@mavogel/cdk-vscode-server 0.0.60 → 0.0.61

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/.claude/hooks/file_checker.sh +3 -0
  2. package/.jsii +453 -30
  3. package/API.md +514 -0
  4. package/README.md +57 -0
  5. package/assets/idle-monitor/idle-monitor.lambda/index.js +110 -0
  6. package/assets/status-check/status-check.lambda/index.js +123 -0
  7. package/examples/auto-stop/main.ts +75 -0
  8. package/integ-tests/functions/idle-test-handler.ts +178 -0
  9. package/integ-tests/functions/login-handler.ts +62 -33
  10. package/integ-tests/integ.al2023.ts.snapshot/read.13497.1.lock +1 -0
  11. package/integ-tests/integ.custom-domain.ts.snapshot/read.13497.1.lock +1 -0
  12. package/integ-tests/integ.stop-on-idle.ts +175 -0
  13. package/integ-tests/integ.stop-on-idle.ts.snapshot/IntegStopOnIdleFunctionalityDefaultTestDeployAssertEECF3FC0.assets.json +33 -0
  14. package/integ-tests/integ.stop-on-idle.ts.snapshot/IntegStopOnIdleFunctionalityDefaultTestDeployAssertEECF3FC0.template.json +692 -0
  15. package/integ-tests/integ.stop-on-idle.ts.snapshot/IntegTestStackStopOnIdle.assets.json +146 -0
  16. package/integ-tests/integ.stop-on-idle.ts.snapshot/IntegTestStackStopOnIdle.template.json +3077 -0
  17. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d/index.js +1 -0
  18. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.33da23274e25bd9f43638c5d83dad26e3931cbe78d462ffd9a9f565e948b4f5f.lambda/index.js +143 -0
  19. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle/index.js +30676 -0
  20. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.781ab0ab74634cdaf61539ab208ab777829ef07097ac21f95b9e15a3b1eedc1b.lambda/index.js +57 -0
  21. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200/__entrypoint__.js +1 -0
  22. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200/index.js +1 -0
  23. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.8dd4be31c5a6cd8750dc55c07c1e2f19596f8a27b032d02c18554ed44eabe065.lambda/index.js +110 -0
  24. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.9d043014be736e8162bcc7ec5590cc6d2ff24fd0d9c73a5c5d595151c5fdad00/index.js +1 -0
  25. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +1 -0
  26. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/consts.js +1 -0
  27. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/framework.js +3 -0
  28. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/outbound.js +1 -0
  29. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +1 -0
  30. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.d061a1ca61c6339fcb77bb6fc19194a60c96bb16531eaf1e4e733b50089512ca/index.js +118 -0
  31. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9/index.js +6017 -0
  32. package/integ-tests/integ.stop-on-idle.ts.snapshot/integ.json +20 -0
  33. package/integ-tests/integ.stop-on-idle.ts.snapshot/manifest.json +1942 -0
  34. package/integ-tests/integ.stop-on-idle.ts.snapshot/tree.json +1 -0
  35. package/integ-tests/integ.ubuntu.ts.snapshot/read.13497.1.lock +1 -0
  36. package/lib/idle-monitor/idle-monitor-function.d.ts +13 -0
  37. package/lib/idle-monitor/idle-monitor-function.js +22 -0
  38. package/lib/idle-monitor/idle-monitor.d.ts +53 -0
  39. package/lib/idle-monitor/idle-monitor.js +84 -0
  40. package/lib/idle-monitor/idle-monitor.lambda.d.ts +2 -0
  41. package/lib/idle-monitor/idle-monitor.lambda.js +97 -0
  42. package/lib/index.d.ts +2 -0
  43. package/lib/index.js +3 -1
  44. package/lib/status-check/status-check-function.d.ts +13 -0
  45. package/lib/status-check/status-check-function.js +22 -0
  46. package/lib/status-check/status-check.d.ts +36 -0
  47. package/lib/status-check/status-check.js +109 -0
  48. package/lib/status-check/status-check.lambda.d.ts +2 -0
  49. package/lib/status-check/status-check.lambda.js +104 -0
  50. package/lib/vscode-server.d.ts +42 -0
  51. package/lib/vscode-server.js +51 -7
  52. package/mavogelcdkvscodeserver/go.mod +1 -1
  53. package/mavogelcdkvscodeserver/jsii/jsii.go +2 -2
  54. package/mavogelcdkvscodeserver/version +1 -1
  55. package/package.json +21 -16
package/integ-tests/integ.stop-on-idle.ts.snapshot/IntegTestStackStopOnIdle.template.json ADDED
@@ -0,0 +1,3077 @@
1
+ {
2
+ "Description": "Integration test for stop-on-idle functionality with fast execution parameters.",
3
+ "Resources": {
4
+ "IntegVSCodeServerpasswordsecret202A5DB3": {
5
+ "Type": "AWS::SecretsManager::Secret",
6
+ "Properties": {
7
+ "GenerateSecretString": {
8
+ "ExcludePunctuation": true,
9
+ "GenerateStringKey": "password",
10
+ "IncludeSpace": false,
11
+ "PasswordLength": 16,
12
+ "SecretStringTemplate": "{\"username\":\"participant\"}"
13
+ },
14
+ "Tags": [
15
+ {
16
+ "Key": "app",
17
+ "Value": "vscode-server"
18
+ },
19
+ {
20
+ "Key": "IntegTest",
21
+ "Value": "True"
22
+ },
23
+ {
24
+ "Key": "TestType",
25
+ "Value": "StopOnIdle"
26
+ }
27
+ ]
28
+ },
29
+ "UpdateReplacePolicy": "Delete",
30
+ "DeletionPolicy": "Delete",
31
+ "Metadata": {
32
+ "cdk_nag": {
33
+ "rules_to_suppress": [
34
+ {
35
+ "reason": "For this tmp vc code server we do not need password rotation",
36
+ "id": "AwsSolutions-SMG4"
37
+ }
38
+ ]
39
+ }
40
+ }
41
+ },
42
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2": {
43
+ "Type": "AWS::IAM::Role",
44
+ "Properties": {
45
+ "AssumeRolePolicyDocument": {
46
+ "Statement": [
47
+ {
48
+ "Action": "sts:AssumeRole",
49
+ "Effect": "Allow",
50
+ "Principal": {
51
+ "Service": "lambda.amazonaws.com"
52
+ }
53
+ }
54
+ ],
55
+ "Version": "2012-10-17"
56
+ },
57
+ "ManagedPolicyArns": [
58
+ {
59
+ "Fn::Join": [
60
+ "",
61
+ [
62
+ "arn:",
63
+ {
64
+ "Ref": "AWS::Partition"
65
+ },
66
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
67
+ ]
68
+ ]
69
+ }
70
+ ]
71
+ },
72
+ "Metadata": {
73
+ "cdk_nag": {
74
+ "rules_to_suppress": [
75
+ {
76
+ "reason": "For this event handler we do not need to restrict managed policies",
77
+ "id": "AwsSolutions-IAM4"
78
+ },
79
+ {
80
+ "reason": "For this lambda the latest runtime is not needed",
81
+ "id": "AwsSolutions-L1"
82
+ }
83
+ ]
84
+ }
85
+ }
86
+ },
87
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleDefaultPolicy2641E2C6": {
88
+ "Type": "AWS::IAM::Policy",
89
+ "Properties": {
90
+ "PolicyDocument": {
91
+ "Statement": [
92
+ {
93
+ "Action": "secretsmanager:GetSecretValue",
94
+ "Effect": "Allow",
95
+ "Resource": {
96
+ "Ref": "IntegVSCodeServerpasswordsecret202A5DB3"
97
+ }
98
+ }
99
+ ],
100
+ "Version": "2012-10-17"
101
+ },
102
+ "PolicyName": "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleDefaultPolicy2641E2C6",
103
+ "Roles": [
104
+ {
105
+ "Ref": "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2"
106
+ }
107
+ ]
108
+ }
109
+ },
110
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3": {
111
+ "Type": "AWS::Lambda::Function",
112
+ "Properties": {
113
+ "Code": {
114
+ "S3Bucket": {
115
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
116
+ },
117
+ "S3Key": "781ab0ab74634cdaf61539ab208ab777829ef07097ac21f95b9e15a3b1eedc1b.zip"
118
+ },
119
+ "Description": "src/secret-retriever/secret-retriever.lambda.ts",
120
+ "Handler": "index.handler",
121
+ "MemorySize": 128,
122
+ "Role": {
123
+ "Fn::GetAtt": [
124
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2",
125
+ "Arn"
126
+ ]
127
+ },
128
+ "Runtime": "nodejs20.x",
129
+ "Timeout": 10
130
+ },
131
+ "DependsOn": [
132
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleDefaultPolicy2641E2C6",
133
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2"
134
+ ],
135
+ "Metadata": {
136
+ "cdk_nag": {
137
+ "rules_to_suppress": [
138
+ {
139
+ "reason": "For this event handler we do not need to restrict managed policies",
140
+ "id": "AwsSolutions-IAM4"
141
+ },
142
+ {
143
+ "reason": "For this lambda the latest runtime is not needed",
144
+ "id": "AwsSolutions-L1"
145
+ }
146
+ ]
147
+ }
148
+ }
149
+ },
150
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64": {
151
+ "Type": "AWS::IAM::Role",
152
+ "Properties": {
153
+ "AssumeRolePolicyDocument": {
154
+ "Statement": [
155
+ {
156
+ "Action": "sts:AssumeRole",
157
+ "Effect": "Allow",
158
+ "Principal": {
159
+ "Service": "lambda.amazonaws.com"
160
+ }
161
+ }
162
+ ],
163
+ "Version": "2012-10-17"
164
+ },
165
+ "ManagedPolicyArns": [
166
+ {
167
+ "Fn::Join": [
168
+ "",
169
+ [
170
+ "arn:",
171
+ {
172
+ "Ref": "AWS::Partition"
173
+ },
174
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
175
+ ]
176
+ ]
177
+ }
178
+ ]
179
+ },
180
+ "Metadata": {
181
+ "cdk_nag": {
182
+ "rules_to_suppress": [
183
+ {
184
+ "reason": "For this provider we do not need to restrict managed policies",
185
+ "id": "AwsSolutions-IAM4"
186
+ },
187
+ {
188
+ "reason": "For this provider wildcards are fine",
189
+ "id": "AwsSolutions-IAM5"
190
+ },
191
+ {
192
+ "reason": "For this provider the latest runtime is not needed",
193
+ "id": "AwsSolutions-L1"
194
+ }
195
+ ]
196
+ }
197
+ }
198
+ },
199
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRoleDefaultPolicyEC4DCEA0": {
200
+ "Type": "AWS::IAM::Policy",
201
+ "Properties": {
202
+ "PolicyDocument": {
203
+ "Statement": [
204
+ {
205
+ "Action": "lambda:InvokeFunction",
206
+ "Effect": "Allow",
207
+ "Resource": [
208
+ {
209
+ "Fn::GetAtt": [
210
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
211
+ "Arn"
212
+ ]
213
+ },
214
+ {
215
+ "Fn::Join": [
216
+ "",
217
+ [
218
+ {
219
+ "Fn::GetAtt": [
220
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
221
+ "Arn"
222
+ ]
223
+ },
224
+ ":*"
225
+ ]
226
+ ]
227
+ }
228
+ ]
229
+ },
230
+ {
231
+ "Action": "lambda:GetFunction",
232
+ "Effect": "Allow",
233
+ "Resource": {
234
+ "Fn::GetAtt": [
235
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
236
+ "Arn"
237
+ ]
238
+ }
239
+ }
240
+ ],
241
+ "Version": "2012-10-17"
242
+ },
243
+ "PolicyName": "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRoleDefaultPolicyEC4DCEA0",
244
+ "Roles": [
245
+ {
246
+ "Ref": "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64"
247
+ }
248
+ ]
249
+ },
250
+ "Metadata": {
251
+ "cdk_nag": {
252
+ "rules_to_suppress": [
253
+ {
254
+ "reason": "For this provider we do not need to restrict managed policies",
255
+ "id": "AwsSolutions-IAM4"
