@aws-solutions-constructs/aws-lambda-opensearch 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +9 -8
  6. package/test/integ.lamopn-cluster-config.js +6 -2
  7. package/test/integ.lamopn-cluster-config.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  8. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  9. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  10. package/test/integ.lamopn-cluster-config.js.snapshot/cdk.out +1 -0
  11. package/test/integ.lamopn-cluster-config.js.snapshot/integ.json +12 -0
  12. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.assets.json +45 -0
  13. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.template.json +1295 -0
  14. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.assets.json +19 -0
  15. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.template.json +36 -0
  16. package/test/integ.lamopn-cluster-config.js.snapshot/manifest.json +323 -0
  17. package/test/integ.lamopn-cluster-config.js.snapshot/tree.json +1795 -0
  18. package/test/integ.lamopn-disabled-zone-awareness.js +6 -2
  19. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  20. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  21. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  22. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/cdk.out +1 -0
  23. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/integ.json +12 -0
  24. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.assets.json +45 -0
  25. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.template.json +1228 -0
  26. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.assets.json +19 -0
  27. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.template.json +36 -0
  28. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/manifest.json +305 -0
  29. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/tree.json +1687 -0
  30. package/test/integ.lamopn-domain-arguments.js +5 -2
  31. package/test/integ.lamopn-domain-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  32. package/test/integ.lamopn-domain-arguments.js.snapshot/cdk.out +1 -0
  33. package/test/integ.lamopn-domain-arguments.js.snapshot/integ.json +12 -0
  34. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.assets.json +32 -0
  35. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.template.json +846 -0
  36. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.assets.json +19 -0
  37. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.template.json +36 -0
  38. package/test/integ.lamopn-domain-arguments.js.snapshot/manifest.json +233 -0
  39. package/test/integ.lamopn-domain-arguments.js.snapshot/tree.json +1256 -0
  40. package/test/integ.lamopn-existing-vpc.js +12 -6
  41. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  42. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  43. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  44. package/test/integ.lamopn-existing-vpc.js.snapshot/cdk.out +1 -0
  45. package/test/integ.lamopn-existing-vpc.js.snapshot/integ.json +12 -0
  46. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.assets.json +48 -0
  47. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.template.json +1571 -0
  48. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.assets.json +19 -0
  49. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.template.json +36 -0
  50. package/test/integ.lamopn-existing-vpc.js.snapshot/manifest.json +419 -0
  51. package/test/integ.lamopn-existing-vpc.js.snapshot/tree.json +2207 -0
  52. package/test/integ.lamopn-no-arguments.js +5 -2
  53. package/test/integ.lamopn-no-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  54. package/test/integ.lamopn-no-arguments.js.snapshot/cdk.out +1 -0
  55. package/test/integ.lamopn-no-arguments.js.snapshot/integ.json +12 -0
  56. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.assets.json +32 -0
  57. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.template.json +846 -0
  58. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.assets.json +19 -0
  59. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.template.json +36 -0
