@aws-solutions-constructs/aws-lambda-secretsmanager 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +9 -8
  6. package/test/integ.lamsec-deployFunction.js +5 -2
  7. package/test/integ.lamsec-deployFunction.js.snapshot/asset.0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8/index.js +8 -0
  8. package/test/integ.lamsec-deployFunction.js.snapshot/cdk.out +1 -0
  9. package/test/integ.lamsec-deployFunction.js.snapshot/integ.json +12 -0
  10. package/test/integ.lamsec-deployFunction.js.snapshot/lamsec-deployFunction.assets.json +32 -0
  11. package/test/integ.lamsec-deployFunction.js.snapshot/lamsec-deployFunction.template.json +208 -0
  12. package/test/integ.lamsec-deployFunction.js.snapshot/lamsecdeployFunctionIntegDefaultTestDeployAssert7322BEEA.assets.json +19 -0
  13. package/test/integ.lamsec-deployFunction.js.snapshot/lamsecdeployFunctionIntegDefaultTestDeployAssert7322BEEA.template.json +36 -0
  14. package/test/integ.lamsec-deployFunction.js.snapshot/manifest.json +131 -0
  15. package/test/integ.lamsec-deployFunction.js.snapshot/tree.json +342 -0
  16. package/test/integ.lamsec-deployFunctionWithExistingVpc.js +6 -2
  17. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/asset.0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8/index.js +8 -0
  18. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  19. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  20. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/cdk.out +1 -0
  21. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/integ.json +12 -0
  22. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/lamsec-deployFunctionWithExistingVpc.assets.json +45 -0
  23. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/lamsec-deployFunctionWithExistingVpc.template.json +1019 -0
  24. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/lamsecdeployFunctionWithExistingVpcIntegDefaultTestDeployAssert647243A7.assets.json +19 -0
  25. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/lamsecdeployFunctionWithExistingVpcIntegDefaultTestDeployAssert647243A7.template.json +36 -0
  26. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/manifest.json +329 -0
  27. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/tree.json +1393 -0
  28. package/test/integ.lamsec-deployFunctionWithVpc.js +6 -2
  29. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/asset.0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8/index.js +8 -0
  30. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  31. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  32. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/cdk.out +1 -0
  33. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/integ.json +12 -0
  34. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/lamsec-deployFunctionWithVpc.assets.json +45 -0
  35. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/lamsec-deployFunctionWithVpc.template.json +735 -0
  36. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/lamsecdeployFunctionWithVpcIntegDefaultTestDeployAssert66148FF5.assets.json +19 -0
  37. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/lamsecdeployFunctionWithVpcIntegDefaultTestDeployAssert66148FF5.template.json +36 -0
  38. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/manifest.json +233 -0
  39. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/tree.json +981 -0
  40. package/test/integ.lamsec-existingFunction.js +5 -2
  41. package/test/integ.lamsec-existingFunction.js.snapshot/asset.0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8/index.js +8 -0
  42. package/test/integ.lamsec-existingFunction.js.snapshot/cdk.out +1 -0
