From 32dc4eaacf2b19e4872cd8afa980e1b473eef4ef Mon Sep 17 00:00:00 2001 From: Yozo Suzuki Date: Tue, 28 Nov 2023 17:02:28 +0900 Subject: [PATCH 1/6] fix: add alternate policy of aws-portal policy --- .../blea-gov-base-ct/lib/construct/iam.ts | 332 ++++++++++++++++++ .../lib/construct/iam.ts | 332 ++++++++++++++++++ 2 files changed, 664 insertions(+) diff --git a/usecases/blea-gov-base-ct/lib/construct/iam.ts b/usecases/blea-gov-base-ct/lib/construct/iam.ts index 40a61e204..3ad07bebd 100644 --- a/usecases/blea-gov-base-ct/lib/construct/iam.ts +++ b/usecases/blea-gov-base-ct/lib/construct/iam.ts @@ -24,6 +24,89 @@ export class Iam extends Construct { Resource: '*', Effect: 'Deny', }, + { + Action: [ + 'account:GetAccountInformation', + 'billing:GetBillingData', + 'billing:GetBillingDetails', + 'billing:GetBillingNotifications', + 'billing:GetBillingPreferences', + 'billing:GetContractInformation', + 'billing:GetCredits', + 'billing:GetIAMAccessPreference', + 'billing:GetSellerOfRecord', + 'billing:ListBillingViews', + 'billing:PutContractInformation', + 'billing:RedeemCredits', + 'billing:UpdateBillingPreferences', + 'ce:CreateAnomalyMonitor', + 'ce:CreateAnomalySubscription', + 'ce:CreateNotificationSubscription', + 'ce:CreateReport', + 'ce:DeleteAnomalyMonitor', + 'ce:DeleteAnomalySubscription', + 'ce:DeleteNotificationSubscription', + 'ce:DeleteReport', + 'ce:DescribeNotificationSubscription', + 'ce:DescribeReport', + 'ce:GetAnomalies', + 'ce:GetAnomalyMonitors', + 'ce:GetAnomalySubscriptions', + 'ce:GetCostAndUsage', + 'ce:GetCostAndUsageWithResources', + 'ce:GetCostCategories', + 'ce:GetCostForecast', + 'ce:GetDimensionValues', + 'ce:GetPreferences', + 'ce:GetReservationCoverage', + 'ce:GetReservationPurchaseRecommendation', + 'ce:GetReservationUtilization', + 'ce:GetRightsizingRecommendation', + 'ce:GetSavingsPlansCoverage', + 'ce:GetSavingsPlansPurchaseRecommendation', + 'ce:GetSavingsPlansUtilization', + 'ce:GetSavingsPlansUtilizationDetails', + 'ce:GetTags', + 'ce:GetUsageForecast', + 'ce:ListCostAllocationTags', + 'ce:ListSavingsPlansPurchaseRecommendationGeneration', + 'ce:ProvideAnomalyFeedback', + 'ce:StartSavingsPlansPurchaseRecommendationGeneration', + 'ce:UpdateAnomalyMonitor', + 'ce:UpdateAnomalySubscription', + 'ce:UpdateCostAllocationTagsStatus', + 'ce:UpdateNotificationSubscription', + 'ce:UpdatePreferences', + 'consolidatedbilling:GetAccountBillingRole', + 'consolidatedbilling:ListLinkedAccounts', + 'cur:GetClassicReport', + 'cur:GetClassicReportPreferences', + 'cur:PutClassicReportPreferences', + 'cur:ValidateReportDestination', + 'freetier:GetFreeTierAlertPreference', + 'freetier:GetFreeTierUsage', + 'freetier:PutFreeTierAlertPreference', + 'invoicing:GetInvoiceEmailDeliveryPreferences', + 'invoicing:GetInvoicePDF', + 'invoicing:ListInvoiceSummaries', + 'invoicing:PutInvoiceEmailDeliveryPreferences', + 'payments:CreatePaymentInstrument', + 'payments:DeletePaymentInstrument', + 'payments:GetPaymentInstrument', + 'payments:GetPaymentStatus', + 'payments:ListPaymentPreferences', + 'payments:MakePayment', + 'payments:UpdatePaymentPreferences', + 'tax:BatchPutTaxRegistration', + 'tax:DeleteTaxRegistration', + 'tax:GetTaxInheritance', + 'tax:GetTaxRegistrationDocument', + 'tax:ListTaxRegistrations', + 'tax:PutTaxInheritance', + ], + Resource: '*', + Effect: 'Deny', + }, { Action: ['cloudtrail:DeleteTrail', 'cloudtrail:StopLogging', 'cloudtrail:UpdateTrail'], Resource: '*', @@ -75,6 +158,89 @@ export class Iam extends Construct { Resource: '*', Effect: 'Deny', }, + { + Action: [ + 'account:GetAccountInformation', + 'billing:GetBillingData', + 'billing:GetBillingDetails', + 'billing:GetBillingNotifications', + 'billing:GetBillingPreferences', + 'billing:GetContractInformation', + 'billing:GetCredits', + 'billing:GetIAMAccessPreference', + 'billing:GetSellerOfRecord', + 'billing:ListBillingViews', + 'billing:PutContractInformation', + 'billing:RedeemCredits', + 'billing:UpdateBillingPreferences', + 'ce:CreateAnomalyMonitor', + 'ce:CreateAnomalySubscription', + 'ce:CreateNotificationSubscription', + 'ce:CreateReport', + 'ce:DeleteAnomalyMonitor', + 'ce:DeleteAnomalySubscription', + 'ce:DeleteNotificationSubscription', + 'ce:DeleteReport', + 'ce:DescribeNotificationSubscription', + 'ce:DescribeReport', + 'ce:GetAnomalies', + 'ce:GetAnomalyMonitors', + 'ce:GetAnomalySubscriptions', + 'ce:GetCostAndUsage', + 'ce:GetCostAndUsageWithResources', + 'ce:GetCostCategories', + 'ce:GetCostForecast', + 'ce:GetDimensionValues', + 'ce:GetPreferences', + 'ce:GetReservationCoverage', + 'ce:GetReservationPurchaseRecommendation', + 'ce:GetReservationUtilization', + 'ce:GetRightsizingRecommendation', + 'ce:GetSavingsPlansCoverage', + 'ce:GetSavingsPlansPurchaseRecommendation', + 'ce:GetSavingsPlansUtilization', + 'ce:GetSavingsPlansUtilizationDetails', + 'ce:GetTags', + 'ce:GetUsageForecast', + 'ce:ListCostAllocationTags', + 'ce:ListSavingsPlansPurchaseRecommendationGeneration', + 'ce:ProvideAnomalyFeedback', + 'ce:StartSavingsPlansPurchaseRecommendationGeneration', + 'ce:UpdateAnomalyMonitor', + 'ce:UpdateAnomalySubscription', + 'ce:UpdateCostAllocationTagsStatus', + 'ce:UpdateNotificationSubscription', + 'ce:UpdatePreferences', + 'consolidatedbilling:GetAccountBillingRole', + 'consolidatedbilling:ListLinkedAccounts', + 'cur:GetClassicReport', + 'cur:GetClassicReportPreferences', + 'cur:PutClassicReportPreferences', + 'cur:ValidateReportDestination', + 'freetier:GetFreeTierAlertPreference', + 'freetier:GetFreeTierUsage', + 'freetier:PutFreeTierAlertPreference', + 'invoicing:GetInvoiceEmailDeliveryPreferences', + 'invoicing:GetInvoicePDF', + 'invoicing:ListInvoiceSummaries', + 'invoicing:PutInvoiceEmailDeliveryPreferences', + 'payments:CreatePaymentInstrument', + 'payments:DeletePaymentInstrument', + 'payments:GetPaymentInstrument', + 'payments:GetPaymentStatus', + 'payments:ListPaymentPreferences', + 'payments:MakePayment', + 'payments:UpdatePaymentPreferences', + 'tax:BatchPutTaxRegistration', + 'tax:DeleteTaxRegistration', + 'tax:GetTaxInheritance', + 'tax:GetTaxRegistrationDocument', + 'tax:ListTaxRegistrations', + 'tax:PutTaxInheritance', + ], + Resource: '*', + Effect: 'Deny', + }, ], }; const iamAdminManagedPolicy = new iam.ManagedPolicy(this, 'IamAdminPolicy', { @@ -141,6 +307,89 @@ export class Iam extends Construct { Resource: '*', Effect: 'Deny', }, + { + Action: [ + 'account:GetAccountInformation', + 'billing:GetBillingData', + 'billing:GetBillingDetails', + 'billing:GetBillingNotifications', + 'billing:GetBillingPreferences', + 'billing:GetContractInformation', + 'billing:GetCredits', + 'billing:GetIAMAccessPreference', + 'billing:GetSellerOfRecord', + 'billing:ListBillingViews', + 'billing:PutContractInformation', + 'billing:RedeemCredits', + 'billing:UpdateBillingPreferences', + 'ce:CreateAnomalyMonitor', + 'ce:CreateAnomalySubscription', + 'ce:CreateNotificationSubscription', + 'ce:CreateReport', + 'ce:DeleteAnomalyMonitor', + 'ce:DeleteAnomalySubscription', + 'ce:DeleteNotificationSubscription', + 'ce:DeleteReport', + 'ce:DescribeNotificationSubscription', + 'ce:DescribeReport', + 'ce:GetAnomalies', + 'ce:GetAnomalyMonitors', + 'ce:GetAnomalySubscriptions', + 'ce:GetCostAndUsage', + 'ce:GetCostAndUsageWithResources', + 'ce:GetCostCategories', + 'ce:GetCostForecast', + 'ce:GetDimensionValues', + 'ce:GetPreferences', + 'ce:GetReservationCoverage', + 'ce:GetReservationPurchaseRecommendation', + 'ce:GetReservationUtilization', + 'ce:GetRightsizingRecommendation', + 'ce:GetSavingsPlansCoverage', + 'ce:GetSavingsPlansPurchaseRecommendation', + 'ce:GetSavingsPlansUtilization', + 'ce:GetSavingsPlansUtilizationDetails', + 'ce:GetTags', + 'ce:GetUsageForecast', + 'ce:ListCostAllocationTags', + 'ce:ListSavingsPlansPurchaseRecommendationGeneration', + 'ce:ProvideAnomalyFeedback', + 'ce:StartSavingsPlansPurchaseRecommendationGeneration', + 'ce:UpdateAnomalyMonitor', + 'ce:UpdateAnomalySubscription', + 'ce:UpdateCostAllocationTagsStatus', + 'ce:UpdateNotificationSubscription', + 'ce:UpdatePreferences', + 'consolidatedbilling:GetAccountBillingRole', + 'consolidatedbilling:ListLinkedAccounts', + 'cur:GetClassicReport', + 'cur:GetClassicReportPreferences', + 'cur:PutClassicReportPreferences', + 'cur:ValidateReportDestination', + 'freetier:GetFreeTierAlertPreference', + 'freetier:GetFreeTierUsage', + 'freetier:PutFreeTierAlertPreference', + 'invoicing:GetInvoiceEmailDeliveryPreferences', + 'invoicing:GetInvoicePDF', + 'invoicing:ListInvoiceSummaries', + 'invoicing:PutInvoiceEmailDeliveryPreferences', + 'payments:CreatePaymentInstrument', + 'payments:DeletePaymentInstrument', + 'payments:GetPaymentInstrument', + 'payments:GetPaymentStatus', + 'payments:ListPaymentPreferences', + 'payments:MakePayment', + 'payments:UpdatePaymentPreferences', + 'tax:BatchPutTaxRegistration', + 'tax:DeleteTaxRegistration', + 'tax:GetTaxInheritance', + 'tax:GetTaxRegistrationDocument', + 'tax:ListTaxRegistrations', + 'tax:PutTaxInheritance', + ], + Resource: '*', + Effect: 'Deny', + }, { Action: [ 'kms:Create*', @@ -243,6 +492,89 @@ export class Iam extends Construct { Resource: '*', Effect: 'Deny', }, + { + Action: [ + 'account:GetAccountInformation', + 'billing:GetBillingData', + 'billing:GetBillingDetails', + 'billing:GetBillingNotifications', + 'billing:GetBillingPreferences', + 'billing:GetContractInformation', + 'billing:GetCredits', + 'billing:GetIAMAccessPreference', + 'billing:GetSellerOfRecord', + 'billing:ListBillingViews', + 'billing:PutContractInformation', + 'billing:RedeemCredits', + 'billing:UpdateBillingPreferences', + 'ce:CreateAnomalyMonitor', + 'ce:CreateAnomalySubscription', + 'ce:CreateNotificationSubscription', + 'ce:CreateReport', + 'ce:DeleteAnomalyMonitor', + 'ce:DeleteAnomalySubscription', + 'ce:DeleteNotificationSubscription', + 'ce:DeleteReport', + 'ce:DescribeNotificationSubscription', + 'ce:DescribeReport', + 'ce:GetAnomalies', + 'ce:GetAnomalyMonitors', + 'ce:GetAnomalySubscriptions', + 'ce:GetCostAndUsage', + 'ce:GetCostAndUsageWithResources', + 'ce:GetCostCategories', + 'ce:GetCostForecast', + 'ce:GetDimensionValues', + 'ce:GetPreferences', + 'ce:GetReservationCoverage', + 'ce:GetReservationPurchaseRecommendation', + 'ce:GetReservationUtilization', + 'ce:GetRightsizingRecommendation', + 'ce:GetSavingsPlansCoverage', + 'ce:GetSavingsPlansPurchaseRecommendation', + 'ce:GetSavingsPlansUtilization', + 'ce:GetSavingsPlansUtilizationDetails', + 'ce:GetTags', + 'ce:GetUsageForecast', + 'ce:ListCostAllocationTags', + 'ce:ListSavingsPlansPurchaseRecommendationGeneration', + 'ce:ProvideAnomalyFeedback', + 'ce:StartSavingsPlansPurchaseRecommendationGeneration', + 'ce:UpdateAnomalyMonitor', + 'ce:UpdateAnomalySubscription', + 'ce:UpdateCostAllocationTagsStatus', + 'ce:UpdateNotificationSubscription', + 'ce:UpdatePreferences', + 'consolidatedbilling:GetAccountBillingRole', + 'consolidatedbilling:ListLinkedAccounts', + 'cur:GetClassicReport', + 'cur:GetClassicReportPreferences', + 'cur:PutClassicReportPreferences', + 'cur:ValidateReportDestination', + 'freetier:GetFreeTierAlertPreference', + 'freetier:GetFreeTierUsage', + 'freetier:PutFreeTierAlertPreference', + 'invoicing:GetInvoiceEmailDeliveryPreferences', + 'invoicing:GetInvoicePDF', + 'invoicing:ListInvoiceSummaries', + 'invoicing:PutInvoiceEmailDeliveryPreferences', + 'payments:CreatePaymentInstrument', + 'payments:DeletePaymentInstrument', + 'payments:GetPaymentInstrument', + 'payments:GetPaymentStatus', + 'payments:ListPaymentPreferences', + 'payments:MakePayment', + 'payments:UpdatePaymentPreferences', + 'tax:BatchPutTaxRegistration', + 'tax:DeleteTaxRegistration', + 'tax:GetTaxInheritance', + 'tax:GetTaxRegistrationDocument', + 'tax:ListTaxRegistrations', + 'tax:PutTaxInheritance', + ], + Resource: '*', + Effect: 'Deny', + }, ], }; diff --git a/usecases/blea-gov-base-standalone/lib/construct/iam.ts b/usecases/blea-gov-base-standalone/lib/construct/iam.ts index 40a61e204..3ad07bebd 100644 --- a/usecases/blea-gov-base-standalone/lib/construct/iam.ts +++ b/usecases/blea-gov-base-standalone/lib/construct/iam.ts @@ -24,6 +24,89 @@ export class Iam extends Construct { Resource: '*', Effect: 'Deny', }, + { + Action: [ + 'account:GetAccountInformation', + 'billing:GetBillingData', + 'billing:GetBillingDetails', + 'billing:GetBillingNotifications', + 'billing:GetBillingPreferences', + 'billing:GetContractInformation', + 'billing:GetCredits', + 'billing:GetIAMAccessPreference', + 'billing:GetSellerOfRecord', + 'billing:ListBillingViews', + 'billing:PutContractInformation', + 'billing:RedeemCredits', + 'billing:UpdateBillingPreferences', + 'ce:CreateAnomalyMonitor', + 'ce:CreateAnomalySubscription', + 'ce:CreateNotificationSubscription', + 'ce:CreateReport', + 'ce:DeleteAnomalyMonitor', + 'ce:DeleteAnomalySubscription', + 'ce:DeleteNotificationSubscription', + 'ce:DeleteReport', + 'ce:DescribeNotificationSubscription', + 'ce:DescribeReport', + 'ce:GetAnomalies', + 'ce:GetAnomalyMonitors', + 'ce:GetAnomalySubscriptions', + 'ce:GetCostAndUsage', + 'ce:GetCostAndUsageWithResources', + 'ce:GetCostCategories', + 'ce:GetCostForecast', + 'ce:GetDimensionValues', + 'ce:GetPreferences', + 'ce:GetReservationCoverage', + 'ce:GetReservationPurchaseRecommendation', + 'ce:GetReservationUtilization', + 'ce:GetRightsizingRecommendation', + 'ce:GetSavingsPlansCoverage', + 'ce:GetSavingsPlansPurchaseRecommendation', + 'ce:GetSavingsPlansUtilization', + 'ce:GetSavingsPlansUtilizationDetails', + 'ce:GetTags', + 'ce:GetUsageForecast', + 'ce:ListCostAllocationTags', + 'ce:ListSavingsPlansPurchaseRecommendationGeneration', + 'ce:ProvideAnomalyFeedback', + 'ce:StartSavingsPlansPurchaseRecommendationGeneration', + 'ce:UpdateAnomalyMonitor', + 'ce:UpdateAnomalySubscription', + 'ce:UpdateCostAllocationTagsStatus', + 'ce:UpdateNotificationSubscription', + 'ce:UpdatePreferences', + 'consolidatedbilling:GetAccountBillingRole', + 'consolidatedbilling:ListLinkedAccounts', + 'cur:GetClassicReport', + 'cur:GetClassicReportPreferences', + 'cur:PutClassicReportPreferences', + 'cur:ValidateReportDestination', + 'freetier:GetFreeTierAlertPreference', + 'freetier:GetFreeTierUsage', + 'freetier:PutFreeTierAlertPreference', + 'invoicing:GetInvoiceEmailDeliveryPreferences', + 'invoicing:GetInvoicePDF', + 'invoicing:ListInvoiceSummaries', + 'invoicing:PutInvoiceEmailDeliveryPreferences', + 'payments:CreatePaymentInstrument', + 'payments:DeletePaymentInstrument', + 'payments:GetPaymentInstrument', + 'payments:GetPaymentStatus', + 'payments:ListPaymentPreferences', + 'payments:MakePayment', + 'payments:UpdatePaymentPreferences', + 'tax:BatchPutTaxRegistration', + 'tax:DeleteTaxRegistration', + 'tax:GetTaxInheritance', + 'tax:GetTaxRegistrationDocument', + 'tax:ListTaxRegistrations', + 'tax:PutTaxInheritance', + ], + Resource: '*', + Effect: 'Deny', + }, { Action: ['cloudtrail:DeleteTrail', 'cloudtrail:StopLogging', 'cloudtrail:UpdateTrail'], Resource: '*', @@ -75,6 +158,89 @@ export class Iam extends Construct { Resource: '*', Effect: 'Deny', }, + { + Action: [ + 'account:GetAccountInformation', + 'billing:GetBillingData', + 'billing:GetBillingDetails', + 'billing:GetBillingNotifications', + 'billing:GetBillingPreferences', + 'billing:GetContractInformation', + 'billing:GetCredits', + 'billing:GetIAMAccessPreference', + 'billing:GetSellerOfRecord', + 'billing:ListBillingViews', + 'billing:PutContractInformation', + 'billing:RedeemCredits', + 'billing:UpdateBillingPreferences', + 'ce:CreateAnomalyMonitor', + 'ce:CreateAnomalySubscription', + 'ce:CreateNotificationSubscription', + 'ce:CreateReport', + 'ce:DeleteAnomalyMonitor', + 'ce:DeleteAnomalySubscription', + 'ce:DeleteNotificationSubscription', + 'ce:DeleteReport', + 'ce:DescribeNotificationSubscription', + 'ce:DescribeReport', + 'ce:GetAnomalies', + 'ce:GetAnomalyMonitors', + 'ce:GetAnomalySubscriptions', + 'ce:GetCostAndUsage', + 'ce:GetCostAndUsageWithResources', + 'ce:GetCostCategories', + 'ce:GetCostForecast', + 'ce:GetDimensionValues', + 'ce:GetPreferences', + 'ce:GetReservationCoverage', + 'ce:GetReservationPurchaseRecommendation', + 'ce:GetReservationUtilization', + 'ce:GetRightsizingRecommendation', + 'ce:GetSavingsPlansCoverage', + 'ce:GetSavingsPlansPurchaseRecommendation', + 'ce:GetSavingsPlansUtilization', + 'ce:GetSavingsPlansUtilizationDetails', + 'ce:GetTags', + 'ce:GetUsageForecast', + 'ce:ListCostAllocationTags', + 'ce:ListSavingsPlansPurchaseRecommendationGeneration', + 'ce:ProvideAnomalyFeedback', + 'ce:StartSavingsPlansPurchaseRecommendationGeneration', + 'ce:UpdateAnomalyMonitor', + 'ce:UpdateAnomalySubscription', + 'ce:UpdateCostAllocationTagsStatus', + 'ce:UpdateNotificationSubscription', + 'ce:UpdatePreferences', + 'consolidatedbilling:GetAccountBillingRole', + 'consolidatedbilling:ListLinkedAccounts', + 'cur:GetClassicReport', + 'cur:GetClassicReportPreferences', + 'cur:PutClassicReportPreferences', + 'cur:ValidateReportDestination', + 'freetier:GetFreeTierAlertPreference', + 'freetier:GetFreeTierUsage', + 'freetier:PutFreeTierAlertPreference', + 'invoicing:GetInvoiceEmailDeliveryPreferences', + 'invoicing:GetInvoicePDF', + 'invoicing:ListInvoiceSummaries', + 'invoicing:PutInvoiceEmailDeliveryPreferences', + 'payments:CreatePaymentInstrument', + 'payments:DeletePaymentInstrument', + 'payments:GetPaymentInstrument', + 'payments:GetPaymentStatus', + 'payments:ListPaymentPreferences', + 'payments:MakePayment', + 'payments:UpdatePaymentPreferences', + 'tax:BatchPutTaxRegistration', + 'tax:DeleteTaxRegistration', + 'tax:GetTaxInheritance', + 'tax:GetTaxRegistrationDocument', + 'tax:ListTaxRegistrations', + 'tax:PutTaxInheritance', + ], + Resource: '*', + Effect: 'Deny', + }, ], }; const iamAdminManagedPolicy = new iam.ManagedPolicy(this, 'IamAdminPolicy', { @@ -141,6 +307,89 @@ export class Iam extends Construct { Resource: '*', Effect: 'Deny', }, + { + Action: [ + 'account:GetAccountInformation', + 'billing:GetBillingData', + 'billing:GetBillingDetails', + 'billing:GetBillingNotifications', + 'billing:GetBillingPreferences', + 'billing:GetContractInformation', + 'billing:GetCredits', + 'billing:GetIAMAccessPreference', + 'billing:GetSellerOfRecord', + 'billing:ListBillingViews', + 'billing:PutContractInformation', + 'billing:RedeemCredits', + 'billing:UpdateBillingPreferences', + 'ce:CreateAnomalyMonitor', + 'ce:CreateAnomalySubscription', + 'ce:CreateNotificationSubscription', + 'ce:CreateReport', + 'ce:DeleteAnomalyMonitor', + 'ce:DeleteAnomalySubscription', + 'ce:DeleteNotificationSubscription', + 'ce:DeleteReport', + 'ce:DescribeNotificationSubscription', + 'ce:DescribeReport', + 'ce:GetAnomalies', + 'ce:GetAnomalyMonitors', + 'ce:GetAnomalySubscriptions', + 'ce:GetCostAndUsage', + 'ce:GetCostAndUsageWithResources', + 'ce:GetCostCategories', + 'ce:GetCostForecast', + 'ce:GetDimensionValues', + 'ce:GetPreferences', + 'ce:GetReservationCoverage', + 'ce:GetReservationPurchaseRecommendation', + 'ce:GetReservationUtilization', + 'ce:GetRightsizingRecommendation', + 'ce:GetSavingsPlansCoverage', + 'ce:GetSavingsPlansPurchaseRecommendation', + 'ce:GetSavingsPlansUtilization', + 'ce:GetSavingsPlansUtilizationDetails', + 'ce:GetTags', + 'ce:GetUsageForecast', + 'ce:ListCostAllocationTags', + 'ce:ListSavingsPlansPurchaseRecommendationGeneration', + 'ce:ProvideAnomalyFeedback', + 'ce:StartSavingsPlansPurchaseRecommendationGeneration', + 'ce:UpdateAnomalyMonitor', + 'ce:UpdateAnomalySubscription', + 'ce:UpdateCostAllocationTagsStatus', + 'ce:UpdateNotificationSubscription', + 'ce:UpdatePreferences', + 'consolidatedbilling:GetAccountBillingRole', + 'consolidatedbilling:ListLinkedAccounts', + 'cur:GetClassicReport', + 'cur:GetClassicReportPreferences', + 'cur:PutClassicReportPreferences', + 'cur:ValidateReportDestination', + 'freetier:GetFreeTierAlertPreference', + 'freetier:GetFreeTierUsage', + 'freetier:PutFreeTierAlertPreference', + 'invoicing:GetInvoiceEmailDeliveryPreferences', + 'invoicing:GetInvoicePDF', + 'invoicing:ListInvoiceSummaries', + 'invoicing:PutInvoiceEmailDeliveryPreferences', + 'payments:CreatePaymentInstrument', + 'payments:DeletePaymentInstrument', + 'payments:GetPaymentInstrument', + 'payments:GetPaymentStatus', + 'payments:ListPaymentPreferences', + 'payments:MakePayment', + 'payments:UpdatePaymentPreferences', + 'tax:BatchPutTaxRegistration', + 'tax:DeleteTaxRegistration', + 'tax:GetTaxInheritance', + 'tax:GetTaxRegistrationDocument', + 'tax:ListTaxRegistrations', + 'tax:PutTaxInheritance', + ], + Resource: '*', + Effect: 'Deny', + }, { Action: [ 'kms:Create*', @@ -243,6 +492,89 @@ export class Iam extends Construct { Resource: '*', Effect: 'Deny', }, + { + Action: [ + 'account:GetAccountInformation', + 'billing:GetBillingData', + 'billing:GetBillingDetails', + 'billing:GetBillingNotifications', + 'billing:GetBillingPreferences', + 'billing:GetContractInformation', + 'billing:GetCredits', + 'billing:GetIAMAccessPreference', + 'billing:GetSellerOfRecord', + 'billing:ListBillingViews', + 'billing:PutContractInformation', + 'billing:RedeemCredits', + 'billing:UpdateBillingPreferences', + 'ce:CreateAnomalyMonitor', + 'ce:CreateAnomalySubscription', + 'ce:CreateNotificationSubscription', + 'ce:CreateReport', + 'ce:DeleteAnomalyMonitor', + 'ce:DeleteAnomalySubscription', + 'ce:DeleteNotificationSubscription', + 'ce:DeleteReport', + 'ce:DescribeNotificationSubscription', + 'ce:DescribeReport', + 'ce:GetAnomalies', + 'ce:GetAnomalyMonitors', + 'ce:GetAnomalySubscriptions', + 'ce:GetCostAndUsage', + 'ce:GetCostAndUsageWithResources', + 'ce:GetCostCategories', + 'ce:GetCostForecast', + 'ce:GetDimensionValues', + 'ce:GetPreferences', + 'ce:GetReservationCoverage', + 'ce:GetReservationPurchaseRecommendation', + 'ce:GetReservationUtilization', + 'ce:GetRightsizingRecommendation', + 'ce:GetSavingsPlansCoverage', + 'ce:GetSavingsPlansPurchaseRecommendation', + 'ce:GetSavingsPlansUtilization', + 'ce:GetSavingsPlansUtilizationDetails', + 'ce:GetTags', + 'ce:GetUsageForecast', + 'ce:ListCostAllocationTags', + 'ce:ListSavingsPlansPurchaseRecommendationGeneration', + 'ce:ProvideAnomalyFeedback', + 'ce:StartSavingsPlansPurchaseRecommendationGeneration', + 'ce:UpdateAnomalyMonitor', + 'ce:UpdateAnomalySubscription', + 'ce:UpdateCostAllocationTagsStatus', + 'ce:UpdateNotificationSubscription', + 'ce:UpdatePreferences', + 'consolidatedbilling:GetAccountBillingRole', + 'consolidatedbilling:ListLinkedAccounts', + 'cur:GetClassicReport', + 'cur:GetClassicReportPreferences', + 'cur:PutClassicReportPreferences', + 'cur:ValidateReportDestination', + 'freetier:GetFreeTierAlertPreference', + 'freetier:GetFreeTierUsage', + 'freetier:PutFreeTierAlertPreference', + 'invoicing:GetInvoiceEmailDeliveryPreferences', + 'invoicing:GetInvoicePDF', + 'invoicing:ListInvoiceSummaries', + 'invoicing:PutInvoiceEmailDeliveryPreferences', + 'payments:CreatePaymentInstrument', + 'payments:DeletePaymentInstrument', + 'payments:GetPaymentInstrument', + 'payments:GetPaymentStatus', + 'payments:ListPaymentPreferences', + 'payments:MakePayment', + 'payments:UpdatePaymentPreferences', + 'tax:BatchPutTaxRegistration', + 'tax:DeleteTaxRegistration', + 'tax:GetTaxInheritance', + 'tax:GetTaxRegistrationDocument', + 'tax:ListTaxRegistrations', + 'tax:PutTaxInheritance', + ], + Resource: '*', + Effect: 'Deny', + }, ], }; From 4af79526210a2324df6171d637bbef66153bbc43 Mon Sep 17 00:00:00 2001 From: Yozo Suzuki Date: Wed, 29 Nov 2023 12:53:20 +0900 Subject: [PATCH 2/6] modify snapshots --- ...gov-base-ct-via-cdk-pipelines.test.ts.snap | 704 ++++---- ...v-base-ct-via-service-catalog.test.ts.snap | 70 +- .../blea-gov-base-ct.test.ts.snap | 1258 ++++++++----- .../blea-gov-base-standalone.test.ts.snap | 1608 ++++++++++------- 4 files changed, 2152 insertions(+), 1488 deletions(-) diff --git a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-cdk-pipelines.test.ts.snap b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-cdk-pipelines.test.ts.snap index e63265aea..9767b9d5f 100644 --- a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-cdk-pipelines.test.ts.snap +++ b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-cdk-pipelines.test.ts.snap @@ -1,57 +1,57 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` -{ - "Parameters": { - "BootstrapVersion": { +Object { + "Parameters": Object { + "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": { - "Pipeline9850B417": { - "DependsOn": [ + "Resources": Object { + "Pipeline9850B417": Object { + "DependsOn": Array [ "PipelineRoleDefaultPolicy7BDC1ABB", "PipelineRoleB27FAA37", ], - "Properties": { - "ArtifactStore": { - "Location": { + "Properties": Object { + "ArtifactStore": Object { + "Location": Object { "Ref": "PipelineArtifactsBucketAEA9A052", }, "Type": "S3", }, "RestartExecutionOnUpdate": true, - "RoleArn": { - "Fn::GetAtt": [ + "RoleArn": Object { + "Fn::GetAtt": Array [ "PipelineRoleB27FAA37", "Arn", ], }, - "Stages": [ - { - "Actions": [ - { - "ActionTypeId": { + "Stages": Array [ + Object { + "Actions": Array [ + Object { + "ActionTypeId": Object { "Category": "Source", "Owner": "AWS", "Provider": "CodeStarSourceConnection", "Version": "1", }, - "Configuration": { + "Configuration": Object { "BranchName": "main", "ConnectionArn": "arn:aws:codestar-connections:ap-northeast-1:xxxxxxxxxxxx:connection/example", "FullRepositoryId": "aws-samples/baseline-environment-on-aws", }, "Name": "aws-samples_baseline-environment-on-aws", - "OutputArtifacts": [ - { + "OutputArtifacts": Array [ + Object { "Name": "aws_samples_baseline_environment_on_aws_Source", }, ], - "RoleArn": { - "Fn::GetAtt": [ + "RoleArn": Object { + "Fn::GetAtt": Array [ "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRole1BD37B19", "Arn", ], @@ -61,34 +61,34 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` ], "Name": "Source", }, - { - "Actions": [ - { - "ActionTypeId": { + Object { + "Actions": Array [ + Object { + "ActionTypeId": Object { "Category": "Build", "Owner": "AWS", "Provider": "CodeBuild", "Version": "1", }, - "Configuration": { - "EnvironmentVariables": "[{"name":"_PROJECT_CONFIG_HASH","type":"PLAINTEXT","value":"acb21dc20d80677abb3dba3261c1cc1775fbc085e7e223e4a6dc432bb2ddf685"}]", - "ProjectName": { + "Configuration": Object { + "EnvironmentVariables": "[{\\"name\\":\\"_PROJECT_CONFIG_HASH\\",\\"type\\":\\"PLAINTEXT\\",\\"value\\":\\"e94c841cdbb89a42d615fa2e3c04d988012ccd1baa3ab150b346d254ec6d6b1f\\"}]", + "ProjectName": Object { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6", }, }, - "InputArtifacts": [ - { + "InputArtifacts": Array [ + Object { "Name": "aws_samples_baseline_environment_on_aws_Source", }, ], "Name": "Synth", - "OutputArtifacts": [ - { + "OutputArtifacts": Array [ + Object { "Name": "Synth_Output", }, ], - "RoleArn": { - "Fn::GetAtt": [ + "RoleArn": Object { + "Fn::GetAtt": Array [ "PipelineCodeBuildActionRole226DB0CB", "Arn", ], @@ -98,29 +98,29 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` ], "Name": "Build", }, - { - "Actions": [ - { - "ActionTypeId": { + Object { + "Actions": Array [ + Object { + "ActionTypeId": Object { "Category": "Build", "Owner": "AWS", "Provider": "CodeBuild", "Version": "1", }, - "Configuration": { - "EnvironmentVariables": "[{"name":"_PROJECT_CONFIG_HASH","type":"PLAINTEXT","value":"4f67319bbdbc8a4822d92e1638b4210739b162975724041ca7db5f53bbcb763d"}]", - "ProjectName": { + "Configuration": Object { + "EnvironmentVariables": "[{\\"name\\":\\"_PROJECT_CONFIG_HASH\\",\\"type\\":\\"PLAINTEXT\\",\\"value\\":\\"685ee3453127134e4fd0bcd277fa53ca0f0d612b8970c5a9f096167f35bd3823\\"}]", + "ProjectName": Object { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400", }, }, - "InputArtifacts": [ - { + "InputArtifacts": Array [ + Object { "Name": "Synth_Output", }, ], "Name": "SelfMutate", - "RoleArn": { - "Fn::GetAtt": [ + "RoleArn": Object { + "Fn::GetAtt": Array [ "PipelineCodeBuildActionRole226DB0CB", "Arn", ], @@ -130,37 +130,37 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` ], "Name": "UpdatePipeline", }, - { - "Actions": [ - { - "ActionTypeId": { + Object { + "Actions": Array [ + Object { + "ActionTypeId": Object { "Category": "Deploy", "Owner": "AWS", "Provider": "CloudFormation", "Version": "1", }, - "Configuration": { + "Configuration": Object { "ActionMode": "CHANGE_SET_REPLACE", "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", "ChangeSetName": "PipelineChange", - "RoleArn": { - "Fn::Join": [ + "RoleArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":role/cdk-hnb659fds-cfn-exec-role-", - { + Object { "Ref": "AWS::AccountId", }, "-", - { + Object { "Ref": "AWS::Region", }, ], @@ -170,30 +170,30 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "TemplateConfiguration": "Synth_Output::assembly-Dev-BLEAGovBaseCtPipeilne-Dev/DevBLEAGovBaseCtPipeilneDevBLEAGovBaseCt843AF7BA.template.json.config.json", "TemplatePath": "Synth_Output::assembly-Dev-BLEAGovBaseCtPipeilne-Dev/DevBLEAGovBaseCtPipeilneDevBLEAGovBaseCt843AF7BA.template.json", }, - "InputArtifacts": [ - { + "InputArtifacts": Array [ + Object { "Name": "Synth_Output", }, ], "Name": "Prepare", - "RoleArn": { - "Fn::Join": [ + "RoleArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":role/cdk-hnb659fds-deploy-role-", - { + Object { "Ref": "AWS::AccountId", }, "-", - { + Object { "Ref": "AWS::Region", }, ], @@ -201,37 +201,37 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, "RunOrder": 1, }, - { - "ActionTypeId": { + Object { + "ActionTypeId": Object { "Category": "Deploy", "Owner": "AWS", "Provider": "CloudFormation", "Version": "1", }, - "Configuration": { + "Configuration": Object { "ActionMode": "CHANGE_SET_EXECUTE", "ChangeSetName": "PipelineChange", "StackName": "Dev-BLEAGovBaseCt", }, "Name": "Deploy", - "RoleArn": { - "Fn::Join": [ + "RoleArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":role/cdk-hnb659fds-deploy-role-", - { + Object { "Ref": "AWS::AccountId", }, "-", - { + Object { "Ref": "AWS::Region", }, ], @@ -246,19 +246,19 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, "Type": "AWS::CodePipeline::Pipeline", }, - "PipelineArtifactsBucketAEA9A052": { + "PipelineArtifactsBucketAEA9A052": Object { "DeletionPolicy": "Retain", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { + "Properties": Object { + "BucketEncryption": Object { + "ServerSideEncryptionConfiguration": Array [ + Object { + "ServerSideEncryptionByDefault": Object { "SSEAlgorithm": "aws:kms", }, }, ], }, - "PublicAccessBlockConfiguration": { + "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, @@ -268,37 +268,37 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "PipelineArtifactsBucketPolicyF53CCC52": { - "Properties": { - "Bucket": { + "PipelineArtifactsBucketPolicyF53CCC52": Object { + "Properties": Object { + "Bucket": Object { "Ref": "PipelineArtifactsBucketAEA9A052", }, - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "s3:*", - "Condition": { - "Bool": { + "Condition": Object { + "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -309,51 +309,51 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, ], }, - { - "Action": [ + Object { + "Action": Array [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":role/cdk-hnb659fds-deploy-role-", - { + Object { "Ref": "AWS::AccountId", }, "-", - { + Object { "Ref": "AWS::Region", }, ], ], }, }, - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -370,52 +370,52 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, "Type": "AWS::S3::BucketPolicy", }, - "PipelineBuildSynthCdkBuildProject6BEFA8E6": { - "Properties": { - "Artifacts": { + "PipelineBuildSynthCdkBuildProject6BEFA8E6": Object { + "Properties": Object { + "Artifacts": Object { "Type": "CODEPIPELINE", }, - "Cache": { + "Cache": Object { "Type": "NO_CACHE", }, "Description": "Pipeline step Dev-BLEAGovBaseCtPipeilne/Pipeline/Build/Synth", "EncryptionKey": "alias/aws/s3", - "Environment": { + "Environment": Object { "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", + "Image": "aws/codebuild/standard:6.0", "ImagePullCredentialsType": "CODEBUILD", "PrivilegedMode": false, "Type": "LINUX_CONTAINER", }, - "ServiceRole": { - "Fn::GetAtt": [ + "ServiceRole": Object { + "Fn::GetAtt": Array [ "PipelineBuildSynthCdkBuildProjectRole231EEA2A", "Arn", ], }, - "Source": { + "Source": Object { "BuildSpec": "{ - "version": "0.2", - "phases": { - "install": { - "commands": [ - "n stable", - "node --version", - "npm i -g npm", - "npm --version" + \\"version\\": \\"0.2\\", + \\"phases\\": { + \\"install\\": { + \\"commands\\": [ + \\"n stable\\", + \\"node --version\\", + \\"npm i -g npm\\", + \\"npm --version\\" ] }, - "build": { - "commands": [ - "npm ci --workspaces", - "cd usecases/blea-gov-base-ct", - "npx cdk synth --app \\"npx ts-node --prefer-ts-exts bin/blea-gov-base-ct-via-cdk-pipelines.ts\\" --all" + \\"build\\": { + \\"commands\\": [ + \\"npm ci --workspaces\\", + \\"cd usecases/blea-gov-base-ct\\", + \\"npx cdk synth --app \\\\\\"npx ts-node --prefer-ts-exts bin/blea-gov-base-ct-via-cdk-pipelines.ts\\\\\\" --all\\" ] } }, - "artifacts": { - "base-directory": "./usecases/blea-gov-base-ct/cdk.out", - "files": "**/*" + \\"artifacts\\": { + \\"base-directory\\": \\"./usecases/blea-gov-base-ct/cdk.out\\", + \\"files\\": \\"**/*\\" } }", "Type": "CODEPIPELINE", @@ -423,14 +423,14 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, "Type": "AWS::CodeBuild::Project", }, - "PipelineBuildSynthCdkBuildProjectRole231EEA2A": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "PipelineBuildSynthCdkBuildProjectRole231EEA2A": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "codebuild.amazonaws.com", }, }, @@ -440,43 +440,43 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ + "Resource": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":logs:ap-northeast-1:123456789012:log-group:/aws/codebuild/", - { + Object { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6", }, ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":logs:ap-northeast-1:123456789012:log-group:/aws/codebuild/", - { + Object { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6", }, ":*", @@ -485,8 +485,8 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, ], }, - { - "Action": [ + Object { + "Action": Array [ "codebuild:CreateReportGroup", "codebuild:CreateReport", "codebuild:UpdateReport", @@ -494,16 +494,16 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "codebuild:BatchPutCodeCoverages", ], "Effect": "Allow", - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":codebuild:ap-northeast-1:123456789012:report-group/", - { + Object { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6", }, "-*", @@ -511,8 +511,8 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` ], }, }, - { - "Action": [ + Object { + "Action": Array [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", @@ -525,19 +525,19 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "s3:Abort*", ], "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -552,24 +552,24 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A", }, ], }, "Type": "AWS::IAM::Policy", }, - "PipelineCodeBuildActionRole226DB0CB": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "PipelineCodeBuildActionRole226DB0CB": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ + "Principal": Object { + "AWS": Object { + "Fn::GetAtt": Array [ "PipelineRoleB27FAA37", "Arn", ], @@ -582,33 +582,33 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "PipelineCodeBuildActionRoleDefaultPolicy1D62A6FE": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "PipelineCodeBuildActionRoleDefaultPolicy1D62A6FE": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "codebuild:BatchGetBuilds", "codebuild:StartBuild", "codebuild:StopBuild", ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "PipelineBuildSynthCdkBuildProject6BEFA8E6", "Arn", ], }, }, - { - "Action": [ + Object { + "Action": Array [ "codebuild:BatchGetBuilds", "codebuild:StartBuild", "codebuild:StopBuild", ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "PipelineUpdatePipelineSelfMutationDAA41400", "Arn", ], @@ -618,22 +618,22 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "PipelineCodeBuildActionRoleDefaultPolicy1D62A6FE", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "PipelineCodeBuildActionRole226DB0CB", }, ], }, "Type": "AWS::IAM::Policy", }, - "PipelineRoleB27FAA37": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "PipelineRoleB27FAA37": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "codepipeline.amazonaws.com", }, }, @@ -643,12 +643,12 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "PipelineRoleDefaultPolicy7BDC1ABB": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "PipelineRoleDefaultPolicy7BDC1ABB": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", @@ -661,19 +661,19 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "s3:Abort*", ], "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -684,47 +684,47 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, ], }, - { + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRole1BD37B19", "Arn", ], }, }, - { + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "PipelineCodeBuildActionRole226DB0CB", "Arn", ], }, }, - { + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":role/cdk-hnb659fds-deploy-role-", - { + Object { "Ref": "AWS::AccountId", }, "-", - { + Object { "Ref": "AWS::Region", }, ], @@ -735,28 +735,28 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "PipelineRoleDefaultPolicy7BDC1ABB", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "PipelineRoleB27FAA37", }, ], }, "Type": "AWS::IAM::Policy", }, - "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRole1BD37B19": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRole1BD37B19": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::123456789012:root", @@ -771,17 +771,17 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRoleDefaultPolicy51E7124E": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { + "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRoleDefaultPolicy51E7124E": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "codestar-connections:UseConnection", "Effect": "Allow", "Resource": "arn:aws:codestar-connections:ap-northeast-1:xxxxxxxxxxxx:connection/example", }, - { - "Action": [ + Object { + "Action": Array [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", @@ -794,19 +794,19 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "s3:Abort*", ], "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -817,18 +817,18 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, ], }, - { - "Action": [ + Object { + "Action": Array [ "s3:PutObjectAcl", "s3:PutObjectVersionAcl", ], "Effect": "Allow", - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -842,49 +842,49 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRoleDefaultPolicy51E7124E", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRole1BD37B19", }, ], }, "Type": "AWS::IAM::Policy", }, - "PipelineUpdatePipelineSelfMutationDAA41400": { - "Properties": { - "Artifacts": { + "PipelineUpdatePipelineSelfMutationDAA41400": Object { + "Properties": Object { + "Artifacts": Object { "Type": "CODEPIPELINE", }, - "Cache": { + "Cache": Object { "Type": "NO_CACHE", }, "Description": "Pipeline step Dev-BLEAGovBaseCtPipeilne/Pipeline/UpdatePipeline/SelfMutate", "EncryptionKey": "alias/aws/s3", - "Environment": { + "Environment": Object { "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:7.0", + "Image": "aws/codebuild/standard:6.0", "ImagePullCredentialsType": "CODEBUILD", "PrivilegedMode": false, "Type": "LINUX_CONTAINER", }, - "ServiceRole": { - "Fn::GetAtt": [ + "ServiceRole": Object { + "Fn::GetAtt": Array [ "PipelineUpdatePipelineSelfMutationRole57E559E8", "Arn", ], }, - "Source": { + "Source": Object { "BuildSpec": "{ - "version": "0.2", - "phases": { - "install": { - "commands": [ - "npm install -g aws-cdk@2" + \\"version\\": \\"0.2\\", + \\"phases\\": { + \\"install\\": { + \\"commands\\": [ + \\"npm install -g aws-cdk@2\\" ] }, - "build": { - "commands": [ - "cdk -a . deploy Dev-BLEAGovBaseCtPipeilne --require-approval=never --verbose" + \\"build\\": { + \\"commands\\": [ + \\"cdk -a . deploy Dev-BLEAGovBaseCtPipeilne --require-approval=never --verbose\\" ] } } @@ -894,14 +894,14 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, "Type": "AWS::CodeBuild::Project", }, - "PipelineUpdatePipelineSelfMutationRole57E559E8": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "PipelineUpdatePipelineSelfMutationRole57E559E8": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "codebuild.amazonaws.com", }, }, @@ -911,43 +911,43 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ + "Resource": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":logs:ap-northeast-1:123456789012:log-group:/aws/codebuild/", - { + Object { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400", }, ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":logs:ap-northeast-1:123456789012:log-group:/aws/codebuild/", - { + Object { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400", }, ":*", @@ -956,8 +956,8 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` }, ], }, - { - "Action": [ + Object { + "Action": Array [ "codebuild:CreateReportGroup", "codebuild:CreateReport", "codebuild:UpdateReport", @@ -965,16 +965,16 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "codebuild:BatchPutCodeCoverages", ], "Effect": "Allow", - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":codebuild:ap-northeast-1:123456789012:report-group/", - { + Object { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400", }, "-*", @@ -982,11 +982,11 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` ], }, }, - { + Object { "Action": "sts:AssumeRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:ResourceTag/aws-cdk:bootstrap-role": [ + "Condition": Object { + "ForAnyValue:StringEquals": Object { + "iam:ResourceTag/aws-cdk:bootstrap-role": Array [ "image-publishing", "file-publishing", "deploy", @@ -996,36 +996,36 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "Effect": "Allow", "Resource": "arn:*:iam::123456789012:role/*", }, - { + Object { "Action": "cloudformation:DescribeStacks", "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -1040,8 +1040,8 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8", }, ], @@ -1049,22 +1049,22 @@ exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` "Type": "AWS::IAM::Policy", }, }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ + "Rules": Object { + "CheckBootstrapVersion": Object { + "Assertions": Array [ + Object { + "Assert": Object { + "Fn::Not": Array [ + Object { + "Fn::Contains": Array [ + Array [ "1", "2", "3", "4", "5", ], - { + Object { "Ref": "BootstrapVersion", }, ], diff --git a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-service-catalog.test.ts.snap b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-service-catalog.test.ts.snap index af45e81c3..601c4d4c5 100644 --- a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-service-catalog.test.ts.snap +++ b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-service-catalog.test.ts.snap @@ -1,48 +1,48 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for BLEGovABase Stack 1`] = ` -{ - "Parameters": { - "BootstrapVersion": { +Object { + "Parameters": Object { + "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": { - "Portfolio856A4190": { - "Properties": { + "Resources": Object { + "Portfolio856A4190": Object { + "Properties": Object { "DisplayName": "BLEA Baselines for Guest accounts", "ProviderName": "Platform team at Example Company", }, "Type": "AWS::ServiceCatalog::Portfolio", }, - "PortfolioPortfolioProductAssociationd2b2e10d104073565C5B": { - "Properties": { - "PortfolioId": { + "PortfolioPortfolioProductAssociationd2b2e10d104073565C5B": Object { + "Properties": Object { + "PortfolioId": Object { "Ref": "Portfolio856A4190", }, - "ProductId": { + "ProductId": Object { "Ref": "Product896941B4", }, }, "Type": "AWS::ServiceCatalog::PortfolioProductAssociation", }, - "PortfolioPortolioPrincipalAssociationd82fda574793DAB993CA": { - "Properties": { - "PortfolioId": { + "PortfolioPortolioPrincipalAssociationd82fda574793DAB993CA": Object { + "Properties": Object { + "PortfolioId": Object { "Ref": "Portfolio856A4190", }, - "PrincipalARN": { - "Fn::Join": [ + "PrincipalARN": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":role/AWSControlTowerExecution", @@ -53,16 +53,16 @@ exports[`Snapshot test for BLEGovABase Stack 1`] = ` }, "Type": "AWS::ServiceCatalog::PortfolioPrincipalAssociation", }, - "Product896941B4": { - "Properties": { + "Product896941B4": Object { + "Properties": Object { "Name": "BLEA Baseline", "Owner": "Platform team at Example Company", - "ProvisioningArtifactParameters": [ - { + "ProvisioningArtifactParameters": Array [ + Object { "DisableTemplateValidation": false, - "Info": { - "LoadTemplateFromURL": { - "Fn::Sub": "https://s3.\${AWS::Region}.\${AWS::URLSuffix}/cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}/f2afe5af21a8b0d7aadec724632274791c2b7d0cc4f78018f8ff48b5371ce183.json", + "Info": Object { + "LoadTemplateFromURL": Object { + "Fn::Sub": "https://s3.\${AWS::Region}.\${AWS::URLSuffix}/cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}/d2473f29ad002783e7c2dd6bda2c4e7286f9b3969d5f4f1fcb596801b8c9894c.json", }, }, "Name": "v1", @@ -72,22 +72,22 @@ exports[`Snapshot test for BLEGovABase Stack 1`] = ` "Type": "AWS::ServiceCatalog::CloudFormationProduct", }, }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ + "Rules": Object { + "CheckBootstrapVersion": Object { + "Assertions": Array [ + Object { + "Assert": Object { + "Fn::Not": Array [ + Object { + "Fn::Contains": Array [ + Array [ "1", "2", "3", "4", "5", ], - { + Object { "Ref": "BootstrapVersion", }, ], diff --git a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct.test.ts.snap b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct.test.ts.snap index 2c6ee2f8d..57ea19c79 100644 --- a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct.test.ts.snap +++ b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct.test.ts.snap @@ -1,50 +1,50 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` -{ - "Outputs": { - "ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152": { - "Export": { +Object { + "Outputs": Object { + "ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152": Object { + "Export": Object { "Name": "Dev-BLEAGovBaseCt:ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152", }, - "Value": { + "Value": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, }, }, - "Parameters": { - "BootstrapVersion": { + "Parameters": Object { + "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": { - "DetectionAlarmTopic36C4BB55": { + "Resources": Object { + "DetectionAlarmTopic36C4BB55": Object { "Type": "AWS::SNS::Topic", }, - "DetectionAlarmTopicPolicyDEB08BF4": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { + "DetectionAlarmTopicPolicyDEB08BF4": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sns:Publish", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudwatch.amazonaws.com", }, - "Resource": { + "Resource": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Sid": "0", }, - { + Object { "Action": "sns:Publish", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "events.amazonaws.com", }, - "Resource": { + "Resource": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Sid": "1", @@ -52,29 +52,29 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` ], "Version": "2012-10-17", }, - "Topics": [ - { + "Topics": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], }, "Type": "AWS::SNS::TopicPolicy", }, - "DetectionAwsHealthEventRule6825AFCC": { - "Properties": { + "DetectionAwsHealthEventRule6825AFCC": Object { + "Properties": Object { "Description": "Notify AWS Health event", - "EventPattern": { - "detail-type": [ + "EventPattern": Object { + "detail-type": Array [ "AWS Health Event", ], - "source": [ + "source": Array [ "aws.health", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -83,28 +83,28 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionCloudTrailChangeEventRuleA526075C": { - "Properties": { + "DetectionCloudTrailChangeEventRuleA526075C": Object { + "Properties": Object { "Description": "Notify to change on CloudTrail log configuration", - "EventPattern": { - "detail": { - "eventName": [ + "EventPattern": Object { + "detail": Object { + "eventName": Array [ "StopLogging", "DeleteTrail", "UpdateTrail", ], - "eventSource": [ + "eventSource": Array [ "cloudtrail.amazonaws.com", ], }, - "detail-type": [ + "detail-type": Array [ "AWS API Call via CloudTrail", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -113,31 +113,31 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionDefaultSgClosedEventRuleFB96D536": { - "Properties": { + "DetectionDefaultSgClosedEventRuleFB96D536": Object { + "Properties": Object { "Description": "CloudWatch Event Rule to send notification on Config Rule compliance changes.", - "EventPattern": { - "detail": { - "configRuleName": [ + "EventPattern": Object { + "detail": Object { + "configRuleName": Array [ "bb-default-security-group-closed", ], - "newEvaluationResult": { - "complianceType": [ + "newEvaluationResult": Object { + "complianceType": Array [ "NON_COMPLIANT", ], }, }, - "detail-type": [ + "detail-type": Array [ "Config Rules Compliance Change", ], - "source": [ + "source": Array [ "aws.config", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -146,35 +146,35 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionDefaultSgClosedRuleFED7310D": { - "Properties": { + "DetectionDefaultSgClosedRuleFED7310D": Object { + "Properties": Object { "ConfigRuleName": "bb-default-security-group-closed", "Description": "Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not allow inbound or outbound traffic. The rule is non-compliant if the default security group has one or more inbound or outbound traffic.", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::EC2::SecurityGroup", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "VPC_DEFAULT_SECURITY_GROUP_CLOSED", }, }, "Type": "AWS::Config::ConfigRule", }, - "DetectionDefaultSgRemediation21C0DB33": { - "Properties": { + "DetectionDefaultSgRemediation21C0DB33": Object { + "Properties": Object { "Automatic": true, - "ConfigRuleName": { + "ConfigRuleName": Object { "Ref": "DetectionDefaultSgClosedRuleFED7310D", }, "MaximumAutomaticAttempts": 5, - "Parameters": { - "AutomationAssumeRole": { - "StaticValue": { - "Values": [ - { - "Fn::GetAtt": [ + "Parameters": Object { + "AutomationAssumeRole": Object { + "StaticValue": Object { + "Values": Array [ + Object { + "Fn::GetAtt": Array [ "DetectionDefaultSgRemediationRoleAEF5626C", "Arn", ], @@ -182,8 +182,8 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` ], }, }, - "GroupId": { - "ResourceValue": { + "GroupId": Object { + "ResourceValue": Object { "Value": "RESOURCE_ID", }, }, @@ -195,33 +195,33 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Config::RemediationConfiguration", }, - "DetectionDefaultSgRemediationRoleAEF5626C": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "DetectionDefaultSgRemediationRoleAEF5626C": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ssm.