@aws-solutions-constructs/aws-lambda-opensearch 2.51.0 → 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +9 -8
  6. package/test/integ.lamopn-cluster-config.js +6 -2
  7. package/test/integ.lamopn-cluster-config.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  8. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  9. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  10. package/test/integ.lamopn-cluster-config.js.snapshot/cdk.out +1 -0
  11. package/test/integ.lamopn-cluster-config.js.snapshot/integ.json +12 -0
  12. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.assets.json +45 -0
  13. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.template.json +1295 -0
  14. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.assets.json +19 -0
  15. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.template.json +36 -0
  16. package/test/integ.lamopn-cluster-config.js.snapshot/manifest.json +323 -0
  17. package/test/integ.lamopn-cluster-config.js.snapshot/tree.json +1795 -0
  18. package/test/integ.lamopn-disabled-zone-awareness.js +6 -2
  19. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  20. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  21. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  22. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/cdk.out +1 -0
  23. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/integ.json +12 -0
  24. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.assets.json +45 -0
  25. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.template.json +1228 -0
  26. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.assets.json +19 -0
  27. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.template.json +36 -0
  28. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/manifest.json +305 -0
  29. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/tree.json +1687 -0
  30. package/test/integ.lamopn-domain-arguments.js +5 -2
  31. package/test/integ.lamopn-domain-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  32. package/test/integ.lamopn-domain-arguments.js.snapshot/cdk.out +1 -0
  33. package/test/integ.lamopn-domain-arguments.js.snapshot/integ.json +12 -0
  34. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.assets.json +32 -0
  35. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.template.json +846 -0
  36. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.assets.json +19 -0
  37. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.template.json +36 -0
  38. package/test/integ.lamopn-domain-arguments.js.snapshot/manifest.json +233 -0
  39. package/test/integ.lamopn-domain-arguments.js.snapshot/tree.json +1256 -0
  40. package/test/integ.lamopn-existing-vpc.js +12 -6
  41. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  42. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  43. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  44. package/test/integ.lamopn-existing-vpc.js.snapshot/cdk.out +1 -0
  45. package/test/integ.lamopn-existing-vpc.js.snapshot/integ.json +12 -0
  46. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.assets.json +48 -0
  47. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.template.json +1571 -0
  48. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.assets.json +19 -0
  49. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.template.json +36 -0
  50. package/test/integ.lamopn-existing-vpc.js.snapshot/manifest.json +419 -0
  51. package/test/integ.lamopn-existing-vpc.js.snapshot/tree.json +2207 -0
  52. package/test/integ.lamopn-no-arguments.js +5 -2
  53. package/test/integ.lamopn-no-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  54. package/test/integ.lamopn-no-arguments.js.snapshot/cdk.out +1 -0
  55. package/test/integ.lamopn-no-arguments.js.snapshot/integ.json +12 -0
  56. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.assets.json +32 -0
  57. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.template.json +846 -0
  58. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.assets.json +19 -0
  59. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.template.json +36 -0
  60. package/test/integ.lamopn-no-arguments.js.snapshot/manifest.json +233 -0
  61. package/test/integ.lamopn-no-arguments.js.snapshot/tree.json +1256 -0
  62. package/test/integ.lamopn-vpc-props.js +12 -6
  63. package/test/integ.lamopn-vpc-props.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  64. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  65. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  66. package/test/integ.lamopn-vpc-props.js.snapshot/cdk.out +1 -0
  67. package/test/integ.lamopn-vpc-props.js.snapshot/integ.json +12 -0
  68. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.assets.json +48 -0
  69. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.template.json +1287 -0
  70. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.assets.json +19 -0
  71. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.template.json +36 -0
  72. package/test/integ.lamopn-vpc-props.js.snapshot/manifest.json +323 -0
  73. package/test/integ.lamopn-vpc-props.js.snapshot/tree.json +1795 -0
  74. package/test/integ.lamopn-cluster-config.expected.json +0 -1153
  75. package/test/integ.lamopn-disabled-zone-awareness.expected.json +0 -1093