  43. package/test/integ.lamsec-existingFunction.js.snapshot/integ.json +12 -0
  44. package/test/integ.lamsec-existingFunction.js.snapshot/lamsec-existingFunction.assets.json +32 -0
  45. package/test/integ.lamsec-existingFunction.js.snapshot/lamsec-existingFunction.template.json +208 -0
  46. package/test/integ.lamsec-existingFunction.js.snapshot/lamsecexistingFunctionIntegDefaultTestDeployAssert295B352B.assets.json +19 -0
  47. package/test/integ.lamsec-existingFunction.js.snapshot/lamsecexistingFunctionIntegDefaultTestDeployAssert295B352B.template.json +36 -0
  48. package/test/integ.lamsec-existingFunction.js.snapshot/manifest.json +131 -0
  49. package/test/integ.lamsec-existingFunction.js.snapshot/tree.json +342 -0
  50. package/test/integ.lamsec-deployFunction.expected.json +0 -208
  51. package/test/integ.lamsec-deployFunctionWithExistingVpc.expected.json +0 -1044
  52. package/test/integ.lamsec-deployFunctionWithVpc.expected.json +0 -650
  53. package/test/integ.lamsec-existingFunction.expected.json +0 -208
package/test/integ.lamsec-deployFunctionWithExistingVpc.expected.json DELETED
@@ -1,1044 +0,0 @@
1
- {
2
- "Description": "Integration Test for aws-lambda-secretsmanager",
3
- "Resources": {
4
- "Vpc8378EB38": {
5
- "Type": "AWS::EC2::VPC",
6
- "Properties": {
7
- "CidrBlock": "10.0.0.0/16",
8
- "EnableDnsHostnames": true,
9
- "EnableDnsSupport": true,
10
- "InstanceTenancy": "default",
11
- "Tags": [
12
- {
13
- "Key": "Name",
14
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc"
15
- }
16
- ]
17
- }
18
- },
19
- "VpcPublicSubnet1Subnet5C2D37C4": {
20
- "Type": "AWS::EC2::Subnet",
21
- "Properties": {
22
- "AvailabilityZone": "test-region-1a",
23
- "CidrBlock": "10.0.0.0/19",
24
- "MapPublicIpOnLaunch": true,
25
- "Tags": [
26
- {
27
- "Key": "aws-cdk:subnet-name",
28
- "Value": "Public"
29
- },
30
- {
31
- "Key": "aws-cdk:subnet-type",
32
- "Value": "Public"
33
- },
34
- {
35
- "Key": "Name",
36
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet1"
37
- }
38
- ],
39
- "VpcId": {
40
- "Ref": "Vpc8378EB38"
41
- }
42
- },
43
- "Metadata": {
44
- "cfn_nag": {
45
- "rules_to_suppress": [
46
- {
47
- "id": "W33",
48
- "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
49
- }
50
- ]
51
- }
52
- }
53
- },
54
- "VpcPublicSubnet1RouteTable6C95E38E": {
55
- "Type": "AWS::EC2::RouteTable",
56
- "Properties": {
57
- "Tags": [
58
- {
59
- "Key": "Name",
60
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet1"
61
- }
62
- ],
63
- "VpcId": {
64
- "Ref": "Vpc8378EB38"
65
- }
66
- }
67
- },
68
- "VpcPublicSubnet1RouteTableAssociation97140677": {
69
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
70
- "Properties": {
71
- "RouteTableId": {
72
- "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
73
- },
74
- "SubnetId": {
75
- "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
76
- }
77
- }
78
- },
79
- "VpcPublicSubnet1DefaultRoute3DA9E72A": {
80
- "Type": "AWS::EC2::Route",
81
- "Properties": {
82
- "DestinationCidrBlock": "0.0.0.0/0",
83
- "GatewayId": {
84
- "Ref": "VpcIGWD7BA715C"
85
- },
86
- "RouteTableId": {
87
- "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
88
- }
89
- },
90
- "DependsOn": [
91
- "VpcVPCGWBF912B6E"
92
- ]
93
- },
94
- "VpcPublicSubnet1EIPD7E02669": {
95
- "Type": "AWS::EC2::EIP",
96
- "Properties": {
97
- "Domain": "vpc",
98
- "Tags": [
99
- {
100
- "Key": "Name",
101
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet1"
102
- }
103
- ]
104
- }
105
- },
106
- "VpcPublicSubnet1NATGateway4D7517AA": {
107
- "Type": "AWS::EC2::NatGateway",
108
- "Properties": {
109
- "AllocationId": {