  60. package/test/integ.lamopn-no-arguments.js.snapshot/manifest.json +233 -0
  61. package/test/integ.lamopn-no-arguments.js.snapshot/tree.json +1256 -0
  62. package/test/integ.lamopn-vpc-props.js +12 -6
  63. package/test/integ.lamopn-vpc-props.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  64. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  65. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  66. package/test/integ.lamopn-vpc-props.js.snapshot/cdk.out +1 -0
  67. package/test/integ.lamopn-vpc-props.js.snapshot/integ.json +12 -0
  68. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.assets.json +48 -0
  69. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.template.json +1287 -0
  70. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.assets.json +19 -0
  71. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.template.json +36 -0
  72. package/test/integ.lamopn-vpc-props.js.snapshot/manifest.json +323 -0
  73. package/test/integ.lamopn-vpc-props.js.snapshot/tree.json +1795 -0
  74. package/test/integ.lamopn-cluster-config.expected.json +0 -1153
  75. package/test/integ.lamopn-disabled-zone-awareness.expected.json +0 -1093
  76. package/test/integ.lamopn-domain-arguments.expected.json +0 -846
  77. package/test/integ.lamopn-existing-vpc.expected.json +0 -1602
  78. package/test/integ.lamopn-no-arguments.expected.json +0 -846
  79. package/test/integ.lamopn-vpc-props.expected.json +0 -1208
@@ -0,0 +1,1228 @@
1
+ {
2
+ "Resources": {
3
+ "testlambdaopensearchLambdaFunctionServiceRole4722AB8A": {
4
+ "Type": "AWS::IAM::Role",
5
+ "Properties": {
6
+ "AssumeRolePolicyDocument": {
7
+ "Statement": [
8
+ {
9
+ "Action": "sts:AssumeRole",
10
+ "Effect": "Allow",
11
+ "Principal": {
12
+ "Service": "lambda.amazonaws.com"
13
+ }
14
+ }
15
+ ],
16
+ "Version": "2012-10-17"
17
+ },
18
+ "Policies": [
19
+ {
20
+ "PolicyDocument": {
21
+ "Statement": [
22
+ {
23
+ "Action": [
24
+ "logs:CreateLogGroup",
25
+ "logs:CreateLogStream",
26
+ "logs:PutLogEvents"
27
+ ],
28
+ "Effect": "Allow",
29
+ "Resource": {
30
+ "Fn::Join": [
31
+ "",
32
+ [
33
+ "arn:",
34
+ {
35
+ "Ref": "AWS::Partition"
36
+ },
37
+ ":logs:",
38
+ {
39
+ "Ref": "AWS::Region"
40
+ },
41
+ ":",
42
+ {
43
+ "Ref": "AWS::AccountId"
44
+ },
45
+ ":log-group:/aws/lambda/*"
46
+ ]
47
+ ]
48
+ }
49
+ }
50
+ ],
51
+ "Version": "2012-10-17"
52
+ },
53
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
54
+ }
55
+ ]
56
+ }
57
+ },
58
+ "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359": {
59
+ "Type": "AWS::IAM::Policy",
60
+ "Properties": {
61
+ "PolicyDocument": {
62
+ "Statement": [
63
+ {
64
+ "Action": [
65
+ "ec2:AssignPrivateIpAddresses",
66
+ "ec2:CreateNetworkInterface",
67
+ "ec2:DeleteNetworkInterface",
68
+ "ec2:DescribeNetworkInterfaces",
69
+ "ec2:UnassignPrivateIpAddresses",
70
+ "xray:PutTelemetryRecords",
71
+ "xray:PutTraceSegments"
72
+ ],
73
+ "Effect": "Allow",
74
+ "Resource": "*"
75
+ }
76
+ ],
77
+ "Version": "2012-10-17"
78
+ },
79
+ "PolicyName": "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
80
+ "Roles": [
81
+ {
82
+ "Ref": "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
83
+ }
84
+ ]
85
+ },
86
+ "Metadata": {
87
+ "cfn_nag": {
88
+ "rules_to_suppress": [
89
+ {
90
+ "id": "W12",
91
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
92
+ }
93
+ ]
94
+ }
95
+ }
96
+ },
97
+ "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC": {
98
+ "Type": "AWS::EC2::SecurityGroup",
99
+ "Properties": {
100
+ "GroupDescription": "lamopn-disabled-zone-awareness/test-lambda-opensearch/ReplaceDefaultSecurityGroup-security-group",
101
+ "SecurityGroupEgress": [
102
+ {
103
+ "CidrIp": "0.0.0.0/0",
104
+ "Description": "Allow all outbound traffic by default",
105
+ "IpProtocol": "-1"
106
+ }
107
+ ],
108
+ "VpcId": {
109
+ "Ref": "Vpc8378EB38"
110
+ }
111
+ },
112
+ "Metadata": {
113
+ "cfn_nag": {
114
+ "rules_to_suppress": [
115
+ {
116
+ "id": "W5",
117
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
118
+ },
119
+ {
120
+ "id": "W40",
121
