@mavogel/cdk-vscode-server 0.0.55 → 0.0.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/.claude/hooks/file_checker.sh +0 -0
  2. package/.jsii +96 -24
  3. package/API.md +56 -0
  4. package/CLAUDE.md +84 -118
  5. package/README.md +48 -0
  6. package/assets/installer/installer.lambda/index.js +14 -2
  7. package/examples/custom-domain/main.ts +49 -0
  8. package/integ-tests/integ.al2023.ts.snapshot/IntegSetupVSCodeOnAl2023DefaultTestDeployAssert74D8F645.assets.json +7 -6
  9. package/integ-tests/integ.al2023.ts.snapshot/IntegSetupVSCodeOnAl2023DefaultTestDeployAssert74D8F645.template.json +6 -6
  10. package/integ-tests/integ.al2023.ts.snapshot/IntegTestStackAl2023.assets.json +20 -12
  11. package/integ-tests/integ.al2023.ts.snapshot/IntegTestStackAl2023.template.json +36 -152
  12. package/integ-tests/integ.al2023.ts.snapshot/{asset.23732f3d1982f7fb0da3bd6638a8107337bb767fea165b45eae12000a1dd67ce → asset.0ad50fc42afd768c3d0bfdd4701e43284fb077a25f19eea1e8c51a5ca36ebfe4}/index.js +988 -1165
  13. package/integ-tests/{integ.ubuntu.ts.snapshot/asset.a9865c9d36c7aa999e28cb7926e7a3a8e0b6d0854b25131a172024c5777442fa.lambda → integ.al2023.ts.snapshot/asset.33da23274e25bd9f43638c5d83dad26e3931cbe78d462ffd9a9f565e948b4f5f.lambda}/index.js +14 -2
  14. package/integ-tests/{integ.ubuntu.ts.snapshot/asset.f692c9f68e4daba2abc99103efd3518bced1e9d7a2a89847b9b5d5473c64f1bd.bundle → integ.al2023.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle}/index.js +296 -191
  15. package/integ-tests/{integ.ubuntu.ts.snapshot/asset.ce2f3595a340d6c519a65888ef97e3b9b64f053f83608e32cc28162e22d7d99a → integ.al2023.ts.snapshot/asset.9d043014be736e8162bcc7ec5590cc6d2ff24fd0d9c73a5c5d595151c5fdad00}/index.js +1 -1
  16. package/integ-tests/integ.al2023.ts.snapshot/cdk.out +1 -1
  17. package/integ-tests/integ.al2023.ts.snapshot/integ.json +4 -3
  18. package/integ-tests/integ.al2023.ts.snapshot/manifest.json +956 -7
  19. package/integ-tests/integ.al2023.ts.snapshot/tree.json +1 -3228
  20. package/integ-tests/integ.custom-domain.ts +87 -0
  21. package/integ-tests/integ.custom-domain.ts.snapshot/IntegSetupVSCodeOnCustomDomainDefaultTestDeployAssert6982D514.assets.json +33 -0
  22. package/integ-tests/integ.custom-domain.ts.snapshot/IntegSetupVSCodeOnCustomDomainDefaultTestDeployAssert6982D514.template.json +333 -0
  23. package/integ-tests/integ.custom-domain.ts.snapshot/IntegTestStackCustomDomain.assets.json +132 -0
  24. package/integ-tests/integ.custom-domain.ts.snapshot/IntegTestStackCustomDomain.template.json +2862 -0
  25. package/integ-tests/{integ.ubuntu.ts.snapshot/asset.23732f3d1982f7fb0da3bd6638a8107337bb767fea165b45eae12000a1dd67ce → integ.custom-domain.ts.snapshot/asset.0ad50fc42afd768c3d0bfdd4701e43284fb077a25f19eea1e8c51a5ca36ebfe4}/index.js +988 -1165
  26. package/integ-tests/integ.custom-domain.ts.snapshot/asset.2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d/index.js +1 -0
  27. package/integ-tests/{integ.al2023.ts.snapshot/asset.a9865c9d36c7aa999e28cb7926e7a3a8e0b6d0854b25131a172024c5777442fa.lambda → integ.custom-domain.ts.snapshot/asset.33da23274e25bd9f43638c5d83dad26e3931cbe78d462ffd9a9f565e948b4f5f.lambda}/index.js +14 -2
  28. package/integ-tests/{integ.al2023.ts.snapshot/asset.f692c9f68e4daba2abc99103efd3518bced1e9d7a2a89847b9b5d5473c64f1bd.bundle → integ.custom-domain.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle}/index.js +296 -191
  29. package/integ-tests/integ.custom-domain.ts.snapshot/asset.781ab0ab74634cdaf61539ab208ab777829ef07097ac21f95b9e15a3b1eedc1b.lambda/index.js +57 -0
  30. package/integ-tests/integ.custom-domain.ts.snapshot/asset.7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200/__entrypoint__.js +1 -0
  31. package/integ-tests/integ.custom-domain.ts.snapshot/asset.7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200/index.js +1 -0
  32. package/integ-tests/{integ.al2023.ts.snapshot/asset.ce2f3595a340d6c519a65888ef97e3b9b64f053f83608e32cc28162e22d7d99a → integ.custom-domain.ts.snapshot/asset.9d043014be736e8162bcc7ec5590cc6d2ff24fd0d9c73a5c5d595151c5fdad00}/index.js +1 -1
  33. package/integ-tests/integ.custom-domain.ts.snapshot/asset.b073cebcf4d61fb152a30f5a5e57a94df7f980a549fdf1a79a0b18c5750522d8/index.js +1 -0
  34. package/integ-tests/integ.custom-domain.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +1 -0
  35. package/integ-tests/integ.custom-domain.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/consts.js +1 -0
  36. package/integ-tests/integ.custom-domain.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/framework.js +3 -0
  37. package/integ-tests/integ.custom-domain.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/outbound.js +1 -0
  38. package/integ-tests/integ.custom-domain.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +1 -0
  39. package/integ-tests/integ.custom-domain.ts.snapshot/integ.json +23 -0
  40. package/integ-tests/integ.custom-domain.ts.snapshot/manifest.json +1653 -0
  41. package/integ-tests/integ.custom-domain.ts.snapshot/tree.json +1 -0
  42. package/integ-tests/integ.ubuntu.ts.snapshot/IntegSetupVSCodeOnUbuntuDefaultTestDeployAssertFF8DF2C5.assets.json +7 -6
  43. package/integ-tests/integ.ubuntu.ts.snapshot/IntegSetupVSCodeOnUbuntuDefaultTestDeployAssertFF8DF2C5.template.json +6 -6
  44. package/integ-tests/integ.ubuntu.ts.snapshot/IntegTestStackUbuntu22.assets.json +20 -12
  45. package/integ-tests/integ.ubuntu.ts.snapshot/IntegTestStackUbuntu22.template.json +36 -72
  46. package/integ-tests/integ.ubuntu.ts.snapshot/asset.0ad50fc42afd768c3d0bfdd4701e43284fb077a25f19eea1e8c51a5ca36ebfe4/index.js +5992 -0
  47. package/integ-tests/integ.ubuntu.ts.snapshot/asset.33da23274e25bd9f43638c5d83dad26e3931cbe78d462ffd9a9f565e948b4f5f.lambda/index.js +143 -0
  48. package/integ-tests/integ.ubuntu.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle/index.js +30676 -0
  49. package/integ-tests/integ.ubuntu.ts.snapshot/asset.9d043014be736e8162bcc7ec5590cc6d2ff24fd0d9c73a5c5d595151c5fdad00/index.js +1 -0
  50. package/integ-tests/integ.ubuntu.ts.snapshot/cdk.out +1 -1
  51. package/integ-tests/integ.ubuntu.ts.snapshot/integ.json +3 -2
  52. package/integ-tests/integ.ubuntu.ts.snapshot/manifest.json +956 -7
  53. package/integ-tests/integ.ubuntu.ts.snapshot/tree.json +1 -3070
  54. package/lib/installer/installer.d.ts +7 -0
  55. package/lib/installer/installer.js +15 -7
  56. package/lib/installer/installer.lambda.js +20 -3
  57. package/lib/vscode-server.d.ts +33 -0
  58. package/lib/vscode-server.js +165 -5
  59. package/mavogelcdkvscodeserver/README.md +55 -0
  60. package/mavogelcdkvscodeserver/VSCodeServerProps.go +20 -0
  61. package/mavogelcdkvscodeserver/go.mod +1 -1
  62. package/mavogelcdkvscodeserver/jsii/jsii.go +2 -2
  63. package/mavogelcdkvscodeserver/version +1 -1
  64. package/package.json +4 -4
package/integ-tests/integ.custom-domain.ts.snapshot/IntegTestStackCustomDomain.template.json ADDED
@@ -0,0 +1,2862 @@
1
+ {
2
+ "Description": "This stack includes the application's resources for integration testing with custom domain.",
3
+ "Resources": {
4
+ "IntegVSCodeServerpasswordsecret202A5DB3": {
5
+ "Type": "AWS::SecretsManager::Secret",
6
+ "Properties": {
7
+ "GenerateSecretString": {
8
+ "ExcludePunctuation": true,
9
+ "GenerateStringKey": "password",
10
+ "IncludeSpace": false,
11
+ "PasswordLength": 16,
12
+ "SecretStringTemplate": "{\"username\":\"participant\"}"
13
+ },
14
+ "Tags": [
15
+ {
16
+ "Key": "app",
17
+ "Value": "vscode-server"
18
+ },
19
+ {
20
+ "Key": "Environment",
21
+ "Value": "IntegTestCustomDomain"
22
+ },
23
+ {
24
+ "Key": "IntegTest",
25
+ "Value": "True"
26
+ }
27
+ ]
28
+ },
29
+ "UpdateReplacePolicy": "Delete",
30
+ "DeletionPolicy": "Delete",
31
+ "Metadata": {
32
+ "cdk_nag": {
33
+ "rules_to_suppress": [
34
+ {
35
+ "reason": "For this tmp vc code server we do not need password rotation",
36
+ "id": "AwsSolutions-SMG4"
37
+ }
38
+ ]
39
+ }
40
+ }
41
+ },
42
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2": {
43
+ "Type": "AWS::IAM::Role",
44
+ "Properties": {
45
+ "AssumeRolePolicyDocument": {
46
+ "Statement": [
47
+ {
48
+ "Action": "sts:AssumeRole",
49
+ "Effect": "Allow",
50
+ "Principal": {
51
+ "Service": "lambda.amazonaws.com"
52
+ }
53
+ }
54
+ ],
55
+ "Version": "2012-10-17"
56
+ },
57
+ "ManagedPolicyArns": [
58
+ {
59
+ "Fn::Join": [
60
+ "",
61
+ [
62
+ "arn:",
63
+ {
64
+ "Ref": "AWS::Partition"
65
+ },
66
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
67
+ ]
68
+ ]
69
+ }
70
+ ]
71
+ },
72
+ "Metadata": {
73
+ "cdk_nag": {
74
+ "rules_to_suppress": [
75
+ {
76
+ "reason": "For this event handler we do not need to restrict managed policies",
77
+ "id": "AwsSolutions-IAM4"
78
+ },
79
+ {
80
+ "reason": "For this lambda the latest runtime is not needed",
81
+ "id": "AwsSolutions-L1"
82
+ }
83
+ ]
84
+ }
85
+ }
86
+ },
87
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleDefaultPolicy2641E2C6": {
88
+ "Type": "AWS::IAM::Policy",
89
+ "Properties": {
90
+ "PolicyDocument": {
91
+ "Statement": [
92
+ {
93
+ "Action": "secretsmanager:GetSecretValue",
94
+ "Effect": "Allow",
95
+ "Resource": {
96
+ "Ref": "IntegVSCodeServerpasswordsecret202A5DB3"
97
+ }
98
+ }
99
+ ],
100
+ "Version": "2012-10-17"
101
+ },
102
+ "PolicyName": "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleDefaultPolicy2641E2C6",
103
+ "Roles": [
104
+ {
105
+ "Ref": "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2"
106
+ }
107
+ ]
108
+ }
109
+ },
110
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3": {
111
+ "Type": "AWS::Lambda::Function",
112
+ "Properties": {
113
+ "Code": {
114
+ "S3Bucket": {
115
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
116
+ },
117
+ "S3Key": "781ab0ab74634cdaf61539ab208ab777829ef07097ac21f95b9e15a3b1eedc1b.zip"
118
+ },
119
+ "Description": "src/secret-retriever/secret-retriever.lambda.ts",
120
+ "Handler": "index.handler",
121
+ "MemorySize": 128,
122