110
- "Fn::GetAtt": [
111
- "VpcPublicSubnet1EIPD7E02669",
112
- "AllocationId"
113
- ]
114
- },
115
- "SubnetId": {
116
- "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
117
- },
118
- "Tags": [
119
- {
120
- "Key": "Name",
121
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet1"
122
- }
123
- ]
124
- },
125
- "DependsOn": [
126
- "VpcPublicSubnet1DefaultRoute3DA9E72A",
127
- "VpcPublicSubnet1RouteTableAssociation97140677"
128
- ]
129
- },
130
- "VpcPublicSubnet2Subnet691E08A3": {
131
- "Type": "AWS::EC2::Subnet",
132
- "Properties": {
133
- "AvailabilityZone": "test-region-1b",
134
- "CidrBlock": "10.0.32.0/19",
135
- "MapPublicIpOnLaunch": true,
136
- "Tags": [
137
- {
138
- "Key": "aws-cdk:subnet-name",
139
- "Value": "Public"
140
- },
141
- {
142
- "Key": "aws-cdk:subnet-type",
143
- "Value": "Public"
144
- },
145
- {
146
- "Key": "Name",
147
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet2"
148
- }
149
- ],
150
- "VpcId": {
151
- "Ref": "Vpc8378EB38"
152
- }
153
- },
154
- "Metadata": {
155
- "cfn_nag": {
156
- "rules_to_suppress": [
157
- {
158
- "id": "W33",
159
- "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
160
- }
161
- ]
162
- }
163
- }
164
- },
165
- "VpcPublicSubnet2RouteTable94F7E489": {
166
- "Type": "AWS::EC2::RouteTable",
167
- "Properties": {
168
- "Tags": [
169
- {
170
- "Key": "Name",
171
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet2"
172
- }
173
- ],
174
- "VpcId": {
175
- "Ref": "Vpc8378EB38"
176
- }
177
- }
178
- },
179
- "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
180
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
181
- "Properties": {
182
- "RouteTableId": {
183
- "Ref": "VpcPublicSubnet2RouteTable94F7E489"
184
- },
185
- "SubnetId": {
186
- "Ref": "VpcPublicSubnet2Subnet691E08A3"
187
- }
188
- }
189
- },
190
- "VpcPublicSubnet2DefaultRoute97F91067": {
191
- "Type": "AWS::EC2::Route",
192
- "Properties": {
193
- "DestinationCidrBlock": "0.0.0.0/0",
194
- "GatewayId": {
195
- "Ref": "VpcIGWD7BA715C"
196
- },
197
- "RouteTableId": {
198
- "Ref": "VpcPublicSubnet2RouteTable94F7E489"
199
- }
200
- },
201
- "DependsOn": [
202
- "VpcVPCGWBF912B6E"
203
- ]
204
- },
205
- "VpcPublicSubnet2EIP3C605A87": {
206
- "Type": "AWS::EC2::EIP",
207
- "Properties": {
208
- "Domain": "vpc",
209
- "Tags": [
210
- {
211
- "Key": "Name",
212
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet2"
213
- }
214
- ]
215
- }
216
- },
217
- "VpcPublicSubnet2NATGateway9182C01D": {
218
- "Type": "AWS::EC2::NatGateway",
219
- "Properties": {
220
- "AllocationId": {
221
- "Fn::GetAtt": [
222
- "VpcPublicSubnet2EIP3C605A87",
223
- "AllocationId"
224
- ]
225
- },
226
- "SubnetId": {
227
- "Ref": "VpcPublicSubnet2Subnet691E08A3"
228
- },
229
- "Tags": [
230
- {
231
- "Key": "Name",
232
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet2"
233
- }
234
- ]
235
- },
236
- "DependsOn": [
237
- "VpcPublicSubnet2DefaultRoute97F91067",
238
- "VpcPublicSubnet2RouteTableAssociationDD5762D8"
239
- ]
240
- },
241
- "VpcPublicSubnet3SubnetBE12F0B6": {
242
- "Type": "AWS::EC2::Subnet",
243
- "Properties": {
244
- "AvailabilityZone": "test-region-1c",
245
- "CidrBlock": "10.0.64.0/19",
246
- "MapPublicIpOnLaunch": true,
247
- "Tags": [
248
- {
249
- "Key": "aws-cdk:subnet-name",
250
- "Value": "Public"
251
- },
252
- {
253
- "Key": "aws-cdk:subnet-type",
254
- "Value": "Public"
255
- },
256
- {
257
- "Key": "Name",
258
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet3"
259
- }
260
- ],
261
- "VpcId": {
262
- "Ref": "Vpc8378EB38"
263
- }
264
- },
265
- "Metadata": {
266
- "cfn_nag": {
267
- "rules_to_suppress": [
