228
+ }
1229
+ ]
1230
+ }
1231
+ },
1232
+ "testlambdaelasticsearchkibana4OpenSearchDomain94EAD3A3": {
1233
+ "Type": "AWS::OpenSearchService::Domain",
1234
+ "Properties": {
1235
+ "AccessPolicies": {
1236
+ "Statement": [
1237
+ {
1238
+ "Action": "es:ESHttp*",
1239
+ "Effect": "Allow",
1240
+ "Principal": {
1241
+ "AWS": [
1242
+ {
1243
+ "Fn::GetAtt": [
1244
+ "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392",
1245
+ "Arn"
1246
+ ]
1247
+ },
1248
+ {
1249
+ "Fn::GetAtt": [
1250
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
1251
+ "Arn"
1252
+ ]
1253
+ }
1254
+ ]
1255
+ },
1256
+ "Resource": {
1257
+ "Fn::Join": [
1258
+ "",
1259
+ [
1260
+ "arn:",
1261
+ {
1262
+ "Ref": "AWS::Partition"
1263
+ },
1264
+ ":es:",
1265
+ {
1266
+ "Ref": "AWS::Region"
1267
+ },
1268
+ ":",
1269
+ {
1270
+ "Ref": "AWS::AccountId"
1271
+ },
1272
+ ":domain/",
1273
+ {
1274
+ "Fn::Join": [
1275
+ "-",
1276
+ [
1277
+ "dmn",
1278
+ {
1279
+ "Fn::Select": [
1280
+ 4,
1281
+ {
1282
+ "Fn::Split": [
1283
+ "-",
1284
+ {
1285
+ "Fn::Select": [
1286
+ 2,
1287
+ {
1288
+ "Fn::Split": [
1289
+ "/",
1290
+ {
1291
+ "Ref": "AWS::StackId"
1292
+ }
1293
+ ]
1294
+ }
1295
+ ]
1296
+ }
1297
+ ]
1298
+ }
1299
+ ]
1300
+ }
1301
+ ]
1302
+ ]
1303
+ },
1304
+ "/*"
1305
+ ]
1306
+ ]
1307
+ }
1308
+ }
1309
+ ],
1310
+ "Version": "2012-10-17"
1311
+ },
1312
+ "ClusterConfig": {
1313
+ "DedicatedMasterCount": 3,
1314
+ "DedicatedMasterEnabled": true,
1315
+ "InstanceCount": 2,
1316
+ "ZoneAwarenessConfig": {
1317
+ "AvailabilityZoneCount": 2
1318
+ },
1319
+ "ZoneAwarenessEnabled": true
1320
+ },
1321
+ "CognitoOptions": {
1322
+ "Enabled": true,
1323
+ "IdentityPoolId": {
1324
+ "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
1325
+ },
1326
+ "RoleArn": {
1327
+ "Fn::GetAtt": [
1328
+ "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C",
1329
+ "Arn"
1330
+ ]
1331
+ },
1332
+ "UserPoolId": {
1333
+ "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
1334
+ }
1335
+ },
1336
+ "DomainEndpointOptions": {
1337
+ "EnforceHTTPS": true,
1338
+ "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07"
1339
+ },
1340
+ "DomainName": {
1341
+ "Fn::Join": [
1342
+ "-",
1343
+ [
1344
+ "dmn",
1345
+ {
1346
+ "Fn::Select": [
1347
+ 4,
1348
+ {
1349
+ "Fn::Split": [
1350
+ "-",
1351
+ {
1352
+ "Fn::Select": [
1353
+ 2,
1354
+ {
1355
+ "Fn::Split": [
1356
+ "/",
1357
+ {
1358
+ "Ref": "AWS::StackId"
1359
+ }
1360
+ ]
1361
+ }
1362
+ ]
1363
+ }
1364
+ ]
1365
+ }
1366
+ ]
1367
+ }
1368
+ ]
1369
+ ]
1370
+ },
1371
+ "EBSOptions": {
1372
+ "EBSEnabled": true,
1373
+ "VolumeSize": 10
1374
+ },
1375
+ "EncryptionAtRestOptions": {
1376
+ "Enabled": true
1377
+ },
1378
+ "EngineVersion": "OpenSearch_1.3",
1379
+ "NodeToNodeEncryptionOptions": {
1380
+ "Enabled": true
1381
+ },
1382
+ "SnapshotOptions": {
1383
+ "AutomatedSnapshotStartHour": 1
1384
+ },
1385
+ "VPCOptions": {
1386
+ "SecurityGroupIds": [
1387
+ {
1388
+ "Fn::GetAtt": [
1389
+ "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92",
1390
+ "GroupId"
1391
+ ]
1392
+ }
1393
+ ],
1394
+ "SubnetIds": [
1395
+ {
1396
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
1397
+ },
1398
+ {
1399
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
1400
+ }
1401
+ ]
1402
+ }
1403
+ },
1404
+ "Metadata": {
1405
+ "cfn_nag": {
1406
+ "rules_to_suppress": [
1407
+ {
1408
+ "id": "W28",
1409
+ "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
1410
+ },
1411
+ {
1412
+ "id": "W90",
1413
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
1414
+ }
1415
+ ]
1416
+ }
1417
+ }
1418
+ },
1419
+ "testlambdaelasticsearchkibana4StatusRedAlarm56DEE5C7": {
1420
+ "Type": "AWS::CloudWatch::Alarm",
1421
+ "Properties": {
1422
+ "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
1423
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1424
+ "EvaluationPeriods": 1,
1425
+ "MetricName": "ClusterStatus.red",
1426
+ "Namespace": "AWS/ES",
1427
+ "Period": 60,
1428
+ "Statistic": "Maximum",
1429
+ "Threshold": 1
1430
+ }
1431
+ },
1432
+ "testlambdaelasticsearchkibana4StatusYellowAlarm810B4F9E": {
1433
+ "Type": "AWS::CloudWatch::Alarm",
1434
+ "Properties": {
1435
+ "AlarmDescription": "At least one replica shard is not allocated to a node.",
