@mavogel/cdk-vscode-server 0.0.62 → 0.0.64

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (123) hide show
  1. package/.jsii +124 -178
  2. package/API.md +105 -200
  3. package/CLAUDE.md +288 -58
  4. package/README.md +40 -2
  5. package/assets/idle-monitor-enabler/idle-monitor-enabler.lambda/index.js +67 -0
  6. package/assets/installer/installer.lambda/index.js +67 -30
  7. package/awslint.json +5 -0
  8. package/examples/auto-stop/main.ts +1 -1
  9. package/examples/custom/main.ts +1 -1
  10. package/examples/git-repo/main.ts +30 -0
  11. package/integ-tests/integ.al2023.ts.snapshot/IntegSetupVSCodeOnAl2023DefaultTestDeployAssert74D8F645.assets.json +2 -2
  12. package/integ-tests/integ.al2023.ts.snapshot/IntegSetupVSCodeOnAl2023DefaultTestDeployAssert74D8F645.template.json +1 -1
  13. package/integ-tests/integ.al2023.ts.snapshot/IntegTestStackAl2023.assets.json +8 -8
  14. package/integ-tests/integ.al2023.ts.snapshot/IntegTestStackAl2023.template.json +257 -94
  15. package/integ-tests/{integ.stop-on-idle.ts.snapshot/asset.33da23274e25bd9f43638c5d83dad26e3931cbe78d462ffd9a9f565e948b4f5f.lambda → integ.al2023.ts.snapshot/asset.2f99f38311da357eaaea1284d67c759759324dec4a1cd11621d9c59eea9e81df.lambda}/index.js +67 -30
  16. package/integ-tests/{integ.ubuntu.ts.snapshot/asset.0ad50fc42afd768c3d0bfdd4701e43284fb077a25f19eea1e8c51a5ca36ebfe4 → integ.al2023.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9}/index.js +50 -25
  17. package/integ-tests/integ.al2023.ts.snapshot/integ.json +1 -1
  18. package/integ-tests/integ.al2023.ts.snapshot/manifest.json +19 -3
  19. package/integ-tests/integ.al2023.ts.snapshot/tree.json +1 -1
  20. package/integ-tests/integ.custom-domain.ts.snapshot/IntegSetupVSCodeOnCustomDomainDefaultTestDeployAssert6982D514.assets.json +2 -2
  21. package/integ-tests/integ.custom-domain.ts.snapshot/IntegSetupVSCodeOnCustomDomainDefaultTestDeployAssert6982D514.template.json +1 -1
  22. package/integ-tests/integ.custom-domain.ts.snapshot/IntegTestStackCustomDomain.assets.json +8 -8
  23. package/integ-tests/integ.custom-domain.ts.snapshot/IntegTestStackCustomDomain.template.json +273 -97
  24. package/integ-tests/{integ.ubuntu.ts.snapshot/asset.33da23274e25bd9f43638c5d83dad26e3931cbe78d462ffd9a9f565e948b4f5f.lambda → integ.custom-domain.ts.snapshot/asset.2f99f38311da357eaaea1284d67c759759324dec4a1cd11621d9c59eea9e81df.lambda}/index.js +67 -30
  25. package/integ-tests/{integ.al2023.ts.snapshot/asset.0ad50fc42afd768c3d0bfdd4701e43284fb077a25f19eea1e8c51a5ca36ebfe4 → integ.custom-domain.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9}/index.js +50 -25
  26. package/integ-tests/integ.custom-domain.ts.snapshot/integ.json +1 -1
  27. package/integ-tests/integ.custom-domain.ts.snapshot/manifest.json +25 -6
  28. package/integ-tests/integ.custom-domain.ts.snapshot/tree.json +1 -1
  29. package/integ-tests/integ.stop-on-idle.ts +1 -4
  30. package/integ-tests/integ.stop-on-idle.ts.snapshot/IntegStopOnIdleFunctionalityDefaultTestDeployAssertEECF3FC0.assets.json +2 -2
  31. package/integ-tests/integ.stop-on-idle.ts.snapshot/IntegStopOnIdleFunctionalityDefaultTestDeployAssertEECF3FC0.template.json +4 -4
  32. package/integ-tests/integ.stop-on-idle.ts.snapshot/IntegTestStackStopOnIdle.assets.json +23 -9
  33. package/integ-tests/integ.stop-on-idle.ts.snapshot/IntegTestStackStopOnIdle.template.json +758 -197
  34. package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.22c8a6c357b704e370bef317ae1b52c59f684aa7640422a3d1dfe813d1f77853.lambda/index.js +67 -0
  35. package/integ-tests/{integ.custom-domain.ts.snapshot/asset.33da23274e25bd9f43638c5d83dad26e3931cbe78d462ffd9a9f565e948b4f5f.lambda → integ.stop-on-idle.ts.snapshot/asset.2f99f38311da357eaaea1284d67c759759324dec4a1cd11621d9c59eea9e81df.lambda}/index.js +67 -30
  36. package/integ-tests/integ.stop-on-idle.ts.snapshot/manifest.json +363 -76
  37. package/integ-tests/integ.stop-on-idle.ts.snapshot/tree.json +1 -1
  38. package/integ-tests/integ.ubuntu.ts.snapshot/IntegSetupVSCodeOnUbuntuDefaultTestDeployAssertFF8DF2C5.assets.json +2 -2
  39. package/integ-tests/integ.ubuntu.ts.snapshot/IntegSetupVSCodeOnUbuntuDefaultTestDeployAssertFF8DF2C5.template.json +1 -1
  40. package/integ-tests/integ.ubuntu.ts.snapshot/IntegTestStackUbuntu22.assets.json +8 -8
  41. package/integ-tests/integ.ubuntu.ts.snapshot/IntegTestStackUbuntu22.template.json +273 -97
  42. package/integ-tests/{integ.al2023.ts.snapshot/asset.33da23274e25bd9f43638c5d83dad26e3931cbe78d462ffd9a9f565e948b4f5f.lambda → integ.ubuntu.ts.snapshot/asset.2f99f38311da357eaaea1284d67c759759324dec4a1cd11621d9c59eea9e81df.lambda}/index.js +67 -30
  43. package/integ-tests/{integ.custom-domain.ts.snapshot/asset.0ad50fc42afd768c3d0bfdd4701e43284fb077a25f19eea1e8c51a5ca36ebfe4 → integ.ubuntu.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9}/index.js +50 -25
  44. package/integ-tests/integ.ubuntu.ts.snapshot/integ.json +1 -1
  45. package/integ-tests/integ.ubuntu.ts.snapshot/manifest.json +25 -6
  46. package/integ-tests/integ.ubuntu.ts.snapshot/tree.json +1 -1
  47. package/integ-tests/integ.ubuntu24.ts +69 -0
  48. package/integ-tests/integ.ubuntu24.ts.snapshot/IntegSetupVSCodeOnUbuntuDefaultTestDeployAssertFF8DF2C5.assets.json +33 -0
  49. package/integ-tests/integ.ubuntu24.ts.snapshot/IntegSetupVSCodeOnUbuntuDefaultTestDeployAssertFF8DF2C5.template.json +337 -0
  50. package/integ-tests/integ.ubuntu24.ts.snapshot/IntegTestStackUbuntu24.assets.json +118 -0
  51. package/integ-tests/integ.ubuntu24.ts.snapshot/IntegTestStackUbuntu24.template.json +2725 -0
  52. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d/index.js +1 -0
  53. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.2f99f38311da357eaaea1284d67c759759324dec4a1cd11621d9c59eea9e81df.lambda/index.js +180 -0
  54. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle/index.js +30676 -0
  55. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.781ab0ab74634cdaf61539ab208ab777829ef07097ac21f95b9e15a3b1eedc1b.lambda/index.js +57 -0
  56. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200/__entrypoint__.js +1 -0
  57. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200/index.js +1 -0
  58. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.9d043014be736e8162bcc7ec5590cc6d2ff24fd0d9c73a5c5d595151c5fdad00/index.js +1 -0
  59. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +1 -0
  60. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/consts.js +1 -0
  61. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/framework.js +3 -0
  62. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/outbound.js +1 -0
  63. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +1 -0
  64. package/integ-tests/integ.ubuntu24.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9/index.js +6017 -0
  65. package/integ-tests/integ.ubuntu24.ts.snapshot/integ.json +23 -0
  66. package/integ-tests/integ.ubuntu24.ts.snapshot/manifest.json +1473 -0
  67. package/integ-tests/integ.ubuntu24.ts.snapshot/tree.json +1 -0
  68. package/integ-tests/integ.ubuntu25.ts +69 -0
  69. package/integ-tests/integ.ubuntu25.ts.snapshot/IntegSetupVSCodeOnUbuntu25DefaultTestDeployAssert48DBCF35.assets.json +33 -0
  70. package/integ-tests/integ.ubuntu25.ts.snapshot/IntegSetupVSCodeOnUbuntu25DefaultTestDeployAssert48DBCF35.template.json +337 -0
  71. package/integ-tests/integ.ubuntu25.ts.snapshot/IntegTestStackUbuntu25.assets.json +118 -0
  72. package/integ-tests/integ.ubuntu25.ts.snapshot/IntegTestStackUbuntu25.template.json +2725 -0
  73. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d/index.js +1 -0
  74. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.2f99f38311da357eaaea1284d67c759759324dec4a1cd11621d9c59eea9e81df.lambda/index.js +180 -0
  75. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle/index.js +30676 -0
  76. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.781ab0ab74634cdaf61539ab208ab777829ef07097ac21f95b9e15a3b1eedc1b.lambda/index.js +57 -0
  77. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200/__entrypoint__.js +1 -0
  78. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200/index.js +1 -0
  79. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.9d043014be736e8162bcc7ec5590cc6d2ff24fd0d9c73a5c5d595151c5fdad00/index.js +1 -0
  80. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/cfn-response.js +1 -0
  81. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/consts.js +1 -0
  82. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/framework.js +3 -0
  83. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/outbound.js +1 -0
  84. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca/util.js +1 -0
  85. package/integ-tests/integ.ubuntu25.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9/index.js +6017 -0
  86. package/integ-tests/integ.ubuntu25.ts.snapshot/integ.json +23 -0
  87. package/integ-tests/integ.ubuntu25.ts.snapshot/manifest.json +1473 -0
  88. package/integ-tests/integ.ubuntu25.ts.snapshot/tree.json +1 -0
  89. package/lib/idle-monitor/idle-monitor-function.js +2 -2
  90. package/lib/idle-monitor/idle-monitor.js +5 -2
  91. package/lib/idle-monitor-enabler/idle-monitor-enabler-function.d.ts +13 -0
  92. package/lib/idle-monitor-enabler/idle-monitor-enabler-function.js +22 -0
  93. package/lib/idle-monitor-enabler/idle-monitor-enabler.d.ts +25 -0
  94. package/lib/idle-monitor-enabler/idle-monitor-enabler.js +76 -0
  95. package/lib/idle-monitor-enabler/idle-monitor-enabler.lambda.d.ts +9 -0
  96. package/lib/idle-monitor-enabler/idle-monitor-enabler.lambda.js +48 -0
  97. package/lib/index.d.ts +0 -1
  98. package/lib/index.js +1 -2
  99. package/lib/installer/installer-function.js +2 -2
  100. package/lib/installer/installer.d.ts +105 -0
  101. package/lib/installer/installer.js +659 -301
  102. package/lib/installer/installer.lambda.js +64 -30
  103. package/lib/mappings.js +11 -3
  104. package/lib/secret-retriever/secret-retriever-function.js +2 -2
  105. package/lib/vscode-server.d.ts +45 -1
  106. package/lib/vscode-server.js +35 -5
  107. package/package.json +12 -12
  108. package/.claude/hooks/file_checker.sh +0 -178
  109. package/.qlty/.gitignore +0 -7
  110. package/.qlty/configs/.yamllint.yaml +0 -21
  111. package/.qlty/qlty.toml +0 -115
  112. package/assets/status-check/status-check.lambda/index.js +0 -123
  113. package/integ-tests/integ.al2023.ts.snapshot/cdk.out +0 -1
  114. package/integ-tests/integ.al2023.ts.snapshot/read.13497.1.lock +0 -1
  115. package/integ-tests/integ.custom-domain.ts.snapshot/read.13497.1.lock +0 -1
  116. package/integ-tests/integ.ubuntu.ts.snapshot/cdk.out +0 -1
  117. package/integ-tests/integ.ubuntu.ts.snapshot/read.13497.1.lock +0 -1
  118. package/lib/status-check/status-check-function.d.ts +0 -13
  119. package/lib/status-check/status-check-function.js +0 -22
  120. package/lib/status-check/status-check.d.ts +0 -36