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ + "ManagedPolicyArns": Array [ "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole", ], "Path": "/", }, "Type": "AWS::IAM::Role", }, - "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:DescribeSecurityGroups", @@ -229,17 +229,17 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "iam:PassRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "DetectionDefaultSgRemediationRoleAEF5626C", "Arn", ], }, }, - { + Object { "Action": "ssm:StartAutomationExecution", "Effect": "Allow", "Resource": "arn:aws:ssm:::automation-definition/AWSConfigRemediation-RemoveVPCDefaultSecurityGroupRules", @@ -248,20 +248,20 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "DetectionDefaultSgRemediationRoleAEF5626C", }, ], }, "Type": "AWS::IAM::Policy", }, - "DetectionGuardDutyEventRule60AAD2D7": { - "Properties": { + "DetectionGuardDutyEventRule60AAD2D7": Object { + "Properties": Object { "Description": "CloudWatch Event Rule to send notification on GuardDuty findings.", - "EventPattern": { - "detail": { - "severity": [ + "EventPattern": Object { + "detail": Object { + "severity": Array [ 4, 4, 4.1, @@ -319,17 +319,17 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` 8.9, ], }, - "detail-type": [ + "detail-type": Array [ "GuardDuty Finding", ], - "source": [ + "source": Array [ "aws.guardduty", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -338,11 +338,11 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionIAMPolicyChangeAlarm7DBC7A65": { - "Properties": { + "DetectionIAMPolicyChangeAlarm7DBC7A65": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -358,14 +358,14 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionIAMPolicyChangeFilterA31FCC40": { - "Properties": { + "DetectionIAMPolicyChangeFilterA31FCC40": Object { + "Properties": Object { "FilterPattern": "{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}", - "LogGroupName": { + "LogGroupName": Object { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": [ - { + "MetricTransformations": Array [ + Object { "MetricName": "IAMPolicyEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -374,12 +374,12 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionNetworkAclChangeEventRuleE99FF49F": { - "Properties": { + "DetectionNetworkAclChangeEventRuleE99FF49F": Object { + "Properties": Object { "Description": "Notify to create, update or delete a Network ACL.", - "EventPattern": { - "detail": { - "eventName": [ + "EventPattern": Object { + "detail": Object { + "eventName": Array [ "CreateNetworkAcl", "CreateNetworkAclEntry", "DeleteNetworkAcl", @@ -387,21 +387,21 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "ReplaceNetworkAclEntry", "ReplaceNetworkAclAssociation", ], - "eventSource": [ + "eventSource": Array [ "ec2.amazonaws.com", ], }, - "detail-type": [ + "detail-type": Array [ "AWS API Call via CloudTrail", ], - "source": [ + "source": Array [ "aws.ec2", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -410,11 +410,11 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionNewAccessKeyCreatedAlarm00969636": { - "Properties": { + "DetectionNewAccessKeyCreatedAlarm00969636": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -430,14 +430,14 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionNewAccessKeyCreatedFilter011F7D99": { - "Properties": { + "DetectionNewAccessKeyCreatedFilter011F7D99": Object { + "Properties": Object { "FilterPattern": "{($.eventName=CreateAccessKey)}", - "LogGroupName": { + "LogGroupName": Object { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": [ - { + "MetricTransformations": Array [ + Object { "MetricName": "NewAccessKeyCreatedEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -446,11 +446,11 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionRootUserActivityAlarm4B9356FC": { - "Properties": { + "DetectionRootUserActivityAlarm4B9356FC": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -466,14 +466,14 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionRootUserActivityFilter5C9C4989": { - "Properties": { - "FilterPattern": "{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}", - "LogGroupName": { + "DetectionRootUserActivityFilter5C9C4989": Object { + "Properties": Object { + "FilterPattern": "{$.userIdentity.type=\\"Root\\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !=\\"AwsServiceEvent\\"}", + "LogGroupName": Object { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": [ - { + "MetricTransformations": Array [ + Object { "MetricName": "RootUserPolicyEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -482,55 +482,55 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionSecurityAlarmEmail872B09F1": { - "Properties": { + "DetectionSecurityAlarmEmail872B09F1": Object { + "Properties": Object { "Endpoint": "notify-security@example.com", "Protocol": "email", - "TopicArn": { + "TopicArn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, }, "Type": "AWS::SNS::Subscription", }, - "DetectionSecurityHubEventRule95BEBD4F": { - "Properties": { + "DetectionSecurityHubEventRule95BEBD4F": Object { + "Properties": Object { "Description": "CloudWatch Event Rule to send notification on SecurityHub all new findings and all updates.", - "EventPattern": { - "detail": { - "findings": { - "Compliance": { - "Status": [ + "EventPattern": Object { + "detail": Object { + "findings": Object { + "Compliance": Object { + "Status": Array [ "FAILED", ], }, - "RecordState": [ + "RecordState": Array [ "ACTIVE", ], - "Severity": { - "Label": [ + "Severity": Object { + "Label": Array [ "CRITICAL", "HIGH", ], }, - "Workflow": { - "Status": [ + "Workflow": Object { + "Status": Array [ "NEW", "NOTIFIED", ], }, }, }, - "detail-type": [ + "detail-type": Array [ "Security Hub Findings - Imported", ], - "source": [ + "source": Array [ "aws.securityhub", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -539,32 +539,32 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionSgChangedEventRule80666B19": { - "Properties": { + "DetectionSgChangedEventRule80666B19": Object { + "Properties": Object { "Description": "Notify to create, update or delete a Security Group.", - "EventPattern": { - "detail": { - "eventName": [ + "EventPattern": Object { + "detail": Object { + "eventName": Array [ "AuthorizeSecurityGroupIngress", "AuthorizeSecurityGroupEgress", "RevokeSecurityGroupIngress", "RevokeSecurityGroupEgress", ], - "eventSource": [ + "eventSource": Array [ "ec2.amazonaws.com", ], }, - "detail-type": [ + "detail-type": Array [ "AWS API Call via CloudTrail", ], - "source": [ + "source": Array [ "aws.ec2", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -573,11 +573,11 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionUnauthorizedAttemptsAlarmB897676B": { - "Properties": { + "DetectionUnauthorizedAttemptsAlarmB897676B": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -593,14 +593,14 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionUnauthorizedAttemptsFilterCA20EEAA": { - "Properties": { - "FilterPattern": "{($.errorCode = "*UnauthorizedOperation" || $.errorCode = "AccessDenied*") && ($.eventName != "Decrypt" || $.userIdentity.invokedBy != "config.amazonaws.com" )}", - "LogGroupName": { + "DetectionUnauthorizedAttemptsFilterCA20EEAA": Object { + "Properties": Object { + "FilterPattern": "{($.errorCode = \\"*UnauthorizedOperation\\" || $.errorCode = \\"AccessDenied*\\") && ($.eventName != \\"Decrypt\\" || $.userIdentity.invokedBy != \\"config.amazonaws.com\\" )}", + "LogGroupName": Object { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": [ - { + "MetricTransformations": Array [ + Object { "MetricName": "UnauthorizedAttemptsEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -609,103 +609,186 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::Logs::MetricFilter", }, - "IamIamAdminGroup25000CB5": { - "Properties": { - "ManagedPolicyArns": [ - { + "IamIamAdminGroup25000CB5": Object { + "Properties": Object { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamIamAdminPolicy7A593281", }, ], }, "Type": "AWS::IAM::Group", }, - "IamIamAdminPolicy7A593281": { - "Properties": { + "IamIamAdminPolicy7A593281": Object { + "Properties": Object { "Description": "", "Path": "/", - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "iam:*", - "Condition": { - "Bool": { + "Condition": Object { + "Bool": Object { "aws:MultiFactorAuthPresent": "true", }, }, "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, + Object { + "Action": Array [ + "account:GetAccountInformation", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetContractInformation", + "billing:GetCredits", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", + "billing:PutContractInformation", + "billing:RedeemCredits", + "billing:UpdateBillingPreferences", + "ce:CreateAnomalyMonitor", + "ce:CreateAnomalySubscription", + "ce:CreateNotificationSubscription", + "ce:CreateReport", + "ce:DeleteAnomalyMonitor", + "ce:DeleteAnomalySubscription", + "ce:DeleteNotificationSubscription", + "ce:DeleteReport", + "ce:DescribeNotificationSubscription", + "ce:DescribeReport", + "ce:GetAnomalies", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:GetCostAndUsage", + "ce:GetCostAndUsageWithResources", + "ce:GetCostCategories", + "ce:GetCostForecast", + "ce:GetDimensionValues", + "ce:GetPreferences", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetRightsizingRecommendation", + "ce:GetSavingsPlansCoverage", + "ce:GetSavingsPlansPurchaseRecommendation", + "ce:GetSavingsPlansUtilization", + "ce:GetSavingsPlansUtilizationDetails", + "ce:GetTags", + "ce:GetUsageForecast", + "ce:ListCostAllocationTags", + "ce:ListSavingsPlansPurchaseRecommendationGeneration", + "ce:ProvideAnomalyFeedback", + "ce:StartSavingsPlansPurchaseRecommendationGeneration", + "ce:UpdateAnomalyMonitor", + "ce:UpdateAnomalySubscription", + "ce:UpdateCostAllocationTagsStatus", + "ce:UpdateNotificationSubscription", + "ce:UpdatePreferences", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:PutClassicReportPreferences", + "cur:ValidateReportDestination", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", + "freetier:PutFreeTierAlertPreference", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", + "invoicing:PutInvoiceEmailDeliveryPreferences", + "payments:CreatePaymentInstrument", + "payments:DeletePaymentInstrument", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "payments:MakePayment", + "payments:UpdatePaymentPreferences", + "tax:BatchPutTaxRegistration", + "tax:DeleteTaxRegistration", + "tax:GetTaxInheritance", + "tax:GetTaxRegistrationDocument", + "tax:ListTaxRegistrations", + "tax:PutTaxInheritance", + ], + "Effect": "Deny", + "Resource": "*", + }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamIamAdminRole4B2B80CC": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "IamIamAdminRole4B2B80CC": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamIamAdminPolicy7A593281", }, ], }, "Type": "AWS::IAM::Role", }, - "IamInstanceOpsGroup05587F7C": { - "Properties": { - "ManagedPolicyArns": [ - { + "IamInstanceOpsGroup05587F7C": Object { + "Properties": Object { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamInstanceOpsPolicy3A664659", }, ], }, "Type": "AWS::IAM::Group", }, - "IamInstanceOpsPolicy3A664659": { - "Properties": { + "IamInstanceOpsPolicy3A664659": Object { + "Properties": Object { "Description": "", "Path": "/", - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "ec2:*", "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "elasticloadbalancing:*", "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "cloudwatch:*", "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "autoscaling:*", "Effect": "Allow", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "ec2:CreateVpc*", "ec2:DeleteVpc*", "ec2:ModifyVpc*", @@ -729,13 +812,96 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "Effect": "Deny", "Resource": "*", }, - { + Object { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ + "account:GetAccountInformation", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetContractInformation", + "billing:GetCredits", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", + "billing:PutContractInformation", + "billing:RedeemCredits", + "billing:UpdateBillingPreferences", + "ce:CreateAnomalyMonitor", + "ce:CreateAnomalySubscription", + "ce:CreateNotificationSubscription", + "ce:CreateReport", + "ce:DeleteAnomalyMonitor", + "ce:DeleteAnomalySubscription", + "ce:DeleteNotificationSubscription", + "ce:DeleteReport", + "ce:DescribeNotificationSubscription", + "ce:DescribeReport", + "ce:GetAnomalies", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:GetCostAndUsage", + "ce:GetCostAndUsageWithResources", + "ce:GetCostCategories", + "ce:GetCostForecast", + "ce:GetDimensionValues", + "ce:GetPreferences", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetRightsizingRecommendation", + "ce:GetSavingsPlansCoverage", + "ce:GetSavingsPlansPurchaseRecommendation", + "ce:GetSavingsPlansUtilization", + "ce:GetSavingsPlansUtilizationDetails", + "ce:GetTags", + "ce:GetUsageForecast", + "ce:ListCostAllocationTags", + "ce:ListSavingsPlansPurchaseRecommendationGeneration", + "ce:ProvideAnomalyFeedback", + "ce:StartSavingsPlansPurchaseRecommendationGeneration", + "ce:UpdateAnomalyMonitor", + "ce:UpdateAnomalySubscription", + "ce:UpdateCostAllocationTagsStatus", + "ce:UpdateNotificationSubscription", + "ce:UpdatePreferences", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:PutClassicReportPreferences", + "cur:ValidateReportDestination", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", + "freetier:PutFreeTierAlertPreference", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", + "invoicing:PutInvoiceEmailDeliveryPreferences", + "payments:CreatePaymentInstrument", + "payments:DeletePaymentInstrument", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "payments:MakePayment", + "payments:UpdatePaymentPreferences", + "tax:BatchPutTaxRegistration", + "tax:DeleteTaxRegistration", + "tax:GetTaxInheritance", + "tax:GetTaxRegistrationDocument", + "tax:ListTaxRegistrations", + "tax:PutTaxInheritance", + ], + "Effect": "Deny", + "Resource": "*", + }, + Object { + "Action": Array [ "kms:Create*", "kms:Revoke*", "kms:Enable*", @@ -754,46 +920,46 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamInstanceOpsRole580371E4": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "IamInstanceOpsRole580371E4": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamInstanceOpsPolicy3A664659", }, ], }, "Type": "AWS::IAM::Role", }, - "IamReadOnlyAdminGroupEA35CD95": { - "Properties": { - "ManagedPolicyArns": [ - { + "IamReadOnlyAdminGroupEA35CD95": Object { + "Properties": Object { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamReadOnlyAdminPolicyB7107EA2", }, ], }, "Type": "AWS::IAM::Group", }, - "IamReadOnlyAdminPolicyB7107EA2": { - "Properties": { + "IamReadOnlyAdminPolicyB7107EA2": Object { + "Properties": Object { "Description": "", "Path": "/", - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "appstream:Get*", "autoscaling:Describe*", "cloudformation:DescribeStacks", @@ -858,58 +1024,141 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, + Object { + "Action": Array [ + "account:GetAccountInformation", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetContractInformation", + "billing:GetCredits", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", + "billing:PutContractInformation", + "billing:RedeemCredits", + "billing:UpdateBillingPreferences", + "ce:CreateAnomalyMonitor", + "ce:CreateAnomalySubscription", + "ce:CreateNotificationSubscription", + "ce:CreateReport", + "ce:DeleteAnomalyMonitor", + "ce:DeleteAnomalySubscription", + "ce:DeleteNotificationSubscription", + "ce:DeleteReport", + "ce:DescribeNotificationSubscription", + "ce:DescribeReport", + "ce:GetAnomalies", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:GetCostAndUsage", + "ce:GetCostAndUsageWithResources", + "ce:GetCostCategories", + "ce:GetCostForecast", + "ce:GetDimensionValues", + "ce:GetPreferences", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetRightsizingRecommendation", + "ce:GetSavingsPlansCoverage", + "ce:GetSavingsPlansPurchaseRecommendation", + "ce:GetSavingsPlansUtilization", + "ce:GetSavingsPlansUtilizationDetails", + "ce:GetTags", + "ce:GetUsageForecast", + "ce:ListCostAllocationTags", + "ce:ListSavingsPlansPurchaseRecommendationGeneration", + "ce:ProvideAnomalyFeedback", + "ce:StartSavingsPlansPurchaseRecommendationGeneration", + "ce:UpdateAnomalyMonitor", + "ce:UpdateAnomalySubscription", + "ce:UpdateCostAllocationTagsStatus", + "ce:UpdateNotificationSubscription", + "ce:UpdatePreferences", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:PutClassicReportPreferences", + "cur:ValidateReportDestination", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", + "freetier:PutFreeTierAlertPreference", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", + "invoicing:PutInvoiceEmailDeliveryPreferences", + "payments:CreatePaymentInstrument", + "payments:DeletePaymentInstrument", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "payments:MakePayment", + "payments:UpdatePaymentPreferences", + "tax:BatchPutTaxRegistration", + "tax:DeleteTaxRegistration", + "tax:GetTaxInheritance", + "tax:GetTaxRegistrationDocument", + "tax:ListTaxRegistrations", + "tax:PutTaxInheritance", + ], + "Effect": "Deny", + "Resource": "*", + }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamReadOnlyAdminRoleD519CCF3": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "IamReadOnlyAdminRoleD519CCF3": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamReadOnlyAdminPolicyB7107EA2", }, ], }, "Type": "AWS::IAM::Role", }, - "IamSysAdminGroup3543FAD1": { - "Properties": { - "ManagedPolicyArns": [ - { + "IamSysAdminGroup3543FAD1": Object { + "Properties": Object { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamSysAdminPolicy03754AB3", }, ], }, "Type": "AWS::IAM::Group", }, - "IamSysAdminPolicy03754AB3": { - "Properties": { + "IamSysAdminPolicy03754AB3": Object { + "Properties": Object { "Description": "", "Path": "/", - "PolicyDocument": { - "Statement": [ - { - "Condition": { - "Bool": { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Condition": Object { + "Bool": Object { "aws:MultiFactorAuthPresent": "true", }, }, @@ -917,13 +1166,96 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "NotAction": "iam:*", "Resource": "*", }, - { + Object { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ + "account:GetAccountInformation", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetContractInformation", + "billing:GetCredits", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", + "billing:PutContractInformation", + "billing:RedeemCredits", + "billing:UpdateBillingPreferences", + "ce:CreateAnomalyMonitor", + "ce:CreateAnomalySubscription", + "ce:CreateNotificationSubscription", + "ce:CreateReport", + "ce:DeleteAnomalyMonitor", + "ce:DeleteAnomalySubscription", + "ce:DeleteNotificationSubscription", + "ce:DeleteReport", + "ce:DescribeNotificationSubscription", + "ce:DescribeReport", + "ce:GetAnomalies", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:GetCostAndUsage", + "ce:GetCostAndUsageWithResources", + "ce:GetCostCategories", + "ce:GetCostForecast", + "ce:GetDimensionValues", + "ce:GetPreferences", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetRightsizingRecommendation", + "ce:GetSavingsPlansCoverage", + "ce:GetSavingsPlansPurchaseRecommendation", + "ce:GetSavingsPlansUtilization", + "ce:GetSavingsPlansUtilizationDetails", + "ce:GetTags", + "ce:GetUsageForecast", + "ce:ListCostAllocationTags", + "ce:ListSavingsPlansPurchaseRecommendationGeneration", + "ce:ProvideAnomalyFeedback", + "ce:StartSavingsPlansPurchaseRecommendationGeneration", + "ce:UpdateAnomalyMonitor", + "ce:UpdateAnomalySubscription", + "ce:UpdateCostAllocationTagsStatus", + "ce:UpdateNotificationSubscription", + "ce:UpdatePreferences", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:PutClassicReportPreferences", + "cur:ValidateReportDestination", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", + "freetier:PutFreeTierAlertPreference", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", + "invoicing:PutInvoiceEmailDeliveryPreferences", + "payments:CreatePaymentInstrument", + "payments:DeletePaymentInstrument", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "payments:MakePayment", + "payments:UpdatePaymentPreferences", + "tax:BatchPutTaxRegistration", + "tax:DeleteTaxRegistration", + "tax:GetTaxInheritance", + "tax:GetTaxRegistrationDocument", + "tax:ListTaxRegistrations", + "tax:PutTaxInheritance", + ], + "Effect": "Deny", + "Resource": "*", + }, + Object { + "Action": Array [ "cloudtrail:DeleteTrail", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail", @@ -931,8 +1263,8 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "Effect": "Deny", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Create*", "kms:Revoke*", "kms:Enable*", @@ -951,84 +1283,84 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamSysAdminRoleB0EE4AA6": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "IamSysAdminRoleB0EE4AA6": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamSysAdminPolicy03754AB3", }, ], }, "Type": "AWS::IAM::Role", }, - "LoggingCloudTrail44E92DB9": { - "DependsOn": [ + "LoggingCloudTrail44E92DB9": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrailBucketPolicy4004472F", ], - "Properties": { - "CloudWatchLogsLogGroupArn": { - "Fn::GetAtt": [ + "Properties": Object { + "CloudWatchLogsLogGroupArn": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailLogGroupEFC12822", "Arn", ], }, - "CloudWatchLogsRoleArn": { - "Fn::GetAtt": [ + "CloudWatchLogsRoleArn": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailLogsRoleE1DD6030", "Arn", ], }, "EnableLogFileValidation": true, - "EventSelectors": [], + "EventSelectors": Array [], "IncludeGlobalServiceEvents": true, "IsLogging": true, "IsMultiRegionTrail": true, - "KMSKeyId": { - "Fn::GetAtt": [ + "KMSKeyId": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailKey43327553", "Arn", ], }, - "S3BucketName": { + "S3BucketName": Object { "Ref": "LoggingCloudTrailBucket7560781D", }, }, "Type": "AWS::CloudTrail::Trail", }, - "LoggingCloudTrailAccessLogBucketA7B773C8": { + "LoggingCloudTrailAccessLogBucketA7B773C8": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "AccessControl": "LogDeliveryWrite", - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { + "BucketEncryption": Object { + "ServerSideEncryptionConfiguration": Array [ + Object { + "ServerSideEncryptionByDefault": Object { "SSEAlgorithm": "AES256", }, }, ], }, - "LifecycleConfiguration": { - "Rules": [ - { + "LifecycleConfiguration": Object { + "Rules": Array [ + Object { "ExpirationInDays": 2555, "Status": "Enabled", - "Transitions": [ - { + "Transitions": Array [ + Object { "StorageClass": "GLACIER", "TransitionInDays": 90, }, @@ -1036,57 +1368,57 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, ], }, - "OwnershipControls": { - "Rules": [ - { + "OwnershipControls": Object { + "Rules": Array [ + Object { "ObjectOwnership": "ObjectWriter", }, ], }, - "PublicAccessBlockConfiguration": { + "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, - "VersioningConfiguration": { + "VersioningConfiguration": Object { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailAccessLogBucketPolicyE58866E2": { - "Properties": { - "Bucket": { + "LoggingCloudTrailAccessLogBucketPolicyE58866E2": Object { + "Properties": Object { + "Bucket": Object { "Ref": "LoggingCloudTrailAccessLogBucketA7B773C8", }, - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "s3:*", - "Condition": { - "Bool": { + "Condition": Object { + "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], @@ -1097,18 +1429,18 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, ], }, - { + Object { "Action": "s3:Delete*", "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], @@ -1125,60 +1457,60 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::S3::BucketPolicy", }, - "LoggingCloudTrailBucket7560781D": { + "LoggingCloudTrailBucket7560781D": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "AccessControl": "Private", - "LoggingConfiguration": { - "DestinationBucketName": { + "LoggingConfiguration": Object { + "DestinationBucketName": Object { "Ref": "LoggingCloudTrailAccessLogBucketA7B773C8", }, "LogFilePrefix": "cloudtraillogs", }, - "PublicAccessBlockConfiguration": { + "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, - "VersioningConfiguration": { + "VersioningConfiguration": Object { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailBucketPolicy4004472F": { - "Properties": { - "Bucket": { + "LoggingCloudTrailBucketPolicy4004472F": Object { + "Properties": Object { + "Bucket": Object { "Ref": "LoggingCloudTrailBucket7560781D", }, - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "s3:*", - "Condition": { - "Bool": { + "Condition": Object { + "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailBucket7560781D", "Arn", ], @@ -1189,18 +1521,18 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, ], }, - { + Object { "Action": "s3:Delete*", "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailBucket7560781D", "Arn", ], @@ -1211,42 +1543,42 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Sid": "Restrict Delete* Actions", }, - { + Object { "Action": "s3:GetBucketAcl", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudtrail.amazonaws.com", }, - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, }, - { + Object { "Action": "s3:PutObject", - "Condition": { - "StringEquals": { + "Condition": Object { + "StringEquals": Object { "s3:x-amz-acl": "bucket-owner-full-control", }, }, "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudtrail.amazonaws.com", }, - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, "/AWSLogs/", - { + Object { "Ref": "AWS::AccountId", }, "/*", @@ -1260,27 +1592,27 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::S3::BucketPolicy", }, - "LoggingCloudTrailKey43327553": { + "LoggingCloudTrailKey43327553": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "Description": "BLEA Governance Base: CMK for CloudTrail", "EnableKeyRotation": true, - "KeyPolicy": { - "Statement": [ - { + "KeyPolicy": Object { + "Statement": Array [ + Object { "Action": "kms:*", "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":root", @@ -1290,17 +1622,17 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Resource": "*", }, - { + Object { "Action": "kms:GenerateDataKey*", - "Condition": { - "StringLike": { - "kms:EncryptionContext:aws:cloudtrail:arn": [ - { - "Fn::Join": [ + "Condition": Object { + "StringLike": Object { + "kms:EncryptionContext:aws:cloudtrail:arn": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:aws:cloudtrail:*:", - { + Object { "Ref": "AWS::AccountId", }, ":trail/*", @@ -1311,38 +1643,38 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, }, "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudtrail.amazonaws.com", }, "Resource": "*", }, - { + Object { "Action": "kms:DescribeKey", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudtrail.amazonaws.com", }, "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Decrypt", "kms:ReEncryptFrom", ], - "Condition": { - "StringEquals": { - "kms:CallerAccount": { + "Condition": Object { + "StringEquals": Object { + "kms:CallerAccount": Object { "Ref": "AWS::AccountId", }, }, - "StringLike": { - "kms:EncryptionContext:aws:cloudtrail:arn": [ - { - "Fn::Join": [ + "StringLike": Object { + "kms:EncryptionContext:aws:cloudtrail:arn": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:aws:cloudtrail:*:", - { + Object { "Ref": "AWS::AccountId", }, ":trail/*", @@ -1353,31 +1685,31 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, }, "Effect": "Allow", - "Principal": { + "Principal": Object { "AWS": "*", }, "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*", ], - "Condition": { - "ArnEquals": { - "kms:EncryptionContext:aws:logs:arn": { - "Fn::Join": [ + "Condition": Object { + "ArnEquals": Object { + "kms:EncryptionContext:aws:logs:arn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:aws:logs:", - { + Object { "Ref": "AWS::Region", }, ":", - { + Object { "Ref": "AWS::AccountId", }, ":log-group:*", @@ -1387,17 +1719,17 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, }, "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ + "Principal": Object { + "Service": Object { + "Fn::Join": Array [ "", - [ + Array [ "logs.", - { + Object { "Ref": "AWS::Region", }, ".", - { + Object { "Ref": "AWS::URLSuffix", }, ], @@ -1413,11 +1745,11 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailKeyAlias65A5FEEA": { - "Properties": { + "LoggingCloudTrailKeyAlias65A5FEEA": Object { + "Properties": Object { "AliasName": "alias/DevBLEAGovBaseCtLogging339675FD", - "TargetKeyId": { - "Fn::GetAtt": [ + "TargetKeyId": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailKey43327553", "Arn", ], @@ -1425,11 +1757,11 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::KMS::Alias", }, - "LoggingCloudTrailLogGroupEFC12822": { + "LoggingCloudTrailLogGroupEFC12822": Object { "DeletionPolicy": "Retain", - "Properties": { - "KmsKeyId": { - "Fn::GetAtt": [ + "Properties": Object { + "KmsKeyId": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailKey43327553", "Arn", ], @@ -1439,18 +1771,18 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "logs:PutLogEvents", "logs:CreateLogStream", ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailLogGroupEFC12822", "Arn", ], @@ -1460,22 +1792,22 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "LoggingCloudTrailLogsRoleE1DD6030", }, ], }, "Type": "AWS::IAM::Policy", }, - "LoggingCloudTrailLogsRoleE1DD6030": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "LoggingCloudTrailLogsRoleE1DD6030": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudtrail.amazonaws.com", }, }, @@ -1485,58 +1817,58 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "NotificationChatbotChannel053BCEF2": { - "Properties": { + "NotificationChatbotChannel053BCEF2": Object { + "Properties": Object { "ConfigurationName": "DevBLEAGovBaseCtNotification4A8C14EC", - "IamRoleArn": { - "Fn::GetAtt": [ + "IamRoleArn": Object { + "Fn::GetAtt": Array [ "NotificationChatbotRole9B60F7B3", "Arn", ], }, "SlackChannelId": "C00XXXXXXXX", "SlackWorkspaceId": "T8XXXXXXX", - "SnsTopicArns": [ - { + "SnsTopicArns": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], }, "Type": "AWS::Chatbot::SlackChannelConfiguration", }, - "NotificationChatbotRole9B60F7B3": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "NotificationChatbotRole9B60F7B3": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "chatbot.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/ReadOnlyAccess", ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchReadOnlyAccess", @@ -1548,22 +1880,22 @@ exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` "Type": "AWS::IAM::Role", }, }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ + "Rules": Object { + "CheckBootstrapVersion": Object { + "Assertions": Array [ + Object { + "Assert": Object { + "Fn::Not": Array [ + Object { + "Fn::Contains": Array [ + Array [ "1", "2", "3", "4", "5", ], - { + Object { "Ref": "BootstrapVersion", }, ], diff --git a/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap b/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap index ecc42ef3a..cedffc6a2 100644 --- a/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap +++ b/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap @@ -1,27 +1,27 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` -{ - "Outputs": { - "ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152": { - "Export": { +Object { + "Outputs": Object { + "ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152": Object { + "Export": Object { "Name": "Dev-BLEABaseStandalone:ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152", }, - "Value": { + "Value": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, }, }, - "Parameters": { - "BootstrapVersion": { + "Parameters": Object { + "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": { - "CheckForEbsOptimizedInstance": { - "DependsOn": [ + "Resources": Object { + "CheckForEbsOptimizedInstance": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -38,23 +38,23 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForEbsOptimizedInstance", "Description": "Disallow launch of EC2 instance types that are not EBS-optimized - Checks whether EBS optimization is enabled for your EC2 instances that can be EBS-optimized", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::EC2::Instance", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "EBS_OPTIMIZED_INSTANCE", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForEc2VolumesInUse": { - "DependsOn": [ + "CheckForEc2VolumesInUse": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -71,26 +71,26 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForEc2VolumesInUs", "Description": "Disallow EBS volumes that are unattached to an EC2 instance - Checks whether EBS volumes are attached to EC2 instances", - "InputParameters": { + "InputParameters": Object { "deleteOnTermination": true, }, - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::EC2::Volume", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "EC2_VOLUME_INUSE_CHECK", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForEncryptedVolumes": { - "DependsOn": [ + "CheckForEncryptedVolumes": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -107,23 +107,23 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForEncryptedVolumes", "Description": "Enable encryption for EBS volumes attached to EC2 instances - Checks whether EBS volumes that are in an attached state are encrypted.", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::EC2::Volume", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "ENCRYPTED_VOLUMES", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForIAMUserConsoleMFA": { - "DependsOn": [ + "CheckForIAMUserConsoleMFA": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -140,19 +140,19 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForIAMUserConsoleMFA", "Description": "Disallow console access to IAM users without MFA - Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all AWS Identity and Access Management (IAM) users that use a console password. The rule is COMPLIANT if MFA is enabled.", "MaximumExecutionFrequency": "One_Hour", - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForIAMUserMFA": { - "DependsOn": [ + "CheckForIAMUserMFA": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -169,19 +169,19 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForIAMUserMFA", "Description": "Disallow access to IAM users without MFA - Checks whether the AWS Identity and Access Management users have multi-factor authentication (MFA) enabled. The rule is COMPLIANT if MFA is enabled.", "MaximumExecutionFrequency": "One_Hour", - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "IAM_USER_MFA_ENABLED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForPublicRdsSnapshots": { - "DependsOn": [ + "CheckForPublicRdsSnapshots": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -198,23 +198,23 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForPublicRdsSnapshots", "Description": "Disallow public access to RDS database snapshots - Checks if Amazon Relational Database Service (Amazon RDS) snapshots are public. The rule is non-compliant if any existing and new Amazon RDS snapshots are public.", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::RDS::DBSnapshot", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "RDS_SNAPSHOTS_PUBLIC_PROHIBITED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForRdsPublicAccess": { - "DependsOn": [ + "CheckForRdsPublicAccess": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -231,23 +231,23 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForRdsPublicAccess", "Description": "Disallow public access to RDS database instances - Checks whether the Amazon Relational Database Service (RDS) instances are not publicly accessible. The rule is non-compliant if the publiclyAccessible field is true in the instance configuration item.", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::RDS::DBInstance", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "RDS_INSTANCE_PUBLIC_ACCESS_CHECK", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForRdsStorageEncryption": { - "DependsOn": [ + "CheckForRdsStorageEncryption": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -264,23 +264,23 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForRdsStorageEncryption", "Description": "Disallow RDS database instances that are not storage encrypted - Checks whether storage encryption is enabled for your RDS DB instances.", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::RDS::DBInstance", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "RDS_STORAGE_ENCRYPTED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForRestrictedCommonPortsPolicy": { - "DependsOn": [ + "CheckForRestrictedCommonPortsPolicy": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -297,30 +297,30 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForRestrictedCommonPortsPolicy", "Description": "Disallow internet connection through RDP - Checks whether security groups that are in use disallow unrestricted incoming TCP traffic to the specified ports.", - "InputParameters": { + "InputParameters": Object { "blockedPort1": 20, "blockedPort2": 21, "blockedPort3": 3389, "blockedPort4": 3306, "blockedPort5": 4333, }, - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::EC2::SecurityGroup", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "RESTRICTED_INCOMING_TRAFFIC", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForRestrictedSshPolicy": { - "DependsOn": [ + "CheckForRestrictedSshPolicy": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -337,23 +337,23 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForRestrictedSshPolicy", "Description": "Disallow internet connection through SSH - Checks whether security groups that are in use disallow unrestricted incoming SSH traffic.", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::EC2::SecurityGroup", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "INCOMING_SSH_DISABLED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForRootMfa": { - "DependsOn": [ + "CheckForRootMfa": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -370,19 +370,19 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForRootMfa", "Description": "Enable MFA for the root user - Checks whether the root user of your AWS account requires multi-factor authentication for console sign-in.", "MaximumExecutionFrequency": "One_Hour", - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "ROOT_ACCOUNT_MFA_ENABLED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForS3PublicRead": { - "DependsOn": [ + "CheckForS3PublicRead": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -399,23 +399,23 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForS3PublicRead", "Description": "Disallow public read access to S3 buckets - Checks that your S3 buckets do not allow public read access. If an S3 bucket policy or bucket ACL allows public read access, the bucket is noncompliant.", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::S3::Bucket", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "S3_BUCKET_PUBLIC_READ_PROHIBITED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForS3PublicWrite": { - "DependsOn": [ + "CheckForS3PublicWrite": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -432,23 +432,23 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForS3PublicWrite", "Description": "Disallow public write access to S3 buckets - Checks that your S3 buckets do not allow public write access. If an S3 bucket policy or bucket ACL allows public write access, the bucket is noncompliant.", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::S3::Bucket", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "S3_BUCKET_PUBLIC_WRITE_PROHIBITED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForS3VersioningEnabled": { - "DependsOn": [ + "CheckForS3VersioningEnabled": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -465,23 +465,23 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "CheckForS3VersioningEnabled", "Description": "Disallow S3 buckets that are not versioning enabled - Checks whether versioning is enabled for your S3 buckets.", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::S3::Bucket", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "S3_BUCKET_VERSIONING_ENABLED", }, }, "Type": "AWS::Config::ConfigRule", }, - "DetectionAlarmTopic36C4BB55": { - "DependsOn": [ + "DetectionAlarmTopic36C4BB55": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -500,8 +500,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` ], "Type": "AWS::SNS::Topic", }, - "DetectionAlarmTopicPolicyDEB08BF4": { - "DependsOn": [ + "DetectionAlarmTopicPolicyDEB08BF4": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -518,27 +518,27 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { - "PolicyDocument": { - "Statement": [ - { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sns:Publish", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudwatch.amazonaws.com", }, - "Resource": { + "Resource": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Sid": "0", }, - { + Object { "Action": "sns:Publish", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "events.amazonaws.com", }, - "Resource": { + "Resource": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Sid": "1", @@ -546,16 +546,16 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` ], "Version": "2012-10-17", }, - "Topics": [ - { + "Topics": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], }, "Type": "AWS::SNS::TopicPolicy", }, - "DetectionAwsHealthEventRule6825AFCC": { - "DependsOn": [ + "DetectionAwsHealthEventRule6825AFCC": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -572,20 +572,20 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "Description": "Notify AWS Health event", - "EventPattern": { - "detail-type": [ + "EventPattern": Object { + "detail-type": Array [ "AWS Health Event", ], - "source": [ + "source": Array [ "aws.health", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -594,8 +594,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionCloudTrailChangeEventRuleA526075C": { - "DependsOn": [ + "DetectionCloudTrailChangeEventRuleA526075C": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -612,27 +612,27 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "Description": "Notify to change on CloudTrail log configuration", - "EventPattern": { - "detail": { - "eventName": [ + "EventPattern": Object { + "detail": Object { + "eventName": Array [ "StopLogging", "DeleteTrail", "UpdateTrail", ], - "eventSource": [ + "eventSource": Array [ "cloudtrail.amazonaws.com", ], }, - "detail-type": [ + "detail-type": Array [ "AWS API Call via CloudTrail", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -641,8 +641,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionDefaultSgClosedEventRuleFB96D536": { - "DependsOn": [ + "DetectionDefaultSgClosedEventRuleFB96D536": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -659,30 +659,30 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "Description": "CloudWatch Event Rule to send notification on Config Rule compliance changes.", - "EventPattern": { - "detail": { - "configRuleName": [ + "EventPattern": Object { + "detail": Object { + "configRuleName": Array [ "bb-default-security-group-closed", ], - "newEvaluationResult": { - "complianceType": [ + "newEvaluationResult": Object { + "complianceType": Array [ "NON_COMPLIANT", ], }, }, - "detail-type": [ + "detail-type": Array [ "Config Rules Compliance Change", ], - "source": [ + "source": Array [ "aws.config", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -691,8 +691,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionDefaultSgClosedRuleFED7310D": { - "DependsOn": [ + "DetectionDefaultSgClosedRuleFED7310D": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -709,23 +709,23 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ConfigRuleName": "bb-default-security-group-closed", "Description": "Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not allow inbound or outbound traffic. The rule is non-compliant if the default security group has one or more inbound or outbound traffic.", - "Scope": { - "ComplianceResourceTypes": [ + "Scope": Object { + "ComplianceResourceTypes": Array [ "AWS::EC2::SecurityGroup", ], }, - "Source": { + "Source": Object { "Owner": "AWS", "SourceIdentifier": "VPC_DEFAULT_SECURITY_GROUP_CLOSED", }, }, "Type": "AWS::Config::ConfigRule", }, - "DetectionDefaultSgRemediation21C0DB33": { - "DependsOn": [ + "DetectionDefaultSgRemediation21C0DB33": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -742,18 +742,18 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "Automatic": true, - "ConfigRuleName": { + "ConfigRuleName": Object { "Ref": "DetectionDefaultSgClosedRuleFED7310D", }, "MaximumAutomaticAttempts": 5, - "Parameters": { - "AutomationAssumeRole": { - "StaticValue": { - "Values": [ - { - "Fn::GetAtt": [ + "Parameters": Object { + "AutomationAssumeRole": Object { + "StaticValue": Object { + "Values": Array [ + Object { + "Fn::GetAtt": Array [ "DetectionDefaultSgRemediationRoleAEF5626C", "Arn", ], @@ -761,8 +761,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` ], }, }, - "GroupId": { - "ResourceValue": { + "GroupId": Object { + "ResourceValue": Object { "Value": "RESOURCE_ID", }, }, @@ -774,8 +774,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Config::RemediationConfiguration", }, - "DetectionDefaultSgRemediationRoleAEF5626C": { - "DependsOn": [ + "DetectionDefaultSgRemediationRoleAEF5626C": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -792,28 +792,28 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ssm.