@aws-solutions-constructs/aws-lambda-secretsmanager 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +9 -8
  6. package/test/integ.lamsec-deployFunction.js +5 -2
  7. package/test/integ.lamsec-deployFunction.js.snapshot/asset.0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8/index.js +8 -0
  8. package/test/integ.lamsec-deployFunction.js.snapshot/cdk.out +1 -0
  9. package/test/integ.lamsec-deployFunction.js.snapshot/integ.json +12 -0
  10. package/test/integ.lamsec-deployFunction.js.snapshot/lamsec-deployFunction.assets.json +32 -0
  11. package/test/integ.lamsec-deployFunction.js.snapshot/lamsec-deployFunction.template.json +208 -0
  12. package/test/integ.lamsec-deployFunction.js.snapshot/lamsecdeployFunctionIntegDefaultTestDeployAssert7322BEEA.assets.json +19 -0
  13. package/test/integ.lamsec-deployFunction.js.snapshot/lamsecdeployFunctionIntegDefaultTestDeployAssert7322BEEA.template.json +36 -0
  14. package/test/integ.lamsec-deployFunction.js.snapshot/manifest.json +131 -0
  15. package/test/integ.lamsec-deployFunction.js.snapshot/tree.json +342 -0
  16. package/test/integ.lamsec-deployFunctionWithExistingVpc.js +6 -2
  17. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/asset.0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8/index.js +8 -0
  18. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  19. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  20. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/cdk.out +1 -0
  21. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/integ.json +12 -0
  22. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/lamsec-deployFunctionWithExistingVpc.assets.json +45 -0
  23. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/lamsec-deployFunctionWithExistingVpc.template.json +1019 -0
  24. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/lamsecdeployFunctionWithExistingVpcIntegDefaultTestDeployAssert647243A7.assets.json +19 -0
  25. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/lamsecdeployFunctionWithExistingVpcIntegDefaultTestDeployAssert647243A7.template.json +36 -0
  26. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/manifest.json +329 -0
  27. package/test/integ.lamsec-deployFunctionWithExistingVpc.js.snapshot/tree.json +1393 -0
  28. package/test/integ.lamsec-deployFunctionWithVpc.js +6 -2
  29. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/asset.0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8/index.js +8 -0
  30. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  31. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  32. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/cdk.out +1 -0
  33. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/integ.json +12 -0
  34. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/lamsec-deployFunctionWithVpc.assets.json +45 -0
  35. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/lamsec-deployFunctionWithVpc.template.json +735 -0
  36. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/lamsecdeployFunctionWithVpcIntegDefaultTestDeployAssert66148FF5.assets.json +19 -0
  37. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/lamsecdeployFunctionWithVpcIntegDefaultTestDeployAssert66148FF5.template.json +36 -0
  38. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/manifest.json +233 -0
  39. package/test/integ.lamsec-deployFunctionWithVpc.js.snapshot/tree.json +981 -0
  40. package/test/integ.lamsec-existingFunction.js +5 -2