  121. package/lib/status-check/status-check.js +0 -109
  122. package/lib/status-check/status-check.lambda.d.ts +0 -2
  123. package/lib/status-check/status-check.lambda.js +0 -104
package/integ-tests/integ.ubuntu24.ts.snapshot/IntegTestStackUbuntu24.template.json ADDED
@@ -0,0 +1,2725 @@
1
+ {
2
+ "Description": "This stack includes the application's resources for integration testing.",
3
+ "Resources": {
4
+ "IntegVSCodeServerpasswordsecret202A5DB3": {
5
+ "Type": "AWS::SecretsManager::Secret",
6
+ "Properties": {
7
+ "GenerateSecretString": {
8
+ "ExcludePunctuation": true,
9
+ "GenerateStringKey": "password",
10
+ "IncludeSpace": false,
11
+ "PasswordLength": 16,
12
+ "SecretStringTemplate": "{\"username\":\"participant\"}"
13
+ },
14
+ "Tags": [
15
+ {
16
+ "Key": "app",
17
+ "Value": "vscode-server"
18
+ }
19
+ ]
20
+ },
21
+ "UpdateReplacePolicy": "Delete",
22
+ "DeletionPolicy": "Delete",
23
+ "Metadata": {
24
+ "cdk_nag": {
25
+ "rules_to_suppress": [
26
+ {
27
+ "reason": "For this tmp vc code server we do not need password rotation",
28
+ "id": "AwsSolutions-SMG4"
29
+ }
30
+ ]
31
+ }
32
+ }
33
+ },
34
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2": {
35
+ "Type": "AWS::IAM::Role",
36
+ "Properties": {
37
+ "AssumeRolePolicyDocument": {
38
+ "Statement": [
39
+ {
40
+ "Action": "sts:AssumeRole",
41
+ "Effect": "Allow",
42
+ "Principal": {
43
+ "Service": "lambda.amazonaws.com"
44
+ }
45
+ }
46
+ ],
47
+ "Version": "2012-10-17"
48
+ },
49
+ "ManagedPolicyArns": [
50
+ {
51
+ "Fn::Join": [
52
+ "",
53
+ [
54
+ "arn:",
55
+ {
56
+ "Ref": "AWS::Partition"
57
+ },
58
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
59
+ ]
60
+ ]
61
+ }
62
+ ]
63
+ },
64
+ "Metadata": {
65
+ "cdk_nag": {
66
+ "rules_to_suppress": [
67
+ {
68
+ "reason": "For this event handler we do not need to restrict managed policies",
69
+ "id": "AwsSolutions-IAM4"
70
+ },
71
+ {
72
+ "reason": "For this lambda the latest runtime is not needed",
73
+ "id": "AwsSolutions-L1"
74
+ }
75
+ ]
76
+ }
77
+ }
78
+ },
79
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleDefaultPolicy2641E2C6": {
80
+ "Type": "AWS::IAM::Policy",
81
+ "Properties": {
82
+ "PolicyDocument": {
83
+ "Statement": [
84
+ {
85
+ "Action": "secretsmanager:GetSecretValue",
86
+ "Effect": "Allow",
87
+ "Resource": {
88
+ "Ref": "IntegVSCodeServerpasswordsecret202A5DB3"
89
+ }
90
+ }
91
+ ],
92
+ "Version": "2012-10-17"
93
+ },
94
+ "PolicyName": "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleDefaultPolicy2641E2C6",
95
+ "Roles": [
96
+ {
97
+ "Ref": "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2"
98
+ }
99
+ ]
100
+ }
101
+ },
102
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3": {
103
+ "Type": "AWS::Lambda::Function",
104
+ "Properties": {
105
+ "Code": {
106
+ "S3Bucket": {
107
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
108
+ },
109
+ "S3Key": "781ab0ab74634cdaf61539ab208ab777829ef07097ac21f95b9e15a3b1eedc1b.zip"
110
+ },
111
+ "Description": "src/secret-retriever/secret-retriever.lambda.ts",
112
+ "Handler": "index.handler",
113
+ "MemorySize": 128,
114
+ "Role": {
115
+ "Fn::GetAtt": [
116
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2",
117
+ "Arn"
118
+ ]
119
+ },
120
+ "Runtime": "nodejs22.x",
121
+ "Timeout": 10
122
+ },
123
+ "DependsOn": [
124
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleDefaultPolicy2641E2C6",
125
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerServiceRoleBEF8D4D2"
126
+ ],
127
+ "Metadata": {
128
+ "cdk_nag": {
129
+ "rules_to_suppress": [
130
+ {
131
+ "reason": "For this event handler we do not need to restrict managed policies",
132
+ "id": "AwsSolutions-IAM4"
133
+ },
134
+ {
135
+ "reason": "For this lambda the latest runtime is not needed",
136
+ "id": "AwsSolutions-L1"
137
+ }
138
+ ]
139
+ }
140
+ }
141
+ },
142
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64": {
143
+ "Type": "AWS::IAM::Role",
144
+ "Properties": {
145
+ "AssumeRolePolicyDocument": {
146
+ "Statement": [
147
+ {
148
+ "Action": "sts:AssumeRole",
149
+ "Effect": "Allow",
150
+ "Principal": {
151
+ "Service": "lambda.amazonaws.com"
152
+ }
153
+ }
154
+ ],
155
+ "Version": "2012-10-17"
156
+ },
157
+ "ManagedPolicyArns": [
158
+ {
159
+ "Fn::Join": [
160
+ "",
161
+ [
162
+ "arn:",
163
+ {
164
+ "Ref": "AWS::Partition"
165
+ },
166
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
167
+ ]
168
+ ]
169
+ }
170
+ ]
171
+ },
172
+ "Metadata": {
173
+ "cdk_nag": {
174
+ "rules_to_suppress": [
175
+ {
176
+ "reason": "For this provider we do not need to restrict managed policies",
177
+ "id": "AwsSolutions-IAM4"
178
+ },
179
+ {
180
+ "reason": "For this provider wildcards are fine",
181
+ "id": "AwsSolutions-IAM5"
182
+ },
183
+ {
184
+ "reason": "For this provider the latest runtime is not needed",
185
+ "id": "AwsSolutions-L1"
186
+ }
187
+ ]
188
+ }
189
+ }
190
+ },
191
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRoleDefaultPolicyEC4DCEA0": {
192
+ "Type": "AWS::IAM::Policy",
193
+ "Properties": {
194
+ "PolicyDocument": {
195
+ "Statement": [
196
+ {
197
+ "Action": "lambda:InvokeFunction",
198
+ "Effect": "Allow",
199
+ "Resource": [
200
+ {
201
+ "Fn::GetAtt": [
202
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
203
+ "Arn"
204
+ ]
205
+ },
206
+ {
207
+ "Fn::Join": [
208
+ "",
209
+ [
210
+ {
211
+ "Fn::GetAtt": [
212
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
213
+ "Arn"
214
+ ]
215
+ },
216
+ ":*"
217
+ ]
218
+ ]
219
+ }
220
+ ]
221
+ },
222
+ {
223
+ "Action": "lambda:GetFunction",
224
+ "Effect": "Allow",
225
+ "Resource": {
226
+ "Fn::GetAtt": [
227
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
228
+ "Arn"
229
+ ]
230
+ }
231
+ }
232
+ ],
233
+ "Version": "2012-10-17"
234
+ },
235
+ "PolicyName": "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRoleDefaultPolicyEC4DCEA0",
236
+ "Roles": [
237
+ {
238
+ "Ref": "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64"
239
+ }
240
+ ]
241
+ },
242
+ "Metadata": {
243
+ "cdk_nag": {
244
+ "rules_to_suppress": [
245
+ {
246
+ "reason": "For this provider we do not need to restrict managed policies",
247
+ "id": "AwsSolutions-IAM4"
248
+ },
249
+ {
250
+ "reason": "For this provider wildcards are fine",
251
+ "id": "AwsSolutions-IAM5"
252
+ },
253
+ {
254
+ "reason": "For this provider the latest runtime is not needed",
255
+ "id": "AwsSolutions-L1"
256
+ }
257
+ ]
258
+ }
259
+ }
260
+ },
261
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventCF035CA3": {
262
+ "Type": "AWS::Lambda::Function",
263
+ "Properties": {
264
+ "Code": {
265
+ "S3Bucket": {
266
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
267
+ },
268
+ "S3Key": "bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"
269
+ },
270
+ "Description": "AWS CDK resource provider framework - onEvent (IntegTestStackUbuntu24/IntegVSCodeServer/SecretRetrieveProvider)",
271
+ "Environment": {
272
+ "Variables": {
273
+ "USER_ON_EVENT_FUNCTION_ARN": {
274
+ "Fn::GetAtt": [
275
+ "IntegVSCodeServerSecretRetrieverOnEventHandlerDD084AE3",
276
+ "Arn"
277
+ ]
278
+ }
279
+ }
280
+ },
281
+ "Handler": "framework.onEvent",
282
+ "Role": {
283
+ "Fn::GetAtt": [
284
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64",
285
+ "Arn"
286
+ ]
287
+ },
288
+ "Runtime": {
289
+ "Fn::FindInMap": [
290
+ "LatestNodeRuntimeMap",
291
+ {
292
+ "Ref": "AWS::Region"
293
+ },
294
+ "value"
295
+ ]
296
+ },
297
+ "Timeout": 900
298
+ },
299
+ "DependsOn": [
300
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRoleDefaultPolicyEC4DCEA0",
301
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventServiceRole0F156B64"
302
+ ],
303
+ "Metadata": {
304
+ "cdk_nag": {
305
+ "rules_to_suppress": [
306
+ {
307
+ "reason": "For this provider we do not need to restrict managed policies",
308
+ "id": "AwsSolutions-IAM4"
309
+ },
310
+ {
311
+ "reason": "For this provider wildcards are fine",
312
+ "id": "AwsSolutions-IAM5"
313
+ },
314
+ {
315
+ "reason": "For this provider the latest runtime is not needed",
316
+ "id": "AwsSolutions-L1"
317
+ }
318
+ ]
319
+ }
320
+ }
321
+ },
322
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD": {
323
+ "Type": "AWS::CloudFormation::CustomResource",
324
+ "Properties": {
325
+ "ServiceToken": {
326
+ "Fn::GetAtt": [
327
+ "IntegVSCodeServerSecretRetrieveProviderframeworkonEventCF035CA3",
328
+ "Arn"
329
+ ]
330
+ },
331
+ "ServiceTimeout": 305,
332
+ "SecretArn": {
333
+ "Ref": "IntegVSCodeServerpasswordsecret202A5DB3"
334
+ }
335
+ },
336
+ "UpdateReplacePolicy": "Delete",
337
+ "DeletionPolicy": "Delete"
338
+ },
339
+ "IntegVSCodeServervpc93DDE887": {
340
+ "Type": "AWS::EC2::VPC",
341
+ "Properties": {
342
+ "CidrBlock": "10.0.0.0/16",
343
+ "EnableDnsHostnames": true,
344
+ "EnableDnsSupport": true,
345
+ "InstanceTenancy": "default",
346
+ "Tags": [
347
+ {
348
+ "Key": "app",
349
+ "Value": "vscode-server"
350
+ },
351
+ {
352
+ "Key": "Name",
353
+ "Value": "IntegTestStackUbuntu24/IntegVSCodeServer/vpc"
354
+ }
355
+ ]
356
+ },
357
+ "Metadata": {
358
+ "cdk_nag": {
359
+ "rules_to_suppress": [
360
+ {
361
+ "reason": "For this tmp vpc we do not need flow logs",
362
+ "id": "AwsSolutions-VPC7"
363
+ }
364
+ ]
365
+ }
366
+ }
367
+ },
368
+ "IntegVSCodeServervpcpublicSubnet1Subnet928029A1": {
369
+ "Type": "AWS::EC2::Subnet",
370
+ "Properties": {
371
+ "AvailabilityZone": {
372
+ "Fn::Select": [
373
+ 0,
374
+ {
375
+ "Fn::GetAZs": ""
376
+ }
377
+ ]
378
+ },
379
+ "CidrBlock": "10.0.0.0/17",
380
+ "MapPublicIpOnLaunch": true,
381
+ "Tags": [
382
+ {
383
+ "Key": "app",
384
+ "Value": "vscode-server"
385
+ },
386
+ {
387
+ "Key": "aws-cdk:subnet-name",
388
+ "Value": "public"
389
+ },
390
+ {
391
+ "Key": "aws-cdk:subnet-type",
392
+ "Value": "Public"
393
+ },
394
+ {
395
+ "Key": "Name",
396
+ "Value": "IntegTestStackUbuntu24/IntegVSCodeServer/vpc/publicSubnet1"
397
+ }
398
+ ],
399
+ "VpcId": {
400
+ "Ref": "IntegVSCodeServervpc93DDE887"
401
+ }
402
+ },
403
+ "Metadata": {
404
+ "cdk_nag": {
405
+ "rules_to_suppress": [
406
+ {
407
+ "reason": "For this tmp vpc we do not need flow logs",
408
+ "id": "AwsSolutions-VPC7"
409
+ }
410
+ ]
411
+ }
412
+ }
413
+ },
414
+ "IntegVSCodeServervpcpublicSubnet1RouteTableFD418D0B": {
415
+ "Type": "AWS::EC2::RouteTable",
416
+ "Properties": {
417
+ "Tags": [
418
+ {
419
+ "Key": "app",
420
+ "Value": "vscode-server"
421
+ },
422
+ {
423
+ "Key": "Name",
424
+ "Value": "IntegTestStackUbuntu24/IntegVSCodeServer/vpc/publicSubnet1"
425
+ }
426
+ ],
427
+ "VpcId": {
428
+ "Ref": "IntegVSCodeServervpc93DDE887"
429
+ }
430
+ },
431
+ "Metadata": {
432
+ "cdk_nag": {
433
+ "rules_to_suppress": [
434
+ {
435
+ "reason": "For this tmp vpc we do not need flow logs",
436
+ "id": "AwsSolutions-VPC7"
437
+ }
438
+ ]
439
+ }
440
+ }
441
+ },
442
+ "IntegVSCodeServervpcpublicSubnet1RouteTableAssociation599AB80D": {
443
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
444
+ "Properties": {
445