1436
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1437
+ "EvaluationPeriods": 1,
1438
+ "MetricName": "ClusterStatus.yellow",
1439
+ "Namespace": "AWS/ES",
1440
+ "Period": 60,
1441
+ "Statistic": "Maximum",
1442
+ "Threshold": 1
1443
+ }
1444
+ },
1445
+ "testlambdaelasticsearchkibana4FreeStorageSpaceTooLowAlarmF3FB31EA": {
1446
+ "Type": "AWS::CloudWatch::Alarm",
1447
+ "Properties": {
1448
+ "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
1449
+ "ComparisonOperator": "LessThanOrEqualToThreshold",
1450
+ "EvaluationPeriods": 1,
1451
+ "MetricName": "FreeStorageSpace",
1452
+ "Namespace": "AWS/ES",
1453
+ "Period": 60,
1454
+ "Statistic": "Minimum",
1455
+ "Threshold": 20000
1456
+ }
1457
+ },
1458
+ "testlambdaelasticsearchkibana4IndexWritesBlockedTooHighAlarmF2968C92": {
1459
+ "Type": "AWS::CloudWatch::Alarm",
1460
+ "Properties": {
1461
+ "AlarmDescription": "Your cluster is blocking write requests.",
1462
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1463
+ "EvaluationPeriods": 1,
1464
+ "MetricName": "ClusterIndexWritesBlocked",
1465
+ "Namespace": "AWS/ES",
1466
+ "Period": 300,
1467
+ "Statistic": "Maximum",
1468
+ "Threshold": 1
1469
+ }
1470
+ },
1471
+ "testlambdaelasticsearchkibana4AutomatedSnapshotFailureTooHighAlarm53EB1ABB": {
1472
+ "Type": "AWS::CloudWatch::Alarm",
1473
+ "Properties": {
1474
+ "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
1475
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1476
+ "EvaluationPeriods": 1,
1477
+ "MetricName": "AutomatedSnapshotFailure",
1478
+ "Namespace": "AWS/ES",
1479
+ "Period": 60,
1480
+ "Statistic": "Maximum",
1481
+ "Threshold": 1
1482
+ }
1483
+ },
1484
+ "testlambdaelasticsearchkibana4CPUUtilizationTooHighAlarm29B67D10": {
1485
+ "Type": "AWS::CloudWatch::Alarm",
1486
+ "Properties": {
1487
+ "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
1488
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1489
+ "EvaluationPeriods": 3,
1490
+ "MetricName": "CPUUtilization",
1491
+ "Namespace": "AWS/ES",
1492
+ "Period": 900,
1493
+ "Statistic": "Average",
1494
+ "Threshold": 80
1495
+ }
1496
+ },
1497
+ "testlambdaelasticsearchkibana4JVMMemoryPressureTooHighAlarm9DDED711": {
1498
+ "Type": "AWS::CloudWatch::Alarm",
1499
+ "Properties": {
1500
+ "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
1501
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1502
+ "EvaluationPeriods": 1,
1503
+ "MetricName": "JVMMemoryPressure",
1504
+ "Namespace": "AWS/ES",
1505
+ "Period": 900,
1506
+ "Statistic": "Average",
1507
+ "Threshold": 80
1508
+ }
1509
+ },
1510
+ "testlambdaelasticsearchkibana4MasterCPUUtilizationTooHighAlarmE66867F2": {
1511
+ "Type": "AWS::CloudWatch::Alarm",
1512
+ "Properties": {
1513
+ "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
1514
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1515
+ "EvaluationPeriods": 3,
1516
+ "MetricName": "MasterCPUUtilization",
1517
+ "Namespace": "AWS/ES",
1518
+ "Period": 900,
1519
+ "Statistic": "Average",
1520
+ "Threshold": 50
1521
+ }
1522
+ },
1523
+ "testlambdaelasticsearchkibana4MasterJVMMemoryPressureTooHighAlarm83E1822E": {
1524
+ "Type": "AWS::CloudWatch::Alarm",
1525
+ "Properties": {
1526
+ "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
1527
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1528
+ "EvaluationPeriods": 1,
1529
+ "MetricName": "MasterJVMMemoryPressure",
1530
+ "Namespace": "AWS/ES",
1531
+ "Period": 900,
1532
+ "Statistic": "Average",
1533
+ "Threshold": 50
1534
+ }
1535
+ }
1536
+ },
1537
+ "Parameters": {
1538
+ "BootstrapVersion": {
1539
+ "Type": "AWS::SSM::Parameter::Value<String>",
1540
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1541
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1542
+ }
1543
+ },
1544
+ "Rules": {
1545
+ "CheckBootstrapVersion": {
1546
+ "Assertions": [
1547
+ {
1548
+ "Assert": {
1549
+ "Fn::Not": [
1550
+ {
1551
+ "Fn::Contains": [
1552
+ [
1553
+ "1",
1554
+ "2",
1555
+ "3",
1556
+ "4",
1557
+ "5"
1558
+ ],
1559
+ {
1560
+ "Ref": "BootstrapVersion"
1561
+ }
1562
+ ]
1563
+ }
1564
+ ]
1565
+ },
1566
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1567
+ }
1568
+ ]
1569
+ }
1570
+ }
1571
+ }