268
- {
269
- "id": "W33",
270
- "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
271
- }
272
- ]
273
- }
274
- }
275
- },
276
- "VpcPublicSubnet3RouteTable93458DBB": {
277
- "Type": "AWS::EC2::RouteTable",
278
- "Properties": {
279
- "Tags": [
280
- {
281
- "Key": "Name",
282
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet3"
283
- }
284
- ],
285
- "VpcId": {
286
- "Ref": "Vpc8378EB38"
287
- }
288
- }
289
- },
290
- "VpcPublicSubnet3RouteTableAssociation1F1EDF02": {
291
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
292
- "Properties": {
293
- "RouteTableId": {
294
- "Ref": "VpcPublicSubnet3RouteTable93458DBB"
295
- },
296
- "SubnetId": {
297
- "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
298
- }
299
- }
300
- },
301
- "VpcPublicSubnet3DefaultRoute4697774F": {
302
- "Type": "AWS::EC2::Route",
303
- "Properties": {
304
- "DestinationCidrBlock": "0.0.0.0/0",
305
- "GatewayId": {
306
- "Ref": "VpcIGWD7BA715C"
307
- },
308
- "RouteTableId": {
309
- "Ref": "VpcPublicSubnet3RouteTable93458DBB"
310
- }
311
- },
312
- "DependsOn": [
313
- "VpcVPCGWBF912B6E"
314
- ]
315
- },
316
- "VpcPublicSubnet3EIP3A666A23": {
317
- "Type": "AWS::EC2::EIP",
318
- "Properties": {
319
- "Domain": "vpc",
320
- "Tags": [
321
- {
322
- "Key": "Name",
323
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet3"
324
- }
325
- ]
326
- }
327
- },
328
- "VpcPublicSubnet3NATGateway7640CD1D": {
329
- "Type": "AWS::EC2::NatGateway",
330
- "Properties": {
331
- "AllocationId": {
332
- "Fn::GetAtt": [
333
- "VpcPublicSubnet3EIP3A666A23",
334
- "AllocationId"
335
- ]
336
- },
337
- "SubnetId": {
338
- "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
339
- },
340
- "Tags": [
341
- {
342
- "Key": "Name",
343
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PublicSubnet3"
344
- }
345
- ]
346
- },
347
- "DependsOn": [
348
- "VpcPublicSubnet3DefaultRoute4697774F",
349
- "VpcPublicSubnet3RouteTableAssociation1F1EDF02"
350
- ]
351
- },
352
- "VpcPrivateSubnet1Subnet536B997A": {
353
- "Type": "AWS::EC2::Subnet",
354
- "Properties": {
355
- "AvailabilityZone": "test-region-1a",
356
- "CidrBlock": "10.0.96.0/19",
357
- "MapPublicIpOnLaunch": false,
358
- "Tags": [
359
- {
360
- "Key": "aws-cdk:subnet-name",
361
- "Value": "Private"
362
- },
363
- {
364
- "Key": "aws-cdk:subnet-type",
365
- "Value": "Private"
366
- },
367
- {
368
- "Key": "Name",
369
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PrivateSubnet1"
370
- }
371
- ],
372
- "VpcId": {
373
- "Ref": "Vpc8378EB38"
374
- }
375
- }
376
- },
377
- "VpcPrivateSubnet1RouteTableB2C5B500": {
378
- "Type": "AWS::EC2::RouteTable",
379
- "Properties": {
380
- "Tags": [
381
- {
382
- "Key": "Name",
383
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PrivateSubnet1"
384
- }
385
- ],
386
- "VpcId": {
387
- "Ref": "Vpc8378EB38"
388
- }
389
- }
390
- },
391
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
392
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
393
- "Properties": {
394
- "RouteTableId": {
395
- "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
396
- },
397
- "SubnetId": {
398
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
399
- }
400
- }
401
- },
402
- "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
403
- "Type": "AWS::EC2::Route",
404
- "Properties": {
405
- "DestinationCidrBlock": "0.0.0.0/0",
406
- "NatGatewayId": {
407
- "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
408
- },
409
- "RouteTableId": {
410
- "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
411
- }
412
- }
413
- },
414
- "VpcPrivateSubnet2Subnet3788AAA1": {
415
- "Type": "AWS::EC2::Subnet",