+ "RouteTableId": {
446
+ "Ref": "IntegVSCodeServervpcpublicSubnet1RouteTableFD418D0B"
447
+ },
448
+ "SubnetId": {
449
+ "Ref": "IntegVSCodeServervpcpublicSubnet1Subnet928029A1"
450
+ }
451
+ },
452
+ "Metadata": {
453
+ "cdk_nag": {
454
+ "rules_to_suppress": [
455
+ {
456
+ "reason": "For this tmp vpc we do not need flow logs",
457
+ "id": "AwsSolutions-VPC7"
458
+ }
459
+ ]
460
+ }
461
+ }
462
+ },
463
+ "IntegVSCodeServervpcpublicSubnet1DefaultRoute36845B30": {
464
+ "Type": "AWS::EC2::Route",
465
+ "Properties": {
466
+ "DestinationCidrBlock": "0.0.0.0/0",
467
+ "GatewayId": {
468
+ "Ref": "IntegVSCodeServervpcIGW960F6D83"
469
+ },
470
+ "RouteTableId": {
471
+ "Ref": "IntegVSCodeServervpcpublicSubnet1RouteTableFD418D0B"
472
+ }
473
+ },
474
+ "DependsOn": [
475
+ "IntegVSCodeServervpcVPCGWA7CDED90"
476
+ ],
477
+ "Metadata": {
478
+ "cdk_nag": {
479
+ "rules_to_suppress": [
480
+ {
481
+ "reason": "For this tmp vpc we do not need flow logs",
482
+ "id": "AwsSolutions-VPC7"
483
+ }
484
+ ]
485
+ }
486
+ }
487
+ },
488
+ "IntegVSCodeServervpcpublicSubnet2SubnetE381654D": {
489
+ "Type": "AWS::EC2::Subnet",
490
+ "Properties": {
491
+ "AvailabilityZone": {
492
+ "Fn::Select": [
493
+ 1,
494
+ {
495
+ "Fn::GetAZs": ""
496
+ }
497
+ ]
498
+ },
499
+ "CidrBlock": "10.0.128.0/17",
500
+ "MapPublicIpOnLaunch": true,
501
+ "Tags": [
502
+ {
503
+ "Key": "app",
504
+ "Value": "vscode-server"
505
+ },
506
+ {
507
+ "Key": "aws-cdk:subnet-name",
508
+ "Value": "public"
509
+ },
510
+ {
511
+ "Key": "aws-cdk:subnet-type",
512
+ "Value": "Public"
513
+ },
514
+ {
515
+ "Key": "Name",
516
+ "Value": "IntegTestStackUbuntu24/IntegVSCodeServer/vpc/publicSubnet2"
517
+ }
518
+ ],
519
+ "VpcId": {
520
+ "Ref": "IntegVSCodeServervpc93DDE887"
521
+ }
522
+ },
523
+ "Metadata": {
524
+ "cdk_nag": {
525
+ "rules_to_suppress": [
526
+ {
527
+ "reason": "For this tmp vpc we do not need flow logs",
528
+ "id": "AwsSolutions-VPC7"
529
+ }
530
+ ]
531
+ }
532
+ }
533
+ },
534
+ "IntegVSCodeServervpcpublicSubnet2RouteTableC264EFB4": {
535
+ "Type": "AWS::EC2::RouteTable",
536
+ "Properties": {
537
+ "Tags": [
538
+ {
539
+ "Key": "app",
540
+ "Value": "vscode-server"
541
+ },
542
+ {
543
+ "Key": "Name",
544
+ "Value": "IntegTestStackUbuntu24/IntegVSCodeServer/vpc/publicSubnet2"
545
+ }
546
+ ],
547
+ "VpcId": {
548
+ "Ref": "IntegVSCodeServervpc93DDE887"
549
+ }
550
+ },
551
+ "Metadata": {
552
+ "cdk_nag": {
553
+ "rules_to_suppress": [
554
+ {
555
+ "reason": "For this tmp vpc we do not need flow logs",
556
+ "id": "AwsSolutions-VPC7"
557
+ }
558
+ ]
559
+ }
560
+ }
561
+ },
562
+ "IntegVSCodeServervpcpublicSubnet2RouteTableAssociationC62A1999": {
563
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
564
+ "Properties": {
565
+ "RouteTableId": {
566
+ "Ref": "IntegVSCodeServervpcpublicSubnet2RouteTableC264EFB4"
567
+ },
568
+ "SubnetId": {
569
+ "Ref": "IntegVSCodeServervpcpublicSubnet2SubnetE381654D"
570
+ }
571
+ },
572
+ "Metadata": {
573
+ "cdk_nag": {
574
+ "rules_to_suppress": [
575
+ {
576
+ "reason": "For this tmp vpc we do not need flow logs",
577
+ "id": "AwsSolutions-VPC7"
578
+ }
579
+ ]
580
+ }
581
+ }
582
+ },
583
+ "IntegVSCodeServervpcpublicSubnet2DefaultRouteEAD8BC23": {
584
+ "Type": "AWS::EC2::Route",
585
+ "Properties": {
586
+ "DestinationCidrBlock": "0.0.0.0/0",
587
+ "GatewayId": {
588
+ "Ref": "IntegVSCodeServervpcIGW960F6D83"
589
+ },
590
+ "RouteTableId": {
591
+ "Ref": "IntegVSCodeServervpcpublicSubnet2RouteTableC264EFB4"
592
+ }
593
+ },
594
+ "DependsOn": [
595
+ "IntegVSCodeServervpcVPCGWA7CDED90"
596
+ ],
597
+ "Metadata": {
598
+ "cdk_nag": {
599
+ "rules_to_suppress": [
600
+ {
601
+ "reason": "For this tmp vpc we do not need flow logs",
602
+ "id": "AwsSolutions-VPC7"
603
+ }
604
+ ]
605
+ }
606
+ }
607
+ },
608
+ "IntegVSCodeServervpcIGW960F6D83": {
609
+ "Type": "AWS::EC2::InternetGateway",
610
+ "Properties": {
611
+ "Tags": [
612
+ {
613
+ "Key": "app",
614
+ "Value": "vscode-server"
615
+ },
616
+ {
617
+ "Key": "Name",
618
+ "Value": "IntegTestStackUbuntu24/IntegVSCodeServer/vpc"
619
+ }
620
+ ]
621
+ },
622
+ "Metadata": {
623
+ "cdk_nag": {
624
+ "rules_to_suppress": [
625
+ {
626
+ "reason": "For this tmp vpc we do not need flow logs",
627
+ "id": "AwsSolutions-VPC7"
628
+ }
629
+ ]
630
+ }
631
+ }
632
+ },
633
+ "IntegVSCodeServervpcVPCGWA7CDED90": {
634
+ "Type": "AWS::EC2::VPCGatewayAttachment",
635
+ "Properties": {
636
+ "InternetGatewayId": {
637
+ "Ref": "IntegVSCodeServervpcIGW960F6D83"
638
+ },
639
+ "VpcId": {
640
+ "Ref": "IntegVSCodeServervpc93DDE887"
641
+ }
642
+ },
643
+ "Metadata": {
644
+ "cdk_nag": {
645
+ "rules_to_suppress": [
646
+ {
647
+ "reason": "For this tmp vpc we do not need flow logs",
648
+ "id": "AwsSolutions-VPC7"
649
+ }
650
+ ]
651
+ }
652
+ }
653
+ },
654
+ "IntegVSCodeServervpcRestrictDefaultSecurityGroupCustomResourceF6EA8ED1": {
655
+ "Type": "Custom::VpcRestrictDefaultSG",
656
+ "Properties": {
657
+ "ServiceToken": {
658
+ "Fn::GetAtt": [
659
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
660
+ "Arn"
661
+ ]
662
+ },
663
+ "DefaultSecurityGroupId": {
664
+ "Fn::GetAtt": [
665
+ "IntegVSCodeServervpc93DDE887",
666
+ "DefaultSecurityGroup"
667
+ ]
668
+ },
669
+ "Account": {
670
+ "Ref": "AWS::AccountId"
671
+ }
672
+ },
673
+ "UpdateReplacePolicy": "Delete",
674
+ "DeletionPolicy": "Delete",
675
+ "Metadata": {
676
+ "cdk_nag": {
677
+ "rules_to_suppress": [
678
+ {
679
+ "reason": "For this tmp vpc we do not need flow logs",
680
+ "id": "AwsSolutions-VPC7"
681
+ }
682
+ ]
683
+ }
684
+ }
685
+ },
686
+ "IntegVSCodeServercftoserversgFFE586B0": {
687
+ "Type": "AWS::EC2::SecurityGroup",
688
+ "Properties": {
689
+ "GroupDescription": "SG for VSCodeServer - only allow CloudFront ingress",
690
+ "GroupName": "cloudfront-to-vscode-server",
691
+ "SecurityGroupEgress": [
692
+ {
693
+ "CidrIp": "0.0.0.0/0",
694
+ "Description": "Allow all outbound traffic by default",
695
+ "IpProtocol": "-1"
696
+ }
697
+ ],
698
+ "Tags": [
699
+ {
700
+ "Key": "app",
701
+ "Value": "vscode-server"
702
+ }
703
+ ],
704
+ "VpcId": {
705
+ "Ref": "IntegVSCodeServervpc93DDE887"
706
+ }
707
+ }
708
+ },
709
+ "IntegVSCodeServercftoserversgfromIndirectPeer80C4F51713": {
710
+ "Type": "AWS::EC2::SecurityGroupIngress",
711
+ "Properties": {
712
+ "Description": "Allow HTTP from com.amazonaws.global.cloudfront.origin-facing",
713
+ "FromPort": 80,
714
+ "GroupId": {
715
+ "Fn::GetAtt": [
716
+ "IntegVSCodeServercftoserversgFFE586B0",
717
+ "GroupId"
718
+ ]
719
+ },
720
+ "IpProtocol": "tcp",
721
+ "SourcePrefixListId": {
722
+ "Fn::GetAtt": [
723
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdF0821FFC",
724
+ "PrefixLists.0.PrefixListId"
725
+ ]
726
+ },
727
+ "ToPort": 80
728
+ }
729
+ },
730
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdLogGroup171C2803": {
731
+ "Type": "AWS::Logs::LogGroup",
732
+ "Properties": {
733
+ "RetentionInDays": 1,
734
+ "Tags": [
735
+ {
736
+ "Key": "app",
737
+ "Value": "vscode-server"
738
+ }
739
+ ]
740
+ },
741
+ "UpdateReplacePolicy": "Delete",
742
+ "DeletionPolicy": "Delete",
743
+ "Metadata": {
744
+ "cdk_nag": {
745
+ "rules_to_suppress": [
746
+ {
747
+ "reason": "For this provider wildcards are fine",
748
+ "id": "AwsSolutions-IAM5"
749
+ }
750
+ ]
751
+ }
752
+ }
753
+ },
754
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1": {
755
+ "Type": "AWS::IAM::Role",
756
+ "Properties": {
757
+ "AssumeRolePolicyDocument": {
758
+ "Statement": [
759
+ {
760
+ "Action": "sts:AssumeRole",
761
+ "Effect": "Allow",
762
+ "Principal": {
763
+ "Service": "lambda.amazonaws.com"
764
+ }
765
+ }
766
+ ],
767
+ "Version": "2012-10-17"
768
+ }
769
+ },
770
+ "Metadata": {
771
+ "cdk_nag": {
772
+ "rules_to_suppress": [
773
+ {
774
+ "reason": "For this provider wildcards are fine",
775
+ "id": "AwsSolutions-IAM5"
776
+ }
777
+ ]
778
+ }
779
+ }
780
+ },
781
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdF0821FFC": {
782
+ "Type": "Custom::AWS",
783
+ "Properties": {
784
+ "ServiceToken": {
785
+ "Fn::GetAtt": [
786
+ "AWS679f53fac002430cb0da5b7982bd22872D164C4C",
787
+ "Arn"
788
+ ]
789
+ },
790
+ "Create": "{\"service\":\"@aws-sdk/client-ec2\",\"action\":\"DescribeManagedPrefixListsCommand\",\"parameters\":{\"Filters\":[{\"Name\":\"prefix-list-name\",\"Values\":[\"com.amazonaws.global.cloudfront.origin-facing\"]}]},\"physicalResourceId\":{\"id\":\"cf-prefixlistId-c82b0dc88067ef7a\"}}",
791
+ "Update": "{\"service\":\"@aws-sdk/client-ec2\",\"action\":\"DescribeManagedPrefixListsCommand\",\"parameters\":{\"Filters\":[{\"Name\":\"prefix-list-name\",\"Values\":[\"com.amazonaws.global.cloudfront.origin-facing\"]}]},\"physicalResourceId\":{\"id\":\"cf-prefixlistId-c82b0dc88067ef7a\"}}",
792
+ "InstallLatestAwsSdk": false
793
+ },
794
+ "DependsOn": [
795
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdCustomResourcePolicyAB3F4958"
796
+ ],
797
+ "UpdateReplacePolicy": "Delete",
798
+ "DeletionPolicy": "Delete",
799
+ "Metadata": {
800
+ "cdk_nag": {
801
+ "rules_to_suppress": [
802
+ {
803
+ "reason": "For this provider wildcards are fine",
804
+ "id": "AwsSolutions-IAM5"
805
+ }
806
+ ]
807
+ }
808
+ }
809
+ },
810
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdCustomResourcePolicyAB3F4958": {
811
+ "Type": "AWS::IAM::Policy",
812
+ "Properties": {
813
+ "PolicyDocument": {
814
+ "Statement": [
815
+ {
816
+ "Action": "ec2:DescribeManagedPrefixLists",
817
+ "Effect": "Allow",
818
+ "Resource": "*"
819
+ }
820
+ ],
821
+ "Version": "2012-10-17"
822
+ },
823
+ "PolicyName": "IntegVSCodeServercfprefixlistIdGetPrefixListIdCustomResourcePolicyAB3F4958",
824
+ "Roles": [
825
+ {
826
+ "Ref": "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1"
827
+ }
828
+ ]
829
+ },
830
+ "Metadata": {
831
+ "cdk_nag": {
832
+ "rules_to_suppress": [
833
+ {
834
+ "reason": "For this provider wildcards are fine",
835
+ "id": "AwsSolutions-IAM5"
836
+ }
837
+ ]
838
+ }
839
+ }
840
+ },
841
+ "IntegVSCodeServerserverinstancerole7745B5BB": {
842
+ "Type": "AWS::IAM::Role",
843
+ "Properties": {
844
+ "AssumeRolePolicyDocument": {
845
+ "Statement": [
846
+ {
847
+ "Action": "sts:AssumeRole",
848
+ "Effect": "Allow",
849
+ "Principal": {
850
+ "Service": [
851
+ "ec2.amazonaws.com",
852
+ "ssm.amazonaws.com"
853
+ ]
854
+ }
855
+ }
856
+ ],
857
+ "Version": "2012-10-17"
858
+ },
859
+ "ManagedPolicyArns": [
860
+ {
861
+ "Fn::Join": [
862
+ "",
863
+ [
864
+ "arn:",
865
+ {
866
+ "Ref": "AWS::Partition"
867
+ },
868
+ ":iam::aws:policy/AmazonSSMManagedInstanceCore"
869
+ ]
870
+ ]
871
+ },
872
+ {
873
+ "Fn::Join": [
874
+ "",
875
+ [
876
+ "arn:",
877
+ {
878
+ "Ref": "AWS::Partition"
879
+ },
880
+ ":iam::aws:policy/CloudWatchAgentServerPolicy"
881
+ ]
882
+ ]
883
+ },
884
+ {
885
+ "Fn::Join": [
886
+ "",
887
+ [
888
+ "arn:",
889
+ {
890
+ "Ref": "AWS::Partition"
891
+ },
892
+ ":iam::aws:policy/AmazonQDeveloperAccess"
893
+ ]
894
+ ]
895
