@aws-solutions-constructs/aws-cloudfront-s3

{ "version": "tree-0.1", "tree": { "id": "App", "path": "", "children": { "cfts3-customLoggingBuckets": { "id": "cfts3-customLoggingBuckets", "path": "cfts3-customLoggingBuckets", "children": { "test-cloudfront-s3": { "id": "test-cloudfront-s3", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3", "children": { "S3LoggingBucket": { "id": "S3LoggingBucket", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3LoggingBucket", "children": { "Resource": { "id": "Resource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3LoggingBucket/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::Bucket", "aws:cdk:cloudformation:props": { "bucketEncryption": { "serverSideEncryptionConfiguration": [ { "serverSideEncryptionByDefault": { "sseAlgorithm": "AES256" } } ] }, "lifecycleConfiguration": { "rules": [ { "status": "Enabled", "transitions": [ { "storageClass": "GLACIER", "transitionInDays": 7 } ] } ] }, "publicAccessBlockConfiguration": { "blockPublicAcls": true, "blockPublicPolicy": true, "ignorePublicAcls": true, "restrictPublicBuckets": true }, "tags": [ { "key": "aws-cdk:auto-delete-objects", "value": "true" } ], "versioningConfiguration": { "status": "Enabled" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "2.179.0" } }, "Policy": { "id": "Policy", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3LoggingBucket/Policy", "children": { "Resource": { "id": "Resource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3LoggingBucket/Policy/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", "aws:cdk:cloudformation:props": { "bucket": { "Ref": "testcloudfronts3S3LoggingBucket90D239DD" }, "policyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "testcloudfronts3S3LoggingBucket90D239DD", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3S3LoggingBucket90D239DD", "Arn" ] }, "/*" ] ] } ] }, { "Action": [ "s3:DeleteObject*", "s3:GetBucket*", "s3:List*", "s3:PutBucketPolicy" ], "Effect": "Allow", "Principal": { "AWS": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn" ] } }, "Resource": [ { "Fn::GetAtt": [ "testcloudfronts3S3LoggingBucket90D239DD", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3S3LoggingBucket90D239DD", "Arn" ] }, "/*" ] ] } ] }, { "Action": "s3:PutObject", "Condition": { "ArnLike": { "aws:SourceArn": { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "Arn" ] } }, "StringEquals": { "aws:SourceAccount": { "Ref": "AWS::AccountId" } } }, "Effect": "Allow", "Principal": { "Service": "logging.s3.amazonaws.com" }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3S3LoggingBucket90D239DD", "Arn" ] }, "/*" ] ] } } ], "Version": "2012-10-17" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", "version": "2.179.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", "version": "2.179.0", "metadata": [ { "bucket": "*" } ] } }, "AutoDeleteObjectsCustomResource": { "id": "AutoDeleteObjectsCustomResource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3LoggingBucket/AutoDeleteObjectsCustomResource", "children": { "Default": { "id": "Default", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3LoggingBucket/AutoDeleteObjectsCustomResource/Default", "constructInfo": { "fqn": "aws-cdk-lib.CfnResource", "version": "2.179.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.CustomResource", "version": "2.179.0", "metadata": [ "*" ] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "2.179.0", "metadata": [ { "encryption": "S3_MANAGED", "versioned": true, "blockPublicAccess": "*", "removalPolicy": "destroy", "enforceSSL": true, "autoDeleteObjects": true, "lifecycleRules": [ { "enabled": true, "transitions": "*" } ] }, { "addLifecycleRule": [ { "enabled": true, "transitions": "*" }, "*", "*" ] } ] } }, "S3Bucket": { "id": "S3Bucket", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3Bucket", "children": { "Resource": { "id": "Resource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3Bucket/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::Bucket", "aws:cdk:cloudformation:props": { "bucketEncryption": { "serverSideEncryptionConfiguration": [ { "serverSideEncryptionByDefault": { "sseAlgorithm": "AES256" } } ] }, "lifecycleConfiguration": { "rules": [ { "noncurrentVersionTransitions": [ { "storageClass": "GLACIER", "transitionInDays": 90 } ], "status": "Enabled" } ] }, "loggingConfiguration": { "destinationBucketName": { "Ref": "testcloudfronts3S3LoggingBucket90D239DD" } }, "publicAccessBlockConfiguration": { "blockPublicAcls": true, "blockPublicPolicy": true, "ignorePublicAcls": true, "restrictPublicBuckets": true }, "tags": [ { "key": "aws-cdk:auto-delete-objects", "value": "true" } ], "versioningConfiguration": { "status": "Enabled" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "2.179.0" } }, "Policy": { "id": "Policy", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3Bucket/Policy", "children": { "Resource": { "id": "Resource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3Bucket/Policy/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", "aws:cdk:cloudformation:props": { "bucket": { "Ref": "testcloudfronts3S3BucketE0C5F76E" }, "policyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "Arn" ] }, "/*" ] ] } ] }, { "Action": [ "s3:DeleteObject*", "s3:GetBucket*", "s3:List*", "s3:PutBucketPolicy" ], "Effect": "Allow", "Principal": { "AWS": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn" ] } }, "Resource": [ { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "Arn" ] }, "/*" ] ] } ] }, { "Action": "s3:GetObject", "Condition": { "StringEquals": { "AWS:SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":cloudfront::", { "Ref": "AWS::AccountId" }, ":distribution/", { "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8" } ] ] } } }, "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "Arn" ] }, "/*" ] ] } } ], "Version": "2012-10-17" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", "version": "2.179.