@aws-solutions-constructs/aws-cloudfront-s3
Version:
CDK Constructs for AWS Cloudfront to AWS S3 integration.
959 lines • 21.9 kB
JSON
{
"Description": "Integration Test for aws-cloudfront-s3",
"Resources": {
"testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"Tags": [
{
"Key": "aws-cdk:auto-delete-objects",
"Value": "true"
}
],
"VersioningConfiguration": {
"Status": "Enabled"
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W35",
"reason": "This S3 bucket is used as the access logging bucket for another bucket"
}
]
}
}
},
"testcloudfronts3nosecurityheadersS3LoggingBucketPolicy264DE8B6": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": "s3:PutObject",
"Condition": {
"ArnLike": {
"aws:SourceArn": {
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3Bucket4D06173D",
"Arn"
]
}
},
"StringEquals": {
"aws:SourceAccount": {
"Ref": "AWS::AccountId"
}
}
},
"Effect": "Allow",
"Principal": {
"Service": "logging.s3.amazonaws.com"
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F",
"Arn"
]
},
"/*"
]
]
}
}
],
"Version": "2012-10-17"
}
}
},
"testcloudfronts3nosecurityheadersS3LoggingBucketAutoDeleteObjectsCustomResourceB6D397D3": {
"Type": "Custom::S3AutoDeleteObjects",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
"BucketName": {
"Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
}
},
"DependsOn": [
"testcloudfronts3nosecurityheadersS3LoggingBucketPolicy264DE8B6"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3nosecurityheadersS3Bucket4D06173D": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
},
"LifecycleConfiguration": {
"Rules": [
{
"NoncurrentVersionTransitions": [
{
"StorageClass": "GLACIER",
"TransitionInDays": 90
}
],
"Status": "Enabled"
}
]
},
"LoggingConfiguration": {
"DestinationBucketName": {
"Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
}
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"Tags": [
{
"Key": "aws-cdk:auto-delete-objects",
"Value": "true"
}
],
"VersioningConfiguration": {
"Status": "Enabled"
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3nosecurityheadersS3BucketPolicy99D27ED1": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "testcloudfronts3nosecurityheadersS3Bucket4D06173D"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3Bucket4D06173D",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3Bucket4D06173D",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3Bucket4D06173D",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3Bucket4D06173D",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": "s3:GetObject",
"Condition": {
"StringEquals": {
"AWS:SourceArn": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":cloudfront::",
{
"Ref": "AWS::AccountId"
},
":distribution/",
{
"Ref": "testcloudfronts3nosecurityheadersCloudFrontDistribution3BC8CDED"
}
]
]
}
}
},
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3Bucket4D06173D",
"Arn"
]
},
"/*"
]
]
}
},
{
"Action": "s3:ListBucket",
"Condition": {
"StringEquals": {
"AWS:SourceArn": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":cloudfront::",
{
"Ref": "AWS::AccountId"
},
":distribution/",
{
"Ref": "testcloudfronts3nosecurityheadersCloudFrontDistribution3BC8CDED"
}
]
]
}
}
},
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Resource": {
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3Bucket4D06173D",
"Arn"
]
}
}
],
"Version": "2012-10-17"
}
},
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "F16",
"reason": "Public website bucket policy requires a wildcard principal"
}
]
}
}
},
"testcloudfronts3nosecurityheadersS3BucketAutoDeleteObjectsCustomResource7011F955": {
"Type": "Custom::S3AutoDeleteObjects",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
"BucketName": {
"Ref": "testcloudfronts3nosecurityheadersS3Bucket4D06173D"
}
},
"DependsOn": [
"testcloudfronts3nosecurityheadersS3BucketPolicy99D27ED1"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"Tags": [
{
"Key": "aws-cdk:auto-delete-objects",
"Value": "true"
}
],
"VersioningConfiguration": {
"Status": "Enabled"
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W35",
"reason": "This S3 bucket is used as the access logging bucket for another bucket"
}
]
}
}
},
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogPolicy3DF5F522": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": "s3:PutObject",