  76. package/test/integ.lamopn-domain-arguments.expected.json +0 -846
  77. package/test/integ.lamopn-existing-vpc.expected.json +0 -1602
  78. package/test/integ.lamopn-no-arguments.expected.json +0 -846
  79. package/test/integ.lamopn-vpc-props.expected.json +0 -1208
@@ -1,1602 +0,0 @@
1
- {
2
- "Resources": {
3
- "Vpc8378EB38": {
4
- "Type": "AWS::EC2::VPC",
5
- "Properties": {
6
- "CidrBlock": "172.168.0.0/16",
7
- "EnableDnsHostnames": true,
8
- "EnableDnsSupport": true,
9
- "InstanceTenancy": "default",
10
- "Tags": [
11
- {
12
- "Key": "Name",
13
- "Value": "lamopn-existing-vpc/Vpc"
14
- }
15
- ]
16
- }
17
- },
18
- "VpcPublicSubnet1Subnet5C2D37C4": {
19
- "Type": "AWS::EC2::Subnet",
20
- "Properties": {
21
- "AvailabilityZone": "test-region-1a",
22
- "CidrBlock": "172.168.0.0/19",
23
- "MapPublicIpOnLaunch": true,
24
- "Tags": [
25
- {
26
- "Key": "aws-cdk:subnet-name",
27
- "Value": "Public"
28
- },
29
- {
30
- "Key": "aws-cdk:subnet-type",
31
- "Value": "Public"
32
- },
33
- {
34
- "Key": "Name",
35
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet1"
36
- }
37
- ],
38
- "VpcId": {
39
- "Ref": "Vpc8378EB38"
40
- }
41
- },
42
- "Metadata": {
43
- "cfn_nag": {
44
- "rules_to_suppress": [
45
- {
46
- "id": "W33",
47
- "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
48
- }
49
- ]
50
- }
51
- }
52
- },
53
- "VpcPublicSubnet1RouteTable6C95E38E": {
54
- "Type": "AWS::EC2::RouteTable",
55
- "Properties": {
56
- "Tags": [
57
- {
58
- "Key": "Name",
59
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet1"
60
- }
61
- ],
62
- "VpcId": {
63
- "Ref": "Vpc8378EB38"
64
- }
65
- }
66
- },
67
- "VpcPublicSubnet1RouteTableAssociation97140677": {
68
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
69
- "Properties": {
70
- "RouteTableId": {
71
- "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
72
- },
73
- "SubnetId": {
74
- "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
75
- }
76
- }
77
- },
78
- "VpcPublicSubnet1DefaultRoute3DA9E72A": {
79
- "Type": "AWS::EC2::Route",
80
- "Properties": {
81
- "DestinationCidrBlock": "0.0.0.0/0",
82
- "GatewayId": {
83
- "Ref": "VpcIGWD7BA715C"
84
- },
85
- "RouteTableId": {
86
- "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
87
- }
88
- },
89
- "DependsOn": [
90
- "VpcVPCGWBF912B6E"
91
- ]
92
- },
93
- "VpcPublicSubnet1EIPD7E02669": {
94
- "Type": "AWS::EC2::EIP",
95
- "Properties": {
96
- "Domain": "vpc",
97
- "Tags": [
98
- {
99
- "Key": "Name",
100
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet1"
101
- }
102
- ]
103
- }
104
- },
105
- "VpcPublicSubnet1NATGateway4D7517AA": {
106
- "Type": "AWS::EC2::NatGateway",
107
- "Properties": {
108
- "AllocationId": {
109
- "Fn::GetAtt": [
110
- "VpcPublicSubnet1EIPD7E02669",
111
- "AllocationId"
112
- ]
113
- },
114
- "SubnetId": {
115
- "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
116
- },
117
- "Tags": [
118
- {
119
- "Key": "Name",
120
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet1"
121
- }
122
- ]
123
- },
124
- "DependsOn": [
125
- "VpcPublicSubnet1DefaultRoute3DA9E72A",
126
- "VpcPublicSubnet1RouteTableAssociation97140677"
127
- ]
128
- },
129
- "VpcPublicSubnet2Subnet691E08A3": {
130
- "Type": "AWS::EC2::Subnet",
131
- "Properties": {
132
- "AvailabilityZone": "test-region-1b",
133
- "CidrBlock": "172.168.32.0/19",
134
- "MapPublicIpOnLaunch": true,
135
- "Tags": [
136
- {
137
- "Key": "aws-cdk:subnet-name",
138
- "Value": "Public"
139
- },
140
- {
141
- "Key": "aws-cdk:subnet-type",
142
- "Value": "Public"
143
- },
144
- {
145
- "Key": "Name",
146
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet2"
147
- }
148
- ],
149
- "VpcId": {
150
- "Ref": "Vpc8378EB38"
151
- }
152
- },
153
- "Metadata": {
154
- "cfn_nag": {
155
- "rules_to_suppress": [
156
- {
157
- "id": "W33",
158
- "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
159
- }
160
- ]
161
- }
162
- }
163
- },
164
- "VpcPublicSubnet2RouteTable94F7E489": {
165
- "Type": "AWS::EC2::RouteTable",
166
- "Properties": {
167
- "Tags": [
168
- {
169
- "Key": "Name",
170
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet2"
171
- }
172
- ],
173
- "VpcId": {
174
- "Ref": "Vpc8378EB38"
175
- }
176
- }
177
- },
178
- "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
179
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
180
- "Properties": {
181
- "RouteTableId": {
182
- "Ref": "VpcPublicSubnet2RouteTable94F7E489"
183
- },
184
- "SubnetId": {
185
- "Ref": "VpcPublicSubnet2Subnet691E08A3"
186
- }
187
- }
188
- },
189
- "VpcPublicSubnet2DefaultRoute97F91067": {
190
- "Type": "AWS::EC2::Route",
191
- "Properties": {
192
- "DestinationCidrBlock": "0.0.0.0/0",
193
- "GatewayId": {
194
- "Ref": "VpcIGWD7BA715C"
195
- },
196
- "RouteTableId": {
197
- "Ref": "VpcPublicSubnet2RouteTable94F7E489"
198
- }
199
- },
200
- "DependsOn": [
201
- "VpcVPCGWBF912B6E"
202
- ]
203
- },
204
- "VpcPublicSubnet2EIP3C605A87": {
205
- "Type": "AWS::EC2::EIP",
206
- "Properties": {
207
- "Domain": "vpc",
208
- "Tags": [
209
- {
210
- "Key": "Name",
211
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet2"
212
- }
213
- ]
214
- }
215
- },
216
- "VpcPublicSubnet2NATGateway9182C01D": {
217
- "Type": "AWS::EC2::NatGateway",
218
- "Properties": {
219
- "AllocationId": {
220
- "Fn::GetAtt": [
221
- "VpcPublicSubnet2EIP3C605A87",
222
- "AllocationId"
223
- ]
224
- },
225
