@aws-solutions-constructs/aws-cloudfront-s3
Version:
CDK Constructs for AWS Cloudfront to AWS S3 integration.
983 lines • 22.1 kB
JSON
{
"Description": "Integration Test for originPath with aws-cloudfront-s3",
"Resources": {
"testcloudfronts3S3LoggingBucket90D239DD": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"Tags": [
{
"Key": "aws-cdk:auto-delete-objects",
"Value": "true"
}
],
"VersioningConfiguration": {
"Status": "Enabled"
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W35",
"reason": "This S3 bucket is used as the access logging bucket for another bucket"
}
]
}
}
},
"testcloudfronts3S3LoggingBucketPolicy529D4CFF": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "testcloudfronts3S3LoggingBucket90D239DD"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3S3LoggingBucket90D239DD",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3S3LoggingBucket90D239DD",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3S3LoggingBucket90D239DD",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3S3LoggingBucket90D239DD",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": "s3:PutObject",
"Condition": {
"ArnLike": {
"aws:SourceArn": {
"Fn::GetAtt": [
"testcloudfronts3S3BucketE0C5F76E",
"Arn"
]
}
},
"StringEquals": {
"aws:SourceAccount": {
"Ref": "AWS::AccountId"
}
}
},
"Effect": "Allow",
"Principal": {
"Service": "logging.s3.amazonaws.com"
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3S3LoggingBucket90D239DD",
"Arn"
]
},
"/*"
]
]
}
}
],
"Version": "2012-10-17"
}
}
},
"testcloudfronts3S3LoggingBucketAutoDeleteObjectsCustomResource6EE37727": {
"Type": "Custom::S3AutoDeleteObjects",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
"BucketName": {
"Ref": "testcloudfronts3S3LoggingBucket90D239DD"
}
},
"DependsOn": [
"testcloudfronts3S3LoggingBucketPolicy529D4CFF"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3S3BucketE0C5F76E": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
},
"LifecycleConfiguration": {
"Rules": [
{
"NoncurrentVersionTransitions": [
{
"StorageClass": "GLACIER",
"TransitionInDays": 90
}
],
"Status": "Enabled"
}
]
},
"LoggingConfiguration": {
"DestinationBucketName": {
"Ref": "testcloudfronts3S3LoggingBucket90D239DD"
}
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"Tags": [
{
"Key": "aws-cdk:auto-delete-objects",
"Value": "true"
}
],
"VersioningConfiguration": {
"Status": "Enabled"
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3S3BucketPolicy250F1F61": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "testcloudfronts3S3BucketE0C5F76E"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3S3BucketE0C5F76E",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3S3BucketE0C5F76E",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3S3BucketE0C5F76E",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3S3BucketE0C5F76E",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": "s3:GetObject",
"Condition": {
"StringEquals": {
"AWS:SourceArn": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":cloudfront::",
{
"Ref": "AWS::AccountId"
},
":distribution/",
{
"Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
}
]
]
}
}
},
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3S3BucketE0C5F76E",
"Arn"
]
},
"/*"
]
]
}
},
{
"Action": "s3:ListBucket",
"Condition": {
"StringEquals": {
"AWS:SourceArn": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":cloudfront::",
{
"Ref": "AWS::AccountId"
},
":distribution/",
{
"Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
}
]
]
}
}
},
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Resource": {
"Fn::GetAtt": [
"testcloudfronts3S3BucketE0C5F76E",
"Arn"
]
}
}
],
"Version": "2012-10-17"
}
},
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "F16",
"reason": "Public website bucket policy requires a wildcard principal"
}
]
}
}
},
"testcloudfronts3S3BucketAutoDeleteObjectsCustomResourceA13DD8F7": {
"Type": "Custom::S3AutoDeleteObjects",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
"BucketName": {
"Ref": "testcloudfronts3S3BucketE0C5F76E"
}
},
"DependsOn": [
"testcloudfronts3S3BucketPolicy250F1F61"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
"Type": "AWS::CloudFront::Function",
"Properties": {
"AutoPublish": true,
"FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
"FunctionConfig": {
"Comment": "SetHttpSecurityHeadersc8966f7b24c95d47868a69c8831fbd3ccac3fa3d70",
"Runtime": "cloudfront-js-1.0"
},
"Name": "SetHttpSecurityHeadersc8966f7b24c95d47868a69c8831fbd3ccac3fa3d70"
}
},
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"Tags": [
{
"Key": "aws-cdk:auto-delete-objects",
"Value": "true"