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ + "ManagedPolicyArns": Array [ "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole", ], "Path": "/", }, "Type": "AWS::IAM::Role", }, - "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE": { - "DependsOn": [ + "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -830,11 +830,11 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:DescribeSecurityGroups", @@ -842,17 +842,17 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "iam:PassRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "DetectionDefaultSgRemediationRoleAEF5626C", "Arn", ], }, }, - { + Object { "Action": "ssm:StartAutomationExecution", "Effect": "Allow", "Resource": "arn:aws:ssm:::automation-definition/AWSConfigRemediation-RemoveVPCDefaultSecurityGroupRules", @@ -861,16 +861,16 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "DetectionDefaultSgRemediationRoleAEF5626C", }, ], }, "Type": "AWS::IAM::Policy", }, - "DetectionGuardDutyDetector43B5BAA7": { - "DependsOn": [ + "DetectionGuardDutyDetector43B5BAA7": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -887,13 +887,13 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "Enable": true, }, "Type": "AWS::GuardDuty::Detector", }, - "DetectionGuardDutyEventRule60AAD2D7": { - "DependsOn": [ + "DetectionGuardDutyEventRule60AAD2D7": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -910,11 +910,11 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "Description": "CloudWatch Event Rule to send notification on GuardDuty findings.", - "EventPattern": { - "detail": { - "severity": [ + "EventPattern": Object { + "detail": Object { + "severity": Array [ 4, 4, 4.1, @@ -972,17 +972,17 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` 8.9, ], }, - "detail-type": [ + "detail-type": Array [ "GuardDuty Finding", ], - "source": [ + "source": Array [ "aws.guardduty", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -991,8 +991,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionIAMPolicyChangeAlarm7DBC7A65": { - "DependsOn": [ + "DetectionIAMPolicyChangeAlarm7DBC7A65": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1009,10 +1009,10 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -1028,8 +1028,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionIAMPolicyChangeFilterA31FCC40": { - "DependsOn": [ + "DetectionIAMPolicyChangeFilterA31FCC40": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1046,13 +1046,13 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "FilterPattern": "{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}", - "LogGroupName": { + "LogGroupName": Object { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": [ - { + "MetricTransformations": Array [ + Object { "MetricName": "IAMPolicyEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -1061,8 +1061,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionNetworkAclChangeEventRuleE99FF49F": { - "DependsOn": [ + "DetectionNetworkAclChangeEventRuleE99FF49F": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1079,11 +1079,11 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "Description": "Notify to create, update or delete a Network ACL.", - "EventPattern": { - "detail": { - "eventName": [ + "EventPattern": Object { + "detail": Object { + "eventName": Array [ "CreateNetworkAcl", "CreateNetworkAclEntry", "DeleteNetworkAcl", @@ -1091,21 +1091,21 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "ReplaceNetworkAclEntry", "ReplaceNetworkAclAssociation", ], - "eventSource": [ + "eventSource": Array [ "ec2.amazonaws.com", ], }, - "detail-type": [ + "detail-type": Array [ "AWS API Call via CloudTrail", ], - "source": [ + "source": Array [ "aws.ec2", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -1114,8 +1114,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionNewAccessKeyCreatedAlarm00969636": { - "DependsOn": [ + "DetectionNewAccessKeyCreatedAlarm00969636": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1132,10 +1132,10 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -1151,8 +1151,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionNewAccessKeyCreatedFilter011F7D99": { - "DependsOn": [ + "DetectionNewAccessKeyCreatedFilter011F7D99": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1169,13 +1169,13 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "FilterPattern": "{($.eventName=CreateAccessKey)}", - "LogGroupName": { + "LogGroupName": Object { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": [ - { + "MetricTransformations": Array [ + Object { "MetricName": "NewAccessKeyCreatedEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -1184,8 +1184,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionRootUserActivityAlarm4B9356FC": { - "DependsOn": [ + "DetectionRootUserActivityAlarm4B9356FC": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1202,10 +1202,10 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -1221,8 +1221,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionRootUserActivityFilter5C9C4989": { - "DependsOn": [ + "DetectionRootUserActivityFilter5C9C4989": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1239,13 +1239,13 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { - "FilterPattern": "{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}", - "LogGroupName": { + "Properties": Object { + "FilterPattern": "{$.userIdentity.type=\\"Root\\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !=\\"AwsServiceEvent\\"}", + "LogGroupName": Object { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": [ - { + "MetricTransformations": Array [ + Object { "MetricName": "RootUserPolicyEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -1254,8 +1254,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionSecurityAlarmEmail872B09F1": { - "DependsOn": [ + "DetectionSecurityAlarmEmail872B09F1": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1272,17 +1272,17 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { - "Endpoint": "notify-security@example.com", + "Properties": Object { + "Endpoint": "suzukyz+notify-security@amazon.co.jpm", "Protocol": "email", - "TopicArn": { + "TopicArn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, }, "Type": "AWS::SNS::Subscription", }, - "DetectionSecurityHub0FF05D88": { - "DependsOn": [ + "DetectionSecurityHub0FF05D88": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1301,8 +1301,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` ], "Type": "AWS::SecurityHub::Hub", }, - "DetectionSecurityHubEventRule95BEBD4F": { - "DependsOn": [ + "DetectionSecurityHubEventRule95BEBD4F": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1319,44 +1319,44 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "Description": "CloudWatch Event Rule to send notification on SecurityHub all new findings and all updates.", - "EventPattern": { - "detail": { - "findings": { - "Compliance": { - "Status": [ + "EventPattern": Object { + "detail": Object { + "findings": Object { + "Compliance": Object { + "Status": Array [ "FAILED", ], }, - "RecordState": [ + "RecordState": Array [ "ACTIVE", ], - "Severity": { - "Label": [ + "Severity": Object { + "Label": Array [ "CRITICAL", "HIGH", ], }, - "Workflow": { - "Status": [ + "Workflow": Object { + "Status": Array [ "NEW", "NOTIFIED", ], }, }, }, - "detail-type": [ + "detail-type": Array [ "Security Hub Findings - Imported", ], - "source": [ + "source": Array [ "aws.securityhub", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -1365,8 +1365,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionSecurityHubRoleDBC68A4D": { - "DependsOn": [ + "DetectionSecurityHubRoleDBC68A4D": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1383,13 +1383,13 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "AWSServiceName": "securityhub.amazonaws.com", }, "Type": "AWS::IAM::ServiceLinkedRole", }, - "DetectionSgChangedEventRule80666B19": { - "DependsOn": [ + "DetectionSgChangedEventRule80666B19": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1406,31 +1406,31 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "Description": "Notify to create, update or delete a Security Group.", - "EventPattern": { - "detail": { - "eventName": [ + "EventPattern": Object { + "detail": Object { + "eventName": Array [ "AuthorizeSecurityGroupIngress", "AuthorizeSecurityGroupEgress", "RevokeSecurityGroupIngress", "RevokeSecurityGroupEgress", ], - "eventSource": [ + "eventSource": Array [ "ec2.amazonaws.com", ], }, - "detail-type": [ + "detail-type": Array [ "AWS API Call via CloudTrail", ], - "source": [ + "source": Array [ "aws.ec2", ], }, "State": "ENABLED", - "Targets": [ - { - "Arn": { + "Targets": Array [ + Object { + "Arn": Object { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -1439,8 +1439,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Events::Rule", }, - "DetectionUnauthorizedAttemptsAlarmB897676B": { - "DependsOn": [ + "DetectionUnauthorizedAttemptsAlarmB897676B": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1457,10 +1457,10 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -1476,8 +1476,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionUnauthorizedAttemptsFilterCA20EEAA": { - "DependsOn": [ + "DetectionUnauthorizedAttemptsFilterCA20EEAA": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1494,13 +1494,13 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": { - "FilterPattern": "{($.errorCode = "*UnauthorizedOperation" || $.errorCode = "AccessDenied*") && ($.eventName != "Decrypt" || $.userIdentity.invokedBy != "config.amazonaws.com" )}", - "LogGroupName": { + "Properties": Object { + "FilterPattern": "{($.errorCode = \\"*UnauthorizedOperation\\" || $.errorCode = \\"AccessDenied*\\") && ($.eventName != \\"Decrypt\\" || $.userIdentity.invokedBy != \\"config.amazonaws.com\\" )}", + "LogGroupName": Object { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": [ - { + "MetricTransformations": Array [ + Object { "MetricName": "UnauthorizedAttemptsEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -1509,103 +1509,186 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Logs::MetricFilter", }, - "IamIamAdminGroup25000CB5": { - "Properties": { - "ManagedPolicyArns": [ - { + "IamIamAdminGroup25000CB5": Object { + "Properties": Object { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamIamAdminPolicy7A593281", }, ], }, "Type": "AWS::IAM::Group", }, - "IamIamAdminPolicy7A593281": { - "Properties": { + "IamIamAdminPolicy7A593281": Object { + "Properties": Object { "Description": "", "Path": "/", - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "iam:*", - "Condition": { - "Bool": { + "Condition": Object { + "Bool": Object { "aws:MultiFactorAuthPresent": "true", }, }, "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, + Object { + "Action": Array [ + "account:GetAccountInformation", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetContractInformation", + "billing:GetCredits", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", + "billing:PutContractInformation", + "billing:RedeemCredits", + "billing:UpdateBillingPreferences", + "ce:CreateAnomalyMonitor", + "ce:CreateAnomalySubscription", + "ce:CreateNotificationSubscription", + "ce:CreateReport", + "ce:DeleteAnomalyMonitor", + "ce:DeleteAnomalySubscription", + "ce:DeleteNotificationSubscription", + "ce:DeleteReport", + "ce:DescribeNotificationSubscription", + "ce:DescribeReport", + "ce:GetAnomalies", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:GetCostAndUsage", + "ce:GetCostAndUsageWithResources", + "ce:GetCostCategories", + "ce:GetCostForecast", + "ce:GetDimensionValues", + "ce:GetPreferences", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetRightsizingRecommendation", + "ce:GetSavingsPlansCoverage", + "ce:GetSavingsPlansPurchaseRecommendation", + "ce:GetSavingsPlansUtilization", + "ce:GetSavingsPlansUtilizationDetails", + "ce:GetTags", + "ce:GetUsageForecast", + "ce:ListCostAllocationTags", + "ce:ListSavingsPlansPurchaseRecommendationGeneration", + "ce:ProvideAnomalyFeedback", + "ce:StartSavingsPlansPurchaseRecommendationGeneration", + "ce:UpdateAnomalyMonitor", + "ce:UpdateAnomalySubscription", + "ce:UpdateCostAllocationTagsStatus", + "ce:UpdateNotificationSubscription", + "ce:UpdatePreferences", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:PutClassicReportPreferences", + "cur:ValidateReportDestination", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", + "freetier:PutFreeTierAlertPreference", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", + "invoicing:PutInvoiceEmailDeliveryPreferences", + "payments:CreatePaymentInstrument", + "payments:DeletePaymentInstrument", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "payments:MakePayment", + "payments:UpdatePaymentPreferences", + "tax:BatchPutTaxRegistration", + "tax:DeleteTaxRegistration", + "tax:GetTaxInheritance", + "tax:GetTaxRegistrationDocument", + "tax:ListTaxRegistrations", + "tax:PutTaxInheritance", + ], + "Effect": "Deny", + "Resource": "*", + }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamIamAdminRole4B2B80CC": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "IamIamAdminRole4B2B80CC": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamIamAdminPolicy7A593281", }, ], }, "Type": "AWS::IAM::Role", }, - "IamInstanceOpsGroup05587F7C": { - "Properties": { - "ManagedPolicyArns": [ - { + "IamInstanceOpsGroup05587F7C": Object { + "Properties": Object { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamInstanceOpsPolicy3A664659", }, ], }, "Type": "AWS::IAM::Group", }, - "IamInstanceOpsPolicy3A664659": { - "Properties": { + "IamInstanceOpsPolicy3A664659": Object { + "Properties": Object { "Description": "", "Path": "/", - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "ec2:*", "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "elasticloadbalancing:*", "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "cloudwatch:*", "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "autoscaling:*", "Effect": "Allow", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "ec2:CreateVpc*", "ec2:DeleteVpc*", "ec2:ModifyVpc*", @@ -1629,13 +1712,96 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "Effect": "Deny", "Resource": "*", }, - { + Object { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ + "account:GetAccountInformation", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetContractInformation", + "billing:GetCredits", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", + "billing:PutContractInformation", + "billing:RedeemCredits", + "billing:UpdateBillingPreferences", + "ce:CreateAnomalyMonitor", + "ce:CreateAnomalySubscription", + "ce:CreateNotificationSubscription", + "ce:CreateReport", + "ce:DeleteAnomalyMonitor", + "ce:DeleteAnomalySubscription", + "ce:DeleteNotificationSubscription", + "ce:DeleteReport", + "ce:DescribeNotificationSubscription", + "ce:DescribeReport", + "ce:GetAnomalies", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:GetCostAndUsage", + "ce:GetCostAndUsageWithResources", + "ce:GetCostCategories", + "ce:GetCostForecast", + "ce:GetDimensionValues", + "ce:GetPreferences", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetRightsizingRecommendation", + "ce:GetSavingsPlansCoverage", + "ce:GetSavingsPlansPurchaseRecommendation", + "ce:GetSavingsPlansUtilization", + "ce:GetSavingsPlansUtilizationDetails", + "ce:GetTags", + "ce:GetUsageForecast", + "ce:ListCostAllocationTags", + "ce:ListSavingsPlansPurchaseRecommendationGeneration", + "ce:ProvideAnomalyFeedback", + "ce:StartSavingsPlansPurchaseRecommendationGeneration", + "ce:UpdateAnomalyMonitor", + "ce:UpdateAnomalySubscription", + "ce:UpdateCostAllocationTagsStatus", + "ce:UpdateNotificationSubscription", + "ce:UpdatePreferences", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:PutClassicReportPreferences", + "cur:ValidateReportDestination", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", + "freetier:PutFreeTierAlertPreference", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", + "invoicing:PutInvoiceEmailDeliveryPreferences", + "payments:CreatePaymentInstrument", + "payments:DeletePaymentInstrument", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "payments:MakePayment", + "payments:UpdatePaymentPreferences", + "tax:BatchPutTaxRegistration", + "tax:DeleteTaxRegistration", + "tax:GetTaxInheritance", + "tax:GetTaxRegistrationDocument", + "tax:ListTaxRegistrations", + "tax:PutTaxInheritance", + ], + "Effect": "Deny", + "Resource": "*", + }, + Object { + "Action": Array [ "kms:Create*", "kms:Revoke*", "kms:Enable*", @@ -1654,46 +1820,46 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamInstanceOpsRole580371E4": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "IamInstanceOpsRole580371E4": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamInstanceOpsPolicy3A664659", }, ], }, "Type": "AWS::IAM::Role", }, - "IamReadOnlyAdminGroupEA35CD95": { - "Properties": { - "ManagedPolicyArns": [ - { + "IamReadOnlyAdminGroupEA35CD95": Object { + "Properties": Object { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamReadOnlyAdminPolicyB7107EA2", }, ], }, "Type": "AWS::IAM::Group", }, - "IamReadOnlyAdminPolicyB7107EA2": { - "Properties": { + "IamReadOnlyAdminPolicyB7107EA2": Object { + "Properties": Object { "Description": "", "Path": "/", - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "appstream:Get*", "autoscaling:Describe*", "cloudformation:DescribeStacks", @@ -1758,58 +1924,141 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "Effect": "Allow", "Resource": "*", }, - { + Object { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, + Object { + "Action": Array [ + "account:GetAccountInformation", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetContractInformation", + "billing:GetCredits", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", + "billing:PutContractInformation", + "billing:RedeemCredits", + "billing:UpdateBillingPreferences", + "ce:CreateAnomalyMonitor", + "ce:CreateAnomalySubscription", + "ce:CreateNotificationSubscription", + "ce:CreateReport", + "ce:DeleteAnomalyMonitor", + "ce:DeleteAnomalySubscription", + "ce:DeleteNotificationSubscription", + "ce:DeleteReport", + "ce:DescribeNotificationSubscription", + "ce:DescribeReport", + "ce:GetAnomalies", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:GetCostAndUsage", + "ce:GetCostAndUsageWithResources", + "ce:GetCostCategories", + "ce:GetCostForecast", + "ce:GetDimensionValues", + "ce:GetPreferences", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetRightsizingRecommendation", + "ce:GetSavingsPlansCoverage", + "ce:GetSavingsPlansPurchaseRecommendation", + "ce:GetSavingsPlansUtilization", + "ce:GetSavingsPlansUtilizationDetails", + "ce:GetTags", + "ce:GetUsageForecast", + "ce:ListCostAllocationTags", + "ce:ListSavingsPlansPurchaseRecommendationGeneration", + "ce:ProvideAnomalyFeedback", + "ce:StartSavingsPlansPurchaseRecommendationGeneration", + "ce:UpdateAnomalyMonitor", + "ce:UpdateAnomalySubscription", + "ce:UpdateCostAllocationTagsStatus", + "ce:UpdateNotificationSubscription", + "ce:UpdatePreferences", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:PutClassicReportPreferences", + "cur:ValidateReportDestination", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", + "freetier:PutFreeTierAlertPreference", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", + "invoicing:PutInvoiceEmailDeliveryPreferences", + "payments:CreatePaymentInstrument", + "payments:DeletePaymentInstrument", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "payments:MakePayment", + "payments:UpdatePaymentPreferences", + "tax:BatchPutTaxRegistration", + "tax:DeleteTaxRegistration", + "tax:GetTaxInheritance", + "tax:GetTaxRegistrationDocument", + "tax:ListTaxRegistrations", + "tax:PutTaxInheritance", + ], + "Effect": "Deny", + "Resource": "*", + }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamReadOnlyAdminRoleD519CCF3": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "IamReadOnlyAdminRoleD519CCF3": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamReadOnlyAdminPolicyB7107EA2", }, ], }, "Type": "AWS::IAM::Role", }, - "IamSysAdminGroup3543FAD1": { - "Properties": { - "ManagedPolicyArns": [ - { + "IamSysAdminGroup3543FAD1": Object { + "Properties": Object { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamSysAdminPolicy03754AB3", }, ], }, "Type": "AWS::IAM::Group", }, - "IamSysAdminPolicy03754AB3": { - "Properties": { + "IamSysAdminPolicy03754AB3": Object { + "Properties": Object { "Description": "", "Path": "/", - "PolicyDocument": { - "Statement": [ - { - "Condition": { - "Bool": { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Condition": Object { + "Bool": Object { "aws:MultiFactorAuthPresent": "true", }, }, @@ -1817,13 +2066,96 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "NotAction": "iam:*", "Resource": "*", }, - { + Object { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ + "account:GetAccountInformation", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetContractInformation", + "billing:GetCredits", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", + "billing:PutContractInformation", + "billing:RedeemCredits", + "billing:UpdateBillingPreferences", + "ce:CreateAnomalyMonitor", + "ce:CreateAnomalySubscription", + "ce:CreateNotificationSubscription", + "ce:CreateReport", + "ce:DeleteAnomalyMonitor", + "ce:DeleteAnomalySubscription", + "ce:DeleteNotificationSubscription", + "ce:DeleteReport", + "ce:DescribeNotificationSubscription", + "ce:DescribeReport", + "ce:GetAnomalies", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:GetCostAndUsage", + "ce:GetCostAndUsageWithResources", + "ce:GetCostCategories", + "ce:GetCostForecast", + "ce:GetDimensionValues", + "ce:GetPreferences", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetRightsizingRecommendation", + "ce:GetSavingsPlansCoverage", + "ce:GetSavingsPlansPurchaseRecommendation", + "ce:GetSavingsPlansUtilization", + "ce:GetSavingsPlansUtilizationDetails", + "ce:GetTags", + "ce:GetUsageForecast", + "ce:ListCostAllocationTags", + "ce:ListSavingsPlansPurchaseRecommendationGeneration", + "ce:ProvideAnomalyFeedback", + "ce:StartSavingsPlansPurchaseRecommendationGeneration", + "ce:UpdateAnomalyMonitor", + "ce:UpdateAnomalySubscription", + "ce:UpdateCostAllocationTagsStatus", + "ce:UpdateNotificationSubscription", + "ce:UpdatePreferences", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:PutClassicReportPreferences", + "cur:ValidateReportDestination", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", + "freetier:PutFreeTierAlertPreference", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", + "invoicing:PutInvoiceEmailDeliveryPreferences", + "payments:CreatePaymentInstrument", + "payments:DeletePaymentInstrument", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "payments:MakePayment", + "payments:UpdatePaymentPreferences", + "tax:BatchPutTaxRegistration", + "tax:DeleteTaxRegistration", + "tax:GetTaxInheritance", + "tax:GetTaxRegistrationDocument", + "tax:ListTaxRegistrations", + "tax:PutTaxInheritance", + ], + "Effect": "Deny", + "Resource": "*", + }, + Object { + "Action": Array [ "cloudtrail:DeleteTrail", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail", @@ -1831,8 +2163,8 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "Effect": "Deny", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Create*", "kms:Revoke*", "kms:Enable*", @@ -1851,84 +2183,84 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamSysAdminRoleB0EE4AA6": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "IamSysAdminRoleB0EE4AA6": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { + "ManagedPolicyArns": Array [ + Object { "Ref": "IamSysAdminPolicy03754AB3", }, ], }, "Type": "AWS::IAM::Role", }, - "LoggingCloudTrail44E92DB9": { - "DependsOn": [ + "LoggingCloudTrail44E92DB9": Object { + "DependsOn": Array [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrailBucketPolicy4004472F", ], - "Properties": { - "CloudWatchLogsLogGroupArn": { - "Fn::GetAtt": [ + "Properties": Object { + "CloudWatchLogsLogGroupArn": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailLogGroupEFC12822", "Arn", ], }, - "CloudWatchLogsRoleArn": { - "Fn::GetAtt": [ + "CloudWatchLogsRoleArn": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailLogsRoleE1DD6030", "Arn", ], }, "EnableLogFileValidation": true, - "EventSelectors": [], + "EventSelectors": Array [], "IncludeGlobalServiceEvents": true, "IsLogging": true, "IsMultiRegionTrail": true, - "KMSKeyId": { - "Fn::GetAtt": [ + "KMSKeyId": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailKey43327553", "Arn", ], }, - "S3BucketName": { + "S3BucketName": Object { "Ref": "LoggingCloudTrailBucket7560781D", }, }, "Type": "AWS::CloudTrail::Trail", }, - "LoggingCloudTrailAccessLogBucketA7B773C8": { + "LoggingCloudTrailAccessLogBucketA7B773C8": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "AccessControl": "LogDeliveryWrite", - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { + "BucketEncryption": Object { + "ServerSideEncryptionConfiguration": Array [ + Object { + "ServerSideEncryptionByDefault": Object { "SSEAlgorithm": "AES256", }, }, ], }, - "LifecycleConfiguration": { - "Rules": [ - { + "LifecycleConfiguration": Object { + "Rules": Array [ + Object { "ExpirationInDays": 2555, "Status": "Enabled", - "Transitions": [ - { + "Transitions": Array [ + Object { "StorageClass": "GLACIER", "TransitionInDays": 90, }, @@ -1936,57 +2268,57 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, ], }, - "OwnershipControls": { - "Rules": [ - { + "OwnershipControls": Object { + "Rules": Array [ + Object { "ObjectOwnership": "ObjectWriter", }, ], }, - "PublicAccessBlockConfiguration": { + "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, - "VersioningConfiguration": { + "VersioningConfiguration": Object { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailAccessLogBucketPolicyE58866E2": { - "Properties": { - "Bucket": { + "LoggingCloudTrailAccessLogBucketPolicyE58866E2": Object { + "Properties": Object { + "Bucket": Object { "Ref": "LoggingCloudTrailAccessLogBucketA7B773C8", }, - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "s3:*", - "Condition": { - "Bool": { + "Condition": Object { + "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], @@ -1997,18 +2329,18 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, ], }, - { + Object { "Action": "s3:Delete*", "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], @@ -2025,60 +2357,60 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::S3::BucketPolicy", }, - "LoggingCloudTrailBucket7560781D": { + "LoggingCloudTrailBucket7560781D": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "AccessControl": "Private", - "LoggingConfiguration": { - "DestinationBucketName": { + "LoggingConfiguration": Object { + "DestinationBucketName": Object { "Ref": "LoggingCloudTrailAccessLogBucketA7B773C8", }, "LogFilePrefix": "cloudtraillogs", }, - "PublicAccessBlockConfiguration": { + "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, - "VersioningConfiguration": { + "VersioningConfiguration": Object { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailBucketPolicy4004472F": { - "Properties": { - "Bucket": { + "LoggingCloudTrailBucketPolicy4004472F": Object { + "Properties": Object { + "Bucket": Object { "Ref": "LoggingCloudTrailBucket7560781D", }, - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "s3:*", - "Condition": { - "Bool": { + "Condition": Object { + "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailBucket7560781D", "Arn", ], @@ -2089,18 +2421,18 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, ], }, - { + Object { "Action": "s3:Delete*", "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailBucket7560781D", "Arn", ], @@ -2111,42 +2443,42 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Sid": "Restrict Delete* Actions", }, - { + Object { "Action": "s3:GetBucketAcl", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudtrail.amazonaws.com", }, - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, }, - { + Object { "Action": "s3:PutObject", - "Condition": { - "StringEquals": { + "Condition": Object { + "StringEquals": Object { "s3:x-amz-acl": "bucket-owner-full-control", }, }, "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudtrail.amazonaws.com", }, - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, "/AWSLogs/", - { + Object { "Ref": "AWS::AccountId", }, "/*", @@ -2160,27 +2492,27 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::S3::BucketPolicy", }, - "LoggingCloudTrailKey43327553": { + "LoggingCloudTrailKey43327553": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "Description": "BLEA Governance Base: CMK for CloudTrail", "EnableKeyRotation": true, - "KeyPolicy": { - "Statement": [ - { + "KeyPolicy": Object { + "Statement": Array [ + Object { "Action": "kms:*", "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":root", @@ -2190,17 +2522,17 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Resource": "*", }, - { + Object { "Action": "kms:GenerateDataKey*", - "Condition": { - "StringLike": { - "kms:EncryptionContext:aws:cloudtrail:arn": [ - { - "Fn::Join": [ + "Condition": Object { + "StringLike": Object { + "kms:EncryptionContext:aws:cloudtrail:arn": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:aws:cloudtrail:*:", - { + Object { "Ref": "AWS::AccountId", }, ":trail/*", @@ -2211,38 +2543,38 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, }, "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudtrail.amazonaws.com", }, "Resource": "*", }, - { + Object { "Action": "kms:DescribeKey", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudtrail.amazonaws.com", }, "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Decrypt", "kms:ReEncryptFrom", ], - "Condition": { - "StringEquals": { - "kms:CallerAccount": { + "Condition": Object { + "StringEquals": Object { + "kms:CallerAccount": Object { "Ref": "AWS::AccountId", }, }, - "StringLike": { - "kms:EncryptionContext:aws:cloudtrail:arn": [ - { - "Fn::Join": [ + "StringLike": Object { + "kms:EncryptionContext:aws:cloudtrail:arn": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:aws:cloudtrail:*:", - { + Object { "Ref": "AWS::AccountId", }, ":trail/*", @@ -2253,31 +2585,31 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, }, "Effect": "Allow", - "Principal": { + "Principal": Object { "AWS": "*", }, "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*", ], - "Condition": { - "ArnEquals": { - "kms:EncryptionContext:aws:logs:arn": { - "Fn::Join": [ + "Condition": Object { + "ArnEquals": Object { + "kms:EncryptionContext:aws:logs:arn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:aws:logs:", - { + Object { "Ref": "AWS::Region", }, ":", - { + Object { "Ref": "AWS::AccountId", }, ":log-group:*", @@ -2287,17 +2619,17 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, }, "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ + "Principal": Object { + "Service": Object { + "Fn::Join": Array [ "", - [ + Array [ "logs.", - { + Object { "Ref": "AWS::Region", }, ".", - { + Object { "Ref": "AWS::URLSuffix", }, ], @@ -2313,11 +2645,11 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailKeyAlias65A5FEEA": { - "Properties": { + "LoggingCloudTrailKeyAlias65A5FEEA": Object { + "Properties": Object { "AliasName": "alias/DevBLEABaseStandaloneLogging7164FEBB", - "TargetKeyId": { - "Fn::GetAtt": [ + "TargetKeyId": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailKey43327553", "Arn", ], @@ -2325,11 +2657,11 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::KMS::Alias", }, - "LoggingCloudTrailLogGroupEFC12822": { + "LoggingCloudTrailLogGroupEFC12822": Object { "DeletionPolicy": "Retain", - "Properties": { - "KmsKeyId": { - "Fn::GetAtt": [ + "Properties": Object { + "KmsKeyId": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailKey43327553", "Arn", ], @@ -2339,18 +2671,18 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "logs:PutLogEvents", "logs:CreateLogStream", ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "LoggingCloudTrailLogGroupEFC12822", "Arn", ], @@ -2360,22 +2692,22 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "LoggingCloudTrailLogsRoleE1DD6030", }, ], }, "Type": "AWS::IAM::Policy", }, - "LoggingCloudTrailLogsRoleE1DD6030": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "LoggingCloudTrailLogsRoleE1DD6030": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudtrail.amazonaws.com", }, }, @@ -2385,63 +2717,63 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "LoggingConfigBucket139B5174": { + "LoggingConfigBucket139B5174": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "AccessControl": "Private", - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { + "BucketEncryption": Object { + "ServerSideEncryptionConfiguration": Array [ + Object { + "ServerSideEncryptionByDefault": Object { "SSEAlgorithm": "AES256", }, }, ], }, - "PublicAccessBlockConfiguration": { + "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, - "VersioningConfiguration": { + "VersioningConfiguration": Object { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "LoggingConfigBucketPolicy66A7F5E7": { - "Properties": { - "Bucket": { + "LoggingConfigBucketPolicy66A7F5E7": Object { + "Properties": Object { + "Bucket": Object { "Ref": "LoggingConfigBucket139B5174", }, - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "s3:*", - "Condition": { - "Bool": { + "Condition": Object { + "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "LoggingConfigBucket139B5174", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingConfigBucket139B5174", "Arn", ], @@ -2452,52 +2784,52 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, ], }, - { + Object { "Action": "s3:GetBucketAcl", "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ + "Principal": Object { + "AWS": Object { + "Fn::GetAtt": Array [ "LoggingConfigRole0E4FDF1F", "Arn", ], }, }, - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "LoggingConfigBucket139B5174", "Arn", ], }, }, - { + Object { "Action": "s3:PutObject", - "Condition": { - "StringEquals": { + "Condition": Object { + "StringEquals": Object { "s3:x-amz-acl": "bucket-owner-full-control", }, }, "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ + "Principal": Object { + "AWS": Object { + "Fn::GetAtt": Array [ "LoggingConfigRole0E4FDF1F", "Arn", ], }, }, - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "LoggingConfigBucket139B5174", "Arn", ], }, "/AWSLogs/", - { + Object { "Ref": "AWS::AccountId", }, "/Config/*", @@ -2511,22 +2843,22 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::S3::BucketPolicy", }, - "LoggingConfigDeliveryChannel44B4762B": { - "Properties": { - "S3BucketName": { + "LoggingConfigDeliveryChannel44B4762B": Object { + "Properties": Object { + "S3BucketName": Object { "Ref": "LoggingConfigBucket139B5174", }, }, "Type": "AWS::Config::DeliveryChannel", }, - "LoggingConfigRecorderFC55B19F": { - "Properties": { - "RecordingGroup": { + "LoggingConfigRecorderFC55B19F": Object { + "Properties": Object { + "RecordingGroup": Object { "AllSupported": true, "IncludeGlobalResourceTypes": true, }, - "RoleARN": { - "Fn::GetAtt": [ + "RoleARN": Object { + "Fn::GetAtt": Array [ "LoggingConfigRole0E4FDF1F", "Arn", ], @@ -2534,27 +2866,27 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::Config::ConfigurationRecorder", }, - "LoggingConfigRole0E4FDF1F": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "LoggingConfigRole0E4FDF1F": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "config.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWS_ConfigRole", @@ -2565,58 +2897,58 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "NotificationChatbotChannel053BCEF2": { - "Properties": { + "NotificationChatbotChannel053BCEF2": Object { + "Properties": Object { "ConfigurationName": "DevBLEABaseStandaloneNotificationC6359BD8", - "IamRoleArn": { - "Fn::GetAtt": [ + "IamRoleArn": Object { + "Fn::GetAtt": Array [ "NotificationChatbotRole9B60F7B3", "Arn", ], }, - "SlackChannelId": "C00XXXXXXXX", - "SlackWorkspaceId": "T8XXXXXXX", - "SnsTopicArns": [ - { + "SlackChannelId": "C031889HJRF", + "SlackWorkspaceId": "T030VKQD7BM", + "SnsTopicArns": Array [ + Object { "Ref": "DetectionAlarmTopic36C4BB55", }, ], }, "Type": "AWS::Chatbot::SlackChannelConfiguration", }, - "NotificationChatbotRole9B60F7B3": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "NotificationChatbotRole9B60F7B3": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "chatbot.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/ReadOnlyAccess", ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchReadOnlyAccess", @@ -2628,22 +2960,22 @@ exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` "Type": "AWS::IAM::Role", }, }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ + "Rules": Object { + "CheckBootstrapVersion": Object { + "Assertions": Array [ + Object { + "Assert": Object { + "Fn::Not": Array [ + Object { + "Fn::Contains": Array [ + Array [ "1", "2", "3", "4", "5", ], - { + Object { "Ref": "BootstrapVersion", }, ], From d527aa606f2d6377883dbf53a30b32e42c0297c5 Mon Sep 17 00:00:00 2001 From: Yozo Suzuki Date: Tue, 12 Dec 2023 15:47:25 +0900 Subject: [PATCH 3/6] modify snapshot --- .../__snapshots__/blea-gov-base-standalone.test.ts.snap | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap b/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap index cedffc6a2..6d662d766 100644 --- a/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap +++ b/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap @@ -1273,7 +1273,7 @@ Object { "LoggingConfigRole0E4FDF1F", ], "Properties": Object { - "Endpoint": "suzukyz+notify-security@amazon.co.jpm", + "Endpoint": "notify-security@example.com", "Protocol": "email", "TopicArn": Object { "Ref": "DetectionAlarmTopic36C4BB55", @@ -2906,8 +2906,8 @@ Object { "Arn", ], }, - "SlackChannelId": "C031889HJRF", - "SlackWorkspaceId": "T030VKQD7BM", + "SlackChannelId": "C00XXXXXXXX", + "SlackWorkspaceId": "T8XXXXXXX", "SnsTopicArns": Array [ Object { "Ref": "DetectionAlarmTopic36C4BB55", From 612ec63ff62f25b91daed73ab692f3e9506ebdbf Mon Sep 17 00:00:00 2001 From: Yozo Suzuki Date: Thu, 14 Dec 2023 17:14:32 +0900 Subject: [PATCH 4/6] modify snapshots --- .../blea-guest-ec2-app-sample.test.ts.snap | 1302 ++++++------ ...ea-guest-apiapp-nodejs-sample.test.ts.snap | 1865 ++++++++--------- 2 files changed, 1577 insertions(+), 1590 deletions(-) diff --git a/usecases/blea-guest-ec2-app-sample/test/__snapshots__/blea-guest-ec2-app-sample.test.ts.snap b/usecases/blea-guest-ec2-app-sample/test/__snapshots__/blea-guest-ec2-app-sample.test.ts.snap index 0be72b26f..157e52a08 100644 --- a/usecases/blea-guest-ec2-app-sample/test/__snapshots__/blea-guest-ec2-app-sample.test.ts.snap +++ b/usecases/blea-guest-ec2-app-sample/test/__snapshots__/blea-guest-ec2-app-sample.test.ts.snap @@ -1,40 +1,40 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for BLEAEc2App Stack 1`] = ` -{ - "Parameters": { - "BootstrapVersion": { +Object { + "Parameters": Object { + "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, - "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": { + "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": Object { "Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": { - "CMK56817A4C": { + "Resources": Object { + "CMK56817A4C": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "Description": "BLEA Guest Sample: CMK for Ec2App", "EnableKeyRotation": true, - "KeyPolicy": { - "Statement": [ - { + "KeyPolicy": Object { + "Statement": Array [ + Object { "Action": "kms:*", "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":root", @@ -51,11 +51,11 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, - "CMKAliasFD5A95C9": { - "Properties": { + "CMKAliasFD5A95C9": Object { + "Properties": Object { "AliasName": "alias/DevBLEAEc2App", - "TargetKeyId": { - "Fn::GetAtt": [ + "TargetKeyId": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], @@ -63,44 +63,44 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` }, "Type": "AWS::KMS::Alias", }, - "Ec2AppAlb7DEFB31D": { - "DependsOn": [ + "Ec2AppAlb7DEFB31D": Object { + "DependsOn": Array [ "NetworkingVpcPublicSubnet1DefaultRoute80C01FA6", "NetworkingVpcPublicSubnet1RouteTableAssociationD13830EA", "NetworkingVpcPublicSubnet2DefaultRouteDF98F60F", "NetworkingVpcPublicSubnet2RouteTableAssociation2D4CEA06", ], - "Properties": { - "LoadBalancerAttributes": [ - { + "Properties": Object { + "LoadBalancerAttributes": Array [ + Object { "Key": "deletion_protection.enabled", "Value": "false", }, - { + Object { "Key": "access_logs.s3.enabled", "Value": "true", }, - { + Object { "Key": "access_logs.s3.bucket", - "Value": { + "Value": Object { "Ref": "Ec2AppAlbLogBucket1DE66F6A", }, }, ], "Scheme": "internet-facing", - "SecurityGroups": [ - { - "Fn::GetAtt": [ + "SecurityGroups": Array [ + Object { + "Fn::GetAtt": Array [ "Ec2AppAlbSg4F64FD2A", "GroupId", ], }, ], - "Subnets": [ - { + "Subnets": Array [ + Object { "Ref": "NetworkingVpcPublicSubnet1Subnet918289EE", }, - { + Object { "Ref": "NetworkingVpcPublicSubnet2Subnet9D9E5AFB", }, ], @@ -108,52 +108,52 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` }, "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", }, - "Ec2AppAlbAlbListenerAppAsgTargetGroup308E1E51": { - "Properties": { + "Ec2AppAlbAlbListenerAppAsgTargetGroup308E1E51": Object { + "Properties": Object { "Port": 80, "Protocol": "HTTP", - "TargetGroupAttributes": [ - { + "TargetGroupAttributes": Array [ + Object { "Key": "deregistration_delay.timeout_seconds", "Value": "30", }, - { + Object { "Key": "stickiness.enabled", "Value": "false", }, ], "TargetType": "instance", - "Targets": [ - { - "Id": { + "Targets": Array [ + Object { + "Id": Object { "Ref": "Ec2AppAppInstance07A0F86A5", }, "Port": 80, }, - { - "Id": { + Object { + "Id": Object { "Ref": "Ec2AppAppInstance10A28D59A", }, "Port": 80, }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", }, - "Ec2AppAlbAlbListenerD30090D8": { - "Properties": { - "DefaultActions": [ - { - "TargetGroupArn": { + "Ec2AppAlbAlbListenerD30090D8": Object { + "Properties": Object { + "DefaultActions": Array [ + Object { + "TargetGroupArn": Object { "Ref": "Ec2AppAlbAlbListenerAppAsgTargetGroup308E1E51", }, "Type": "forward", }, ], - "LoadBalancerArn": { + "LoadBalancerArn": Object { "Ref": "Ec2AppAlb7DEFB31D", }, "Port": 80, @@ -161,20 +161,20 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` }, "Type": "AWS::ElasticLoadBalancingV2::Listener", }, - "Ec2AppAlbLogBucket1DE66F6A": { + "Ec2AppAlbLogBucket1DE66F6A": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "AccessControl": "Private", - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { + "BucketEncryption": Object { + "ServerSideEncryptionConfiguration": Array [ + Object { + "ServerSideEncryptionByDefault": Object { "SSEAlgorithm": "AES256", }, }, ], }, - "PublicAccessBlockConfiguration": { + "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, @@ -184,37 +184,37 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "Ec2AppAlbLogBucketPolicy6C6759B4": { - "Properties": { - "Bucket": { + "Ec2AppAlbLogBucketPolicy6C6759B4": Object { + "Properties": Object { + "Bucket": Object { "Ref": "Ec2AppAlbLogBucket1DE66F6A", }, - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "s3:*", - "Condition": { - "Bool": { + "Condition": Object { + "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "Ec2AppAlbLogBucket1DE66F6A", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "Ec2AppAlbLogBucket1DE66F6A", "Arn", ], @@ -225,16 +225,16 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` }, ], }, - { + Object { "Action": "s3:PutObject", "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::582318560864:root", @@ -242,18 +242,18 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` ], }, }, - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "Ec2AppAlbLogBucket1DE66F6A", "Arn", ], }, "/AWSLogs/", - { + Object { "Ref": "AWS::AccountId", }, "/*", @@ -261,29 +261,29 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` ], }, }, - { + Object { "Action": "s3:PutObject", - "Condition": { - "StringEquals": { + "Condition": Object { + "StringEquals": Object { "s3:x-amz-acl": "bucket-owner-full-control", }, }, "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "delivery.logs.amazonaws.com", }, - "Resource": { - "Fn::Join": [ + "Resource": Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "Ec2AppAlbLogBucket1DE66F6A", "Arn", ], }, "/AWSLogs/", - { + Object { "Ref": "AWS::AccountId", }, "/*", @@ -291,14 +291,14 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` ], }, }, - { + Object { "Action": "s3:GetBucketAcl", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "delivery.logs.amazonaws.com", }, - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "Ec2AppAlbLogBucket1DE66F6A", "Arn", ], @@ -310,11 +310,11 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` }, "Type": "AWS::S3::BucketPolicy", }, - "Ec2AppAlbSg4F64FD2A": { - "Properties": { + "Ec2AppAlbSg4F64FD2A": Object { + "Properties": Object { "GroupDescription": "Dev-BLEAEc2App/Ec2App/AlbSg", - "SecurityGroupEgress": [ - { + "SecurityGroupEgress": Array [ + Object { "CidrIp": "0.0.0.0/0", "Description": "from 0.0.0.0/0:ALL PORTS", "FromPort": 0, @@ -322,8 +322,8 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` "ToPort": 65535, }, ], - "SecurityGroupIngress": [ - { + "SecurityGroupIngress": Array [ + Object { "CidrIp": "0.0.0.0/0", "Description": "Allow from anyone on port 80", "FromPort": 80, @@ -331,24 +331,24 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` "ToPort": 80, }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "Ec2AppAlbSgtoDevBLEAEc2AppAppSgB5966D8D80E8567116": { - "Properties": { + "Ec2AppAlbSgtoDevBLEAEc2AppAppSgB5966D8D80E8567116": Object { + "Properties": Object { "Description": "Load balancer to target", - "DestinationSecurityGroupId": { - "Fn::GetAtt": [ + "DestinationSecurityGroupId": Object { + "Fn::GetAtt": Array [ "Ec2AppAppSgF34C625B", "GroupId", ], }, "FromPort": 80, - "GroupId": { - "Fn::GetAtt": [ + "GroupId": Object { + "Fn::GetAtt": Array [ "Ec2AppAlbSg4F64FD2A", "GroupId", ], @@ -358,101 +358,101 @@ exports[`Snapshot test for BLEAEc2App Stack 1`] = ` }, "Type": "AWS::EC2::SecurityGroupEgress", }, - "Ec2AppAppAsgASGA1C2034A": { - "Properties": { + "Ec2AppAppAsgASGA1C2034A": Object { + "Properties": Object { "HealthCheckGracePeriod": 60, "HealthCheckType": "ELB", - "LaunchConfigurationName": { + "LaunchConfigurationName": Object { "Ref": "Ec2AppAppAsgLaunchConfig7E072488", }, "MaxSize": "4", "MinSize": "2", - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "PropagateAtLaunch": true, "Value": "AppServer", }, ], - "TargetGroupARNs": [ - { + "TargetGroupARNs": Array [ + Object { "Ref": "Ec2AppAlbAlbListenerAppAsgTargetGroup308E1E51", }, ], - "VPCZoneIdentifier": [ - { + "VPCZoneIdentifier": Array [ + Object { "Ref": "NetworkingVpcPrivateSubnet1Subnet717BCE48", }, - { + Object { "Ref": "NetworkingVpcPrivateSubnet2Subnet4313381B", }, ], }, "Type": "AWS::AutoScaling::AutoScalingGroup", - "UpdatePolicy": { - "AutoScalingScheduledAction": { + "UpdatePolicy": Object { + "AutoScalingScheduledAction": Object { "IgnoreUnmodifiedGroupSizeProperties": true, }, }, }, - "Ec2AppAppAsgInstanceProfile6555344A": { - "Properties": { - "Roles": [ - { + "Ec2AppAppAsgInstanceProfile6555344A": Object { + "Properties": Object { + "Roles": Array [ + Object { "Ref": "Ec2AppSsmInstanceRole98A9FB18", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, - "Ec2AppAppAsgLaunchConfig7E072488": { - "DependsOn": [ + "Ec2AppAppAsgLaunchConfig7E072488": Object { + "DependsOn": Array [ "Ec2AppSsmInstanceRole98A9FB18", ], - "Properties": { - "BlockDeviceMappings": [ - { + "Properties": Object { + "BlockDeviceMappings": Array [ + Object { "DeviceName": "/dev/xvda", - "Ebs": { + "Ebs": Object { "Encrypted": true, "VolumeSize": 10, }, }, ], - "IamInstanceProfile": { + "IamInstanceProfile": Object { "Ref": "Ec2AppAppAsgInstanceProfile6555344A", }, - "ImageId": { + "ImageId": Object { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter", }, "InstanceType": "t3.micro", - "SecurityGroups": [ - { - "Fn::GetAtt": [ + "SecurityGroups": Array [ + Object { + "Fn::GetAtt": Array [ "Ec2AppAppSgF34C625B", "GroupId", ], }, ], - "UserData": { + "UserData": Object { "Fn::Base64": "#!/bin/bash sudo yum -y install httpd sudo systemctl enable httpd sudo systemctl start httpd -echo "