416
- "Properties": {
417
- "AvailabilityZone": "test-region-1b",
418
- "CidrBlock": "10.0.128.0/19",
419
- "MapPublicIpOnLaunch": false,
420
- "Tags": [
421
- {
422
- "Key": "aws-cdk:subnet-name",
423
- "Value": "Private"
424
- },
425
- {
426
- "Key": "aws-cdk:subnet-type",
427
- "Value": "Private"
428
- },
429
- {
430
- "Key": "Name",
431
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PrivateSubnet2"
432
- }
433
- ],
434
- "VpcId": {
435
- "Ref": "Vpc8378EB38"
436
- }
437
- }
438
- },
439
- "VpcPrivateSubnet2RouteTableA678073B": {
440
- "Type": "AWS::EC2::RouteTable",
441
- "Properties": {
442
- "Tags": [
443
- {
444
- "Key": "Name",
445
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PrivateSubnet2"
446
- }
447
- ],
448
- "VpcId": {
449
- "Ref": "Vpc8378EB38"
450
- }
451
- }
452
- },
453
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
454
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
455
- "Properties": {
456
- "RouteTableId": {
457
- "Ref": "VpcPrivateSubnet2RouteTableA678073B"
458
- },
459
- "SubnetId": {
460
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
461
- }
462
- }
463
- },
464
- "VpcPrivateSubnet2DefaultRoute060D2087": {
465
- "Type": "AWS::EC2::Route",
466
- "Properties": {
467
- "DestinationCidrBlock": "0.0.0.0/0",
468
- "NatGatewayId": {
469
- "Ref": "VpcPublicSubnet2NATGateway9182C01D"
470
- },
471
- "RouteTableId": {
472
- "Ref": "VpcPrivateSubnet2RouteTableA678073B"
473
- }
474
- }
475
- },
476
- "VpcPrivateSubnet3SubnetF258B56E": {
477
- "Type": "AWS::EC2::Subnet",
478
- "Properties": {
479
- "AvailabilityZone": "test-region-1c",
480
- "CidrBlock": "10.0.160.0/19",
481
- "MapPublicIpOnLaunch": false,
482
- "Tags": [
483
- {
484
- "Key": "aws-cdk:subnet-name",
485
- "Value": "Private"
486
- },
487
- {
488
- "Key": "aws-cdk:subnet-type",
489
- "Value": "Private"
490
- },
491
- {
492
- "Key": "Name",
493
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PrivateSubnet3"
494
- }
495
- ],
496
- "VpcId": {
497
- "Ref": "Vpc8378EB38"
498
- }
499
- }
500
- },
501
- "VpcPrivateSubnet3RouteTableD98824C7": {
502
- "Type": "AWS::EC2::RouteTable",
503
- "Properties": {
504
- "Tags": [
505
- {
506
- "Key": "Name",
507
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/PrivateSubnet3"
508
- }
509
- ],
510
- "VpcId": {
511
- "Ref": "Vpc8378EB38"
512
- }
513
- }
514
- },
515
- "VpcPrivateSubnet3RouteTableAssociation16BDDC43": {
516
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
517
- "Properties": {
518
- "RouteTableId": {
519
- "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
520
- },
521
- "SubnetId": {
522
- "Ref": "VpcPrivateSubnet3SubnetF258B56E"
523
- }
524
- }
525
- },
526
- "VpcPrivateSubnet3DefaultRoute94B74F0D": {
527
- "Type": "AWS::EC2::Route",
528
- "Properties": {
529
- "DestinationCidrBlock": "0.0.0.0/0",
530
- "NatGatewayId": {
531
- "Ref": "VpcPublicSubnet3NATGateway7640CD1D"
532
- },
533
- "RouteTableId": {
534
- "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
535
- }
536
- }
537
- },
538
- "VpcIGWD7BA715C": {
539
- "Type": "AWS::EC2::InternetGateway",
540
- "Properties": {
541
- "Tags": [
542
- {
543
- "Key": "Name",
544
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc"
545
- }
546
- ]
547
- }
548
- },
549
- "VpcVPCGWBF912B6E": {
550
- "Type": "AWS::EC2::VPCGatewayAttachment",
551
- "Properties": {
552
- "InternetGatewayId": {
553
- "Ref": "VpcIGWD7BA715C"
554
- },
555
- "VpcId": {
556
- "Ref": "Vpc8378EB38"
557
- }
558
- }
559
- },
560
- "VpcFlowLogIAMRole6A475D41": {
561
- "Type": "AWS::IAM::Role",
562
- "Properties": {
563
- "AssumeRolePolicyDocument": {
564
- "Statement": [
565