256
+ },
257
+ {
258
+ "reason": "For this provider wildcards are fine",
259
+ "id": "AwsSolutions-IAM5"
260
+ },
261
+ {
262
+ "reason": "For this provider the latest runtime is not needed",
263
+ "id": "AwsSolutions-L1"
264
+ }
265
+ ]
266
+ }
267
+ }
268
+ },
269
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventCF035CA3": {
270
+ "Type": "AWS::Lambda::Function",
271
+ "Properties": {
272
+ "Code": {
273
+ "S3Bucket": {
274
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
275
+ },
276
+ "S3Key": "bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"
277
+ },
278
+ "Description": "AWS CDK resource provider framework - onEvent (IntegTestStackStopOnIdle/IntegVSCodeServer/SecretRetrieveProvider)",
279
+ "Environment": {
280
+ "Variables": {
281
+ "USER_ON_EVENT_FUNCTION_ARN": {
282
+ "Fn::GetAtt": [
283
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
284
+ "Arn"
285
+ ]
286
+ }
287
+ }
288
+ },
289
+ "Handler": "framework.onEvent",
290
+ "Role": {
291
+ "Fn::GetAtt": [
292
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64",
293
+ "Arn"
294
+ ]
295
+ },
296
+ "Runtime": {
297
+ "Fn::FindInMap": [
298
+ "LatestNodeRuntimeMap",
299
+ {
300
+ "Ref": "AWS::Region"
301
+ },
302
+ "value"
303
+ ]
304
+ },
305
+ "Timeout": 900
306
+ },
307
+ "DependsOn": [
308
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRoleDefaultPolicyEC4DCEA0",
309
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64"
310
+ ],
311
+ "Metadata": {
312
+ "cdk_nag": {
313
+ "rules_to_suppress": [
314
+ {
315
+ "reason": "For this provider we do not need to restrict managed policies",
316
+ "id": "AwsSolutions-IAM4"
317
+ },
318
+ {
319
+ "reason": "For this provider wildcards are fine",
320
+ "id": "AwsSolutions-IAM5"
321
+ },
322
+ {
323
+ "reason": "For this provider the latest runtime is not needed",
324
+ "id": "AwsSolutions-L1"
325
+ }
326
+ ]
327
+ }
328
+ }
329
+ },
330
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD": {
331
+ "Type": "AWS::CloudFormation::CustomResource",
332
+ "Properties": {
333
+ "ServiceToken": {
334
+ "Fn::GetAtt": [
335
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventCF035CA3",
336
+ "Arn"
337
+ ]
338
+ },
339
+ "ServiceTimeout": 305,
340
+ "SecretArn": {
341
+ "Ref": "IntegVSCodeServerpasswordsecret202A5DB3"
342
+ }
343
+ },
344
+ "UpdateReplacePolicy": "Delete",
345
+ "DeletionPolicy": "Delete"
346
+ },
347
+ "IntegVSCodeServervpc93DDE887": {
348
+ "Type": "AWS::EC2::VPC",
349
+ "Properties": {
350
+ "CidrBlock": "10.0.0.0/16",
351
+ "EnableDnsHostnames": true,
352
+ "EnableDnsSupport": true,
353
+ "InstanceTenancy": "default",
354
+ "Tags": [
355
+ {
356
+ "Key": "app",
357
+ "Value": "vscode-server"
358
+ },
359
+ {
360
+ "Key": "IntegTest",
361
+ "Value": "True"
362
+ },
363
+ {
364
+ "Key": "Name",
365
+ "Value": "IntegTestStackStopOnIdle/IntegVSCodeServer/vpc"
366
+ },
367
+ {
368
+ "Key": "TestType",
369
+ "Value": "StopOnIdle"
370
+ }
371
+ ]
372
+ },
373
+ "Metadata": {
374
+ "cdk_nag": {
375
+ "rules_to_suppress": [
376
+ {
377
+ "reason": "For this tmp vpc we do not need flow logs",
378
+ "id": "AwsSolutions-VPC7"
379
+ }
380
+ ]
381
+ }
382
+ }
383
+ },
384
+ "IntegVSCodeServervpcpublicSubnet1Subnet928029A1": {
385
+ "Type": "AWS::EC2::Subnet",
386
+ "Properties": {
387
+ "AvailabilityZone": {
388
+ "Fn::Select": [
389
+ 0,
390
+ {
391
+ "Fn::GetAZs": ""
392
+ }
393
+ ]
394
+ },
395
+ "CidrBlock": "10.0.0.0/17",
396
+ "MapPublicIpOnLaunch": true,
397
+ "Tags": [
398
+ {
399
+ "Key": "app",
400
+ "Value": "vscode-server"
401
+ },
402
+ {
403
+ "Key": "aws-cdk:subnet-name",
404
+ "Value": "public"
405
+ },
406
+ {
407
+ "Key": "aws-cdk:subnet-type",
408
+ "Value": "Public"
409
+ },
410
+ {
411
+ "Key": "IntegTest",
412
+ "Value": "True"
413
+ },
414
+ {
415
+ "Key": "Name",
416
+ "Value": "IntegTestStackStopOnIdle/IntegVSCodeServer/vpc/publicSubnet1"
417
+ },
418
+ {
419
+ "Key": "TestType",
420
+ "Value": "StopOnIdle"
421
+ }
422
+ ],
423
+ "VpcId": {
424
+ "Ref": "IntegVSCodeServervpc93DDE887"
425
+ }
426
+ },
427
+ "Metadata": {
428
+ "cdk_nag": {
429
+ "rules_to_suppress": [
430
+ {
431
+ "reason": "For this tmp vpc we do not need flow logs",
432
+ "id": "AwsSolutions-VPC7"
433
+ }
434
+ ]
435
+ }
436
+ }
437
+ },
438
+ "IntegVSCodeServervpcpublicSubnet1RouteTableFD418D0B": {
439
+ "Type": "AWS::EC2::RouteTable",
440
+ "Properties": {
441
+ "Tags": [
442
+ {
443
+ "Key": "app",
444
+ "Value": "vscode-server"
445
+ },
446
+ {
447
+ "Key": "IntegTest",
448
+ "Value": "True"
449
+ },
450
+ {
451
+ "Key": "Name",
452
+ "Value": "IntegTestStackStopOnIdle/IntegVSCodeServer/vpc/publicSubnet1"
453
+ },
454
+ {
455
+ "Key": "TestType",
456
+ "Value": "StopOnIdle"
457
+ }
458
+ ],
459
+ "VpcId": {
460
+ "Ref": "IntegVSCodeServervpc93DDE887"
461
+ }
462
+ },
463
+ "Metadata": {
464
+ "cdk_nag": {
465
+ "rules_to_suppress": [
466
+ {
467
+ "reason": "For this tmp vpc we do not need flow logs",
468
+ "id": "AwsSolutions-VPC7"
469
+ }
470
+ ]
471
+ }
472
+ }
473
+ },
474
+ "IntegVSCodeServervpcpublicSubnet1RouteTableAssociation599AB80D": {
475
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
476
+ "Properties": {
477
+ "RouteTableId": {
478
+ "Ref": "IntegVSCodeServervpcpublicSubnet1RouteTableFD418D0B"
479
+ },
480
+ "SubnetId": {
481
+ "Ref": "IntegVSCodeServervpcpublicSubnet1Subnet928029A1"
482
+ }
483
+ },
484
+ "Metadata": {
485
+ "cdk_nag": {
486
+ "rules_to_suppress": [
487
+ {
488
+ "reason": "For this tmp vpc we do not need flow logs",
489
+ "id": "AwsSolutions-VPC7"
490
+ }
491
+ ]
492
+ }
493
+ }
494
+ },
495
+ "IntegVSCodeServervpcpublicSubnet1DefaultRoute36845B30": {
496
+ "Type": "AWS::EC2::Route",
497
+ "Properties": {
498
+ "DestinationCidrBlock": "0.0.0.0/0",
499
+ "GatewayId": {
500
+ "Ref": "IntegVSCodeServervpcIGW960F6D83"
501
+ },
502
+ "RouteTableId": {
503
+ "Ref": "IntegVSCodeServervpcpublicSubnet1RouteTableFD418D0B"
504
+ }
505
+ },
506
+ "DependsOn": [
507
+ "IntegVSCodeServervpcVPCGWA7CDED90"
508
+ ],
509
+ "Metadata": {
510
+ "cdk_nag": {
511
+ "rules_to_suppress": [
512
+ {
513
+ "reason": "For this tmp vpc we do not need flow logs",
514
+ "id": "AwsSolutions-VPC7"
515
+ }
516
+ ]
517
+ }
518
+ }
519
+ },
520
+ "IntegVSCodeServervpcpublicSubnet2SubnetE381654D": {
521
+ "Type": "AWS::EC2::Subnet",
522
+ "Properties": {
523
+ "AvailabilityZone": {
524
+ "Fn::Select": [
525
+ 1,
526
+ {
527
+ "Fn::GetAZs": ""
528
+ }
529
+ ]
530
+ },
531
+ "CidrBlock": "10.0.128.0/17",
532
+ "MapPublicIpOnLaunch": true,
533
+ "Tags": [
534
+ {
535
+ "Key": "app",
536
+ "Value": "vscode-server"
537
+ },
538
+ {
539
+ "Key": "aws-cdk:subnet-name",
540
+ "Value": "public"
541
+ },
542
+ {
543
+ "Key": "aws-cdk:subnet-type",
544
+ "Value": "Public"
545
+ },
546
+ {
547
+ "Key": "IntegTest",
548
+ "Value": "True"
549
+ },
550
+ {
551
+ "Key": "Name",
552
+ "Value": "IntegTestStackStopOnIdle/IntegVSCodeServer/vpc/publicSubnet2"
553
+ },
554
+ {
555
+ "Key": "TestType",
556
+ "Value": "StopOnIdle"
557
+ }
558
+ ],
559
+ "VpcId": {
560
+ "Ref": "IntegVSCodeServervpc93DDE887"
561
+ }
562
+ },
563
+ "Metadata": {
564
+ "cdk_nag": {
565
+ "rules_to_suppress": [
566
+ {
567
+ "reason": "For this tmp vpc we do not need flow logs",
568
+ "id": "AwsSolutions-VPC7"
569
+ }
570
+ ]
571
+ }
572
+ }
573
+ },
574
+ "IntegVSCodeServervpcpublicSubnet2RouteTableC264EFB4": {
575
+ "Type": "AWS::EC2::RouteTable",
576
+ "Properties": {
577
+ "Tags": [
578
+ {
579
+ "Key": "app",
580
+ "Value": "vscode-server"
581
+ },
582
+ {
583
+ "Key": "IntegTest",
584
+ "Value": "True"
585
+ },
586
+ {
587
+ "Key": "Name",
588
+ "Value": "IntegTestStackStopOnIdle/IntegVSCodeServer/vpc/publicSubnet2"
589
+ },
590
+ {
591
+ "Key": "TestType",
592
+ "Value": "StopOnIdle"
593
+ }
594
+ ],
595
+ "VpcId": {
596
+ "Ref": "IntegVSCodeServervpc93DDE887"
597
+ }
598
+ },
599
+ "Metadata": {
600
+ "cdk_nag": {
601
+ "rules_to_suppress": [
602
+ {
603
+ "reason": "For this tmp vpc we do not need flow logs",
604
+ "id": "AwsSolutions-VPC7"
605
+ }
606
+ ]
607
+ }
608
+ }
609
+ },
610
+ "IntegVSCodeServervpcpublicSubnet2RouteTableAssociationC62A1999": {
611
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
612
+ "Properties": {
613
+ "RouteTableId": {
614
+ "Ref": "IntegVSCodeServervpcpublicSubnet2RouteTableC264EFB4"
615
+ },
616
+ "SubnetId": {
617
+ "Ref": "IntegVSCodeServervpcpublicSubnet2SubnetE381654D"
618
+ }
619
+ },
620
+ "Metadata": {
621
+ "cdk_nag": {
622
+ "rules_to_suppress": [
623
+ {
624
+ "reason": "For this tmp vpc we do not need flow logs",
625
+ "id": "AwsSolutions-VPC7"
626
+ }
627
+ ]
628
+ }
629
+ }
630
+ },
631
+ "IntegVSCodeServervpcpublicSubnet2DefaultRouteEAD8BC23": {
632
+ "Type": "AWS::EC2::Route",
633
+ "Properties": {
634
+ "DestinationCidrBlock": "0.0.0.0/0",
635
+ "GatewayId": {
636
+ "Ref": "IntegVSCodeServervpcIGW960F6D83"
637
+ },
638
+ "RouteTableId": {
639
+ "Ref": "IntegVSCodeServervpcpublicSubnet2RouteTableC264EFB4"
640
+ }
641
+ },
642
+ "DependsOn": [
643
+ "IntegVSCodeServervpcVPCGWA7CDED90"
644
+ ],
645
+ "Metadata": {
646
+ "cdk_nag": {
647
+ "rules_to_suppress": [
648
+ {
649
+ "reason": "For this tmp vpc we do not need flow logs",
650
+ "id": "AwsSolutions-VPC7"
651
+ }
652
+ ]
653
+ }
654
+ }
655
+ },
656
+ "IntegVSCodeServervpcIGW960F6D83": {
657
+ "Type": "AWS::EC2::InternetGateway",
658
+ "Properties": {
659
+ "Tags": [
660
+ {
661
+ "Key": "app",
662
+ "Value": "vscode-server"
663
+ },
664
+ {
665
+ "Key": "IntegTest",
666
+ "Value": "True"
667
+ },
668
+ {
669
+ "Key": "Name",
670
+ "Value": "IntegTestStackStopOnIdle/IntegVSCodeServer/vpc"
671
+ },
672
+ {
673
+ "Key": "TestType",
674
+ "Value": "StopOnIdle"
675
+ }
676
+ ]
677
+ },
678
+ "Metadata": {
679
+ "cdk_nag": {
680
+ "rules_to_suppress": [
681
+ {
682
+ "reason": "For this tmp vpc we do not need flow logs",
683
+ "id": "AwsSolutions-VPC7"
684
+ }
685
+ ]
686
+ }
687
+ }
688
+ },
689
+ "IntegVSCodeServervpcVPCGWA7CDED90": {
690
+ "Type": "AWS::EC2::VPCGatewayAttachment",
691
+ "Properties": {
692
+ "InternetGatewayId": {
693
+ "Ref": "IntegVSCodeServervpcIGW960F6D83"
694
+ },
695
+ "VpcId": {
696
+ "Ref": "IntegVSCodeServervpc93DDE887"
697
+ }
698
+ },
699
+ "Metadata": {