Hello from $(hostname)

" > /var/www/html/index.html +echo \\"

Hello from $(hostname)

\\" > /var/www/html/index.html chown apache.apache /var/www/html/index.html", }, }, "Type": "AWS::AutoScaling::LaunchConfiguration", }, - "Ec2AppAppAsgScalingPolicykeepSpareCPUE940C04E": { - "Properties": { - "AutoScalingGroupName": { + "Ec2AppAppAsgScalingPolicykeepSpareCPUE940C04E": Object { + "Properties": Object { + "AutoScalingGroupName": Object { "Ref": "Ec2AppAppAsgASGA1C2034A", }, "PolicyType": "TargetTrackingScaling", - "TargetTrackingConfiguration": { - "PredefinedMetricSpecification": { + "TargetTrackingConfiguration": Object { + "PredefinedMetricSpecification": Object { "PredefinedMetricType": "ASGAverageCPUUtilization", }, "TargetValue": 50, @@ -460,145 +460,145 @@ chown apache.apache /var/www/html/index.html", }, "Type": "AWS::AutoScaling::ScalingPolicy", }, - "Ec2AppAppInstance07A0F86A5": { - "DependsOn": [ + "Ec2AppAppInstance07A0F86A5": Object { + "DependsOn": Array [ "Ec2AppSsmInstanceRole98A9FB18", ], - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ 0, - { + Object { "Fn::GetAZs": "", }, ], }, - "BlockDeviceMappings": [ - { + "BlockDeviceMappings": Array [ + Object { "DeviceName": "/dev/xvda", - "Ebs": { + "Ebs": Object { "Encrypted": true, "VolumeSize": 10, }, }, ], - "IamInstanceProfile": { + "IamInstanceProfile": Object { "Ref": "Ec2AppAppInstance0InstanceProfile5EE4D678", }, - "ImageId": { + "ImageId": Object { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter", }, "InstanceType": "t3.micro", - "SecurityGroupIds": [ - { - "Fn::GetAtt": [ + "SecurityGroupIds": Array [ + Object { + "Fn::GetAtt": Array [ "Ec2AppAppSgF34C625B", "GroupId", ], }, ], - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPrivateSubnet1Subnet717BCE48", }, - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "Value": "AppServer0", }, ], - "UserData": { + "UserData": Object { "Fn::Base64": "#!/bin/bash sudo yum -y install httpd sudo systemctl enable httpd sudo systemctl start httpd -echo "