+ "Role": {
123
+ "Fn::GetAtt": [
124
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2",
125
+ "Arn"
126
+ ]
127
+ },
128
+ "Runtime": "nodejs20.x",
129
+ "Timeout": 10
130
+ },
131
+ "DependsOn": [
132
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleDefaultPolicy2641E2C6",
133
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2"
134
+ ],
135
+ "Metadata": {
136
+ "cdk_nag": {
137
+ "rules_to_suppress": [
138
+ {
139
+ "reason": "For this event handler we do not need to restrict managed policies",
140
+ "id": "AwsSolutions-IAM4"
141
+ },
142
+ {
143
+ "reason": "For this lambda the latest runtime is not needed",
144
+ "id": "AwsSolutions-L1"
145
+ }
146
+ ]
147
+ }
148
+ }
149
+ },
150
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64": {
151
+ "Type": "AWS::IAM::Role",
152
+ "Properties": {
153
+ "AssumeRolePolicyDocument": {
154
+ "Statement": [
155
+ {
156
+ "Action": "sts:AssumeRole",
157
+ "Effect": "Allow",
158
+ "Principal": {
159
+ "Service": "lambda.amazonaws.com"
160
+ }
161
+ }
162
+ ],
163
+ "Version": "2012-10-17"
164
+ },
165
+ "ManagedPolicyArns": [
166
+ {
167
+ "Fn::Join": [
168
+ "",
169
+ [
170
+ "arn:",
171
+ {
172
+ "Ref": "AWS::Partition"
173
+ },
174
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
175
+ ]
176
+ ]
177
+ }
178
+ ]
179
+ },
180
+ "Metadata": {
181
+ "cdk_nag": {
182
+ "rules_to_suppress": [
183
+ {
184
+ "reason": "For this provider we do not need to restrict managed policies",
185
+ "id": "AwsSolutions-IAM4"
186
+ },
187
+ {
188
+ "reason": "For this provider wildcards are fine",
189
+ "id": "AwsSolutions-IAM5"
190
+ },
191
+ {
192
+ "reason": "For this provider the latest runtime is not needed",
193
+ "id": "AwsSolutions-L1"
194
+ }
195
+ ]
196
+ }
197
+ }
198
+ },
199
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRoleDefaultPolicyEC4DCEA0": {
200
+ "Type": "AWS::IAM::Policy",
201
+ "Properties": {
202
+ "PolicyDocument": {
203
+ "Statement": [
204
+ {
205
+ "Action": "lambda:InvokeFunction",
206
+ "Effect": "Allow",
207
+ "Resource": [
208
+ {
209
+ "Fn::GetAtt": [
210
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
211
+ "Arn"
212
+ ]
213
+ },
214
+ {
215
+ "Fn::Join": [
216
+ "",
217
+ [
218
+ {
219
+ "Fn::GetAtt": [
220
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
221
+ "Arn"
222
+ ]
223
+ },
224
+ ":*"
225
+ ]
226
+ ]
227
+ }
228
+ ]
229
+ },
230
+ {
231
+ "Action": "lambda:GetFunction",
232
+ "Effect": "Allow",
233
+ "Resource": {
234
+ "Fn::GetAtt": [
235
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
236
+ "Arn"
237
+ ]
238
+ }
239
+ }
240
+ ],
241
+ "Version": "2012-10-17"
242
+ },
243
+ "PolicyName": "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRoleDefaultPolicyEC4DCEA0",
244
+ "Roles": [
245
+ {
246
+ "Ref": "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64"
247
+ }
248
+ ]
249
+ },
250
+ "Metadata": {
251
+ "cdk_nag": {
252
+ "rules_to_suppress": [
253
+ {
254
+ "reason": "For this provider we do not need to restrict managed policies",
255
+ "id": "AwsSolutions-IAM4"
256
+ },
257
+ {
258
+ "reason": "For this provider wildcards are fine",
259
+ "id": "AwsSolutions-IAM5"
260
+ },
261
+ {
262
+ "reason": "For this provider the latest runtime is not needed",
263
+ "id": "AwsSolutions-L1"
264
+ }
265
+ ]
266
+ }
267
+ }
268
+ },
269
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventCF035CA3": {
270
+ "Type": "AWS::Lambda::Function",
271
+ "Properties": {
272
+ "Code": {
273
+ "S3Bucket": {
274
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
275
+ },
276
+ "S3Key": "bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"
277
+ },
278
+ "Description": "AWS CDK resource provider framework - onEvent (IntegTestStackCustomDomain/IntegVSCodeServer/SecretRetrieveProvider)",
279
+ "Environment": {
280
+ "Variables": {
281
+ "USER_ON_EVENT_FUNCTION_ARN": {
282
+ "Fn::GetAtt": [
283
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
284
+ "Arn"
285
+ ]
286
+ }
287
+ }
288
+ },
289
+ "Handler": "framework.onEvent",
290
+ "Role": {
291
+ "Fn::GetAtt": [
292
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64",
293
+ "Arn"
294
+ ]
295
+ },
296
+ "Runtime": {
297
+ "Fn::FindInMap": [
298
+ "LatestNodeRuntimeMap",
299
+ {
300
+ "Ref": "AWS::Region"
301
+ },
302
+ "value"
303
+ ]
304
+ },
305
+ "Timeout": 900
306
+ },
307
+ "DependsOn": [
308
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRoleDefaultPolicyEC4DCEA0",
309
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64"
310
+ ],
311
+ "Metadata": {
312
+ "cdk_nag": {
313
+ "rules_to_suppress": [
314
+ {
315
+ "reason": "For this provider we do not need to restrict managed policies",
316
+ "id": "AwsSolutions-IAM4"
317
+ },
318
+ {
319
+ "reason": "For this provider wildcards are fine",
320
+ "id": "AwsSolutions-IAM5"
321
+ },
322
+ {
323
+ "reason": "For this provider the latest runtime is not needed",
324
+ "id": "AwsSolutions-L1"
325
+ }
326
+ ]
327
+ }
328
+ }
329
+ },
330
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD": {
331
+ "Type": "AWS::CloudFormation::CustomResource",
332
+ "Properties": {
333
+ "ServiceToken": {
334
+ "Fn::GetAtt": [
335
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventCF035CA3",
336
+ "Arn"
337
+ ]
338
+ },
339
+ "ServiceTimeout": 305,
340
+ "SecretArn": {
341
+ "Ref": "IntegVSCodeServerpasswordsecret202A5DB3"
342
+ }
343
+ },
344
+ "UpdateReplacePolicy": "Delete",
345
+ "DeletionPolicy": "Delete"
346
+ },
347
+ "IntegVSCodeServercertificatevalidationroleBD33BDA4": {
348
+ "Type": "AWS::IAM::Role",
349
+ "Properties": {
350
+ "AssumeRolePolicyDocument": {
351
+ "Statement": [
352
+ {
353
+ "Action": "sts:AssumeRole",
354
+ "Effect": "Allow",
355
+ "Principal": {
356
+ "Service": "lambda.amazonaws.com"
357
+ }
358
+ }
359
+ ],
360
+ "Version": "2012-10-17"
361
+ },
362
+ "ManagedPolicyArns": [
363
+ {
364
+ "Fn::Join": [
365
+ "",
366
+ [
367
+ "arn:",
368
+ {
369
+ "Ref": "AWS::Partition"
370
+ },
371
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
372
+ ]
373
+ ]
374
+ }
375
+ ],
376
+ "Policies": [
377
+ {
378
+ "PolicyDocument": {
379
+ "Statement": [
380
+ {
381
+ "Action": [
382
+ "acm:DeleteCertificate",
383
+ "acm:DescribeCertificate",
384
+ "acm:RequestCertificate",
385
+ "route53:ChangeResourceRecordSets",
386
+ "route53:GetChange"
387
+ ],
388
+ "Effect": "Allow",
389
+ "Resource": "*"
390
+ }
391
+ ],
392
+ "Version": "2012-10-17"
393
+ },
394
+ "PolicyName": "CertificateValidationPolicy"
395
+ }
396
+ ]
397
+ }
398
+ },
399
+ "IntegVSCodeServercertificatevalidationroleDefaultPolicy7ED8ABBB": {
400
+ "Type": "AWS::IAM::Policy",
401
+ "Properties": {
402
+ "PolicyDocument": {
403
+ "Statement": [
404
+ {
405
+ "Action": [
406
+ "acm:AddTagsToCertificate",
407
+ "acm:DeleteCertificate",
408
+ "acm:DescribeCertificate",
409
+ "acm:RequestCertificate",
410
+ "route53:GetChange"
411
+ ],
412
+ "Effect": "Allow",
413
+ "Resource": "*"
414
+ },
415
+ {
416
+ "Action": "route53:changeResourceRecordSets",
417
+ "Condition": {
418
+ "ForAllValues:StringEquals": {
419
+ "route53:ChangeResourceRecordSetsRecordTypes": [
420
+ "CNAME"
421
+ ],
422
+ "route53:ChangeResourceRecordSetsActions": [
423
+ "UPSERT"
424
+ ]
425
+ },
426
+ "ForAllValues:StringLike": {
427
+ "route53:ChangeResourceRecordSetsNormalizedRecordNames": [
428
+ "*.vscode-server-test.mavogel.xyz"
429
+ ]
430
+ }
431
+ },
432
+ "Effect": "Allow",
433
+ "Resource": {
434
+ "Fn::Join": [
435
+ "",
436
+ [
437
+ "arn:",
438
+ {
439
+ "Ref": "AWS::Partition"
440
+ },
441
+ ":route53:::hostedzone/Z03751551EDMO1J40VL58"
442
+ ]
443
+ ]
444
+ }
445
+ }
446
+ ],
447
+ "Version": "2012-10-17"
448
+ },
449
+ "PolicyName": "IntegVSCodeServercertificatevalidationroleDefaultPolicy7ED8ABBB",
450
+ "Roles": [
451
+ {
452
+ "Ref": "IntegVSCodeServercertificatevalidationroleBD33BDA4"
453
+ }
454
+ ]
455
+ }
456
+ },
457
+ "IntegVSCodeServercertificateCertificateRequestorFunction6491288C": {
458
+ "Type": "AWS::Lambda::Function",
459
+ "Properties": {
460
+ "Code": {
461
+ "S3Bucket": {
462
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
463
+ },
464
+ "S3Key": "b073cebcf4d61fb152a30f5a5e57a94df7f980a549fdf1a79a0b18c5750522d8.zip"
465
+ },
466
+ "Handler": "index.certificateRequestHandler",
467
+ "Role": {
468
+ "Fn::GetAtt": [
469
+ "IntegVSCodeServercertificatevalidationroleBD33BDA4",
470
+ "Arn"
471
+ ]
472
+ },
473
+ "Runtime": {
474
+ "Fn::FindInMap": [
475
+ "LatestNodeRuntimeMap",
476
+ {
477
+ "Ref": "AWS::Region"
478
+ },
479
+ "value"
480
+ ]
481
+ },
482
+ "Timeout": 900
483
+ },
484
+ "DependsOn": [
485
+ "IntegVSCodeServercertificatevalidationroleDefaultPolicy7ED8ABBB",
486
+ "IntegVSCodeServercertificatevalidationroleBD33BDA4"
487
+ ],
488
+ "Metadata": {
489
+ "cdk_nag": {
490
+ "rules_to_suppress": [
491
+ {
492
+ "reason": "Certificate is created for VS Code server with proper domain validation",
493
+ "id": "AwsSolutions-ACM1"
494
+ },
495
+ {
496
+ "reason": "Certificate validation Lambda needs wildcard permissions for ACM and Route53",
497
+ "id": "AwsSolutions-IAM5"
498
+ }
499
+ ]
500
+ }
501
+ }
502
+ },
503
+ "IntegVSCodeServercertificateCertificateRequestorResourceFDC04752": {
504
+ "Type": "AWS::CloudFormation::CustomResource",
505
+ "Properties": {
506
+ "ServiceToken": {
507
+ "Fn::GetAtt": [
508
+ "IntegVSCodeServercertificateCertificateRequestorFunction6491288C",
509
+ "Arn"
510
+ ]
511
+ },
512
+ "DomainName": "vscode-server-test.mavogel.xyz",
513
+ "HostedZoneId": "Z03751551EDMO1J40VL58",
514
+ "Region": "us-east-1"
515
+ },
516
+ "UpdateReplacePolicy": "Delete",
517
+ "DeletionPolicy": "Delete",
518
+ "Metadata": {
519
+ "cdk_nag": {
520
+ "rules_to_suppress": [
521
+ {
522
+ "reason": "Certificate is created for VS Code server with proper domain validation",
523
+ "id": "AwsSolutions-ACM1"
524
+ },
525
+ {
526
+ "reason": "Certificate validation Lambda needs wildcard permissions for ACM and Route53",
527
+ "id": "AwsSolutions-IAM5"
528
+ }
529
+ ]