  41. package/test/integ.lamsec-existingFunction.js.snapshot/asset.0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8/index.js +8 -0
  42. package/test/integ.lamsec-existingFunction.js.snapshot/cdk.out +1 -0
  43. package/test/integ.lamsec-existingFunction.js.snapshot/integ.json +12 -0
  44. package/test/integ.lamsec-existingFunction.js.snapshot/lamsec-existingFunction.assets.json +32 -0
  45. package/test/integ.lamsec-existingFunction.js.snapshot/lamsec-existingFunction.template.json +208 -0
  46. package/test/integ.lamsec-existingFunction.js.snapshot/lamsecexistingFunctionIntegDefaultTestDeployAssert295B352B.assets.json +19 -0
  47. package/test/integ.lamsec-existingFunction.js.snapshot/lamsecexistingFunctionIntegDefaultTestDeployAssert295B352B.template.json +36 -0
  48. package/test/integ.lamsec-existingFunction.js.snapshot/manifest.json +131 -0
  49. package/test/integ.lamsec-existingFunction.js.snapshot/tree.json +342 -0
  50. package/test/integ.lamsec-deployFunction.expected.json +0 -208
  51. package/test/integ.lamsec-deployFunctionWithExistingVpc.expected.json +0 -1044
  52. package/test/integ.lamsec-deployFunctionWithVpc.expected.json +0 -650
  53. package/test/integ.lamsec-existingFunction.expected.json +0 -208
package/test/integ.lamsec-deployFunctionWithVpc.expected.json DELETED
@@ -1,650 +0,0 @@
1
- {
2
- "Description": "Integration Test for aws-lambda-secretsmanager",
3
- "Resources": {
4
- "testlambdasecretsmanagerLambdaFunctionServiceRole92CE007F": {
5
- "Type": "AWS::IAM::Role",
6
- "Properties": {
7
- "AssumeRolePolicyDocument": {
8
- "Statement": [
9
- {
10
- "Action": "sts:AssumeRole",
11
- "Effect": "Allow",
12
- "Principal": {
13
- "Service": "lambda.amazonaws.com"
14
- }
15
- }
16
- ],
17
- "Version": "2012-10-17"
18
- },
19
- "Policies": [
20
- {
21
- "PolicyDocument": {
22
- "Statement": [
23
- {
24
- "Action": [
25
- "logs:CreateLogGroup",
26
- "logs:CreateLogStream",
27
- "logs:PutLogEvents"
28
- ],
29
- "Effect": "Allow",
30
- "Resource": {
31
- "Fn::Join": [
32
- "",
33
- [
34
- "arn:",
35
- {
36
- "Ref": "AWS::Partition"
37
- },
38
- ":logs:",
39
- {
40
- "Ref": "AWS::Region"
41
- },
42
- ":",
43
- {
44
- "Ref": "AWS::AccountId"
45
- },
46
- ":log-group:/aws/lambda/*"
47
- ]
48
- ]
49
- }
50
- }
51
- ],
52
- "Version": "2012-10-17"
53
- },
54
- "PolicyName": "LambdaFunctionServiceRolePolicy"
55
- }
56
- ]
57
- }
58
- },
59
- "testlambdasecretsmanagerLambdaFunctionServiceRoleDefaultPolicyF24BF460": {
60
- "Type": "AWS::IAM::Policy",
61
- "Properties": {
62
- "PolicyDocument": {
63
- "Statement": [
64
- {
65
- "Action": [
66
- "ec2:CreateNetworkInterface",
67
- "ec2:DescribeNetworkInterfaces",
68
- "ec2:DeleteNetworkInterface",
69
- "ec2:AssignPrivateIpAddresses",
70
- "ec2:UnassignPrivateIpAddresses"
71
- ],
72
- "Effect": "Allow",
73
- "Resource": "*"
74
- },
75
- {
76
- "Action": [
77
- "xray:PutTraceSegments",
78
- "xray:PutTelemetryRecords"
79
- ],
80
- "Effect": "Allow",
81
- "Resource": "*"
82
- },
83
- {
84
- "Action": [
85
- "secretsmanager:GetSecretValue",
86
- "secretsmanager:DescribeSecret"
87
- ],
88
- "Effect": "Allow",
89
- "Resource": {
90
- "Ref": "testlambdasecretsmanagersecret4C99E6BF"
91
- }
92
- }
93
- ],
94
- "Version": "2012-10-17"
95
- },
96
- "PolicyName": "testlambdasecretsmanagerLambdaFunctionServiceRoleDefaultPolicyF24BF460",
97
- "Roles": [
98
- {
99
- "Ref": "testlambdasecretsmanagerLambdaFunctionServiceRole92CE007F"
100