- "SubnetId": {
226
- "Ref": "VpcPublicSubnet2Subnet691E08A3"
227
- },
228
- "Tags": [
229
- {
230
- "Key": "Name",
231
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet2"
232
- }
233
- ]
234
- },
235
- "DependsOn": [
236
- "VpcPublicSubnet2DefaultRoute97F91067",
237
- "VpcPublicSubnet2RouteTableAssociationDD5762D8"
238
- ]
239
- },
240
- "VpcPublicSubnet3SubnetBE12F0B6": {
241
- "Type": "AWS::EC2::Subnet",
242
- "Properties": {
243
- "AvailabilityZone": "test-region-1c",
244
- "CidrBlock": "172.168.64.0/19",
245
- "MapPublicIpOnLaunch": true,
246
- "Tags": [
247
- {
248
- "Key": "aws-cdk:subnet-name",
249
- "Value": "Public"
250
- },
251
- {
252
- "Key": "aws-cdk:subnet-type",
253
- "Value": "Public"
254
- },
255
- {
256
- "Key": "Name",
257
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet3"
258
- }
259
- ],
260
- "VpcId": {
261
- "Ref": "Vpc8378EB38"
262
- }
263
- },
264
- "Metadata": {
265
- "cfn_nag": {
266
- "rules_to_suppress": [
267
- {
268
- "id": "W33",
269
- "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
270
- }
271
- ]
272
- }
273
- }
274
- },
275
- "VpcPublicSubnet3RouteTable93458DBB": {
276
- "Type": "AWS::EC2::RouteTable",
277
- "Properties": {
278
- "Tags": [
279
- {
280
- "Key": "Name",
281
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet3"
282
- }
283
- ],
284
- "VpcId": {
285
- "Ref": "Vpc8378EB38"
286
- }
287
- }
288
- },
289
- "VpcPublicSubnet3RouteTableAssociation1F1EDF02": {
290
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
291
- "Properties": {
292
- "RouteTableId": {
293
- "Ref": "VpcPublicSubnet3RouteTable93458DBB"
294
- },
295
- "SubnetId": {
296
- "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
297
- }
298
- }
299
- },
300
- "VpcPublicSubnet3DefaultRoute4697774F": {
301
- "Type": "AWS::EC2::Route",
302
- "Properties": {
303
- "DestinationCidrBlock": "0.0.0.0/0",
304
- "GatewayId": {
305
- "Ref": "VpcIGWD7BA715C"
306
- },
307
- "RouteTableId": {
308
- "Ref": "VpcPublicSubnet3RouteTable93458DBB"
309
- }
310
- },
311
- "DependsOn": [
312
- "VpcVPCGWBF912B6E"
313
- ]
314
- },
315
- "VpcPublicSubnet3EIP3A666A23": {
316
- "Type": "AWS::EC2::EIP",
317
- "Properties": {
318
- "Domain": "vpc",
319
- "Tags": [
320
- {
321
- "Key": "Name",
322
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet3"
323
- }
324
- ]
325
- }
326
- },
327
- "VpcPublicSubnet3NATGateway7640CD1D": {
328
- "Type": "AWS::EC2::NatGateway",
329
- "Properties": {
330
- "AllocationId": {
331
- "Fn::GetAtt": [
332
- "VpcPublicSubnet3EIP3A666A23",
333
- "AllocationId"
334
- ]
335
- },
336
- "SubnetId": {
337
- "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
338
- },
339
- "Tags": [
340
- {
341
- "Key": "Name",
342
- "Value": "lamopn-existing-vpc/Vpc/PublicSubnet3"
343
- }
344
- ]
345
- },
346
- "DependsOn": [
347
- "VpcPublicSubnet3DefaultRoute4697774F",
348
- "VpcPublicSubnet3RouteTableAssociation1F1EDF02"
349
- ]
350
- },
351
- "VpcPrivateSubnet1Subnet536B997A": {
352
- "Type": "AWS::EC2::Subnet",
353
- "Properties": {
354
- "AvailabilityZone": "test-region-1a",
355
- "CidrBlock": "172.168.96.0/19",
356
- "MapPublicIpOnLaunch": false,
357
- "Tags": [
358
- {
359
- "Key": "aws-cdk:subnet-name",
360
- "Value": "Private"
361
- },
362
- {
363
- "Key": "aws-cdk:subnet-type",
364
- "Value": "Private"
365
- },
366
- {
367
- "Key": "Name",
368
- "Value": "lamopn-existing-vpc/Vpc/PrivateSubnet1"
369
- }
370
- ],
371
- "VpcId": {
372
- "Ref": "Vpc8378EB38"
373
- }
374
- }
375
- },
376
- "VpcPrivateSubnet1RouteTableB2C5B500": {
377
- "Type": "AWS::EC2::RouteTable",
378
- "Properties": {
379
- "Tags": [
380
- {
381
- "Key": "Name",
382
- "Value": "lamopn-existing-vpc/Vpc/PrivateSubnet1"
383
- }
384
- ],
385
- "VpcId": {
386
- "Ref": "Vpc8378EB38"
387
- }
388
- }
389
- },
390
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
391
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
392
- "Properties": {
393
- "RouteTableId": {
394
- "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
395
- },
396
- "SubnetId": {
397
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
398
- }
399
- }
400
- },
401
- "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
402
- "Type": "AWS::EC2::Route",
403
- "Properties": {
404
- "DestinationCidrBlock": "0.0.0.0/0",
405
- "NatGatewayId": {
406
- "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
407
- },
408
- "RouteTableId": {
409
- "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
410
- }
411
- }
412
- },
413
- "VpcPrivateSubnet2Subnet3788AAA1": {
414
- "Type": "AWS::EC2::Subnet",
415
- "Properties": {
416
- "AvailabilityZone": "test-region-1b",
417
- "CidrBlock": "172.168.128.0/19",
418
- "MapPublicIpOnLaunch": false,
419
- "Tags": [
420
- {
421
- "Key": "aws-cdk:subnet-name",
422
- "Value": "Private"
423
- },
424
- {
425
- "Key": "aws-cdk:subnet-type",
426
- "Value": "Private"
427
- },
428
- {
429
- "Key": "Name",
430
- "Value": "lamopn-existing-vpc/Vpc/PrivateSubnet2"
431
- }
432
- ],
433
- "VpcId": {
434
- "Ref": "Vpc8378EB38"
435
- }
436
- }
437
- },
438
- "VpcPrivateSubnet2RouteTableA678073B": {
439
- "Type": "AWS::EC2::RouteTable",
440
- "Properties": {
441
- "Tags": [
442
- {
443
- "Key": "Name",
444
- "Value": "lamopn-existing-vpc/Vpc/PrivateSubnet2"
445
- }
446
- ],
447
- "VpcId": {
448
- "Ref": "Vpc8378EB38"
449
- }
450
- }
451
- },
452