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", "version": "2.179.0", "metadata": [ { "bucket": "*" } ] } }, "AutoDeleteObjectsCustomResource": { "id": "AutoDeleteObjectsCustomResource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3Bucket/AutoDeleteObjectsCustomResource", "children": { "Default": { "id": "Default", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/S3Bucket/AutoDeleteObjectsCustomResource/Default", "constructInfo": { "fqn": "aws-cdk-lib.CfnResource", "version": "2.179.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.CustomResource", "version": "2.179.0", "metadata": [ "*" ] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "2.179.0", "metadata": [ { "encryption": "S3_MANAGED", "versioned": true, "blockPublicAccess": "*", "removalPolicy": "destroy", "enforceSSL": true, "lifecycleRules": [ { "noncurrentVersionTransitions": [ { "storageClass": "*" } ] } ], "serverAccessLogsBucket": "*", "autoDeleteObjects": true }, { "addLifecycleRule": [ { "noncurrentVersionTransitions": [ { "storageClass": "*" } ] }, "*", "*" ] } ] } }, "SetHttpSecurityHeaders": { "id": "SetHttpSecurityHeaders", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/SetHttpSecurityHeaders", "children": { "Resource": { "id": "Resource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/SetHttpSecurityHeaders/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::CloudFront::Function", "aws:cdk:cloudformation:props": { "autoPublish": true, "functionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }", "functionConfig": { "comment": "SetHttpSecurityHeadersc844fcbc00f82925aea73bcda195f6b5551bdcf3d4", "runtime": "cloudfront-js-1.0" }, "name": "SetHttpSecurityHeadersc844fcbc00f82925aea73bcda195f6b5551bdcf3d4" } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cloudfront.CfnFunction", "version": "2.179.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cloudfront.Function", "version": "2.179.0", "metadata": [ { "functionName": "*", "code": "*" } ] } }, "CloudfrontLoggingBucketAccessLog": { "id": "CloudfrontLoggingBucketAccessLog", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucketAccessLog", "children": { "Resource": { "id": "Resource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucketAccessLog/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::Bucket", "aws:cdk:cloudformation:props": { "bucketEncryption": { "serverSideEncryptionConfiguration": [ { "serverSideEncryptionByDefault": { "sseAlgorithm": "AES256" } } ] }, "publicAccessBlockConfiguration": { "blockPublicAcls": true, "blockPublicPolicy": true, "ignorePublicAcls": true, "restrictPublicBuckets": true }, "tags": [ { "key": "aws-cdk:auto-delete-objects", "value": "true" } ], "versioningConfiguration": { "status": "Enabled" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "2.179.0" } }, "Policy": { "id": "Policy", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucketAccessLog/Policy", "children": { "Resource": { "id": "Resource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucketAccessLog/Policy/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", "aws:cdk:cloudformation:props": { "bucket": { "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58" }, "policyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58", "Arn" ] }, "/*" ] ] } ] }, { "Action": [ "s3:DeleteObject*", "s3:GetBucket*", "s3:List*", "s3:PutBucketPolicy" ], "Effect": "Allow", "Principal": { "AWS": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn" ] } }, "Resource": [ { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58", "Arn" ] }, "/*" ] ] } ] }, { "Action": "s3:PutObject", "Condition": { "ArnLike": { "aws:SourceArn": { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucket985C0FE8", "Arn" ] } }, "StringEquals": { "aws:SourceAccount": { "Ref": "AWS::AccountId" } } }, "Effect": "Allow", "Principal": { "Service": "logging.s3.amazonaws.com" }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58", "Arn" ] }, "/*" ] ] } } ], "Version": "2012-10-17" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", "version": "2.179.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", "version": "2.179.0", "metadata": [ { "bucket": "*" } ] } }, "AutoDeleteObjectsCustomResource": { "id": "AutoDeleteObjectsCustomResource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource", "children": { "Default": { "id": "Default", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucketAccessLog/AutoDeleteObjectsCustomResource/Default", "constructInfo": { "fqn": "aws-cdk-lib.CfnResource", "version": "2.179.