Hello from $(hostname)

" > /var/www/html/index.html +echo \\"

Hello from $(hostname)

\\" > /var/www/html/index.html chown apache.apache /var/www/html/index.html", }, }, "Type": "AWS::EC2::Instance", }, - "Ec2AppAppInstance0InstanceProfile5EE4D678": { - "Properties": { - "Roles": [ - { + "Ec2AppAppInstance0InstanceProfile5EE4D678": Object { + "Properties": Object { + "Roles": Array [ + Object { "Ref": "Ec2AppSsmInstanceRole98A9FB18", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, - "Ec2AppAppInstance10A28D59A": { - "DependsOn": [ + "Ec2AppAppInstance10A28D59A": Object { + "DependsOn": Array [ "Ec2AppSsmInstanceRole98A9FB18", ], - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ 1, - { + Object { "Fn::GetAZs": "", }, ], }, - "BlockDeviceMappings": [ - { + "BlockDeviceMappings": Array [ + Object { "DeviceName": "/dev/xvda", - "Ebs": { + "Ebs": Object { "Encrypted": true, "VolumeSize": 10, }, }, ], - "IamInstanceProfile": { + "IamInstanceProfile": Object { "Ref": "Ec2AppAppInstance1InstanceProfile1886A29D", }, - "ImageId": { + "ImageId": Object { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter", }, "InstanceType": "t3.micro", - "SecurityGroupIds": [ - { - "Fn::GetAtt": [ + "SecurityGroupIds": Array [ + Object { + "Fn::GetAtt": Array [ "Ec2AppAppSgF34C625B", "GroupId", ], }, ], - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPrivateSubnet2Subnet4313381B", }, - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "Value": "AppServer1", }, ], - "UserData": { + "UserData": Object { "Fn::Base64": "#!/bin/bash sudo yum -y install httpd sudo systemctl enable httpd sudo systemctl start httpd -echo "

Hello from $(hostname)

" > /var/www/html/index.html +echo \\"

Hello from $(hostname)