700
+ "cdk_nag": {
701
+ "rules_to_suppress": [
702
+ {
703
+ "reason": "For this tmp vpc we do not need flow logs",
704
+ "id": "AwsSolutions-VPC7"
705
+ }
706
+ ]
707
+ }
708
+ }
709
+ },
710
+ "IntegVSCodeServervpcRestrictDefaultSecurityGroupCustomResourceF6EA8ED1": {
711
+ "Type": "Custom::VpcRestrictDefaultSG",
712
+ "Properties": {
713
+ "ServiceToken": {
714
+ "Fn::GetAtt": [
715
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
716
+ "Arn"
717
+ ]
718
+ },
719
+ "DefaultSecurityGroupId": {
720
+ "Fn::GetAtt": [
721
+ "IntegVSCodeServervpc93DDE887",
722
+ "DefaultSecurityGroup"
723
+ ]
724
+ },
725
+ "Account": {
726
+ "Ref": "AWS::AccountId"
727
+ }
728
+ },
729
+ "UpdateReplacePolicy": "Delete",
730
+ "DeletionPolicy": "Delete",
731
+ "Metadata": {
732
+ "cdk_nag": {
733
+ "rules_to_suppress": [
734
+ {
735
+ "reason": "For this tmp vpc we do not need flow logs",
736
+ "id": "AwsSolutions-VPC7"
737
+ }
738
+ ]
739
+ }
740
+ }
741
+ },
742
+ "IntegVSCodeServercftoserversgFFE586B0": {
743
+ "Type": "AWS::EC2::SecurityGroup",
744
+ "Properties": {
745
+ "GroupDescription": "SG for VSCodeServer - only allow CloudFront ingress",
746
+ "GroupName": "cloudfront-to-vscode-server",
747
+ "SecurityGroupEgress": [
748
+ {
749
+ "CidrIp": "0.0.0.0/0",
750
+ "Description": "Allow all outbound traffic by default",
751
+ "IpProtocol": "-1"
752
+ }
753
+ ],
754
+ "Tags": [
755
+ {
756
+ "Key": "app",
757
+ "Value": "vscode-server"
758
+ },
759
+ {
760
+ "Key": "IntegTest",
761
+ "Value": "True"
762
+ },
763
+ {
764
+ "Key": "TestType",
765
+ "Value": "StopOnIdle"
766
+ }
767
+ ],
768
+ "VpcId": {
769
+ "Ref": "IntegVSCodeServervpc93DDE887"
770
+ }
771
+ }
772
+ },
773
+ "IntegVSCodeServercftoserversgfromIndirectPeer80C4F51713": {
774
+ "Type": "AWS::EC2::SecurityGroupIngress",
775
+ "Properties": {
776
+ "Description": "Allow HTTP from com.amazonaws.global.cloudfront.origin-facing",
777
+ "FromPort": 80,
778
+ "GroupId": {
779
+ "Fn::GetAtt": [
780
+ "IntegVSCodeServercftoserversgFFE586B0",
781
+ "GroupId"
782
+ ]
783
+ },
784
+ "IpProtocol": "tcp",
785
+ "SourcePrefixListId": {
786
+ "Fn::GetAtt": [
787
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdF0821FFC",
788
+ "PrefixLists.0.PrefixListId"
789
+ ]
790
+ },
791
+ "ToPort": 80
792
+ }
793
+ },
794
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdLogGroup171C2803": {
795
+ "Type": "AWS::Logs::LogGroup",
796
+ "Properties": {
797
+ "RetentionInDays": 1,
798
+ "Tags": [
799
+ {
800
+ "Key": "app",
801
+ "Value": "vscode-server"
802
+ },
803
+ {
804
+ "Key": "IntegTest",
805
+ "Value": "True"
806
+ },
807
+ {
808
+ "Key": "TestType",
809
+ "Value": "StopOnIdle"
810
+ }
811
+ ]
812
+ },
813
+ "UpdateReplacePolicy": "Delete",
814
+ "DeletionPolicy": "Delete",
815
+ "Metadata": {
816
+ "cdk_nag": {
817
+ "rules_to_suppress": [
818
+ {
819
+ "reason": "For this provider wildcards are fine",
820
+ "id": "AwsSolutions-IAM5"
821
+ }
822
+ ]
823
+ }
824
+ }
825
+ },
826
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1": {
827
+ "Type": "AWS::IAM::Role",
828
+ "Properties": {
829
+ "AssumeRolePolicyDocument": {
830
+ "Statement": [
831
+ {
832
+ "Action": "sts:AssumeRole",
833
+ "Effect": "Allow",
834
+ "Principal": {
835
+ "Service": "lambda.amazonaws.com"
836
+ }
837
+ }
838
+ ],
839
+ "Version": "2012-10-17"
840
+ }
841
+ },
842
+ "Metadata": {
843
+ "cdk_nag": {
844
+ "rules_to_suppress": [
845
+ {
846
+ "reason": "For this provider wildcards are fine",
847
+ "id": "AwsSolutions-IAM5"
848
+ }
849
+ ]
850
+ }
851
+ }
852
+ },
853
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdF0821FFC": {
854
+ "Type": "Custom::AWS",
855
+ "Properties": {
856
+ "ServiceToken": {
857
+ "Fn::GetAtt": [
858
+ "AWS679f53fac002430cb0da5b7982bd22872D164C4C",
859
+ "Arn"
860
+ ]
861
+ },
862
+ "Create": "{\"service\":\"@aws-sdk/client-ec2\",\"action\":\"DescribeManagedPrefixListsCommand\",\"parameters\":{\"Filters\":[{\"Name\":\"prefix-list-name\",\"Values\":[\"com.amazonaws.global.cloudfront.origin-facing\"]}]},\"physicalResourceId\":{\"id\":\"cf-prefixlistId-c823fd194a4e8e22\"}}",
863
+ "Update": "{\"service\":\"@aws-sdk/client-ec2\",\"action\":\"DescribeManagedPrefixListsCommand\",\"parameters\":{\"Filters\":[{\"Name\":\"prefix-list-name\",\"Values\":[\"com.amazonaws.global.cloudfront.origin-facing\"]}]},\"physicalResourceId\":{\"id\":\"cf-prefixlistId-c823fd194a4e8e22\"}}",
864
+ "InstallLatestAwsSdk": false
865
+ },
866
+ "DependsOn": [
867
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdCustomResourcePolicyAB3F4958"
868
+ ],
869
+ "UpdateReplacePolicy": "Delete",
870
+ "DeletionPolicy": "Delete",
871
+ "Metadata": {
872
+ "cdk_nag": {
873
+ "rules_to_suppress": [
874
+ {
875
+ "reason": "For this provider wildcards are fine",
876
+ "id": "AwsSolutions-IAM5"
877
+ }
878
+ ]
879
+ }
880
+ }
881
+ },
882
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdCustomResourcePolicyAB3F4958": {
883
+ "Type": "AWS::IAM::Policy",
884
+ "Properties": {
885
+ "PolicyDocument": {
886
+ "Statement": [
887
+ {
888
+ "Action": "ec2:DescribeManagedPrefixLists",
889
+ "Effect": "Allow",
890
+ "Resource": "*"
891
+ }
892
+ ],
893
+ "Version": "2012-10-17"
894
+ },
895
+ "PolicyName": "IntegVSCodeServercfprefixlistIdGetPrefixListIdCustomResourcePolicyAB3F4958",
896
+ "Roles": [
897
+ {
898
+ "Ref": "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1"
899
+ }
900
+ ]
901
+ },
902
+ "Metadata": {
903
+ "cdk_nag": {
904
+ "rules_to_suppress": [
905
+ {
906
+ "reason": "For this provider wildcards are fine",
907
+ "id": "AwsSolutions-IAM5"
908
+ }
909
+ ]
910
+ }
911
+ }
912
+ },
913
+ "IntegVSCodeServerserverinstancerole7745B5BB": {
914
+ "Type": "AWS::IAM::Role",
915
+ "Properties": {
916
+ "AssumeRolePolicyDocument": {
917
+ "Statement": [
918
+ {
919
+ "Action": "sts:AssumeRole",
920
+ "Effect": "Allow",
921
+ "Principal": {
922
+ "Service": [
923
+ "ec2.amazonaws.com",
924
+ "ssm.amazonaws.com"
925
+ ]
926
+ }
927
+ }
928
+ ],
929
+ "Version": "2012-10-17"
930
+ },
931
+ "ManagedPolicyArns": [
932
+ {
933
+ "Fn::Join": [
934
+ "",
935
+ [
936
+ "arn:",
937
+ {
938
+ "Ref": "AWS::Partition"
939
+ },
940
+ ":iam::aws:policy/AmazonSSMManagedInstanceCore"
941
+ ]
942
+ ]
943
+ },
944
+ {
945
+ "Fn::Join": [
946
+ "",
947
+ [
948
+ "arn:",
949
+ {
950
+ "Ref": "AWS::Partition"
951
+ },
952
+ ":iam::aws:policy/CloudWatchAgentServerPolicy"
953
+ ]
954
+ ]
955
+ },
956
+ {
957
+ "Fn::Join": [
958
+ "",
959
+ [
960
+ "arn:",
961
+ {
962
+ "Ref": "AWS::Partition"
963
+ },
964
+ ":iam::aws:policy/AmazonQDeveloperAccess"
965
+ ]
966
+ ]
967
+ },
968
+ {
969
+ "Fn::Join": [
970
+ "",
971
+ [
972
+ "arn:",
973
+ {
974
+ "Ref": "AWS::Partition"
975
+ },
976
+ ":iam::aws:policy/ReadOnlyAccess"
977
+ ]
978
+ ]
979
+ }
980
+ ],
981
+ "Policies": [
982
+ {
983
+ "PolicyDocument": {
984
+ "Statement": [
985
+ {
986
+ "Action": [
987
+ "iam:AddRoleToInstanceProfile",
988
+ "iam:AttachRolePolicy",
989
+ "iam:CreateRole",
990
+ "iam:CreateServiceLinkedRole",
991
+ "iam:DeleteRole",
992
+ "iam:DeleteRolePermissionsBoundary",
993
+ "iam:DeleteRolePolicy",
994
+ "iam:DeleteServiceLinkedRole",
995
+ "iam:DetachRolePolicy",
996
+ "iam:GetRole",
997
+ "iam:GetRolePolicy",
998
+ "iam:GetServiceLinkedRoleDeletionStatus",
999
+ "iam:ListAttachedRolePolicies",
1000
+ "iam:ListInstanceProfilesForRole",
1001
+ "iam:ListRolePolicies",
1002
+ "iam:ListRoleTags",
1003
+ "iam:ListRoles",
1004
+ "iam:PutRolePermissionsBoundary",
1005
+ "iam:PutRolePolicy",
1006
+ "iam:RemoveRoleFromInstanceProfile",
1007
+ "iam:TagRole",
1008
+ "iam:UntagRole",
1009
+ "iam:UpdateAssumeRolePolicy",
1010
+ "iam:UpdateRole",
1011
+ "iam:UpdateRoleDescription",
1012
+ "sts:AssumeRole"
1013
+ ],
1014
+ "Effect": "Allow",
1015
+ "Resource": {
1016
+ "Fn::Join": [
1017
+ "",
1018
+ [
1019
+ "arn:aws:iam::",
1020
+ {
1021
+ "Ref": "AWS::AccountId"
1022
+ },
1023
+ ":role/cdk-*"
1024
+ ]
1025
+ ]
1026
+ },
1027
+ "Sid": "StsAccess"
1028
+ },
1029
+ {
1030
+ "Action": "iam:PassRole",
1031
+ "Condition": {
1032
+ "StringLike": {
1033
+ "iam:PassedToService": "cloudformation.amazonaws.com"
1034
+ }
1035
+ },
1036
+ "Effect": "Allow",
1037
+ "Resource": {
1038
+ "Fn::Join": [
1039
+ "",
1040
+ [
1041
+ "arn:aws:iam::",
1042
+ {
1043
+ "Ref": "AWS::AccountId"
1044
+ },
1045
+ ":role/cdk-*"
1046
+ ]
1047
+ ]
1048
+ }
1049
+ },
1050
+ {
1051
+ "Action": "cloudformation:*",
1052
+ "Effect": "Allow",
1053
+ "Resource": {
1054
+ "Fn::Join": [
1055
+ "",
1056
+ [
1057
+ "arn:aws:cloudformation:*:",
1058
+ {
1059
+ "Ref": "AWS::AccountId"
1060
+ },
1061
+ ":stack/CDKToolkit/*"
1062
+ ]
1063
+ ]
1064
+ }
1065
+ },
1066
+ {
1067
+ "Action": [
1068
+ "cloudformation:CreateChangeSet",
1069
+ "cloudformation:DeleteChangeSet",
1070
+ "cloudformation:ExecuteChangeSet",
1071
+ "ec2:DescribeInstances",
1072
+ "ec2:DescribeVolumesModifications*",
1073
+ "ec2:ModifyVolume"
1074
+ ],
1075
+ "Effect": "Allow",
1076
+ "Resource": "*"
1077
+ },
1078
+ {
1079
+ "Action": "s3:*",
1080
+ "Effect": "Allow",
1081
+ "Resource": "*",
1082
+ "Sid": "S3Access"
1083
+ },
1084
+ {
1085
+ "Action": [
1086
+ "ecr:CreateRepository",
1087
+ "ecr:DeleteRepository",
1088
+ "ecr:DescribeRepositories",
1089
+ "ecr:GetLifecyclePolicy",
1090
+ "ecr:PutImageScanningConfiguration",
1091
+ "ecr:PutLifecyclePolicy",
1092
+ "ecr:SetRepositoryPolicy"
1093
+ ],
1094
+ "Effect": "Allow",
1095
+ "Resource": {
1096
+ "Fn::Join": [
1097
+ "",
1098
+ [
1099
+ "arn:aws:ecr:*:",
1100
+ {
1101
+ "Ref": "AWS::AccountId"
1102
+ },
1103
+ ":repository/cdk-*"
1104
+ ]
1105
+ ]
1106
+ },
1107
+ "Sid": "ECRAccess"
1108
+ },
1109
+ {
1110
+ "Action": [
1111
+ "ssm:DeleteParameter*",
1112
+ "ssm:GetParameter*",
1113
+ "ssm:PutParameter*"
1114
+ ],
1115
+ "Effect": "Allow",
1116
+ "Resource": {
1117
+ "Fn::Join": [
1118
+ "",
1119
+ [
1120
+ "arn:aws:ssm:*:",
1121
+ {
1122
+ "Ref": "AWS::AccountId"
1123
+ },
1124
+ ":parameter/cdk-bootstrap/*"
1125
+ ]
1126
+ ]
1127
+ }
1128
+ },
1129
+ {
1130
+ "Action": [
1131
+ "codepipeline:DisableStageTransition",
1132
+ "codepipeline:EnableStageTransition",
1133
+ "codepipeline:StartPipelineExecution",
1134
+ "codepipeline:StopPipelineExecution",