+ },
896
+ {
897
+ "Fn::Join": [
898
+ "",
899
+ [
900
+ "arn:",
901
+ {
902
+ "Ref": "AWS::Partition"
903
+ },
904
+ ":iam::aws:policy/ReadOnlyAccess"
905
+ ]
906
+ ]
907
+ }
908
+ ],
909
+ "Policies": [
910
+ {
911
+ "PolicyDocument": {
912
+ "Statement": [
913
+ {
914
+ "Action": [
915
+ "iam:AddRoleToInstanceProfile",
916
+ "iam:AttachRolePolicy",
917
+ "iam:CreateRole",
918
+ "iam:CreateServiceLinkedRole",
919
+ "iam:DeleteRole",
920
+ "iam:DeleteRolePermissionsBoundary",
921
+ "iam:DeleteRolePolicy",
922
+ "iam:DeleteServiceLinkedRole",
923
+ "iam:DetachRolePolicy",
924
+ "iam:GetRole",
925
+ "iam:GetRolePolicy",
926
+ "iam:GetServiceLinkedRoleDeletionStatus",
927
+ "iam:ListAttachedRolePolicies",
928
+ "iam:ListInstanceProfilesForRole",
929
+ "iam:ListRolePolicies",
930
+ "iam:ListRoleTags",
931
+ "iam:ListRoles",
932
+ "iam:PutRolePermissionsBoundary",
933
+ "iam:PutRolePolicy",
934
+ "iam:RemoveRoleFromInstanceProfile",
935
+ "iam:TagRole",
936
+ "iam:UntagRole",
937
+ "iam:UpdateAssumeRolePolicy",
938
+ "iam:UpdateRole",
939
+ "iam:UpdateRoleDescription",
940
+ "sts:AssumeRole"
941
+ ],
942
+ "Effect": "Allow",
943
+ "Resource": {
944
+ "Fn::Join": [
945
+ "",
946
+ [
947
+ "arn:aws:iam::",
948
+ {
949
+ "Ref": "AWS::AccountId"
950
+ },
951
+ ":role/cdk-*"
952
+ ]
953
+ ]
954
+ },
955
+ "Sid": "StsAccess"
956
+ },
957
+ {
958
+ "Action": "iam:PassRole",
959
+ "Condition": {
960
+ "StringLike": {
961
+ "iam:PassedToService": "cloudformation.amazonaws.com"
962
+ }
963
+ },
964
+ "Effect": "Allow",
965
+ "Resource": {
966
+ "Fn::Join": [
967
+ "",
968
+ [
969
+ "arn:aws:iam::",
970
+ {
971
+ "Ref": "AWS::AccountId"
972
+ },
973
+ ":role/cdk-*"
974
+ ]
975
+ ]
976
+ }
977
+ },
978
+ {
979
+ "Action": "cloudformation:*",
980
+ "Effect": "Allow",
981
+ "Resource": {
982
+ "Fn::Join": [
983
+ "",
984
+ [
985
+ "arn:aws:cloudformation:*:",
986
+ {
987
+ "Ref": "AWS::AccountId"
988
+ },
989
+ ":stack/CDKToolkit/*"
990
+ ]
991
+ ]
992
+ }
993
+ },
994
+ {
995
+ "Action": [
996
+ "cloudformation:CreateChangeSet",
997
+ "cloudformation:DeleteChangeSet",
998
+ "cloudformation:ExecuteChangeSet",
999
+ "ec2:DescribeInstances",
1000
+ "ec2:DescribeVolumesModifications*",
1001
+ "ec2:ModifyVolume"
1002
+ ],
1003
+ "Effect": "Allow",
1004
+ "Resource": "*"
1005
+ },
1006
+ {
1007
+ "Action": "s3:*",
1008
+ "Effect": "Allow",
1009
+ "Resource": "*",
1010
+ "Sid": "S3Access"
1011
+ },
1012
+ {
1013
+ "Action": [
1014
+ "ecr:CreateRepository",
1015
+ "ecr:DeleteRepository",
1016
+ "ecr:DescribeRepositories",
1017
+ "ecr:GetLifecyclePolicy",
1018
+ "ecr:PutImageScanningConfiguration",
1019
+ "ecr:PutLifecyclePolicy",
1020
+ "ecr:SetRepositoryPolicy"
1021
+ ],
1022
+ "Effect": "Allow",
1023
+ "Resource": {
1024
+ "Fn::Join": [
1025
+ "",
1026
+ [
1027
+ "arn:aws:ecr:*:",
1028
+ {
1029
+ "Ref": "AWS::AccountId"
1030
+ },
1031
+ ":repository/cdk-*"
1032
+ ]
1033
+ ]
1034
+ },
1035
+ "Sid": "ECRAccess"
1036
+ },
1037
+ {
1038
+ "Action": [
1039
+ "ssm:DeleteParameter*",
1040
+ "ssm:GetParameter*",
1041
+ "ssm:PutParameter*"
1042
+ ],
1043
+ "Effect": "Allow",
1044
+ "Resource": {
1045
+ "Fn::Join": [
1046
+ "",
1047
+ [
1048
+ "arn:aws:ssm:*:",
1049
+ {
1050
+ "Ref": "AWS::AccountId"
1051
+ },
1052
+ ":parameter/cdk-bootstrap/*"
1053
+ ]
1054
+ ]
1055
+ }
1056
+ },
1057
+ {
1058
+ "Action": [
1059
+ "codepipeline:DisableStageTransition",
1060
+ "codepipeline:EnableStageTransition",
1061
+ "codepipeline:StartPipelineExecution",
1062
+ "codepipeline:StopPipelineExecution",
1063
+ "codepipeline:UpdatePipeline"
1064
+ ],
1065
+ "Effect": "Allow",
1066
+ "Resource": {
1067
+ "Fn::Join": [
1068
+ "",
1069
+ [
1070
+ "arn:aws:codepipeline:*:",
1071
+ {
1072
+ "Ref": "AWS::AccountId"
1073
+ },
1074
+ ":*/*"
1075
+ ]
1076
+ ]
1077
+ }
1078
+ },
1079
+ {
1080
+ "Action": "kms:Decrypt",
1081
+ "Effect": "Allow",
1082
+ "Resource": {
1083
+ "Fn::Join": [
1084
+ "",
1085
+ [
1086
+ "arn:aws:kms:*:",
1087
+ {
1088
+ "Ref": "AWS::AccountId"
1089
+ },
1090
+ ":key/*"
1091
+ ]
1092
+ ]
1093
+ }
1094
+ }
1095
+ ],
1096
+ "Version": "2012-10-17"
1097
+ },
1098
+ "PolicyName": "VSCodeInstanceInlinePolicy"
1099
+ }
1100
+ ]
1101
+ },
1102
+ "Metadata": {
1103
+ "cdk_nag": {
1104
+ "rules_to_suppress": [
1105
+ {
1106
+ "reason": "For this tmp role we do not need to restrict managed policies",
1107
+ "id": "AwsSolutions-IAM4"
1108
+ },
1109
+ {
1110
+ "reason": "For this tmp role the wildcards are fine",
1111
+ "id": "AwsSolutions-IAM5"
1112
+ }
1113
+ ]
1114
+ }
1115
+ }
1116
+ },
1117
+ "IntegVSCodeServerserverinstanceInstanceProfile6130979E": {
1118
+ "Type": "AWS::IAM::InstanceProfile",
1119
+ "Properties": {
1120
+ "Roles": [
1121
+ {
1122
+ "Ref": "IntegVSCodeServerserverinstancerole7745B5BB"
1123
+ }
1124
+ ]
1125
+ },
1126
+ "Metadata": {
1127
+ "cdk_nag": {
1128
+ "rules_to_suppress": [
1129
+ {
1130
+ "reason": "For this tmp instance we do not need an asg",
1131
+ "id": "AwsSolutions-EC29"
1132
+ }
1133
+ ]
1134
+ }
1135
+ }
1136
+ },
1137
+ "IntegVSCodeServerserverinstance0A3D62D7": {
1138
+ "Type": "AWS::EC2::Instance",
1139
+ "Properties": {
1140
+ "AvailabilityZone": {
1141
+ "Fn::Select": [
1142
+ 0,
1143
+ {
1144
+ "Fn::GetAZs": ""
1145
+ }
1146
+ ]
1147
+ },
1148
+ "BlockDeviceMappings": [
1149
+ {
1150
+ "DeviceName": "/dev/sda1",
1151
+ "Ebs": {
1152
+ "DeleteOnTermination": true,
1153
+ "Encrypted": true,
1154
+ "VolumeSize": 40,
1155
+ "VolumeType": "gp3"
1156
+ }
1157
+ }
1158
+ ],
1159
+ "IamInstanceProfile": {
1160
+ "Ref": "IntegVSCodeServerserverinstanceInstanceProfile6130979E"
1161
+ },
1162
+ "ImageId": {
1163
+ "Ref": "SsmParameterValueawsservicecanonicalubuntuservernoblestablecurrentarm64hvmebsgp3amiidC96584B6F00A464EAD1953AFF4B05118Parameter"
1164
+ },
1165
+ "InstanceType": "m7g.xlarge",
1166
+ "LaunchTemplate": {
1167
+ "LaunchTemplateName": "IntegTestStackUbuntu24IntegVSCodeServerserverinstanceLaunchTemplateDC7D96D8",
1168
+ "Version": {
1169
+ "Fn::GetAtt": [
1170
+ "IntegVSCodeServerserverinstanceLaunchTemplate43932ED3",
1171
+ "LatestVersionNumber"
1172
+ ]
1173
+ }
1174
+ },
1175
+ "Monitoring": true,
1176
+ "NetworkInterfaces": [
1177
+ {
1178
+ "AssociatePublicIpAddress": true,
1179
+ "DeviceIndex": "0",
1180
+ "GroupSet": [
1181
+ {
1182
+ "Fn::GetAtt": [
1183
+ "IntegVSCodeServercftoserversgFFE586B0",
1184
+ "GroupId"
1185
+ ]
1186
+ }
1187
+ ],
1188
+ "SubnetId": {
1189
+ "Ref": "IntegVSCodeServervpcpublicSubnet1Subnet928029A1"
1190
+ }
1191
+ }
1192
+ ],
1193
+ "Tags": [
1194
+ {
1195
+ "Key": "app",
1196
+ "Value": "vscode-server"
1197
+ },
1198
+ {
1199
+ "Key": "Name",
1200
+ "Value": "VSCodeServer"
1201
+ }
1202
+ ],
1203
+ "UserData": {
1204
+ "Fn::Base64": "\n #cloud-config\n hostname: VSCodeServer\n runcmd:\n - mkdir -p /Workshop && chown -R participant:participant /Workshop\n "
1205
+ }
1206
+ },
1207
+ "DependsOn": [
1208
+ "IntegVSCodeServerserverinstancerole7745B5BB",
1209
+ "IntegVSCodeServervpcpublicSubnet1DefaultRoute36845B30",
1210
+ "IntegVSCodeServervpcpublicSubnet1RouteTableAssociation599AB80D",
1211
+ "IntegVSCodeServervpcpublicSubnet2DefaultRouteEAD8BC23",
1212
+ "IntegVSCodeServervpcpublicSubnet2RouteTableAssociationC62A1999"
1213
+ ],
1214
+ "Metadata": {
1215
+ "cdk_nag": {
1216
+ "rules_to_suppress": [
1217
+ {
1218
+ "reason": "For this tmp instance we do not need an asg",
1219
+ "id": "AwsSolutions-EC29"
1220
+ }
1221
+ ]
1222
+ }
1223
+ }
1224
+ },
1225
+ "IntegVSCodeServerserverinstanceLaunchTemplate43932ED3": {
1226
+ "Type": "AWS::EC2::LaunchTemplate",
1227
+ "Properties": {
1228
+ "LaunchTemplateData": {
1229
+ "MetadataOptions": {
1230
+ "HttpTokens": "required"
1231
+ }
1232
+ },
1233
+ "LaunchTemplateName": "IntegTestStackUbuntu24IntegVSCodeServerserverinstanceLaunchTemplateDC7D96D8"
1234
+ }
1235
+ },
1236
+ "IntegVSCodeServercfcachepolicy8F5F1F69": {
1237
+ "Type": "AWS::CloudFront::CachePolicy",
1238
+ "Properties": {
1239
+ "CachePolicyConfig": {
1240
+ "Comment": "Cache policy for VSCodeServer",
1241
+ "DefaultTTL": 86400,
1242
+ "MaxTTL": 31536000,
1243
+ "MinTTL": 1,
1244
+ "Name": "cf-cache-policy-vscodeserver-IntegTestStackUbuntu24",
1245
+ "ParametersInCacheKeyAndForwardedToOrigin": {
1246
+ "CookiesConfig": {
1247
+ "CookieBehavior": "all"
1248
+ },
1249
+ "EnableAcceptEncodingBrotli": false,
1250
+ "EnableAcceptEncodingGzip": false,
1251
+ "HeadersConfig": {
1252
+ "HeaderBehavior": "whitelist",
1253
+ "Headers": [
1254
+ "Accept-Charset",
1255
+ "Authorization",
1256
+ "Origin",
1257
+ "Accept",
1258
+ "Referer",
1259
+ "Host",
1260
+ "Accept-Language",
1261
+ "Accept-Encoding",
1262
+ "Accept-Datetime"
1263
+ ]
1264
+ },
1265
+ "QueryStringsConfig": {
1266
+ "QueryStringBehavior": "all"
1267
+ }
1268
+ }
1269
+ }
1270
+ }
1271
+ },
1272
+ "IntegVSCodeServercfdistributionFDBE873F": {
1273
+ "Type": "AWS::CloudFront::Distribution",
1274
+ "Properties": {
1275
+ "DistributionConfig": {
1276
+ "CacheBehaviors": [
1277
+ {
1278
+ "AllowedMethods": [
1279
+ "GET",
1280
+ "HEAD",
1281
+ "OPTIONS",
1282
+ "PUT",
1283
+ "PATCH",
1284
+ "POST",
1285
+ "DELETE"
1286
+ ],
1287
+ "CachePolicyId": "4135ea2d-6df8-44a3-9df3-4b5a84be39ad",
1288
+ "Compress": false,
1289
+ "OriginRequestPolicyId": "216adef6-5c7f-47e4-b989-5492eafa07d3",
1290
+ "PathPattern": "/proxy/*",
1291
+ "TargetOriginId": "Cloudfront-IntegTestStackUbuntu24-IntegTestStackUbuntu24",
1292
+ "ViewerProtocolPolicy": "allow-all"
1293
+ }
1294
+ ],
1295
+ "Comment": "Distribution for VSCodeServer",
1296
+ "DefaultCacheBehavior": {
1297
+ "AllowedMethods": [
1298
+ "GET",
1299
+ "HEAD",
1300
+ "OPTIONS",
1301
+ "PUT",
1302
+ "PATCH",
1303
+ "POST",
1304
+ "DELETE"
1305
+ ],
1306
+ "CachePolicyId": {
1307
+ "Ref": "IntegVSCodeServercfcachepolicy8F5F1F69"
1308
+ },
1309
+ "Compress": true,
1310
+ "OriginRequestPolicyId": "216adef6-5c7f-47e4-b989-5492eafa07d3",
1311
+ "TargetOriginId": "Cloudfront-IntegTestStackUbuntu24-IntegTestStackUbuntu24",
1312
+ "ViewerProtocolPolicy": "allow-all"
1313
+ },
1314
+ "Enabled": true,
1315
+ "HttpVersion": "http2and3",
1316
+ "IPV6Enabled": true,
1317
+ "Origins": [
1318
+ {
1319
+ "CustomOriginConfig": {
1320
+ "OriginProtocolPolicy": "http-only",
1321
+ "OriginSSLProtocols": [
1322
+ "TLSv1.2"
1323
+ ]
1324
+ },
1325
+ "DomainName": {
1326
+ "Fn::GetAtt": [
1327
+ "IntegVSCodeServerserverinstance0A3D62D7",
1328
+ "PublicDnsName"
1329
+ ]
1330
+ },
1331
+ "Id": "Cloudfront-IntegTestStackUbuntu24-IntegTestStackUbuntu24"
1332
+ }
1333
+ ],
1334
+ "PriceClass": "PriceClass_All"
1335
+ },
1336
+ "Tags": [
1337
+ {
1338
+ "Key": "app",
1339
+ "Value": "vscode-server"
1340
+ }
1341
+ ]
1342
+ },
1343
+ "Metadata": {
1344
+ "cdk_nag": {
1345
+ "rules_to_suppress": [
1346
+ {
1347
+ "reason": "For this tmp distribution we do not need geo restrictions",
1348
+ "id": "AwsSolutions-CFR1"
1349
+ },
1350
+ {
1351
+ "reason": "For this tmp distribution we do not need waf integration",
1352