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
122
+ }
123
+ ]
124
+ }
125
+ }
126
+ },
127
+ "testlambdaopensearchLambdaFunction93FD38F7": {
128
+ "Type": "AWS::Lambda::Function",
129
+ "Properties": {
130
+ "Code": {
131
+ "S3Bucket": {
132
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
133
+ },
134
+ "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
135
+ },
136
+ "Environment": {
137
+ "Variables": {
138
+ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
139
+ "DOMAIN_ENDPOINT": {
140
+ "Fn::GetAtt": [
141
+ "testlambdaopensearchOpenSearchDomainF9CCC3D3",
142
+ "DomainEndpoint"
143
+ ]
144
+ }
145
+ }
146
+ },
147
+ "Handler": "index.handler",
148
+ "Role": {
149
+ "Fn::GetAtt": [
150
+ "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
151
+ "Arn"
152
+ ]
153
+ },
154
+ "Runtime": "nodejs16.x",
155
+ "TracingConfig": {
156
+ "Mode": "Active"
157
+ },
158
+ "VpcConfig": {
159
+ "SecurityGroupIds": [
160
+ {
161
+ "Fn::GetAtt": [
162
+ "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
163
+ "GroupId"
164
+ ]
165
+ }
166
+ ],
167
+ "SubnetIds": [
168
+ {
169
+ "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
170
+ }
171
+ ]
172
+ }
173
+ },
174
+ "DependsOn": [
175
+ "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
176
+ "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
177
+ "VpcisolatedSubnet1RouteTableAssociationD259E31A"
178
+ ],
179
+ "Metadata": {
180
+ "cfn_nag": {
181
+ "rules_to_suppress": [
182
+ {
183
+ "id": "W58",
184
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
185
+ },
186
+ {
187
+ "id": "W89",
188
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
189
+ },
190
+ {
191
+ "id": "W92",
192
+ "reason": "Impossible for us to define the correct concurrency for clients"
193
+ }
194
+ ]
195
+ }
196
+ }
197
+ },
198
+ "testlambdaopensearchCognitoUserPoolA09096F9": {
199
+ "Type": "AWS::Cognito::UserPool",
200
+ "Properties": {
201
+ "AccountRecoverySetting": {
202
+ "RecoveryMechanisms": [
203
+ {
204
+ "Name": "verified_phone_number",
205
+ "Priority": 1
206
+ },
207
+ {
208
+ "Name": "verified_email",
209
+ "Priority": 2
210
+ }
211
+ ]
212
+ },
213
+ "AdminCreateUserConfig": {
214
+ "AllowAdminCreateUserOnly": true
215
+ },
216
+ "EmailVerificationMessage": "The verification code to your new account is {####}",
217
+ "EmailVerificationSubject": "Verify your new account",
218
+ "SmsVerificationMessage": "The verification code to your new account is {####}",
219
+ "UserPoolAddOns": {
220
+ "AdvancedSecurityMode": "ENFORCED"
221
+ },
222
+ "VerificationMessageTemplate": {
223
+ "DefaultEmailOption": "CONFIRM_WITH_CODE",
224
+ "EmailMessage": "The verification code to your new account is {####}",
225
+ "EmailSubject": "Verify your new account",
226
+ "SmsMessage": "The verification code to your new account is {####}"
227
+ }
228
+ },
229
+ "UpdateReplacePolicy": "Retain",
230
+ "DeletionPolicy": "Retain"
231
+ },
232
+ "testlambdaopensearchCognitoUserPoolClient39C21D94": {
233
+ "Type": "AWS::Cognito::UserPoolClient",
234
+ "Properties": {
235
+ "AllowedOAuthFlows": [
236
+ "implicit",
237
+ "code"
238
+ ],
239
+ "AllowedOAuthFlowsUserPoolClient": true,
240
+ "AllowedOAuthScopes": [
241
+ "profile",
242
+ "phone",
243
+ "email",
244
+ "openid",
245
+ "aws.cognito.signin.user.admin"
246
+ ],
247
+ "CallbackURLs": [
248
+ "https://example.com"
249
+ ],
250
+ "SupportedIdentityProviders": [
251
+ "COGNITO"
252
+ ],
253
+ "UserPoolId": {
254
+ "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
255
+ }
256
+ }
257
+ },
258
+ "testlambdaopensearchCognitoIdentityPool0B1FB311": {
259
+ "Type": "AWS::Cognito::IdentityPool",
260
+ "Properties": {
261
+ "AllowUnauthenticatedIdentities": false,
262
+ "CognitoIdentityProviders": [
263
+ {
264
+ "ClientId": {
265
+ "Ref": "testlambdaopensearchCognitoUserPoolClient39C21D94"
266
+ },
267
+ "ProviderName": {
268
+ "Fn::GetAtt": [
269
+ "testlambdaopensearchCognitoUserPoolA09096F9",
270
+ "ProviderName"
271
+ ]
272
+ },
273
+ "ServerSideTokenCheck": true
274
+ }
275
+ ]
276
+ }
277
+ },
278
+ "testlambdaopensearchUserPoolDomain98864920": {