1135
+ "codepipeline:UpdatePipeline"
1136
+ ],
1137
+ "Effect": "Allow",
1138
+ "Resource": {
1139
+ "Fn::Join": [
1140
+ "",
1141
+ [
1142
+ "arn:aws:codepipeline:*:",
1143
+ {
1144
+ "Ref": "AWS::AccountId"
1145
+ },
1146
+ ":*/*"
1147
+ ]
1148
+ ]
1149
+ }
1150
+ },
1151
+ {
1152
+ "Action": "kms:Decrypt",
1153
+ "Effect": "Allow",
1154
+ "Resource": {
1155
+ "Fn::Join": [
1156
+ "",
1157
+ [
1158
+ "arn:aws:kms:*:",
1159
+ {
1160
+ "Ref": "AWS::AccountId"
1161
+ },
1162
+ ":key/*"
1163
+ ]
1164
+ ]
1165
+ }
1166
+ }
1167
+ ],
1168
+ "Version": "2012-10-17"
1169
+ },
1170
+ "PolicyName": "VSCodeInstanceInlinePolicy"
1171
+ }
1172
+ ]
1173
+ },
1174
+ "Metadata": {
1175
+ "cdk_nag": {
1176
+ "rules_to_suppress": [
1177
+ {
1178
+ "reason": "For this tmp role we do not need to restrict managed policies",
1179
+ "id": "AwsSolutions-IAM4"
1180
+ },
1181
+ {
1182
+ "reason": "For this tmp role the wildcards are fine",
1183
+ "id": "AwsSolutions-IAM5"
1184
+ }
1185
+ ]
1186
+ }
1187
+ }
1188
+ },
1189
+ "IntegVSCodeServerserverinstanceInstanceProfile6130979E": {
1190
+ "Type": "AWS::IAM::InstanceProfile",
1191
+ "Properties": {
1192
+ "Roles": [
1193
+ {
1194
+ "Ref": "IntegVSCodeServerserverinstancerole7745B5BB"
1195
+ }
1196
+ ]
1197
+ },
1198
+ "Metadata": {
1199
+ "cdk_nag": {
1200
+ "rules_to_suppress": [
1201
+ {
1202
+ "reason": "For this tmp instance we do not need an asg",
1203
+ "id": "AwsSolutions-EC29"
1204
+ }
1205
+ ]
1206
+ }
1207
+ }
1208
+ },
1209
+ "IntegVSCodeServerserverinstance0A3D62D7": {
1210
+ "Type": "AWS::EC2::Instance",
1211
+ "Properties": {
1212
+ "AvailabilityZone": {
1213
+ "Fn::Select": [
1214
+ 0,
1215
+ {
1216
+ "Fn::GetAZs": ""
1217
+ }
1218
+ ]
1219
+ },
1220
+ "BlockDeviceMappings": [
1221
+ {
1222
+ "DeviceName": "/dev/sda1",
1223
+ "Ebs": {
1224
+ "DeleteOnTermination": true,
1225
+ "Encrypted": true,
1226
+ "VolumeSize": 8,
1227
+ "VolumeType": "gp3"
1228
+ }
1229
+ }
1230
+ ],
1231
+ "IamInstanceProfile": {
1232
+ "Ref": "IntegVSCodeServerserverinstanceInstanceProfile6130979E"
1233
+ },
1234
+ "ImageId": {
1235
+ "Ref": "SsmParameterValueawsservicecanonicalubuntuserverjammystablecurrentarm64hvmebsgp2amiidC96584B6F00A464EAD1953AFF4B05118Parameter"
1236
+ },
1237
+ "InstanceType": "t4g.large",
1238
+ "LaunchTemplate": {
1239
+ "LaunchTemplateName": "IntegTestStackStopOnIdleIntegVSCodeServerserverinstanceLaunchTemplateD9ABA365",
1240
+ "Version": {
1241
+ "Fn::GetAtt": [
1242
+ "IntegVSCodeServerserverinstanceLaunchTemplate43932ED3",
1243
+ "LatestVersionNumber"
1244
+ ]
1245
+ }
1246
+ },
1247
+ "Monitoring": true,
1248
+ "NetworkInterfaces": [
1249
+ {
1250
+ "AssociatePublicIpAddress": true,
1251
+ "DeviceIndex": "0",
1252
+ "GroupSet": [
1253
+ {
1254
+ "Fn::GetAtt": [
1255
+ "IntegVSCodeServercftoserversgFFE586B0",
1256
+ "GroupId"
1257
+ ]
1258
+ }
1259
+ ],
1260
+ "SubnetId": {
1261
+ "Ref": "IntegVSCodeServervpcpublicSubnet1Subnet928029A1"
1262
+ }
1263
+ }
1264
+ ],
1265
+ "Tags": [
1266
+ {
1267
+ "Key": "app",
1268
+ "Value": "vscode-server"
1269
+ },
1270
+ {
1271
+ "Key": "IntegTest",
1272
+ "Value": "True"
1273
+ },
1274
+ {
1275
+ "Key": "Name",
1276
+ "Value": "VSCodeServer"
1277
+ },
1278
+ {
1279
+ "Key": "TestType",
1280
+ "Value": "StopOnIdle"
1281
+ }
1282
+ ],
1283
+ "UserData": {
1284
+ "Fn::Base64": "\n #cloud-config\n hostname: VSCodeServer\n runcmd:\n - mkdir -p /Workshop && chown -R participant:participant /Workshop\n "
1285
+ }
1286
+ },
1287
+ "DependsOn": [
1288
+ "IntegVSCodeServerserverinstancerole7745B5BB",
1289
+ "IntegVSCodeServervpcpublicSubnet1DefaultRoute36845B30",
1290
+ "IntegVSCodeServervpcpublicSubnet1RouteTableAssociation599AB80D",
1291
+ "IntegVSCodeServervpcpublicSubnet2DefaultRouteEAD8BC23",
1292
+ "IntegVSCodeServervpcpublicSubnet2RouteTableAssociationC62A1999"
1293
+ ],
1294
+ "Metadata": {
1295
+ "cdk_nag": {
1296
+ "rules_to_suppress": [
1297
+ {
1298
+ "reason": "For this tmp instance we do not need an asg",
1299
+ "id": "AwsSolutions-EC29"
1300
+ }
1301
+ ]
1302
+ }
1303
+ }
1304
+ },
1305
+ "IntegVSCodeServerserverinstanceLaunchTemplate43932ED3": {
1306
+ "Type": "AWS::EC2::LaunchTemplate",
1307
+ "Properties": {
1308
+ "LaunchTemplateData": {
1309
+ "MetadataOptions": {
1310
+ "HttpTokens": "required"
1311
+ }
1312
+ },
1313
+ "LaunchTemplateName": "IntegTestStackStopOnIdleIntegVSCodeServerserverinstanceLaunchTemplateD9ABA365"
1314
+ }
1315
+ },
1316
+ "IntegVSCodeServerelasticip31D48F71": {
1317
+ "Type": "AWS::EC2::EIP",
1318
+ "Properties": {
1319
+ "Domain": "vpc",
1320
+ "Tags": [
1321
+ {
1322
+ "Key": "app",
1323
+ "Value": "vscode-server"
1324
+ },
1325
+ {
1326
+ "Key": "IntegTest",
1327
+ "Value": "True"
1328
+ },
1329
+ {
1330
+ "Key": "Name",
1331
+ "Value": "VSCodeServer-EIP"
1332
+ },
1333
+ {
1334
+ "Key": "TestType",
1335
+ "Value": "StopOnIdle"
1336
+ }
1337
+ ]
1338
+ },
1339
+ "Metadata": {
1340
+ "cdk_nag": {
1341
+ "rules_to_suppress": [
1342
+ {
1343
+ "reason": "Elastic IP required for consistent public IP across stop/start cycles when auto-stop is enabled",
1344
+ "id": "AwsSolutions-EC23"
1345
+ }
1346
+ ]
1347
+ }
1348
+ }
1349
+ },
1350
+ "IntegVSCodeServereipassociation2A6D7D5A": {
1351
+ "Type": "AWS::EC2::EIPAssociation",
1352
+ "Properties": {
1353
+ "EIP": {
1354
+ "Ref": "IntegVSCodeServerelasticip31D48F71"
1355
+ },
1356
+ "InstanceId": {
1357
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
1358
+ }
1359
+ }
1360
+ },
1361
+ "IntegVSCodeServercfcachepolicy8F5F1F69": {
1362
+ "Type": "AWS::CloudFront::CachePolicy",
1363
+ "Properties": {
1364
+ "CachePolicyConfig": {
1365
+ "Comment": "Cache policy for VSCodeServer",
1366
+ "DefaultTTL": 86400,
1367
+ "MaxTTL": 31536000,
1368
+ "MinTTL": 1,
1369
+ "Name": "cf-cache-policy-vscodeserver-IntegTestStackStopOnIdle",
1370
+ "ParametersInCacheKeyAndForwardedToOrigin": {
1371
+ "CookiesConfig": {
1372
+ "CookieBehavior": "all"
1373
+ },
1374
+ "EnableAcceptEncodingBrotli": false,
1375
+ "EnableAcceptEncodingGzip": false,
1376
+ "HeadersConfig": {
1377
+ "HeaderBehavior": "whitelist",
1378
+ "Headers": [
1379
+ "Accept-Charset",
1380
+ "Authorization",
1381
+ "Origin",
1382
+ "Accept",
1383
+ "Referer",
1384
+ "Host",
1385
+ "Accept-Language",
1386
+ "Accept-Encoding",
1387
+ "Accept-Datetime"
1388
+ ]
1389
+ },
1390
+ "QueryStringsConfig": {
1391
+ "QueryStringBehavior": "all"
1392
+ }
1393
+ }
1394
+ }
1395
+ }
1396
+ },
1397
+ "IntegVSCodeServercfdistributionFDBE873F": {
1398
+ "Type": "AWS::CloudFront::Distribution",
1399
+ "Properties": {
1400
+ "DistributionConfig": {
1401
+ "CacheBehaviors": [
1402
+ {
1403
+ "AllowedMethods": [
1404
+ "GET",
1405
+ "HEAD",
1406
+ "OPTIONS",
1407
+ "PUT",
1408
+ "PATCH",
1409
+ "POST",
1410
+ "DELETE"
1411
+ ],
1412
+ "CachePolicyId": "4135ea2d-6df8-44a3-9df3-4b5a84be39ad",
1413
+ "Compress": false,
1414
+ "OriginRequestPolicyId": "216adef6-5c7f-47e4-b989-5492eafa07d3",
1415
+ "PathPattern": "/proxy/*",
1416
+ "TargetOriginId": "Cloudfront-IntegTestStackStopOnIdle-IntegTestStackStopOnIdle",
1417
+ "ViewerProtocolPolicy": "allow-all"
1418
+ }
1419
+ ],
1420
+ "Comment": "Distribution for VSCodeServer",
1421
+ "DefaultCacheBehavior": {
1422
+ "AllowedMethods": [
1423
+ "GET",
1424
+ "HEAD",
1425
+ "OPTIONS",
1426
+ "PUT",
1427
+ "PATCH",
1428
+ "POST",
1429
+ "DELETE"
1430
+ ],
1431
+ "CachePolicyId": {
1432
+ "Ref": "IntegVSCodeServercfcachepolicy8F5F1F69"
1433
+ },
1434
+ "Compress": true,
1435
+ "OriginRequestPolicyId": "216adef6-5c7f-47e4-b989-5492eafa07d3",
1436
+ "TargetOriginId": "Cloudfront-IntegTestStackStopOnIdle-IntegTestStackStopOnIdle",
1437
+ "ViewerProtocolPolicy": "allow-all"
1438
+ },
1439
+ "Enabled": true,
1440
+ "HttpVersion": "http2and3",
1441
+ "IPV6Enabled": true,
1442
+ "Origins": [
1443
+ {
1444
+ "CustomOriginConfig": {
1445
+ "OriginProtocolPolicy": "http-only",
1446
+ "OriginSSLProtocols": [
1447
+ "TLSv1.2"
1448
+ ]
1449
+ },
1450
+ "DomainName": {
1451
+ "Fn::Join": [
1452
+ "",
1453
+ [
1454
+ "ec2-",
1455
+ {
1456
+ "Fn::Join": [
1457
+ "-",
1458
+ {
1459
+ "Fn::Split": [
1460
+ ".",
1461
+ {
1462
+ "Fn::GetAtt": [
1463
+ "IntegVSCodeServerelasticip31D48F71",
1464
+ "PublicIp"
1465
+ ]
1466
+ }
1467
+ ]
1468
+ }
1469
+ ]
1470
+ },
1471
+ ".",
1472
+ {
1473
+ "Ref": "AWS::Region"
1474
+ },
1475
+ ".compute.amazonaws.com"
1476
+ ]
1477
+ ]
1478
+ },
1479
+ "Id": "Cloudfront-IntegTestStackStopOnIdle-IntegTestStackStopOnIdle"
1480
+ }
1481
+ ],
1482
+ "PriceClass": "PriceClass_All"
1483
+ },
1484
+ "Tags": [
1485
+ {
1486
+ "Key": "app",
1487
+ "Value": "vscode-server"
1488
+ },
1489
+ {
1490
+ "Key": "IntegTest",
1491
+ "Value": "True"
1492
+ },
1493
+ {
1494
+ "Key": "TestType",
1495
+ "Value": "StopOnIdle"
1496
+ }
1497
+ ]
1498
+ },
1499
+ "Metadata": {
1500
+ "cdk_nag": {
1501
+ "rules_to_suppress": [
1502
+ {
1503
+ "reason": "For this tmp distribution we do not need geo restrictions",
1504
+ "id": "AwsSolutions-CFR1"
1505
+ },
1506
+ {
1507
+ "reason": "For this tmp distribution we do not need waf integration",
1508
+ "id": "AwsSolutions-CFR2"
1509
+ },
1510
+ {
1511
+ "reason": "For this tmp distribution we do not need access logging enabled",
1512
+ "id": "AwsSolutions-CFR3"
1513
+ },
1514
+ {
1515
+ "reason": "For this tmp distribution we do not need limit SSL protocols as we use the default viewer cert",
1516
+ "id": "AwsSolutions-CFR4"
1517
+ },
1518
+ {
1519
+ "reason": "For this tmp distribution we do not need limit SSL protocols as we use the default viewer cert",
1520
+ "id": "AwsSolutions-CFR5"
1521
+ }
1522
+ ]
1523
+ }
1524
+ }
1525
+ },
1526
+ "IntegVSCodeServerssmdocumentubuntuED32BACB": {
1527
+ "Type": "AWS::SSM::Document",
1528
+ "Properties": {
1529
+ "Content": {
1530
+ "schemaVersion": "2.2",
1531
+ "description": "Bootstrap VSCode code-server instance",
1532
+ "parameters": {
1533
+ "VSCodePassword": {
1534
+ "type": "String",
1535
+ "default": {
1536
+ "Ref": "AWS::StackId"
1537
+ }
1538
+ },
1539
+ "NodeVersion": {
1540
+ "type": "String",
1541
+ "default": "20",
1542
+ "allowedValues": [
1543
+ "22",
1544
+ "20",
1545
+ "18"
1546
+ ]
1547
+ },
1548
+ "DotNetVersion": {
1549
+ "type": "String",
1550
+ "default": "8.0",
1551