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
453
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
454
- "Properties": {
455
- "RouteTableId": {
456
- "Ref": "VpcPrivateSubnet2RouteTableA678073B"
457
- },
458
- "SubnetId": {
459
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
460
- }
461
- }
462
- },
463
- "VpcPrivateSubnet2DefaultRoute060D2087": {
464
- "Type": "AWS::EC2::Route",
465
- "Properties": {
466
- "DestinationCidrBlock": "0.0.0.0/0",
467
- "NatGatewayId": {
468
- "Ref": "VpcPublicSubnet2NATGateway9182C01D"
469
- },
470
- "RouteTableId": {
471
- "Ref": "VpcPrivateSubnet2RouteTableA678073B"
472
- }
473
- }
474
- },
475
- "VpcPrivateSubnet3SubnetF258B56E": {
476
- "Type": "AWS::EC2::Subnet",
477
- "Properties": {
478
- "AvailabilityZone": "test-region-1c",
479
- "CidrBlock": "172.168.160.0/19",
480
- "MapPublicIpOnLaunch": false,
481
- "Tags": [
482
- {
483
- "Key": "aws-cdk:subnet-name",
484
- "Value": "Private"
485
- },
486
- {
487
- "Key": "aws-cdk:subnet-type",
488
- "Value": "Private"
489
- },
490
- {
491
- "Key": "Name",
492
- "Value": "lamopn-existing-vpc/Vpc/PrivateSubnet3"
493
- }
494
- ],
495
- "VpcId": {
496
- "Ref": "Vpc8378EB38"
497
- }
498
- }
499
- },
500
- "VpcPrivateSubnet3RouteTableD98824C7": {
501
- "Type": "AWS::EC2::RouteTable",
502
- "Properties": {
503
- "Tags": [
504
- {
505
- "Key": "Name",
506
- "Value": "lamopn-existing-vpc/Vpc/PrivateSubnet3"
507
- }
508
- ],
509
- "VpcId": {
510
- "Ref": "Vpc8378EB38"
511
- }
512
- }
513
- },
514
- "VpcPrivateSubnet3RouteTableAssociation16BDDC43": {
515
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
516
- "Properties": {
517
- "RouteTableId": {
518
- "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
519
- },
520
- "SubnetId": {
521
- "Ref": "VpcPrivateSubnet3SubnetF258B56E"
522
- }
523
- }
524
- },
525
- "VpcPrivateSubnet3DefaultRoute94B74F0D": {
526
- "Type": "AWS::EC2::Route",
527
- "Properties": {
528
- "DestinationCidrBlock": "0.0.0.0/0",
529
- "NatGatewayId": {
530
- "Ref": "VpcPublicSubnet3NATGateway7640CD1D"
531
- },
532
- "RouteTableId": {
533
- "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
534
- }
535
- }
536
- },
537
- "VpcIGWD7BA715C": {
538
- "Type": "AWS::EC2::InternetGateway",
539
- "Properties": {
540
- "Tags": [
541
- {
542
- "Key": "Name",
543
- "Value": "lamopn-existing-vpc/Vpc"
544
- }
545
- ]
546
- }
547
- },
548
- "VpcVPCGWBF912B6E": {
549
- "Type": "AWS::EC2::VPCGatewayAttachment",
550
- "Properties": {
551
- "InternetGatewayId": {
552
- "Ref": "VpcIGWD7BA715C"
553
- },
554
- "VpcId": {
555
- "Ref": "Vpc8378EB38"
556
- }
557
- }
558
- },
559
- "VpcFlowLogIAMRole6A475D41": {
560
- "Type": "AWS::IAM::Role",
561
- "Properties": {
562
- "AssumeRolePolicyDocument": {
563
- "Statement": [
564
- {
565
- "Action": "sts:AssumeRole",
566
- "Effect": "Allow",
567
- "Principal": {
568
- "Service": "vpc-flow-logs.amazonaws.com"
569
- }
570
- }
571
- ],
572
- "Version": "2012-10-17"
573
- },
574
- "Tags": [
575
- {
576
- "Key": "Name",
577
- "Value": "lamopn-existing-vpc/Vpc/FlowLog"
578
- }
579
- ]
580
- }
581
- },
582
- "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
583
- "Type": "AWS::IAM::Policy",
584
- "Properties": {
585
- "PolicyDocument": {
586
- "Statement": [
587
- {
588
- "Action": [
589
- "logs:CreateLogStream",
590
- "logs:PutLogEvents",
591
- "logs:DescribeLogStreams"
592
- ],
593
- "Effect": "Allow",
594
- "Resource": {
595
- "Fn::GetAtt": [
596
- "VpcFlowLogLogGroup7B5C56B9",
597
- "Arn"
598
- ]
599
- }
600
- },
601
- {
602
- "Action": "iam:PassRole",
603
- "Effect": "Allow",
604
- "Resource": {
605
- "Fn::GetAtt": [
606
- "VpcFlowLogIAMRole6A475D41",
607
- "Arn"
608
- ]
609
- }
610
- }
611
- ],
612
- "Version": "2012-10-17"
613
- },
614
- "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
615
- "Roles": [
616
- {
617
- "Ref": "VpcFlowLogIAMRole6A475D41"
618
- }
619
- ]
620
- }
621
- },
622
- "VpcFlowLogLogGroup7B5C56B9": {
623
- "Type": "AWS::Logs::LogGroup",
624
- "Properties": {
625
- "RetentionInDays": 731,
626
- "Tags": [
627
- {
628
- "Key": "Name",
629
- "Value": "lamopn-existing-vpc/Vpc/FlowLog"
630
- }
631
- ]
632
- },
633
- "UpdateReplacePolicy": "Retain",
634
- "DeletionPolicy": "Retain",
635
- "Metadata": {
636
- "cfn_nag": {
637
- "rules_to_suppress": [
638
- {
639
- "id": "W84",
640
- "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
641
- }
642
- ]
643
- }
644
- }
645
- },
646
- "VpcFlowLog8FF33A73": {
647
- "Type": "AWS::EC2::FlowLog",
648
- "Properties": {
649
- "DeliverLogsPermissionArn": {
650
- "Fn::GetAtt": [
651
- "VpcFlowLogIAMRole6A475D41",
652
- "Arn"
653
- ]
654
- },
655
- "LogDestinationType": "cloud-watch-logs",
656
- "LogGroupName": {
657
- "Ref": "VpcFlowLogLogGroup7B5C56B9"
658
- },
659
- "ResourceId": {
660
- "Ref": "Vpc8378EB38"
661
- },
662
- "ResourceType": "VPC",
663
- "Tags": [
664
- {
665
- "Key": "Name",
666
- "Value": "lamopn-existing-vpc/Vpc/FlowLog"
667
- }
668
- ],
669
- "TrafficType": "ALL"
670
- }
671
- },
672
- "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9": {
673
- "Type": "AWS::IAM::Role",
674
- "Properties": {
675
- "AssumeRolePolicyDocument": {
676
- "Statement": [
677
- {
678
- "Action": "sts:AssumeRole",
679
- "Effect": "Allow",
680
- "Principal": {
681
- "Service": "lambda.amazonaws.com"
682
- }
683
- }
684
- ],