530
+ }
531
+ }
532
+ },
533
+ "IntegVSCodeServervpc93DDE887": {
534
+ "Type": "AWS::EC2::VPC",
535
+ "Properties": {
536
+ "CidrBlock": "10.0.0.0/16",
537
+ "EnableDnsHostnames": true,
538
+ "EnableDnsSupport": true,
539
+ "InstanceTenancy": "default",
540
+ "Tags": [
541
+ {
542
+ "Key": "app",
543
+ "Value": "vscode-server"
544
+ },
545
+ {
546
+ "Key": "Environment",
547
+ "Value": "IntegTestCustomDomain"
548
+ },
549
+ {
550
+ "Key": "IntegTest",
551
+ "Value": "True"
552
+ },
553
+ {
554
+ "Key": "Name",
555
+ "Value": "IntegTestStackCustomDomain/IntegVSCodeServer/vpc"
556
+ }
557
+ ]
558
+ },
559
+ "Metadata": {
560
+ "cdk_nag": {
561
+ "rules_to_suppress": [
562
+ {
563
+ "reason": "For this tmp vpc we do not need flow logs",
564
+ "id": "AwsSolutions-VPC7"
565
+ }
566
+ ]
567
+ }
568
+ }
569
+ },
570
+ "IntegVSCodeServervpcpublicSubnet1Subnet928029A1": {
571
+ "Type": "AWS::EC2::Subnet",
572
+ "Properties": {
573
+ "AvailabilityZone": {
574
+ "Fn::Select": [
575
+ 0,
576
+ {
577
+ "Fn::GetAZs": ""
578
+ }
579
+ ]
580
+ },
581
+ "CidrBlock": "10.0.0.0/17",
582
+ "MapPublicIpOnLaunch": true,
583
+ "Tags": [
584
+ {
585
+ "Key": "app",
586
+ "Value": "vscode-server"
587
+ },
588
+ {
589
+ "Key": "aws-cdk:subnet-name",
590
+ "Value": "public"
591
+ },
592
+ {
593
+ "Key": "aws-cdk:subnet-type",
594
+ "Value": "Public"
595
+ },
596
+ {
597
+ "Key": "Environment",
598
+ "Value": "IntegTestCustomDomain"
599
+ },
600
+ {
601
+ "Key": "IntegTest",
602
+ "Value": "True"
603
+ },
604
+ {
605
+ "Key": "Name",
606
+ "Value": "IntegTestStackCustomDomain/IntegVSCodeServer/vpc/publicSubnet1"
607
+ }
608
+ ],
609
+ "VpcId": {
610
+ "Ref": "IntegVSCodeServervpc93DDE887"
611
+ }
612
+ },
613
+ "Metadata": {
614
+ "cdk_nag": {
615
+ "rules_to_suppress": [
616
+ {
617
+ "reason": "For this tmp vpc we do not need flow logs",
618
+ "id": "AwsSolutions-VPC7"
619
+ }
620
+ ]
621
+ }
622
+ }
623
+ },
624
+ "IntegVSCodeServervpcpublicSubnet1RouteTableFD418D0B": {
625
+ "Type": "AWS::EC2::RouteTable",
626
+ "Properties": {
627
+ "Tags": [
628
+ {
629
+ "Key": "app",
630
+ "Value": "vscode-server"
631
+ },
632
+ {
633
+ "Key": "Environment",
634
+ "Value": "IntegTestCustomDomain"
635
+ },
636
+ {
637
+ "Key": "IntegTest",
638
+ "Value": "True"
639
+ },
640
+ {
641
+ "Key": "Name",
642
+ "Value": "IntegTestStackCustomDomain/IntegVSCodeServer/vpc/publicSubnet1"
643
+ }
644
+ ],
645
+ "VpcId": {
646
+ "Ref": "IntegVSCodeServervpc93DDE887"
647
+ }
648
+ },
649
+ "Metadata": {
650
+ "cdk_nag": {
651
+ "rules_to_suppress": [
652
+ {
653
+ "reason": "For this tmp vpc we do not need flow logs",
654
+ "id": "AwsSolutions-VPC7"
655
+ }
656
+ ]
657
+ }
658
+ }
659
+ },
660
+ "IntegVSCodeServervpcpublicSubnet1RouteTableAssociation599AB80D": {
661
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
662
+ "Properties": {
663
+ "RouteTableId": {
664
+ "Ref": "IntegVSCodeServervpcpublicSubnet1RouteTableFD418D0B"
665
+ },
666
+ "SubnetId": {
667
+ "Ref": "IntegVSCodeServervpcpublicSubnet1Subnet928029A1"
668
+ }
669
+ },
670
+ "Metadata": {
671
+ "cdk_nag": {
672
+ "rules_to_suppress": [
673
+ {
674
+ "reason": "For this tmp vpc we do not need flow logs",
675
+ "id": "AwsSolutions-VPC7"
676
+ }
677
+ ]
678
+ }
679
+ }
680
+ },
681
+ "IntegVSCodeServervpcpublicSubnet1DefaultRoute36845B30": {
682
+ "Type": "AWS::EC2::Route",
683
+ "Properties": {
684
+ "DestinationCidrBlock": "0.0.0.0/0",
685
+ "GatewayId": {
686
+ "Ref": "IntegVSCodeServervpcIGW960F6D83"
687
+ },
688
+ "RouteTableId": {
689
+ "Ref": "IntegVSCodeServervpcpublicSubnet1RouteTableFD418D0B"
690
+ }
691
+ },
692
+ "DependsOn": [
693
+ "IntegVSCodeServervpcVPCGWA7CDED90"
694
+ ],
695
+ "Metadata": {
696
+ "cdk_nag": {
697
+ "rules_to_suppress": [
698
+ {
699
+ "reason": "For this tmp vpc we do not need flow logs",
700
+ "id": "AwsSolutions-VPC7"
701
+ }
702
+ ]
703
+ }
704
+ }
705
+ },
706
+ "IntegVSCodeServervpcpublicSubnet2SubnetE381654D": {
707
+ "Type": "AWS::EC2::Subnet",
708
+ "Properties": {
709
+ "AvailabilityZone": {
710
+ "Fn::Select": [
711
+ 1,
712
+ {
713
+ "Fn::GetAZs": ""
714
+ }
715
+ ]
716
+ },
717
+ "CidrBlock": "10.0.128.0/17",
718
+ "MapPublicIpOnLaunch": true,
719
+ "Tags": [
720
+ {
721
+ "Key": "app",
722
+ "Value": "vscode-server"
723
+ },
724
+ {
725
+ "Key": "aws-cdk:subnet-name",
726
+ "Value": "public"
727
+ },
728
+ {
729
+ "Key": "aws-cdk:subnet-type",
730
+ "Value": "Public"
731
+ },
732
+ {
733
+ "Key": "Environment",
734
+ "Value": "IntegTestCustomDomain"
735
+ },
736
+ {
737
+ "Key": "IntegTest",
738
+ "Value": "True"
739
+ },
740
+ {
741
+ "Key": "Name",
742
+ "Value": "IntegTestStackCustomDomain/IntegVSCodeServer/vpc/publicSubnet2"
743
+ }
744
+ ],
745
+ "VpcId": {
746
+ "Ref": "IntegVSCodeServervpc93DDE887"
747
+ }
748
+ },
749
+ "Metadata": {
750
+ "cdk_nag": {
751
+ "rules_to_suppress": [
752
+ {
753
+ "reason": "For this tmp vpc we do not need flow logs",
754
+ "id": "AwsSolutions-VPC7"
755
+ }
756
+ ]
757
+ }
758
+ }
759
+ },
760
+ "IntegVSCodeServervpcpublicSubnet2RouteTableC264EFB4": {
761
+ "Type": "AWS::EC2::RouteTable",
762
+ "Properties": {
763
+ "Tags": [
764
+ {
765
+ "Key": "app",
766
+ "Value": "vscode-server"
767
+ },
768
+ {
769
+ "Key": "Environment",
770
+ "Value": "IntegTestCustomDomain"
771
+ },
772
+ {
773
+ "Key": "IntegTest",
774
+ "Value": "True"
775
+ },
776
+ {
777
+ "Key": "Name",
778
+ "Value": "IntegTestStackCustomDomain/IntegVSCodeServer/vpc/publicSubnet2"
779
+ }
780
+ ],
781
+ "VpcId": {
782
+ "Ref": "IntegVSCodeServervpc93DDE887"
783
+ }
784
+ },
785
+ "Metadata": {
786
+ "cdk_nag": {
787
+ "rules_to_suppress": [
788
+ {
789
+ "reason": "For this tmp vpc we do not need flow logs",
790
+ "id": "AwsSolutions-VPC7"
791
+ }
792
+ ]
793
+ }
794
+ }
795
+ },
796
+ "IntegVSCodeServervpcpublicSubnet2RouteTableAssociationC62A1999": {
797
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
798
+ "Properties": {
799
+ "RouteTableId": {
800
+ "Ref": "IntegVSCodeServervpcpublicSubnet2RouteTableC264EFB4"
801
+ },
802
+ "SubnetId": {
803
+ "Ref": "IntegVSCodeServervpcpublicSubnet2SubnetE381654D"
804
+ }
805
+ },
806
+ "Metadata": {
807
+ "cdk_nag": {
808
+ "rules_to_suppress": [
809
+ {
810
+ "reason": "For this tmp vpc we do not need flow logs",
811
+ "id": "AwsSolutions-VPC7"
812
+ }
813
+ ]
814
+ }
815
+ }
816
+ },
817
+ "IntegVSCodeServervpcpublicSubnet2DefaultRouteEAD8BC23": {
818
+ "Type": "AWS::EC2::Route",
819
+ "Properties": {
820
+ "DestinationCidrBlock": "0.0.0.0/0",
821
+ "GatewayId": {
822
+ "Ref": "IntegVSCodeServervpcIGW960F6D83"
823
+ },
824
+ "RouteTableId": {
825
+ "Ref": "IntegVSCodeServervpcpublicSubnet2RouteTableC264EFB4"
826
+ }
827
+ },
828
+ "DependsOn": [
829
+ "IntegVSCodeServervpcVPCGWA7CDED90"
830
+ ],
831
+ "Metadata": {
832
+ "cdk_nag": {
833
+ "rules_to_suppress": [
834
+ {
835
+ "reason": "For this tmp vpc we do not need flow logs",
836
+ "id": "AwsSolutions-VPC7"
837
+ }
838
+ ]
839
+ }
840
+ }
841
+ },
842
+ "IntegVSCodeServervpcIGW960F6D83": {
843
+ "Type": "AWS::EC2::InternetGateway",
844
+ "Properties": {
845
+ "Tags": [
846
+ {
847
+ "Key": "app",
848
+ "Value": "vscode-server"
849
+ },
850
+ {
851
+ "Key": "Environment",
852
+ "Value": "IntegTestCustomDomain"
853
+ },
854
+ {
855
+ "Key": "IntegTest",
856
+ "Value": "True"
857
+ },
858
+ {
859
+ "Key": "Name",
860
+ "Value": "IntegTestStackCustomDomain/IntegVSCodeServer/vpc"
861
+ }
862
+ ]
863
+ },
864
+ "Metadata": {
865
+ "cdk_nag": {
866
+ "rules_to_suppress": [
867
+ {
868
+ "reason": "For this tmp vpc we do not need flow logs",
869
+ "id": "AwsSolutions-VPC7"
870
+ }
871
+ ]
872
+ }
873
+ }
874
+ },
875
+ "IntegVSCodeServervpcVPCGWA7CDED90": {
876
+ "Type": "AWS::EC2::VPCGatewayAttachment",
877
+ "Properties": {
878
+ "InternetGatewayId": {
879
+ "Ref": "IntegVSCodeServervpcIGW960F6D83"
880
+ },
881
+ "VpcId": {
882
+ "Ref": "IntegVSCodeServervpc93DDE887"
883
+ }
884
+ },
885
+ "Metadata": {
886
+ "cdk_nag": {
887
+ "rules_to_suppress": [
888
+ {
889
+ "reason": "For this tmp vpc we do not need flow logs",
890
+ "id": "AwsSolutions-VPC7"
891
+ }
892
+ ]
893
+ }
894
+ }
895
+ },
896
+ "IntegVSCodeServervpcRestrictDefaultSecurityGroupCustomResourceF6EA8ED1": {
897
+ "Type": "Custom::VpcRestrictDefaultSG",
898
+ "Properties": {
899
+ "ServiceToken": {
900
+ "Fn::GetAtt": [
901
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
902
+ "Arn"
903
+ ]
904
+ },
905
+ "DefaultSecurityGroupId": {
906
+ "Fn::GetAtt": [
907
+ "IntegVSCodeServervpc93DDE887",
908
+ "DefaultSecurityGroup"
909
+ ]
910
+ },
911
+ "Account": {
912
+ "Ref": "AWS::AccountId"
913
+ }
914
+ },
915
+ "UpdateReplacePolicy": "Delete",
916
+ "DeletionPolicy": "Delete",
917
+ "Metadata": {
918
+ "cdk_nag": {
919
+ "rules_to_suppress": [
920
+ {
921
+ "reason": "For this tmp vpc we do not need flow logs",
922
+ "id": "AwsSolutions-VPC7"
923
+ }
924
+ ]
925
+ }
926
+ }
927
+ },
928
+ "IntegVSCodeServercftoserversgFFE586B0": {
929
+ "Type": "AWS::EC2::SecurityGroup",
930
+ "Properties": {
931
+ "GroupDescription": "SG for VSCodeServer - only allow CloudFront ingress",
932
+ "GroupName": "cloudfront-to-vscode-server",
933
+ "SecurityGroupEgress": [
934
+ {
935
+ "CidrIp": "0.0.0.0/0",
936
+ "Description": "Allow all outbound traffic by default",
937
+ "IpProtocol": "-1"
938
+ }
939
+ ],
940
+ "Tags": [
941
+ {
942
+ "Key": "app",
943
+ "Value": "vscode-server"
944
+ },
945
+ {
946
+ "Key": "Environment",
947
+ "Value": "IntegTestCustomDomain"
948
+ },
949
+ {
950
+ "Key": "IntegTest",
951
+ "Value": "True"
952
+ }
953
+ ],
954
+ "VpcId": {
955
+ "Ref": "IntegVSCodeServervpc93DDE887"
956
+ }
957
+ }
958
+ },
959
+ "IntegVSCodeServercftoserversgfromIndirectPeer80C4F51713": {
960
+ "Type": "AWS::EC2::SecurityGroupIngress",
961
+ "Properties": {
962
+ "Description": "Allow HTTP from com.amazonaws.global.cloudfront.origin-facing",
963
+ "FromPort": 80,
964
+ "GroupId": {
965
+ "Fn::GetAtt": [
966
+ "IntegVSCodeServercftoserversgFFE586B0",