+ "allowedValues": [
1552
+ "8.0",
1553
+ "7.0"
1554
+ ]
1555
+ }
1556
+ },
1557
+ "mainSteps": [
1558
+ {
1559
+ "action": "aws:configurePackage",
1560
+ "name": "InstallCloudWatchAgent",
1561
+ "inputs": {
1562
+ "name": "AmazonCloudWatchAgent",
1563
+ "action": "Install"
1564
+ }
1565
+ },
1566
+ {
1567
+ "action": "aws:runDocument",
1568
+ "name": "ConfigureCloudWatchAgent",
1569
+ "inputs": {
1570
+ "documentType": "SSMDocument",
1571
+ "documentPath": "AmazonCloudWatch-ManageAgent",
1572
+ "documentParameters": {
1573
+ "action": "configure",
1574
+ "mode": "ec2",
1575
+ "optionalConfigurationSource": "default",
1576
+ "optionalRestart": "yes"
1577
+ }
1578
+ }
1579
+ },
1580
+ {
1581
+ "action": "aws:runShellScript",
1582
+ "name": "InstallAptPackagesApt",
1583
+ "inputs": {
1584
+ "runCommand": [
1585
+ "#!/bin/bash",
1586
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q apt-utils",
1587
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q needrestart unattended-upgrades",
1588
+ "sed -i 's/#$nrconf{kernelhints} = -1;/$nrconf{kernelhints} = 0;/' /etc/needrestart/needrestart.conf",
1589
+ "sed -i 's/#$nrconf{verbosity} = 2;/$nrconf{verbosity} = 0;/' /etc/needrestart/needrestart.conf",
1590
+ "sed -i \"s/#$nrconf{restart} = 'i';/$nrconf{restart} = 'a';/\" /etc/needrestart/needrestart.conf",
1591
+ "echo \"Apt helper packages added. Checking configuration\"",
1592
+ "cat /etc/needrestart/needrestart.conf"
1593
+ ]
1594
+ }
1595
+ },
1596
+ {
1597
+ "action": "aws:runShellScript",
1598
+ "name": "InstallBasePackagesApt",
1599
+ "inputs": {
1600
+ "runCommand": [
1601
+ "#!/bin/bash",
1602
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl gnupg whois argon2 openssl locales locales-all unzip apt-transport-https ca-certificates software-properties-common nginx"
1603
+ ]
1604
+ }
1605
+ },
1606
+ {
1607
+ "action": "aws:runShellScript",
1608
+ "name": "AddUserApt",
1609
+ "inputs": {
1610
+ "runCommand": [
1611
+ "#!/bin/bash",
1612
+ "echo 'Adding user: ${VSCodeUser}'",
1613
+ "adduser --disabled-password --gecos '' participant",
1614
+ "echo \"participant:{{ VSCodePassword }}\" | chpasswd",
1615
+ "usermod -aG sudo participant",
1616
+ "tee /etc/sudoers.d/91-vscode-user <<EOF\nparticipant ALL=(ALL) NOPASSWD:ALL\nEOF",
1617
+ "mkdir -p /home/participant && chown -R participant:participant /home/participant",
1618
+ "echo \"User added. Checking configuration\"",
1619
+ "getent passwd participant"
1620
+ ]
1621
+ }
1622
+ },
1623
+ {
1624
+ "action": "aws:runShellScript",
1625
+ "name": "InstallNodeApt",
1626
+ "inputs": {
1627
+ "runCommand": [
1628
+ "#!/bin/bash",
1629
+ "curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg",
1630
+ "echo \"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ NodeVersion }}.x nodistro main\" > /etc/apt/sources.list.d/nodesource.list",
1631
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q nodejs",
1632
+ "npm install -g npm@latest",
1633
+ "echo \"Node and npm installed. Checking configuration\"",
1634
+ "node -v",
1635
+ "npm -v"
1636
+ ]
1637
+ }
1638
+ },
1639
+ {
1640
+ "action": "aws:runShellScript",
1641
+ "name": "InstallDockerApt",
1642
+ "inputs": {
1643
+ "runCommand": [
1644
+ "#!/bin/bash",
1645
+ "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg",
1646
+ "echo \"deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release --codename --short) stable\" > /etc/apt/sources.list.d/docker.list",
1647
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q docker-ce docker-ce-cli containerd.io",
1648
+ "systemctl restart code-server@participant.service",
1649
+ "systemctl start docker.service",
1650
+ "echo \"Docker installed. Checking configuration\"",
1651
+ "docker --version",
1652
+ "systemctl status docker.service"
1653
+ ]
1654
+ }
1655
+ },
1656
+ {
1657
+ "action": "aws:runShellScript",
1658
+ "name": "InstallGitApt",
1659
+ "inputs": {
1660
+ "runCommand": [
1661
+ "#!/bin/bash",
1662
+ "add-apt-repository ppa:git-core/ppa",
1663
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q git",
1664
+ "sudo -u participant git config --global user.email \"participant@example.com\"",
1665
+ "sudo -u participant git config --global user.name \"Workshop participant\"",
1666
+ "sudo -u participant git config --global init.defaultBranch \"main\"",
1667
+ "echo \"Git installed. Checking configuration\"",
1668
+ "git --version"
1669
+ ]
1670
+ }
1671
+ },
1672
+ {
1673
+ "action": "aws:runShellScript",
1674
+ "name": "InstallPythonApt",
1675
+ "inputs": {
1676
+ "runCommand": [
1677
+ "#!/bin/bash",
1678
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q python3-pip python3-venv python3-boto3 python3-pytest",
1679
+ "echo 'alias pytest=pytest-3' >> /home/participant/.bashrc",
1680
+ "systemctl restart code-server@participant.service",
1681
+ "systemctl start multipathd.service packagekit.service",
1682
+ "systemctl restart unattended-upgrades.service",
1683
+ "echo \"Python and Pip installed. Checking configuration\"",
1684
+ "python3 --version",
1685
+ "pip3 --version"
1686
+ ]
1687
+ }
1688
+ },
1689
+ {
1690
+ "action": "aws:runShellScript",
1691
+ "name": "InstallAWSCLI",
1692
+ "inputs": {
1693
+ "runCommand": [
1694
+ "#!/bin/bash",
1695
+ "curl -fsSL https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip -o /tmp/aws-cli.zip",
1696
+ "unzip -q -d /tmp /tmp/aws-cli.zip",
1697
+ "sudo /tmp/aws/install",
1698
+ "rm -rf /tmp/aws",
1699
+ "echo \"AWS CLI installed. Checking configuration\"",
1700
+ "aws --version"
1701
+ ]
1702
+ }
1703
+ },
1704
+ {
1705
+ "action": "aws:runShellScript",
1706
+ "name": "ConfigureCodeServer",
1707
+ "inputs": {
1708
+ "runCommand": [
1709
+ "#!/bin/bash",
1710
+ "export HOME=/home/participant",
1711
+ "curl -fsSL https://code-server.dev/install.sh | bash -s -- 2>&1",
1712
+ "systemctl enable --now code-server@participant 2>&1",
1713
+ "tee /etc/nginx/conf.d/code-server.conf <<EOF\nserver {\n listen 80;\n listen [::]:80;\n # server_name distribution.distributionDomainName;\n server_name *.cloudfront.net;\n location / {\n proxy_pass http://localhost:8080/;\n proxy_set_header Host \\$host;\n proxy_set_header Upgrade \\$http_upgrade;\n proxy_set_header Connection upgrade;\n proxy_set_header Accept-Encoding gzip;\n }\n location /app {\n proxy_pass http://localhost:8081/app;\n proxy_set_header Host \\$host;\n proxy_set_header Upgrade \\$http_upgrade;\n proxy_set_header Connection upgrade;\n proxy_set_header Accept-Encoding gzip;\n }\n}\nEOF",
1714
+ "mkdir -p /home/participant/.config/code-server",
1715
+ "tee /home/participant/.config/code-server/config.yaml <<EOF\ncert: false\nauth: password\nhashed-password: \"$(echo -n {{ VSCodePassword }} | argon2 $(openssl rand -base64 12) -e)\"\nEOF",
1716
+ "mkdir -p /home/participant/.local/share/code-server/User/",
1717
+ "touch /home/participant/.hushlogin",
1718
+ "mkdir -p /Workshop && chown -R participant:participant /Workshop",
1719
+ "tee /home/participant/.local/share/code-server/User/settings.json <<EOF\n{\n \"extensions.autoUpdate\": false,\n \"extensions.autoCheckUpdates\": false,\n \"telemetry.telemetryLevel\": \"off\",\n \"security.workspace.trust.startupPrompt\": \"never\",\n \"security.workspace.trust.enabled\": false,\n \"security.workspace.trust.banner\": \"never\",\n \"security.workspace.trust.emptyWindow\": false,\n \"python.testing.pytestEnabled\": true,\n \"auto-run-command.rules\": [\n {\n \"command\": \"workbench.action.terminal.new\"\n }\n ]\n}\nEOF",
1720
+ "chown -R participant:participant /home/participant",
1721
+ "systemctl restart code-server@participant",
1722
+ "systemctl restart nginx",
1723
+ "sudo -u participant --login code-server --install-extension AmazonWebServices.aws-toolkit-vscode --force",
1724
+ "sudo -u participant --login code-server --install-extension AmazonWebServices.amazon-q-vscode --force",
1725
+ "sudo -u participant --login code-server --install-extension synedra.auto-run-command --force",
1726
+ "sudo -u participant --login code-server --install-extension vscjava.vscode-java-pack --force",
1727
+ "sudo -u participant --login code-server --install-extension ms-vscode.live-server --force",
1728
+ "chown -R participant:participant /home/participant",
1729
+ "echo \"Nginx installed. Checking configuration\"",
1730
+ "nginx -t 2>&1",
1731
+ "systemctl status nginx",
1732
+ "echo \"CodeServer installed. Checking configuration\"",
1733
+ "code-server -v",
1734
+ "systemctl status code-server@participant"
1735
+ ]
1736
+ }
1737
+ },
1738
+ {
1739
+ "action": "aws:runShellScript",
1740
+ "name": "UpdateProfile",
1741
+ "inputs": {
1742
+ "runCommand": [
1743
+ "#!/bin/bash",
1744
+ "echo LANG=en_US.utf-8 >> /etc/environment",
1745
+ "echo LC_ALL=en_US.UTF-8 >> /etc/environment",
1746
+ "echo 'PATH=$PATH:/home/participant/.local/bin' >> /home/participant/.bashrc",
1747
+ "echo 'export PATH' >> /home/participant/.bashrc",
1748
+ {
1749
+ "Fn::Join": [
1750
+ "",
1751
+ [
1752
+ "echo 'export AWS_REGION=",
1753
+ {
1754
+ "Ref": "AWS::Region"
1755
+ },
1756
+ "' >> /home/participant/.bashrc"
1757
+ ]
1758
+ ]
1759
+ },
1760
+ {
1761
+ "Fn::Join": [
1762
+ "",
1763
+ [
1764
+ "echo 'export AWS_ACCOUNTID=",
1765
+ {
1766
+ "Ref": "AWS::AccountId"
1767
+ },
1768
+ "' >> /home/participant/.bashrc"
1769
+ ]
1770
+ ]
1771
+ },
1772
+ "echo 'export NEXT_TELEMETRY_DISABLED=1' >> /home/participant/.bashrc",
1773
+ "echo \"export PS1='\\[\\033[01;32m\\]\\u:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '\" >> /home/participant/.bashrc",
1774
+ "chown -R participant:participant /home/participant"
1775
+ ]
1776
+ }
1777
+ },
1778
+ {
1779
+ "action": "aws:runShellScript",
1780
+ "name": "InstallCDK",
1781
+ "inputs": {
1782
+ "runCommand": [
1783
+ "#!/bin/bash",
1784
+ "npm install -g aws-cdk",
1785
+ "echo \"AWS CDK installed. Checking configuration\"",
1786
+ "cdk --version"
1787
+ ]
1788
+ }
1789
+ }
1790
+ ]
1791
+ },
1792
+ "DocumentType": "Command",
1793
+ "Name": "vscode-server-ubuntu-IntegTestStackStopOnIdle",
1794
+ "Tags": [
1795
+ {
1796
+ "Key": "app",
1797
+ "Value": "vscode-server"
1798
+ },
1799
+ {
1800
+ "Key": "IntegTest",
1801
+ "Value": "True"
1802
+ },
1803
+ {
1804
+ "Key": "TestType",
1805