- }
101
- ]
102
- },
103
- "Metadata": {
104
- "cfn_nag": {
105
- "rules_to_suppress": [
106
- {
107
- "id": "W12",
108
- "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
109
- }
110
- ]
111
- }
112
- }
113
- },
114
- "testlambdasecretsmanagerReplaceDefaultSecurityGroupsecuritygroupF837FD37": {
115
- "Type": "AWS::EC2::SecurityGroup",
116
- "Properties": {
117
- "GroupDescription": "lamsec-deployFunctionWithVpc/test-lambda-secretsmanager/ReplaceDefaultSecurityGroup-security-group",
118
- "SecurityGroupEgress": [
119
- {
120
- "CidrIp": "0.0.0.0/0",
121
- "Description": "Allow all outbound traffic by default",
122
- "IpProtocol": "-1"
123
- }
124
- ],
125
- "VpcId": {
126
- "Ref": "Vpc8378EB38"
127
- }
128
- },
129
- "Metadata": {
130
- "cfn_nag": {
131
- "rules_to_suppress": [
132
- {
133
- "id": "W5",
134
- "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
135
- },
136
- {
137
- "id": "W40",
138
- "reason": "Egress IPProtocol of -1 is default and generally considered OK"
139
- }
140
- ]
141
- }
142
- }
143
- },
144
- "testlambdasecretsmanagerLambdaFunction130E7301": {
145
- "Type": "AWS::Lambda::Function",
146
- "Properties": {
147
- "Code": {
148
- "S3Bucket": {
149
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
150
- },
151
- "S3Key": "0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8.zip"
152
- },
153
- "Environment": {
154
- "Variables": {
155
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
156
- "SECRET_ARN": {
157
- "Ref": "testlambdasecretsmanagersecret4C99E6BF"
158
- }
159
- }
160
- },
161
- "Handler": "index.handler",
162
- "Role": {
163
- "Fn::GetAtt": [
164
- "testlambdasecretsmanagerLambdaFunctionServiceRole92CE007F",
165
- "Arn"
166
- ]
167
- },
168
- "Runtime": "nodejs16.x",
169
- "TracingConfig": {
170
- "Mode": "Active"
171
- },
172
- "VpcConfig": {
173
- "SecurityGroupIds": [
174
- {
175
- "Fn::GetAtt": [
176
- "testlambdasecretsmanagerReplaceDefaultSecurityGroupsecuritygroupF837FD37",
177
- "GroupId"
178
- ]
179
- }
180
- ],
181
- "SubnetIds": [
182
- {
183
- "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
184
- },
185
- {
186
- "Ref": "VpcisolatedSubnet2Subnet39217055"
187
- },
188
- {
189
- "Ref": "VpcisolatedSubnet3Subnet44F2537D"
190
- }
191
- ]
192
- }
193
- },
194
- "DependsOn": [
195
- "testlambdasecretsmanagerLambdaFunctionServiceRoleDefaultPolicyF24BF460",
196
- "testlambdasecretsmanagerLambdaFunctionServiceRole92CE007F",
197
- "VpcisolatedSubnet1RouteTableAssociationD259E31A",
198
- "VpcisolatedSubnet2RouteTableAssociation25A4716F",
199
- "VpcisolatedSubnet3RouteTableAssociationDC010BEB"
200
- ],
201
- "Metadata": {
202
- "cfn_nag": {
203
- "rules_to_suppress": [
204
- {
205
- "id": "W58",
206
- "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
207
- },
208
- {
209
- "id": "W89",
210
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
211
- },
212
- {
213
- "id": "W92",
214
- "reason": "Impossible for us to define the correct concurrency for clients"
215
- }
216
- ]
217
- }
218
- }
219
- },
220
- "testlambdasecretsmanagersecret4C99E6BF": {
221
- "Type": "AWS::SecretsManager::Secret",
222
- "Properties": {
223
- "GenerateSecretString": {}
224
- },
225
- "UpdateReplacePolicy": "Delete",
226
- "DeletionPolicy": "Delete",
227
- "Metadata": {
228
- "cfn_nag": {
229
- "rules_to_suppress": [
230
- {
231
- "id": "W77",
232
- "reason": "We allow the use of the AWS account default key aws/secretsmanager for secret encryption."