967
+ "GroupId"
968
+ ]
969
+ },
970
+ "IpProtocol": "tcp",
971
+ "SourcePrefixListId": {
972
+ "Fn::GetAtt": [
973
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdF0821FFC",
974
+ "PrefixLists.0.PrefixListId"
975
+ ]
976
+ },
977
+ "ToPort": 80
978
+ }
979
+ },
980
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdLogGroup171C2803": {
981
+ "Type": "AWS::Logs::LogGroup",
982
+ "Properties": {
983
+ "RetentionInDays": 1,
984
+ "Tags": [
985
+ {
986
+ "Key": "app",
987
+ "Value": "vscode-server"
988
+ },
989
+ {
990
+ "Key": "Environment",
991
+ "Value": "IntegTestCustomDomain"
992
+ },
993
+ {
994
+ "Key": "IntegTest",
995
+ "Value": "True"
996
+ }
997
+ ]
998
+ },
999
+ "UpdateReplacePolicy": "Delete",
1000
+ "DeletionPolicy": "Delete",
1001
+ "Metadata": {
1002
+ "cdk_nag": {
1003
+ "rules_to_suppress": [
1004
+ {
1005
+ "reason": "For this provider wildcards are fine",
1006
+ "id": "AwsSolutions-IAM5"
1007
+ }
1008
+ ]
1009
+ }
1010
+ }
1011
+ },
1012
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1": {
1013
+ "Type": "AWS::IAM::Role",
1014
+ "Properties": {
1015
+ "AssumeRolePolicyDocument": {
1016
+ "Statement": [
1017
+ {
1018
+ "Action": "sts:AssumeRole",
1019
+ "Effect": "Allow",
1020
+ "Principal": {
1021
+ "Service": "lambda.amazonaws.com"
1022
+ }
1023
+ }
1024
+ ],
1025
+ "Version": "2012-10-17"
1026
+ }
1027
+ },
1028
+ "Metadata": {
1029
+ "cdk_nag": {
1030
+ "rules_to_suppress": [
1031
+ {
1032
+ "reason": "For this provider wildcards are fine",
1033
+ "id": "AwsSolutions-IAM5"
1034
+ }
1035
+ ]
1036
+ }
1037
+ }
1038
+ },
1039
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdF0821FFC": {
1040
+ "Type": "Custom::AWS",
1041
+ "Properties": {
1042
+ "ServiceToken": {
1043
+ "Fn::GetAtt": [
1044
+ "AWS679f53fac002430cb0da5b7982bd22872D164C4C",
1045
+ "Arn"
1046
+ ]
1047
+ },
1048
+ "Create": "{\"service\":\"@aws-sdk/client-ec2\",\"action\":\"DescribeManagedPrefixListsCommand\",\"parameters\":{\"Filters\":[{\"Name\":\"prefix-list-name\",\"Values\":[\"com.amazonaws.global.cloudfront.origin-facing\"]}]},\"physicalResourceId\":{\"id\":\"cf-prefixlistId-c89c3883f6372588\"}}",
1049
+ "Update": "{\"service\":\"@aws-sdk/client-ec2\",\"action\":\"DescribeManagedPrefixListsCommand\",\"parameters\":{\"Filters\":[{\"Name\":\"prefix-list-name\",\"Values\":[\"com.amazonaws.global.cloudfront.origin-facing\"]}]},\"physicalResourceId\":{\"id\":\"cf-prefixlistId-c89c3883f6372588\"}}",
1050
+ "InstallLatestAwsSdk": false
1051
+ },
1052
+ "DependsOn": [
1053
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdCustomResourcePolicyAB3F4958"
1054
+ ],
1055
+ "UpdateReplacePolicy": "Delete",
1056
+ "DeletionPolicy": "Delete",
1057
+ "Metadata": {
1058
+ "cdk_nag": {
1059
+ "rules_to_suppress": [
1060
+ {
1061
+ "reason": "For this provider wildcards are fine",
1062
+ "id": "AwsSolutions-IAM5"
1063
+ }
1064
+ ]
1065
+ }
1066
+ }
1067
+ },
1068
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdCustomResourcePolicyAB3F4958": {
1069
+ "Type": "AWS::IAM::Policy",
1070
+ "Properties": {
1071
+ "PolicyDocument": {
1072
+ "Statement": [
1073
+ {
1074
+ "Action": "ec2:DescribeManagedPrefixLists",
1075
+ "Effect": "Allow",
1076
+ "Resource": "*"
1077
+ }
1078
+ ],
1079
+ "Version": "2012-10-17"
1080
+ },
1081
+ "PolicyName": "IntegVSCodeServercfprefixlistIdGetPrefixListIdCustomResourcePolicyAB3F4958",
1082
+ "Roles": [
1083
+ {
1084
+ "Ref": "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1"
1085
+ }
1086
+ ]
1087
+ },
1088
+ "Metadata": {
1089
+ "cdk_nag": {
1090
+ "rules_to_suppress": [
1091
+ {
1092
+ "reason": "For this provider wildcards are fine",
1093
+ "id": "AwsSolutions-IAM5"
1094
+ }
1095
+ ]
1096
+ }
1097
+ }
1098
+ },
1099
+ "IntegVSCodeServerserverinstancerole7745B5BB": {
1100
+ "Type": "AWS::IAM::Role",
1101
+ "Properties": {
1102
+ "AssumeRolePolicyDocument": {
1103
+ "Statement": [
1104
+ {
1105
+ "Action": "sts:AssumeRole",
1106
+ "Effect": "Allow",
1107
+ "Principal": {
1108
+ "Service": [
1109
+ "ec2.amazonaws.com",
1110
+ "ssm.amazonaws.com"
1111
+ ]
1112
+ }
1113
+ }
1114
+ ],
1115
+ "Version": "2012-10-17"
1116
+ },
1117
+ "ManagedPolicyArns": [
1118
+ {
1119
+ "Fn::Join": [
1120
+ "",
1121
+ [
1122
+ "arn:",
1123
+ {
1124
+ "Ref": "AWS::Partition"
1125
+ },
1126
+ ":iam::aws:policy/AmazonSSMManagedInstanceCore"
1127
+ ]
1128
+ ]
1129
+ },
1130
+ {
1131
+ "Fn::Join": [
1132
+ "",
1133
+ [
1134
+ "arn:",
1135
+ {
1136
+ "Ref": "AWS::Partition"
1137
+ },
1138
+ ":iam::aws:policy/CloudWatchAgentServerPolicy"
1139
+ ]
1140
+ ]
1141
+ },
1142
+ {
1143
+ "Fn::Join": [
1144
+ "",
1145
+ [
1146
+ "arn:",
1147
+ {
1148
+ "Ref": "AWS::Partition"
1149
+ },
1150
+ ":iam::aws:policy/AmazonQDeveloperAccess"
1151
+ ]
1152
+ ]
1153
+ },
1154
+ {
1155
+ "Fn::Join": [
1156
+ "",
1157
+ [
1158
+ "arn:",
1159
+ {
1160
+ "Ref": "AWS::Partition"
1161
+ },
1162
+ ":iam::aws:policy/ReadOnlyAccess"
1163
+ ]
1164
+ ]
1165
+ }
1166
+ ],
1167
+ "Policies": [
1168
+ {
1169
+ "PolicyDocument": {
1170
+ "Statement": [
1171
+ {
1172
+ "Action": [
1173
+ "iam:AddRoleToInstanceProfile",
1174
+ "iam:AttachRolePolicy",
1175
+ "iam:CreateRole",
1176
+ "iam:CreateServiceLinkedRole",
1177
+ "iam:DeleteRole",
1178
+ "iam:DeleteRolePermissionsBoundary",
1179
+ "iam:DeleteRolePolicy",
1180
+ "iam:DeleteServiceLinkedRole",
1181
+ "iam:DetachRolePolicy",
1182
+ "iam:GetRole",
1183
+ "iam:GetRolePolicy",
1184
+ "iam:GetServiceLinkedRoleDeletionStatus",
1185
+ "iam:ListAttachedRolePolicies",
1186
+ "iam:ListInstanceProfilesForRole",
1187
+ "iam:ListRolePolicies",
1188
+ "iam:ListRoleTags",
1189
+ "iam:ListRoles",
1190
+ "iam:PutRolePermissionsBoundary",
1191
+ "iam:PutRolePolicy",
1192
+ "iam:RemoveRoleFromInstanceProfile",
1193
+ "iam:TagRole",
1194
+ "iam:UntagRole",
1195
+ "iam:UpdateAssumeRolePolicy",
1196
+ "iam:UpdateRole",
1197
+ "iam:UpdateRoleDescription",
1198
+ "sts:AssumeRole"
1199
+ ],
1200
+ "Effect": "Allow",
1201
+ "Resource": {
1202
+ "Fn::Join": [
1203
+ "",
1204
+ [
1205
+ "arn:aws:iam::",
1206
+ {
1207
+ "Ref": "AWS::AccountId"
1208
+ },
1209
+ ":role/cdk-*"
1210
+ ]
1211
+ ]
1212
+ },
1213
+ "Sid": "StsAccess"
1214
+ },
1215
+ {
1216
+ "Action": "iam:PassRole",
1217
+ "Condition": {
1218
+ "StringLike": {
1219
+ "iam:PassedToService": "cloudformation.amazonaws.com"
1220
+ }
1221
+ },
1222
+ "Effect": "Allow",
1223
+ "Resource": {
1224
+ "Fn::Join": [
1225
+ "",
1226
+ [
1227
+ "arn:aws:iam::",
1228
+ {
1229
+ "Ref": "AWS::AccountId"
1230
+ },
1231
+ ":role/cdk-*"
1232
+ ]
1233
+ ]
1234
+ }
1235
+ },
1236
+ {
1237
+ "Action": "cloudformation:*",
1238
+ "Effect": "Allow",
1239
+ "Resource": {
1240
+ "Fn::Join": [
1241
+ "",
1242
+ [
1243
+ "arn:aws:cloudformation:*:",
1244
+ {
1245
+ "Ref": "AWS::AccountId"
1246
+ },
1247
+ ":stack/CDKToolkit/*"
1248
+ ]
1249
+ ]
1250
+ }
1251
+ },
1252
+ {
1253
+ "Action": [
1254
+ "cloudformation:CreateChangeSet",
1255
+ "cloudformation:DeleteChangeSet",
1256
+ "cloudformation:ExecuteChangeSet",
1257
+ "ec2:DescribeInstances",
1258
+ "ec2:DescribeVolumesModifications*",
1259
+ "ec2:ModifyVolume"
1260
+ ],
1261
+ "Effect": "Allow",
1262
+ "Resource": "*"
1263
+ },
1264
+ {
1265
+ "Action": "s3:*",
1266
+ "Effect": "Allow",
1267
+ "Resource": "*",
1268
+ "Sid": "S3Access"
1269
+ },
1270
+ {
1271
+ "Action": [
1272
+ "ecr:CreateRepository",
1273
+ "ecr:DeleteRepository",
1274
+ "ecr:DescribeRepositories",
1275
+ "ecr:GetLifecyclePolicy",
1276
+ "ecr:PutImageScanningConfiguration",
1277
+ "ecr:PutLifecyclePolicy",
1278
+ "ecr:SetRepositoryPolicy"
1279
+ ],
1280
+ "Effect": "Allow",
1281
+ "Resource": {
1282
+ "Fn::Join": [
1283
+ "",
1284
+ [
1285
+ "arn:aws:ecr:*:",
1286
+ {
1287
+ "Ref": "AWS::AccountId"
1288
+ },
1289
+ ":repository/cdk-*"
1290
+ ]
1291
+ ]
1292
+ },
1293
+ "Sid": "ECRAccess"
1294
+ },
1295
+ {
1296
+ "Action": [
1297
+ "ssm:DeleteParameter*",
1298
+ "ssm:GetParameter*",
1299
+ "ssm:PutParameter*"
1300
+ ],
1301
+ "Effect": "Allow",
1302
+ "Resource": {
1303
+ "Fn::Join": [
1304
+ "",
1305
+ [
1306
+ "arn:aws:ssm:*:",
1307
+ {
1308
+ "Ref": "AWS::AccountId"
1309
+ },
1310
+ ":parameter/cdk-bootstrap/*"
1311
+ ]
1312
+ ]
1313
+ }
1314
+ },
1315
+ {
1316
+ "Action": [
1317
+ "codepipeline:DisableStageTransition",
1318
+ "codepipeline:EnableStageTransition",
1319
+ "codepipeline:StartPipelineExecution",
1320
+ "codepipeline:StopPipelineExecution",
1321
+ "codepipeline:UpdatePipeline"
1322
+ ],
1323
+ "Effect": "Allow",
1324
+ "Resource": {
1325
+ "Fn::Join": [
1326
+ "",
1327
+ [
1328
+ "arn:aws:codepipeline:*:",
1329
+ {
1330
+ "Ref": "AWS::AccountId"
1331
+ },
1332
+ ":*/*"
1333
+ ]
1334
+ ]
1335
+ }
1336
+ },
1337
+ {
1338
+ "Action": "kms:Decrypt",
1339
+ "Effect": "Allow",
1340
+ "Resource": {
1341
+ "Fn::Join": [
1342
+ "",
1343
+ [
1344
+ "arn:aws:kms:*:",
1345
+ {
1346
+ "Ref": "AWS::AccountId"
1347
+ },
1348
+ ":key/*"
1349
+ ]
1350
+ ]
1351
+ }
1352
+ }
1353
+ ],
1354
+ "Version": "2012-10-17"
1355
+ },
1356
+ "PolicyName": "VSCodeInstanceInlinePolicy"
1357
+ }
1358
+ ]
1359
+ },
1360
+ "Metadata": {
1361
+ "cdk_nag": {
1362
+ "rules_to_suppress": [
1363
+ {
1364
+ "reason": "For this tmp role we do not need to restrict managed policies",
1365
+ "id": "AwsSolutions-IAM4"
1366
+ },
1367
+ {
1368
+ "reason": "For this tmp role the wildcards are fine",
1369
+ "id": "AwsSolutions-IAM5"
1370
+ }
1371
+ ]
1372
+ }
1373
+ }
1374
+ },
1375
+ "IntegVSCodeServerserverinstanceInstanceProfile6130979E": {
1376
+ "Type": "AWS::IAM::InstanceProfile",
1377
+ "Properties": {
1378
+ "Roles": [
1379
+ {
1380
+ "Ref": "IntegVSCodeServerserverinstancerole7745B5BB"
1381
+ }
1382
+ ]
1383
+ },
1384
+ "Metadata": {
1385
+ "cdk_nag": {
1386
+ "rules_to_suppress": [
1387
+ {
1388
+ "reason": "For this tmp instance we do not need an asg",
1389
+ "id": "AwsSolutions-EC29"
1390
+ }
1391
+ ]
1392
+ }
1393
+ }
1394
+ },
1395
+ "IntegVSCodeServerserverinstance0A3D62D7": {
1396
+ "Type": "AWS::EC2::Instance",
1397