\\" > /var/www/html/index.html chown apache.apache /var/www/html/index.html", }, }, "Type": "AWS::EC2::Instance", }, - "Ec2AppAppInstance1InstanceProfile1886A29D": { - "Properties": { - "Roles": [ - { + "Ec2AppAppInstance1InstanceProfile1886A29D": Object { + "Properties": Object { + "Roles": Array [ + Object { "Ref": "Ec2AppSsmInstanceRole98A9FB18", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, - "Ec2AppAppSgF34C625B": { - "Properties": { + "Ec2AppAppSgF34C625B": Object { + "Properties": Object { "GroupDescription": "Dev-BLEAEc2App/Ec2App/AppSg", - "SecurityGroupEgress": [ - { + "SecurityGroupEgress": Array [ + Object { "CidrIp": "0.0.0.0/0", "Description": "from 0.0.0.0/0:ALL PORTS", "FromPort": 0, @@ -606,25 +606,25 @@ chown apache.apache /var/www/html/index.html", "ToPort": 65535, }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "Ec2AppAppSgfromDevBLEAEc2AppAlbSgB1E49274805D7F9651": { - "Properties": { + "Ec2AppAppSgfromDevBLEAEc2AppAlbSgB1E49274805D7F9651": Object { + "Properties": Object { "Description": "from DevBLEAEc2AppAlbSgB1E49274:80", "FromPort": 80, - "GroupId": { - "Fn::GetAtt": [ + "GroupId": Object { + "Fn::GetAtt": Array [ "Ec2AppAppSgF34C625B", "GroupId", ], }, "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": [ + "SourceSecurityGroupId": Object { + "Fn::GetAtt": Array [ "Ec2AppAlbSg4F64FD2A", "GroupId", ], @@ -633,21 +633,21 @@ chown apache.apache /var/www/html/index.html", }, "Type": "AWS::EC2::SecurityGroupIngress", }, - "Ec2AppSsmInstanceRole98A9FB18": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "Ec2AppSsmInstanceRole98A9FB18": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ + "ManagedPolicyArns": Array [ "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy", ], @@ -655,100 +655,100 @@ chown apache.apache /var/www/html/index.html", }, "Type": "AWS::IAM::Role", }, - "InvestigationInstance2E4D52A0": { - "DependsOn": [ + "InvestigationInstance2E4D52A0": Object { + "DependsOn": Array [ "InvestigationInstanceSsmInstanceRole95F6BCCB", ], - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ 0, - { + Object { "Fn::GetAZs": "", }, ], }, - "BlockDeviceMappings": [ - { + "BlockDeviceMappings": Array [ + Object { "DeviceName": "/dev/xvda", - "Ebs": { + "Ebs": Object { "Encrypted": true, "VolumeSize": 10, }, }, ], - "IamInstanceProfile": { + "IamInstanceProfile": Object { "Ref": "InvestigationInstanceInstanceProfileAF68C034", }, - "ImageId": { + "ImageId": Object { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter", }, "InstanceType": "t3.micro", - "SecurityGroupIds": [ - { - "Fn::GetAtt": [ + "SecurityGroupIds": Array [ + Object { + "Fn::GetAtt": Array [ "InvestigationInstanceInvInstanceSgB92E484E", "GroupId", ], }, ], - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "Value": "Investigation", }, ], - "UserData": { + "UserData": Object { "Fn::Base64": "#!/bin/bash sudo yum -y install mariadb", }, }, "Type": "AWS::EC2::Instance", }, - "InvestigationInstanceInstanceProfileAF68C034": { - "Properties": { - "Roles": [ - { + "InvestigationInstanceInstanceProfileAF68C034": Object { + "Properties": Object { + "Roles": Array [ + Object { "Ref": "InvestigationInstanceSsmInstanceRole95F6BCCB", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, - "InvestigationInstanceInvInstanceSgB92E484E": { - "Properties": { + "InvestigationInstanceInvInstanceSgB92E484E": Object { + "Properties": Object { "GroupDescription": "Dev-BLEAEc2App/InvestigationInstance/InvInstanceSg", - "SecurityGroupEgress": [ - { + "SecurityGroupEgress": Array [ + Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "InvestigationInstanceSsmInstanceRole95F6BCCB": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "InvestigationInstanceSsmInstanceRole95F6BCCB": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ + "ManagedPolicyArns": Array [ "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy", ], @@ -756,20 +756,20 @@ sudo yum -y install mariadb", }, "Type": "AWS::IAM::Role", }, - "MonitoringAlarmTopicAF62D4F1": { + "MonitoringAlarmTopicAF62D4F1": Object { "Type": "AWS::SNS::Topic", }, - "MonitoringAlarmTopicPolicyCB9CCFB0": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { + "MonitoringAlarmTopicPolicyCB9CCFB0": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sns:Publish", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudwatch.amazonaws.com", }, - "Resource": { + "Resource": Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, "Sid": "0", @@ -777,66 +777,66 @@ sudo yum -y install mariadb", ], "Version": "2012-10-17", }, - "Topics": [ - { + "Topics": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], }, "Type": "AWS::SNS::TopicPolicy", }, - "MonitoringChatbotChannel3696F0E4": { - "Properties": { + "MonitoringChatbotChannel3696F0E4": Object { + "Properties": Object { "ConfigurationName": "DevBLEAEc2AppMonitoring7E28C0B1", - "IamRoleArn": { - "Fn::GetAtt": [ + "IamRoleArn": Object { + "Fn::GetAtt": Array [ "MonitoringChatbotRoleD766A77D", "Arn", ], }, "SlackChannelId": "CYYYYYYYYYY", "SlackWorkspaceId": "TXXXXXXXXXX", - "SnsTopicArns": [ - { + "SnsTopicArns": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], }, "Type": "AWS::Chatbot::SlackChannelConfiguration", }, - "MonitoringChatbotRoleD766A77D": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "MonitoringChatbotRoleD766A77D": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "chatbot.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/ReadOnlyAccess", ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchReadOnlyAccess", @@ -847,26 +847,26 @@ sudo yum -y install mariadb", }, "Type": "AWS::IAM::Role", }, - "MonitoringEmailSubsc6D15C956": { - "Properties": { + "MonitoringEmailSubsc6D15C956": Object { + "Properties": Object { "Endpoint": "notify-security@example.com", "Protocol": "email", - "TopicArn": { + "TopicArn": Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, }, "Type": "AWS::SNS::Subscription", }, - "NetworkingFlowLogBucket33187957": { + "NetworkingFlowLogBucket33187957": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "AccessControl": "Private", - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Fn::GetAtt": [ + "BucketEncryption": Object { + "ServerSideEncryptionConfiguration": Array [ + Object { + "ServerSideEncryptionByDefault": Object { + "KMSMasterKeyID": Object { + "Fn::GetAtt": Array [ "NetworkingKey5DCEF7CD", "Arn", ], @@ -876,7 +876,7 @@ sudo yum -y install mariadb", }, ], }, - "PublicAccessBlockConfiguration": { + "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, @@ -886,37 +886,37 @@ sudo yum -y install mariadb", "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "NetworkingFlowLogBucketPolicy1EE356A6": { - "Properties": { - "Bucket": { + "NetworkingFlowLogBucketPolicy1EE356A6": Object { + "Properties": Object { + "Bucket": Object { "Ref": "NetworkingFlowLogBucket33187957", }, - "PolicyDocument": { - "Statement": [ - { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "s3:*", - "Condition": { - "Bool": { + "Condition": Object { + "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": { + "Principal": Object { "AWS": "*", }, - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "NetworkingFlowLogBucket33187957", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "NetworkingFlowLogBucket33187957", "Arn", ], @@ -933,27 +933,27 @@ sudo yum -y install mariadb", }, "Type": "AWS::S3::BucketPolicy", }, - "NetworkingKey5DCEF7CD": { + "NetworkingKey5DCEF7CD": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "Description": "BLEA Guest Sample: CMK for Ec2App VPC Flow Logs", "EnableKeyRotation": true, - "KeyPolicy": { - "Statement": [ - { + "KeyPolicy": Object { + "Statement": Array [ + Object { "Action": "kms:*", "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":root", @@ -963,8 +963,8 @@ sudo yum -y install mariadb", }, "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -972,7 +972,7 @@ sudo yum -y install mariadb", "kms:Describe*", ], "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "delivery.logs.amazonaws.com", }, "Resource": "*", @@ -984,11 +984,11 @@ sudo yum -y install mariadb", "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, - "NetworkingKeyAlias2BF09FC0": { - "Properties": { + "NetworkingKeyAlias2BF09FC0": Object { + "Properties": Object { "AliasName": "alias/DevBLEAEc2AppNetworkingD87AB721", - "TargetKeyId": { - "Fn::GetAtt": [ + "TargetKeyId": Object { + "Fn::GetAtt": Array [ "NetworkingKey5DCEF7CD", "Arn", ], @@ -996,47 +996,41 @@ sudo yum -y install mariadb", }, "Type": "AWS::KMS::Alias", }, - "NetworkingPrivateNacl8E602059": { - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "Dev-BLEAEc2App/Networking/PrivateNacl", - }, - ], - "VpcId": { + "NetworkingPrivateNacl8E602059": Object { + "Properties": Object { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::NetworkAcl", }, - "NetworkingPrivateNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPrivateSubnet15B31922B8E6227D5": { - "Properties": { - "NetworkAclId": { + "NetworkingPrivateNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPrivateSubnet15B31922B8E6227D5": Object { + "Properties": Object { + "NetworkAclId": Object { "Ref": "NetworkingPrivateNacl8E602059", }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPrivateSubnet1Subnet717BCE48", }, }, "Type": "AWS::EC2::SubnetNetworkAclAssociation", }, - "NetworkingPrivateNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPrivateSubnet239B35D27D643660A": { - "Properties": { - "NetworkAclId": { + "NetworkingPrivateNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPrivateSubnet239B35D27D643660A": Object { + "Properties": Object { + "NetworkAclId": Object { "Ref": "NetworkingPrivateNacl8E602059", }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPrivateSubnet2Subnet4313381B", }, }, "Type": "AWS::EC2::SubnetNetworkAclAssociation", }, - "NetworkingPrivateNaclPrivateEgress8D7BEE42": { - "Properties": { + "NetworkingPrivateNaclPrivateEgress8D7BEE42": Object { + "Properties": Object { "CidrBlock": "0.0.0.0/0", "Egress": true, - "NetworkAclId": { + "NetworkAclId": Object { "Ref": "NetworkingPrivateNacl8E602059", }, "Protocol": -1, @@ -1045,11 +1039,11 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::NetworkAclEntry", }, - "NetworkingPrivateNaclPrivateIngressA5CFFFD6": { - "Properties": { + "NetworkingPrivateNaclPrivateIngressA5CFFFD6": Object { + "Properties": Object { "CidrBlock": "0.0.0.0/0", "Egress": false, - "NetworkAclId": { + "NetworkAclId": Object { "Ref": "NetworkingPrivateNacl8E602059", }, "Protocol": -1, @@ -1058,47 +1052,41 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::NetworkAclEntry", }, - "NetworkingPublicNacl8F0D44A5": { - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "Dev-BLEAEc2App/Networking/PublicNacl", - }, - ], - "VpcId": { + "NetworkingPublicNacl8F0D44A5": Object { + "Properties": Object { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::NetworkAcl", }, - "NetworkingPublicNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPublicSubnet109F200B211B5AB43": { - "Properties": { - "NetworkAclId": { + "NetworkingPublicNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPublicSubnet109F200B211B5AB43": Object { + "Properties": Object { + "NetworkAclId": Object { "Ref": "NetworkingPublicNacl8F0D44A5", }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPublicSubnet1Subnet918289EE", }, }, "Type": "AWS::EC2::SubnetNetworkAclAssociation", }, - "NetworkingPublicNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPublicSubnet24591B590BD988215": { - "Properties": { - "NetworkAclId": { + "NetworkingPublicNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPublicSubnet24591B590BD988215": Object { + "Properties": Object { + "NetworkAclId": Object { "Ref": "NetworkingPublicNacl8F0D44A5", }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPublicSubnet2Subnet9D9E5AFB", }, }, "Type": "AWS::EC2::SubnetNetworkAclAssociation", }, - "NetworkingPublicNaclPublicEgress927B5E86": { - "Properties": { + "NetworkingPublicNaclPublicEgress927B5E86": Object { + "Properties": Object { "CidrBlock": "0.0.0.0/0", "Egress": true, - "NetworkAclId": { + "NetworkAclId": Object { "Ref": "NetworkingPublicNacl8F0D44A5", }, "Protocol": -1, @@ -1107,11 +1095,11 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::NetworkAclEntry", }, - "NetworkingPublicNaclPublicIngressAC30352B": { - "Properties": { + "NetworkingPublicNaclPublicIngressAC30352B": Object { + "Properties": Object { "CidrBlock": "0.0.0.0/0", "Egress": false, - "NetworkAclId": { + "NetworkAclId": Object { "Ref": "NetworkingPublicNacl8F0D44A5", }, "Protocol": -1, @@ -1120,14 +1108,14 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::NetworkAclEntry", }, - "NetworkingVpc6B5E6F44": { - "Properties": { + "NetworkingVpc6B5E6F44": Object { + "Properties": Object { "CidrBlock": "10.100.0.0/16", "EnableDnsHostnames": true, "EnableDnsSupport": true, "InstanceTenancy": "default", - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, @@ -1135,58 +1123,58 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::VPC", }, - "NetworkingVpcEc2EndpointCDE9BE0C": { - "Properties": { + "NetworkingVpcEc2EndpointCDE9BE0C": Object { + "Properties": Object { "PrivateDnsEnabled": true, - "SecurityGroupIds": [ - { - "Fn::GetAtt": [ + "SecurityGroupIds": Array [ + Object { + "Fn::GetAtt": Array [ "NetworkingVpcEc2EndpointSecurityGroup28494A31", "GroupId", ], }, ], "ServiceName": "com.amazonaws.ap-northeast-1.ec2", - "SubnetIds": [ - { + "SubnetIds": Array [ + Object { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, - { + Object { "Ref": "NetworkingVpcProtectedSubnet2SubnetE110C692", }, ], "VpcEndpointType": "Interface", - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCEndpoint", }, - "NetworkingVpcEc2EndpointSecurityGroup28494A31": { - "Properties": { + "NetworkingVpcEc2EndpointSecurityGroup28494A31": Object { + "Properties": Object { "GroupDescription": "Dev-BLEAEc2App/Networking/Vpc/Ec2Endpoint/SecurityGroup", - "SecurityGroupEgress": [ - { + "SecurityGroupEgress": Array [ + Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], - "SecurityGroupIngress": [ - { - "CidrIp": { - "Fn::GetAtt": [ + "SecurityGroupIngress": Array [ + Object { + "CidrIp": Object { + "Fn::GetAtt": Array [ "NetworkingVpc6B5E6F44", "CidrBlock", ], }, - "Description": { - "Fn::Join": [ + "Description": Object { + "Fn::Join": Array [ "", - [ + Array [ "from ", - { - "Fn::GetAtt": [ + Object { + "Fn::GetAtt": Array [ "NetworkingVpc6B5E6F44", "CidrBlock", ], @@ -1200,70 +1188,70 @@ sudo yum -y install mariadb", "ToPort": 443, }, ], - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "NetworkingVpcEc2MessagesEndpointD64BDA68": { - "Properties": { + "NetworkingVpcEc2MessagesEndpointD64BDA68": Object { + "Properties": Object { "PrivateDnsEnabled": true, - "SecurityGroupIds": [ - { - "Fn::GetAtt": [ + "SecurityGroupIds": Array [ + Object { + "Fn::GetAtt": Array [ "NetworkingVpcEc2MessagesEndpointSecurityGroupA9FD1F29", "GroupId", ], }, ], "ServiceName": "com.amazonaws.ap-northeast-1.ec2messages", - "SubnetIds": [ - { + "SubnetIds": Array [ + Object { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, - { + Object { "Ref": "NetworkingVpcProtectedSubnet2SubnetE110C692", }, ], "VpcEndpointType": "Interface", - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCEndpoint", }, - "NetworkingVpcEc2MessagesEndpointSecurityGroupA9FD1F29": { - "Properties": { + "NetworkingVpcEc2MessagesEndpointSecurityGroupA9FD1F29": Object { + "Properties": Object { "GroupDescription": "Dev-BLEAEc2App/Networking/Vpc/Ec2MessagesEndpoint/SecurityGroup", - "SecurityGroupEgress": [ - { + "SecurityGroupEgress": Array [ + Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], - "SecurityGroupIngress": [ - { - "CidrIp": { - "Fn::GetAtt": [ + "SecurityGroupIngress": Array [ + Object { + "CidrIp": Object { + "Fn::GetAtt": Array [ "NetworkingVpc6B5E6F44", "CidrBlock", ], }, - "Description": { - "Fn::Join": [ + "Description": Object { + "Fn::Join": Array [ "", - [ + Array [ "from ", - { - "Fn::GetAtt": [ + Object { + "Fn::GetAtt": Array [ "NetworkingVpc6B5E6F44", "CidrBlock", ], @@ -1277,48 +1265,48 @@ sudo yum -y install mariadb", "ToPort": 443, }, ], - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "NetworkingVpcFlowLogsFlowLog7DF32A67": { - "DependsOn": [ + "NetworkingVpcFlowLogsFlowLog7DF32A67": Object { + "DependsOn": Array [ "NetworkingFlowLogBucketPolicy1EE356A6", ], - "Properties": { - "LogDestination": { - "Fn::GetAtt": [ + "Properties": Object { + "LogDestination": Object { + "Fn::GetAtt": Array [ "NetworkingFlowLogBucket33187957", "Arn", ], }, "LogDestinationType": "s3", - "ResourceId": { + "ResourceId": Object { "Ref": "NetworkingVpc6B5E6F44", }, "ResourceType": "VPC", - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", - "Value": "Dev-BLEAEc2App/Networking/Vpc/FlowLogs", + "Value": "Dev-BLEAEc2App/Networking/Vpc", }, ], "TrafficType": "ALL", }, "Type": "AWS::EC2::FlowLog", }, - "NetworkingVpcIGW21218DAB": { - "Properties": { - "Tags": [ - { + "NetworkingVpcIGW21218DAB": Object { + "Properties": Object { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, @@ -1326,278 +1314,278 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::InternetGateway", }, - "NetworkingVpcPrivateSubnet1DefaultRouteDE58E6A0": { - "Properties": { + "NetworkingVpcPrivateSubnet1DefaultRouteDE58E6A0": Object { + "Properties": Object { "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { + "NatGatewayId": Object { "Ref": "NetworkingVpcPublicSubnet1NATGateway70EEEC07", }, - "RouteTableId": { + "RouteTableId": Object { "Ref": "NetworkingVpcPrivateSubnet1RouteTable69CC9A73", }, }, "Type": "AWS::EC2::Route", }, - "NetworkingVpcPrivateSubnet1RouteTable69CC9A73": { - "Properties": { - "Tags": [ - { + "NetworkingVpcPrivateSubnet1RouteTable69CC9A73": Object { + "Properties": Object { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PrivateSubnet1", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcPrivateSubnet1RouteTableAssociation761725EA": { - "Properties": { - "RouteTableId": { + "NetworkingVpcPrivateSubnet1RouteTableAssociation761725EA": Object { + "Properties": Object { + "RouteTableId": Object { "Ref": "NetworkingVpcPrivateSubnet1RouteTable69CC9A73", }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPrivateSubnet1Subnet717BCE48", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcPrivateSubnet1Subnet717BCE48": { - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ + "NetworkingVpcPrivateSubnet1Subnet717BCE48": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ 0, - { + Object { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.4.0/22", "MapPublicIpOnLaunch": false, - "Tags": [ - { + "Tags": Array [ + Object { "Key": "aws-cdk:subnet-name", "Value": "Private", }, - { + Object { "Key": "aws-cdk:subnet-type", "Value": "Private", }, - { + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PrivateSubnet1", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcPrivateSubnet2DefaultRoute5BF16047": { - "Properties": { + "NetworkingVpcPrivateSubnet2DefaultRoute5BF16047": Object { + "Properties": Object { "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { + "NatGatewayId": Object { "Ref": "NetworkingVpcPublicSubnet1NATGateway70EEEC07", }, - "RouteTableId": { + "RouteTableId": Object { "Ref": "NetworkingVpcPrivateSubnet2RouteTableAE92CE40", }, }, "Type": "AWS::EC2::Route", }, - "NetworkingVpcPrivateSubnet2RouteTableAE92CE40": { - "Properties": { - "Tags": [ - { + "NetworkingVpcPrivateSubnet2RouteTableAE92CE40": Object { + "Properties": Object { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PrivateSubnet2", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcPrivateSubnet2RouteTableAssociation9EFBB61D": { - "Properties": { - "RouteTableId": { + "NetworkingVpcPrivateSubnet2RouteTableAssociation9EFBB61D": Object { + "Properties": Object { + "RouteTableId": Object { "Ref": "NetworkingVpcPrivateSubnet2RouteTableAE92CE40", }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPrivateSubnet2Subnet4313381B", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcPrivateSubnet2Subnet4313381B": { - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ + "NetworkingVpcPrivateSubnet2Subnet4313381B": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ 1, - { + Object { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.8.0/22", "MapPublicIpOnLaunch": false, - "Tags": [ - { + "Tags": Array [ + Object { "Key": "aws-cdk:subnet-name", "Value": "Private", }, - { + Object { "Key": "aws-cdk:subnet-type", "Value": "Private", }, - { + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PrivateSubnet2", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcProtectedSubnet1RouteTable2C1558E9": { - "Properties": { - "Tags": [ - { + "NetworkingVpcProtectedSubnet1RouteTable2C1558E9": Object { + "Properties": Object { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/ProtectedSubnet1", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcProtectedSubnet1RouteTableAssociation011790AB": { - "Properties": { - "RouteTableId": { + "NetworkingVpcProtectedSubnet1RouteTableAssociation011790AB": Object { + "Properties": Object { + "RouteTableId": Object { "Ref": "NetworkingVpcProtectedSubnet1RouteTable2C1558E9", }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcProtectedSubnet1SubnetF97DE33B": { - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ + "NetworkingVpcProtectedSubnet1SubnetF97DE33B": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ 0, - { + Object { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.12.0/22", "MapPublicIpOnLaunch": false, - "Tags": [ - { + "Tags": Array [ + Object { "Key": "aws-cdk:subnet-name", "Value": "Protected", }, - { + Object { "Key": "aws-cdk:subnet-type", "Value": "Isolated", }, - { + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/ProtectedSubnet1", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcProtectedSubnet2RouteTableA434E57C": { - "Properties": { - "Tags": [ - { + "NetworkingVpcProtectedSubnet2RouteTableA434E57C": Object { + "Properties": Object { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/ProtectedSubnet2", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcProtectedSubnet2RouteTableAssociation01AFDB7E": { - "Properties": { - "RouteTableId": { + "NetworkingVpcProtectedSubnet2RouteTableAssociation01AFDB7E": Object { + "Properties": Object { + "RouteTableId": Object { "Ref": "NetworkingVpcProtectedSubnet2RouteTableA434E57C", }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcProtectedSubnet2SubnetE110C692", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcProtectedSubnet2SubnetE110C692": { - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ + "NetworkingVpcProtectedSubnet2SubnetE110C692": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ 1, - { + Object { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.16.0/22", "MapPublicIpOnLaunch": false, - "Tags": [ - { + "Tags": Array [ + Object { "Key": "aws-cdk:subnet-name", "Value": "Protected", }, - { + Object { "Key": "aws-cdk:subnet-type", "Value": "Isolated", }, - { + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/ProtectedSubnet2", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcPublicSubnet1DefaultRoute80C01FA6": { - "DependsOn": [ + "NetworkingVpcPublicSubnet1DefaultRoute80C01FA6": Object { + "DependsOn": Array [ "NetworkingVpcVPCGW12E561D8", ], - "Properties": { + "Properties": Object { "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { + "GatewayId": Object { "Ref": "NetworkingVpcIGW21218DAB", }, - "RouteTableId": { + "RouteTableId": Object { "Ref": "NetworkingVpcPublicSubnet1RouteTable8FB3C18A", }, }, "Type": "AWS::EC2::Route", }, - "NetworkingVpcPublicSubnet1EIP7D5353EC": { - "Properties": { + "NetworkingVpcPublicSubnet1EIP7D5353EC": Object { + "Properties": Object { "Domain": "vpc", - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet1", }, @@ -1605,23 +1593,23 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::EIP", }, - "NetworkingVpcPublicSubnet1NATGateway70EEEC07": { - "DependsOn": [ + "NetworkingVpcPublicSubnet1NATGateway70EEEC07": Object { + "DependsOn": Array [ "NetworkingVpcPublicSubnet1DefaultRoute80C01FA6", "NetworkingVpcPublicSubnet1RouteTableAssociationD13830EA", ], - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ + "Properties": Object { + "AllocationId": Object { + "Fn::GetAtt": Array [ "NetworkingVpcPublicSubnet1EIP7D5353EC", "AllocationId", ], }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPublicSubnet1Subnet918289EE", }, - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet1", }, @@ -1629,157 +1617,157 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::NatGateway", }, - "NetworkingVpcPublicSubnet1RouteTable8FB3C18A": { - "Properties": { - "Tags": [ - { + "NetworkingVpcPublicSubnet1RouteTable8FB3C18A": Object { + "Properties": Object { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet1", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcPublicSubnet1RouteTableAssociationD13830EA": { - "Properties": { - "RouteTableId": { + "NetworkingVpcPublicSubnet1RouteTableAssociationD13830EA": Object { + "Properties": Object { + "RouteTableId": Object { "Ref": "NetworkingVpcPublicSubnet1RouteTable8FB3C18A", }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPublicSubnet1Subnet918289EE", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcPublicSubnet1Subnet918289EE": { - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ + "NetworkingVpcPublicSubnet1Subnet918289EE": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ 0, - { + Object { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.0.0/24", "MapPublicIpOnLaunch": true, - "Tags": [ - { + "Tags": Array [ + Object { "Key": "aws-cdk:subnet-name", "Value": "Public", }, - { + Object { "Key": "aws-cdk:subnet-type", "Value": "Public", }, - { + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet1", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcPublicSubnet2DefaultRouteDF98F60F": { - "DependsOn": [ + "NetworkingVpcPublicSubnet2DefaultRouteDF98F60F": Object { + "DependsOn": Array [ "NetworkingVpcVPCGW12E561D8", ], - "Properties": { + "Properties": Object { "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { + "GatewayId": Object { "Ref": "NetworkingVpcIGW21218DAB", }, - "RouteTableId": { + "RouteTableId": Object { "Ref": "NetworkingVpcPublicSubnet2RouteTable22886677", }, }, "Type": "AWS::EC2::Route", }, - "NetworkingVpcPublicSubnet2RouteTable22886677": { - "Properties": { - "Tags": [ - { + "NetworkingVpcPublicSubnet2RouteTable22886677": Object { + "Properties": Object { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet2", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcPublicSubnet2RouteTableAssociation2D4CEA06": { - "Properties": { - "RouteTableId": { + "NetworkingVpcPublicSubnet2RouteTableAssociation2D4CEA06": Object { + "Properties": Object { + "RouteTableId": Object { "Ref": "NetworkingVpcPublicSubnet2RouteTable22886677", }, - "SubnetId": { + "SubnetId": Object { "Ref": "NetworkingVpcPublicSubnet2Subnet9D9E5AFB", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcPublicSubnet2Subnet9D9E5AFB": { - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ + "NetworkingVpcPublicSubnet2Subnet9D9E5AFB": Object { + "Properties": Object { + "AvailabilityZone": Object { + "Fn::Select": Array [ 1, - { + Object { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.1.0/24", "MapPublicIpOnLaunch": true, - "Tags": [ - { + "Tags": Array [ + Object { "Key": "aws-cdk:subnet-name", "Value": "Public", }, - { + Object { "Key": "aws-cdk:subnet-type", "Value": "Public", }, - { + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet2", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcS3GWEndpointA935E1AA": { - "Properties": { - "RouteTableIds": [ - { + "NetworkingVpcS3GWEndpointA935E1AA": Object { + "Properties": Object { + "RouteTableIds": Array [ + Object { "Ref": "NetworkingVpcPrivateSubnet1RouteTable69CC9A73", }, - { + Object { "Ref": "NetworkingVpcPrivateSubnet2RouteTableAE92CE40", }, - { + Object { "Ref": "NetworkingVpcProtectedSubnet1RouteTable2C1558E9", }, - { + Object { "Ref": "NetworkingVpcProtectedSubnet2RouteTableA434E57C", }, ], - "ServiceName": { - "Fn::Join": [ + "ServiceName": Object { + "Fn::Join": Array [ "", - [ + Array [ "com.amazonaws.", - { + Object { "Ref": "AWS::Region", }, ".s3", @@ -1787,64 +1775,64 @@ sudo yum -y install mariadb", ], }, "VpcEndpointType": "Gateway", - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCEndpoint", }, - "NetworkingVpcSsmEndpoint054488E3": { - "Properties": { + "NetworkingVpcSsmEndpoint054488E3": Object { + "Properties": Object { "PrivateDnsEnabled": true, - "SecurityGroupIds": [ - { - "Fn::GetAtt": [ + "SecurityGroupIds": Array [ + Object { + "Fn::GetAtt": Array [ "NetworkingVpcSsmEndpointSecurityGroup897B24DC", "GroupId", ], }, ], "ServiceName": "com.amazonaws.ap-northeast-1.ssm", - "SubnetIds": [ - { + "SubnetIds": Array [ + Object { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, - { + Object { "Ref": "NetworkingVpcProtectedSubnet2SubnetE110C692", }, ], "VpcEndpointType": "Interface", - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCEndpoint", }, - "NetworkingVpcSsmEndpointSecurityGroup897B24DC": { - "Properties": { + "NetworkingVpcSsmEndpointSecurityGroup897B24DC": Object { + "Properties": Object { "GroupDescription": "Dev-BLEAEc2App/Networking/Vpc/SsmEndpoint/SecurityGroup", - "SecurityGroupEgress": [ - { + "SecurityGroupEgress": Array [ + Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], - "SecurityGroupIngress": [ - { - "CidrIp": { - "Fn::GetAtt": [ + "SecurityGroupIngress": Array [ + Object { + "CidrIp": Object { + "Fn::GetAtt": Array [ "NetworkingVpc6B5E6F44", "CidrBlock", ], }, - "Description": { - "Fn::Join": [ + "Description": Object { + "Fn::Join": Array [ "", - [ + Array [ "from ", - { - "Fn::GetAtt": [ + Object { + "Fn::GetAtt": Array [ "NetworkingVpc6B5E6F44", "CidrBlock", ], @@ -1858,70 +1846,70 @@ sudo yum -y install mariadb", "ToPort": 443, }, ], - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "NetworkingVpcSsmMessagesEndpointDA21F821": { - "Properties": { + "NetworkingVpcSsmMessagesEndpointDA21F821": Object { + "Properties": Object { "PrivateDnsEnabled": true, - "SecurityGroupIds": [ - { - "Fn::GetAtt": [ + "SecurityGroupIds": Array [ + Object { + "Fn::GetAtt": Array [ "NetworkingVpcSsmMessagesEndpointSecurityGroup4F815FEB", "GroupId", ], }, ], "ServiceName": "com.amazonaws.ap-northeast-1.ssmmessages", - "SubnetIds": [ - { + "SubnetIds": Array [ + Object { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, - { + Object { "Ref": "NetworkingVpcProtectedSubnet2SubnetE110C692", }, ], "VpcEndpointType": "Interface", - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCEndpoint", }, - "NetworkingVpcSsmMessagesEndpointSecurityGroup4F815FEB": { - "Properties": { + "NetworkingVpcSsmMessagesEndpointSecurityGroup4F815FEB": Object { + "Properties": Object { "GroupDescription": "Dev-BLEAEc2App/Networking/Vpc/SsmMessagesEndpoint/SecurityGroup", - "SecurityGroupEgress": [ - { + "SecurityGroupEgress": Array [ + Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], - "SecurityGroupIngress": [ - { - "CidrIp": { - "Fn::GetAtt": [ + "SecurityGroupIngress": Array [ + Object { + "CidrIp": Object { + "Fn::GetAtt": Array [ "NetworkingVpc6B5E6F44", "CidrBlock", ], }, - "Description": { - "Fn::Join": [ + "Description": Object { + "Fn::Join": Array [ "", - [ + Array [ "from ", - { - "Fn::GetAtt": [ + Object { + "Fn::GetAtt": Array [ "NetworkingVpc6B5E6F44", "CidrBlock", ], @@ -1935,46 +1923,46 @@ sudo yum -y install mariadb", "ToPort": 443, }, ], - "Tags": [ - { + "Tags": Array [ + Object { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, ], - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "NetworkingVpcVPCGW12E561D8": { - "Properties": { - "InternetGatewayId": { + "NetworkingVpcVPCGW12E561D8": Object { + "Properties": Object { + "InternetGatewayId": Object { "Ref": "NetworkingVpcIGW21218DAB", }, - "VpcId": { + "VpcId": Object { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCGatewayAttachment", }, }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ + "Rules": Object { + "CheckBootstrapVersion": Object { + "Assertions": Array [ + Object { + "Assert": Object { + "Fn::Not": Array [ + Object { + "Fn::Contains": Array [ + Array [ "1", "2", "3", "4", "5", ], - { + Object { "Ref": "BootstrapVersion", }, ], diff --git a/usecases/blea-guest-serverless-api-sample/test/__snapshots__/blea-guest-apiapp-nodejs-sample.test.ts.snap b/usecases/blea-guest-serverless-api-sample/test/__snapshots__/blea-guest-apiapp-nodejs-sample.test.ts.snap index 05271c202..64703d038 100644 --- a/usecases/blea-guest-serverless-api-sample/test/__snapshots__/blea-guest-apiapp-nodejs-sample.test.ts.snap +++ b/usecases/blea-guest-serverless-api-sample/test/__snapshots__/blea-guest-apiapp-nodejs-sample.test.ts.snap @@ -1,23 +1,23 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for ServerlessApi Stack 1`] = ` -{ - "Outputs": { - "ApiRestApiEndpoint4DEFB5CC": { - "Value": { - "Fn::Join": [ +Object { + "Outputs": Object { + "ApiRestApiEndpoint4DEFB5CC": Object { + "Value": Object { + "Fn::Join": Array [ "", - [ + Array [ "https://", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, ".execute-api.ap-northeast-1.", - { + Object { "Ref": "AWS::URLSuffix", }, "/", - { + Object { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/", @@ -26,26 +26,26 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, }, }, - "Parameters": { - "BootstrapVersion": { + "Parameters": Object { + "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": { - "ApiAPIGatewayInvocationCountB691929A": { - "Properties": { + "Resources": Object { + "ApiAPIGatewayInvocationCountB691929A": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "ApiName", "Value": "RestApi", }, @@ -59,75 +59,75 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiApiGatewayLogGroup7BC2F58D": { + "ApiApiGatewayLogGroup7BC2F58D": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "RetentionInDays": 30, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, - "ApiLambdaNodejsGetItemFunction690D1743": { - "DependsOn": [ + "ApiLambdaNodejsGetItemFunction690D1743": Object { + "DependsOn": Array [ "ApiLambdaNodejsGetItemFunctionServiceRoleDefaultPolicy47E2D438", "ApiLambdaNodejsGetItemFunctionServiceRoleE5916FAE", ], - "Properties": { - "Code": { - "S3Bucket": { + "Properties": Object { + "Code": Object { + "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, - "S3Key": "0157fe07cfc88764efa12fcb763d754f369f10425465a09d15e1d590506494df.zip", + "S3Key": "a616604aaa5cc7457cca5373a05c61891e93469ced11392a0cd056762c7c50aa.zip", }, - "Environment": { - "Variables": { + "Environment": Object { + "Variables": Object { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DDB_TABLE": { + "DDB_TABLE": Object { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "index.getItem", - "KmsKeyArn": { - "Fn::GetAtt": [ + "KmsKeyArn": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, - "Layers": [ + "Layers": Array [ "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 256, - "Role": { - "Fn::GetAtt": [ + "Role": Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsGetItemFunctionServiceRoleE5916FAE", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 25, - "TracingConfig": { + "TracingConfig": Object { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaNodejsGetItemFunctionLogRetentionAEF27AB1": { - "Properties": { - "LogGroupName": { - "Fn::Join": [ + "ApiLambdaNodejsGetItemFunctionLogRetentionAEF27AB1": Object { + "Properties": Object { + "LogGroupName": Object { + "Fn::Join": Array [ "", - [ + Array [ "/aws/lambda/", - { + Object { "Ref": "ApiLambdaNodejsGetItemFunction690D1743", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": { - "Fn::GetAtt": [ + "ServiceToken": Object { + "Fn::GetAtt": Array [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -135,20 +135,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "Custom::LogRetention", }, - "ApiLambdaNodejsGetItemFunctionServiceRoleDefaultPolicy47E2D438": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "ApiLambdaNodejsGetItemFunctionServiceRoleDefaultPolicy47E2D438": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -156,32 +156,32 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "kms:Describe*", ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, }, - { - "Action": [ + Object { + "Action": Array [ "dynamodb:Query", "dynamodb:GetItem", ], "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], @@ -196,47 +196,47 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "ApiLambdaNodejsGetItemFunctionServiceRoleDefaultPolicy47E2D438", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "ApiLambdaNodejsGetItemFunctionServiceRoleE5916FAE", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaNodejsGetItemFunctionServiceRoleE5916FAE": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "ApiLambdaNodejsGetItemFunctionServiceRoleE5916FAE": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -247,67 +247,67 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "ApiLambdaNodejsListItemsFunction7383885E": { - "DependsOn": [ + "ApiLambdaNodejsListItemsFunction7383885E": Object { + "DependsOn": Array [ "ApiLambdaNodejsListItemsFunctionServiceRoleDefaultPolicy79E6AC10", "ApiLambdaNodejsListItemsFunctionServiceRole568FA032", ], - "Properties": { - "Code": { - "S3Bucket": { + "Properties": Object { + "Code": Object { + "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, - "S3Key": "1e9ca361a3f211f391de1a63a75aa25053dbf11ebf7b6ad57020c9d08caeafa5.zip", + "S3Key": "0d9e5c676e6afe9e67a4e2ec1973be8d83308ef75062c2a39b03be6da1d6dcb3.zip", }, - "Environment": { - "Variables": { + "Environment": Object { + "Variables": Object { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DDB_TABLE": { + "DDB_TABLE": Object { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "index.listItems", - "KmsKeyArn": { - "Fn::GetAtt": [ + "KmsKeyArn": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, - "Layers": [ + "Layers": Array [ "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 256, - "Role": { - "Fn::GetAtt": [ + "Role": Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsListItemsFunctionServiceRole568FA032", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 25, - "TracingConfig": { + "TracingConfig": Object { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaNodejsListItemsFunctionLogRetention28222FF3": { - "Properties": { - "LogGroupName": { - "Fn::Join": [ + "ApiLambdaNodejsListItemsFunctionLogRetention28222FF3": Object { + "Properties": Object { + "LogGroupName": Object { + "Fn::Join": Array [ "", - [ + Array [ "/aws/lambda/", - { + Object { "Ref": "ApiLambdaNodejsListItemsFunction7383885E", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": { - "Fn::GetAtt": [ + "ServiceToken": Object { + "Fn::GetAtt": Array [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -315,39 +315,39 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "Custom::LogRetention", }, - "ApiLambdaNodejsListItemsFunctionServiceRole568FA032": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "ApiLambdaNodejsListItemsFunctionServiceRole568FA032": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -358,20 +358,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "ApiLambdaNodejsListItemsFunctionServiceRoleDefaultPolicy79E6AC10": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "ApiLambdaNodejsListItemsFunctionServiceRoleDefaultPolicy79E6AC10": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -379,32 +379,32 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "kms:Describe*", ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, }, - { - "Action": [ + Object { + "Action": Array [ "dynamodb:Query", "dynamodb:Scan", ], "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], @@ -419,75 +419,75 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "ApiLambdaNodejsListItemsFunctionServiceRoleDefaultPolicy79E6AC10", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "ApiLambdaNodejsListItemsFunctionServiceRole568FA032", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaNodejsPutItemFunctionFC2FA584": { - "DependsOn": [ + "ApiLambdaNodejsPutItemFunctionFC2FA584": Object { + "DependsOn": Array [ "ApiLambdaNodejsPutItemFunctionServiceRoleDefaultPolicy04245F1A", "ApiLambdaNodejsPutItemFunctionServiceRoleB67323AE", ], - "Properties": { - "Code": { - "S3Bucket": { + "Properties": Object { + "Code": Object { + "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, - "S3Key": "17b346b18d1dd1c466b1915e9cd7962315bf33dabe5eabff497ee1eef6315afd.zip", + "S3Key": "da011cc76728148664f8d21f1fb5767cc8c16ccefedd41942eae64a6135e4699.zip", }, - "Environment": { - "Variables": { + "Environment": Object { + "Variables": Object { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DDB_TABLE": { + "DDB_TABLE": Object { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "index.putItem", - "KmsKeyArn": { - "Fn::GetAtt": [ + "KmsKeyArn": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, - "Layers": [ + "Layers": Array [ "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 256, - "Role": { - "Fn::GetAtt": [ + "Role": Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsPutItemFunctionServiceRoleB67323AE", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 25, - "TracingConfig": { + "TracingConfig": Object { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaNodejsPutItemFunctionLogRetentionF06A63D6": { - "Properties": { - "LogGroupName": { - "Fn::Join": [ + "ApiLambdaNodejsPutItemFunctionLogRetentionF06A63D6": Object { + "Properties": Object { + "LogGroupName": Object { + "Fn::Join": Array [ "", - [ + Array [ "/aws/lambda/", - { + Object { "Ref": "ApiLambdaNodejsPutItemFunctionFC2FA584", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": { - "Fn::GetAtt": [ + "ServiceToken": Object { + "Fn::GetAtt": Array [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -495,39 +495,39 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "Custom::LogRetention", }, - "ApiLambdaNodejsPutItemFunctionServiceRoleB67323AE": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "ApiLambdaNodejsPutItemFunctionServiceRoleB67323AE": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -538,20 +538,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "ApiLambdaNodejsPutItemFunctionServiceRoleDefaultPolicy04245F1A": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "ApiLambdaNodejsPutItemFunctionServiceRoleDefaultPolicy04245F1A": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -559,29 +559,29 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "kms:Describe*", ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, }, - { + Object { "Action": "dynamodb:PutItem", "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], @@ -596,28 +596,28 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "ApiLambdaNodejsPutItemFunctionServiceRoleDefaultPolicy04245F1A", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "ApiLambdaNodejsPutItemFunctionServiceRoleB67323AE", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaNodejsgetItemConcurrentExecutionsAlarmFFA1BD91": { - "Properties": { + "ApiLambdaNodejsgetItemConcurrentExecutionsAlarmFFA1BD91": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsGetItemFunction690D1743", }, }, @@ -631,20 +631,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsgetItemDurationAlarm5EA5942E": { - "Properties": { + "ApiLambdaNodejsgetItemDurationAlarm5EA5942E": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsGetItemFunction690D1743", }, }, @@ -658,20 +658,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsgetItemErrorsAlarm5A5A18BF": { - "Properties": { + "ApiLambdaNodejsgetItemErrorsAlarm5A5A18BF": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsGetItemFunction690D1743", }, }, @@ -685,20 +685,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsgetItemThrottlesAlarmB352F6E5": { - "Properties": { + "ApiLambdaNodejsgetItemThrottlesAlarmB352F6E5": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsGetItemFunction690D1743", }, }, @@ -712,20 +712,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejslistItemsConcurrentExecutionsAlarmD2695C91": { - "Properties": { + "ApiLambdaNodejslistItemsConcurrentExecutionsAlarmD2695C91": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsListItemsFunction7383885E", }, }, @@ -739,20 +739,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejslistItemsDurationAlarmEE962444": { - "Properties": { + "ApiLambdaNodejslistItemsDurationAlarmEE962444": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsListItemsFunction7383885E", }, }, @@ -766,20 +766,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejslistItemsErrorsExecutionsAlarm509E4CEC": { - "Properties": { + "ApiLambdaNodejslistItemsErrorsExecutionsAlarm509E4CEC": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsListItemsFunction7383885E", }, }, @@ -793,20 +793,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejslistItemsThrottlesAlarm9C26D78C": { - "Properties": { + "ApiLambdaNodejslistItemsThrottlesAlarm9C26D78C": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsListItemsFunction7383885E", }, }, @@ -820,20 +820,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsputItemConcurrentExecutionsAlarm96A1F417": { - "Properties": { + "ApiLambdaNodejsputItemConcurrentExecutionsAlarm96A1F417": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsPutItemFunctionFC2FA584", }, }, @@ -847,20 +847,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsputItemDurationAlarm4DEC7925": { - "Properties": { + "ApiLambdaNodejsputItemDurationAlarm4DEC7925": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsPutItemFunctionFC2FA584", }, }, @@ -874,20 +874,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsputItemErrorsAlarmB59BB9FA": { - "Properties": { + "ApiLambdaNodejsputItemErrorsAlarmB59BB9FA": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsPutItemFunctionFC2FA584", }, }, @@ -901,20 +901,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsputItemThrottlesAlarmDA173E04": { - "Properties": { + "ApiLambdaNodejsputItemThrottlesAlarmDA173E04": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaNodejsPutItemFunctionFC2FA584", }, }, @@ -928,67 +928,67 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonGetItemFunction7F81F93B": { - "DependsOn": [ + "ApiLambdaPythonGetItemFunction7F81F93B": Object { + "DependsOn": Array [ "ApiLambdaPythonGetItemFunctionServiceRoleDefaultPolicy550CE002", "ApiLambdaPythonGetItemFunctionServiceRole87970B01", ], - "Properties": { - "Code": { - "S3Bucket": { + "Properties": Object { + "Code": Object { + "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, "S3Key": "6c6248559cf324952895870a3b546cf7cbfbafe0cce9e4a60bc61e6ec8eef051.zip", }, - "Environment": { - "Variables": { - "DDB_TABLE": { + "Environment": Object { + "Variables": Object { + "DDB_TABLE": Object { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "getItem.lambda_handler", - "KmsKeyArn": { - "Fn::GetAtt": [ + "KmsKeyArn": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, - "Layers": [ + "Layers": Array [ "arn:aws:lambda:ap-northeast-1:017000801446:layer:AWSLambdaPowertoolsPython:3", "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 256, - "Role": { - "Fn::GetAtt": [ + "Role": Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonGetItemFunctionServiceRole87970B01", "Arn", ], }, "Runtime": "python3.7", "Timeout": 25, - "TracingConfig": { + "TracingConfig": Object { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaPythonGetItemFunctionLogRetentionBA7F7CC2": { - "Properties": { - "LogGroupName": { - "Fn::Join": [ + "ApiLambdaPythonGetItemFunctionLogRetentionBA7F7CC2": Object { + "Properties": Object { + "LogGroupName": Object { + "Fn::Join": Array [ "", - [ + Array [ "/aws/lambda/", - { + Object { "Ref": "ApiLambdaPythonGetItemFunction7F81F93B", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": { - "Fn::GetAtt": [ + "ServiceToken": Object { + "Fn::GetAtt": Array [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -996,39 +996,39 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "Custom::LogRetention", }, - "ApiLambdaPythonGetItemFunctionServiceRole87970B01": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "ApiLambdaPythonGetItemFunctionServiceRole87970B01": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -1039,20 +1039,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "ApiLambdaPythonGetItemFunctionServiceRoleDefaultPolicy550CE002": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "ApiLambdaPythonGetItemFunctionServiceRoleDefaultPolicy550CE002": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -1060,32 +1060,32 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "kms:Describe*", ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, }, - { - "Action": [ + Object { + "Action": Array [ "dynamodb:Query", "dynamodb:GetItem", ], "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], @@ -1100,75 +1100,75 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "ApiLambdaPythonGetItemFunctionServiceRoleDefaultPolicy550CE002", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "ApiLambdaPythonGetItemFunctionServiceRole87970B01", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaPythonListItemsFunction6E2E7058": { - "DependsOn": [ + "ApiLambdaPythonListItemsFunction6E2E7058": Object { + "DependsOn": Array [ "ApiLambdaPythonListItemsFunctionServiceRoleDefaultPolicy365FE2DB", "ApiLambdaPythonListItemsFunctionServiceRoleD3B9A3A3", ], - "Properties": { - "Code": { - "S3Bucket": { + "Properties": Object { + "Code": Object { + "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, "S3Key": "9935294482ff6ee39a0af20cfbf740c113a6d493e51300bfd6e98e85e6e9f360.zip", }, - "Environment": { - "Variables": { - "DDB_TABLE": { + "Environment": Object { + "Variables": Object { + "DDB_TABLE": Object { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "listItems.lambda_handler", - "KmsKeyArn": { - "Fn::GetAtt": [ + "KmsKeyArn": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, - "Layers": [ + "Layers": Array [ "arn:aws:lambda:ap-northeast-1:017000801446:layer:AWSLambdaPowertoolsPython:3", "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 2048, - "Role": { - "Fn::GetAtt": [ + "Role": Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonListItemsFunctionServiceRoleD3B9A3A3", "Arn", ], }, "Runtime": "python3.7", "Timeout": 25, - "TracingConfig": { + "TracingConfig": Object { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaPythonListItemsFunctionLogRetention4AAEE7BC": { - "Properties": { - "LogGroupName": { - "Fn::Join": [ + "ApiLambdaPythonListItemsFunctionLogRetention4AAEE7BC": Object { + "Properties": Object { + "LogGroupName": Object { + "Fn::Join": Array [ "", - [ + Array [ "/aws/lambda/", - { + Object { "Ref": "ApiLambdaPythonListItemsFunction6E2E7058", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": { - "Fn::GetAtt": [ + "ServiceToken": Object { + "Fn::GetAtt": Array [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -1176,39 +1176,39 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "Custom::LogRetention", }, - "ApiLambdaPythonListItemsFunctionServiceRoleD3B9A3A3": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "ApiLambdaPythonListItemsFunctionServiceRoleD3B9A3A3": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -1219,20 +1219,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "ApiLambdaPythonListItemsFunctionServiceRoleDefaultPolicy365FE2DB": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "ApiLambdaPythonListItemsFunctionServiceRoleDefaultPolicy365FE2DB": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -1240,32 +1240,32 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "kms:Describe*", ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, }, - { - "Action": [ + Object { + "Action": Array [ "dynamodb:Query", "dynamodb:Scan", ], "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], @@ -1280,75 +1280,75 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "ApiLambdaPythonListItemsFunctionServiceRoleDefaultPolicy365FE2DB", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "ApiLambdaPythonListItemsFunctionServiceRoleD3B9A3A3", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaPythonPutItemFunction0EA5A227": { - "DependsOn": [ + "ApiLambdaPythonPutItemFunction0EA5A227": Object { + "DependsOn": Array [ "ApiLambdaPythonPutItemFunctionServiceRoleDefaultPolicyBA2B5B41", "ApiLambdaPythonPutItemFunctionServiceRole2AD40DC0", ], - "Properties": { - "Code": { - "S3Bucket": { + "Properties": Object { + "Code": Object { + "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, "S3Key": "dc0a332c2c8fb4d4e7977a51466ff04fda2926977fd3f496acfa00722ded9563.zip", }, - "Environment": { - "Variables": { - "DDB_TABLE": { + "Environment": Object { + "Variables": Object { + "DDB_TABLE": Object { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "putItem.lambda_handler", - "KmsKeyArn": { - "Fn::GetAtt": [ + "KmsKeyArn": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, - "Layers": [ + "Layers": Array [ "arn:aws:lambda:ap-northeast-1:017000801446:layer:AWSLambdaPowertoolsPython:3", "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 256, - "Role": { - "Fn::GetAtt": [ + "Role": Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonPutItemFunctionServiceRole2AD40DC0", "Arn", ], }, "Runtime": "python3.7", "Timeout": 25, - "TracingConfig": { + "TracingConfig": Object { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaPythonPutItemFunctionLogRetention1C3D6644": { - "Properties": { - "LogGroupName": { - "Fn::Join": [ + "ApiLambdaPythonPutItemFunctionLogRetention1C3D6644": Object { + "Properties": Object { + "LogGroupName": Object { + "Fn::Join": Array [ "", - [ + Array [ "/aws/lambda/", - { + Object { "Ref": "ApiLambdaPythonPutItemFunction0EA5A227", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": { - "Fn::GetAtt": [ + "ServiceToken": Object { + "Fn::GetAtt": Array [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -1356,39 +1356,39 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "Custom::LogRetention", }, - "ApiLambdaPythonPutItemFunctionServiceRole2AD40DC0": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "ApiLambdaPythonPutItemFunctionServiceRole2AD40DC0": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -1399,20 +1399,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "ApiLambdaPythonPutItemFunctionServiceRoleDefaultPolicyBA2B5B41": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "ApiLambdaPythonPutItemFunctionServiceRoleDefaultPolicyBA2B5B41": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -1420,29 +1420,29 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "kms:Describe*", ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ + "Resource": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], }, }, - { + Object { "Action": "dynamodb:PutItem", "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ + "Resource": Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ - { - "Fn::GetAtt": [ + Array [ + Object { + "Fn::GetAtt": Array [ "DatastoreTable6900098D", "Arn", ], @@ -1457,28 +1457,28 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "ApiLambdaPythonPutItemFunctionServiceRoleDefaultPolicyBA2B5B41", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "ApiLambdaPythonPutItemFunctionServiceRole2AD40DC0", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaPythongetItemConcurrentExecutionsAlarm09E169A6": { - "Properties": { + "ApiLambdaPythongetItemConcurrentExecutionsAlarm09E169A6": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonGetItemFunction7F81F93B", }, }, @@ -1492,20 +1492,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythongetItemDurationAlarmD9B0D891": { - "Properties": { + "ApiLambdaPythongetItemDurationAlarmD9B0D891": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonGetItemFunction7F81F93B", }, }, @@ -1519,20 +1519,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythongetItemErrorsAlarm1636EC90": { - "Properties": { + "ApiLambdaPythongetItemErrorsAlarm1636EC90": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonGetItemFunction7F81F93B", }, }, @@ -1546,20 +1546,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythongetItemThrottlesAlarm34456187": { - "Properties": { + "ApiLambdaPythongetItemThrottlesAlarm34456187": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonGetItemFunction7F81F93B", }, }, @@ -1573,20 +1573,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonlistItemsConcurrentExecutionsAlarm307F2F04": { - "Properties": { + "ApiLambdaPythonlistItemsConcurrentExecutionsAlarm307F2F04": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonListItemsFunction6E2E7058", }, }, @@ -1600,20 +1600,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonlistItemsDurationAlarm8D3DC059": { - "Properties": { + "ApiLambdaPythonlistItemsDurationAlarm8D3DC059": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonListItemsFunction6E2E7058", }, }, @@ -1627,20 +1627,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonlistItemsErrorsExecutionsAlarm50F77830": { - "Properties": { + "ApiLambdaPythonlistItemsErrorsExecutionsAlarm50F77830": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonListItemsFunction6E2E7058", }, }, @@ -1654,20 +1654,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonlistItemsThrottlesAlarm6969E734": { - "Properties": { + "ApiLambdaPythonlistItemsThrottlesAlarm6969E734": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonListItemsFunction6E2E7058", }, }, @@ -1681,20 +1681,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonputItemConcurrentExecutionsAlarmA11DBC15": { - "Properties": { + "ApiLambdaPythonputItemConcurrentExecutionsAlarmA11DBC15": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonPutItemFunction0EA5A227", }, }, @@ -1708,20 +1708,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonputItemDurationAlarm3B22CCB7": { - "Properties": { + "ApiLambdaPythonputItemDurationAlarm3B22CCB7": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonPutItemFunction0EA5A227", }, }, @@ -1735,20 +1735,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonputItemErrorsAlarm6023E1EC": { - "Properties": { + "ApiLambdaPythonputItemErrorsAlarm6023E1EC": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonPutItemFunction0EA5A227", }, }, @@ -1762,20 +1762,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonputItemThrottlesAlarm7981B2AC": { - "Properties": { + "ApiLambdaPythonputItemThrottlesAlarm7981B2AC": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "FunctionName", - "Value": { + "Value": Object { "Ref": "ApiLambdaPythonPutItemFunction0EA5A227", }, }, @@ -1789,14 +1789,14 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiRestApiAccount598A1DA6": { + "ApiRestApiAccount598A1DA6": Object { "DeletionPolicy": "Retain", - "DependsOn": [ + "DependsOn": Array [ "ApiRestApiE35FEAFE", ], - "Properties": { - "CloudWatchRoleArn": { - "Fn::GetAtt": [ + "Properties": Object { + "CloudWatchRoleArn": Object { + "Fn::GetAtt": Array [ "ApiRestApiCloudWatchRoleB7879BFC", "Arn", ], @@ -1805,28 +1805,28 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, - "ApiRestApiCloudWatchRoleB7879BFC": { + "ApiRestApiCloudWatchRoleB7879BFC": Object { "DeletionPolicy": "Retain", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", @@ -1838,8 +1838,8 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, - "ApiRestApiDeploymentDC05A82D897c301a1bec5a379eebd5094efed118": { - "DependsOn": [ + "ApiRestApiDeploymentDC05A82D897c301a1bec5a379eebd5094efed118": Object { + "DependsOn": Array [ "ApiRestApinodejsitemtitleGETC0EE8F85", "ApiRestApinodejsitemtitle29B62070", "ApiRestApinodejsitemPOST296B5713", @@ -1855,33 +1855,33 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "ApiRestApipythonlist4EC12D2C", "ApiRestApipython2F6D6644", ], - "Properties": { + "Properties": Object { "Description": "Automatically created by the RestApi construct", - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Deployment", }, - "ApiRestApiDeploymentStageprodE828476C": { - "DependsOn": [ + "ApiRestApiDeploymentStageprodE828476C": Object { + "DependsOn": Array [ "ApiRestApiAccount598A1DA6", ], - "Properties": { - "AccessLogSetting": { - "DestinationArn": { - "Fn::GetAtt": [ + "Properties": Object { + "AccessLogSetting": Object { + "DestinationArn": Object { + "Fn::GetAtt": Array [ "ApiApiGatewayLogGroup7BC2F58D", "Arn", ], }, - "Format": "{"requestId":"$context.requestId","ip":"$context.identity.sourceIp","user":"$context.identity.user","caller":"$context.identity.caller","requestTime":"$context.requestTime","httpMethod":"$context.httpMethod","resourcePath":"$context.resourcePath","status":"$context.status","protocol":"$context.protocol","responseLength":"$context.responseLength"}", + "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", }, - "DeploymentId": { + "DeploymentId": Object { "Ref": "ApiRestApiDeploymentDC05A82D897c301a1bec5a379eebd5094efed118", }, - "MethodSettings": [ - { + "MethodSettings": Array [ + Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", @@ -1889,7 +1889,7 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "ResourcePath": "/*", }, ], - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, "StageName": "prod", @@ -1897,57 +1897,57 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::ApiGateway::Stage", }, - "ApiRestApiE35FEAFE": { - "Properties": { + "ApiRestApiE35FEAFE": Object { + "Properties": Object { "Name": "RestApi", }, "Type": "AWS::ApiGateway::RestApi", }, - "ApiRestApinodejsD890E984": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ + "ApiRestApinodejsD890E984": Object { + "Properties": Object { + "ParentId": Object { + "Fn::GetAtt": Array [ "ApiRestApiE35FEAFE", "RootResourceId", ], }, "PathPart": "nodejs", - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApinodejsitemB718EB4B": { - "Properties": { - "ParentId": { + "ApiRestApinodejsitemB718EB4B": Object { + "Properties": Object { + "ParentId": Object { "Ref": "ApiRestApinodejsD890E984", }, "PathPart": "item", - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApinodejsitemPOST296B5713": { - "Properties": { + "ApiRestApinodejsitemPOST296B5713": Object { + "Properties": Object { "AuthorizationType": "NONE", "HttpMethod": "POST", - "Integration": { + "Integration": Object { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ + "Uri": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ + Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsPutItemFunctionFC2FA584", "Arn", ], @@ -1957,43 +1957,43 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` ], }, }, - "ResourceId": { + "ResourceId": Object { "Ref": "ApiRestApinodejsitemB718EB4B", }, - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApinodejsitemPOSTApiPermissionDevBLEAServerlessApiRestApiEBE3BF9APOSTnodejsitem1DBCEB01": { - "Properties": { + "ApiRestApinodejsitemPOSTApiPermissionDevBLEAServerlessApiRestApiEBE3BF9APOSTnodejsitem1DBCEB01": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsPutItemFunctionFC2FA584", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/", - { + Object { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/POST/nodejs/item", @@ -2003,30 +2003,30 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApinodejsitemPOSTApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9APOSTnodejsitem1523F9C5": { - "Properties": { + "ApiRestApinodejsitemPOSTApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9APOSTnodejsitem1523F9C5": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsPutItemFunctionFC2FA584", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/POST/nodejs/item", @@ -2036,46 +2036,46 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApinodejsitemtitle29B62070": { - "Properties": { - "ParentId": { + "ApiRestApinodejsitemtitle29B62070": Object { + "Properties": Object { + "ParentId": Object { "Ref": "ApiRestApinodejsitemB718EB4B", }, "PathPart": "{title}", - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApinodejsitemtitleGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETnodejsitemtitle81B2BFF3": { - "Properties": { + "ApiRestApinodejsitemtitleGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETnodejsitemtitle81B2BFF3": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsGetItemFunction690D1743", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/", - { + Object { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/GET/nodejs/item/*", @@ -2085,30 +2085,30 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApinodejsitemtitleGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETnodejsitemtitleB659ABEB": { - "Properties": { + "ApiRestApinodejsitemtitleGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETnodejsitemtitleB659ABEB": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsGetItemFunction690D1743", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/GET/nodejs/item/*", @@ -2118,24 +2118,24 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApinodejsitemtitleGETC0EE8F85": { - "Properties": { + "ApiRestApinodejsitemtitleGETC0EE8F85": Object { + "Properties": Object { "AuthorizationType": "NONE", "HttpMethod": "GET", - "Integration": { + "Integration": Object { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ + "Uri": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ + Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsGetItemFunction690D1743", "Arn", ], @@ -2145,45 +2145,45 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` ], }, }, - "ResourceId": { + "ResourceId": Object { "Ref": "ApiRestApinodejsitemtitle29B62070", }, - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApinodejslistEE136EF7": { - "Properties": { - "ParentId": { + "ApiRestApinodejslistEE136EF7": Object { + "Properties": Object { + "ParentId": Object { "Ref": "ApiRestApinodejsD890E984", }, "PathPart": "list", - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApinodejslistGET729AFFC7": { - "Properties": { + "ApiRestApinodejslistGET729AFFC7": Object { + "Properties": Object { "AuthorizationType": "NONE", "HttpMethod": "GET", - "Integration": { + "Integration": Object { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ + "Uri": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ + Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsListItemsFunction7383885E", "Arn", ], @@ -2193,43 +2193,43 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` ], }, }, - "ResourceId": { + "ResourceId": Object { "Ref": "ApiRestApinodejslistEE136EF7", }, - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApinodejslistGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETnodejslist5B482CF3": { - "Properties": { + "ApiRestApinodejslistGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETnodejslist5B482CF3": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsListItemsFunction7383885E", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/", - { + Object { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/GET/nodejs/list", @@ -2239,30 +2239,30 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApinodejslistGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETnodejslist5E7FE9FC": { - "Properties": { + "ApiRestApinodejslistGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETnodejslist5E7FE9FC": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaNodejsListItemsFunction7383885E", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/GET/nodejs/list", @@ -2272,51 +2272,51 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipython2F6D6644": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ + "ApiRestApipython2F6D6644": Object { + "Properties": Object { + "ParentId": Object { + "Fn::GetAtt": Array [ "ApiRestApiE35FEAFE", "RootResourceId", ], }, "PathPart": "python", - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApipythonitemF1EBD3B9": { - "Properties": { - "ParentId": { + "ApiRestApipythonitemF1EBD3B9": Object { + "Properties": Object { + "ParentId": Object { "Ref": "ApiRestApipython2F6D6644", }, "PathPart": "item", - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApipythonitemPOST15FD049D": { - "Properties": { + "ApiRestApipythonitemPOST15FD049D": Object { + "Properties": Object { "AuthorizationType": "NONE", "HttpMethod": "POST", - "Integration": { + "Integration": Object { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ + "Uri": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ + Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonPutItemFunction0EA5A227", "Arn", ], @@ -2326,43 +2326,43 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` ], }, }, - "ResourceId": { + "ResourceId": Object { "Ref": "ApiRestApipythonitemF1EBD3B9", }, - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApipythonitemPOSTApiPermissionDevBLEAServerlessApiRestApiEBE3BF9APOSTpythonitem5761D1B8": { - "Properties": { + "ApiRestApipythonitemPOSTApiPermissionDevBLEAServerlessApiRestApiEBE3BF9APOSTpythonitem5761D1B8": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonPutItemFunction0EA5A227", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/", - { + Object { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/POST/python/item", @@ -2372,30 +2372,30 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipythonitemPOSTApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9APOSTpythonitem715A3E20": { - "Properties": { + "ApiRestApipythonitemPOSTApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9APOSTpythonitem715A3E20": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonPutItemFunction0EA5A227", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/POST/python/item", @@ -2405,36 +2405,36 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipythonitemtitle896EFCA5": { - "Properties": { - "ParentId": { + "ApiRestApipythonitemtitle896EFCA5": Object { + "Properties": Object { + "ParentId": Object { "Ref": "ApiRestApipythonitemF1EBD3B9", }, "PathPart": "{title}", - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApipythonitemtitleGET4BA7981E": { - "Properties": { + "ApiRestApipythonitemtitleGET4BA7981E": Object { + "Properties": Object { "AuthorizationType": "NONE", "HttpMethod": "GET", - "Integration": { + "Integration": Object { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ + "Uri": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ + Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonGetItemFunction7F81F93B", "Arn", ], @@ -2444,43 +2444,43 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` ], }, }, - "ResourceId": { + "ResourceId": Object { "Ref": "ApiRestApipythonitemtitle896EFCA5", }, - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApipythonitemtitleGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETpythonitemtitle9380763F": { - "Properties": { + "ApiRestApipythonitemtitleGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETpythonitemtitle9380763F": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonGetItemFunction7F81F93B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/", - { + Object { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/GET/python/item/*", @@ -2490,30 +2490,30 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipythonitemtitleGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETpythonitemtitleE2FDEC9D": { - "Properties": { + "ApiRestApipythonitemtitleGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETpythonitemtitleE2FDEC9D": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonGetItemFunction7F81F93B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/GET/python/item/*", @@ -2523,36 +2523,36 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipythonlist4EC12D2C": { - "Properties": { - "ParentId": { + "ApiRestApipythonlist4EC12D2C": Object { + "Properties": Object { + "ParentId": Object { "Ref": "ApiRestApipython2F6D6644", }, "PathPart": "list", - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApipythonlistGETA946A0F8": { - "Properties": { + "ApiRestApipythonlistGETA946A0F8": Object { + "Properties": Object { "AuthorizationType": "NONE", "HttpMethod": "GET", - "Integration": { + "Integration": Object { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ + "Uri": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ + Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonListItemsFunction6E2E7058", "Arn", ], @@ -2562,43 +2562,43 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` ], }, }, - "ResourceId": { + "ResourceId": Object { "Ref": "ApiRestApipythonlist4EC12D2C", }, - "RestApiId": { + "RestApiId": Object { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApipythonlistGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETpythonlist6FD5F4CB": { - "Properties": { + "ApiRestApipythonlistGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETpythonlist6FD5F4CB": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonListItemsFunction6E2E7058", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/", - { + Object { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/GET/python/list", @@ -2608,30 +2608,30 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipythonlistGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETpythonlistC2B18F06": { - "Properties": { + "ApiRestApipythonlistGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETpythonlistC2B18F06": Object { + "Properties": Object { "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ + "FunctionName": Object { + "Fn::GetAtt": Array [ "ApiLambdaPythonListItemsFunction6E2E7058", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ + "SourceArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - { + Object { "Ref": "AWS::AccountId", }, ":", - { + Object { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/GET/python/list", @@ -2641,27 +2641,27 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::Lambda::Permission", }, - "CMK56817A4C": { + "CMK56817A4C": Object { "DeletionPolicy": "Retain", - "Properties": { + "Properties": Object { "Description": "BLEA Guest Sample: CMK for ServerlessApi", "EnableKeyRotation": true, - "KeyPolicy": { - "Statement": [ - { + "KeyPolicy": Object { + "Statement": Array [ + Object { "Action": "kms:*", "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ + "Principal": Object { + "AWS": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::", - { + Object { "Ref": "AWS::AccountId", }, ":root", @@ -2671,22 +2671,22 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*", ], - "Condition": { - "ArnLike": { - "aws:PrincipalArn": { - "Fn::Join": [ + "Condition": Object { + "ArnLike": Object { + "aws:PrincipalArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:aws:iam::", - { + Object { "Ref": "AWS::AccountId", }, ":role/BLEA-LambdaNodejs-*", @@ -2696,27 +2696,27 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, }, "Effect": "Allow", - "Principal": { + "Principal": Object { "AWS": "*", }, "Resource": "*", }, - { - "Action": [ + Object { + "Action": Array [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*", ], - "Condition": { - "ArnLike": { - "aws:PrincipalArn": { - "Fn::Join": [ + "Condition": Object { + "ArnLike": Object { + "aws:PrincipalArn": Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:aws:iam::", - { + Object { "Ref": "AWS::AccountId", }, ":role/BLEA-LambdaPython-*", @@ -2726,7 +2726,7 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, }, "Effect": "Allow", - "Principal": { + "Principal": Object { "AWS": "*", }, "Resource": "*", @@ -2738,11 +2738,11 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, - "CMKAliasFD5A95C9": { - "Properties": { + "CMKAliasFD5A95C9": Object { + "Properties": Object { "AliasName": "alias/DevBLEAServerlessApi", - "TargetKeyId": { - "Fn::GetAtt": [ + "TargetKeyId": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], @@ -2750,20 +2750,20 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::KMS::Alias", }, - "DatastoreDynamoConsumedReadCapacityUnitE16CED8A": { - "Properties": { + "DatastoreDynamoConsumedReadCapacityUnitE16CED8A": Object { + "Properties": Object { "ActionsEnabled": true, - "AlarmActions": [ - { + "AlarmActions": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": [ - { + "Dimensions": Array [ + Object { "Name": "TableName", - "Value": { + "Value": Object { "Ref": "DatastoreTable6900098D", }, }, @@ -2777,55 +2777,55 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "DatastoreTable6900098D": { + "DatastoreTable6900098D": Object { "DeletionPolicy": "Retain", - "Properties": { - "AttributeDefinitions": [ - { + "Properties": Object { + "AttributeDefinitions": Array [ + Object { "AttributeName": "title", "AttributeType": "S", }, - { + Object { "AttributeName": "content", "AttributeType": "S", }, - { + Object { "AttributeName": "createdAt", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", - "KeySchema": [ - { + "KeySchema": Array [ + Object { "AttributeName": "title", "KeyType": "HASH", }, - { + Object { "AttributeName": "content", "KeyType": "RANGE", }, ], - "LocalSecondaryIndexes": [ - { + "LocalSecondaryIndexes": Array [ + Object { "IndexName": "CreatedAtLSI", - "KeySchema": [ - { + "KeySchema": Array [ + Object { "AttributeName": "title", "KeyType": "HASH", }, - { + Object { "AttributeName": "createdAt", "KeyType": "RANGE", }, ], - "Projection": { + "Projection": Object { "ProjectionType": "ALL", }, }, ], - "SSESpecification": { - "KMSMasterKeyId": { - "Fn::GetAtt": [ + "SSESpecification": Object { + "KMSMasterKeyId": Object { + "Fn::GetAtt": Array [ "CMK56817A4C", "Arn", ], @@ -2837,51 +2837,50 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Retain", }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { - "DependsOn": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": Object { + "DependsOn": Array [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", ], - "Properties": { - "Code": { - "S3Bucket": { + "Properties": Object { + "Code": Object { + "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, - "S3Key": "5bc602ecde93c947efe5899ae355f999986a1acbe610b1c0b9c468d738857555.zip", + "S3Key": "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8.zip", }, "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ + "Role": Object { + "Fn::GetAtt": Array [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", "Arn", ], }, - "Runtime": "nodejs18.x", - "Timeout": 900, + "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", @@ -2892,12 +2891,12 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], @@ -2908,28 +2907,28 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` "Version": "2012-10-17", }, "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", - "Roles": [ - { + "Roles": Array [ + Object { "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", }, ], }, "Type": "AWS::IAM::Policy", }, - "MonitoringAlarmTopicAF62D4F1": { + "MonitoringAlarmTopicAF62D4F1": Object { "Type": "AWS::SNS::Topic", }, - "MonitoringAlarmTopicPolicyCB9CCFB0": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { + "MonitoringAlarmTopicPolicyCB9CCFB0": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sns:Publish", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "cloudwatch.amazonaws.com", }, - "Resource": { + "Resource": Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, "Sid": "0", @@ -2937,66 +2936,66 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` ], "Version": "2012-10-17", }, - "Topics": [ - { + "Topics": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], }, "Type": "AWS::SNS::TopicPolicy", }, - "MonitoringChatbotChannel3696F0E4": { - "Properties": { + "MonitoringChatbotChannel3696F0E4": Object { + "Properties": Object { "ConfigurationName": "DevBLEAServerlessApiMonitoring9149EEBF", - "IamRoleArn": { - "Fn::GetAtt": [ + "IamRoleArn": Object { + "Fn::GetAtt": Array [ "MonitoringChatbotRoleD766A77D", "Arn", ], }, "SlackChannelId": "CYYYYYYYYYY", "SlackWorkspaceId": "TXXXXXXXXXX", - "SnsTopicArns": [ - { + "SnsTopicArns": Array [ + Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], }, "Type": "AWS::Chatbot::SlackChannelConfiguration", }, - "MonitoringChatbotRoleD766A77D": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { + "MonitoringChatbotRoleD766A77D": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": { + "Principal": Object { "Service": "chatbot.