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.CustomResource", "version": "2.179.0", "metadata": [ "*" ] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "2.179.0", "metadata": [ { "encryption": "S3_MANAGED", "versioned": true, "blockPublicAccess": "*", "removalPolicy": "destroy", "enforceSSL": true, "autoDeleteObjects": true } ] } }, "CloudfrontLoggingBucket": { "id": "CloudfrontLoggingBucket", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucket", "children": { "Resource": { "id": "Resource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucket/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::Bucket", "aws:cdk:cloudformation:props": { "bucketEncryption": { "serverSideEncryptionConfiguration": [ { "serverSideEncryptionByDefault": { "sseAlgorithm": "AES256" } } ] }, "lifecycleConfiguration": { "rules": [ { "status": "Enabled", "transitions": [ { "storageClass": "GLACIER", "transitionInDays": 7 } ] } ] }, "loggingConfiguration": { "destinationBucketName": { "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58" } }, "ownershipControls": { "rules": [ { "objectOwnership": "ObjectWriter" } ] }, "publicAccessBlockConfiguration": { "blockPublicAcls": true, "blockPublicPolicy": true, "ignorePublicAcls": true, "restrictPublicBuckets": true }, "tags": [ { "key": "aws-cdk:auto-delete-objects", "value": "true" } ], "versioningConfiguration": { "status": "Enabled" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "2.179.0" } }, "Policy": { "id": "Policy", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucket/Policy", "children": { "Resource": { "id": "Resource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucket/Policy/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", "aws:cdk:cloudformation:props": { "bucket": { "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8" }, "policyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucket985C0FE8", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucket985C0FE8", "Arn" ] }, "/*" ] ] } ] }, { "Action": [ "s3:DeleteObject*", "s3:GetBucket*", "s3:List*", "s3:PutBucketPolicy" ], "Effect": "Allow", "Principal": { "AWS": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn" ] } }, "Resource": [ { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucket985C0FE8", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucket985C0FE8", "Arn" ] }, "/*" ] ] } ] } ], "Version": "2012-10-17" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", "version": "2.179.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", "version": "2.179.0", "metadata": [ { "bucket": "*" } ] } }, "AutoDeleteObjectsCustomResource": { "id": "AutoDeleteObjectsCustomResource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource", "children": { "Default": { "id": "Default", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudfrontLoggingBucket/AutoDeleteObjectsCustomResource/Default", "constructInfo": { "fqn": "aws-cdk-lib.CfnResource", "version": "2.179.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.CustomResource", "version": "2.179.0", "metadata": [ "*" ] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "2.179.0", "metadata": [ { "encryption": "S3_MANAGED", "versioned": true, "blockPublicAccess": "*", "removalPolicy": "destroy", "enforceSSL": true, "autoDeleteObjects": true, "lifecycleRules": [ { "enabled": true, "transitions": "*" } ], "objectOwnership": "ObjectWriter", "serverAccessLogsBucket": "*" }, { "addLifecycleRule": [ { "enabled": true, "transitions": "*" }, "*", "*" ] } ] } }, "CloudFrontOac": { "id": "CloudFrontOac", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudFrontOac", "attributes": { "aws:cdk:cloudformation:type": "AWS::CloudFront::OriginAccessControl", "aws:cdk:cloudformation:props": { "originAccessControlConfig": { "name": { "Fn::Join": [ "", [ "aws-cloudfront-s3-testnt-s3-", { "Fn::Select": [ 2, { "Fn::Split": [ "/", { "Ref": "AWS::StackId" } ] } ] } ] ] }, "originAccessControlOriginType": "s3", "signingBehavior": "always", "signingProtocol": "sigv4", "description": "Origin access control provisioned by aws-cloudfront-s3" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cloudfront.CfnOriginAccessControl", "version": "2.179.0" } }, "CloudFrontDistribution": { "id": "CloudFrontDistribution", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudFrontDistribution", "children": { "Origin1": { "id": "Origin1", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudFrontDistribution/Origin1", "constructInfo": { "fqn": "constructs.Construct", "version": "10.4.2" } }, "Resource": { "id": "Resource", "path": "cfts3-customLoggingBuckets/test-cloudfront-s3/CloudFrontDistribution/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::CloudFront::Distribution", "aws:cdk:cloudformation:props": { "distributionConfig": { "enabled": true, "origins": [ { "domainName": { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "RegionalDomainName" ] }, "id": "cfts3customLoggingBucketstestcloudfronts3CloudFrontDistributionOrigin1BBEA7E26", "s3OriginConfig": { "originAccessIdentity": "" } } ], "defaultCacheBehavior": { "pathPattern": "*", "targetOriginId": "cfts3customLoggingBucketstestcloudfronts3CloudFrontDistributionOrigin1BBEA7E26", "cachePolicyId": "658327ea-f89d-4fab-a63