+ "id": "AwsSolutions-CFR2"
1353
+ },
1354
+ {
1355
+ "reason": "For this tmp distribution we do not need access logging enabled",
1356
+ "id": "AwsSolutions-CFR3"
1357
+ },
1358
+ {
1359
+ "reason": "For this tmp distribution we do not need limit SSL protocols as we use the default viewer cert",
1360
+ "id": "AwsSolutions-CFR4"
1361
+ },
1362
+ {
1363
+ "reason": "For this tmp distribution we do not need limit SSL protocols as we use the default viewer cert",
1364
+ "id": "AwsSolutions-CFR5"
1365
+ }
1366
+ ]
1367
+ }
1368
+ }
1369
+ },
1370
+ "IntegVSCodeServerssmdocumentubuntuED32BACB": {
1371
+ "Type": "AWS::SSM::Document",
1372
+ "Properties": {
1373
+ "Content": {
1374
+ "schemaVersion": "2.2",
1375
+ "description": "Bootstrap VSCode code-server instance",
1376
+ "parameters": {
1377
+ "VSCodePassword": {
1378
+ "type": "String",
1379
+ "default": {
1380
+ "Ref": "AWS::StackId"
1381
+ }
1382
+ },
1383
+ "NodeVersion": {
1384
+ "type": "String",
1385
+ "default": "22",
1386
+ "allowedValues": [
1387
+ "24",
1388
+ "22",
1389
+ "20",
1390
+ "18"
1391
+ ]
1392
+ },
1393
+ "RepoUrl": {
1394
+ "type": "String",
1395
+ "default": "https://github.com/aws-samples/fleet-management-on-amazon-eks-workshop.git"
1396
+ },
1397
+ "AssetZipS3Path": {
1398
+ "type": "String",
1399
+ "default": ""
1400
+ },
1401
+ "BranchZipS3Path": {
1402
+ "type": "String",
1403
+ "default": ""
1404
+ },
1405
+ "FolderZipS3Path": {
1406
+ "type": "String",
1407
+ "default": ""
1408
+ }
1409
+ },
1410
+ "mainSteps": [
1411
+ {
1412
+ "action": "aws:configurePackage",
1413
+ "name": "InstallCloudWatchAgent",
1414
+ "inputs": {
1415
+ "name": "AmazonCloudWatchAgent",
1416
+ "action": "Install"
1417
+ }
1418
+ },
1419
+ {
1420
+ "action": "aws:runDocument",
1421
+ "name": "ConfigureCloudWatchAgent",
1422
+ "inputs": {
1423
+ "documentType": "SSMDocument",
1424
+ "documentPath": "AmazonCloudWatch-ManageAgent",
1425
+ "documentParameters": {
1426
+ "action": "configure",
1427
+ "mode": "ec2",
1428
+ "optionalConfigurationSource": "default",
1429
+ "optionalRestart": "yes"
1430
+ }
1431
+ }
1432
+ },
1433
+ {
1434
+ "action": "aws:runShellScript",
1435
+ "name": "InstallAptPackagesApt",
1436
+ "inputs": {
1437
+ "runCommand": [
1438
+ "#!/bin/bash",
1439
+ "dpkg --configure -a",
1440
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q apt-utils",
1441
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q needrestart unattended-upgrades",
1442
+ "sed -i 's/#$nrconf{kernelhints} = -1;/$nrconf{kernelhints} = 0;/' /etc/needrestart/needrestart.conf",
1443
+ "sed -i 's/#$nrconf{verbosity} = 2;/$nrconf{verbosity} = 0;/' /etc/needrestart/needrestart.conf",
1444
+ "sed -i \"s/#$nrconf{restart} = 'i';/$nrconf{restart} = 'a';/\" /etc/needrestart/needrestart.conf",
1445
+ "echo \"Apt helper packages added. Checking configuration\"",
1446
+ "cat /etc/needrestart/needrestart.conf"
1447
+ ]
1448
+ }
1449
+ },
1450
+ {
1451
+ "action": "aws:runShellScript",
1452
+ "name": "InstallBasePackagesApt",
1453
+ "inputs": {
1454
+ "runCommand": [
1455
+ "#!/bin/bash",
1456
+ "dpkg --configure -a",
1457
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl gnupg whois argon2 unzip nginx openssl locales locales-all apt-transport-https ca-certificates software-properties-common"
1458
+ ]
1459
+ }
1460
+ },
1461
+ {
1462
+ "action": "aws:runShellScript",
1463
+ "name": "AddUserApt",
1464
+ "inputs": {
1465
+ "runCommand": [
1466
+ "#!/bin/bash",
1467
+ "dpkg --configure -a",
1468
+ "if [[ \"participant\" == \"ubuntu\" ]]\nthen\n echo 'Using existing user: participant'\nelse\n echo 'Adding user: participant'\n adduser --disabled-password --gecos '' participant\n echo \"participant:{{ VSCodePassword }}\" | chpasswd\n usermod -aG sudo participant\nfi",
1469
+ "tee /etc/sudoers.d/91-vscode-user <<EOF\nparticipant ALL=(ALL) NOPASSWD:ALL\nEOF",
1470
+ "mkdir -p /home/participant && chown -R participant:participant /home/participant",
1471
+ "mkdir -p /home/participant/.local/bin && chown -R participant:participant /home/participant",
1472
+ "echo \"User added. Checking configuration\"",
1473
+ "getent passwd participant"
1474
+ ]
1475
+ }
1476
+ },
1477
+ {
1478
+ "action": "aws:runShellScript",
1479
+ "name": "UpdateProfile",
1480
+ "inputs": {
1481
+ "runCommand": [
1482
+ "#!/bin/bash",
1483
+ "echo LANG=en_US.utf-8 >> /etc/environment",
1484
+ "echo LC_ALL=en_US.UTF-8 >> /etc/environment",
1485
+ "echo 'PATH=$PATH:/home/participant/.local/bin' >> /home/participant/.bashrc",
1486
+ "echo 'export PATH' >> /home/participant/.bashrc",
1487
+ {
1488
+ "Fn::Join": [
1489
+ "",
1490
+ [
1491
+ "echo 'export AWS_REGION=",
1492
+ {
1493
+ "Ref": "AWS::Region"
1494
+ },
1495
+ "' >> /home/participant/.bashrc"
1496
+ ]
1497
+ ]
1498
+ },
1499
+ {
1500
+ "Fn::Join": [
1501
+ "",
1502
+ [
1503
+ "echo 'export AWS_ACCOUNTID=",
1504
+ {
1505
+ "Ref": "AWS::AccountId"
1506
+ },
1507
+ "' >> /home/participant/.bashrc"
1508
+ ]
1509
+ ]
1510
+ },
1511
+ "echo 'export NEXT_TELEMETRY_DISABLED=1' >> /home/participant/.bashrc",
1512
+ "echo \"export PS1='\\[\\033[01;32m\\]\\u:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '\" >> /home/participant/.bashrc",
1513
+ "chown -R participant:participant /home/participant"
1514
+ ]
1515
+ }
1516
+ },
1517
+ {
1518
+ "action": "aws:runShellScript",
1519
+ "name": "InstallAWSCLI",
1520
+ "inputs": {
1521
+ "runCommand": [
1522
+ "#!/bin/bash",
1523
+ "mkdir -p /tmp",
1524
+ "curl -fsSL https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip -o /tmp/aws-cli.zip",
1525
+ "chown -R participant:participant /tmp/aws-cli.zip",
1526
+ "unzip -q -d /tmp /tmp/aws-cli.zip",
1527
+ "sudo /tmp/aws/install",
1528
+ "rm -rf /tmp/aws",
1529
+ "echo \"AWS CLI installed. Checking configuration\"",
1530
+ "aws --version"
1531
+ ]
1532
+ }
1533
+ },
1534
+ {
1535
+ "action": "aws:runShellScript",
1536
+ "name": "InstallGitApt",
1537
+ "inputs": {
1538
+ "runCommand": [
1539
+ "#!/bin/bash",
1540
+ "dpkg --configure -a",
1541
+ "add-apt-repository ppa:git-core/ppa",
1542
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q git",
1543
+ "sudo -u participant git config --global user.email \"participant@example.com\"",
1544
+ "sudo -u participant git config --global user.name \"Workshop Participant\"",
1545
+ "sudo -u participant git config --global init.defaultBranch \"main\"",
1546
+ "echo \"Git installed. Checking configuration\"",
1547
+ "git --version"
1548
+ ]
1549
+ }
1550
+ },
1551
+ {
1552
+ "action": "aws:runShellScript",
1553
+ "name": "CloneRepo",
1554
+ "inputs": {
1555
+ "runCommand": [
1556
+ "#!/bin/bash",
1557
+ "if [[ -z \"{{ RepoUrl }}\" ]]\nthen\n echo \"No Repo\"\nelse\n mkdir -p /Workshop && chown -R participant:participant /Workshop\n sudo -u participant git clone {{ RepoUrl }} /Workshop\n echo \"Repo {{ RepoUrl }} cloned. Checking configuration\"\n ls -la /Workshop\n sudo -u participant git -C /Workshop remote -v\nfi"
1558
+ ]
1559
+ }
1560
+ },
1561
+ {
1562
+ "action": "aws:runShellScript",
1563
+ "name": "DownloadAssets",
1564
+ "inputs": {
1565
+ "runCommand": [
1566
+ "#!/bin/bash",
1567
+ "if [[ -z \"{{ AssetZipS3Path }}\" ]]\nthen\n echo \"No assets\"\nelse\n mkdir -p /Workshop && chown -R participant:participant /Workshop\n mkdir -p /tmp\n aws s3 cp s3://{{ AssetZipS3Path }} /tmp/asset.zip\n chown -R participant:participant /tmp/asset.zip\n unzip -o /tmp/asset.zip -d /Workshop\n chown -R participant:participant /Workshop\n if [[ -d /Workshop/.git ]]\n then\n sudo -u participant git -C /Workshop add .\n sudo -u participant git -C /Workshop commit -m 'chore: workshop commit'\n else\n sudo -u participant git -C /Workshop init\n sudo -u participant git -C /Workshop add .\n sudo -u participant git -C /Workshop commit -m 'chore: initial commit'\n fi\n echo \"Assets downloaded. Checking configuration: /Workshop\"\n ls -la /Workshop\n sudo -u participant git -C /Workshop branch\nfi"
1568
+ ]
1569
+ }
1570
+ },
1571
+ {
1572
+ "action": "aws:runShellScript",
1573
+ "name": "DownloadFolders",
1574
+ "inputs": {
1575
+ "runCommand": [
1576
+ "#!/bin/bash",
1577
+ "if [[ -z \"{{ FolderZipS3Path }}\" ]]\nthen\n echo \"No folders\"\nelse\n rm -rf /tmp/folder\n mkdir -p /tmp/folder && chown -R participant:participant /tmp/folder\n aws s3 cp s3://{{ FolderZipS3Path }} /tmp/asset-folder.zip\n chown -R participant:participant /tmp/asset-folder.zip\n unzip -o /tmp/asset-folder.zip -d /tmp/folder\n chown -R participant:participant /tmp/folder\n mkdir -p /Workshop && chown -R participant:participant /Workshop\n cd \"/Workshop\" && cd ..\n if [[ $(pwd) == \"/\" ]]\n then\n targetRootFolder=\"\"\n else\n targetRootFolder=$(pwd)\n chown -R participant:participant .\n fi\n find \"/tmp/folder\" -maxdepth 1 -mindepth 1 -type d | while read sourceFolder; do\n folder=\"$(basename $sourceFolder)\"\n echo \"Processing folder: $folder\"\n targetFolder=$targetRootFolder/$folder\n if [[ $targetRootFolder == \"\" ]]\n then\n mv $sourceFolder /\n else\n mv $sourceFolder $targetRootFolder\n fi\n chown -R participant:participant $targetFolder\n sudo -u participant git -C $targetFolder init\n sudo -u participant git -C $targetFolder add .\n sudo -u participant git -C $targetFolder commit -m \"chore: initial commit\"\n echo \"Folder downloaded. Checking configuration: $targetFolder\"\n ls -la $targetFolder\n done\n rm -rf /tmp/folder\nfi"
1578
+ ]
1579
+ }
1580
+ },
1581
+ {
1582
+ "action": "aws:runShellScript",
1583
+ "name": "DownloadBranches",
1584
+ "inputs": {
1585
+ "runCommand": [
1586
+ "#!/bin/bash",
1587
+ "if [[ -z \"{{ BranchZipS3Path }}\" ]]\nthen\n echo \"No branches\"\nelse\n rm -rf /tmp/branch\n rm -rf /tmp/git\n mkdir -p /tmp/branch && chown -R participant:participant /tmp/branch\n mkdir -p /tmp/git && chown -R participant:participant /tmp/git\n aws s3 cp s3://{{ BranchZipS3Path }} /tmp/asset-branch.zip\n chown -R participant:participant /tmp/asset-branch.zip\n unzip -o /tmp/asset-branch.zip -d /tmp/branch\n chown -R participant:participant /tmp/branch\n mkdir -p /Workshop && chown -R participant:participant /Workshop\n sudo -u participant git -C /Workshop init\n mv /Workshop/.git /tmp/git\n rm -rf /Workshop\n mkdir -p /Workshop && chown -R participant:participant /Workshop\n mv /tmp/git/.git /Workshop\n find /tmp/branch -maxdepth 1 -mindepth 1 -type d | while read sourceFolder; do\n branch=\"$(basename $sourceFolder)\"\n echo \"Processing branch: $branch\"\n sudo -u participant git -C /Workshop checkout -b $branch 2>&1\n cp -a $sourceFolder/. /Workshop\n sudo -u participant git -C /Workshop add .\n sudo -u participant git -C /Workshop commit -m \"chore: initial commit $branch\"\n mv /Workshop/.git /tmp/git\n rm -rf /Workshop\n mkdir /Workshop && chown -R participant:participant /Workshop\n mv /tmp/git/.git /Workshop\n done\n sudo -u participant git -C /Workshop checkout main 2>&1\n sudo -u participant git -C /Workshop restore .\n rm -rf /tmp/branch\n rm -rf /tmp/git\n echo \"Branches downloaded. Checking configuration: /Workshop\"\n sudo -u participant git -C /Workshop branch\n ls -la /Workshop\nfi"