685
- "Version": "2012-10-17"
686
- },
687
- "Policies": [
688
- {
689
- "PolicyDocument": {
690
- "Statement": [
691
- {
692
- "Action": [
693
- "logs:CreateLogGroup",
694
- "logs:CreateLogStream",
695
- "logs:PutLogEvents"
696
- ],
697
- "Effect": "Allow",
698
- "Resource": {
699
- "Fn::Join": [
700
- "",
701
- [
702
- "arn:",
703
- {
704
- "Ref": "AWS::Partition"
705
- },
706
- ":logs:",
707
- {
708
- "Ref": "AWS::Region"
709
- },
710
- ":",
711
- {
712
- "Ref": "AWS::AccountId"
713
- },
714
- ":log-group:/aws/lambda/*"
715
- ]
716
- ]
717
- }
718
- }
719
- ],
720
- "Version": "2012-10-17"
721
- },
722
- "PolicyName": "LambdaFunctionServiceRolePolicy"
723
- }
724
- ]
725
- }
726
- },
727
- "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5": {
728
- "Type": "AWS::IAM::Policy",
729
- "Properties": {
730
- "PolicyDocument": {
731
- "Statement": [
732
- {
733
- "Action": [
734
- "ec2:CreateNetworkInterface",
735
- "ec2:DescribeNetworkInterfaces",
736
- "ec2:DeleteNetworkInterface",
737
- "ec2:AssignPrivateIpAddresses",
738
- "ec2:UnassignPrivateIpAddresses"
739
- ],
740
- "Effect": "Allow",
741
- "Resource": "*"
742
- },
743
- {
744
- "Action": [
745
- "xray:PutTraceSegments",
746
- "xray:PutTelemetryRecords"
747
- ],
748
- "Effect": "Allow",
749
- "Resource": "*"
750
- }
751
- ],
752
- "Version": "2012-10-17"
753
- },
754
- "PolicyName": "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5",
755
- "Roles": [
756
- {
757
- "Ref": "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9"
758
- }
759
- ]
760
- },
761
- "Metadata": {
762
- "cfn_nag": {
763
- "rules_to_suppress": [
764
- {
765
- "id": "W12",
766
- "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
767
- }
768
- ]
769
- }
770
- }
771
- },
772
- "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92": {
773
- "Type": "AWS::EC2::SecurityGroup",
774
- "Properties": {
775
- "GroupDescription": "lamopn-existing-vpc/test-lambda-elasticsearch-kibana4/ReplaceDefaultSecurityGroup-security-group",
776
- "SecurityGroupEgress": [
777
- {
778
- "CidrIp": "0.0.0.0/0",
779
- "Description": "Allow all outbound traffic by default",
780
- "IpProtocol": "-1"
781
- }
782
- ],
783
- "VpcId": {
784
- "Ref": "Vpc8378EB38"
785
- }
786
- },
787
- "Metadata": {
788
- "cfn_nag": {
789
- "rules_to_suppress": [
790
- {
791
- "id": "W5",
792
- "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
793
- },
794
- {
795
- "id": "W40",
796
- "reason": "Egress IPProtocol of -1 is default and generally considered OK"
797
- }
798
- ]
799
- }
800
- }
801
- },
802
- "testlambdaelasticsearchkibana4LambdaFunction2C5856DF": {
803
- "Type": "AWS::Lambda::Function",
804
- "Properties": {
805
- "Code": {
806
- "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region",
807
- "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
808
- },
809
- "Environment": {
810
- "Variables": {
811
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
812
- "DOMAIN_ENDPOINT": {
813
- "Fn::GetAtt": [
814
- "testlambdaelasticsearchkibana4OpenSearchDomain94EAD3A3",
815
- "DomainEndpoint"
816
- ]
817
- }
818
- }
819
- },
820
- "Handler": "index.handler",
821
- "Role": {
822
- "Fn::GetAtt": [
823
- "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
824
- "Arn"
825
- ]
826
- },
827
- "Runtime": "nodejs16.x",
828
- "TracingConfig": {
829
- "Mode": "Active"
830
- },
831
- "VpcConfig": {
832
- "SecurityGroupIds": [
833
- {
834
- "Fn::GetAtt": [
835
- "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92",
836
- "GroupId"
837
- ]
838
- }
839
- ],
840
- "SubnetIds": [
841
- {
842
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
843
- },
844
- {
845
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
846
- },
847
- {
848
- "Ref": "VpcPrivateSubnet3SubnetF258B56E"
849
- }
850
- ]
851
- }
852
- },
853
- "DependsOn": [
854
- "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5",
855
- "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
856
- "VpcPrivateSubnet1DefaultRouteBE02A9ED",
857
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
858
- "VpcPrivateSubnet2DefaultRoute060D2087",
859
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
860
- "VpcPrivateSubnet3DefaultRoute94B74F0D",
861
- "VpcPrivateSubnet3RouteTableAssociation16BDDC43"
862
- ],
863
- "Metadata": {
864
- "cfn_nag": {
865
- "rules_to_suppress": [
866
- {
867
- "id": "W58",
868
- "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
869
- },
870
- {
871
- "id": "W89",
872
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
873
- },
874
- {
875
- "id": "W92",
876
- "reason": "Impossible for us to define the correct concurrency for clients"
877
- }
878
- ]
879
- }
880
- }
881
- },
882
- "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1": {
883
- "Type": "AWS::Cognito::UserPool",
884
- "Properties": {
885
- "AccountRecoverySetting": {
886
- "RecoveryMechanisms": [
887
- {
888
- "Name": "verified_phone_number",
889
- "Priority": 1
890
- },
891
- {
892
- "Name": "verified_email",
893
- "Priority": 2
894
- }
895
- ]
896
- },
897
- "AdminCreateUserConfig": {
898
- "AllowAdminCreateUserOnly": true
899
- },
900
- "EmailVerificationMessage": "The verification code to your new account is {####}",
901
- "EmailVerificationSubject": "Verify your new account",
902
- "SmsVerificationMessage": "The verification code to your new account is {####}",