279
+ "Type": "AWS::Cognito::UserPoolDomain",
280
+ "Properties": {
281
+ "Domain": {
282
+ "Fn::Join": [
283
+ "-",
284
+ [
285
+ "dmn",
286
+ {
287
+ "Fn::Select": [
288
+ 4,
289
+ {
290
+ "Fn::Split": [
291
+ "-",
292
+ {
293
+ "Fn::Select": [
294
+ 2,
295
+ {
296
+ "Fn::Split": [
297
+ "/",
298
+ {
299
+ "Ref": "AWS::StackId"
300
+ }
301
+ ]
302
+ }
303
+ ]
304
+ }
305
+ ]
306
+ }
307
+ ]
308
+ }
309
+ ]
310
+ ]
311
+ },
312
+ "UserPoolId": {
313
+ "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
314
+ }
315
+ },
316
+ "DependsOn": [
317
+ "testlambdaopensearchCognitoUserPoolA09096F9"
318
+ ]
319
+ },
320
+ "testlambdaopensearchCognitoAuthorizedRole58A1ED44": {
321
+ "Type": "AWS::IAM::Role",
322
+ "Properties": {
323
+ "AssumeRolePolicyDocument": {
324
+ "Statement": [
325
+ {
326
+ "Action": "sts:AssumeRoleWithWebIdentity",
327
+ "Condition": {
328
+ "StringEquals": {
329
+ "cognito-identity.amazonaws.com:aud": {
330
+ "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
331
+ }
332
+ },
333
+ "ForAnyValue:StringLike": {
334
+ "cognito-identity.amazonaws.com:amr": "authenticated"
335
+ }
336
+ },
337
+ "Effect": "Allow",
338
+ "Principal": {
339
+ "Federated": "cognito-identity.amazonaws.com"
340
+ }
341
+ }
342
+ ],
343
+ "Version": "2012-10-17"
344
+ },
345
+ "Policies": [
346
+ {
347
+ "PolicyDocument": {
348
+ "Statement": [
349
+ {
350
+ "Action": "es:ESHttp*",
351
+ "Effect": "Allow",
352
+ "Resource": {
353
+ "Fn::Join": [
354
+ "",
355
+ [
356
+ "arn:",
357
+ {
358
+ "Ref": "AWS::Partition"
359
+ },
360
+ ":es:",
361
+ {
362
+ "Ref": "AWS::Region"
363
+ },
364
+ ":",
365
+ {
366
+ "Ref": "AWS::AccountId"
367
+ },
368
+ ":domain/",
369
+ {
370
+ "Fn::Join": [
371
+ "-",
372
+ [
373
+ "dmn",
374
+ {
375
+ "Fn::Select": [
376
+ 4,
377
+ {
378
+ "Fn::Split": [
379
+ "-",
380
+ {
381
+ "Fn::Select": [
382
+ 2,
383
+ {
384
+ "Fn::Split": [
385
+ "/",
386
+ {
387
+ "Ref": "AWS::StackId"
388
+ }
389
+ ]
390
+ }
391
+ ]
392
+ }
393
+ ]
394
+ }
395
+ ]
396
+ }
397
+ ]
398
+ ]
399
+ },
400
+ "/*"
401
+ ]
402
+ ]
403
+ }
404
+ }
405
+ ],
406
+ "Version": "2012-10-17"
407
+ },
408
+ "PolicyName": "CognitoAccessPolicy"
409
+ }
410
+ ]
411
+ }
412
+ },
413
+ "testlambdaopensearchIdentityPoolRoleMappingD8C765B1": {
414
+ "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
415
+ "Properties": {
416
+ "IdentityPoolId": {
417
+ "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
418
+ },
419
+ "Roles": {
420
+ "authenticated": {
421
+ "Fn::GetAtt": [
422
+ "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
423
+ "Arn"
424
+ ]
425
+ }
426
+ }
427
+ }
428
+ },
429
+ "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A": {
430
+ "Type": "AWS::IAM::Role",
431
+ "Properties": {
432
+ "AssumeRolePolicyDocument": {
433
+ "Statement": [
434
+ {
435
+ "Action": "sts:AssumeRole",
436
+ "Effect": "Allow",
437
+ "Principal": {
438
+ "Service": "es.amazonaws.com"
439
+ }
440
+ }
441
+ ],
442
+ "Version": "2012-10-17"
443
+ }
444
+ }
445
+ },
446
+ "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2": {
447
+ "Type": "AWS::IAM::Policy",
448
+ "Properties": {
449
+ "PolicyDocument": {
450
+ "Statement": [
451
+ {
452
+ "Action": [
453
+ "cognito-identity:DescribeIdentityPool",
454
+ "cognito-identity:GetIdentityPoolRoles",
455
+ "cognito-identity:SetIdentityPoolRoles",
456
+ "cognito-identity:UpdateIdentityPool",
457
+ "cognito-idp:AdminInitiateAuth",
458
+ "cognito-idp:AdminUserGlobalSignOut",
459
+ "cognito-idp:CreateUserPoolClient",
460
+ "cognito-idp:DeleteUserPoolClient",
461
+ "cognito-idp:DescribeUserPool",
462
+ "cognito-idp:DescribeUserPoolClient",
463
+ "cognito-idp:ListUserPoolClients",
464
+ "es:UpdateDomainConfig"
465
+ ],
466
+ "Effect": "Allow",
467
+ "Resource": [
468
+ {
469
+ "Fn::GetAtt": [
470
+ "testlambdaopensearchCognitoUserPoolA09096F9",
471
+ "Arn"
472
+ ]
473
+ },
474
+ {
475
+ "Fn::Join": [
476
+ "",
477
+ [
478
+ "arn:",
479
+ {
480
+ "Ref": "AWS::Partition"
481
+ },
482
+ ":cognito-identity:",
483
+ {
484
+ "Ref": "AWS::Region"
485
+ },
486
+ ":",
487
+ {
488