1588
+ ]
1589
+ }
1590
+ },
1591
+ {
1592
+ "action": "aws:runShellScript",
1593
+ "name": "ConfigureCodeServer",
1594
+ "inputs": {
1595
+ "runCommand": [
1596
+ "#!/bin/bash",
1597
+ "export HOME=/home/participant",
1598
+ "curl -fsSL https://code-server.dev/install.sh | sh -s -- --version 4.100.3",
1599
+ "systemctl enable --now code-server@participant 2>&1",
1600
+ "tee /etc/nginx/conf.d/code-server.conf <<EOF\nserver {\n listen 80;\n listen [::]:80;\n # server_name \\$\\{CloudFrontDistribution.DomainName\\};\n server_name *.cloudfront.net;\n location / {\n proxy_pass http://localhost:8080/;\n proxy_set_header Host \\$host;\n proxy_set_header Upgrade \\$http_upgrade;\n proxy_set_header Connection upgrade;\n proxy_set_header Accept-Encoding gzip;\n }\n location /app {\n proxy_pass http://localhost:8081/app;\n proxy_set_header Host \\$host;\n proxy_set_header Upgrade \\$http_upgrade;\n proxy_set_header Connection upgrade;\n proxy_set_header Accept-Encoding gzip;\n }\n}\nEOF",
1601
+ "mkdir -p /home/participant/.config/code-server",
1602
+ "tee /home/participant/.config/code-server/config.yaml <<EOF\ncert: false\nauth: password\nhashed-password: \"$(echo -n {{ VSCodePassword }} | argon2 $(openssl rand -base64 12) -e)\"\nEOF",
1603
+ "mkdir -p /home/participant/.local/share/code-server/User/",
1604
+ "touch /home/participant/.hushlogin",
1605
+ "mkdir -p /Workshop && chown -R participant:participant /Workshop",
1606
+ "tee /home/participant/.local/share/code-server/User/settings.json <<EOF\n{\n \"extensions.autoUpdate\": false,\n \"extensions.autoCheckUpdates\": false,\n \"telemetry.telemetryLevel\": \"off\",\n \"security.workspace.trust.startupPrompt\": \"never\",\n \"security.workspace.trust.enabled\": false,\n \"security.workspace.trust.banner\": \"never\",\n \"security.workspace.trust.emptyWindow\": false,\n \"auto-run-command.rules\": [\n {\n \"command\": \"workbench.action.terminal.new\"\n }\n ]\n}\nEOF",
1607
+ "chown -R participant:participant /home/participant",
1608
+ "systemctl restart code-server@participant",
1609
+ "systemctl restart nginx",
1610
+ "sudo -u participant --login code-server --install-extension AmazonWebServices.aws-toolkit-vscode --force",
1611
+ "sudo -u participant --login code-server --install-extension AmazonWebServices.amazon-q-vscode --force",
1612
+ "sudo -u participant --login code-server --install-extension ms-vscode.live-server --force",
1613
+ "sudo -u participant --login code-server --install-extension synedra.auto-run-command --force",
1614
+ "chown -R participant:participant /home/participant",
1615
+ "echo \"Nginx installed. Checking configuration\"",
1616
+ "nginx -t 2>&1",
1617
+ "systemctl status nginx",
1618
+ "echo \"CodeServer installed. Checking configuration\"",
1619
+ "code-server -v",
1620
+ "systemctl status code-server@participant"
1621
+ ]
1622
+ }
1623
+ },
1624
+ {
1625
+ "action": "aws:runShellScript",
1626
+ "name": "InstallNodeApt",
1627
+ "inputs": {
1628
+ "runCommand": [
1629
+ "#!/bin/bash",
1630
+ "curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg",
1631
+ "echo \"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ NodeVersion }}.x nodistro main\" > /etc/apt/sources.list.d/nodesource.list",
1632
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q nodejs",
1633
+ "npm install -g npm@latest",
1634
+ "echo \"Node and npm installed. Checking configuration\"",
1635
+ "node -v",
1636
+ "npm -v"
1637
+ ]
1638
+ }
1639
+ },
1640
+ {
1641
+ "action": "aws:runShellScript",
1642
+ "name": "InstallCDK",
1643
+ "inputs": {
1644
+ "runCommand": [
1645
+ "#!/bin/bash",
1646
+ "npm install -g aws-cdk",
1647
+ "echo \"AWS CDK installed. Checking configuration\"",
1648
+ "cdk --version"
1649
+ ]
1650
+ }
1651
+ },
1652
+ {
1653
+ "action": "aws:runShellScript",
1654
+ "name": "InstallQCLI",
1655
+ "inputs": {
1656
+ "runCommand": [
1657
+ "#!/bin/bash",
1658
+ "curl --proto '=https' --tlsv1.2 -sSf \"https://desktop-release.q.us-east-1.amazonaws.com/latest/q-$(uname -m)-linux.zip\" -o /tmp/q.zip",
1659
+ "chown -R participant:participant /tmp/q.zip",
1660
+ "unzip -q -d /tmp /tmp/q.zip",
1661
+ "chown -R participant:participant /tmp/q",
1662
+ "chmod +x /tmp/q/install.sh",
1663
+ "sudo -u participant /tmp/q/install.sh --no-confirm",
1664
+ "rm -rf /tmp/q",
1665
+ "q --version",
1666
+ "echo \"Amazon Q CLI installed\""
1667
+ ]
1668
+ }
1669
+ },
1670
+ {
1671
+ "action": "aws:runShellScript",
1672
+ "name": "Installuv",
1673
+ "inputs": {
1674
+ "runCommand": [
1675
+ "#!/bin/bash",
1676
+ "sudo -u participant --login curl -fsSL https://astral.sh/uv/install.sh -o /tmp/uv_install.sh",
1677
+ "sudo -u participant --login bash /tmp/uv_install.sh",
1678
+ "if uv generate-shell-completion bash &>/dev/null; then\n echo 'eval \"$(uv generate-shell-completion bash)\"' >> /home/participant/.bashrc\nfi",
1679
+ "if uvx generate-shell-completion bash &>/dev/null; then\n echo 'eval \"$(uvx generate-shell-completion bash)\"' >> /home/participant/.bashrc\nfi",
1680
+ "echo \"uv installed. Checking configuration\"",
1681
+ "sudo -u participant --login uv --version"
1682
+ ]
1683
+ }
1684
+ },
1685
+ {
1686
+ "action": "aws:runShellScript",
1687
+ "name": "InstallPythonApt",
1688
+ "inputs": {
1689
+ "runCommand": [
1690
+ "#!/bin/bash",
1691
+ "dpkg --configure -a",
1692
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q python3-pip python3-venv python3-boto3 python3-pytest",
1693
+ "echo 'alias pytest=pytest-3' >> /home/participant/.bashrc",
1694
+ "systemctl start multipathd.service packagekit.service",
1695
+ "systemctl restart unattended-upgrades.service",
1696
+ "systemctl restart networkd-dispatcher.service",
1697
+ "sudo -u participant --login code-server --install-extension ms-python.python --force",
1698
+ "if [ -f /home/participant/.local/share/code-server/User/settings.json ]; then\n sed -i \"2i\\\\ \\\"python.testing.pytestEnabled\\\": true,\" /home/participant/.local/share/code-server/User/settings.json\nelse\n echo '{\n \"python.testing.pytestEnabled\": true\n }' > /home/participant/.local/share/code-server/User/settings.json\nfi",
1699
+ "echo \"Python and Pip installed. Checking configuration\"",
1700
+ "python3 --version",
1701
+ "pip3 --version"
1702
+ ]
1703
+ }
1704
+ },
1705
+ {
1706
+ "action": "aws:runShellScript",
1707
+ "name": "InstallJavaApt",
1708
+ "inputs": {
1709
+ "runCommand": [
1710
+ "#!/bin/bash",
1711
+ "dpkg --configure -a",
1712
+ "curl -fsSL https://apt.corretto.aws/corretto.key | gpg --dearmor -o /usr/share/keyrings/corretto-keyring.gpg",
1713
+ "echo \"deb [signed-by=/usr/share/keyrings/corretto-keyring.gpg] https://apt.corretto.aws stable main\" > /etc/apt/sources.list.d/corretto.list",
1714
+ "DEBIAN_FRONTEND=noninteractive apt-get update",
1715
+ "DEBIAN_FRONTEND=noninteractive apt-get install -y -q java-21-amazon-corretto-jdk java-17-amazon-corretto-jdk java-1.8.0-amazon-corretto-jdk maven",
1716
+ "echo 'export JAVA_8_HOME=$(update-alternatives --list java | grep \"java-1.8.0-amazon-corretto\" | head -1)' >> /home/participant/.bashrc",
1717
+ "echo 'export JAVA_8_PATH=$(update-alternatives --list java | grep \"java-1.8.0-amazon-corretto\" | head -1)' >> /home/participant/.bashrc",
1718
+ "echo 'export JAVA_17_PATH=$(update-alternatives --list java | grep \"java-17-amazon-corretto\" | head -1)' >> /home/participant/.bashrc",
1719
+ "echo 'export JAVA_17_HOME=$(update-alternatives --list java | grep \"java-17-amazon-corretto\" | head -1)' >> /home/participant/.bashrc",
1720
+ "echo 'export JAVA_21_PATH=$(update-alternatives --list java | grep \"java-21-amazon-corretto\" | head -1)' >> /home/participant/.bashrc",
1721
+ "echo 'export JAVA_21_HOME=$(update-alternatives --list java | grep \"java-21-amazon-corretto\" | head -1)' >> /home/participant/.bashrc",
1722
+ "echo 'export JAVA_HOME=$(update-alternatives --list java | grep \"java-21-amazon-corretto\" | head -1)' >> /home/participant/.bashrc",
1723
+ "echo 'export PATH=$PATH:$JAVA_HOME/bin:/usr/share/maven/bin' >> /home/participant/.bashrc",
1724
+ "sudo -u participant --login code-server --install-extension vscjava.vscode-java-pack --force",
1725
+ "echo \"Java and Maven installed. Checking configuration\"",
1726
+ "java -version 2>&1",
1727
+ "mvn --version",
1728
+ "update-alternatives --list java"
1729
+ ]
1730
+ }
1731
+ },
1732
+ {
1733
+ "action": "aws:runShellScript",
1734
+ "name": "InstallDotnetApt",
1735
+ "inputs": {
1736
+ "runCommand": [
1737
+ "#!/bin/bash",
1738
+ "dpkg --configure -a",
1739
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q dotnet-sdk-8.0",
1740
+ "dotnet tool install -g Microsoft.Web.LibraryManager.Cli",
1741
+ "echo 'PATH=$PATH:/home/participant/.dotnet/tools' >> /home/participant/.bashrc",
1742
+ "chown -R participant:participant /home/participant",
1743
+ "echo \"Dotnet installed. Checking configuration\"",
1744
+ "dotnet --list-sdks"
1745
+ ]
1746
+ }
1747
+ },
1748
+ {
1749
+ "action": "aws:runShellScript",
1750
+ "name": "InstallDockerApt",
1751
+ "inputs": {
1752
+ "runCommand": [
1753
+ "#!/bin/bash",
1754
+ "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg",
1755
+ "echo \"deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release --codename --short) stable\" > /etc/apt/sources.list.d/docker.list",
1756
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q docker-ce docker-ce-cli containerd.io",
1757
+ "usermod -aG docker participant",
1758
+ "systemctl restart code-server@participant.service",
1759
+ "systemctl start docker.service",
1760
+ "echo \"Docker installed. Checking configuration\"",
1761
+ "docker --version",
1762
+ "systemctl status docker.service"
1763
+ ]
1764
+ }
1765
+ },
1766
+ {
1767
+ "action": "aws:runShellScript",
1768
+ "name": "InstallGolangApt",
1769
+ "inputs": {
1770
+ "runCommand": [
1771
+ "#!/bin/bash",
1772
+ "apt-get -q update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang",
1773
+ "echo 'PATH=$PATH:/home/participant/go/bin' >> /home/participant/.bashrc",
1774
+ "echo \"Golang installed. Checking configuration\"",
1775
+ "go version"
1776
+ ]
1777
+ }
1778
+ }
1779
+ ]
1780
+ },
1781
+ "DocumentType": "Command",
1782
+ "Name": "vscode-server-ubuntu-IntegTestStackUbuntu24",
1783
+ "Tags": [
1784
+ {
1785
+ "Key": "app",
1786
+ "Value": "vscode-server"
1787
+ }
1788
+ ]
1789
+ }
1790
+ },
1791
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF": {
1792
+ "Type": "AWS::IAM::Role",
1793
+ "Properties": {
1794
+ "AssumeRolePolicyDocument": {
1795
+ "Statement": [
1796
+ {
1797
+ "Action": "sts:AssumeRole",
1798
+ "Effect": "Allow",
1799
+ "Principal": {
1800
+ "Service": "lambda.amazonaws.com"
1801
+ }
1802
+ }
1803
+ ],
1804
+ "Version": "2012-10-17"
1805
+ },
1806
+ "ManagedPolicyArns": [
1807
+ {
1808
+ "Fn::Join": [
1809
+ "",
1810
+ [
1811