- {
566
- "Action": "sts:AssumeRole",
567
- "Effect": "Allow",
568
- "Principal": {
569
- "Service": "vpc-flow-logs.amazonaws.com"
570
- }
571
- }
572
- ],
573
- "Version": "2012-10-17"
574
- },
575
- "Tags": [
576
- {
577
- "Key": "Name",
578
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/FlowLog"
579
- }
580
- ]
581
- }
582
- },
583
- "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
584
- "Type": "AWS::IAM::Policy",
585
- "Properties": {
586
- "PolicyDocument": {
587
- "Statement": [
588
- {
589
- "Action": [
590
- "logs:CreateLogStream",
591
- "logs:PutLogEvents",
592
- "logs:DescribeLogStreams"
593
- ],
594
- "Effect": "Allow",
595
- "Resource": {
596
- "Fn::GetAtt": [
597
- "VpcFlowLogLogGroup7B5C56B9",
598
- "Arn"
599
- ]
600
- }
601
- },
602
- {
603
- "Action": "iam:PassRole",
604
- "Effect": "Allow",
605
- "Resource": {
606
- "Fn::GetAtt": [
607
- "VpcFlowLogIAMRole6A475D41",
608
- "Arn"
609
- ]
610
- }
611
- }
612
- ],
613
- "Version": "2012-10-17"
614
- },
615
- "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
616
- "Roles": [
617
- {
618
- "Ref": "VpcFlowLogIAMRole6A475D41"
619
- }
620
- ]
621
- }
622
- },
623
- "VpcFlowLogLogGroup7B5C56B9": {
624
- "Type": "AWS::Logs::LogGroup",
625
- "Properties": {
626
- "RetentionInDays": 731,
627
- "Tags": [
628
- {
629
- "Key": "Name",
630
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/FlowLog"
631
- }
632
- ]
633
- },
634
- "UpdateReplacePolicy": "Retain",
635
- "DeletionPolicy": "Retain",
636
- "Metadata": {
637
- "cfn_nag": {
638
- "rules_to_suppress": [
639
- {
640
- "id": "W84",
641
- "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
642
- }
643
- ]
644
- }
645
- }
646
- },
647
- "VpcFlowLog8FF33A73": {
648
- "Type": "AWS::EC2::FlowLog",
649
- "Properties": {
650
- "DeliverLogsPermissionArn": {
651
- "Fn::GetAtt": [
652
- "VpcFlowLogIAMRole6A475D41",
653
- "Arn"
654
- ]
655
- },
656
- "LogDestinationType": "cloud-watch-logs",
657
- "LogGroupName": {
658
- "Ref": "VpcFlowLogLogGroup7B5C56B9"
659
- },
660
- "ResourceId": {
661
- "Ref": "Vpc8378EB38"
662
- },
663
- "ResourceType": "VPC",
664
- "Tags": [
665
- {
666
- "Key": "Name",
667
- "Value": "lamsec-deployFunctionWithExistingVpc/Vpc/FlowLog"
668
- }
669
- ],
670
- "TrafficType": "ALL"
671
- }
672
- },
673
- "VpcSECRETSMANAGERF52907C2": {
674
- "Type": "AWS::EC2::VPCEndpoint",
675
- "Properties": {
676
- "PrivateDnsEnabled": true,
677
- "SecurityGroupIds": [
678
- {
679
- "Fn::GetAtt": [
680
- "lamsecdeployFunctionWithExistingVpcSECRETSMANAGERsecuritygroup30E54F0F",
681
- "GroupId"
682
- ]
683
- }
684
- ],
685
- "ServiceName": {
686
- "Fn::Join": [
687
- "",
688
- [
689
- "com.amazonaws.",
690
- {
691
- "Ref": "AWS::Region"
692
- },
693
- ".secretsmanager"
694
- ]
695
- ]
696
- },
697
- "SubnetIds": [
698
- {
699
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
700
- },
701
- {
702
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
703
- },
704
- {
705
- "Ref": "VpcPrivateSubnet3SubnetF258B56E"
706
- }
707
- ],
708
- "VpcEndpointType": "Interface",
709
- "VpcId": {
710
- "Ref": "Vpc8378EB38"
711
- }
712
- }
713
- },
714
- "testlambdasecretsmanagerstackLambdaFunctionServiceRole4FE7A9C6": {
715
- "Type": "AWS::IAM::Role",
716
- "Properties": {
717
- "AssumeRolePolicyDocument": {
718
- "Statement": [
719
- {
720
- "Action": "sts:AssumeRole",
721
- "Effect": "Allow",
722
- "Principal": {
723
- "Service": "lambda.amazonaws.com"
724
- }
725
- }
726
- ],
727
- "Version": "2012-10-17"
728
- },
729
- "Policies": [
730
- {
731
- "PolicyDocument": {
732
- "Statement": [
733
- {
734
- "Action": [
735
- "logs:CreateLogGroup",