+ "Ref": "AWS::AccountId"
489
+ },
490
+ ":identitypool/",
491
+ {
492
+ "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
493
+ }
494
+ ]
495
+ ]
496
+ },
497
+ {
498
+ "Fn::Join": [
499
+ "",
500
+ [
501
+ "arn:",
502
+ {
503
+ "Ref": "AWS::Partition"
504
+ },
505
+ ":es:",
506
+ {
507
+ "Ref": "AWS::Region"
508
+ },
509
+ ":",
510
+ {
511
+ "Ref": "AWS::AccountId"
512
+ },
513
+ ":domain/",
514
+ {
515
+ "Fn::Join": [
516
+ "-",
517
+ [
518
+ "dmn",
519
+ {
520
+ "Fn::Select": [
521
+ 4,
522
+ {
523
+ "Fn::Split": [
524
+ "-",
525
+ {
526
+ "Fn::Select": [
527
+ 2,
528
+ {
529
+ "Fn::Split": [
530
+ "/",
531
+ {
532
+ "Ref": "AWS::StackId"
533
+ }
534
+ ]
535
+ }
536
+ ]
537
+ }
538
+ ]
539
+ }
540
+ ]
541
+ }
542
+ ]
543
+ ]
544
+ }
545
+ ]
546
+ ]
547
+ }
548
+ ]
549
+ },
550
+ {
551
+ "Action": "iam:PassRole",
552
+ "Condition": {
553
+ "StringLike": {
554
+ "iam:PassedToService": "cognito-identity.amazonaws.com"
555
+ }
556
+ },
557
+ "Effect": "Allow",
558
+ "Resource": {
559
+ "Fn::GetAtt": [
560
+ "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
561
+ "Arn"
562
+ ]
563
+ }
564
+ }
565
+ ],
566
+ "Version": "2012-10-17"
567
+ },
568
+ "PolicyName": "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2",
569
+ "Roles": [
570
+ {
571
+ "Ref": "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A"
572
+ }
573
+ ]
574
+ }
575
+ },
576
+ "testlambdaopensearchOpenSearchDomainF9CCC3D3": {
577
+ "Type": "AWS::OpenSearchService::Domain",
578
+ "Properties": {
579
+ "AccessPolicies": {
580
+ "Statement": [
581
+ {
582
+ "Action": "es:ESHttp*",
583
+ "Effect": "Allow",
584
+ "Principal": {
585
+ "AWS": [
586
+ {
587
+ "Fn::GetAtt": [
588
+ "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
589
+ "Arn"
590
+ ]
591
+ },
592
+ {
593
+ "Fn::GetAtt": [
594
+ "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
595
+ "Arn"
596
+ ]
597
+ }
598
+ ]
599
+ },
600
+ "Resource": {
601
+ "Fn::Join": [
602
+ "",
603
+ [
604
+ "arn:",
605
+ {
606
+ "Ref": "AWS::Partition"
607
+ },
608
+ ":es:",
609
+ {
610
+ "Ref": "AWS::Region"
611
+ },
612
+ ":",
613
+ {
614
+ "Ref": "AWS::AccountId"
615
+ },
616
+ ":domain/",
617
+ {
618
+ "Fn::Join": [
619
+ "-",
620
+ [
621
+ "dmn",
622
+ {
623
+ "Fn::Select": [
624
+ 4,
625
+ {
626
+ "Fn::Split": [
627
+ "-",
628
+ {
629
+ "Fn::Select": [
630
+ 2,
631
+ {
632
+ "Fn::Split": [
633
+ "/",
634
+ {
635
+ "Ref": "AWS::StackId"
636
+ }
637
+ ]
638
+ }
639
+ ]
640
+ }
641
+ ]
642
+ }
643
+ ]
644
+ }
645
+ ]
646
+ ]
647
+ },
648
+ "/*"
649
+ ]
650
+ ]
651
+ }
652
+ }
653
+ ],
654
+ "Version": "2012-10-17"
655
+ },
656
+ "ClusterConfig": {
657
+ "DedicatedMasterCount": 3,
658
+ "DedicatedMasterEnabled": true,
659
+ "InstanceCount": 3,
660
+ "ZoneAwarenessEnabled": false
661
+ },
662
+ "CognitoOptions": {
663
+ "Enabled": true,
664
+ "IdentityPoolId": {
665
+ "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
666
+ },
667
+ "RoleArn": {
668
+ "Fn::GetAtt": [
669
+ "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
670
+ "Arn"
671
+ ]
672
+ },
673
+ "UserPoolId": {
674
+ "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
675
+ }
676
+ },
677
+ "DomainEndpointOptions": {
678
+ "EnforceHTTPS": true,
679
+ "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07"
680
+ },
681
+ "DomainName": {
682
+ "Fn::Join": [
683
+ "-",
684
+ [
685
+ "dmn",
686
+ {
687
+ "Fn::Select": [
688
+ 4,
689
+ {
690
+ "Fn::Split": [
691
+ "-",
692
+ {
693
+ "Fn::Select": [
694
+ 2,
695
+ {
696
+ "Fn::Split": [
697
+ "/",
698
+ {
699
+ "Ref": "AWS::StackId"
700
+ }
701
+ ]
702
+ }
703
+ ]
704
+ }
705
+ ]
706
+ }
707
+ ]
708
+ }
709
+ ]
710
+ ]
711
+ },
712
+ "EBSOptions": {
713
+ "EBSEnabled": true,
714
+ "VolumeSize": 10
715
+ },
716
+ "EncryptionAtRestOptions": {
717
+ "Enabled": true
718
+ },
719
+ "EngineVersion": "OpenSearch_1.3",
720
+ "NodeToNodeEncryptionOptions": {
721
+ "Enabled": true
722
+ },
723
+ "SnapshotOptions": {
724
+ "AutomatedSnapshotStartHour": 1
725
+ },
726
+ "VPCOptions": {
727
+ "SecurityGroupIds": [
728
+ {
729
+ "Fn::GetAtt": [
730
+ "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