+ "Properties": {
1398
+ "AvailabilityZone": {
1399
+ "Fn::Select": [
1400
+ 0,
1401
+ {
1402
+ "Fn::GetAZs": ""
1403
+ }
1404
+ ]
1405
+ },
1406
+ "BlockDeviceMappings": [
1407
+ {
1408
+ "DeviceName": "/dev/sda1",
1409
+ "Ebs": {
1410
+ "DeleteOnTermination": true,
1411
+ "Encrypted": true,
1412
+ "VolumeSize": 40,
1413
+ "VolumeType": "gp3"
1414
+ }
1415
+ }
1416
+ ],
1417
+ "IamInstanceProfile": {
1418
+ "Ref": "IntegVSCodeServerserverinstanceInstanceProfile6130979E"
1419
+ },
1420
+ "ImageId": {
1421
+ "Ref": "SsmParameterValueawsservicecanonicalubuntuserverjammystablecurrentarm64hvmebsgp2amiidC96584B6F00A464EAD1953AFF4B05118Parameter"
1422
+ },
1423
+ "InstanceType": "m7g.xlarge",
1424
+ "LaunchTemplate": {
1425
+ "LaunchTemplateName": "IntegTestStackCustomDomainIntegVSCodeServerserverinstanceLaunchTemplate2E30ED0B",
1426
+ "Version": {
1427
+ "Fn::GetAtt": [
1428
+ "IntegVSCodeServerserverinstanceLaunchTemplate43932ED3",
1429
+ "LatestVersionNumber"
1430
+ ]
1431
+ }
1432
+ },
1433
+ "Monitoring": true,
1434
+ "NetworkInterfaces": [
1435
+ {
1436
+ "AssociatePublicIpAddress": true,
1437
+ "DeviceIndex": "0",
1438
+ "GroupSet": [
1439
+ {
1440
+ "Fn::GetAtt": [
1441
+ "IntegVSCodeServercftoserversgFFE586B0",
1442
+ "GroupId"
1443
+ ]
1444
+ }
1445
+ ],
1446
+ "SubnetId": {
1447
+ "Ref": "IntegVSCodeServervpcpublicSubnet1Subnet928029A1"
1448
+ }
1449
+ }
1450
+ ],
1451
+ "Tags": [
1452
+ {
1453
+ "Key": "app",
1454
+ "Value": "vscode-server"
1455
+ },
1456
+ {
1457
+ "Key": "Environment",
1458
+ "Value": "IntegTestCustomDomain"
1459
+ },
1460
+ {
1461
+ "Key": "IntegTest",
1462
+ "Value": "True"
1463
+ },
1464
+ {
1465
+ "Key": "Name",
1466
+ "Value": "VSCodeServer"
1467
+ }
1468
+ ],
1469
+ "UserData": {
1470
+ "Fn::Base64": "\n #cloud-config\n hostname: VSCodeServer\n runcmd:\n - mkdir -p /Workshop && chown -R participant:participant /Workshop\n "
1471
+ }
1472
+ },
1473
+ "DependsOn": [
1474
+ "IntegVSCodeServerserverinstancerole7745B5BB",
1475
+ "IntegVSCodeServervpcpublicSubnet1DefaultRoute36845B30",
1476
+ "IntegVSCodeServervpcpublicSubnet1RouteTableAssociation599AB80D",
1477
+ "IntegVSCodeServervpcpublicSubnet2DefaultRouteEAD8BC23",
1478
+ "IntegVSCodeServervpcpublicSubnet2RouteTableAssociationC62A1999"
1479
+ ],
1480
+ "Metadata": {
1481
+ "cdk_nag": {
1482
+ "rules_to_suppress": [
1483
+ {
1484
+ "reason": "For this tmp instance we do not need an asg",
1485
+ "id": "AwsSolutions-EC29"
1486
+ }
1487
+ ]
1488
+ }
1489
+ }
1490
+ },
1491
+ "IntegVSCodeServerserverinstanceLaunchTemplate43932ED3": {
1492
+ "Type": "AWS::EC2::LaunchTemplate",
1493
+ "Properties": {
1494
+ "LaunchTemplateData": {
1495
+ "MetadataOptions": {
1496
+ "HttpTokens": "required"
1497
+ }
1498
+ },
1499
+ "LaunchTemplateName": "IntegTestStackCustomDomainIntegVSCodeServerserverinstanceLaunchTemplate2E30ED0B"
1500
+ }
1501
+ },
1502
+ "IntegVSCodeServercfcachepolicy8F5F1F69": {
1503
+ "Type": "AWS::CloudFront::CachePolicy",
1504
+ "Properties": {
1505
+ "CachePolicyConfig": {
1506
+ "Comment": "Cache policy for VSCodeServer",
1507
+ "DefaultTTL": 86400,
1508
+ "MaxTTL": 31536000,
1509
+ "MinTTL": 1,
1510
+ "Name": "cf-cache-policy-vscodeserver-IntegTestStackCustomDomain",
1511
+ "ParametersInCacheKeyAndForwardedToOrigin": {
1512
+ "CookiesConfig": {
1513
+ "CookieBehavior": "all"
1514
+ },
1515
+ "EnableAcceptEncodingBrotli": false,
1516
+ "EnableAcceptEncodingGzip": false,
1517
+ "HeadersConfig": {
1518
+ "HeaderBehavior": "whitelist",
1519
+ "Headers": [
1520
+ "Accept-Charset",
1521
+ "Authorization",
1522
+ "Origin",
1523
+ "Accept",
1524
+ "Referer",
1525
+ "Host",
1526
+ "Accept-Language",
1527
+ "Accept-Encoding",
1528
+ "Accept-Datetime"
1529
+ ]
1530
+ },
1531
+ "QueryStringsConfig": {
1532
+ "QueryStringBehavior": "all"
1533
+ }
1534
+ }
1535
+ }
1536
+ }
1537
+ },
1538
+ "IntegVSCodeServercfdistributionFDBE873F": {
1539
+ "Type": "AWS::CloudFront::Distribution",
1540
+ "Properties": {
1541
+ "DistributionConfig": {
1542
+ "Aliases": [
1543
+ "vscode-server-test.mavogel.xyz"
1544
+ ],
1545
+ "CacheBehaviors": [
1546
+ {
1547
+ "AllowedMethods": [
1548
+ "GET",
1549
+ "HEAD",
1550
+ "OPTIONS",
1551
+ "PUT",
1552
+ "PATCH",
1553
+ "POST",
1554
+ "DELETE"
1555
+ ],
1556
+ "CachePolicyId": "4135ea2d-6df8-44a3-9df3-4b5a84be39ad",
1557
+ "Compress": false,
1558
+ "OriginRequestPolicyId": "216adef6-5c7f-47e4-b989-5492eafa07d3",
1559
+ "PathPattern": "/proxy/*",
1560
+ "TargetOriginId": "Cloudfront-IntegTestStackCustomDomain-IntegTestStackCustomDomain",
1561
+ "ViewerProtocolPolicy": "allow-all"
1562
+ }
1563
+ ],
1564
+ "Comment": "Distribution for VSCodeServer",
1565
+ "DefaultCacheBehavior": {
1566
+ "AllowedMethods": [
1567
+ "GET",
1568
+ "HEAD",
1569
+ "OPTIONS",
1570
+ "PUT",
1571
+ "PATCH",
1572
+ "POST",
1573
+ "DELETE"
1574
+ ],
1575
+ "CachePolicyId": {
1576
+ "Ref": "IntegVSCodeServercfcachepolicy8F5F1F69"
1577
+ },
1578
+ "Compress": true,
1579
+ "OriginRequestPolicyId": "216adef6-5c7f-47e4-b989-5492eafa07d3",
1580
+ "TargetOriginId": "Cloudfront-IntegTestStackCustomDomain-IntegTestStackCustomDomain",
1581
+ "ViewerProtocolPolicy": "allow-all"
1582
+ },
1583
+ "Enabled": true,
1584
+ "HttpVersion": "http2and3",
1585
+ "IPV6Enabled": true,
1586
+ "Origins": [
1587
+ {
1588
+ "CustomOriginConfig": {
1589
+ "OriginProtocolPolicy": "http-only",
1590
+ "OriginSSLProtocols": [
1591
+ "TLSv1.2"
1592
+ ]
1593
+ },
1594
+ "DomainName": {
1595
+ "Fn::GetAtt": [
1596
+ "IntegVSCodeServerserverinstance0A3D62D7",
1597
+ "PublicDnsName"
1598
+ ]
1599
+ },
1600
+ "Id": "Cloudfront-IntegTestStackCustomDomain-IntegTestStackCustomDomain"
1601
+ }
1602
+ ],
1603
+ "PriceClass": "PriceClass_All",
1604
+ "ViewerCertificate": {
1605
+ "AcmCertificateArn": {
1606
+ "Fn::GetAtt": [
1607
+ "IntegVSCodeServercertificateCertificateRequestorResourceFDC04752",
1608
+ "Arn"
1609
+ ]
1610
+ },
1611
+ "MinimumProtocolVersion": "TLSv1.2_2021",
1612
+ "SslSupportMethod": "sni-only"
1613
+ }
1614
+ },
1615
+ "Tags": [
1616
+ {
1617
+ "Key": "app",
1618
+ "Value": "vscode-server"
1619
+ },
1620
+ {
1621
+ "Key": "Environment",
1622
+ "Value": "IntegTestCustomDomain"
1623
+ },
1624
+ {
1625
+ "Key": "IntegTest",
1626
+ "Value": "True"
1627
+ }
1628
+ ]
1629
+ },
1630
+ "Metadata": {
1631
+ "cdk_nag": {
1632
+ "rules_to_suppress": [
1633
+ {
1634
+ "reason": "For this tmp distribution we do not need geo restrictions",
1635
+ "id": "AwsSolutions-CFR1"
1636
+ },
1637
+ {
1638
+ "reason": "For this tmp distribution we do not need waf integration",
1639
+ "id": "AwsSolutions-CFR2"
1640
+ },
1641
+ {
1642
+ "reason": "For this tmp distribution we do not need access logging enabled",
1643
+ "id": "AwsSolutions-CFR3"
1644
+ },
1645
+ {
1646
+ "reason": "For this tmp distribution we do not need limit SSL protocols as we use the default viewer cert",
1647
+ "id": "AwsSolutions-CFR4"
1648
+ },
1649
+ {
1650
+ "reason": "For this tmp distribution we do not need limit SSL protocols as we use the default viewer cert",
1651
+ "id": "AwsSolutions-CFR5"
1652
+ }
1653
+ ]
1654
+ }
1655
+ }
1656
+ },
1657
+ "IntegVSCodeServerdomainrecord67FD9400": {
1658
+ "Type": "AWS::Route53::RecordSet",
1659
+ "Properties": {
1660
+ "AliasTarget": {
1661
+ "DNSName": {
1662
+ "Fn::GetAtt": [
1663
+ "IntegVSCodeServercfdistributionFDBE873F",
1664
+ "DomainName"
1665
+ ]
1666
+ },
1667
+ "HostedZoneId": {
1668
+ "Fn::FindInMap": [
1669
+ "AWSCloudFrontPartitionHostedZoneIdMap",
1670
+ {
1671
+ "Ref": "AWS::Partition"
1672
+ },
1673
+ "zoneId"
1674
+ ]
1675
+ }
1676
+ },
1677
+ "HostedZoneId": "Z03751551EDMO1J40VL58",
1678
+ "Name": "vscode-server-test.mavogel.xyz.",
1679
+ "Type": "A"
1680
+ },
1681
+ "Metadata": {
1682
+ "cdk_nag": {
1683
+ "rules_to_suppress": [
1684
+ {
1685
+ "reason": "A record created for VS Code server custom domain",
1686
+ "id": "AwsSolutions-R53-1"
1687
+ }
1688
+ ]
1689
+ }
1690
+ }
1691
+ },
1692
+ "IntegVSCodeServerssmdocumentubuntuED32BACB": {
1693
+ "Type": "AWS::SSM::Document",
1694
+ "Properties": {
1695
+ "Content": {
1696
+ "schemaVersion": "2.2",
1697
+ "description": "Bootstrap VSCode code-server instance",
1698
+ "parameters": {
1699
+ "VSCodePassword": {
1700
+ "type": "String",
1701
+ "default": {
1702
+ "Ref": "AWS::StackId"
1703
+ }
1704
+ },
1705
+ "NodeVersion": {
1706
+ "type": "String",
1707
+ "default": "20",
1708
+ "allowedValues": [
1709
+ "22",
1710
+ "20",
1711
+ "18"
1712
+ ]
1713
+ },
1714
+ "DotNetVersion": {
1715
+ "type": "String",
1716
+ "default": "8.0",
1717
+ "allowedValues": [
1718
+ "8.0",
1719
+ "7.0"
1720
+ ]
1721
+ }
1722
+ },
1723
+ "mainSteps": [
1724
+ {
1725
+ "action": "aws:configurePackage",
1726
+ "name": "InstallCloudWatchAgent",
1727
+ "inputs": {
1728
+ "name": "AmazonCloudWatchAgent",
1729
+ "action": "Install"
1730
+ }
1731
+ },
1732
+ {
1733
+ "action": "aws:runDocument",
1734
+ "name": "ConfigureCloudWatchAgent",
1735
+ "inputs": {
1736
+ "documentType": "SSMDocument",
1737
+ "documentPath": "AmazonCloudWatch-ManageAgent",
1738
+ "documentParameters": {
1739
+ "action": "configure",
1740
+ "mode": "ec2",
1741
+ "optionalConfigurationSource": "default",
1742
+ "optionalRestart": "yes"
1743
+ }
1744
+ }
1745
+ },
1746
+ {
1747
+ "action": "aws:runShellScript",
1748
+ "name": "InstallAptPackagesApt",
1749
+ "inputs": {
1750
+ "runCommand": [
1751
+ "#!/bin/bash",
1752
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q apt-utils",
1753
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q needrestart unattended-upgrades",
1754
+ "sed -i 's/#$nrconf{kernelhints} = -1;/$nrconf{kernelhints} = 0;/' /etc/needrestart/needrestart.conf",
1755
+ "sed -i 's/#$nrconf{verbosity} = 2;/$nrconf{verbosity} = 0;/' /etc/needrestart/needrestart.conf",
1756
+ "sed -i \"s/#$nrconf{restart} = 'i';/$nrconf{restart} = 'a';/\" /etc/needrestart/needrestart.conf",
1757
+ "echo \"Apt helper packages added. Checking configuration\"",
1758
+ "cat /etc/needrestart/needrestart.conf"
1759
+ ]