"Condition": {
"ArnLike": {
"aws:SourceArn": {
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
"Arn"
]
}
},
"StringEquals": {
"aws:SourceAccount": {
"Ref": "AWS::AccountId"
}
}
},
"Effect": "Allow",
"Principal": {
"Service": "logging.s3.amazonaws.com"
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1",
"Arn"
]
},
"/*"
]
]
}
}
],
"Version": "2012-10-17"
}
}
},
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResource20738403": {
"Type": "Custom::S3AutoDeleteObjects",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
"BucketName": {
"Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1"
}
},
"DependsOn": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogPolicy3DF5F522"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5": {
"Type": "AWS::S3::Bucket",
"Properties": {
"AccessControl": "LogDeliveryWrite",
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
},
"LoggingConfiguration": {
"DestinationBucketName": {
"Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogA3FF51B1"
}
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"Tags": [
{
"Key": "aws-cdk:auto-delete-objects",
"Value": "true"
}
],
"VersioningConfiguration": {
"Status": "Enabled"
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketPolicy7D709982": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
"Arn"
]
},
"/*"
]
]
}
]
}
],
"Version": "2012-10-17"
}
}
},
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAutoDeleteObjectsCustomResource5BEC5CA0": {
"Type": "Custom::S3AutoDeleteObjects",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
"BucketName": {
"Ref": "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5"
}
},
"DependsOn": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucketPolicy7D709982"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3nosecurityheadersCloudFrontOac7954FB73": {
"Type": "AWS::CloudFront::OriginAccessControl",
"Properties": {
"OriginAccessControlConfig": {
"Description": "Origin access control provisioned by aws-cloudfront-s3",
"Name": {
"Fn::Join": [
"",
[
"aws-cloudfront-s3-testaders-",
{
"Fn::Select": [
2,
{
"Fn::Split": [
"/",
{
"Ref": "AWS::StackId"
}
]
}
]
}
]
]
},
"OriginAccessControlOriginType": "s3",
"SigningBehavior": "always",
"SigningProtocol": "sigv4"
}
}
},
"testcloudfronts3nosecurityheadersCloudFrontDistribution3BC8CDED": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"DefaultCacheBehavior": {
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"Compress": true,
"TargetOriginId": "cfts3nosecurityheaderstestcloudfronts3nosecurityheadersCloudFrontDistributionOrigin1A0125E27",
"ViewerProtocolPolicy": "redirect-to-https"
},
"DefaultRootObject": "index.html",
"Enabled": true,
"HttpVersion": "http2",
"IPV6Enabled": true,
"Logging": {
"Bucket": {
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5",
"RegionalDomainName"
]
}
},
"Origins": [
{
"DomainName": {
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersS3Bucket4D06173D",
"RegionalDomainName"
]
},
"Id": "cfts3nosecurityheaderstestcloudfronts3nosecurityheadersCloudFrontDistributionOrigin1A0125E27",
"OriginAccessControlId": {
"Fn::GetAtt": [
"testcloudfronts3nosecurityheadersCloudFrontOac7954FB73",
"Id"
]
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
}
},
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W70",
"reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
}
]
}
}
},
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
]
},
"ManagedPolicyArns": [
{
"Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
]
}
},
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
},
"Timeout": 900,
"MemorySize": 128,
"Handler": "index.handler",
"Role": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
},
"Runtime": "nodejs22.x",
"Description": {
"Fn::Join": [
"",
[
"Lambda function for auto-deleting objects in ",
{
"Ref": "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F"
},
" S3 bucket."
]
]
}
},
"DependsOn": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
],
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W58",
"reason": "CDK generated custom resource"
},
{
"id": "W89",
"reason": "CDK generated custom resource"
},
{
"id": "W92",
"reason": "CDK generated custom resource"
}
]
}
}
}
},
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}