731
+ "GroupId"
732
+ ]
733
+ }
734
+ ],
735
+ "SubnetIds": [
736
+ {
737
+ "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
738
+ }
739
+ ]
740
+ }
741
+ },
742
+ "Metadata": {
743
+ "cfn_nag": {
744
+ "rules_to_suppress": [
745
+ {
746
+ "id": "W28",
747
+ "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
748
+ },
749
+ {
750
+ "id": "W90",
751
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
752
+ }
753
+ ]
754
+ }
755
+ }
756
+ },
757
+ "testlambdaopensearchStatusRedAlarm1627144D": {
758
+ "Type": "AWS::CloudWatch::Alarm",
759
+ "Properties": {
760
+ "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
761
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
762
+ "EvaluationPeriods": 1,
763
+ "MetricName": "ClusterStatus.red",
764
+ "Namespace": "AWS/ES",
765
+ "Period": 60,
766
+ "Statistic": "Maximum",
767
+ "Threshold": 1
768
+ }
769
+ },
770
+ "testlambdaopensearchStatusYellowAlarm57139CF0": {
771
+ "Type": "AWS::CloudWatch::Alarm",
772
+ "Properties": {
773
+ "AlarmDescription": "At least one replica shard is not allocated to a node.",
774
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
775
+ "EvaluationPeriods": 1,
776
+ "MetricName": "ClusterStatus.yellow",
777
+ "Namespace": "AWS/ES",
778
+ "Period": 60,
779
+ "Statistic": "Maximum",
780
+ "Threshold": 1
781
+ }
782
+ },
783
+ "testlambdaopensearchFreeStorageSpaceTooLowAlarm6A5E1E96": {
784
+ "Type": "AWS::CloudWatch::Alarm",
785
+ "Properties": {
786
+ "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
787
+ "ComparisonOperator": "LessThanOrEqualToThreshold",
788
+ "EvaluationPeriods": 1,
789
+ "MetricName": "FreeStorageSpace",
790
+ "Namespace": "AWS/ES",
791
+ "Period": 60,
792
+ "Statistic": "Minimum",
793
+ "Threshold": 20000
794
+ }
795
+ },
796
+ "testlambdaopensearchIndexWritesBlockedTooHighAlarmD2E041A3": {
797
+ "Type": "AWS::CloudWatch::Alarm",
798
+ "Properties": {
799
+ "AlarmDescription": "Your cluster is blocking write requests.",
800
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
801
+ "EvaluationPeriods": 1,
802
+ "MetricName": "ClusterIndexWritesBlocked",
803
+ "Namespace": "AWS/ES",
804
+ "Period": 300,
805
+ "Statistic": "Maximum",
806
+ "Threshold": 1
807
+ }
808
+ },
809
+ "testlambdaopensearchAutomatedSnapshotFailureTooHighAlarm9A4D0B1F": {
810
+ "Type": "AWS::CloudWatch::Alarm",
811
+ "Properties": {
812
+ "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
813
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
814
+ "EvaluationPeriods": 1,
815
+ "MetricName": "AutomatedSnapshotFailure",
816
+ "Namespace": "AWS/ES",
817
+ "Period": 60,
818
+ "Statistic": "Maximum",
819
+ "Threshold": 1
820
+ }
821
+ },
822
+ "testlambdaopensearchCPUUtilizationTooHighAlarmC4850758": {
823
+ "Type": "AWS::CloudWatch::Alarm",
824
+ "Properties": {
825
+ "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
826
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
827
+ "EvaluationPeriods": 3,
828
+ "MetricName": "CPUUtilization",
829
+ "Namespace": "AWS/ES",
830
+ "Period": 900,
831
+ "Statistic": "Average",
832
+ "Threshold": 80
833
+ }
834
+ },
835
+ "testlambdaopensearchJVMMemoryPressureTooHighAlarmEFB09A7C": {
836
+ "Type": "AWS::CloudWatch::Alarm",
837
+ "Properties": {
838
+ "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
839
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
840
+ "EvaluationPeriods": 1,
841
+ "MetricName": "JVMMemoryPressure",
842
+ "Namespace": "AWS/ES",
843
+ "Period": 900,
844
+ "Statistic": "Average",
845
+ "Threshold": 80
846
+ }
847
+ },
848
+ "testlambdaopensearchMasterCPUUtilizationTooHighAlarm124D5748": {
849
+ "Type": "AWS::CloudWatch::Alarm",
850
+ "Properties": {
851
+ "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
852
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
853
+ "EvaluationPeriods": 3,
854
+ "MetricName": "MasterCPUUtilization",
855
+ "Namespace": "AWS/ES",
856
+ "Period": 900,
857
+ "Statistic": "Average",
858
+ "Threshold": 50
859
+ }
860
+ },
861
+ "testlambdaopensearchMasterJVMMemoryPressureTooHighAlarmBC9524D3": {