1760
+ }
1761
+ },
1762
+ {
1763
+ "action": "aws:runShellScript",
1764
+ "name": "InstallBasePackagesApt",
1765
+ "inputs": {
1766
+ "runCommand": [
1767
+ "#!/bin/bash",
1768
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl gnupg whois argon2 openssl locales locales-all unzip apt-transport-https ca-certificates software-properties-common nginx"
1769
+ ]
1770
+ }
1771
+ },
1772
+ {
1773
+ "action": "aws:runShellScript",
1774
+ "name": "AddUserApt",
1775
+ "inputs": {
1776
+ "runCommand": [
1777
+ "#!/bin/bash",
1778
+ "echo 'Adding user: ${VSCodeUser}'",
1779
+ "adduser --disabled-password --gecos '' participant",
1780
+ "echo \"participant:{{ VSCodePassword }}\" | chpasswd",
1781
+ "usermod -aG sudo participant",
1782
+ "tee /etc/sudoers.d/91-vscode-user <<EOF\nparticipant ALL=(ALL) NOPASSWD:ALL\nEOF",
1783
+ "mkdir -p /home/participant && chown -R participant:participant /home/participant",
1784
+ "echo \"User added. Checking configuration\"",
1785
+ "getent passwd participant"
1786
+ ]
1787
+ }
1788
+ },
1789
+ {
1790
+ "action": "aws:runShellScript",
1791
+ "name": "InstallNodeApt",
1792
+ "inputs": {
1793
+ "runCommand": [
1794
+ "#!/bin/bash",
1795
+ "curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg",
1796
+ "echo \"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ NodeVersion }}.x nodistro main\" > /etc/apt/sources.list.d/nodesource.list",
1797
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q nodejs",
1798
+ "npm install -g npm@latest",
1799
+ "echo \"Node and npm installed. Checking configuration\"",
1800
+ "node -v",
1801
+ "npm -v"
1802
+ ]
1803
+ }
1804
+ },
1805
+ {
1806
+ "action": "aws:runShellScript",
1807
+ "name": "InstallDockerApt",
1808
+ "inputs": {
1809
+ "runCommand": [
1810
+ "#!/bin/bash",
1811
+ "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg",
1812
+ "echo \"deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release --codename --short) stable\" > /etc/apt/sources.list.d/docker.list",
1813
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q docker-ce docker-ce-cli containerd.io",
1814
+ "systemctl restart code-server@participant.service",
1815
+ "systemctl start docker.service",
1816
+ "echo \"Docker installed. Checking configuration\"",
1817
+ "docker --version",
1818
+ "systemctl status docker.service"
1819
+ ]
1820
+ }
1821
+ },
1822
+ {
1823
+ "action": "aws:runShellScript",
1824
+ "name": "InstallGitApt",
1825
+ "inputs": {
1826
+ "runCommand": [
1827
+ "#!/bin/bash",
1828
+ "add-apt-repository ppa:git-core/ppa",
1829
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q git",
1830
+ "sudo -u participant git config --global user.email \"participant@example.com\"",
1831
+ "sudo -u participant git config --global user.name \"Workshop participant\"",
1832
+ "sudo -u participant git config --global init.defaultBranch \"main\"",
1833
+ "echo \"Git installed. Checking configuration\"",
1834
+ "git --version"
1835
+ ]
1836
+ }
1837
+ },
1838
+ {
1839
+ "action": "aws:runShellScript",
1840
+ "name": "InstallPythonApt",
1841
+ "inputs": {
1842
+ "runCommand": [
1843
+ "#!/bin/bash",
1844
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q python3-pip python3-venv python3-boto3 python3-pytest",
1845
+ "echo 'alias pytest=pytest-3' >> /home/participant/.bashrc",
1846
+ "systemctl restart code-server@participant.service",
1847
+ "systemctl start multipathd.service packagekit.service",
1848
+ "systemctl restart unattended-upgrades.service",
1849
+ "echo \"Python and Pip installed. Checking configuration\"",
1850
+ "python3 --version",
1851
+ "pip3 --version"
1852
+ ]
1853
+ }
1854
+ },
1855
+ {
1856
+ "action": "aws:runShellScript",
1857
+ "name": "InstallAWSCLI",
1858
+ "inputs": {
1859
+ "runCommand": [
1860
+ "#!/bin/bash",
1861
+ "curl -fsSL https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip -o /tmp/aws-cli.zip",
1862
+ "unzip -q -d /tmp /tmp/aws-cli.zip",
1863
+ "sudo /tmp/aws/install",
1864
+ "rm -rf /tmp/aws",
1865
+ "echo \"AWS CLI installed. Checking configuration\"",
1866
+ "aws --version"
1867
+ ]
1868
+ }
1869
+ },
1870
+ {
1871
+ "action": "aws:runShellScript",
1872
+ "name": "ConfigureCodeServer",
1873
+ "inputs": {
1874
+ "runCommand": [
1875
+ "#!/bin/bash",
1876
+ "export HOME=/home/participant",
1877
+ "curl -fsSL https://code-server.dev/install.sh | bash -s -- 2>&1",
1878
+ "systemctl enable --now code-server@participant 2>&1",
1879
+ "tee /etc/nginx/conf.d/code-server.conf <<EOF\nserver {\n listen 80;\n listen [::]:80;\n # server_name distribution.distributionDomainName;\n server_name *.cloudfront.net vscode-server-test.mavogel.xyz;\n location / {\n proxy_pass http://localhost:8080/;\n proxy_set_header Host \\$host;\n proxy_set_header Upgrade \\$http_upgrade;\n proxy_set_header Connection upgrade;\n proxy_set_header Accept-Encoding gzip;\n }\n location /app {\n proxy_pass http://localhost:8081/app;\n proxy_set_header Host \\$host;\n proxy_set_header Upgrade \\$http_upgrade;\n proxy_set_header Connection upgrade;\n proxy_set_header Accept-Encoding gzip;\n }\n}\nEOF",
1880
+ "mkdir -p /home/participant/.config/code-server",
1881
+ "tee /home/participant/.config/code-server/config.yaml <<EOF\ncert: false\nauth: password\nhashed-password: \"$(echo -n {{ VSCodePassword }} | argon2 $(openssl rand -base64 12) -e)\"\nEOF",
1882
+ "mkdir -p /home/participant/.local/share/code-server/User/",
1883
+ "touch /home/participant/.hushlogin",
1884
+ "mkdir -p /Workshop && chown -R participant:participant /Workshop",
1885
+ "tee /home/participant/.local/share/code-server/User/settings.json <<EOF\n{\n \"extensions.autoUpdate\": false,\n \"extensions.autoCheckUpdates\": false,\n \"telemetry.telemetryLevel\": \"off\",\n \"security.workspace.trust.startupPrompt\": \"never\",\n \"security.workspace.trust.enabled\": false,\n \"security.workspace.trust.banner\": \"never\",\n \"security.workspace.trust.emptyWindow\": false,\n \"python.testing.pytestEnabled\": true,\n \"auto-run-command.rules\": [\n {\n \"command\": \"workbench.action.terminal.new\"\n }\n ]\n}\nEOF",
1886
+ "chown -R participant:participant /home/participant",
1887
+ "systemctl restart code-server@participant",
1888
+ "systemctl restart nginx",
1889
+ "sudo -u participant --login code-server --install-extension AmazonWebServices.aws-toolkit-vscode --force",
1890
+ "sudo -u participant --login code-server --install-extension AmazonWebServices.amazon-q-vscode --force",
1891
+ "sudo -u participant --login code-server --install-extension synedra.auto-run-command --force",
1892
+ "sudo -u participant --login code-server --install-extension vscjava.vscode-java-pack --force",
1893
+ "sudo -u participant --login code-server --install-extension ms-vscode.live-server --force",
1894
+ "chown -R participant:participant /home/participant",
1895
+ "echo \"Nginx installed. Checking configuration\"",
1896
+ "nginx -t 2>&1",
1897
+ "systemctl status nginx",
1898
+ "echo \"CodeServer installed. Checking configuration\"",
1899
+ "code-server -v",
1900
+ "systemctl status code-server@participant"
1901
+ ]
1902
+ }
1903
+ },
1904
+ {
1905
+ "action": "aws:runShellScript",
1906
+ "name": "UpdateProfile",
1907
+ "inputs": {
1908
+ "runCommand": [
1909
+ "#!/bin/bash",
1910
+ "echo LANG=en_US.utf-8 >> /etc/environment",
1911
+ "echo LC_ALL=en_US.UTF-8 >> /etc/environment",
1912
+ "echo 'PATH=$PATH:/home/participant/.local/bin' >> /home/participant/.bashrc",
1913
+ "echo 'export PATH' >> /home/participant/.bashrc",
1914
+ {
1915
+ "Fn::Join": [
1916
+ "",
1917
+ [
1918
+ "echo 'export AWS_REGION=",
1919
+ {
1920
+ "Ref": "AWS::Region"
1921
+ },
1922
+ "' >> /home/participant/.bashrc"
1923
+ ]
1924
+ ]
1925
+ },
1926
+ {
1927
+ "Fn::Join": [
1928
+ "",
1929
+ [
1930
+ "echo 'export AWS_ACCOUNTID=",
1931
+ {
1932
+ "Ref": "AWS::AccountId"
1933
+ },
1934
+ "' >> /home/participant/.bashrc"
1935
+ ]
1936
+ ]
1937
+ },
1938
+ "echo 'export NEXT_TELEMETRY_DISABLED=1' >> /home/participant/.bashrc",
1939
+ "echo \"export PS1='\\[\\033[01;32m\\]\\u:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '\" >> /home/participant/.bashrc",
1940
+ "chown -R participant:participant /home/participant"
1941
+ ]
1942
+ }
1943
+ },
1944
+ {
1945
+ "action": "aws:runShellScript",
1946
+ "name": "InstallCDK",
1947
+ "inputs": {
1948
+ "runCommand": [
1949
+ "#!/bin/bash",
1950
+ "npm install -g aws-cdk",
1951
+ "echo \"AWS CDK installed. Checking configuration\"",
1952
+ "cdk --version"
1953
+ ]
1954
+ }
1955
+ }
1956
+ ]
1957
+ },
1958
+ "DocumentType": "Command",
1959
+ "Name": "vscode-server-ubuntu-IntegTestStackCustomDomain",
1960
+ "Tags": [
1961
+ {
1962
+ "Key": "app",
1963
+ "Value": "vscode-server"
1964
+ },
1965
+ {
1966
+ "Key": "Environment",
1967
+ "Value": "IntegTestCustomDomain"
1968
+ },
1969
+ {
1970
+ "Key": "IntegTest",
1971
+ "Value": "True"
1972
+ }
1973
+ ]
1974
+ }
1975
+ },
1976
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF": {
1977
+ "Type": "AWS::IAM::Role",
1978
+ "Properties": {
1979
+ "AssumeRolePolicyDocument": {
1980
+ "Statement": [
1981
+ {
1982
+ "Action": "sts:AssumeRole",
1983
+ "Effect": "Allow",
1984
+ "Principal": {
1985
+ "Service": "lambda.amazonaws.com"
1986
+ }
1987
+ }
1988
+ ],
1989
+ "Version": "2012-10-17"
1990
+ },
1991
+ "ManagedPolicyArns": [
1992
+ {
1993
+ "Fn::Join": [
1994
+ "",
1995
+ [
1996
+ "arn:",
1997
+ {
1998
+ "Ref": "AWS::Partition"
1999
+ },
2000
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2001
+ ]
2002
+ ]
2003
+ }
2004
+ ]
2005
+ },
2006
+ "Metadata": {
2007
+ "cdk_nag": {
2008
+ "rules_to_suppress": [
2009
+ {
2010
+ "reason": "For this event handler we do not need to restrict managed policies",
2011
+ "id": "AwsSolutions-IAM4"
2012
+ },
2013
+ {
2014
+ "reason": "For this lambda the latest runtime is not needed",
2015
+ "id": "AwsSolutions-L1"
2016
+ }
2017
+ ]
2018
+ }
2019
+ }
2020
+ },
2021
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRoleDefaultPolicy1CAD86C2": {
2022