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/ReadOnlyAccess", ], ], }, - { - "Fn::Join": [ + Object { + "Fn::Join": Array [ "", - [ + Array [ "arn:", - { + Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchReadOnlyAccess", @@ -3007,33 +3006,33 @@ exports[`Snapshot test for ServerlessApi Stack 1`] = ` }, "Type": "AWS::IAM::Role", }, - "MonitoringEmailSubsc6D15C956": { - "Properties": { + "MonitoringEmailSubsc6D15C956": Object { + "Properties": Object { "Endpoint": "notify-security@example.com", "Protocol": "email", - "TopicArn": { + "TopicArn": Object { "Ref": "MonitoringAlarmTopicAF62D4F1", }, }, "Type": "AWS::SNS::Subscription", }, }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ + "Rules": Object { + "CheckBootstrapVersion": Object { + "Assertions": Array [ + Object { + "Assert": Object { + "Fn::Not": Array [ + Object { + "Fn::Contains": Array [ + Array [ "1", "2", "3", "4", "5", ], - { + Object { "Ref": "BootstrapVersion", }, ], From 21eb37747ae04a924aa68eee5199c07d1634c891 Mon Sep 17 00:00:00 2001 From: Yozo Suzuki Date: Thu, 14 Dec 2023 17:23:14 +0900 Subject: [PATCH 5/6] modify snapshots --- ...gov-base-ct-via-cdk-pipelines.test.ts.snap | 704 ++++----- ...v-base-ct-via-service-catalog.test.ts.snap | 70 +- .../blea-gov-base-ct.test.ts.snap | 942 ++++++------ .../blea-guest-ec2-app-sample.test.ts.snap | 1302 +++++++++-------- 4 files changed, 1515 insertions(+), 1503 deletions(-) diff --git a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-cdk-pipelines.test.ts.snap b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-cdk-pipelines.test.ts.snap index 9767b9d5f..e63265aea 100644 --- a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-cdk-pipelines.test.ts.snap +++ b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-cdk-pipelines.test.ts.snap @@ -1,57 +1,57 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for BLEAGovABaseCtPipeline Stack 1`] = ` -Object { - "Parameters": Object { - "BootstrapVersion": Object { +{ + "Parameters": { + "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": Object { - "Pipeline9850B417": Object { - "DependsOn": Array [ + "Resources": { + "Pipeline9850B417": { + "DependsOn": [ "PipelineRoleDefaultPolicy7BDC1ABB", "PipelineRoleB27FAA37", ], - "Properties": Object { - "ArtifactStore": Object { - "Location": Object { + "Properties": { + "ArtifactStore": { + "Location": { "Ref": "PipelineArtifactsBucketAEA9A052", }, "Type": "S3", }, "RestartExecutionOnUpdate": true, - "RoleArn": Object { - "Fn::GetAtt": Array [ + "RoleArn": { + "Fn::GetAtt": [ "PipelineRoleB27FAA37", "Arn", ], }, - "Stages": Array [ - Object { - "Actions": Array [ - Object { - "ActionTypeId": Object { + "Stages": [ + { + "Actions": [ + { + "ActionTypeId": { "Category": "Source", "Owner": "AWS", "Provider": "CodeStarSourceConnection", "Version": "1", }, - "Configuration": Object { + "Configuration": { "BranchName": "main", "ConnectionArn": "arn:aws:codestar-connections:ap-northeast-1:xxxxxxxxxxxx:connection/example", "FullRepositoryId": "aws-samples/baseline-environment-on-aws", }, "Name": "aws-samples_baseline-environment-on-aws", - "OutputArtifacts": Array [ - Object { + "OutputArtifacts": [ + { "Name": "aws_samples_baseline_environment_on_aws_Source", }, ], - "RoleArn": Object { - "Fn::GetAtt": Array [ + "RoleArn": { + "Fn::GetAtt": [ "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRole1BD37B19", "Arn", ], @@ -61,34 +61,34 @@ Object { ], "Name": "Source", }, - Object { - "Actions": Array [ - Object { - "ActionTypeId": Object { + { + "Actions": [ + { + "ActionTypeId": { "Category": "Build", "Owner": "AWS", "Provider": "CodeBuild", "Version": "1", }, - "Configuration": Object { - "EnvironmentVariables": "[{\\"name\\":\\"_PROJECT_CONFIG_HASH\\",\\"type\\":\\"PLAINTEXT\\",\\"value\\":\\"e94c841cdbb89a42d615fa2e3c04d988012ccd1baa3ab150b346d254ec6d6b1f\\"}]", - "ProjectName": Object { + "Configuration": { + "EnvironmentVariables": "[{"name":"_PROJECT_CONFIG_HASH","type":"PLAINTEXT","value":"acb21dc20d80677abb3dba3261c1cc1775fbc085e7e223e4a6dc432bb2ddf685"}]", + "ProjectName": { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6", }, }, - "InputArtifacts": Array [ - Object { + "InputArtifacts": [ + { "Name": "aws_samples_baseline_environment_on_aws_Source", }, ], "Name": "Synth", - "OutputArtifacts": Array [ - Object { + "OutputArtifacts": [ + { "Name": "Synth_Output", }, ], - "RoleArn": Object { - "Fn::GetAtt": Array [ + "RoleArn": { + "Fn::GetAtt": [ "PipelineCodeBuildActionRole226DB0CB", "Arn", ], @@ -98,29 +98,29 @@ Object { ], "Name": "Build", }, - Object { - "Actions": Array [ - Object { - "ActionTypeId": Object { + { + "Actions": [ + { + "ActionTypeId": { "Category": "Build", "Owner": "AWS", "Provider": "CodeBuild", "Version": "1", }, - "Configuration": Object { - "EnvironmentVariables": "[{\\"name\\":\\"_PROJECT_CONFIG_HASH\\",\\"type\\":\\"PLAINTEXT\\",\\"value\\":\\"685ee3453127134e4fd0bcd277fa53ca0f0d612b8970c5a9f096167f35bd3823\\"}]", - "ProjectName": Object { + "Configuration": { + "EnvironmentVariables": "[{"name":"_PROJECT_CONFIG_HASH","type":"PLAINTEXT","value":"4f67319bbdbc8a4822d92e1638b4210739b162975724041ca7db5f53bbcb763d"}]", + "ProjectName": { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400", }, }, - "InputArtifacts": Array [ - Object { + "InputArtifacts": [ + { "Name": "Synth_Output", }, ], "Name": "SelfMutate", - "RoleArn": Object { - "Fn::GetAtt": Array [ + "RoleArn": { + "Fn::GetAtt": [ "PipelineCodeBuildActionRole226DB0CB", "Arn", ], @@ -130,37 +130,37 @@ Object { ], "Name": "UpdatePipeline", }, - Object { - "Actions": Array [ - Object { - "ActionTypeId": Object { + { + "Actions": [ + { + "ActionTypeId": { "Category": "Deploy", "Owner": "AWS", "Provider": "CloudFormation", "Version": "1", }, - "Configuration": Object { + "Configuration": { "ActionMode": "CHANGE_SET_REPLACE", "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", "ChangeSetName": "PipelineChange", - "RoleArn": Object { - "Fn::Join": Array [ + "RoleArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":role/cdk-hnb659fds-cfn-exec-role-", - Object { + { "Ref": "AWS::AccountId", }, "-", - Object { + { "Ref": "AWS::Region", }, ], @@ -170,30 +170,30 @@ Object { "TemplateConfiguration": "Synth_Output::assembly-Dev-BLEAGovBaseCtPipeilne-Dev/DevBLEAGovBaseCtPipeilneDevBLEAGovBaseCt843AF7BA.template.json.config.json", "TemplatePath": "Synth_Output::assembly-Dev-BLEAGovBaseCtPipeilne-Dev/DevBLEAGovBaseCtPipeilneDevBLEAGovBaseCt843AF7BA.template.json", }, - "InputArtifacts": Array [ - Object { + "InputArtifacts": [ + { "Name": "Synth_Output", }, ], "Name": "Prepare", - "RoleArn": Object { - "Fn::Join": Array [ + "RoleArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":role/cdk-hnb659fds-deploy-role-", - Object { + { "Ref": "AWS::AccountId", }, "-", - Object { + { "Ref": "AWS::Region", }, ], @@ -201,37 +201,37 @@ Object { }, "RunOrder": 1, }, - Object { - "ActionTypeId": Object { + { + "ActionTypeId": { "Category": "Deploy", "Owner": "AWS", "Provider": "CloudFormation", "Version": "1", }, - "Configuration": Object { + "Configuration": { "ActionMode": "CHANGE_SET_EXECUTE", "ChangeSetName": "PipelineChange", "StackName": "Dev-BLEAGovBaseCt", }, "Name": "Deploy", - "RoleArn": Object { - "Fn::Join": Array [ + "RoleArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":role/cdk-hnb659fds-deploy-role-", - Object { + { "Ref": "AWS::AccountId", }, "-", - Object { + { "Ref": "AWS::Region", }, ], @@ -246,19 +246,19 @@ Object { }, "Type": "AWS::CodePipeline::Pipeline", }, - "PipelineArtifactsBucketAEA9A052": Object { + "PipelineArtifactsBucketAEA9A052": { "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { "SSEAlgorithm": "aws:kms", }, }, ], }, - "PublicAccessBlockConfiguration": Object { + "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, @@ -268,37 +268,37 @@ Object { "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "PipelineArtifactsBucketPolicyF53CCC52": Object { - "Properties": Object { - "Bucket": Object { + "PipelineArtifactsBucketPolicyF53CCC52": { + "Properties": { + "Bucket": { "Ref": "PipelineArtifactsBucketAEA9A052", }, - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "s3:*", - "Condition": Object { - "Bool": Object { + "Condition": { + "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -309,51 +309,51 @@ Object { }, ], }, - Object { - "Action": Array [ + { + "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ + "Principal": { + "AWS": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":role/cdk-hnb659fds-deploy-role-", - Object { + { "Ref": "AWS::AccountId", }, "-", - Object { + { "Ref": "AWS::Region", }, ], ], }, }, - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -370,52 +370,52 @@ Object { }, "Type": "AWS::S3::BucketPolicy", }, - "PipelineBuildSynthCdkBuildProject6BEFA8E6": Object { - "Properties": Object { - "Artifacts": Object { + "PipelineBuildSynthCdkBuildProject6BEFA8E6": { + "Properties": { + "Artifacts": { "Type": "CODEPIPELINE", }, - "Cache": Object { + "Cache": { "Type": "NO_CACHE", }, "Description": "Pipeline step Dev-BLEAGovBaseCtPipeilne/Pipeline/Build/Synth", "EncryptionKey": "alias/aws/s3", - "Environment": Object { + "Environment": { "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:6.0", + "Image": "aws/codebuild/standard:7.0", "ImagePullCredentialsType": "CODEBUILD", "PrivilegedMode": false, "Type": "LINUX_CONTAINER", }, - "ServiceRole": Object { - "Fn::GetAtt": Array [ + "ServiceRole": { + "Fn::GetAtt": [ "PipelineBuildSynthCdkBuildProjectRole231EEA2A", "Arn", ], }, - "Source": Object { + "Source": { "BuildSpec": "{ - \\"version\\": \\"0.2\\", - \\"phases\\": { - \\"install\\": { - \\"commands\\": [ - \\"n stable\\", - \\"node --version\\", - \\"npm i -g npm\\", - \\"npm --version\\" + "version": "0.2", + "phases": { + "install": { + "commands": [ + "n stable", + "node --version", + "npm i -g npm", + "npm --version" ] }, - \\"build\\": { - \\"commands\\": [ - \\"npm ci --workspaces\\", - \\"cd usecases/blea-gov-base-ct\\", - \\"npx cdk synth --app \\\\\\"npx ts-node --prefer-ts-exts bin/blea-gov-base-ct-via-cdk-pipelines.ts\\\\\\" --all\\" + "build": { + "commands": [ + "npm ci --workspaces", + "cd usecases/blea-gov-base-ct", + "npx cdk synth --app \\"npx ts-node --prefer-ts-exts bin/blea-gov-base-ct-via-cdk-pipelines.ts\\" --all" ] } }, - \\"artifacts\\": { - \\"base-directory\\": \\"./usecases/blea-gov-base-ct/cdk.out\\", - \\"files\\": \\"**/*\\" + "artifacts": { + "base-directory": "./usecases/blea-gov-base-ct/cdk.out", + "files": "**/*" } }", "Type": "CODEPIPELINE", @@ -423,14 +423,14 @@ Object { }, "Type": "AWS::CodeBuild::Project", }, - "PipelineBuildSynthCdkBuildProjectRole231EEA2A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "PipelineBuildSynthCdkBuildProjectRole231EEA2A": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "codebuild.amazonaws.com", }, }, @@ -440,43 +440,43 @@ Object { }, "Type": "AWS::IAM::Role", }, - "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ + "Resource": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":logs:ap-northeast-1:123456789012:log-group:/aws/codebuild/", - Object { + { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6", }, ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":logs:ap-northeast-1:123456789012:log-group:/aws/codebuild/", - Object { + { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6", }, ":*", @@ -485,8 +485,8 @@ Object { }, ], }, - Object { - "Action": Array [ + { + "Action": [ "codebuild:CreateReportGroup", "codebuild:CreateReport", "codebuild:UpdateReport", @@ -494,16 +494,16 @@ Object { "codebuild:BatchPutCodeCoverages", ], "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":codebuild:ap-northeast-1:123456789012:report-group/", - Object { + { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6", }, "-*", @@ -511,8 +511,8 @@ Object { ], }, }, - Object { - "Action": Array [ + { + "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", @@ -525,19 +525,19 @@ Object { "s3:Abort*", ], "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -552,24 +552,24 @@ Object { "Version": "2012-10-17", }, "PolicyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A", }, ], }, "Type": "AWS::IAM::Policy", }, - "PipelineCodeBuildActionRole226DB0CB": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "PipelineCodeBuildActionRole226DB0CB": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ + "Principal": { + "AWS": { + "Fn::GetAtt": [ "PipelineRoleB27FAA37", "Arn", ], @@ -582,33 +582,33 @@ Object { }, "Type": "AWS::IAM::Role", }, - "PipelineCodeBuildActionRoleDefaultPolicy1D62A6FE": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "PipelineCodeBuildActionRoleDefaultPolicy1D62A6FE": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "codebuild:BatchGetBuilds", "codebuild:StartBuild", "codebuild:StopBuild", ], "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "PipelineBuildSynthCdkBuildProject6BEFA8E6", "Arn", ], }, }, - Object { - "Action": Array [ + { + "Action": [ "codebuild:BatchGetBuilds", "codebuild:StartBuild", "codebuild:StopBuild", ], "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "PipelineUpdatePipelineSelfMutationDAA41400", "Arn", ], @@ -618,22 +618,22 @@ Object { "Version": "2012-10-17", }, "PolicyName": "PipelineCodeBuildActionRoleDefaultPolicy1D62A6FE", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "PipelineCodeBuildActionRole226DB0CB", }, ], }, "Type": "AWS::IAM::Policy", }, - "PipelineRoleB27FAA37": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "PipelineRoleB27FAA37": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "codepipeline.amazonaws.com", }, }, @@ -643,12 +643,12 @@ Object { }, "Type": "AWS::IAM::Role", }, - "PipelineRoleDefaultPolicy7BDC1ABB": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "PipelineRoleDefaultPolicy7BDC1ABB": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", @@ -661,19 +661,19 @@ Object { "s3:Abort*", ], "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -684,47 +684,47 @@ Object { }, ], }, - Object { + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRole1BD37B19", "Arn", ], }, }, - Object { + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "PipelineCodeBuildActionRole226DB0CB", "Arn", ], }, }, - Object { + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":role/cdk-hnb659fds-deploy-role-", - Object { + { "Ref": "AWS::AccountId", }, "-", - Object { + { "Ref": "AWS::Region", }, ], @@ -735,28 +735,28 @@ Object { "Version": "2012-10-17", }, "PolicyName": "PipelineRoleDefaultPolicy7BDC1ABB", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "PipelineRoleB27FAA37", }, ], }, "Type": "AWS::IAM::Policy", }, - "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRole1BD37B19": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRole1BD37B19": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ + "Principal": { + "AWS": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::123456789012:root", @@ -771,17 +771,17 @@ Object { }, "Type": "AWS::IAM::Role", }, - "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRoleDefaultPolicy51E7124E": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRoleDefaultPolicy51E7124E": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { "Action": "codestar-connections:UseConnection", "Effect": "Allow", "Resource": "arn:aws:codestar-connections:ap-northeast-1:xxxxxxxxxxxx:connection/example", }, - Object { - "Action": Array [ + { + "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", @@ -794,19 +794,19 @@ Object { "s3:Abort*", ], "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -817,18 +817,18 @@ Object { }, ], }, - Object { - "Action": Array [ + { + "Action": [ "s3:PutObjectAcl", "s3:PutObjectVersionAcl", ], "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -842,49 +842,49 @@ Object { "Version": "2012-10-17", }, "PolicyName": "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRoleDefaultPolicy51E7124E", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "PipelineSourceawssamplesbaselineenvironmentonawsCodePipelineActionRole1BD37B19", }, ], }, "Type": "AWS::IAM::Policy", }, - "PipelineUpdatePipelineSelfMutationDAA41400": Object { - "Properties": Object { - "Artifacts": Object { + "PipelineUpdatePipelineSelfMutationDAA41400": { + "Properties": { + "Artifacts": { "Type": "CODEPIPELINE", }, - "Cache": Object { + "Cache": { "Type": "NO_CACHE", }, "Description": "Pipeline step Dev-BLEAGovBaseCtPipeilne/Pipeline/UpdatePipeline/SelfMutate", "EncryptionKey": "alias/aws/s3", - "Environment": Object { + "Environment": { "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/standard:6.0", + "Image": "aws/codebuild/standard:7.0", "ImagePullCredentialsType": "CODEBUILD", "PrivilegedMode": false, "Type": "LINUX_CONTAINER", }, - "ServiceRole": Object { - "Fn::GetAtt": Array [ + "ServiceRole": { + "Fn::GetAtt": [ "PipelineUpdatePipelineSelfMutationRole57E559E8", "Arn", ], }, - "Source": Object { + "Source": { "BuildSpec": "{ - \\"version\\": \\"0.2\\", - \\"phases\\": { - \\"install\\": { - \\"commands\\": [ - \\"npm install -g aws-cdk@2\\" + "version": "0.2", + "phases": { + "install": { + "commands": [ + "npm install -g aws-cdk@2" ] }, - \\"build\\": { - \\"commands\\": [ - \\"cdk -a . deploy Dev-BLEAGovBaseCtPipeilne --require-approval=never --verbose\\" + "build": { + "commands": [ + "cdk -a . deploy Dev-BLEAGovBaseCtPipeilne --require-approval=never --verbose" ] } } @@ -894,14 +894,14 @@ Object { }, "Type": "AWS::CodeBuild::Project", }, - "PipelineUpdatePipelineSelfMutationRole57E559E8": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "PipelineUpdatePipelineSelfMutationRole57E559E8": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "codebuild.amazonaws.com", }, }, @@ -911,43 +911,43 @@ Object { }, "Type": "AWS::IAM::Role", }, - "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ + "Resource": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":logs:ap-northeast-1:123456789012:log-group:/aws/codebuild/", - Object { + { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400", }, ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":logs:ap-northeast-1:123456789012:log-group:/aws/codebuild/", - Object { + { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400", }, ":*", @@ -956,8 +956,8 @@ Object { }, ], }, - Object { - "Action": Array [ + { + "Action": [ "codebuild:CreateReportGroup", "codebuild:CreateReport", "codebuild:UpdateReport", @@ -965,16 +965,16 @@ Object { "codebuild:BatchPutCodeCoverages", ], "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":codebuild:ap-northeast-1:123456789012:report-group/", - Object { + { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400", }, "-*", @@ -982,11 +982,11 @@ Object { ], }, }, - Object { + { "Action": "sts:AssumeRole", - "Condition": Object { - "ForAnyValue:StringEquals": Object { - "iam:ResourceTag/aws-cdk:bootstrap-role": Array [ + "Condition": { + "ForAnyValue:StringEquals": { + "iam:ResourceTag/aws-cdk:bootstrap-role": [ "image-publishing", "file-publishing", "deploy", @@ -996,36 +996,36 @@ Object { "Effect": "Allow", "Resource": "arn:*:iam::123456789012:role/*", }, - Object { + { "Action": "cloudformation:DescribeStacks", "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "PipelineArtifactsBucketAEA9A052", "Arn", ], @@ -1040,8 +1040,8 @@ Object { "Version": "2012-10-17", }, "PolicyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8", }, ], @@ -1049,22 +1049,22 @@ Object { "Type": "AWS::IAM::Policy", }, }, - "Rules": Object { - "CheckBootstrapVersion": Object { - "Assertions": Array [ - Object { - "Assert": Object { - "Fn::Not": Array [ - Object { - "Fn::Contains": Array [ - Array [ + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ "1", "2", "3", "4", "5", ], - Object { + { "Ref": "BootstrapVersion", }, ], diff --git a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-service-catalog.test.ts.snap b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-service-catalog.test.ts.snap index 601c4d4c5..6c05f69c1 100644 --- a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-service-catalog.test.ts.snap +++ b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct-via-service-catalog.test.ts.snap @@ -1,48 +1,48 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for BLEGovABase Stack 1`] = ` -Object { - "Parameters": Object { - "BootstrapVersion": Object { +{ + "Parameters": { + "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": Object { - "Portfolio856A4190": Object { - "Properties": Object { + "Resources": { + "Portfolio856A4190": { + "Properties": { "DisplayName": "BLEA Baselines for Guest accounts", "ProviderName": "Platform team at Example Company", }, "Type": "AWS::ServiceCatalog::Portfolio", }, - "PortfolioPortfolioProductAssociationd2b2e10d104073565C5B": Object { - "Properties": Object { - "PortfolioId": Object { + "PortfolioPortfolioProductAssociationd2b2e10d104073565C5B": { + "Properties": { + "PortfolioId": { "Ref": "Portfolio856A4190", }, - "ProductId": Object { + "ProductId": { "Ref": "Product896941B4", }, }, "Type": "AWS::ServiceCatalog::PortfolioProductAssociation", }, - "PortfolioPortolioPrincipalAssociationd82fda574793DAB993CA": Object { - "Properties": Object { - "PortfolioId": Object { + "PortfolioPortolioPrincipalAssociationd82fda574793DAB993CA": { + "Properties": { + "PortfolioId": { "Ref": "Portfolio856A4190", }, - "PrincipalARN": Object { - "Fn::Join": Array [ + "PrincipalARN": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":role/AWSControlTowerExecution", @@ -53,16 +53,16 @@ Object { }, "Type": "AWS::ServiceCatalog::PortfolioPrincipalAssociation", }, - "Product896941B4": Object { - "Properties": Object { + "Product896941B4": { + "Properties": { "Name": "BLEA Baseline", "Owner": "Platform team at Example Company", - "ProvisioningArtifactParameters": Array [ - Object { + "ProvisioningArtifactParameters": [ + { "DisableTemplateValidation": false, - "Info": Object { - "LoadTemplateFromURL": Object { - "Fn::Sub": "https://s3.\${AWS::Region}.\${AWS::URLSuffix}/cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}/d2473f29ad002783e7c2dd6bda2c4e7286f9b3969d5f4f1fcb596801b8c9894c.json", + "Info": { + "LoadTemplateFromURL": { + "Fn::Sub": "https://s3.\${AWS::Region}.\${AWS::URLSuffix}/cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}/e3ed32ec5c9eeee3f6c2a9266d975e5a5c8741e45c898f191844134fc88e8251.json", }, }, "Name": "v1", @@ -72,22 +72,22 @@ Object { "Type": "AWS::ServiceCatalog::CloudFormationProduct", }, }, - "Rules": Object { - "CheckBootstrapVersion": Object { - "Assertions": Array [ - Object { - "Assert": Object { - "Fn::Not": Array [ - Object { - "Fn::Contains": Array [ - Array [ + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ "1", "2", "3", "4", "5", ], - Object { + { "Ref": "BootstrapVersion", }, ], diff --git a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct.test.ts.snap b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct.test.ts.snap index 57ea19c79..cb0a0396f 100644 --- a/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct.test.ts.snap +++ b/usecases/blea-gov-base-ct/test/__snapshots__/blea-gov-base-ct.test.ts.snap @@ -1,50 +1,50 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for BLEGovABaseCt Stack 1`] = ` -Object { - "Outputs": Object { - "ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152": Object { - "Export": Object { +{ + "Outputs": { + "ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152": { + "Export": { "Name": "Dev-BLEAGovBaseCt:ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152", }, - "Value": Object { + "Value": { "Ref": "DetectionAlarmTopic36C4BB55", }, }, }, - "Parameters": Object { - "BootstrapVersion": Object { + "Parameters": { + "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": Object { - "DetectionAlarmTopic36C4BB55": Object { + "Resources": { + "DetectionAlarmTopic36C4BB55": { "Type": "AWS::SNS::Topic", }, - "DetectionAlarmTopicPolicyDEB08BF4": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { + "DetectionAlarmTopicPolicyDEB08BF4": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { "Action": "sns:Publish", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudwatch.amazonaws.com", }, - "Resource": Object { + "Resource": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Sid": "0", }, - Object { + { "Action": "sns:Publish", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "events.amazonaws.com", }, - "Resource": Object { + "Resource": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Sid": "1", @@ -52,29 +52,29 @@ Object { ], "Version": "2012-10-17", }, - "Topics": Array [ - Object { + "Topics": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], }, "Type": "AWS::SNS::TopicPolicy", }, - "DetectionAwsHealthEventRule6825AFCC": Object { - "Properties": Object { + "DetectionAwsHealthEventRule6825AFCC": { + "Properties": { "Description": "Notify AWS Health event", - "EventPattern": Object { - "detail-type": Array [ + "EventPattern": { + "detail-type": [ "AWS Health Event", ], - "source": Array [ + "source": [ "aws.health", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -83,28 +83,28 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionCloudTrailChangeEventRuleA526075C": Object { - "Properties": Object { + "DetectionCloudTrailChangeEventRuleA526075C": { + "Properties": { "Description": "Notify to change on CloudTrail log configuration", - "EventPattern": Object { - "detail": Object { - "eventName": Array [ + "EventPattern": { + "detail": { + "eventName": [ "StopLogging", "DeleteTrail", "UpdateTrail", ], - "eventSource": Array [ + "eventSource": [ "cloudtrail.amazonaws.com", ], }, - "detail-type": Array [ + "detail-type": [ "AWS API Call via CloudTrail", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -113,31 +113,31 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionDefaultSgClosedEventRuleFB96D536": Object { - "Properties": Object { + "DetectionDefaultSgClosedEventRuleFB96D536": { + "Properties": { "Description": "CloudWatch Event Rule to send notification on Config Rule compliance changes.", - "EventPattern": Object { - "detail": Object { - "configRuleName": Array [ + "EventPattern": { + "detail": { + "configRuleName": [ "bb-default-security-group-closed", ], - "newEvaluationResult": Object { - "complianceType": Array [ + "newEvaluationResult": { + "complianceType": [ "NON_COMPLIANT", ], }, }, - "detail-type": Array [ + "detail-type": [ "Config Rules Compliance Change", ], - "source": Array [ + "source": [ "aws.config", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -146,35 +146,35 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionDefaultSgClosedRuleFED7310D": Object { - "Properties": Object { + "DetectionDefaultSgClosedRuleFED7310D": { + "Properties": { "ConfigRuleName": "bb-default-security-group-closed", "Description": "Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not allow inbound or outbound traffic. The rule is non-compliant if the default security group has one or more inbound or outbound traffic.", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::EC2::SecurityGroup", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "VPC_DEFAULT_SECURITY_GROUP_CLOSED", }, }, "Type": "AWS::Config::ConfigRule", }, - "DetectionDefaultSgRemediation21C0DB33": Object { - "Properties": Object { + "DetectionDefaultSgRemediation21C0DB33": { + "Properties": { "Automatic": true, - "ConfigRuleName": Object { + "ConfigRuleName": { "Ref": "DetectionDefaultSgClosedRuleFED7310D", }, "MaximumAutomaticAttempts": 5, - "Parameters": Object { - "AutomationAssumeRole": Object { - "StaticValue": Object { - "Values": Array [ - Object { - "Fn::GetAtt": Array [ + "Parameters": { + "AutomationAssumeRole": { + "StaticValue": { + "Values": [ + { + "Fn::GetAtt": [ "DetectionDefaultSgRemediationRoleAEF5626C", "Arn", ], @@ -182,8 +182,8 @@ Object { ], }, }, - "GroupId": Object { - "ResourceValue": Object { + "GroupId": { + "ResourceValue": { "Value": "RESOURCE_ID", }, }, @@ -195,33 +195,33 @@ Object { }, "Type": "AWS::Config::RemediationConfiguration", }, - "DetectionDefaultSgRemediationRoleAEF5626C": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "DetectionDefaultSgRemediationRoleAEF5626C": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ssm.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ + "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole", ], "Path": "/", }, "Type": "AWS::IAM::Role", }, - "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:DescribeSecurityGroups", @@ -229,17 +229,17 @@ Object { "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "iam:PassRole", "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "DetectionDefaultSgRemediationRoleAEF5626C", "Arn", ], }, }, - Object { + { "Action": "ssm:StartAutomationExecution", "Effect": "Allow", "Resource": "arn:aws:ssm:::automation-definition/AWSConfigRemediation-RemoveVPCDefaultSecurityGroupRules", @@ -248,20 +248,20 @@ Object { "Version": "2012-10-17", }, "PolicyName": "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "DetectionDefaultSgRemediationRoleAEF5626C", }, ], }, "Type": "AWS::IAM::Policy", }, - "DetectionGuardDutyEventRule60AAD2D7": Object { - "Properties": Object { + "DetectionGuardDutyEventRule60AAD2D7": { + "Properties": { "Description": "CloudWatch Event Rule to send notification on GuardDuty findings.", - "EventPattern": Object { - "detail": Object { - "severity": Array [ + "EventPattern": { + "detail": { + "severity": [ 4, 4, 4.1, @@ -319,17 +319,17 @@ Object { 8.9, ], }, - "detail-type": Array [ + "detail-type": [ "GuardDuty Finding", ], - "source": Array [ + "source": [ "aws.guardduty", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -338,11 +338,11 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionIAMPolicyChangeAlarm7DBC7A65": Object { - "Properties": Object { + "DetectionIAMPolicyChangeAlarm7DBC7A65": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -358,14 +358,14 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionIAMPolicyChangeFilterA31FCC40": Object { - "Properties": Object { + "DetectionIAMPolicyChangeFilterA31FCC40": { + "Properties": { "FilterPattern": "{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}", - "LogGroupName": Object { + "LogGroupName": { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": Array [ - Object { + "MetricTransformations": [ + { "MetricName": "IAMPolicyEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -374,12 +374,12 @@ Object { }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionNetworkAclChangeEventRuleE99FF49F": Object { - "Properties": Object { + "DetectionNetworkAclChangeEventRuleE99FF49F": { + "Properties": { "Description": "Notify to create, update or delete a Network ACL.", - "EventPattern": Object { - "detail": Object { - "eventName": Array [ + "EventPattern": { + "detail": { + "eventName": [ "CreateNetworkAcl", "CreateNetworkAclEntry", "DeleteNetworkAcl", @@ -387,21 +387,21 @@ Object { "ReplaceNetworkAclEntry", "ReplaceNetworkAclAssociation", ], - "eventSource": Array [ + "eventSource": [ "ec2.amazonaws.com", ], }, - "detail-type": Array [ + "detail-type": [ "AWS API Call via CloudTrail", ], - "source": Array [ + "source": [ "aws.ec2", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -410,11 +410,11 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionNewAccessKeyCreatedAlarm00969636": Object { - "Properties": Object { + "DetectionNewAccessKeyCreatedAlarm00969636": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -430,14 +430,14 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionNewAccessKeyCreatedFilter011F7D99": Object { - "Properties": Object { + "DetectionNewAccessKeyCreatedFilter011F7D99": { + "Properties": { "FilterPattern": "{($.eventName=CreateAccessKey)}", - "LogGroupName": Object { + "LogGroupName": { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": Array [ - Object { + "MetricTransformations": [ + { "MetricName": "NewAccessKeyCreatedEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -446,11 +446,11 @@ Object { }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionRootUserActivityAlarm4B9356FC": Object { - "Properties": Object { + "DetectionRootUserActivityAlarm4B9356FC": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -466,14 +466,14 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionRootUserActivityFilter5C9C4989": Object { - "Properties": Object { - "FilterPattern": "{$.userIdentity.type=\\"Root\\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !=\\"AwsServiceEvent\\"}", - "LogGroupName": Object { + "DetectionRootUserActivityFilter5C9C4989": { + "Properties": { + "FilterPattern": "{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}", + "LogGroupName": { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": Array [ - Object { + "MetricTransformations": [ + { "MetricName": "RootUserPolicyEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -482,55 +482,55 @@ Object { }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionSecurityAlarmEmail872B09F1": Object { - "Properties": Object { + "DetectionSecurityAlarmEmail872B09F1": { + "Properties": { "Endpoint": "notify-security@example.com", "Protocol": "email", - "TopicArn": Object { + "TopicArn": { "Ref": "DetectionAlarmTopic36C4BB55", }, }, "Type": "AWS::SNS::Subscription", }, - "DetectionSecurityHubEventRule95BEBD4F": Object { - "Properties": Object { + "DetectionSecurityHubEventRule95BEBD4F": { + "Properties": { "Description": "CloudWatch Event Rule to send notification on SecurityHub all new findings and all updates.", - "EventPattern": Object { - "detail": Object { - "findings": Object { - "Compliance": Object { - "Status": Array [ + "EventPattern": { + "detail": { + "findings": { + "Compliance": { + "Status": [ "FAILED", ], }, - "RecordState": Array [ + "RecordState": [ "ACTIVE", ], - "Severity": Object { - "Label": Array [ + "Severity": { + "Label": [ "CRITICAL", "HIGH", ], }, - "Workflow": Object { - "Status": Array [ + "Workflow": { + "Status": [ "NEW", "NOTIFIED", ], }, }, }, - "detail-type": Array [ + "detail-type": [ "Security Hub Findings - Imported", ], - "source": Array [ + "source": [ "aws.securityhub", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -539,32 +539,32 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionSgChangedEventRule80666B19": Object { - "Properties": Object { + "DetectionSgChangedEventRule80666B19": { + "Properties": { "Description": "Notify to create, update or delete a Security Group.", - "EventPattern": Object { - "detail": Object { - "eventName": Array [ + "EventPattern": { + "detail": { + "eventName": [ "AuthorizeSecurityGroupIngress", "AuthorizeSecurityGroupEgress", "RevokeSecurityGroupIngress", "RevokeSecurityGroupEgress", ], - "eventSource": Array [ + "eventSource": [ "ec2.amazonaws.com", ], }, - "detail-type": Array [ + "detail-type": [ "AWS API Call via CloudTrail", ], - "source": Array [ + "source": [ "aws.ec2", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -573,11 +573,11 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionUnauthorizedAttemptsAlarmB897676B": Object { - "Properties": Object { + "DetectionUnauthorizedAttemptsAlarmB897676B": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -593,14 +593,14 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionUnauthorizedAttemptsFilterCA20EEAA": Object { - "Properties": Object { - "FilterPattern": "{($.errorCode = \\"*UnauthorizedOperation\\" || $.errorCode = \\"AccessDenied*\\") && ($.eventName != \\"Decrypt\\" || $.userIdentity.invokedBy != \\"config.amazonaws.com\\" )}", - "LogGroupName": Object { + "DetectionUnauthorizedAttemptsFilterCA20EEAA": { + "Properties": { + "FilterPattern": "{($.errorCode = "*UnauthorizedOperation" || $.errorCode = "AccessDenied*") && ($.eventName != "Decrypt" || $.userIdentity.invokedBy != "config.amazonaws.com" )}", + "LogGroupName": { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": Array [ - Object { + "MetricTransformations": [ + { "MetricName": "UnauthorizedAttemptsEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -609,39 +609,39 @@ Object { }, "Type": "AWS::Logs::MetricFilter", }, - "IamIamAdminGroup25000CB5": Object { - "Properties": Object { - "ManagedPolicyArns": Array [ - Object { + "IamIamAdminGroup25000CB5": { + "Properties": { + "ManagedPolicyArns": [ + { "Ref": "IamIamAdminPolicy7A593281", }, ], }, "Type": "AWS::IAM::Group", }, - "IamIamAdminPolicy7A593281": Object { - "Properties": Object { + "IamIamAdminPolicy7A593281": { + "Properties": { "Description": "", "Path": "/", - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "iam:*", - "Condition": Object { - "Bool": Object { + "Condition": { + "Bool": { "aws:MultiFactorAuthPresent": "true", }, }, "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "account:GetAccountInformation", "billing:GetBillingData", "billing:GetBillingDetails", @@ -729,66 +729,66 @@ Object { }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamIamAdminRole4B2B80CC": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "IamIamAdminRole4B2B80CC": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { + "ManagedPolicyArns": [ + { "Ref": "IamIamAdminPolicy7A593281", }, ], }, "Type": "AWS::IAM::Role", }, - "IamInstanceOpsGroup05587F7C": Object { - "Properties": Object { - "ManagedPolicyArns": Array [ - Object { + "IamInstanceOpsGroup05587F7C": { + "Properties": { + "ManagedPolicyArns": [ + { "Ref": "IamInstanceOpsPolicy3A664659", }, ], }, "Type": "AWS::IAM::Group", }, - "IamInstanceOpsPolicy3A664659": Object { - "Properties": Object { + "IamInstanceOpsPolicy3A664659": { + "Properties": { "Description": "", "Path": "/", - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "ec2:*", "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "elasticloadbalancing:*", "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "cloudwatch:*", "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "autoscaling:*", "Effect": "Allow", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "ec2:CreateVpc*", "ec2:DeleteVpc*", "ec2:ModifyVpc*", @@ -812,13 +812,13 @@ Object { "Effect": "Deny", "Resource": "*", }, - Object { + { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "account:GetAccountInformation", "billing:GetBillingData", "billing:GetBillingDetails", @@ -900,8 +900,8 @@ Object { "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Create*", "kms:Revoke*", "kms:Enable*", @@ -920,46 +920,46 @@ Object { }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamInstanceOpsRole580371E4": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "IamInstanceOpsRole580371E4": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { + "ManagedPolicyArns": [ + { "Ref": "IamInstanceOpsPolicy3A664659", }, ], }, "Type": "AWS::IAM::Role", }, - "IamReadOnlyAdminGroupEA35CD95": Object { - "Properties": Object { - "ManagedPolicyArns": Array [ - Object { + "IamReadOnlyAdminGroupEA35CD95": { + "Properties": { + "ManagedPolicyArns": [ + { "Ref": "IamReadOnlyAdminPolicyB7107EA2", }, ], }, "Type": "AWS::IAM::Group", }, - "IamReadOnlyAdminPolicyB7107EA2": Object { - "Properties": Object { + "IamReadOnlyAdminPolicyB7107EA2": { + "Properties": { "Description": "", "Path": "/", - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "PolicyDocument": { + "Statement": [ + { + "Action": [ "appstream:Get*", "autoscaling:Describe*", "cloudformation:DescribeStacks", @@ -1024,13 +1024,13 @@ Object { "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "account:GetAccountInformation", "billing:GetBillingData", "billing:GetBillingDetails", @@ -1118,47 +1118,47 @@ Object { }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamReadOnlyAdminRoleD519CCF3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "IamReadOnlyAdminRoleD519CCF3": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { + "ManagedPolicyArns": [ + { "Ref": "IamReadOnlyAdminPolicyB7107EA2", }, ], }, "Type": "AWS::IAM::Role", }, - "IamSysAdminGroup3543FAD1": Object { - "Properties": Object { - "ManagedPolicyArns": Array [ - Object { + "IamSysAdminGroup3543FAD1": { + "Properties": { + "ManagedPolicyArns": [ + { "Ref": "IamSysAdminPolicy03754AB3", }, ], }, "Type": "AWS::IAM::Group", }, - "IamSysAdminPolicy03754AB3": Object { - "Properties": Object { + "IamSysAdminPolicy03754AB3": { + "Properties": { "Description": "", "Path": "/", - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Condition": Object { - "Bool": Object { + "PolicyDocument": { + "Statement": [ + { + "Condition": { + "Bool": { "aws:MultiFactorAuthPresent": "true", }, }, @@ -1166,13 +1166,13 @@ Object { "NotAction": "iam:*", "Resource": "*", }, - Object { + { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "account:GetAccountInformation", "billing:GetBillingData", "billing:GetBillingDetails", @@ -1254,8 +1254,8 @@ Object { "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "cloudtrail:DeleteTrail", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail", @@ -1263,8 +1263,8 @@ Object { "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Create*", "kms:Revoke*", "kms:Enable*", @@ -1283,84 +1283,84 @@ Object { }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamSysAdminRoleB0EE4AA6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "IamSysAdminRoleB0EE4AA6": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { + "ManagedPolicyArns": [ + { "Ref": "IamSysAdminPolicy03754AB3", }, ], }, "Type": "AWS::IAM::Role", }, - "LoggingCloudTrail44E92DB9": Object { - "DependsOn": Array [ + "LoggingCloudTrail44E92DB9": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrailBucketPolicy4004472F", ], - "Properties": Object { - "CloudWatchLogsLogGroupArn": Object { - "Fn::GetAtt": Array [ + "Properties": { + "CloudWatchLogsLogGroupArn": { + "Fn::GetAtt": [ "LoggingCloudTrailLogGroupEFC12822", "Arn", ], }, - "CloudWatchLogsRoleArn": Object { - "Fn::GetAtt": Array [ + "CloudWatchLogsRoleArn": { + "Fn::GetAtt": [ "LoggingCloudTrailLogsRoleE1DD6030", "Arn", ], }, "EnableLogFileValidation": true, - "EventSelectors": Array [], + "EventSelectors": [], "IncludeGlobalServiceEvents": true, "IsLogging": true, "IsMultiRegionTrail": true, - "KMSKeyId": Object { - "Fn::GetAtt": Array [ + "KMSKeyId": { + "Fn::GetAtt": [ "LoggingCloudTrailKey43327553", "Arn", ], }, - "S3BucketName": Object { + "S3BucketName": { "Ref": "LoggingCloudTrailBucket7560781D", }, }, "Type": "AWS::CloudTrail::Trail", }, - "LoggingCloudTrailAccessLogBucketA7B773C8": Object { + "LoggingCloudTrailAccessLogBucketA7B773C8": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { + "LifecycleConfiguration": { + "Rules": [ + { "ExpirationInDays": 2555, "Status": "Enabled", - "Transitions": Array [ - Object { + "Transitions": [ + { "StorageClass": "GLACIER", "TransitionInDays": 90, }, @@ -1368,57 +1368,57 @@ Object { }, ], }, - "OwnershipControls": Object { - "Rules": Array [ - Object { + "OwnershipControls": { + "Rules": [ + { "ObjectOwnership": "ObjectWriter", }, ], }, - "PublicAccessBlockConfiguration": Object { + "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, - "VersioningConfiguration": Object { + "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailAccessLogBucketPolicyE58866E2": Object { - "Properties": Object { - "Bucket": Object { + "LoggingCloudTrailAccessLogBucketPolicyE58866E2": { + "Properties": { + "Bucket": { "Ref": "LoggingCloudTrailAccessLogBucketA7B773C8", }, - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "s3:*", - "Condition": Object { - "Bool": Object { + "Condition": { + "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], @@ -1429,18 +1429,18 @@ Object { }, ], }, - Object { + { "Action": "s3:Delete*", "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], @@ -1457,60 +1457,60 @@ Object { }, "Type": "AWS::S3::BucketPolicy", }, - "LoggingCloudTrailBucket7560781D": Object { + "LoggingCloudTrailBucket7560781D": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "AccessControl": "Private", - "LoggingConfiguration": Object { - "DestinationBucketName": Object { + "LoggingConfiguration": { + "DestinationBucketName": { "Ref": "LoggingCloudTrailAccessLogBucketA7B773C8", }, "LogFilePrefix": "cloudtraillogs", }, - "PublicAccessBlockConfiguration": Object { + "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, - "VersioningConfiguration": Object { + "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailBucketPolicy4004472F": Object { - "Properties": Object { - "Bucket": Object { + "LoggingCloudTrailBucketPolicy4004472F": { + "Properties": { + "Bucket": { "Ref": "LoggingCloudTrailBucket7560781D", }, - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "s3:*", - "Condition": Object { - "Bool": Object { + "Condition": { + "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingCloudTrailBucket7560781D", "Arn", ], @@ -1521,18 +1521,18 @@ Object { }, ], }, - Object { + { "Action": "s3:Delete*", "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingCloudTrailBucket7560781D", "Arn", ], @@ -1543,42 +1543,42 @@ Object { }, "Sid": "Restrict Delete* Actions", }, - Object { + { "Action": "s3:GetBucketAcl", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudtrail.amazonaws.com", }, - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, }, - Object { + { "Action": "s3:PutObject", - "Condition": Object { - "StringEquals": Object { + "Condition": { + "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control", }, }, "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudtrail.amazonaws.com", }, - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, "/AWSLogs/", - Object { + { "Ref": "AWS::AccountId", }, "/*", @@ -1592,27 +1592,27 @@ Object { }, "Type": "AWS::S3::BucketPolicy", }, - "LoggingCloudTrailKey43327553": Object { + "LoggingCloudTrailKey43327553": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "Description": "BLEA Governance Base: CMK for CloudTrail", "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { + "KeyPolicy": { + "Statement": [ + { "Action": "kms:*", "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ + "Principal": { + "AWS": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":root", @@ -1622,17 +1622,17 @@ Object { }, "Resource": "*", }, - Object { + { "Action": "kms:GenerateDataKey*", - "Condition": Object { - "StringLike": Object { - "kms:EncryptionContext:aws:cloudtrail:arn": Array [ - Object { - "Fn::Join": Array [ + "Condition": { + "StringLike": { + "kms:EncryptionContext:aws:cloudtrail:arn": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:aws:cloudtrail:*:", - Object { + { "Ref": "AWS::AccountId", }, ":trail/*", @@ -1643,38 +1643,38 @@ Object { }, }, "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudtrail.amazonaws.com", }, "Resource": "*", }, - Object { + { "Action": "kms:DescribeKey", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudtrail.amazonaws.com", }, "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Decrypt", "kms:ReEncryptFrom", ], - "Condition": Object { - "StringEquals": Object { - "kms:CallerAccount": Object { + "Condition": { + "StringEquals": { + "kms:CallerAccount": { "Ref": "AWS::AccountId", }, }, - "StringLike": Object { - "kms:EncryptionContext:aws:cloudtrail:arn": Array [ - Object { - "Fn::Join": Array [ + "StringLike": { + "kms:EncryptionContext:aws:cloudtrail:arn": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:aws:cloudtrail:*:", - Object { + { "Ref": "AWS::AccountId", }, ":trail/*", @@ -1685,31 +1685,31 @@ Object { }, }, "Effect": "Allow", - "Principal": Object { + "Principal": { "AWS": "*", }, "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*", ], - "Condition": Object { - "ArnEquals": Object { - "kms:EncryptionContext:aws:logs:arn": Object { - "Fn::Join": Array [ + "Condition": { + "ArnEquals": { + "kms:EncryptionContext:aws:logs:arn": { + "Fn::Join": [ "", - Array [ + [ "arn:aws:logs:", - Object { + { "Ref": "AWS::Region", }, ":", - Object { + { "Ref": "AWS::AccountId", }, ":log-group:*", @@ -1719,17 +1719,17 @@ Object { }, }, "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ + "Principal": { + "Service": { + "Fn::Join": [ "", - Array [ + [ "logs.", - Object { + { "Ref": "AWS::Region", }, ".", - Object { + { "Ref": "AWS::URLSuffix", }, ], @@ -1745,11 +1745,11 @@ Object { "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailKeyAlias65A5FEEA": Object { - "Properties": Object { + "LoggingCloudTrailKeyAlias65A5FEEA": { + "Properties": { "AliasName": "alias/DevBLEAGovBaseCtLogging339675FD", - "TargetKeyId": Object { - "Fn::GetAtt": Array [ + "TargetKeyId": { + "Fn::GetAtt": [ "LoggingCloudTrailKey43327553", "Arn", ], @@ -1757,11 +1757,11 @@ Object { }, "Type": "AWS::KMS::Alias", }, - "LoggingCloudTrailLogGroupEFC12822": Object { + "LoggingCloudTrailLogGroupEFC12822": { "DeletionPolicy": "Retain", - "Properties": Object { - "KmsKeyId": Object { - "Fn::GetAtt": Array [ + "Properties": { + "KmsKeyId": { + "Fn::GetAtt": [ "LoggingCloudTrailKey43327553", "Arn", ], @@ -1771,18 +1771,18 @@ Object { "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "logs:PutLogEvents", "logs:CreateLogStream", ], "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "LoggingCloudTrailLogGroupEFC12822", "Arn", ], @@ -1792,22 +1792,22 @@ Object { "Version": "2012-10-17", }, "PolicyName": "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "LoggingCloudTrailLogsRoleE1DD6030", }, ], }, "Type": "AWS::IAM::Policy", }, - "LoggingCloudTrailLogsRoleE1DD6030": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "LoggingCloudTrailLogsRoleE1DD6030": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudtrail.amazonaws.com", }, }, @@ -1817,58 +1817,58 @@ Object { }, "Type": "AWS::IAM::Role", }, - "NotificationChatbotChannel053BCEF2": Object { - "Properties": Object { + "NotificationChatbotChannel053BCEF2": { + "Properties": { "ConfigurationName": "DevBLEAGovBaseCtNotification4A8C14EC", - "IamRoleArn": Object { - "Fn::GetAtt": Array [ + "IamRoleArn": { + "Fn::GetAtt": [ "NotificationChatbotRole9B60F7B3", "Arn", ], }, "SlackChannelId": "C00XXXXXXXX", "SlackWorkspaceId": "T8XXXXXXX", - "SnsTopicArns": Array [ - Object { + "SnsTopicArns": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], }, "Type": "AWS::Chatbot::SlackChannelConfiguration", }, - "NotificationChatbotRole9B60F7B3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "NotificationChatbotRole9B60F7B3": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "chatbot.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/ReadOnlyAccess", ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchReadOnlyAccess", @@ -1880,22 +1880,22 @@ Object { "Type": "AWS::IAM::Role", }, }, - "Rules": Object { - "CheckBootstrapVersion": Object { - "Assertions": Array [ - Object { - "Assert": Object { - "Fn::Not": Array [ - Object { - "Fn::Contains": Array [ - Array [ + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ "1", "2", "3", "4", "5", ], - Object { + { "Ref": "BootstrapVersion", }, ], diff --git a/usecases/blea-guest-ec2-app-sample/test/__snapshots__/blea-guest-ec2-app-sample.test.ts.snap b/usecases/blea-guest-ec2-app-sample/test/__snapshots__/blea-guest-ec2-app-sample.test.ts.snap index 157e52a08..0be72b26f 100644 --- a/usecases/blea-guest-ec2-app-sample/test/__snapshots__/blea-guest-ec2-app-sample.test.ts.snap +++ b/usecases/blea-guest-ec2-app-sample/test/__snapshots__/blea-guest-ec2-app-sample.test.ts.snap @@ -1,40 +1,40 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for BLEAEc2App Stack 1`] = ` -Object { - "Parameters": Object { - "BootstrapVersion": Object { +{ + "Parameters": { + "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, - "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": Object { + "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": { "Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": Object { - "CMK56817A4C": Object { + "Resources": { + "CMK56817A4C": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "Description": "BLEA Guest Sample: CMK for Ec2App", "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { + "KeyPolicy": { + "Statement": [ + { "Action": "kms:*", "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ + "Principal": { + "AWS": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":root", @@ -51,11 +51,11 @@ Object { "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, - "CMKAliasFD5A95C9": Object { - "Properties": Object { + "CMKAliasFD5A95C9": { + "Properties": { "AliasName": "alias/DevBLEAEc2App", - "TargetKeyId": Object { - "Fn::GetAtt": Array [ + "TargetKeyId": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], @@ -63,44 +63,44 @@ Object { }, "Type": "AWS::KMS::Alias", }, - "Ec2AppAlb7DEFB31D": Object { - "DependsOn": Array [ + "Ec2AppAlb7DEFB31D": { + "DependsOn": [ "NetworkingVpcPublicSubnet1DefaultRoute80C01FA6", "NetworkingVpcPublicSubnet1RouteTableAssociationD13830EA", "NetworkingVpcPublicSubnet2DefaultRouteDF98F60F", "NetworkingVpcPublicSubnet2RouteTableAssociation2D4CEA06", ], - "Properties": Object { - "LoadBalancerAttributes": Array [ - Object { + "Properties": { + "LoadBalancerAttributes": [ + { "Key": "deletion_protection.enabled", "Value": "false", }, - Object { + { "Key": "access_logs.s3.enabled", "Value": "true", }, - Object { + { "Key": "access_logs.s3.bucket", - "Value": Object { + "Value": { "Ref": "Ec2AppAlbLogBucket1DE66F6A", }, }, ], "Scheme": "internet-facing", - "SecurityGroups": Array [ - Object { - "Fn::GetAtt": Array [ + "SecurityGroups": [ + { + "Fn::GetAtt": [ "Ec2AppAlbSg4F64FD2A", "GroupId", ], }, ], - "Subnets": Array [ - Object { + "Subnets": [ + { "Ref": "NetworkingVpcPublicSubnet1Subnet918289EE", }, - Object { + { "Ref": "NetworkingVpcPublicSubnet2Subnet9D9E5AFB", }, ], @@ -108,52 +108,52 @@ Object { }, "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", }, - "Ec2AppAlbAlbListenerAppAsgTargetGroup308E1E51": Object { - "Properties": Object { + "Ec2AppAlbAlbListenerAppAsgTargetGroup308E1E51": { + "Properties": { "Port": 80, "Protocol": "HTTP", - "TargetGroupAttributes": Array [ - Object { + "TargetGroupAttributes": [ + { "Key": "deregistration_delay.timeout_seconds", "Value": "30", }, - Object { + { "Key": "stickiness.enabled", "Value": "false", }, ], "TargetType": "instance", - "Targets": Array [ - Object { - "Id": Object { + "Targets": [ + { + "Id": { "Ref": "Ec2AppAppInstance07A0F86A5", }, "Port": 80, }, - Object { - "Id": Object { + { + "Id": { "Ref": "Ec2AppAppInstance10A28D59A", }, "Port": 80, }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", }, - "Ec2AppAlbAlbListenerD30090D8": Object { - "Properties": Object { - "DefaultActions": Array [ - Object { - "TargetGroupArn": Object { + "Ec2AppAlbAlbListenerD30090D8": { + "Properties": { + "DefaultActions": [ + { + "TargetGroupArn": { "Ref": "Ec2AppAlbAlbListenerAppAsgTargetGroup308E1E51", }, "Type": "forward", }, ], - "LoadBalancerArn": Object { + "LoadBalancerArn": { "Ref": "Ec2AppAlb7DEFB31D", }, "Port": 80, @@ -161,20 +161,20 @@ Object { }, "Type": "AWS::ElasticLoadBalancingV2::Listener", }, - "Ec2AppAlbLogBucket1DE66F6A": Object { + "Ec2AppAlbLogBucket1DE66F6A": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "AccessControl": "Private", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, - "PublicAccessBlockConfiguration": Object { + "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, @@ -184,37 +184,37 @@ Object { "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "Ec2AppAlbLogBucketPolicy6C6759B4": Object { - "Properties": Object { - "Bucket": Object { + "Ec2AppAlbLogBucketPolicy6C6759B4": { + "Properties": { + "Bucket": { "Ref": "Ec2AppAlbLogBucket1DE66F6A", }, - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "s3:*", - "Condition": Object { - "Bool": Object { + "Condition": { + "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "Ec2AppAlbLogBucket1DE66F6A", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "Ec2AppAlbLogBucket1DE66F6A", "Arn", ], @@ -225,16 +225,16 @@ Object { }, ], }, - Object { + { "Action": "s3:PutObject", "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ + "Principal": { + "AWS": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::582318560864:root", @@ -242,18 +242,18 @@ Object { ], }, }, - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "Ec2AppAlbLogBucket1DE66F6A", "Arn", ], }, "/AWSLogs/", - Object { + { "Ref": "AWS::AccountId", }, "/*", @@ -261,29 +261,29 @@ Object { ], }, }, - Object { + { "Action": "s3:PutObject", - "Condition": Object { - "StringEquals": Object { + "Condition": { + "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control", }, }, "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "delivery.logs.amazonaws.com", }, - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "Ec2AppAlbLogBucket1DE66F6A", "Arn", ], }, "/AWSLogs/", - Object { + { "Ref": "AWS::AccountId", }, "/*", @@ -291,14 +291,14 @@ Object { ], }, }, - Object { + { "Action": "s3:GetBucketAcl", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "delivery.logs.amazonaws.com", }, - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "Ec2AppAlbLogBucket1DE66F6A", "Arn", ], @@ -310,11 +310,11 @@ Object { }, "Type": "AWS::S3::BucketPolicy", }, - "Ec2AppAlbSg4F64FD2A": Object { - "Properties": Object { + "Ec2AppAlbSg4F64FD2A": { + "Properties": { "GroupDescription": "Dev-BLEAEc2App/Ec2App/AlbSg", - "SecurityGroupEgress": Array [ - Object { + "SecurityGroupEgress": [ + { "CidrIp": "0.0.0.0/0", "Description": "from 0.0.0.0/0:ALL PORTS", "FromPort": 0, @@ -322,8 +322,8 @@ Object { "ToPort": 65535, }, ], - "SecurityGroupIngress": Array [ - Object { + "SecurityGroupIngress": [ + { "CidrIp": "0.0.0.0/0", "Description": "Allow from anyone on port 80", "FromPort": 80, @@ -331,24 +331,24 @@ Object { "ToPort": 80, }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "Ec2AppAlbSgtoDevBLEAEc2AppAppSgB5966D8D80E8567116": Object { - "Properties": Object { + "Ec2AppAlbSgtoDevBLEAEc2AppAppSgB5966D8D80E8567116": { + "Properties": { "Description": "Load balancer to target", - "DestinationSecurityGroupId": Object { - "Fn::GetAtt": Array [ + "DestinationSecurityGroupId": { + "Fn::GetAtt": [ "Ec2AppAppSgF34C625B", "GroupId", ], }, "FromPort": 80, - "GroupId": Object { - "Fn::GetAtt": Array [ + "GroupId": { + "Fn::GetAtt": [ "Ec2AppAlbSg4F64FD2A", "GroupId", ], @@ -358,101 +358,101 @@ Object { }, "Type": "AWS::EC2::SecurityGroupEgress", }, - "Ec2AppAppAsgASGA1C2034A": Object { - "Properties": Object { + "Ec2AppAppAsgASGA1C2034A": { + "Properties": { "HealthCheckGracePeriod": 60, "HealthCheckType": "ELB", - "LaunchConfigurationName": Object { + "LaunchConfigurationName": { "Ref": "Ec2AppAppAsgLaunchConfig7E072488", }, "MaxSize": "4", "MinSize": "2", - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "PropagateAtLaunch": true, "Value": "AppServer", }, ], - "TargetGroupARNs": Array [ - Object { + "TargetGroupARNs": [ + { "Ref": "Ec2AppAlbAlbListenerAppAsgTargetGroup308E1E51", }, ], - "VPCZoneIdentifier": Array [ - Object { + "VPCZoneIdentifier": [ + { "Ref": "NetworkingVpcPrivateSubnet1Subnet717BCE48", }, - Object { + { "Ref": "NetworkingVpcPrivateSubnet2Subnet4313381B", }, ], }, "Type": "AWS::AutoScaling::AutoScalingGroup", - "UpdatePolicy": Object { - "AutoScalingScheduledAction": Object { + "UpdatePolicy": { + "AutoScalingScheduledAction": { "IgnoreUnmodifiedGroupSizeProperties": true, }, }, }, - "Ec2AppAppAsgInstanceProfile6555344A": Object { - "Properties": Object { - "Roles": Array [ - Object { + "Ec2AppAppAsgInstanceProfile6555344A": { + "Properties": { + "Roles": [ + { "Ref": "Ec2AppSsmInstanceRole98A9FB18", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, - "Ec2AppAppAsgLaunchConfig7E072488": Object { - "DependsOn": Array [ + "Ec2AppAppAsgLaunchConfig7E072488": { + "DependsOn": [ "Ec2AppSsmInstanceRole98A9FB18", ], - "Properties": Object { - "BlockDeviceMappings": Array [ - Object { + "Properties": { + "BlockDeviceMappings": [ + { "DeviceName": "/dev/xvda", - "Ebs": Object { + "Ebs": { "Encrypted": true, "VolumeSize": 10, }, }, ], - "IamInstanceProfile": Object { + "IamInstanceProfile": { "Ref": "Ec2AppAppAsgInstanceProfile6555344A", }, - "ImageId": Object { + "ImageId": { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter", }, "InstanceType": "t3.micro", - "SecurityGroups": Array [ - Object { - "Fn::GetAtt": Array [ + "SecurityGroups": [ + { + "Fn::GetAtt": [ "Ec2AppAppSgF34C625B", "GroupId", ], }, ], - "UserData": Object { + "UserData": { "Fn::Base64": "#!/bin/bash sudo yum -y install httpd sudo systemctl enable httpd sudo systemctl start httpd -echo \\"