}
],
"VersioningConfiguration": {
"Status": "Enabled"
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W35",
"reason": "This S3 bucket is used as the access logging bucket for another bucket"
}
]
}
}
},
"testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": "s3:PutObject",
"Condition": {
"ArnLike": {
"aws:SourceArn": {
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucket985C0FE8",
"Arn"
]
}
},
"StringEquals": {
"aws:SourceAccount": {
"Ref": "AWS::AccountId"
}
}
},
"Effect": "Allow",
"Principal": {
"Service": "logging.s3.amazonaws.com"
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
"Arn"
]
},
"/*"
]
]
}
}
],
"Version": "2012-10-17"
}
}
},
"testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
"Type": "Custom::S3AutoDeleteObjects",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
"BucketName": {
"Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
}
},
"DependsOn": [
"testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
"Type": "AWS::S3::Bucket",
"Properties": {
"AccessControl": "LogDeliveryWrite",
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
},
"LoggingConfiguration": {
"DestinationBucketName": {
"Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
}
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"Tags": [
{
"Key": "aws-cdk:auto-delete-objects",
"Value": "true"
}
],
"VersioningConfiguration": {
"Status": "Enabled"
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucket985C0FE8",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucket985C0FE8",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucket985C0FE8",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucket985C0FE8",
"Arn"
]
},
"/*"
]
]
}
]
}
],
"Version": "2012-10-17"
}
}
},
"testcloudfronts3CloudfrontLoggingBucketAutoDeleteObjectsCustomResource19604D88": {
"Type": "Custom::S3AutoDeleteObjects",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
"BucketName": {
"Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
}
},
"DependsOn": [
"testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"testcloudfronts3CloudFrontOac7A951AA6": {
"Type": "AWS::CloudFront::OriginAccessControl",
"Properties": {
"OriginAccessControlConfig": {
"Description": "Origin access control provisioned by aws-cloudfront-s3",
"Name": {
"Fn::Join": [
"",
[
"aws-cloudfront-s3-testnt-s3-",
{
"Fn::Select": [
2,
{
"Fn::Split": [
"/",
{
"Ref": "AWS::StackId"
}
]
}
]
}
]
]
},
"OriginAccessControlOriginType": "s3",
"SigningBehavior": "always",
"SigningProtocol": "sigv4"
}
}
},
"testcloudfronts3CloudFrontDistribution0565DEE8": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"DefaultCacheBehavior": {
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"Compress": true,
"FunctionAssociations": [
{
"EventType": "viewer-response",
"FunctionARN": {
"Fn::GetAtt": [
"testcloudfronts3SetHttpSecurityHeaders6C5A1E69",
"FunctionARN"
]
}
}
],
"TargetOriginId": "cfts3customoriginPathtestcloudfronts3CloudFrontDistributionOrigin1AE2DDD7C",
"ViewerProtocolPolicy": "redirect-to-https"
},
"DefaultRootObject": "index.html",
"Enabled": true,
"HttpVersion": "http2",
"IPV6Enabled": true,
"Logging": {
"Bucket": {
"Fn::GetAtt": [
"testcloudfronts3CloudfrontLoggingBucket985C0FE8",
"RegionalDomainName"
]
}
},
"Origins": [
{
"DomainName": {
"Fn::GetAtt": [
"testcloudfronts3S3BucketE0C5F76E",
"RegionalDomainName"
]
},
"Id": "cfts3customoriginPathtestcloudfronts3CloudFrontDistributionOrigin1AE2DDD7C",
"OriginAccessControlId": {
"Fn::GetAtt": [
"testcloudfronts3CloudFrontOac7A951AA6",
"Id"
]
},
"OriginPath": "/testPath",
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
}
},
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W70",
"reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
}
]
}
}
},
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
]
},
"ManagedPolicyArns": [
{
"Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
]
}
},
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
},
"Timeout": 900,
"MemorySize": 128,
"Handler": "index.handler",
"Role": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
},
"Runtime": "nodejs22.x",
"Description": {
"Fn::Join": [
"",
[
"Lambda function for auto-deleting objects in ",
{
"Ref": "testcloudfronts3S3LoggingBucket90D239DD"
},
" S3 bucket."
]
]
}
},
"DependsOn": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
],
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W58",
"reason": "CDK generated custom resource"
},
{
"id": "W89",
"reason": "CDK generated custom resource"
},
{
"id": "W92",
"reason": "CDK generated custom resource"
}
]
}
}
}
},
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}