+ "arn:",
1812
+ {
1813
+ "Ref": "AWS::Partition"
1814
+ },
1815
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1816
+ ]
1817
+ ]
1818
+ }
1819
+ ]
1820
+ },
1821
+ "Metadata": {
1822
+ "cdk_nag": {
1823
+ "rules_to_suppress": [
1824
+ {
1825
+ "reason": "For this event handler we do not need to restrict managed policies",
1826
+ "id": "AwsSolutions-IAM4"
1827
+ },
1828
+ {
1829
+ "reason": "For this lambda the latest runtime is not needed",
1830
+ "id": "AwsSolutions-L1"
1831
+ },
1832
+ {
1833
+ "reason": "ssm:GetCommandInvocation and ssm:ListCommandInvocations do not support resource-level permissions and require wildcard resources",
1834
+ "id": "AwsSolutions-IAM5",
1835
+ "applies_to": [
1836
+ "Resource::*"
1837
+ ]
1838
+ }
1839
+ ]
1840
+ }
1841
+ }
1842
+ },
1843
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRoleDefaultPolicy1CAD86C2": {
1844
+ "Type": "AWS::IAM::Policy",
1845
+ "Properties": {
1846
+ "PolicyDocument": {
1847
+ "Statement": [
1848
+ {
1849
+ "Action": "ssm:SendCommand",
1850
+ "Effect": "Allow",
1851
+ "Resource": [
1852
+ {
1853
+ "Fn::Join": [
1854
+ "",
1855
+ [
1856
+ "arn:",
1857
+ {
1858
+ "Ref": "AWS::Partition"
1859
+ },
1860
+ ":ec2:",
1861
+ {
1862
+ "Ref": "AWS::Region"
1863
+ },
1864
+ ":",
1865
+ {
1866
+ "Ref": "AWS::AccountId"
1867
+ },
1868
+ ":instance/",
1869
+ {
1870
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
1871
+ }
1872
+ ]
1873
+ ]
1874
+ },
1875
+ {
1876
+ "Fn::Join": [
1877
+ "",
1878
+ [
1879
+ "arn:",
1880
+ {
1881
+ "Ref": "AWS::Partition"
1882
+ },
1883
+ ":ssm:",
1884
+ {
1885
+ "Ref": "AWS::Region"
1886
+ },
1887
+ ":",
1888
+ {
1889
+ "Ref": "AWS::AccountId"
1890
+ },
1891
+ ":document/AmazonCloudWatch-ManageAgent"
1892
+ ]
1893
+ ]
1894
+ },
1895
+ {
1896
+ "Fn::Join": [
1897
+ "",
1898
+ [
1899
+ "arn:",
1900
+ {
1901
+ "Ref": "AWS::Partition"
1902
+ },
1903
+ ":ssm:",
1904
+ {
1905
+ "Ref": "AWS::Region"
1906
+ },
1907
+ ":",
1908
+ {
1909
+ "Ref": "AWS::AccountId"
1910
+ },
1911
+ ":document/vscode-server-ubuntu-IntegTestStackUbuntu24"
1912
+ ]
1913
+ ]
1914
+ }
1915
+ ]
1916
+ },
1917
+ {
1918
+ "Action": [
1919
+ "ssm:GetCommandInvocation",
1920
+ "ssm:ListCommandInvocations"
1921
+ ],
1922
+ "Effect": "Allow",
1923
+ "Resource": "*"
1924
+ }
1925
+ ],
1926
+ "Version": "2012-10-17"
1927
+ },
1928
+ "PolicyName": "IntegVSCodeServerInstallerOnEventHandlerServiceRoleDefaultPolicy1CAD86C2",
1929
+ "Roles": [
1930
+ {
1931
+ "Ref": "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF"
1932
+ }
1933
+ ]
1934
+ },
1935
+ "Metadata": {
1936
+ "cdk_nag": {
1937
+ "rules_to_suppress": [
1938
+ {
1939
+ "reason": "ssm:GetCommandInvocation and ssm:ListCommandInvocations do not support resource-level permissions and require wildcard resources",
1940
+ "id": "AwsSolutions-IAM5",
1941
+ "applies_to": [
1942
+ "Resource::*"
1943
+ ]
1944
+ }
1945
+ ]
1946
+ }
1947
+ }
1948
+ },
1949
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542": {
1950
+ "Type": "AWS::Lambda::Function",
1951
+ "Properties": {
1952
+ "Code": {
1953
+ "S3Bucket": {
1954
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
1955
+ },
1956
+ "S3Key": "2f99f38311da357eaaea1284d67c759759324dec4a1cd11621d9c59eea9e81df.zip"
1957
+ },
1958
+ "Description": "src/installer/installer.lambda.ts",
1959
+ "Handler": "index.handler",
1960
+ "MemorySize": 512,
1961
+ "Role": {
1962
+ "Fn::GetAtt": [
1963
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF",
1964
+ "Arn"
1965
+ ]
1966
+ },
1967
+ "Runtime": "nodejs22.x",
1968
+ "Timeout": 900
1969
+ },
1970
+ "DependsOn": [
1971
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRoleDefaultPolicy1CAD86C2",
1972
+ "IntegVSCodeServerInstallerOnEventHandlerServiceRole59651FEF"
1973
+ ],
1974
+ "Metadata": {
1975
+ "cdk_nag": {
1976
+ "rules_to_suppress": [
1977
+ {
1978
+ "reason": "For this event handler we do not need to restrict managed policies",
1979
+ "id": "AwsSolutions-IAM4"
1980
+ },
1981
+ {
1982
+ "reason": "For this lambda the latest runtime is not needed",
1983
+ "id": "AwsSolutions-L1"
1984
+ },
1985
+ {
1986
+ "reason": "ssm:GetCommandInvocation and ssm:ListCommandInvocations do not support resource-level permissions and require wildcard resources",
1987
+ "id": "AwsSolutions-IAM5",
1988
+ "applies_to": [
1989
+ "Resource::*"
1990
+ ]
1991
+ }
1992
+ ]
1993
+ }
1994
+ }
1995
+ },
1996
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F": {
1997
+ "Type": "AWS::IAM::Role",
1998
+ "Properties": {
1999
+ "AssumeRolePolicyDocument": {
2000
+ "Statement": [
2001
+ {
2002
+ "Action": "sts:AssumeRole",
2003
+ "Effect": "Allow",
2004
+ "Principal": {
2005
+ "Service": "lambda.amazonaws.com"
2006
+ }
2007
+ }
2008
+ ],
2009
+ "Version": "2012-10-17"
2010
+ },
2011
+ "ManagedPolicyArns": [
2012
+ {
2013
+ "Fn::Join": [
2014
+ "",
2015
+ [
2016
+ "arn:",
2017
+ {
2018
+ "Ref": "AWS::Partition"
2019
+ },
2020
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2021
+ ]
2022
+ ]
2023
+ }
2024
+ ]
2025
+ },
2026
+ "Metadata": {
2027
+ "cdk_nag": {
2028
+ "rules_to_suppress": [
2029
+ {
2030
+ "reason": "For this provider we do not need to restrict managed policies",
2031
+ "id": "AwsSolutions-IAM4"
2032
+ },
2033
+ {
2034
+ "reason": "For this provider wildcards are fine",
2035
+ "id": "AwsSolutions-IAM5"
2036
+ },
2037
+ {
2038
+ "reason": "For this provider the latest runtime is not needed",
2039
+ "id": "AwsSolutions-L1"
2040
+ }
2041
+ ]
2042
+ }
2043
+ }
2044
+ },
2045
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleDefaultPolicy3E54FC3A": {
2046
+ "Type": "AWS::IAM::Policy",
2047
+ "Properties": {
2048
+ "PolicyDocument": {
2049
+ "Statement": [
2050
+ {
2051
+ "Action": "lambda:InvokeFunction",
2052
+ "Effect": "Allow",
2053
+ "Resource": [
2054
+ {
2055
+ "Fn::GetAtt": [
2056
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2057
+ "Arn"
2058
+ ]
2059
+ },
2060
+ {
2061
+ "Fn::Join": [
2062
+ "",
2063
+ [
2064
+ {
2065
+ "Fn::GetAtt": [
2066
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2067
+ "Arn"
2068
+ ]
2069
+ },
2070
+ ":*"
2071
+ ]
2072
+ ]
2073
+ }
2074
+ ]
2075
+ },
2076
+ {
2077
+ "Action": "lambda:GetFunction",
2078
+ "Effect": "Allow",
2079
+ "Resource": {
2080
+ "Fn::GetAtt": [
2081
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2082
+ "Arn"
2083
+ ]
2084
+ }
2085
+ }
2086
+ ],
2087
+ "Version": "2012-10-17"
2088
+ },
2089
+ "PolicyName": "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleDefaultPolicy3E54FC3A",
2090
+ "Roles": [
2091
+ {
2092
+ "Ref": "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F"
2093
+ }
2094
+ ]
2095
+ },
2096
+ "Metadata": {
2097
+ "cdk_nag": {
2098
+ "rules_to_suppress": [
2099
+ {
2100
+ "reason": "For this provider we do not need to restrict managed policies",
2101
+ "id": "AwsSolutions-IAM4"
2102
+ },
2103
+ {
2104
+ "reason": "For this provider wildcards are fine",
2105
+ "id": "AwsSolutions-IAM5"
2106
+ },
2107
+ {
2108
+ "reason": "For this provider the latest runtime is not needed",
2109
+ "id": "AwsSolutions-L1"
2110
+ }
2111
+ ]
2112
+ }
2113
+ }
2114
+ },
2115
+ "IntegVSCodeServerInstallerProviderframeworkonEvent7B6C1190": {
2116
+ "Type": "AWS::Lambda::Function",
2117
+ "Properties": {
2118
+ "Code": {
2119
+ "S3Bucket": {
2120
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2121
+ },
2122
+ "S3Key": "bdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"
2123
+ },
2124
+ "Description": "AWS CDK resource provider framework - onEvent (IntegTestStackUbuntu24/IntegVSCodeServer/InstallerProvider)",
2125
+ "Environment": {
2126
+ "Variables": {
2127
+ "USER_ON_EVENT_FUNCTION_ARN": {
2128
+ "Fn::GetAtt": [
2129
+ "IntegVSCodeServerInstallerOnEventHandler6FF91542",
2130
+ "Arn"
2131
+ ]
2132
+ }
2133
+ }
2134
+ },
2135
+ "Handler": "framework.onEvent",
2136
+ "Role": {
2137
+ "Fn::GetAtt": [
2138
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F",
2139
+ "Arn"
2140
+ ]
2141
+ },
2142
+ "Runtime": {
2143
+ "Fn::FindInMap": [
2144
+ "LatestNodeRuntimeMap",
2145
+ {
2146
+ "Ref": "AWS::Region"
2147
+ },
2148
+ "value"
2149
+ ]
2150
+ },
2151
+ "Timeout": 900
2152
+ },
2153
+ "DependsOn": [
2154
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleDefaultPolicy3E54FC3A",
2155
+ "IntegVSCodeServerInstallerProviderframeworkonEventServiceRoleA509851F"
2156
+ ],
2157
+ "Metadata": {
2158
+ "cdk_nag": {
2159
+ "rules_to_suppress": [
2160
+ {
2161
+ "reason": "For this provider we do not need to restrict managed policies",
2162
+ "id": "AwsSolutions-IAM4"
2163
+ },
2164
+ {
2165
+ "reason": "For this provider wildcards are fine",
2166
+ "id": "AwsSolutions-IAM5"
2167
+ },
2168
+ {
2169
+ "reason": "For this provider the latest runtime is not needed",
2170
+ "id": "AwsSolutions-L1"
2171
+ }
2172
+ ]
2173
+ }
2174
+ }
2175
+ },
2176
+ "IntegVSCodeServerSSMInstallerCustomResource9F9AFE68": {
2177
+ "Type": "AWS::CloudFormation::CustomResource",
2178
+ "Properties": {
2179
+ "ServiceToken": {
2180
+ "Fn::GetAtt": [
2181
+ "IntegVSCodeServerInstallerProviderframeworkonEvent7B6C1190",
2182
+ "Arn"
2183
+ ]
2184
+ },
2185
+ "ServiceTimeout": 905,
2186
+ "InstanceId": {
2187
+ "Ref": "IntegVSCodeServerserverinstance0A3D62D7"
2188
+ },
2189
+ "DocumentName": "vscode-server-ubuntu-IntegTestStackUbuntu24",
2190
+ "CloudWatchLogGroupName": "/aws/ssm/vscode-server-ubuntu-IntegTestStackUbuntu24",
2191
+ "VSCodePassword": {
2192
+ "Fn::GetAtt": [
2193
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD",
2194
+ "secretPasswordValue"
2195
+ ]
2196
+ }
2197
+ },
2198
+ "UpdateReplacePolicy": "Delete",
2199
+ "DeletionPolicy": "Delete"
2200
+ },
2201
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
2202
+ "Type": "AWS::IAM::Role",
2203
+ "Properties": {
2204
+ "AssumeRolePolicyDocument": {
2205
+ "Version": "2012-10-17",
2206
+ "Statement": [
2207
+ {
2208
+ "Action": "sts:AssumeRole",
2209
+ "Effect": "Allow",
2210
+ "Principal": {
2211
+ "Service": "lambda.amazonaws.com"
2212
+ }
2213
+ }
2214
+ ]
2215
+ },
2216
+ "ManagedPolicyArns": [
2217
+ {
2218
+ "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2219
+ }
2220
+ ],
2221
+ "Policies": [
2222
+ {
2223
+ "PolicyName": "Inline",
2224
+ "PolicyDocument": {
2225
+ "Version": "2012-10-17",
2226
+ "Statement": [
2227
+ {
2228
+ "Effect": "Allow",
2229
+ "Action": [
2230
+ "ec2:AuthorizeSecurityGroupIngress",
2231
+ "ec2:AuthorizeSecurityGroupEgress",
2232
+ "ec2:RevokeSecurityGroupIngress",
2233
+ "ec2:RevokeSecurityGroupEgress"
2234
+ ],
2235
+ "Resource": [
2236
+ {
2237
+ "Fn::Join": [
2238
+ "",
2239
+ [
2240
+ "arn:",
2241
+ {
2242
+ "Ref": "AWS::Partition"
2243
+ },
2244
+ ":ec2:",
2245
+ {
2246
+ "Ref": "AWS::Region"
2247
+ },
2248
+ ":",
2249
+ {
2250
+ "Ref": "AWS::AccountId"
2251
+ },
2252
+ ":security-group/",
2253
+ {
2254
+ "Fn::GetAtt": [
2255
+ "IntegVSCodeServervpc93DDE887",
2256
+ "DefaultSecurityGroup"
2257
+ ]
2258
+ }
2259
+ ]
2260
+ ]
2261
+ }
2262
+ ]
2263
+ }
2264
+ ]
2265
+ }