862
+ "Type": "AWS::CloudWatch::Alarm",
863
+ "Properties": {
864
+ "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
865
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
866
+ "EvaluationPeriods": 1,
867
+ "MetricName": "MasterJVMMemoryPressure",
868
+ "Namespace": "AWS/ES",
869
+ "Period": 900,
870
+ "Statistic": "Average",
871
+ "Threshold": 50
872
+ }
873
+ },
874
+ "Vpc8378EB38": {
875
+ "Type": "AWS::EC2::VPC",
876
+ "Properties": {
877
+ "CidrBlock": "10.0.0.0/16",
878
+ "EnableDnsHostnames": true,
879
+ "EnableDnsSupport": true,
880
+ "InstanceTenancy": "default",
881
+ "Tags": [
882
+ {
883
+ "Key": "Name",
884
+ "Value": "lamopn-disabled-zone-awareness/Vpc"
885
+ }
886
+ ]
887
+ }
888
+ },
889
+ "VpcisolatedSubnet1SubnetE62B1B9B": {
890
+ "Type": "AWS::EC2::Subnet",
891
+ "Properties": {
892
+ "AvailabilityZone": {
893
+ "Fn::Select": [
894
+ 0,
895
+ {
896
+ "Fn::GetAZs": ""
897
+ }
898
+ ]
899
+ },
900
+ "CidrBlock": "10.0.0.0/18",
901
+ "MapPublicIpOnLaunch": false,
902
+ "Tags": [
903
+ {
904
+ "Key": "aws-cdk:subnet-name",
905
+ "Value": "isolated"
906
+ },
907
+ {
908
+ "Key": "aws-cdk:subnet-type",
909
+ "Value": "Isolated"
910
+ },
911
+ {
912
+ "Key": "Name",
913
+ "Value": "lamopn-disabled-zone-awareness/Vpc/isolatedSubnet1"
914
+ }
915
+ ],
916
+ "VpcId": {
917
+ "Ref": "Vpc8378EB38"
918
+ }
919
+ }
920
+ },
921
+ "VpcisolatedSubnet1RouteTableE442650B": {
922
+ "Type": "AWS::EC2::RouteTable",
923
+ "Properties": {
924
+ "Tags": [
925
+ {
926
+ "Key": "Name",
927
+ "Value": "lamopn-disabled-zone-awareness/Vpc/isolatedSubnet1"
928
+ }
929
+ ],
930
+ "VpcId": {
931
+ "Ref": "Vpc8378EB38"
932
+ }
933
+ }
934
+ },
935
+ "VpcisolatedSubnet1RouteTableAssociationD259E31A": {
936
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
937
+ "Properties": {
938
+ "RouteTableId": {
939
+ "Ref": "VpcisolatedSubnet1RouteTableE442650B"
940
+ },
941
+ "SubnetId": {
942
+ "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
943
+ }
944
+ }
945
+ },
946
+ "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": {
947
+ "Type": "Custom::VpcRestrictDefaultSG",
948
+ "Properties": {
949
+ "ServiceToken": {
950
+ "Fn::GetAtt": [
951
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
952
+ "Arn"
953
+ ]
954
+ },
955
+ "DefaultSecurityGroupId": {
956
+ "Fn::GetAtt": [
957
+ "Vpc8378EB38",
958
+ "DefaultSecurityGroup"
959
+ ]
960
+ },
961
+ "Account": {
962
+ "Ref": "AWS::AccountId"
963
+ }
964
+ },
965
+ "UpdateReplacePolicy": "Delete",
966
+ "DeletionPolicy": "Delete"
967
+ },
968
+ "VpcFlowLogIAMRole6A475D41": {
969
+ "Type": "AWS::IAM::Role",
970
+ "Properties": {
971
+ "AssumeRolePolicyDocument": {
972
+ "Statement": [
973
+ {
974
+ "Action": "sts:AssumeRole",
975
+ "Effect": "Allow",
976
+ "Principal": {
977
+ "Service": "vpc-flow-logs.amazonaws.com"
978
+ }
979
+ }
980
+ ],
981
+ "Version": "2012-10-17"
982
+ },
983
+ "Tags": [
984
+ {
985
+ "Key": "Name",
986
+ "Value": "lamopn-disabled-zone-awareness/Vpc/FlowLog"
987
+ }
988
+ ]
989
+ }
990
+ },
991
+ "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
992
+ "Type": "AWS::IAM::Policy",
993
+ "Properties": {
994
+ "PolicyDocument": {
995
+ "Statement": [
996
+ {
997
+ "Action": [
998
+ "logs:CreateLogStream",
999
+ "logs:DescribeLogStreams",
1000
+ "logs:PutLogEvents"
1001
+ ],
1002
+ "Effect": "Allow",
1003
+ "Resource": {
1004
+ "Fn::GetAtt": [
1005
+ "VpcFlowLogLogGroup7B5C56B9",
1006
+ "Arn"
1007
+ ]
1008
+ }
1009
+ },
1010
+ {
1011
+ "Action": "iam:PassRole",
1012
+ "Effect": "Allow",
1013
+ "Resource": {
1014
+ "Fn::GetAtt": [
1015
+ "VpcFlowLogIAMRole6A475D41",
1016
+ "Arn"
1017
+ ]
1018
+ }
1019
+ }
1020
+ ],
1021
+ "Version": "2012-10-17"
1022
+ },
1023
+ "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
1024
+ "Roles": [
1025
+ {
1026
+ "Ref": "VpcFlowLogIAMRole6A475D41"
1027
+ }
1028
+ ]
1029
+ }
1030
+ },
1031
+ "VpcFlowLogLogGroup7B5C56B9": {
1032
+ "Type": "AWS::Logs::LogGroup",
1033
+ "Properties": {
1034
+ "RetentionInDays": 731,
1035
+ "Tags": [
1036
+ {
1037
+ "Key": "Name",
1038