736
- "logs:CreateLogStream",
737
- "logs:PutLogEvents"
738
- ],
739
- "Effect": "Allow",
740
- "Resource": {
741
- "Fn::Join": [
742
- "",
743
- [
744
- "arn:",
745
- {
746
- "Ref": "AWS::Partition"
747
- },
748
- ":logs:",
749
- {
750
- "Ref": "AWS::Region"
751
- },
752
- ":",
753
- {
754
- "Ref": "AWS::AccountId"
755
- },
756
- ":log-group:/aws/lambda/*"
757
- ]
758
- ]
759
- }
760
- }
761
- ],
762
- "Version": "2012-10-17"
763
- },
764
- "PolicyName": "LambdaFunctionServiceRolePolicy"
765
- }
766
- ]
767
- }
768
- },
769
- "testlambdasecretsmanagerstackLambdaFunctionServiceRoleDefaultPolicy2F46FC5F": {
770
- "Type": "AWS::IAM::Policy",
771
- "Properties": {
772
- "PolicyDocument": {
773
- "Statement": [
774
- {
775
- "Action": [
776
- "ec2:CreateNetworkInterface",
777
- "ec2:DescribeNetworkInterfaces",
778
- "ec2:DeleteNetworkInterface",
779
- "ec2:AssignPrivateIpAddresses",
780
- "ec2:UnassignPrivateIpAddresses"
781
- ],
782
- "Effect": "Allow",
783
- "Resource": "*"
784
- },
785
- {
786
- "Action": [
787
- "xray:PutTraceSegments",
788
- "xray:PutTelemetryRecords"
789
- ],
790
- "Effect": "Allow",
791
- "Resource": "*"
792
- },
793
- {
794
- "Action": [
795
- "secretsmanager:GetSecretValue",
796
- "secretsmanager:DescribeSecret"
797
- ],
798
- "Effect": "Allow",
799
- "Resource": {
800
- "Ref": "testlambdasecretsmanagerstacksecretC2FCB96E"
801
- }
802
- }
803
- ],
804
- "Version": "2012-10-17"
805
- },
806
- "PolicyName": "testlambdasecretsmanagerstackLambdaFunctionServiceRoleDefaultPolicy2F46FC5F",
807
- "Roles": [
808
- {
809
- "Ref": "testlambdasecretsmanagerstackLambdaFunctionServiceRole4FE7A9C6"
810
- }
811
- ]
812
- },
813
- "Metadata": {
814
- "cfn_nag": {
815
- "rules_to_suppress": [
816
- {
817
- "id": "W12",
818
- "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
819
- }
820
- ]
821
- }
822
- }
823
- },
824
- "testlambdasecretsmanagerstackReplaceDefaultSecurityGroupsecuritygroupBBE9275E": {
825
- "Type": "AWS::EC2::SecurityGroup",
826
- "Properties": {
827
- "GroupDescription": "lamsec-deployFunctionWithExistingVpc/test-lambda-secretsmanager-stack/ReplaceDefaultSecurityGroup-security-group",
828
- "SecurityGroupEgress": [
829
- {
830
- "CidrIp": "0.0.0.0/0",
831
- "Description": "Allow all outbound traffic by default",
832
- "IpProtocol": "-1"
833
- }
834
- ],
835
- "VpcId": {
836
- "Ref": "Vpc8378EB38"
837
- }
838
- },
839
- "Metadata": {
840
- "cfn_nag": {
841
- "rules_to_suppress": [
842
- {
843
- "id": "W5",
844
- "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
845
- },
846
- {
847
- "id": "W40",
848
- "reason": "Egress IPProtocol of -1 is default and generally considered OK"
849
- }
850
- ]
851
- }
852
- }
853
- },
854
- "testlambdasecretsmanagerstackLambdaFunction2DDE520A": {
855
- "Type": "AWS::Lambda::Function",
856
- "Properties": {
857
- "Code": {
858
- "S3Bucket": {
859
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
860
- },
861
- "S3Key": "0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8.zip"
862
- },
863
- "Environment": {
864
- "Variables": {
865
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
866
- "SECRET_ARN": {
867
- "Ref": "testlambdasecretsmanagerstacksecretC2FCB96E"
868
- }
869
- }
870
- },
871
- "Handler": "index.handler",
872
- "Role": {
873
- "Fn::GetAtt": [
874
- "testlambdasecretsmanagerstackLambdaFunctionServiceRole4FE7A9C6",
875
- "Arn"
876
- ]
877
- },
878
- "Runtime": "nodejs16.x",
879
- "TracingConfig": {
880
- "Mode": "Active"
881
- },
882
- "VpcConfig": {
883
- "SecurityGroupIds": [
884
- {
885
- "Fn::GetAtt": [
886
- "testlambdasecretsmanagerstackReplaceDefaultSecurityGroupsecuritygroupBBE9275E",