+ "Value": "StopOnIdle"
1806
+ }
1807
+ ]
1808
+ }
1809
+ },
1810
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF": {
1811
+ "Type": "AWS::IAM::Role",
1812
+ "Properties": {
1813
+ "AssumeRolePolicyDocument": {
1814
+ "Statement": [
1815
+ {
1816
+ "Action": "sts:AssumeRole",
1817
+ "Effect": "Allow",
1818
+ "Principal": {
1819
+ "Service": "lambda.amazonaws.com"
1820
+ }
1821
+ }
1822
+ ],
1823
+ "Version": "2012-10-17"
1824
+ },
1825
+ "ManagedPolicyArns": [
1826
+ {
1827
+ "Fn::Join": [
1828
+ "",
1829
+ [
1830
+ "arn:",
1831
+ {
1832
+ "Ref": "AWS::Partition"
1833
+ },
1834
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1835
+ ]
1836
+ ]
1837
+ }
1838
+ ]
1839
+ },
1840
+ "Metadata": {
1841
+ "cdk_nag": {
1842
+ "rules_to_suppress": [
1843
+ {
1844
+ "reason": "For this event handler we do not need to restrict managed policies",
1845
+ "id": "AwsSolutions-IAM4"
1846
+ },
1847
+ {
1848
+ "reason": "For this lambda the latest runtime is not needed",
1849
+ "id": "AwsSolutions-L1"
1850
+ }
1851
+ ]
1852
+ }
1853
+ }
1854
+ },
1855
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRoleDefaultPolicy1CAD86C2": {
1856
+ "Type": "AWS::IAM::Policy",
1857
+ "Properties": {
1858
+ "PolicyDocument": {
1859
+ "Statement": [
1860
+ {
1861
+ "Action": [
1862
+ "ssm:GetCommandInvocation",
1863
+ "ssm:ListCommandInvocations",
1864
+ "ssm:SendCommand"
1865
+ ],
1866
+ "Effect": "Allow",
1867
+ "Resource": [
1868
+ {
1869
+ "Fn::Join": [
1870
+ "",
1871
+ [
1872
+ "arn:",
1873
+ {
1874
+ "Ref": "AWS::Partition"
1875
+ },
1876
+ ":ec2:",
1877
+ {
1878
+ "Ref": "AWS::Region"
1879
+ },
1880
+ ":",
1881
+ {
1882
+ "Ref": "AWS::AccountId"
1883
+ },
1884
+ ":instance/",
1885
+ {
1886
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
1887
+ }
1888
+ ]
1889
+ ]
1890
+ },
1891
+ {
1892
+ "Fn::Join": [
1893
+ "",
1894
+ [
1895
+ "arn:",
1896
+ {
1897
+ "Ref": "AWS::Partition"
1898
+ },
1899
+ ":ssm:",
1900
+ {
1901
+ "Ref": "AWS::Region"
1902
+ },
1903
+ ":",
1904
+ {
1905
+ "Ref": "AWS::AccountId"
1906
+ },
1907
+ ":document/AmazonCloudWatch-ManageAgent"
1908
+ ]
1909
+ ]
1910
+ },
1911
+ {
1912
+ "Fn::Join": [
1913
+ "",
1914
+ [
1915
+ "arn:",
1916
+ {
1917
+ "Ref": "AWS::Partition"
1918
+ },
1919
+ ":ssm:",
1920
+ {
1921
+ "Ref": "AWS::Region"
1922
+ },
1923
+ ":",
1924
+ {
1925
+ "Ref": "AWS::AccountId"
1926
+ },
1927
+ ":document/vscode-server-ubuntu-IntegTestStackStopOnIdle"
1928
+ ]
1929
+ ]
1930
+ }
1931
+ ]
1932
+ }
1933
+ ],
1934
+ "Version": "2012-10-17"
1935
+ },
1936
+ "PolicyName": "IntegVSCodeServerInstallerOnEventHandlerServiceRoleDefaultPolicy1CAD86C2",
1937
+ "Roles": [
1938
+ {
1939
+ "Ref": "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF"
1940
+ }
1941
+ ]
1942
+ }
1943
+ },
1944
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542": {
1945
+ "Type": "AWS::Lambda::Function",
1946
+ "Properties": {
1947
+ "Code": {
1948
+ "S3Bucket": {
1949
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1950
+ },
1951
+ "S3Key": "33da23274e25bd9f43638c5d83dad26e3931cbe78d462ffd9a9f565e948b4f5f.zip"
1952
+ },
1953
+ "Description": "src/installer/installer.lambda.ts",
1954
+ "Handler": "index.handler",
1955
+ "MemorySize": 512,
1956
+ "Role": {
1957
+ "Fn::GetAtt": [
1958
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF",
1959
+ "Arn"
1960
+ ]
1961
+ },
1962
+ "Runtime": "nodejs20.x",
1963
+ "Timeout": 300
1964
+ },
1965
+ "DependsOn": [
1966
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRoleDefaultPolicy1CAD86C2",
1967
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF"
1968
+ ],
1969
+ "Metadata": {
1970
+ "cdk_nag": {
1971
+ "rules_to_suppress": [
1972
+ {
1973
+ "reason": "For this event handler we do not need to restrict managed policies",
1974
+ "id": "AwsSolutions-IAM4"
1975
+ },
1976
+ {
1977
+ "reason": "For this lambda the latest runtime is not needed",
1978
+ "id": "AwsSolutions-L1"
1979
+ }
1980
+ ]
1981
+ }
1982
+ }
1983
+ },
1984
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F": {
1985
+ "Type": "AWS::IAM::Role",
1986
+ "Properties": {
1987
+ "AssumeRolePolicyDocument": {
1988
+ "Statement": [
1989
+ {
1990
+ "Action": "sts:AssumeRole",
1991
+ "Effect": "Allow",
1992
+ "Principal": {
1993
+ "Service": "lambda.amazonaws.com"
1994
+ }
1995
+ }
1996
+ ],
1997
+ "Version": "2012-10-17"
1998
+ },
1999
+ "ManagedPolicyArns": [
2000
+ {
2001
+ "Fn::Join": [
2002
+ "",
2003
+ [
2004
+ "arn:",
2005
+ {
2006
+ "Ref": "AWS::Partition"
2007
+ },
2008
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2009
+ ]
2010
+ ]
2011
+ }
2012
+ ]
2013
+ },
2014
+ "Metadata": {
2015
+ "cdk_nag": {
2016
+ "rules_to_suppress": [
2017
+ {
2018
+ "reason": "For this provider we do not need to restrict managed policies",
2019
+ "id": "AwsSolutions-IAM4"
2020
+ },
2021
+ {
2022
+ "reason": "For this provider wildcards are fine",
2023
+ "id": "AwsSolutions-IAM5"
2024
+ },
2025
+ {
2026
+ "reason": "For this provider the latest runtime is not needed",
2027
+ "id": "AwsSolutions-L1"
2028
+ }
2029
+ ]
2030
+ }
2031
+ }
2032
+ },
2033
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleDefaultPolicy3E54FC3A": {
2034
+ "Type": "AWS::IAM::Policy",
2035
+ "Properties": {
2036
+ "PolicyDocument": {
2037
+ "Statement": [
2038
+ {
2039
+ "Action": "lambda:InvokeFunction",
2040
+ "Effect": "Allow",
2041
+ "Resource": [
2042
+ {
2043
+ "Fn::GetAtt": [
2044
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2045
+ "Arn"
2046
+ ]
2047
+ },
2048
+ {
2049
+ "Fn::Join": [
2050
+ "",
2051
+ [
2052
+ {
2053
+ "Fn::GetAtt": [
2054
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2055
+ "Arn"
2056
+ ]
2057
+ },
2058
+ ":*"
2059
+ ]
2060
+ ]
2061
+ }
2062
+ ]
2063
+ },
2064
+ {
2065
+ "Action": "lambda:GetFunction",
2066
+ "Effect": "Allow",
2067
+ "Resource": {
2068
+ "Fn::GetAtt": [
2069
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2070
+ "Arn"
2071
+ ]
2072
+ }
2073
+ }
2074
+ ],
2075
+ "Version": "2012-10-17"
2076
+ },
2077
+ "PolicyName": "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleDefaultPolicy3E54FC3A",
2078
+ "Roles": [
2079
+ {
2080
+ "Ref": "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F"
2081
+ }
2082
+ ]
2083
+ },
2084
+ "Metadata": {
2085
+ "cdk_nag": {
2086
+ "rules_to_suppress": [
2087
+ {
2088
+ "reason": "For this provider we do not need to restrict managed policies",
2089
+ "id": "AwsSolutions-IAM4"
2090
+ },
2091
+ {
2092
+ "reason": "For this provider wildcards are fine",
2093
+ "id": "AwsSolutions-IAM5"
2094
+ },
2095
+ {
2096
+ "reason": "For this provider the latest runtime is not needed",
2097
+ "id": "AwsSolutions-L1"
2098
+ }
2099
+ ]
2100
+ }
2101
+ }
2102
+ },
2103
+ "IntegVSCodeServerInstallerProviderframeworkonEvent7B6C1190": {
2104
+ "Type": "AWS::Lambda::Function",
2105
+ "Properties": {
2106
+ "Code": {
2107
+ "S3Bucket": {
2108
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2109
+ },
2110
+ "S3Key": "bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"
2111
+ },
2112
+ "Description": "AWS CDK resource provider framework - onEvent (IntegTestStackStopOnIdle/IntegVSCodeServer/InstallerProvider)",
2113
+ "Environment": {
2114
+ "Variables": {
2115
+ "USER_ON_EVENT_FUNCTION_ARN": {
2116
+ "Fn::GetAtt": [
2117
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2118
+ "Arn"
2119
+ ]
2120
+ }
2121
+ }
2122
+ },
2123
+ "Handler": "framework.onEvent",
2124
+ "Role": {
2125
+ "Fn::GetAtt": [
2126
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F",
2127
+ "Arn"
2128
+ ]
2129
+ },
2130
+ "Runtime": {
2131
+ "Fn::FindInMap": [
2132
+ "LatestNodeRuntimeMap",
2133
+ {
2134
+ "Ref": "AWS::Region"
2135
+ },
2136
+ "value"
2137
+ ]
2138
+ },
2139
+ "Timeout": 900
2140
+ },
2141
+ "DependsOn": [
2142
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleDefaultPolicy3E54FC3A",
2143
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F"
2144
+ ],
2145
+ "Metadata": {
2146
+ "cdk_nag": {
2147
+ "rules_to_suppress": [
2148
+ {
2149
+ "reason": "For this provider we do not need to restrict managed policies",
2150
+ "id": "AwsSolutions-IAM4"
2151
+ },
2152
+ {
2153
+ "reason": "For this provider wildcards are fine",
2154
+ "id": "AwsSolutions-IAM5"
2155
+ },
2156
+ {
2157
+ "reason": "For this provider the latest runtime is not needed",
2158
+ "id": "AwsSolutions-L1"
2159
+ }
2160
+ ]
2161
+ }
2162
+ }
2163
+ },
2164
+ "IntegVSCodeServerSSMInstallerCustomResource9F9AFE68": {
2165
+ "Type": "AWS::CloudFormation::CustomResource",
2166
+ "Properties": {
2167
+ "ServiceToken": {
2168
+ "Fn::GetAtt": [
2169
+ "IntegVSCodeServerInstallerProviderframeworkonEvent7B6C1190",
2170
+ "Arn"
2171
+ ]
2172
+ },
2173
+ "ServiceTimeout": 305,
2174
+ "InstanceId": {
2175
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
2176
+ },
2177
+ "DocumentName": "vscode-server-ubuntu-IntegTestStackStopOnIdle",
2178
+ "CloudWatchLogGroupName": "/aws/ssm/vscode-server-ubuntu-IntegTestStackStopOnIdle",
2179
+ "VSCodePassword": {
2180
+ "Fn::GetAtt": [
2181
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD",
2182
+ "secretPasswordValue"
2183
+ ]
2184
+ }
2185
+ },
2186
+ "UpdateReplacePolicy": "Delete",
2187
+ "DeletionPolicy": "Delete"
2188
+ },
2189
+ "IntegVSCodeServerIdleMonitorFunctionServiceRoleC1088A0D": {
2190
+ "Type": "AWS::IAM::Role",
2191
+ "Properties": {
2192
+ "AssumeRolePolicyDocument": {
2193
+ "Statement": [
2194
+ {
2195
+ "Action": "sts:AssumeRole",
2196
+ "Effect": "Allow",
2197
+ "Principal": {
2198
+ "Service": "lambda.amazonaws.com"
2199
+ }
2200
+ }
2201
+ ],
2202
+ "Version": "2012-10-17"
2203
+ },
2204
+ "ManagedPolicyArns": [
2205
+ {
2206
+ "Fn::Join": [
2207
+ "",
2208
+ [
2209
+ "arn:",
2210
+ {
2211
+ "Ref": "AWS::Partition"
2212
+ },
2213
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2214
+ ]
2215
+ ]
2216
+ }
2217
+ ]
2218
+ },
2219
+ "Metadata": {
2220
+ "cdk_nag": {
2221
+ "rules_to_suppress": [
2222
+ {
2223
+ "reason": "Managed policies acceptable for workshop Lambda functions",
2224
+ "id": "AwsSolutions-IAM4"
2225
+ },
2226
+ {
2227
+ "reason": "CloudWatch metrics require wildcard permissions",
2228
+ "id": "AwsSolutions-IAM5"
2229
+ },
2230
+ {
2231
+ "reason": "Latest runtime not required for this function",