+ "Value": "lamopn-disabled-zone-awareness/Vpc/FlowLog"
1039
+ }
1040
+ ]
1041
+ },
1042
+ "UpdateReplacePolicy": "Retain",
1043
+ "DeletionPolicy": "Retain",
1044
+ "Metadata": {
1045
+ "cfn_nag": {
1046
+ "rules_to_suppress": [
1047
+ {
1048
+ "id": "W84",
1049
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
1050
+ }
1051
+ ]
1052
+ }
1053
+ }
1054
+ },
1055
+ "VpcFlowLog8FF33A73": {
1056
+ "Type": "AWS::EC2::FlowLog",
1057
+ "Properties": {
1058
+ "DeliverLogsPermissionArn": {
1059
+ "Fn::GetAtt": [
1060
+ "VpcFlowLogIAMRole6A475D41",
1061
+ "Arn"
1062
+ ]
1063
+ },
1064
+ "LogDestinationType": "cloud-watch-logs",
1065
+ "LogGroupName": {
1066
+ "Ref": "VpcFlowLogLogGroup7B5C56B9"
1067
+ },
1068
+ "ResourceId": {
1069
+ "Ref": "Vpc8378EB38"
1070
+ },
1071
+ "ResourceType": "VPC",
1072
+ "Tags": [
1073
+ {
1074
+ "Key": "Name",
1075
+ "Value": "lamopn-disabled-zone-awareness/Vpc/FlowLog"
1076
+ }
1077
+ ],
1078
+ "TrafficType": "ALL"
1079
+ }
1080
+ },
1081
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
1082
+ "Type": "AWS::IAM::Role",
1083
+ "Properties": {
1084
+ "AssumeRolePolicyDocument": {
1085
+ "Version": "2012-10-17",
1086
+ "Statement": [
1087
+ {
1088
+ "Action": "sts:AssumeRole",
1089
+ "Effect": "Allow",
1090
+ "Principal": {
1091
+ "Service": "lambda.amazonaws.com"
1092
+ }
1093
+ }
1094
+ ]
1095
+ },
1096
+ "ManagedPolicyArns": [
1097
+ {
1098
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1099
+ }
1100
+ ],
1101
+ "Policies": [
1102
+ {
1103
+ "PolicyName": "Inline",
1104
+ "PolicyDocument": {
1105
+ "Version": "2012-10-17",
1106
+ "Statement": [
1107
+ {
1108
+ "Effect": "Allow",
1109
+ "Action": [
1110
+ "ec2:AuthorizeSecurityGroupIngress",
1111
+ "ec2:AuthorizeSecurityGroupEgress",
1112
+ "ec2:RevokeSecurityGroupIngress",
1113
+ "ec2:RevokeSecurityGroupEgress"
1114
+ ],
1115
+ "Resource": [
1116
+ {
1117
+ "Fn::Join": [
1118
+ "",
1119
+ [
1120
+ "arn:",
1121
+ {
1122
+ "Ref": "AWS::Partition"
1123
+ },
1124
+ ":ec2:",
1125
+ {
1126
+ "Ref": "AWS::Region"
1127
+ },
1128
+ ":",
1129
+ {
1130
+ "Ref": "AWS::AccountId"
1131
+ },
1132
+ ":security-group/",
1133
+ {
1134
+ "Fn::GetAtt": [
1135
+ "Vpc8378EB38",
1136
+ "DefaultSecurityGroup"
1137
+ ]
1138
+ }
1139
+ ]
1140
+ ]
1141
+ }
1142
+ ]
1143
+ }
1144
+ ]
1145
+ }
1146
+ }
1147
+ ]
1148
+ }
1149
+ },
1150
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
1151
+ "Type": "AWS::Lambda::Function",
1152
+ "Properties": {
1153
+ "Code": {
1154
+ "S3Bucket": {
1155
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1156
+ },
1157
+ "S3Key": "dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e.zip"
1158
+ },
1159
+ "Timeout": 900,
1160
+ "MemorySize": 128,
1161
+ "Handler": "__entrypoint__.handler",
1162
+ "Role": {
1163
+ "Fn::GetAtt": [
1164
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
1165
+ "Arn"
1166
+ ]
1167
+ },
1168
+ "Runtime": "nodejs18.x",
1169
+ "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
1170
+ },
1171
+ "DependsOn": [
1172
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
1173
+ ],
1174
+ "Metadata": {
1175
+ "cfn_nag": {
1176
+ "rules_to_suppress": [
1177
+ {
1178
+ "id": "W58",
1179
+ "reason": "CDK generated custom resource"
1180
+ },
1181
+ {
1182
+ "id": "W89",
1183
+ "reason": "CDK generated custom resource"
1184
+ },
1185
+ {
1186
+ "id": "W92",
1187
+ "reason": "CDK generated custom resource"
1188
+ }
1189
+ ]
1190
+ }
1191
+ }
1192
+ }
1193
+ },
1194
+ "Parameters": {
1195
+ "BootstrapVersion": {
1196
+ "Type": "AWS::SSM::Parameter::Value<String>",
1197
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1198
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1199
+ }
1200
+ },
1201
+ "Rules": {
1202
+ "CheckBootstrapVersion": {
1203
+ "Assertions": [
1204
+ {
1205
+ "Assert": {
1206
+ "Fn::Not": [
1207
+ {
1208
+ "Fn::Contains": [
1209
+ [
1210
+ "1",
1211
+ "2",
1212
+ "3",
1213
+ "4",
1214
+ "5"
1215
+ ],
1216
+ {
1217
+ "Ref": "BootstrapVersion"
1218
+ }
1219
+ ]
1220
+ }
1221
+ ]
1222
+ },
1223
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1224
+ }
1225
+ ]
1226
+ }
1227
+ }
1228
+ }