233
- }
234
- ]
235
- }
236
- }
237
- },
238
- "Vpc8378EB38": {
239
- "Type": "AWS::EC2::VPC",
240
- "Properties": {
241
- "CidrBlock": "10.0.0.0/16",
242
- "EnableDnsHostnames": true,
243
- "EnableDnsSupport": true,
244
- "InstanceTenancy": "default",
245
- "Tags": [
246
- {
247
- "Key": "Name",
248
- "Value": "lamsec-deployFunctionWithVpc/Vpc"
249
- }
250
- ]
251
- }
252
- },
253
- "VpcisolatedSubnet1SubnetE62B1B9B": {
254
- "Type": "AWS::EC2::Subnet",
255
- "Properties": {
256
- "AvailabilityZone": "test-region-1a",
257
- "CidrBlock": "10.0.0.0/18",
258
- "MapPublicIpOnLaunch": false,
259
- "Tags": [
260
- {
261
- "Key": "aws-cdk:subnet-name",
262
- "Value": "isolated"
263
- },
264
- {
265
- "Key": "aws-cdk:subnet-type",
266
- "Value": "Isolated"
267
- },
268
- {
269
- "Key": "Name",
270
- "Value": "lamsec-deployFunctionWithVpc/Vpc/isolatedSubnet1"
271
- }
272
- ],
273
- "VpcId": {
274
- "Ref": "Vpc8378EB38"
275
- }
276
- }
277
- },
278
- "VpcisolatedSubnet1RouteTableE442650B": {
279
- "Type": "AWS::EC2::RouteTable",
280
- "Properties": {
281
- "Tags": [
282
- {
283
- "Key": "Name",
284
- "Value": "lamsec-deployFunctionWithVpc/Vpc/isolatedSubnet1"
285
- }
286
- ],
287
- "VpcId": {
288
- "Ref": "Vpc8378EB38"
289
- }
290
- }
291
- },
292
- "VpcisolatedSubnet1RouteTableAssociationD259E31A": {
293
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
294
- "Properties": {
295
- "RouteTableId": {
296
- "Ref": "VpcisolatedSubnet1RouteTableE442650B"
297
- },
298
- "SubnetId": {
299
- "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
300
- }
301
- }
302
- },
303
- "VpcisolatedSubnet2Subnet39217055": {
304
- "Type": "AWS::EC2::Subnet",
305
- "Properties": {
306
- "AvailabilityZone": "test-region-1b",
307
- "CidrBlock": "10.0.64.0/18",
308
- "MapPublicIpOnLaunch": false,
309
- "Tags": [
310
- {
311
- "Key": "aws-cdk:subnet-name",
312
- "Value": "isolated"
313
- },
314
- {
315
- "Key": "aws-cdk:subnet-type",
316
- "Value": "Isolated"
317
- },
318
- {
319
- "Key": "Name",
320
- "Value": "lamsec-deployFunctionWithVpc/Vpc/isolatedSubnet2"
321
- }
322
- ],
323
- "VpcId": {
324
- "Ref": "Vpc8378EB38"
325
- }
326
- }
327
- },
328
- "VpcisolatedSubnet2RouteTable334F9764": {
329
- "Type": "AWS::EC2::RouteTable",
330
- "Properties": {
331
- "Tags": [
332
- {
333
- "Key": "Name",
334
- "Value": "lamsec-deployFunctionWithVpc/Vpc/isolatedSubnet2"
335
- }
336
- ],
337
- "VpcId": {
338
- "Ref": "Vpc8378EB38"
339
- }
340
- }
341
- },
342
- "VpcisolatedSubnet2RouteTableAssociation25A4716F": {
343
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
344
- "Properties": {
345
- "RouteTableId": {
346
- "Ref": "VpcisolatedSubnet2RouteTable334F9764"
347
- },
348
- "SubnetId": {
349
- "Ref": "VpcisolatedSubnet2Subnet39217055"
350
- }
351
- }
352
- },
353
- "VpcisolatedSubnet3Subnet44F2537D": {
354
- "Type": "AWS::EC2::Subnet",
355
- "Properties": {
356
- "AvailabilityZone": "test-region-1c",
357
- "CidrBlock": "10.0.128.0/18",
358
- "MapPublicIpOnLaunch": false,
359
- "Tags": [
360
- {
361