2266
+ }
2267
+ ]
2268
+ }
2269
+ },
2270
+ "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
2271
+ "Type": "AWS::Lambda::Function",
2272
+ "Properties": {
2273
+ "Code": {
2274
+ "S3Bucket": {
2275
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2276
+ },
2277
+ "S3Key": "7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200.zip"
2278
+ },
2279
+ "Timeout": 900,
2280
+ "MemorySize": 128,
2281
+ "Handler": "__entrypoint__.handler",
2282
+ "Role": {
2283
+ "Fn::GetAtt": [
2284
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
2285
+ "Arn"
2286
+ ]
2287
+ },
2288
+ "Runtime": {
2289
+ "Fn::FindInMap": [
2290
+ "LatestNodeRuntimeMap",
2291
+ {
2292
+ "Ref": "AWS::Region"
2293
+ },
2294
+ "value"
2295
+ ]
2296
+ },
2297
+ "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
2298
+ },
2299
+ "DependsOn": [
2300
+ "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
2301
+ ]
2302
+ },
2303
+ "AWS679f53fac002430cb0da5b7982bd22872D164C4C": {
2304
+ "Type": "AWS::Lambda::Function",
2305
+ "Properties": {
2306
+ "Code": {
2307
+ "S3Bucket": {
2308
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2309
+ },
2310
+ "S3Key": "9d043014be736e8162bcc7ec5590cc6d2ff24fd0d9c73a5c5d595151c5fdad00.zip"
2311
+ },
2312
+ "Handler": "index.handler",
2313
+ "LoggingConfig": {
2314
+ "LogGroup": {
2315
+ "Ref": "IntegVSCodeServercfprefixlistIdGetPrefixListIdLogGroup171C2803"
2316
+ }
2317
+ },
2318
+ "Role": {
2319
+ "Fn::GetAtt": [
2320
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1",
2321
+ "Arn"
2322
+ ]
2323
+ },
2324
+ "Runtime": {
2325
+ "Fn::FindInMap": [
2326
+ "LatestNodeRuntimeMap",
2327
+ {
2328
+ "Ref": "AWS::Region"
2329
+ },
2330
+ "value"
2331
+ ]
2332
+ },
2333
+ "Timeout": 120
2334
+ },
2335
+ "DependsOn": [
2336
+ "IntegVSCodeServercfprefixlistIdGetPrefixListIdRole1302B3E1"
2337
+ ]
2338
+ },
2339
+ "loginhandlerServiceRole330B0B32": {
2340
+ "Type": "AWS::IAM::Role",
2341
+ "Properties": {
2342
+ "AssumeRolePolicyDocument": {
2343
+ "Statement": [
2344
+ {
2345
+ "Action": "sts:AssumeRole",
2346
+ "Effect": "Allow",
2347
+ "Principal": {
2348
+ "Service": "lambda.amazonaws.com"
2349
+ }
2350
+ }
2351
+ ],
2352
+ "Version": "2012-10-17"
2353
+ },
2354
+ "ManagedPolicyArns": [
2355
+ {
2356
+ "Fn::Join": [
2357
+ "",
2358
+ [
2359
+ "arn:",
2360
+ {
2361
+ "Ref": "AWS::Partition"
2362
+ },
2363
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2364
+ ]
2365
+ ]
2366
+ }
2367
+ ]
2368
+ }
2369
+ },
2370
+ "loginhandler99CCCCFD": {
2371
+ "Type": "AWS::Lambda::Function",
2372
+ "Properties": {
2373
+ "Code": {
2374
+ "S3Bucket": {
2375
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2376
+ },
2377
+ "S3Key": "efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9.zip"
2378
+ },
2379
+ "Handler": "index.handler",
2380
+ "Role": {
2381
+ "Fn::GetAtt": [
2382
+ "loginhandlerServiceRole330B0B32",
2383
+ "Arn"
2384
+ ]
2385
+ },
2386
+ "Runtime": "nodejs20.x",
2387
+ "Timeout": 30
2388
+ },
2389
+ "DependsOn": [
2390
+ "loginhandlerServiceRole330B0B32"
2391
+ ]
2392
+ },
2393
+ "loginhandlerLogRetentionFD323A9B": {
2394
+ "Type": "Custom::LogRetention",
2395
+ "Properties": {
2396
+ "ServiceToken": {
2397
+ "Fn::GetAtt": [
2398
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A",
2399
+ "Arn"
2400
+ ]
2401
+ },
2402
+ "LogGroupName": {
2403
+ "Fn::Join": [
2404
+ "",
2405
+ [
2406
+ "/aws/lambda/",
2407
+ {
2408
+ "Ref": "loginhandler99CCCCFD"
2409
+ }
2410
+ ]
2411
+ ]
2412
+ },
2413
+ "RetentionInDays": 1
2414
+ }
2415
+ },
2416
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": {
2417
+ "Type": "AWS::IAM::Role",
2418
+ "Properties": {
2419
+ "AssumeRolePolicyDocument": {
2420
+ "Statement": [
2421
+ {
2422
+ "Action": "sts:AssumeRole",
2423
+ "Effect": "Allow",
2424
+ "Principal": {
2425
+ "Service": "lambda.amazonaws.com"
2426
+ }
2427
+ }
2428
+ ],
2429
+ "Version": "2012-10-17"
2430
+ },
2431
+ "ManagedPolicyArns": [
2432
+ {
2433
+ "Fn::Join": [
2434
+ "",
2435
+ [
2436
+ "arn:",
2437
+ {
2438
+ "Ref": "AWS::Partition"
2439
+ },
2440
+ ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2441
+ ]
2442
+ ]
2443
+ }
2444
+ ]
2445
+ }
2446
+ },
2447
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": {
2448
+ "Type": "AWS::IAM::Policy",
2449
+ "Properties": {
2450
+ "PolicyDocument": {
2451
+ "Statement": [
2452
+ {
2453
+ "Action": [
2454
+ "logs:DeleteRetentionPolicy",
2455
+ "logs:PutRetentionPolicy"
2456
+ ],
2457
+ "Effect": "Allow",
2458
+ "Resource": "*"
2459
+ }
2460
+ ],
2461
+ "Version": "2012-10-17"
2462
+ },
2463
+ "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB",
2464
+ "Roles": [
2465
+ {
2466
+ "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB"
2467
+ }
2468
+ ]
2469
+ }
2470
+ },
2471
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": {
2472
+ "Type": "AWS::Lambda::Function",
2473
+ "Properties": {
2474
+ "Handler": "index.handler",
2475
+ "Runtime": {
2476
+ "Fn::FindInMap": [
2477
+ "LatestNodeRuntimeMap",
2478
+ {
2479
+ "Ref": "AWS::Region"
2480
+ },
2481
+ "value"
2482
+ ]
2483
+ },
2484
+ "Timeout": 900,
2485
+ "Code": {
2486
+ "S3Bucket": {
2487
+ "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
2488
+ },
2489
+ "S3Key": "2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d.zip"
2490
+ },
2491
+ "Role": {
2492
+ "Fn::GetAtt": [
2493
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB",
2494
+ "Arn"
2495
+ ]
2496
+ }
2497
+ },
2498
+ "DependsOn": [
2499
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB",
2500
+ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB"
2501
+ ]
2502
+ }
2503
+ },
2504
+ "Outputs": {
2505
+ "IntegVSCodeServerdomainName6B9F2604": {
2506
+ "Description": "The domain name of the distribution",
2507
+ "Value": {
2508
+ "Fn::Join": [
2509
+ "",
2510
+ [
2511
+ "https://",
2512
+ {
2513
+ "Fn::GetAtt": [
2514
+ "IntegVSCodeServercfdistributionFDBE873F",
2515
+ "DomainName"
2516
+ ]
2517
+ },
2518
+ "/?folder=/Workshop"
2519
+ ]
2520
+ ]
2521
+ }
2522
+ },
2523
+ "IntegVSCodeServerpasswordE38D3B2C": {
2524
+ "Description": "The password for the VSCode server",
2525
+ "Value": {
2526
+ "Fn::GetAtt": [
2527
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD",
2528
+ "secretPasswordValue"
2529
+ ]
2530
+ }
2531
+ },
2532
+ "ExportsOutputRefloginhandler99CCCCFD29CE21C0": {
2533
+ "Value": {
2534
+ "Ref": "loginhandler99CCCCFD"
2535
+ },
2536
+ "Export": {
2537
+ "Name": "IntegTestStackUbuntu24:ExportsOutputRefloginhandler99CCCCFD29CE21C0"
2538
+ }
2539
+ },
2540
+ "ExportsOutputFnGetAttIntegVSCodeServercfdistributionFDBE873FDomainName3CB40F9D": {
2541
+ "Value": {
2542
+ "Fn::GetAtt": [
2543
+ "IntegVSCodeServercfdistributionFDBE873F",
2544
+ "DomainName"
2545
+ ]
2546
+ },
2547
+ "Export": {
2548
+ "Name": "IntegTestStackUbuntu24:ExportsOutputFnGetAttIntegVSCodeServercfdistributionFDBE873FDomainName3CB40F9D"
2549
+ }
2550
+ },
2551
+ "ExportsOutputFnGetAttIntegVSCodeServerSecretRetrieverCustomResource2F3DB8BDsecretPasswordValue1223507B": {
2552
+ "Value": {
2553
+ "Fn::GetAtt": [
2554
+ "IntegVSCodeServerSecretRetrieverCustomResource2F3DB8BD",
2555
+ "secretPasswordValue"
2556
+ ]
2557
+ },
2558
+ "Export": {
2559
+ "Name": "IntegTestStackUbuntu24:ExportsOutputFnGetAttIntegVSCodeServerSecretRetrieverCustomResource2F3DB8BDsecretPasswordValue1223507B"
2560
+ }
2561
+ }
2562
+ },
2563
+ "Mappings": {
2564
+ "LatestNodeRuntimeMap": {
2565
+ "af-south-1": {
2566
+ "value": "nodejs20.x"
2567
+ },
2568
+ "ap-east-1": {
2569
+ "value": "nodejs20.x"
2570
+ },
2571
+ "ap-northeast-1": {
2572
+ "value": "nodejs20.x"
2573
+ },
2574
+ "ap-northeast-2": {
2575
+ "value": "nodejs20.x"
2576
+ },
2577
+ "ap-northeast-3": {
2578
+ "value": "nodejs20.x"
2579
+ },
2580
+ "ap-south-1": {
2581
+ "value": "nodejs20.x"
2582
+ },
2583
+ "ap-south-2": {
2584
+ "value": "nodejs20.x"
2585
+ },
2586
+ "ap-southeast-1": {
2587
+ "value": "nodejs20.x"
2588
+ },
2589
+ "ap-southeast-2": {
2590
+ "value": "nodejs20.x"
2591
+ },
2592
+ "ap-southeast-3": {
2593
+ "value": "nodejs20.x"
2594
+ },
2595
+ "ap-southeast-4": {
2596
+ "value": "nodejs20.x"
2597
+ },
2598
+ "ap-southeast-5": {
2599
+ "value": "nodejs20.x"
2600
+ },
2601
+ "ap-southeast-7": {
2602
+ "value": "nodejs20.x"
2603
+ },
2604
+ "ca-central-1": {
2605
+ "value": "nodejs20.x"
2606
+ },
2607
+ "ca-west-1": {
2608
+ "value": "nodejs20.x"
2609
+ },
2610
+ "cn-north-1": {
2611
+ "value": "nodejs20.x"
2612
+ },
2613
+ "cn-northwest-1": {
2614
+ "value": "nodejs20.x"
2615
+ },
2616
+ "eu-central-1": {
2617
+ "value": "nodejs20.x"
2618
+ },
2619
+ "eu-central-2": {
2620
+ "value": "nodejs20.x"
2621
+ },
2622
+ "eu-isoe-west-1": {
2623
+ "value": "nodejs18.x"
2624
+ },
2625
+ "eu-north-1": {
2626
+ "value": "nodejs20.x"
2627
+ },
2628
+ "eu-south-1": {
2629
+ "value": "nodejs20.x"
2630
+ },
2631
+ "eu-south-2": {
2632
+ "value": "nodejs20.x"
2633
+ },
2634
+ "eu-west-1": {
2635
+ "value": "nodejs20.x"
2636
+ },
2637
+ "eu-west-2": {
2638
+ "value": "nodejs20.x"
2639
+ },
2640
+ "eu-west-3": {
2641
+ "value": "nodejs20.x"
2642
+ },
2643
+ "il-central-1": {
2644
+ "value": "nodejs20.x"
2645
+ },
2646
+ "me-central-1": {
2647
+ "value": "nodejs20.x"
2648
+ },
2649
+ "me-south-1": {
2650
+ "value": "nodejs20.x"
2651
+ },
2652
+ "mx-central-1": {
2653
+ "value": "nodejs20.x"
2654
+ },
2655
+ "sa-east-1": {
2656
+ "value": "nodejs20.x"
2657
+ },
2658
+ "us-east-1": {
2659
+ "value": "nodejs20.x"
2660
+ },
2661
+ "us-east-2": {
2662
+ "value": "nodejs20.x"
2663
+ },
2664
+ "us-gov-east-1": {
2665
+ "value": "nodejs20.x"
2666
+ },
2667
+ "us-gov-west-1": {
2668
+ "value": "nodejs20.x"
2669
+ },
2670
+ "us-iso-east-1": {
2671
+ "value": "nodejs18.x"
2672
+ },
2673
+ "us-iso-west-1": {
2674
+ "value": "nodejs18.x"
2675
+ },
2676
+ "us-isob-east-1": {
2677
+ "value": "nodejs18.x"
2678
+ },
2679
+ "us-west-1": {
2680
+ "value": "nodejs20.x"
2681
+ },
2682
+ "us-west-2": {
2683
+ "value": "nodejs20.x"
2684
+ }
2685
+ }
2686
+ },
2687
+ "Parameters": {
2688
+ "SsmParameterValueawsservicecanonicalubuntuservernoblestablecurrentarm64hvmebsgp3amiidC96584B6F00A464EAD1953AFF4B05118Parameter": {
2689
+ "Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
2690
+ "Default": "/aws/service/canonical/ubuntu/server/noble/stable/current/arm64/hvm/ebs-gp3/ami-id"
2691
+ },
2692
+ "BootstrapVersion": {
2693
+ "Type": "AWS::SSM::Parameter::Value<String>",
2694
+ "Default": "/cdk-bootstrap/hnb659fds/version",
2695
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
2696
+ }
2697
+ },
2698
+ "Rules": {
2699
+ "CheckBootstrapVersion": {
2700
+ "Assertions": [
2701
+ {
2702
+ "Assert": {
2703
+ "Fn::Not": [
2704
+ {
2705
+ "Fn::Contains": [
2706
+ [
2707
+ "1",
2708
+ "2",
2709
+ "3",
2710
+ "4",
2711
+ "5"
2712
+ ],
2713
+ {
2714
+ "Ref": "BootstrapVersion"
2715
+ }
2716
+ ]
2717
+ }
2718
+ ]
2719
+ },
2720
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
2721
+ }
2722
+ ]
2723
+ }
2724
+ }
2725
+ }