903
- "UserPoolAddOns": {
904
- "AdvancedSecurityMode": "ENFORCED"
905
- },
906
- "VerificationMessageTemplate": {
907
- "DefaultEmailOption": "CONFIRM_WITH_CODE",
908
- "EmailMessage": "The verification code to your new account is {####}",
909
- "EmailSubject": "Verify your new account",
910
- "SmsMessage": "The verification code to your new account is {####}"
911
- }
912
- },
913
- "UpdateReplacePolicy": "Retain",
914
- "DeletionPolicy": "Retain"
915
- },
916
- "testlambdaelasticsearchkibana4CognitoUserPoolClientABBF34C4": {
917
- "Type": "AWS::Cognito::UserPoolClient",
918
- "Properties": {
919
- "AllowedOAuthFlows": [
920
- "implicit",
921
- "code"
922
- ],
923
- "AllowedOAuthFlowsUserPoolClient": true,
924
- "AllowedOAuthScopes": [
925
- "profile",
926
- "phone",
927
- "email",
928
- "openid",
929
- "aws.cognito.signin.user.admin"
930
- ],
931
- "CallbackURLs": [
932
- "https://example.com"
933
- ],
934
- "SupportedIdentityProviders": [
935
- "COGNITO"
936
- ],
937
- "UserPoolId": {
938
- "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
939
- }
940
- }
941
- },
942
- "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793": {
943
- "Type": "AWS::Cognito::IdentityPool",
944
- "Properties": {
945
- "AllowUnauthenticatedIdentities": false,
946
- "CognitoIdentityProviders": [
947
- {
948
- "ClientId": {
949
- "Ref": "testlambdaelasticsearchkibana4CognitoUserPoolClientABBF34C4"
950
- },
951
- "ProviderName": {
952
- "Fn::GetAtt": [
953
- "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1",
954
- "ProviderName"
955
- ]
956
- },
957
- "ServerSideTokenCheck": true
958
- }
959
- ]
960
- }
961
- },
962
- "testlambdaelasticsearchkibana4UserPoolDomain4CAAF2F6": {
963
- "Type": "AWS::Cognito::UserPoolDomain",
964
- "Properties": {
965
- "Domain": {
966
- "Fn::Join": [
967
- "-",
968
- [
969
- "dmn",
970
- {
971
- "Fn::Select": [
972
- 4,
973
- {
974
- "Fn::Split": [
975
- "-",
976
- {
977
- "Fn::Select": [
978
- 2,
979
- {
980
- "Fn::Split": [
981
- "/",
982
- {
983
- "Ref": "AWS::StackId"
984
- }
985
- ]
986
- }
987
- ]
988
- }
989
- ]
990
- }
991
- ]
992
- }
993
- ]
994
- ]
995
- },
996
- "UserPoolId": {
997
- "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
998
- }
999
- },
1000
- "DependsOn": [
1001
- "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
1002
- ]
1003
- },
1004
- "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392": {
1005
- "Type": "AWS::IAM::Role",
1006
- "Properties": {
1007
- "AssumeRolePolicyDocument": {
1008
- "Statement": [
1009
- {
1010
- "Action": "sts:AssumeRoleWithWebIdentity",
1011
- "Condition": {
1012
- "StringEquals": {
1013
- "cognito-identity.amazonaws.com:aud": {
1014
- "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
1015
- }
1016
- },
1017
- "ForAnyValue:StringLike": {
1018
- "cognito-identity.amazonaws.com:amr": "authenticated"
1019
- }
1020
- },
1021
- "Effect": "Allow",
1022
- "Principal": {
1023
- "Federated": "cognito-identity.amazonaws.com"
1024
- }
1025
- }
1026
- ],
1027
- "Version": "2012-10-17"
1028
- },
1029
- "Policies": [
1030
- {
1031
- "PolicyDocument": {
1032
- "Statement": [
1033
- {
1034
- "Action": "es:ESHttp*",
1035
- "Effect": "Allow",
1036
- "Resource": {
1037
- "Fn::Join": [
1038
- "",
1039
- [
1040
- "arn:",
1041
- {
1042
- "Ref": "AWS::Partition"
1043
- },
1044
- ":es:",
1045
- {
1046
- "Ref": "AWS::Region"
1047
- },
1048
- ":",
1049
- {
1050
- "Ref": "AWS::AccountId"
1051
- },
1052
- ":domain/",
1053
- {
1054
- "Fn::Join": [
1055
- "-",
1056
- [
1057
- "dmn",
1058
- {
1059
- "Fn::Select": [
1060
- 4,
1061
- {
1062
- "Fn::Split": [
1063
- "-",
1064
- {
1065
- "Fn::Select": [
1066
- 2,
1067
- {
1068
- "Fn::Split": [
1069
- "/",
1070
- {
1071
- "Ref": "AWS::StackId"
1072
- }
1073
- ]
1074
- }
1075
- ]
1076
- }
1077
- ]
1078
- }
1079
- ]
1080
- }
1081
- ]
1082
- ]
1083
- },
1084
- "/*"
1085
- ]
1086
- ]
1087
- }
1088
- }
1089
- ],
1090
- "Version": "2012-10-17"
1091
- },
1092
- "PolicyName": "CognitoAccessPolicy"
1093
- }
1094
- ]
1095
- }
1096
- },
1097
- "testlambdaelasticsearchkibana4IdentityPoolRoleMapping9378D177": {
1098
- "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
1099
- "Properties": {
1100
- "IdentityPoolId": {
1101
- "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
1102
- },
1103
- "Roles": {
1104
- "authenticated": {
1105
- "Fn::GetAtt": [
1106
- "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392",
1107
- "Arn"
1108
- ]
1109
- }
1110
- }
1111
- }
1112
- },
1113
- "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C": {
1114
- "Type": "AWS::IAM::Role",
1115
- "Properties": {
1116
- "AssumeRolePolicyDocument": {
1117
- "Statement": [
1118
- {
1119
- "Action": "sts:AssumeRole",
1120
- "Effect": "Allow",
1121
- "Principal": {
1122
- "Service": "es.amazonaws.com"
1123
- }
1124
- }
1125
- ],
1126
- "Version": "2012-10-17"
1127
- }
1128
- }
1129
- },
1130
- "testlambdaelasticsearchkibana4CognitoDashboardConfigureRolePolicy1D82A101": {
1131
- "Type": "AWS::IAM::Policy",
1132
- "Properties": {
1133
- "PolicyDocument": {
1134
- "Statement": [
1135
- {
1136
- "Action": [
1137
- "cognito-idp:DescribeUserPool",
1138
- "cognito-idp:CreateUserPoolClient",
1139
- "cognito-idp:DeleteUserPoolClient",
1140
- "cognito-idp:DescribeUserPoolClient",
1141
- "cognito-idp:AdminInitiateAuth",
1142