- "Key": "aws-cdk:subnet-name",
362
- "Value": "isolated"
363
- },
364
- {
365
- "Key": "aws-cdk:subnet-type",
366
- "Value": "Isolated"
367
- },
368
- {
369
- "Key": "Name",
370
- "Value": "lamsec-deployFunctionWithVpc/Vpc/isolatedSubnet3"
371
- }
372
- ],
373
- "VpcId": {
374
- "Ref": "Vpc8378EB38"
375
- }
376
- }
377
- },
378
- "VpcisolatedSubnet3RouteTableA2F6BBC0": {
379
- "Type": "AWS::EC2::RouteTable",
380
- "Properties": {
381
- "Tags": [
382
- {
383
- "Key": "Name",
384
- "Value": "lamsec-deployFunctionWithVpc/Vpc/isolatedSubnet3"
385
- }
386
- ],
387
- "VpcId": {
388
- "Ref": "Vpc8378EB38"
389
- }
390
- }
391
- },
392
- "VpcisolatedSubnet3RouteTableAssociationDC010BEB": {
393
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
394
- "Properties": {
395
- "RouteTableId": {
396
- "Ref": "VpcisolatedSubnet3RouteTableA2F6BBC0"
397
- },
398
- "SubnetId": {
399
- "Ref": "VpcisolatedSubnet3Subnet44F2537D"
400
- }
401
- }
402
- },
403
- "VpcFlowLogIAMRole6A475D41": {
404
- "Type": "AWS::IAM::Role",
405
- "Properties": {
406
- "AssumeRolePolicyDocument": {
407
- "Statement": [
408
- {
409
- "Action": "sts:AssumeRole",
410
- "Effect": "Allow",
411
- "Principal": {
412
- "Service": "vpc-flow-logs.amazonaws.com"
413
- }
414
- }
415
- ],
416
- "Version": "2012-10-17"
417
- },
418
- "Tags": [
419
- {
420
- "Key": "Name",
421
- "Value": "lamsec-deployFunctionWithVpc/Vpc/FlowLog"
422
- }
423
- ]
424
- }
425
- },
426
- "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
427
- "Type": "AWS::IAM::Policy",
428
- "Properties": {
429
- "PolicyDocument": {
430
- "Statement": [
431
- {
432
- "Action": [
433
- "logs:CreateLogStream",
434
- "logs:PutLogEvents",
435
- "logs:DescribeLogStreams"
436
- ],
437
- "Effect": "Allow",
438
- "Resource": {
439
- "Fn::GetAtt": [
440
- "VpcFlowLogLogGroup7B5C56B9",
441
- "Arn"
442
- ]
443
- }
444
- },
445
- {
446
- "Action": "iam:PassRole",
447
- "Effect": "Allow",
448
- "Resource": {
449
- "Fn::GetAtt": [
450
- "VpcFlowLogIAMRole6A475D41",
451
- "Arn"
452
- ]
453
- }
454
- }
455
- ],
456
- "Version": "2012-10-17"
457
- },
458
- "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
459
- "Roles": [
460
- {
461
- "Ref": "VpcFlowLogIAMRole6A475D41"
462
- }
463
- ]
464
- }
465
- },
466
- "VpcFlowLogLogGroup7B5C56B9": {
467
- "Type": "AWS::Logs::LogGroup",
468
- "Properties": {
469
- "RetentionInDays": 731,
470
- "Tags": [
471
- {
472
- "Key": "Name",
473
- "Value": "lamsec-deployFunctionWithVpc/Vpc/FlowLog"
474
- }
475
- ]
476
- },
477
- "UpdateReplacePolicy": "Retain",
478
- "DeletionPolicy": "Retain",
479
- "Metadata": {
480
- "cfn_nag": {
481
- "rules_to_suppress": [
482
- {
483
- "id": "W84",
484
- "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
485
- }
486
- ]
487
- }
488
- }
489
- },
490
- "VpcFlowLog8FF33A73": {
491
- "Type": "AWS::EC2::FlowLog",
492
- "Properties": {
493
- "DeliverLogsPermissionArn": {
494
- "Fn::GetAtt": [
495
- "VpcFlowLogIAMRole6A475D41",
496
- "Arn"
497
- ]
498
- },
499
- "LogDestinationType": "cloud-watch-logs",