887
- "GroupId"
888
- ]
889
- }
890
- ],
891
- "SubnetIds": [
892
- {
893
- "Ref": "VpcPrivateSubnet1Subnet536B997A"
894
- },
895
- {
896
- "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
897
- },
898
- {
899
- "Ref": "VpcPrivateSubnet3SubnetF258B56E"
900
- }
901
- ]
902
- }
903
- },
904
- "DependsOn": [
905
- "testlambdasecretsmanagerstackLambdaFunctionServiceRoleDefaultPolicy2F46FC5F",
906
- "testlambdasecretsmanagerstackLambdaFunctionServiceRole4FE7A9C6",
907
- "VpcPrivateSubnet1DefaultRouteBE02A9ED",
908
- "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
909
- "VpcPrivateSubnet2DefaultRoute060D2087",
910
- "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
911
- "VpcPrivateSubnet3DefaultRoute94B74F0D",
912
- "VpcPrivateSubnet3RouteTableAssociation16BDDC43"
913
- ],
914
- "Metadata": {
915
- "cfn_nag": {
916
- "rules_to_suppress": [
917
- {
918
- "id": "W58",
919
- "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
920
- },
921
- {
922
- "id": "W89",
923
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
924
- },
925
- {
926
- "id": "W92",
927
- "reason": "Impossible for us to define the correct concurrency for clients"
928
- }
929
- ]
930
- }
931
- }
932
- },
933
- "testlambdasecretsmanagerstacksecretC2FCB96E": {
934
- "Type": "AWS::SecretsManager::Secret",
935
- "Properties": {
936
- "GenerateSecretString": {}
937
- },
938
- "UpdateReplacePolicy": "Delete",
939
- "DeletionPolicy": "Delete",
940
- "Metadata": {
941
- "cfn_nag": {
942
- "rules_to_suppress": [
943
- {
944
- "id": "W77",
945
- "reason": "We allow the use of the AWS account default key aws/secretsmanager for secret encryption."
946
- }
947
- ]
948
- }
949
- }
950
- },
951
- "lamsecdeployFunctionWithExistingVpcSECRETSMANAGERsecuritygroup30E54F0F": {
952
- "Type": "AWS::EC2::SecurityGroup",
953
- "Properties": {
954
- "GroupDescription": "lamsec-deployFunctionWithExistingVpc/lamsec-deployFunctionWithExistingVpc-SECRETS_MANAGER-security-group",
955
- "SecurityGroupEgress": [
956
- {
957
- "CidrIp": "0.0.0.0/0",
958
- "Description": "Allow all outbound traffic by default",
959
- "IpProtocol": "-1"
960
- }
961
- ],
962
- "SecurityGroupIngress": [
963
- {
964
- "CidrIp": {
965
- "Fn::GetAtt": [
966
- "Vpc8378EB38",
967
- "CidrBlock"
968
- ]
969
- },
970
- "Description": {
971
- "Fn::Join": [
972
- "",
973
- [
974
- "from ",
975
- {
976
- "Fn::GetAtt": [
977
- "Vpc8378EB38",
978
- "CidrBlock"
979
- ]
980
- },
981
- ":443"
982
- ]
983
- ]
984
- },
985
- "FromPort": 443,
986
- "IpProtocol": "tcp",
987
- "ToPort": 443
988
- }
989
- ],
990
- "VpcId": {
991
- "Ref": "Vpc8378EB38"
992
- }
993
- },
994
- "Metadata": {
995
- "cfn_nag": {
996
- "rules_to_suppress": [
997
- {
998
- "id": "W5",
999
- "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
1000
- },
1001
- {
1002
- "id": "W40",
1003
- "reason": "Egress IPProtocol of -1 is default and generally considered OK"
1004
- }
1005
- ]
1006
- }
1007
- }
1008
- }
1009
- },
1010
- "Parameters": {
1011
- "BootstrapVersion": {
1012
- "Type": "AWS::SSM::Parameter::Value<String>",
1013
- "Default": "/cdk-bootstrap/hnb659fds/version",
1014
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1015
- }
1016
- },
1017
- "Rules": {
1018
- "CheckBootstrapVersion": {
1019
- "Assertions": [
1020
- {
1021
- "Assert": {
1022
- "Fn::Not": [
1023
- {
1024
- "Fn::Contains": [
1025
- [
1026
- "1",
1027
- "2",
1028
- "3",
1029
- "4",
1030
- "5"
1031
- ],
1032
- {
1033
- "Ref": "BootstrapVersion"
1034
- }
1035
- ]
1036
- }
1037
- ]
1038
- },
1039
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1040
- }
1041
- ]
1042
- }
1043
- }
1044
- }