- "cognito-idp:AdminUserGlobalSignOut",
1143
- "cognito-idp:ListUserPoolClients",
1144
- "cognito-identity:DescribeIdentityPool",
1145
- "cognito-identity:UpdateIdentityPool",
1146
- "cognito-identity:SetIdentityPoolRoles",
1147
- "cognito-identity:GetIdentityPoolRoles",
1148
- "es:UpdateDomainConfig"
1149
- ],
1150
- "Effect": "Allow",
1151
- "Resource": [
1152
- {
1153
- "Fn::GetAtt": [
1154
- "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1",
1155
- "Arn"
1156
- ]
1157
- },
1158
- {
1159
- "Fn::Join": [
1160
- "",
1161
- [
1162
- "arn:",
1163
- {
1164
- "Ref": "AWS::Partition"
1165
- },
1166
- ":cognito-identity:",
1167
- {
1168
- "Ref": "AWS::Region"
1169
- },
1170
- ":",
1171
- {
1172
- "Ref": "AWS::AccountId"
1173
- },
1174
- ":identitypool/",
1175
- {
1176
- "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
1177
- }
1178
- ]
1179
- ]
1180
- },
1181
- {
1182
- "Fn::Join": [
1183
- "",
1184
- [
1185
- "arn:",
1186
- {
1187
- "Ref": "AWS::Partition"
1188
- },
1189
- ":es:",
1190
- {
1191
- "Ref": "AWS::Region"
1192
- },
1193
- ":",
1194
- {
1195
- "Ref": "AWS::AccountId"
1196
- },
1197
- ":domain/",
1198
- {
1199
- "Fn::Join": [
1200
- "-",
1201
- [
1202
- "dmn",
1203
- {
1204
- "Fn::Select": [
1205
- 4,
1206
- {
1207
- "Fn::Split": [
1208
- "-",
1209
- {
1210
- "Fn::Select": [
1211
- 2,
1212
- {
1213
- "Fn::Split": [
1214
- "/",
1215
- {
1216
- "Ref": "AWS::StackId"
1217
- }
1218
- ]
1219
- }
1220
- ]
1221
- }
1222
- ]
1223
- }
1224
- ]
1225
- }
1226
- ]
1227
- ]
1228
- }
1229
- ]
1230
- ]
1231
- }
1232
- ]
1233
- },
1234
- {
1235
- "Action": "iam:PassRole",
1236
- "Condition": {
1237
- "StringLike": {
1238
- "iam:PassedToService": "cognito-identity.amazonaws.com"
1239
- }
1240
- },
1241
- "Effect": "Allow",
1242
- "Resource": {
1243
- "Fn::GetAtt": [
1244
- "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C",
1245
- "Arn"
1246
- ]
1247
- }
1248
- }
1249
- ],
1250
- "Version": "2012-10-17"
1251
- },
1252
- "PolicyName": "testlambdaelasticsearchkibana4CognitoDashboardConfigureRolePolicy1D82A101",
1253
- "Roles": [
1254
- {
1255
- "Ref": "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C"
1256
- }
1257
- ]
1258
- }
1259
- },
1260
- "testlambdaelasticsearchkibana4OpenSearchDomain94EAD3A3": {
1261
- "Type": "AWS::OpenSearchService::Domain",
1262
- "Properties": {
1263
- "AccessPolicies": {
1264
- "Statement": [
1265
- {
1266
- "Action": "es:ESHttp*",
1267
- "Effect": "Allow",
1268
- "Principal": {
1269
- "AWS": [
1270
- {
1271
- "Fn::GetAtt": [
1272
- "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392",
1273
- "Arn"
1274
- ]
1275
- },
1276
- {
1277
- "Fn::GetAtt": [
1278
- "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
1279
- "Arn"
1280
- ]
1281
- }
1282
- ]
1283
- },
1284
- "Resource": {
1285
- "Fn::Join": [
1286
- "",
1287
- [
1288
- "arn:",
1289
- {
1290
- "Ref": "AWS::Partition"
1291
- },
1292
- ":es:",
1293
- {
1294
- "Ref": "AWS::Region"
1295
- },
1296
- ":",
1297
- {
1298
- "Ref": "AWS::AccountId"
1299
- },
1300
- ":domain/",
1301
- {
1302
- "Fn::Join": [
1303
- "-",
1304
- [
1305
- "dmn",
1306
- {
1307
- "Fn::Select": [
1308
- 4,
1309
- {
1310
- "Fn::Split": [
1311
- "-",
1312
- {
1313
- "Fn::Select": [
1314
- 2,
1315
- {
1316
- "Fn::Split": [
1317
- "/",
1318
- {
1319
- "Ref": "AWS::StackId"
1320
- }
1321
- ]
1322
- }
1323
- ]
1324
- }
1325
- ]
1326
- }
1327
- ]
1328
- }
1329
- ]
1330
- ]
1331
- },
1332
- "/*"
1333
- ]
1334
- ]
1335
- }
1336
- }
1337
- ],
1338
- "Version": "2012-10-17"
1339
- },
1340
- "ClusterConfig": {
1341
- "DedicatedMasterCount": 3,
1342
- "DedicatedMasterEnabled": true,
1343
- "InstanceCount": 3,
1344
- "ZoneAwarenessConfig": {
1345
- "AvailabilityZoneCount": 3
1346
- },
1347
- "ZoneAwarenessEnabled": true
1348
- },
1349
- "CognitoOptions": {
1350
- "Enabled": true,
1351
- "IdentityPoolId": {
1352
- "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
1353
- },
1354
- "RoleArn": {
1355
- "Fn::GetAtt": [
1356
- "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C",
1357
- "Arn"
1358
- ]
1359
- },
1360
- "UserPoolId": {
1361
- "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
1362
- }
1363
- },
1364
- "DomainEndpointOptions": {
1365
- "EnforceHTTPS": true,
1366
- "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07"
1367
- },
1368
- "DomainName": {
1369
- "Fn::Join": [
1370
- "-",
1371
- [
1372
- "dmn",
1373
- {
1374
- "Fn::Select": [
1375
- 4,
1376
- {
1377
- "Fn::Split": [
1378
- "-",
1379
- {
1380
- "Fn::Select": [
1381
- 2,
1382
- {
1383
- "Fn::Split": [
1384
- "/",
1385
- {
1386
- "Ref": "AWS::StackId"
1387
- }
1388
- ]
1389
- }
1390
- ]
1391
- }
1392
- ]
1393
- }
1394
- ]
1395
- }
1396
- ]
1397
- ]
1398
- },
1399
- "EBSOptions": {
1400
- "EBSEnabled": true,
1401
- "VolumeSize": 10
1402
- },
1403
- "EncryptionAtRestOptions": {
1404
- "Enabled": true
1405
- },
1406
- "EngineVersion": "OpenSearch_1.3",
1407
- "NodeToNodeEncryptionOptions": {
1408
- "Enabled": true
1409
- },
1410
- "SnapshotOptions": {
1411
- "AutomatedSnapshotStartHour": 1
1412
- },
1413
- "VPCOptions": {
1414
- "SecurityGroupIds": [
1415
- {
1416
- "Fn::GetAtt": [
1417
- "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92",
1418
- "GroupId"
1419
- ]
1420
- }
1421
- ],
1422
- "SubnetIds": [
1423
- {
1424
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
1425
- },
1426
- {
1427