500
- "LogGroupName": {
501
- "Ref": "VpcFlowLogLogGroup7B5C56B9"
502
- },
503
- "ResourceId": {
504
- "Ref": "Vpc8378EB38"
505
- },
506
- "ResourceType": "VPC",
507
- "Tags": [
508
- {
509
- "Key": "Name",
510
- "Value": "lamsec-deployFunctionWithVpc/Vpc/FlowLog"
511
- }
512
- ],
513
- "TrafficType": "ALL"
514
- }
515
- },
516
- "VpcSECRETSMANAGERF52907C2": {
517
- "Type": "AWS::EC2::VPCEndpoint",
518
- "Properties": {
519
- "PrivateDnsEnabled": true,
520
- "SecurityGroupIds": [
521
- {
522
- "Fn::GetAtt": [
523
- "lamsecdeployFunctionWithVpcSECRETSMANAGERsecuritygroup98862008",
524
- "GroupId"
525
- ]
526
- }
527
- ],
528
- "ServiceName": {
529
- "Fn::Join": [
530
- "",
531
- [
532
- "com.amazonaws.",
533
- {
534
- "Ref": "AWS::Region"
535
- },
536
- ".secretsmanager"
537
- ]
538
- ]
539
- },
540
- "SubnetIds": [
541
- {
542
- "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
543
- },
544
- {
545
- "Ref": "VpcisolatedSubnet2Subnet39217055"
546
- },
547
- {
548
- "Ref": "VpcisolatedSubnet3Subnet44F2537D"
549
- }
550
- ],
551
- "VpcEndpointType": "Interface",
552
- "VpcId": {
553
- "Ref": "Vpc8378EB38"
554
- }
555
- }
556
- },
557
- "lamsecdeployFunctionWithVpcSECRETSMANAGERsecuritygroup98862008": {
558
- "Type": "AWS::EC2::SecurityGroup",
559
- "Properties": {
560
- "GroupDescription": "lamsec-deployFunctionWithVpc/lamsec-deployFunctionWithVpc-SECRETS_MANAGER-security-group",
561
- "SecurityGroupEgress": [
562
- {
563
- "CidrIp": "0.0.0.0/0",
564
- "Description": "Allow all outbound traffic by default",
565
- "IpProtocol": "-1"
566
- }
567
- ],
568
- "SecurityGroupIngress": [
569
- {
570
- "CidrIp": {
571
- "Fn::GetAtt": [
572
- "Vpc8378EB38",
573
- "CidrBlock"
574
- ]
575
- },
576
- "Description": {
577
- "Fn::Join": [
578
- "",
579
- [
580
- "from ",
581
- {
582
- "Fn::GetAtt": [
583
- "Vpc8378EB38",
584
- "CidrBlock"
585
- ]
586
- },
587
- ":443"
588
- ]
589
- ]
590
- },
591
- "FromPort": 443,
592
- "IpProtocol": "tcp",
593
- "ToPort": 443
594
- }
595
- ],
596
- "VpcId": {
597
- "Ref": "Vpc8378EB38"
598
- }
599
- },
600
- "Metadata": {
601
- "cfn_nag": {
602
- "rules_to_suppress": [
603
- {
604
- "id": "W5",
605
- "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
606
- },
607
- {
608
- "id": "W40",
609
- "reason": "Egress IPProtocol of -1 is default and generally considered OK"
610
- }
611
- ]
612
- }
613
- }
614
- }
615
- },
616
- "Parameters": {
617
- "BootstrapVersion": {
618
- "Type": "AWS::SSM::Parameter::Value<String>",
619
- "Default": "/cdk-bootstrap/hnb659fds/version",
620
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
621
- }
622
- },
623
- "Rules": {
624
- "CheckBootstrapVersion": {
625
- "Assertions": [
626
- {
627
- "Assert": {
628
- "Fn::Not": [
629
- {
630
- "Fn::Contains": [
631
- [
632
- "1",
633
- "2",
634
- "3",
635
- "4",
636
- "5"
637
- ],
638
- {
639
- "Ref": "BootstrapVersion"
640
- }
641
- ]
642
- }
643
- ]
644
- },
645
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
646
- }
647
- ]
648
- }
649
- }
650
- }