+ "Type": "AWS::IAM::Policy",
2023
+ "Properties": {
2024
+ "PolicyDocument": {
2025
+ "Statement": [
2026
+ {
2027
+ "Action": [
2028
+ "ssm:GetCommandInvocation",
2029
+ "ssm:ListCommandInvocations",
2030
+ "ssm:SendCommand"
2031
+ ],
2032
+ "Effect": "Allow",
2033
+ "Resource": [
2034
+ {
2035
+ "Fn::Join": [
2036
+ "",
2037
+ [
2038
+ "arn:",
2039
+ {
2040
+ "Ref": "AWS::Partition"
2041
+ },
2042
+ ":ec2:",
2043
+ {
2044
+ "Ref": "AWS::Region"
2045
+ },
2046
+ ":",
2047
+ {
2048
+ "Ref": "AWS::AccountId"
2049
+ },
2050
+ ":instance/",
2051
+ {
2052
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
2053
+ }
2054
+ ]
2055
+ ]
2056
+ },
2057
+ {
2058
+ "Fn::Join": [
2059
+ "",
2060
+ [
2061
+ "arn:",
2062
+ {
2063
+ "Ref": "AWS::Partition"
2064
+ },
2065
+ ":ssm:",
2066
+ {
2067
+ "Ref": "AWS::Region"
2068
+ },
2069
+ ":",
2070
+ {
2071
+ "Ref": "AWS::AccountId"
2072
+ },
2073
+ ":document/AmazonCloudWatch-ManageAgent"
2074
+ ]
2075
+ ]
2076
+ },
2077
+ {
2078
+ "Fn::Join": [
2079
+ "",
2080
+ [
2081
+ "arn:",
2082
+ {
2083
+ "Ref": "AWS::Partition"
2084
+ },
2085
+ ":ssm:",
2086
+ {
2087
+ "Ref": "AWS::Region"
2088
+ },
2089
+ ":",
2090
+ {
2091
+ "Ref": "AWS::AccountId"
2092
+ },
2093
+ ":document/vscode-server-ubuntu-IntegTestStackCustomDomain"
2094
+ ]
2095
+ ]
2096
+ }
2097
+ ]
2098
+ }
2099
+ ],
2100
+ "Version": "2012-10-17"
2101
+ },
2102
+ "PolicyName": "IntegVSCodeServerInstallerOnEventHandlerServiceRoleDefaultPolicy1CAD86C2",
2103
+ "Roles": [
2104
+ {
2105
+ "Ref": "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF"
2106
+ }
2107
+ ]
2108
+ }
2109
+ },
2110
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542": {
2111
+ "Type": "AWS::Lambda::Function",
2112
+ "Properties": {
2113
+ "Code": {
2114
+ "S3Bucket": {
2115
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2116
+ },
2117
+ "S3Key": "33da23274e25bd9f43638c5d83dad26e3931cbe78d462ffd9a9f565e948b4f5f.zip"
2118
+ },
2119
+ "Description": "src/installer/installer.lambda.ts",
2120
+ "Handler": "index.handler",
2121
+ "MemorySize": 512,
2122
+ "Role": {
2123
+ "Fn::GetAtt": [
2124
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF",
2125
+ "Arn"
2126
+ ]
2127
+ },
2128
+ "Runtime": "nodejs20.x",
2129
+ "Timeout": 300
2130
+ },
2131
+ "DependsOn": [
2132
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRoleDefaultPolicy1CAD86C2",
2133
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF"
2134
+ ],
2135
+ "Metadata": {
2136
+ "cdk_nag": {
2137
+ "rules_to_suppress": [
2138
+ {
2139
+ "reason": "For this event handler we do not need to restrict managed policies",
2140
+ "id": "AwsSolutions-IAM4"
2141
+ },
2142
+ {
2143
+ "reason": "For this lambda the latest runtime is not needed",
2144
+ "id": "AwsSolutions-L1"
2145
+ }
2146
+ ]
2147
+ }
2148
+ }
2149
+ },
2150
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F": {
2151
+ "Type": "AWS::IAM::Role",
2152
+ "Properties": {
2153
+ "AssumeRolePolicyDocument": {
2154
+ "Statement": [
2155
+ {
2156
+ "Action": "sts:AssumeRole",
2157
+ "Effect": "Allow",
2158
+ "Principal": {
2159
+ "Service": "lambda.amazonaws.com"
2160
+ }
2161
+ }
2162
+ ],
2163
+ "Version": "2012-10-17"
2164
+ },
2165
+ "ManagedPolicyArns": [
2166
+ {
2167
+ "Fn::Join": [
2168
+ "",
2169
+ [
2170
+ "arn:",
2171
+ {
2172
+ "Ref": "AWS::Partition"
2173
+ },
2174
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2175
+ ]
2176
+ ]
2177
+ }
2178
+ ]
2179
+ },
2180
+ "Metadata": {
2181
+ "cdk_nag": {
2182
+ "rules_to_suppress": [
2183
+ {
2184
+ "reason": "For this provider we do not need to restrict managed policies",
2185
+ "id": "AwsSolutions-IAM4"
2186
+ },
2187
+ {
2188
+ "reason": "For this provider wildcards are fine",
2189
+ "id": "AwsSolutions-IAM5"
2190
+ },
2191
+ {
2192
+ "reason": "For this provider the latest runtime is not needed",
2193
+ "id": "AwsSolutions-L1"
2194
+ }
2195
+ ]
2196
+ }
2197
+ }
2198
+ },
2199
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleDefaultPolicy3E54FC3A": {
2200
+ "Type": "AWS::IAM::Policy",
2201
+ "Properties": {
2202
+ "PolicyDocument": {
2203
+ "Statement": [
2204
+ {
2205
+ "Action": "lambda:InvokeFunction",
2206
+ "Effect": "Allow",
2207
+ "Resource": [
2208
+ {
2209
+ "Fn::GetAtt": [
2210
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2211
+ "Arn"
2212
+ ]
2213
+ },
2214
+ {
2215
+ "Fn::Join": [
2216
+ "",
2217
+ [
2218
+ {
2219
+ "Fn::GetAtt": [
2220
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2221
+ "Arn"
2222
+ ]
2223
+ },
2224
+ ":*"
2225
+ ]
2226
+ ]
2227
+ }
2228
+ ]
2229
+ },
2230
+ {
2231
+ "Action": "lambda:GetFunction",
2232
+ "Effect": "Allow",
2233
+ "Resource": {
2234
+ "Fn::GetAtt": [
2235
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2236
+ "Arn"
2237
+ ]
2238
+ }
2239
+ }
2240
+ ],
2241
+ "Version": "2012-10-17"
2242
+ },
2243
+ "PolicyName": "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleDefaultPolicy3E54FC3A",
2244
+ "Roles": [
2245
+ {
2246
+ "Ref": "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F"
2247
+ }
2248
+ ]
2249
+ },
2250
+ "Metadata": {
2251
+ "cdk_nag": {
2252
+ "rules_to_suppress": [
2253
+ {
2254
+ "reason": "For this provider we do not need to restrict managed policies",
2255
+ "id": "AwsSolutions-IAM4"
2256
+ },
2257
+ {
2258
+ "reason": "For this provider wildcards are fine",
2259
+ "id": "AwsSolutions-IAM5"
2260
+ },
2261
+ {
2262
+ "reason": "For this provider the latest runtime is not needed",
2263
+ "id": "AwsSolutions-L1"
2264
+ }
2265
+ ]
2266
+ }
2267
+ }
2268
+ },
2269
+ "IntegVSCodeServerInstallerProviderframeworkonEvent7B6C1190": {
2270
+ "Type": "AWS::Lambda::Function",
2271
+ "Properties": {
2272
+ "Code": {
2273
+ "S3Bucket": {
2274
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2275
+ },
2276
+ "S3Key": "bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"
2277
+ },
2278
+ "Description": "AWS CDK resource provider framework - onEvent (IntegTestStackCustomDomain/IntegVSCodeServer/InstallerProvider)",
2279
+ "Environment": {
2280
+ "Variables": {
2281
+ "USER_ON_EVENT_FUNCTION_ARN": {
2282
+ "Fn::GetAtt": [
2283
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2284
+ "Arn"
2285
+ ]
2286
+ }
2287
+ }
2288
+ },
2289
+ "Handler": "framework.onEvent",
2290
+ "Role": {
2291
+ "Fn::GetAtt": [
2292
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F",
2293
+ "Arn"
2294
+ ]
2295
+ },
2296
+ "Runtime": {
2297
+ "Fn::FindInMap": [
2298
+ "LatestNodeRuntimeMap",
2299
+ {
2300
+ "Ref": "AWS::Region"
2301
+ },
2302
+ "value"
2303
+ ]
2304
+ },
2305
+ "Timeout": 900
2306
+ },
2307
+ "DependsOn": [
2308
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleDefaultPolicy3E54FC3A",
2309
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F"
2310
+ ],
2311
+ "Metadata": {
2312
+ "cdk_nag": {
2313
+ "rules_to_suppress": [
2314
+ {
2315
+ "reason": "For this provider we do not need to restrict managed policies",
2316
+ "id": "AwsSolutions-IAM4"
2317
+ },
2318
+ {
2319
+ "reason": "For this provider wildcards are fine",
2320
+ "id": "AwsSolutions-IAM5"
2321
+ },
2322
+ {
2323
+ "reason": "For this provider the latest runtime is not needed",
2324
+ "id": "AwsSolutions-L1"
2325
+ }
2326
+ ]
2327
+ }
2328
+ }
2329
+ },
2330
+ "IntegVSCodeServerSSMInstallerCustomResource9F9AFE68": {
2331
+ "Type": "AWS::CloudFormation::CustomResource",
2332
+ "Properties": {
2333
+ "ServiceToken": {
2334
+ "Fn::GetAtt": [
2335
+ "IntegVSCodeServerInstallerProviderframeworkonEvent7B6C1190",
2336
+ "Arn"
2337
+ ]
2338
+ },
2339
+ "ServiceTimeout": 305,
2340
+ "InstanceId": {
2341
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
2342
+ },
2343
+ "DocumentName": "vscode-server-ubuntu-IntegTestStackCustomDomain",
2344
+ "CloudWatchLogGroupName": "/aws/ssm/vscode-server-ubuntu-IntegTestStackCustomDomain",
2345
+ "VSCodePassword": {
2346
+ "Fn::GetAtt": [
2347
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD",
2348
+ "secretPasswordValue"
2349
+ ]
2350
+ }
2351
+ },
2352
+ "UpdateReplacePolicy": "Delete",
2353
+ "DeletionPolicy": "Delete"
2354
+ },
2355
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
2356
+ "Type": "AWS::IAM::Role",
2357
+ "Properties": {
2358
+ "AssumeRolePolicyDocument": {
2359
+ "Version": "2012-10-17",
2360
+ "Statement": [
2361
+ {
2362
+ "Action": "sts:AssumeRole",
2363
+ "Effect": "Allow",
2364
+ "Principal": {
2365
+ "Service": "lambda.amazonaws.com"
2366
+ }
2367
+ }
2368
+ ]
2369
+ },
2370
+ "ManagedPolicyArns": [
2371
+ {
2372
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2373
+ }
2374
+ ],
2375
+ "Policies": [
2376
+ {
2377
+ "PolicyName": "Inline",
2378
+ "PolicyDocument": {
2379
+ "Version": "2012-10-17",
2380
+ "Statement": [
2381
+ {
2382
+ "Effect": "Allow",
2383
+ "Action": [
2384
+ "ec2:AuthorizeSecurityGroupIngress",
2385
+ "ec2:AuthorizeSecurityGroupEgress",
2386
+ "ec2:RevokeSecurityGroupIngress",
2387
+ "ec2:RevokeSecurityGroupEgress"
2388
+ ],
2389
+ "Resource": [
2390
+ {
2391
+ "Fn::Join": [
2392
+ "",
2393
+ [
2394
+ "arn:",
2395
+ {
2396
+ "Ref": "AWS::Partition"
2397
+ },
2398
+ ":ec2:",
2399
+ {
2400
+ "Ref": "AWS::Region"
2401
+ },
2402
+ ":",
2403
+ {
2404
+ "Ref": "AWS::AccountId"
2405
+ },
2406
+ ":security-group/",
2407
+ {
2408
+ "Fn::GetAtt": [
2409
+ "IntegVSCodeServervpc93DDE887",
2410
+ "DefaultSecurityGroup"
2411
+ ]
2412
+ }
2413
+ ]
2414
+ ]
2415
+ }
2416
+ ]
2417
+ }
2418
+ ]
2419
+ }
2420
+ }
2421
+ ]
2422
+ }
2423
+ },
2424
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
2425
+ "Type": "AWS::Lambda::Function",
2426
+ "Properties": {
2427
+ "Code": {
2428
+ "S3Bucket": {
2429
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2430
+ },
2431
+ "S3Key": "7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200.zip"
2432
+ },
2433
+ "Timeout": 900,
2434
+ "MemorySize": 128,
2435
+ "Handler": "__entrypoint__.handler",
2436
+ "Role": {
2437
+ "Fn::GetAtt": [
2438
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
2439
+ "Arn"
2440
+ ]
2441
+ },
2442
+ "Runtime": {