2232
+ "id": "AwsSolutions-L1"
2233
+ }
2234
+ ]
2235
+ }
2236
+ }
2237
+ },
2238
+ "IntegVSCodeServerIdleMonitorFunctionServiceRoleDefaultPolicyE13A3890": {
2239
+ "Type": "AWS::IAM::Policy",
2240
+ "Properties": {
2241
+ "PolicyDocument": {
2242
+ "Statement": [
2243
+ {
2244
+ "Action": [
2245
+ "cloudwatch:GetMetricData",
2246
+ "cloudwatch:GetMetricStatistics",
2247
+ "ec2:DescribeInstanceStatus",
2248
+ "ec2:DescribeInstances"
2249
+ ],
2250
+ "Effect": "Allow",
2251
+ "Resource": "*"
2252
+ },
2253
+ {
2254
+ "Action": "ec2:StopInstances",
2255
+ "Effect": "Allow",
2256
+ "Resource": {
2257
+ "Fn::Join": [
2258
+ "",
2259
+ [
2260
+ "arn:aws:ec2:",
2261
+ {
2262
+ "Ref": "AWS::Region"
2263
+ },
2264
+ ":",
2265
+ {
2266
+ "Ref": "AWS::AccountId"
2267
+ },
2268
+ ":instance/",
2269
+ {
2270
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
2271
+ }
2272
+ ]
2273
+ ]
2274
+ }
2275
+ }
2276
+ ],
2277
+ "Version": "2012-10-17"
2278
+ },
2279
+ "PolicyName": "IntegVSCodeServerIdleMonitorFunctionServiceRoleDefaultPolicyE13A3890",
2280
+ "Roles": [
2281
+ {
2282
+ "Ref": "IntegVSCodeServerIdleMonitorFunctionServiceRoleC1088A0D"
2283
+ }
2284
+ ]
2285
+ },
2286
+ "Metadata": {
2287
+ "cdk_nag": {
2288
+ "rules_to_suppress": [
2289
+ {
2290
+ "reason": "Managed policies acceptable for workshop Lambda functions",
2291
+ "id": "AwsSolutions-IAM4"
2292
+ },
2293
+ {
2294
+ "reason": "CloudWatch metrics require wildcard permissions",
2295
+ "id": "AwsSolutions-IAM5"
2296
+ },
2297
+ {
2298
+ "reason": "Latest runtime not required for this function",
2299
+ "id": "AwsSolutions-L1"
2300
+ }
2301
+ ]
2302
+ }
2303
+ }
2304
+ },
2305
+ "IntegVSCodeServerIdleMonitorFunctionCACBFA32": {
2306
+ "Type": "AWS::Lambda::Function",
2307
+ "Properties": {
2308
+ "Code": {
2309
+ "S3Bucket": {
2310
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2311
+ },
2312
+ "S3Key": "8dd4be31c5a6cd8750dc55c07c1e2f19596f8a27b032d02c18554ed44eabe065.zip"
2313
+ },
2314
+ "Environment": {
2315
+ "Variables": {
2316
+ "INSTANCE_ID": {
2317
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
2318
+ },
2319
+ "DISTRIBUTION_ID": {
2320
+ "Ref": "IntegVSCodeServercfdistributionFDBE873F"
2321
+ },
2322
+ "IDLE_TIMEOUT_MINUTES": "2",
2323
+ "SKIP_STATUS_CHECKS": "true"
2324
+ }
2325
+ },
2326
+ "Handler": "index.handler",
2327
+ "MemorySize": 256,
2328
+ "Role": {
2329
+ "Fn::GetAtt": [
2330
+ "IntegVSCodeServerIdleMonitorFunctionServiceRoleC1088A0D",
2331
+ "Arn"
2332
+ ]
2333
+ },
2334
+ "Runtime": "nodejs20.x",
2335
+ "Timeout": 30
2336
+ },
2337
+ "DependsOn": [
2338
+ "IntegVSCodeServerIdleMonitorFunctionServiceRoleDefaultPolicyE13A3890",
2339
+ "IntegVSCodeServerIdleMonitorFunctionServiceRoleC1088A0D"
2340
+ ],
2341
+ "Metadata": {
2342
+ "cdk_nag": {
2343
+ "rules_to_suppress": [
2344
+ {
2345
+ "reason": "Managed policies acceptable for workshop Lambda functions",
2346
+ "id": "AwsSolutions-IAM4"
2347
+ },
2348
+ {
2349
+ "reason": "CloudWatch metrics require wildcard permissions",
2350
+ "id": "AwsSolutions-IAM5"
2351
+ },
2352
+ {
2353
+ "reason": "Latest runtime not required for this function",
2354
+ "id": "AwsSolutions-L1"
2355
+ }
2356
+ ]
2357
+ }
2358
+ }
2359
+ },
2360
+ "IntegVSCodeServerIdleMonitorScheduleRuleCF2E60F5": {
2361
+ "Type": "AWS::Events::Rule",
2362
+ "Properties": {
2363
+ "ScheduleExpression": "rate(1 minute)",
2364
+ "State": "ENABLED",
2365
+ "Targets": [
2366
+ {
2367
+ "Arn": {
2368
+ "Fn::GetAtt": [
2369
+ "IntegVSCodeServerIdleMonitorFunctionCACBFA32",
2370
+ "Arn"
2371
+ ]
2372
+ },
2373
+ "Id": "Target0"
2374
+ }
2375
+ ]
2376
+ }
2377
+ },
2378
+ "IntegVSCodeServerIdleMonitorScheduleRuleAllowEventRuleIntegTestStackStopOnIdleIntegVSCodeServerIdleMonitorFunction8C52CC5D407CFD6D": {
2379
+ "Type": "AWS::Lambda::Permission",
2380
+ "Properties": {
2381
+ "Action": "lambda:InvokeFunction",
2382
+ "FunctionName": {
2383
+ "Fn::GetAtt": [
2384
+ "IntegVSCodeServerIdleMonitorFunctionCACBFA32",
2385
+ "Arn"
2386
+ ]
2387
+ },
2388
+ "Principal": "events.amazonaws.com",
2389
+ "SourceArn": {
2390
+ "Fn::GetAtt": [
2391
+ "IntegVSCodeServerIdleMonitorScheduleRuleCF2E60F5",
2392
+ "Arn"
2393
+ ]
2394
+ }
2395
+ }
2396
+ },
2397
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
2398
+ "Type": "AWS::IAM::Role",
2399
+ "Properties": {
2400
+ "AssumeRolePolicyDocument": {
2401
+ "Version": "2012-10-17",
2402
+ "Statement": [
2403
+ {
2404
+ "Action": "sts:AssumeRole",
2405
+ "Effect": "Allow",
2406
+ "Principal": {
2407
+ "Service": "lambda.amazonaws.com"
2408
+ }
2409
+ }
2410
+ ]
2411
+ },
2412
+ "ManagedPolicyArns": [
2413
+ {
2414
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2415
+ }
2416
+ ],
2417
+ "Policies": [
2418
+ {
2419
+ "PolicyName": "Inline",
2420
+ "PolicyDocument": {
2421
+ "Version": "2012-10-17",
2422
+ "Statement": [
2423
+ {
2424
+ "Effect": "Allow",
2425
+ "Action": [
2426
+ "ec2:AuthorizeSecurityGroupIngress",
2427
+ "ec2:AuthorizeSecurityGroupEgress",
2428
+ "ec2:RevokeSecurityGroupIngress",
2429
+ "ec2:RevokeSecurityGroupEgress"
2430
+ ],
2431
+ "Resource": [
2432
+ {
2433
+ "Fn::Join": [
2434
+ "",
2435
+ [
2436
+ "arn:",
2437
+ {
2438
+ "Ref": "AWS::Partition"
2439
+ },
2440
+ ":ec2:",
2441
+ {
2442
+ "Ref": "AWS::Region"
2443
+ },
2444
+ ":",
2445
+ {
2446
+ "Ref": "AWS::AccountId"
2447
+ },
2448
+ ":security-group/",
2449
+ {
2450
+ "Fn::GetAtt": [
2451
+ "IntegVSCodeServervpc93DDE887",
2452
+ "DefaultSecurityGroup"
2453
+ ]
2454
+ }
2455
+ ]
2456
+ ]
2457
+ }
2458
+ ]
2459
+ }
2460
+ ]
2461
+ }
2462
+ }
2463
+ ]
2464
+ }
2465
+ },
2466
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
2467
+ "Type": "AWS::Lambda::Function",
2468
+ "Properties": {
2469
+ "Code": {
2470
+ "S3Bucket": {
2471
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2472
+ },
2473
+ "S3Key": "7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200.zip"
2474
+ },
2475
+ "Timeout": 900,
2476
+ "MemorySize": 128,
2477
+ "Handler": "__entrypoint__.handler",
2478
+ "Role": {
2479
+ "Fn::GetAtt": [
2480
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
2481
+ "Arn"
2482
+ ]
2483
+ },
2484
+ "Runtime": {
2485
+ "Fn::FindInMap": [
2486
+ "LatestNodeRuntimeMap",
2487
+ {
2488
+ "Ref": "AWS::Region"
2489
+ },
2490
+ "value"
2491
+ ]
2492
+ },
2493
+ "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
2494
+ },
2495
+ "DependsOn": [
2496
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
2497
+ ]
2498
+ },
2499
+ "AWS679f53fac002430cb0da5b7982bd22872D164C4C": {
2500
+ "Type": "AWS::Lambda::Function",
2501
+ "Properties": {
2502
+ "Code": {
2503
+ "S3Bucket": {
2504
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2505
+ },
2506
+ "S3Key": "9d043014be736e8162bcc7ec5590cc6d2ff24fd0d9c73a5c5d595151c5fdad00.zip"
2507
+ },
2508
+ "Handler": "index.handler",
2509
+ "LoggingConfig": {
2510
+ "LogGroup": {
2511
+ "Ref": "IntegVSCodeServercfprefixlistIdGetPrefixListIdLogGroup171C2803"
2512
+ }
2513
+ },
2514
+ "Role": {
2515
+ "Fn::GetAtt": [
2516
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1",
2517
+ "Arn"
2518
+ ]
2519
+ },
2520
+ "Runtime": {
2521
+ "Fn::FindInMap": [
2522
+ "LatestNodeRuntimeMap",
2523
+ {
2524
+ "Ref": "AWS::Region"
2525
+ },
2526
+ "value"
2527
+ ]
2528
+ },
2529
+ "Timeout": 120
2530
+ },
2531
+ "DependsOn": [
2532
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1"
2533
+ ]
2534
+ },
2535
+ "idletesthandlerServiceRoleBB9B4624": {
2536
+ "Type": "AWS::IAM::Role",
2537
+ "Properties": {
2538
+ "AssumeRolePolicyDocument": {
2539
+ "Statement": [
2540
+ {
2541
+ "Action": "sts:AssumeRole",
2542
+ "Effect": "Allow",
2543
+ "Principal": {
2544
+ "Service": "lambda.amazonaws.com"
2545
+ }
2546
+ }
2547
+ ],
2548
+ "Version": "2012-10-17"
2549
+ },
2550
+ "ManagedPolicyArns": [
2551
+ {
2552
+ "Fn::Join": [
2553
+ "",
2554
+ [
2555
+ "arn:",
2556
+ {
2557
+ "Ref": "AWS::Partition"
2558
+ },
2559
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2560
+ ]
2561
+ ]
2562
+ }
2563
+ ]
2564
+ }
2565
+ },
2566
+ "idletesthandlerServiceRoleDefaultPolicyB0C00EC7": {
2567
+ "Type": "AWS::IAM::Policy",
2568
+ "Properties": {
2569
+ "PolicyDocument": {
2570
+ "Statement": [
2571
+ {
2572
+ "Action": [
2573
+ "cloudwatch:GetMetricStatistics",
2574
+ "ec2:DescribeInstanceStatus",
2575
+ "ec2:DescribeInstances",
2576
+ "ec2:StartInstances",
2577
+ "events:DescribeRule",
2578
+ "events:DisableRule"
2579
+ ],
2580
+ "Effect": "Allow",
2581
+ "Resource": "*"
2582
+ }
2583
+ ],
2584
+ "Version": "2012-10-17"
2585
+ },
2586
+ "PolicyName": "idletesthandlerServiceRoleDefaultPolicyB0C00EC7",
2587
+ "Roles": [
2588
+ {
2589
+ "Ref": "idletesthandlerServiceRoleBB9B4624"
2590
+ }
2591
+ ]
2592
+ }
2593
+ },
2594
+ "idletesthandler1A304024": {
2595
+ "Type": "AWS::Lambda::Function",
2596
+ "Properties": {
2597
+ "Code": {
2598
+ "S3Bucket": {
2599
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2600
+ },
2601
+ "S3Key": "d061a1ca61c6339fcb77bb6fc19194a60c96bb16531eaf1e4e733b50089512ca.zip"
2602
+ },
2603
+ "Environment": {
2604
+ "Variables": {
2605
+ "INSTANCE_ID": {
2606
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
2607
+ },
2608
+ "CLOUDFRONT_DOMAIN": {
2609
+ "Fn::Join": [
2610
+ "",
2611
+ [
2612
+ "https://",
2613
+ {
2614
+ "Fn::GetAtt": [
2615
+ "IntegVSCodeServercfdistributionFDBE873F",
2616
+ "DomainName"
2617
+ ]
2618
+ },
2619
+ "/?folder=/Workshop"
2620
+ ]
2621
+ ]
2622
+ },
2623
+ "IDLE_TIMEOUT_MINUTES": "2",
2624
+ "IDLE_MONITOR_RULE_NAME": {
2625
+ "Ref": "IntegVSCodeServerIdleMonitorScheduleRuleCF2E60F5"
2626
+ }
2627
+ }
2628
+ },
2629
+ "Handler": "index.handler",
2630
+ "Role": {
2631
+ "Fn::GetAtt": [
2632
+ "idletesthandlerServiceRoleBB9B4624",
2633
+ "Arn"
2634
+ ]
2635
+ },
2636
+ "Runtime": "nodejs20.x",
2637
+ "Timeout": 120
2638
+ },
2639
+ "DependsOn": [
2640
+ "idletesthandlerServiceRoleDefaultPolicyB0C00EC7",
2641
+ "idletesthandlerServiceRoleBB9B4624"
2642
+ ]
2643
+ },
2644
+ "idletesthandlerLogRetentionEE227743": {
2645
+ "Type": "Custom::LogRetention",
2646
+ "Properties": {
2647
+ "ServiceToken": {
2648
+ "Fn::GetAtt": [
2649
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A",
2650
+ "Arn"
2651
+ ]
2652
+ },
2653