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
1428
- },
1429
- {
1430
- "Ref": "VpcPrivateSubnet3SubnetF258B56E"
1431
- }
1432
- ]
1433
- }
1434
- },
1435
- "Metadata": {
1436
- "cfn_nag": {
1437
- "rules_to_suppress": [
1438
- {
1439
- "id": "W28",
1440
- "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
1441
- },
1442
- {
1443
- "id": "W90",
1444
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
1445
- }
1446
- ]
1447
- }
1448
- }
1449
- },
1450
- "testlambdaelasticsearchkibana4StatusRedAlarm56DEE5C7": {
1451
- "Type": "AWS::CloudWatch::Alarm",
1452
- "Properties": {
1453
- "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
1454
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1455
- "EvaluationPeriods": 1,
1456
- "MetricName": "ClusterStatus.red",
1457
- "Namespace": "AWS/ES",
1458
- "Period": 60,
1459
- "Statistic": "Maximum",
1460
- "Threshold": 1
1461
- }
1462
- },
1463
- "testlambdaelasticsearchkibana4StatusYellowAlarm810B4F9E": {
1464
- "Type": "AWS::CloudWatch::Alarm",
1465
- "Properties": {
1466
- "AlarmDescription": "At least one replica shard is not allocated to a node.",
1467
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1468
- "EvaluationPeriods": 1,
1469
- "MetricName": "ClusterStatus.yellow",
1470
- "Namespace": "AWS/ES",
1471
- "Period": 60,
1472
- "Statistic": "Maximum",
1473
- "Threshold": 1
1474
- }
1475
- },
1476
- "testlambdaelasticsearchkibana4FreeStorageSpaceTooLowAlarmF3FB31EA": {
1477
- "Type": "AWS::CloudWatch::Alarm",
1478
- "Properties": {
1479
- "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
1480
- "ComparisonOperator": "LessThanOrEqualToThreshold",
1481
- "EvaluationPeriods": 1,
1482
- "MetricName": "FreeStorageSpace",
1483
- "Namespace": "AWS/ES",
1484
- "Period": 60,
1485
- "Statistic": "Minimum",
1486
- "Threshold": 20000
1487
- }
1488
- },
1489
- "testlambdaelasticsearchkibana4IndexWritesBlockedTooHighAlarmF2968C92": {
1490
- "Type": "AWS::CloudWatch::Alarm",
1491
- "Properties": {
1492
- "AlarmDescription": "Your cluster is blocking write requests.",
1493
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1494
- "EvaluationPeriods": 1,
1495
- "MetricName": "ClusterIndexWritesBlocked",
1496
- "Namespace": "AWS/ES",
1497
- "Period": 300,
1498
- "Statistic": "Maximum",
1499
- "Threshold": 1
1500
- }
1501
- },
1502
- "testlambdaelasticsearchkibana4AutomatedSnapshotFailureTooHighAlarm53EB1ABB": {
1503
- "Type": "AWS::CloudWatch::Alarm",
1504
- "Properties": {
1505
- "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
1506
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1507
- "EvaluationPeriods": 1,
1508
- "MetricName": "AutomatedSnapshotFailure",
1509
- "Namespace": "AWS/ES",
1510
- "Period": 60,
1511
- "Statistic": "Maximum",
1512
- "Threshold": 1
1513
- }
1514
- },
1515
- "testlambdaelasticsearchkibana4CPUUtilizationTooHighAlarm29B67D10": {
1516
- "Type": "AWS::CloudWatch::Alarm",
1517
- "Properties": {
1518
- "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
1519
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1520
- "EvaluationPeriods": 3,
1521
- "MetricName": "CPUUtilization",
1522
- "Namespace": "AWS/ES",
1523
- "Period": 900,
1524
- "Statistic": "Average",
1525
- "Threshold": 80
1526
- }
1527
- },
1528
- "testlambdaelasticsearchkibana4JVMMemoryPressureTooHighAlarm9DDED711": {
1529
- "Type": "AWS::CloudWatch::Alarm",
1530
- "Properties": {
1531
- "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
1532
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1533
- "EvaluationPeriods": 1,
1534
- "MetricName": "JVMMemoryPressure",
1535
- "Namespace": "AWS/ES",
1536
- "Period": 900,
1537
- "Statistic": "Average",
1538
- "Threshold": 80
1539
- }
1540
- },
1541
- "testlambdaelasticsearchkibana4MasterCPUUtilizationTooHighAlarmE66867F2": {
1542
- "Type": "AWS::CloudWatch::Alarm",
1543
- "Properties": {
1544
- "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
1545
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1546
- "EvaluationPeriods": 3,
1547
- "MetricName": "MasterCPUUtilization",
1548
- "Namespace": "AWS/ES",
1549
- "Period": 900,
1550
- "Statistic": "Average",
1551
- "Threshold": 50
1552
- }
1553
- },
1554
- "testlambdaelasticsearchkibana4MasterJVMMemoryPressureTooHighAlarm83E1822E": {
1555
- "Type": "AWS::CloudWatch::Alarm",
1556
- "Properties": {
1557
- "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
1558
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1559
- "EvaluationPeriods": 1,
1560
- "MetricName": "MasterJVMMemoryPressure",
1561
- "Namespace": "AWS/ES",
1562
- "Period": 900,
1563
- "Statistic": "Average",
1564
- "Threshold": 50
1565
- }
1566
- }
1567
- },
1568
- "Parameters": {
1569
- "BootstrapVersion": {
1570
- "Type": "AWS::SSM::Parameter::Value<String>",
1571
- "Default": "/cdk-bootstrap/hnb659fds/version",
1572
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1573
- }
1574
- },
1575
- "Rules": {
1576
- "CheckBootstrapVersion": {
1577
- "Assertions": [
1578
- {
1579
- "Assert": {
1580
- "Fn::Not": [
1581
- {
1582
- "Fn::Contains": [
1583
- [
1584
- "1",
1585
- "2",
1586
- "3",
1587
- "4",
1588
- "5"
1589
- ],
1590
- {
1591
- "Ref": "BootstrapVersion"
1592
- }
1593
- ]
1594
- }
1595
- ]
1596
- },
1597
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1598
- }
1599
- ]
1600
- }
1601
- }
1602
- }