2443
+ "Fn::FindInMap": [
2444
+ "LatestNodeRuntimeMap",
2445
+ {
2446
+ "Ref": "AWS::Region"
2447
+ },
2448
+ "value"
2449
+ ]
2450
+ },
2451
+ "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
2452
+ },
2453
+ "DependsOn": [
2454
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
2455
+ ]
2456
+ },
2457
+ "AWS679f53fac002430cb0da5b7982bd22872D164C4C": {
2458
+ "Type": "AWS::Lambda::Function",
2459
+ "Properties": {
2460
+ "Code": {
2461
+ "S3Bucket": {
2462
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2463
+ },
2464
+ "S3Key": "9d043014be736e8162bcc7ec5590cc6d2ff24fd0d9c73a5c5d595151c5fdad00.zip"
2465
+ },
2466
+ "Handler": "index.handler",
2467
+ "LoggingConfig": {
2468
+ "LogGroup": {
2469
+ "Ref": "IntegVSCodeServercfprefixlistIdGetPrefixListIdLogGroup171C2803"
2470
+ }
2471
+ },
2472
+ "Role": {
2473
+ "Fn::GetAtt": [
2474
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1",
2475
+ "Arn"
2476
+ ]
2477
+ },
2478
+ "Runtime": {
2479
+ "Fn::FindInMap": [
2480
+ "LatestNodeRuntimeMap",
2481
+ {
2482
+ "Ref": "AWS::Region"
2483
+ },
2484
+ "value"
2485
+ ]
2486
+ },
2487
+ "Timeout": 120
2488
+ },
2489
+ "DependsOn": [
2490
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1"
2491
+ ]
2492
+ },
2493
+ "loginhandlerServiceRole330B0B32": {
2494
+ "Type": "AWS::IAM::Role",
2495
+ "Properties": {
2496
+ "AssumeRolePolicyDocument": {
2497
+ "Statement": [
2498
+ {
2499
+ "Action": "sts:AssumeRole",
2500
+ "Effect": "Allow",
2501
+ "Principal": {
2502
+ "Service": "lambda.amazonaws.com"
2503
+ }
2504
+ }
2505
+ ],
2506
+ "Version": "2012-10-17"
2507
+ },
2508
+ "ManagedPolicyArns": [
2509
+ {
2510
+ "Fn::Join": [
2511
+ "",
2512
+ [
2513
+ "arn:",
2514
+ {
2515
+ "Ref": "AWS::Partition"
2516
+ },
2517
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2518
+ ]
2519
+ ]
2520
+ }
2521
+ ]
2522
+ }
2523
+ },
2524
+ "loginhandler99CCCCFD": {
2525
+ "Type": "AWS::Lambda::Function",
2526
+ "Properties": {
2527
+ "Code": {
2528
+ "S3Bucket": {
2529
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2530
+ },
2531
+ "S3Key": "0ad50fc42afd768c3d0bfdd4701e43284fb077a25f19eea1e8c51a5ca36ebfe4.zip"
2532
+ },
2533
+ "Handler": "index.handler",
2534
+ "Role": {
2535
+ "Fn::GetAtt": [
2536
+ "loginhandlerServiceRole330B0B32",
2537
+ "Arn"
2538
+ ]
2539
+ },
2540
+ "Runtime": "nodejs20.x",
2541
+ "Timeout": 30
2542
+ },
2543
+ "DependsOn": [
2544
+ "loginhandlerServiceRole330B0B32"
2545
+ ]
2546
+ },
2547
+ "loginhandlerLogRetentionFD323A9B": {
2548
+ "Type": "Custom::LogRetention",
2549
+ "Properties": {
2550
+ "ServiceToken": {
2551
+ "Fn::GetAtt": [
2552
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A",
2553
+ "Arn"
2554
+ ]
2555
+ },
2556
+ "LogGroupName": {
2557
+ "Fn::Join": [
2558
+ "",
2559
+ [
2560
+ "/aws/lambda/",
2561
+ {
2562
+ "Ref": "loginhandler99CCCCFD"
2563
+ }
2564
+ ]
2565
+ ]
2566
+ },
2567
+ "RetentionInDays": 1
2568
+ }
2569
+ },
2570
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": {
2571
+ "Type": "AWS::IAM::Role",
2572
+ "Properties": {
2573
+ "AssumeRolePolicyDocument": {
2574
+ "Statement": [
2575
+ {
2576
+ "Action": "sts:AssumeRole",
2577
+ "Effect": "Allow",
2578
+ "Principal": {
2579
+ "Service": "lambda.amazonaws.com"
2580
+ }
2581
+ }
2582
+ ],
2583
+ "Version": "2012-10-17"
2584
+ },
2585
+ "ManagedPolicyArns": [
2586
+ {
2587
+ "Fn::Join": [
2588
+ "",
2589
+ [
2590
+ "arn:",
2591
+ {
2592
+ "Ref": "AWS::Partition"
2593
+ },
2594
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2595
+ ]
2596
+ ]
2597
+ }
2598
+ ]
2599
+ }
2600
+ },
2601
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": {
2602
+ "Type": "AWS::IAM::Policy",
2603
+ "Properties": {
2604
+ "PolicyDocument": {
2605
+ "Statement": [
2606
+ {
2607
+ "Action": [
2608
+ "logs:DeleteRetentionPolicy",
2609
+ "logs:PutRetentionPolicy"
2610
+ ],
2611
+ "Effect": "Allow",
2612
+ "Resource": "*"
2613
+ }
2614
+ ],
2615
+ "Version": "2012-10-17"
2616
+ },
2617
+ "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB",
2618
+ "Roles": [
2619
+ {
2620
+ "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB"
2621
+ }
2622
+ ]
2623
+ }
2624
+ },
2625
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": {
2626
+ "Type": "AWS::Lambda::Function",
2627
+ "Properties": {
2628
+ "Handler": "index.handler",
2629
+ "Runtime": {
2630
+ "Fn::FindInMap": [
2631
+ "LatestNodeRuntimeMap",
2632
+ {
2633
+ "Ref": "AWS::Region"
2634
+ },
2635
+ "value"
2636
+ ]
2637
+ },
2638
+ "Timeout": 900,
2639
+ "Code": {
2640
+ "S3Bucket": {
2641
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2642
+ },
2643
+ "S3Key": "2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d.zip"
2644
+ },
2645
+ "Role": {
2646
+ "Fn::GetAtt": [
2647
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB",
2648
+ "Arn"
2649
+ ]
2650
+ }
2651
+ },
2652
+ "DependsOn": [
2653
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB",
2654
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB"
2655
+ ]
2656
+ }
2657
+ },
2658
+ "Outputs": {
2659
+ "IntegVSCodeServerdomainName6B9F2604": {
2660
+ "Description": "The domain name of the distribution",
2661
+ "Value": "https://vscode-server-test.mavogel.xyz/?folder=/Workshop"
2662
+ },
2663
+ "IntegVSCodeServerpasswordE38D3B2C": {
2664
+ "Description": "The password for the VSCode server",
2665
+ "Value": {
2666
+ "Fn::GetAtt": [
2667
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD",
2668
+ "secretPasswordValue"
2669
+ ]
2670
+ }
2671
+ },
2672
+ "ExportsOutputRefloginhandler99CCCCFD29CE21C0": {
2673
+ "Value": {
2674
+ "Ref": "loginhandler99CCCCFD"
2675
+ },
2676
+ "Export": {
2677
+ "Name": "IntegTestStackCustomDomain:ExportsOutputRefloginhandler99CCCCFD29CE21C0"
2678
+ }
2679
+ },
2680
+ "ExportsOutputFnGetAttIntegVSCodeServerSecretRetrieverCustomResource2F3DB8BDsecretPasswordValue1223507B": {
2681
+ "Value": {
2682
+ "Fn::GetAtt": [
2683
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD",
2684
+ "secretPasswordValue"
2685
+ ]
2686
+ },
2687
+ "Export": {
2688
+ "Name": "IntegTestStackCustomDomain:ExportsOutputFnGetAttIntegVSCodeServerSecretRetrieverCustomResource2F3DB8BDsecretPasswordValue1223507B"
2689
+ }
2690
+ }
2691
+ },
2692
+ "Mappings": {
2693
+ "LatestNodeRuntimeMap": {
2694
+ "af-south-1": {
2695
+ "value": "nodejs20.x"
2696
+ },
2697
+ "ap-east-1": {
2698
+ "value": "nodejs20.x"
2699
+ },
2700
+ "ap-northeast-1": {
2701
+ "value": "nodejs20.x"
2702
+ },
2703
+ "ap-northeast-2": {
2704
+ "value": "nodejs20.x"
2705
+ },
2706
+ "ap-northeast-3": {
2707
+ "value": "nodejs20.x"
2708
+ },
2709
+ "ap-south-1": {
2710
+ "value": "nodejs20.x"
2711
+ },
2712
+ "ap-south-2": {
2713
+ "value": "nodejs20.x"
2714
+ },
2715
+ "ap-southeast-1": {
2716
+ "value": "nodejs20.x"
2717
+ },
2718
+ "ap-southeast-2": {
2719
+ "value": "nodejs20.x"
2720
+ },
2721
+ "ap-southeast-3": {
2722
+ "value": "nodejs20.x"
2723
+ },
2724
+ "ap-southeast-4": {
2725
+ "value": "nodejs20.x"
2726
+ },
2727
+ "ap-southeast-5": {
2728
+ "value": "nodejs20.x"
2729
+ },
2730
+ "ap-southeast-7": {
2731
+ "value": "nodejs20.x"
2732
+ },
2733
+ "ca-central-1": {
2734
+ "value": "nodejs20.x"
2735
+ },
2736
+ "ca-west-1": {
2737
+ "value": "nodejs20.x"
2738
+ },
2739
+ "cn-north-1": {
2740
+ "value": "nodejs20.x"
2741
+ },
2742
+ "cn-northwest-1": {
2743
+ "value": "nodejs20.x"
2744
+ },
2745
+ "eu-central-1": {
2746
+ "value": "nodejs20.x"
2747
+ },
2748
+ "eu-central-2": {
2749
+ "value": "nodejs20.x"
2750
+ },
2751
+ "eu-isoe-west-1": {
2752
+ "value": "nodejs18.x"
2753
+ },
2754
+ "eu-north-1": {
2755
+ "value": "nodejs20.x"
2756
+ },
2757
+ "eu-south-1": {
2758
+ "value": "nodejs20.x"
2759
+ },
2760
+ "eu-south-2": {
2761
+ "value": "nodejs20.x"
2762
+ },
2763
+ "eu-west-1": {
2764
+ "value": "nodejs20.x"
2765
+ },
2766
+ "eu-west-2": {
2767
+ "value": "nodejs20.x"
2768
+ },
2769
+ "eu-west-3": {
2770
+ "value": "nodejs20.x"
2771
+ },
2772
+ "il-central-1": {
2773
+ "value": "nodejs20.x"
2774
+ },
2775
+ "me-central-1": {
2776
+ "value": "nodejs20.x"
2777
+ },
2778
+ "me-south-1": {
2779
+ "value": "nodejs20.x"
2780
+ },
2781
+ "mx-central-1": {
2782
+ "value": "nodejs20.x"
2783
+ },
2784
+ "sa-east-1": {
2785
+ "value": "nodejs20.x"
2786
+ },
2787
+ "us-east-1": {
2788
+ "value": "nodejs20.x"
2789
+ },
2790
+ "us-east-2": {
2791
+ "value": "nodejs20.x"
2792
+ },
2793
+ "us-gov-east-1": {
2794
+ "value": "nodejs20.x"
2795
+ },
2796
+ "us-gov-west-1": {
2797
+ "value": "nodejs20.x"
2798
+ },
2799
+ "us-iso-east-1": {
2800
+ "value": "nodejs18.x"
2801
+ },
2802
+ "us-iso-west-1": {
2803
+ "value": "nodejs18.x"
2804
+ },
2805
+ "us-isob-east-1": {
2806
+ "value": "nodejs18.x"
2807
+ },
2808
+ "us-west-1": {
2809
+ "value": "nodejs20.x"
2810
+ },
2811
+ "us-west-2": {
2812
+ "value": "nodejs20.x"
2813
+ }
2814
+ },
2815
+ "AWSCloudFrontPartitionHostedZoneIdMap": {
2816
+ "aws": {
2817
+ "zoneId": "Z2FDTNDATAQYW2"
2818
+ },
2819
+ "aws-cn": {
2820
+ "zoneId": "Z3RFFRIM2A3IF5"
2821
+ }
2822
+ }
2823
+ },
2824
+ "Parameters": {
2825
+ "SsmParameterValueawsservicecanonicalubuntuserverjammystablecurrentarm64hvmebsgp2amiidC96584B6F00A464EAD1953AFF4B05118Parameter": {
2826
+ "Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
2827
+ "Default": "/aws/service/canonical/ubuntu/server/jammy/stable/current/arm64/hvm/ebs-gp2/ami-id"
2828
+ },
2829
+ "BootstrapVersion": {
2830
+ "Type": "AWS::SSM::Parameter::Value<String>",
2831
+ "Default": "/cdk-bootstrap/hnb659fds/version",
2832
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
2833
+ }
2834
+ },
2835
+ "Rules": {
2836
+ "CheckBootstrapVersion": {
2837
+ "Assertions": [
2838
+ {
2839
+ "Assert": {
2840
+ "Fn::Not": [
2841
+ {
2842
+ "Fn::Contains": [
2843
+ [
2844
+ "1",
2845
+ "2",
2846
+ "3",
2847
+ "4",
2848
+ "5"
2849
+ ],
2850
+ {
2851
+ "Ref": "BootstrapVersion"
2852
+ }
2853
+ ]
2854
+ }
2855
+ ]
2856
+ },
2857
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
2858
+ }
2859
+ ]
2860
+ }
2861
+ }
2862
+ }