+ "LogGroupName": {
2654
+ "Fn::Join": [
2655
+ "",
2656
+ [
2657
+ "/aws/lambda/",
2658
+ {
2659
+ "Ref": "idletesthandler1A304024"
2660
+ }
2661
+ ]
2662
+ ]
2663
+ },
2664
+ "RetentionInDays": 1
2665
+ }
2666
+ },
2667
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": {
2668
+ "Type": "AWS::IAM::Role",
2669
+ "Properties": {
2670
+ "AssumeRolePolicyDocument": {
2671
+ "Statement": [
2672
+ {
2673
+ "Action": "sts:AssumeRole",
2674
+ "Effect": "Allow",
2675
+ "Principal": {
2676
+ "Service": "lambda.amazonaws.com"
2677
+ }
2678
+ }
2679
+ ],
2680
+ "Version": "2012-10-17"
2681
+ },
2682
+ "ManagedPolicyArns": [
2683
+ {
2684
+ "Fn::Join": [
2685
+ "",
2686
+ [
2687
+ "arn:",
2688
+ {
2689
+ "Ref": "AWS::Partition"
2690
+ },
2691
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2692
+ ]
2693
+ ]
2694
+ }
2695
+ ]
2696
+ }
2697
+ },
2698
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": {
2699
+ "Type": "AWS::IAM::Policy",
2700
+ "Properties": {
2701
+ "PolicyDocument": {
2702
+ "Statement": [
2703
+ {
2704
+ "Action": [
2705
+ "logs:DeleteRetentionPolicy",
2706
+ "logs:PutRetentionPolicy"
2707
+ ],
2708
+ "Effect": "Allow",
2709
+ "Resource": "*"
2710
+ }
2711
+ ],
2712
+ "Version": "2012-10-17"
2713
+ },
2714
+ "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB",
2715
+ "Roles": [
2716
+ {
2717
+ "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB"
2718
+ }
2719
+ ]
2720
+ }
2721
+ },
2722
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": {
2723
+ "Type": "AWS::Lambda::Function",
2724
+ "Properties": {
2725
+ "Handler": "index.handler",
2726
+ "Runtime": {
2727
+ "Fn::FindInMap": [
2728
+ "LatestNodeRuntimeMap",
2729
+ {
2730
+ "Ref": "AWS::Region"
2731
+ },
2732
+ "value"
2733
+ ]
2734
+ },
2735
+ "Timeout": 900,
2736
+ "Code": {
2737
+ "S3Bucket": {
2738
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2739
+ },
2740
+ "S3Key": "2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d.zip"
2741
+ },
2742
+ "Role": {
2743
+ "Fn::GetAtt": [
2744
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB",
2745
+ "Arn"
2746
+ ]
2747
+ }
2748
+ },
2749
+ "DependsOn": [
2750
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB",
2751
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB"
2752
+ ]
2753
+ },
2754
+ "loginhandlerServiceRole330B0B32": {
2755
+ "Type": "AWS::IAM::Role",
2756
+ "Properties": {
2757
+ "AssumeRolePolicyDocument": {
2758
+ "Statement": [
2759
+ {
2760
+ "Action": "sts:AssumeRole",
2761
+ "Effect": "Allow",
2762
+ "Principal": {
2763
+ "Service": "lambda.amazonaws.com"
2764
+ }
2765
+ }
2766
+ ],
2767
+ "Version": "2012-10-17"
2768
+ },
2769
+ "ManagedPolicyArns": [
2770
+ {
2771
+ "Fn::Join": [
2772
+ "",
2773
+ [
2774
+ "arn:",
2775
+ {
2776
+ "Ref": "AWS::Partition"
2777
+ },
2778
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2779
+ ]
2780
+ ]
2781
+ }
2782
+ ]
2783
+ }
2784
+ },
2785
+ "loginhandler99CCCCFD": {
2786
+ "Type": "AWS::Lambda::Function",
2787
+ "Properties": {
2788
+ "Code": {
2789
+ "S3Bucket": {
2790
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2791
+ },
2792
+ "S3Key": "efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9.zip"
2793
+ },
2794
+ "Handler": "index.handler",
2795
+ "Role": {
2796
+ "Fn::GetAtt": [
2797
+ "loginhandlerServiceRole330B0B32",
2798
+ "Arn"
2799
+ ]
2800
+ },
2801
+ "Runtime": "nodejs20.x",
2802
+ "Timeout": 30
2803
+ },
2804
+ "DependsOn": [
2805
+ "loginhandlerServiceRole330B0B32"
2806
+ ]
2807
+ },
2808
+ "loginhandlerLogRetentionFD323A9B": {
2809
+ "Type": "Custom::LogRetention",
2810
+ "Properties": {
2811
+ "ServiceToken": {
2812
+ "Fn::GetAtt": [
2813
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A",
2814
+ "Arn"
2815
+ ]
2816
+ },
2817
+ "LogGroupName": {
2818
+ "Fn::Join": [
2819
+ "",
2820
+ [
2821
+ "/aws/lambda/",
2822
+ {
2823
+ "Ref": "loginhandler99CCCCFD"
2824
+ }
2825
+ ]
2826
+ ]
2827
+ },
2828
+ "RetentionInDays": 1
2829
+ }
2830
+ }
2831
+ },
2832
+ "Outputs": {
2833
+ "IntegVSCodeServerdomainName6B9F2604": {
2834
+ "Description": "The domain name of the distribution",
2835
+ "Value": {
2836
+ "Fn::Join": [
2837
+ "",
2838
+ [
2839
+ "https://",
2840
+ {
2841
+ "Fn::GetAtt": [
2842
+ "IntegVSCodeServercfdistributionFDBE873F",
2843
+ "DomainName"
2844
+ ]
2845
+ },
2846
+ "/?folder=/Workshop"
2847
+ ]
2848
+ ]
2849
+ }
2850
+ },
2851
+ "IntegVSCodeServerpasswordE38D3B2C": {
2852
+ "Description": "The password for the VSCode server",
2853
+ "Value": {
2854
+ "Fn::GetAtt": [
2855
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD",
2856
+ "secretPasswordValue"
2857
+ ]
2858
+ }
2859
+ },
2860
+ "ExportsOutputRefidletesthandler1A304024FDE25B36": {
2861
+ "Value": {
2862
+ "Ref": "idletesthandler1A304024"
2863
+ },
2864
+ "Export": {
2865
+ "Name": "IntegTestStackStopOnIdle:ExportsOutputRefidletesthandler1A304024FDE25B36"
2866
+ }
2867
+ },
2868
+ "ExportsOutputFnGetAttIntegVSCodeServercfdistributionFDBE873FDomainName3CB40F9D": {
2869
+ "Value": {
2870
+ "Fn::GetAtt": [
2871
+ "IntegVSCodeServercfdistributionFDBE873F",
2872
+ "DomainName"
2873
+ ]
2874
+ },
2875
+ "Export": {
2876
+ "Name": "IntegTestStackStopOnIdle:ExportsOutputFnGetAttIntegVSCodeServercfdistributionFDBE873FDomainName3CB40F9D"
2877
+ }
2878
+ },
2879
+ "ExportsOutputRefIntegVSCodeServerserverinstance0A3D62D7BC0861E5": {
2880
+ "Value": {
2881
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
2882
+ },
2883
+ "Export": {
2884
+ "Name": "IntegTestStackStopOnIdle:ExportsOutputRefIntegVSCodeServerserverinstance0A3D62D7BC0861E5"
2885
+ }
2886
+ },
2887
+ "ExportsOutputRefloginhandler99CCCCFD29CE21C0": {
2888
+ "Value": {
2889
+ "Ref": "loginhandler99CCCCFD"
2890
+ },
2891
+ "Export": {
2892
+ "Name": "IntegTestStackStopOnIdle:ExportsOutputRefloginhandler99CCCCFD29CE21C0"
2893
+ }
2894
+ },
2895
+ "ExportsOutputRefIntegVSCodeServerIdleMonitorScheduleRuleCF2E60F550AA072C": {
2896
+ "Value": {
2897
+ "Ref": "IntegVSCodeServerIdleMonitorScheduleRuleCF2E60F5"
2898
+ },
2899
+ "Export": {
2900
+ "Name": "IntegTestStackStopOnIdle:ExportsOutputRefIntegVSCodeServerIdleMonitorScheduleRuleCF2E60F550AA072C"
2901
+ }
2902
+ },
2903
+ "ExportsOutputFnGetAttIntegVSCodeServerSecretRetrieverCustomResource2F3DB8BDsecretPasswordValue1223507B": {
2904
+ "Value": {
2905
+ "Fn::GetAtt": [
2906
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD",
2907
+ "secretPasswordValue"
2908
+ ]
2909
+ },
2910
+ "Export": {
2911
+ "Name": "IntegTestStackStopOnIdle:ExportsOutputFnGetAttIntegVSCodeServerSecretRetrieverCustomResource2F3DB8BDsecretPasswordValue1223507B"
2912
+ }
2913
+ }
2914
+ },
2915
+ "Mappings": {
2916
+ "LatestNodeRuntimeMap": {
2917
+ "af-south-1": {
2918
+ "value": "nodejs20.x"
2919
+ },
2920
+ "ap-east-1": {
2921
+ "value": "nodejs20.x"
2922
+ },
2923
+ "ap-northeast-1": {
2924
+ "value": "nodejs20.x"
2925
+ },
2926
+ "ap-northeast-2": {
2927
+ "value": "nodejs20.x"
2928
+ },
2929
+ "ap-northeast-3": {
2930
+ "value": "nodejs20.x"
2931
+ },
2932
+ "ap-south-1": {
2933
+ "value": "nodejs20.x"
2934
+ },
2935
+ "ap-south-2": {
2936
+ "value": "nodejs20.x"
2937
+ },
2938
+ "ap-southeast-1": {
2939
+ "value": "nodejs20.x"
2940
+ },
2941
+ "ap-southeast-2": {
2942
+ "value": "nodejs20.x"
2943
+ },
2944
+ "ap-southeast-3": {
2945
+ "value": "nodejs20.x"
2946
+ },
2947
+ "ap-southeast-4": {
2948
+ "value": "nodejs20.x"
2949
+ },
2950
+ "ap-southeast-5": {
2951
+ "value": "nodejs20.x"
2952
+ },
2953
+ "ap-southeast-7": {
2954
+ "value": "nodejs20.x"
2955
+ },
2956
+ "ca-central-1": {
2957
+ "value": "nodejs20.x"
2958
+ },
2959
+ "ca-west-1": {
2960
+ "value": "nodejs20.x"
2961
+ },
2962
+ "cn-north-1": {
2963
+ "value": "nodejs20.x"
2964
+ },
2965
+ "cn-northwest-1": {
2966
+ "value": "nodejs20.x"
2967
+ },
2968
+ "eu-central-1": {
2969
+ "value": "nodejs20.x"
2970
+ },
2971
+ "eu-central-2": {
2972
+ "value": "nodejs20.x"
2973
+ },
2974
+ "eu-isoe-west-1": {
2975
+ "value": "nodejs18.x"
2976
+ },
2977
+ "eu-north-1": {
2978
+ "value": "nodejs20.x"
2979
+ },
2980
+ "eu-south-1": {
2981
+ "value": "nodejs20.x"
2982
+ },
2983
+ "eu-south-2": {
2984
+ "value": "nodejs20.x"
2985
+ },
2986
+ "eu-west-1": {
2987
+ "value": "nodejs20.x"
2988
+ },
2989
+ "eu-west-2": {
2990
+ "value": "nodejs20.x"
2991
+ },
2992
+ "eu-west-3": {
2993
+ "value": "nodejs20.x"
2994
+ },
2995
+ "il-central-1": {
2996
+ "value": "nodejs20.x"
2997
+ },
2998
+ "me-central-1": {
2999
+ "value": "nodejs20.x"
3000
+ },
3001
+ "me-south-1": {
3002
+ "value": "nodejs20.x"
3003
+ },
3004
+ "mx-central-1": {
3005
+ "value": "nodejs20.x"
3006
+ },
3007
+ "sa-east-1": {
3008
+ "value": "nodejs20.x"
3009
+ },
3010
+ "us-east-1": {
3011
+ "value": "nodejs20.x"
3012
+ },
3013
+ "us-east-2": {
3014
+ "value": "nodejs20.x"
3015
+ },
3016
+ "us-gov-east-1": {
3017
+ "value": "nodejs20.x"
3018
+ },
3019
+ "us-gov-west-1": {
3020
+ "value": "nodejs20.x"
3021
+ },
3022
+ "us-iso-east-1": {
3023
+ "value": "nodejs18.x"
3024
+ },
3025
+ "us-iso-west-1": {
3026
+ "value": "nodejs18.x"
3027
+ },
3028
+ "us-isob-east-1": {
3029
+ "value": "nodejs18.x"
3030
+ },
3031
+ "us-west-1": {
3032
+ "value": "nodejs20.x"
3033
+ },
3034
+ "us-west-2": {
3035
+ "value": "nodejs20.x"
3036
+ }
3037
+ }
3038
+ },
3039
+ "Parameters": {
3040
+ "SsmParameterValueawsservicecanonicalubuntuserverjammystablecurrentarm64hvmebsgp2amiidC96584B6F00A464EAD1953AFF4B05118Parameter": {
3041
+ "Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
3042
+ "Default": "/aws/service/canonical/ubuntu/server/jammy/stable/current/arm64/hvm/ebs-gp2/ami-id"
3043
+ },
3044
+ "BootstrapVersion": {
3045
+ "Type": "AWS::SSM::Parameter::Value<String>",
3046
+ "Default": "/cdk-bootstrap/hnb659fds/version",
3047
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
3048
+ }
3049
+ },
3050
+ "Rules": {
3051
+ "CheckBootstrapVersion": {
3052
+ "Assertions": [
3053
+ {
3054
+ "Assert": {
3055
+ "Fn::Not": [
3056
+ {
3057
+ "Fn::Contains": [
3058
+ [
3059
+ "1",
3060
+ "2",
3061
+ "3",
3062
+ "4",
3063
+ "5"
3064
+ ],
3065
+ {
3066
+ "Ref": "BootstrapVersion"
3067
+ }
3068
+ ]
3069
+ }
3070
+ ]
3071
+ },
3072
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
3073
+ }
3074
+ ]
3075
+ }
3076
+ }
3077
+ }