Hello from $(hostname)

\\" > /var/www/html/index.html +echo "

Hello from $(hostname)

" > /var/www/html/index.html chown apache.apache /var/www/html/index.html", }, }, "Type": "AWS::AutoScaling::LaunchConfiguration", }, - "Ec2AppAppAsgScalingPolicykeepSpareCPUE940C04E": Object { - "Properties": Object { - "AutoScalingGroupName": Object { + "Ec2AppAppAsgScalingPolicykeepSpareCPUE940C04E": { + "Properties": { + "AutoScalingGroupName": { "Ref": "Ec2AppAppAsgASGA1C2034A", }, "PolicyType": "TargetTrackingScaling", - "TargetTrackingConfiguration": Object { - "PredefinedMetricSpecification": Object { + "TargetTrackingConfiguration": { + "PredefinedMetricSpecification": { "PredefinedMetricType": "ASGAverageCPUUtilization", }, "TargetValue": 50, @@ -460,145 +460,145 @@ chown apache.apache /var/www/html/index.html", }, "Type": "AWS::AutoScaling::ScalingPolicy", }, - "Ec2AppAppInstance07A0F86A5": Object { - "DependsOn": Array [ + "Ec2AppAppInstance07A0F86A5": { + "DependsOn": [ "Ec2AppSsmInstanceRole98A9FB18", ], - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ 0, - Object { + { "Fn::GetAZs": "", }, ], }, - "BlockDeviceMappings": Array [ - Object { + "BlockDeviceMappings": [ + { "DeviceName": "/dev/xvda", - "Ebs": Object { + "Ebs": { "Encrypted": true, "VolumeSize": 10, }, }, ], - "IamInstanceProfile": Object { + "IamInstanceProfile": { "Ref": "Ec2AppAppInstance0InstanceProfile5EE4D678", }, - "ImageId": Object { + "ImageId": { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter", }, "InstanceType": "t3.micro", - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ "Ec2AppAppSgF34C625B", "GroupId", ], }, ], - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPrivateSubnet1Subnet717BCE48", }, - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "Value": "AppServer0", }, ], - "UserData": Object { + "UserData": { "Fn::Base64": "#!/bin/bash sudo yum -y install httpd sudo systemctl enable httpd sudo systemctl start httpd -echo \\"

Hello from $(hostname)

\\" > /var/www/html/index.html +echo "

Hello from $(hostname)

" > /var/www/html/index.html chown apache.apache /var/www/html/index.html", }, }, "Type": "AWS::EC2::Instance", }, - "Ec2AppAppInstance0InstanceProfile5EE4D678": Object { - "Properties": Object { - "Roles": Array [ - Object { + "Ec2AppAppInstance0InstanceProfile5EE4D678": { + "Properties": { + "Roles": [ + { "Ref": "Ec2AppSsmInstanceRole98A9FB18", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, - "Ec2AppAppInstance10A28D59A": Object { - "DependsOn": Array [ + "Ec2AppAppInstance10A28D59A": { + "DependsOn": [ "Ec2AppSsmInstanceRole98A9FB18", ], - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ 1, - Object { + { "Fn::GetAZs": "", }, ], }, - "BlockDeviceMappings": Array [ - Object { + "BlockDeviceMappings": [ + { "DeviceName": "/dev/xvda", - "Ebs": Object { + "Ebs": { "Encrypted": true, "VolumeSize": 10, }, }, ], - "IamInstanceProfile": Object { + "IamInstanceProfile": { "Ref": "Ec2AppAppInstance1InstanceProfile1886A29D", }, - "ImageId": Object { + "ImageId": { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter", }, "InstanceType": "t3.micro", - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ "Ec2AppAppSgF34C625B", "GroupId", ], }, ], - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPrivateSubnet2Subnet4313381B", }, - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "Value": "AppServer1", }, ], - "UserData": Object { + "UserData": { "Fn::Base64": "#!/bin/bash sudo yum -y install httpd sudo systemctl enable httpd sudo systemctl start httpd -echo \\"

Hello from $(hostname)

\\" > /var/www/html/index.html +echo "

Hello from $(hostname)

" > /var/www/html/index.html chown apache.apache /var/www/html/index.html", }, }, "Type": "AWS::EC2::Instance", }, - "Ec2AppAppInstance1InstanceProfile1886A29D": Object { - "Properties": Object { - "Roles": Array [ - Object { + "Ec2AppAppInstance1InstanceProfile1886A29D": { + "Properties": { + "Roles": [ + { "Ref": "Ec2AppSsmInstanceRole98A9FB18", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, - "Ec2AppAppSgF34C625B": Object { - "Properties": Object { + "Ec2AppAppSgF34C625B": { + "Properties": { "GroupDescription": "Dev-BLEAEc2App/Ec2App/AppSg", - "SecurityGroupEgress": Array [ - Object { + "SecurityGroupEgress": [ + { "CidrIp": "0.0.0.0/0", "Description": "from 0.0.0.0/0:ALL PORTS", "FromPort": 0, @@ -606,25 +606,25 @@ chown apache.apache /var/www/html/index.html", "ToPort": 65535, }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "Ec2AppAppSgfromDevBLEAEc2AppAlbSgB1E49274805D7F9651": Object { - "Properties": Object { + "Ec2AppAppSgfromDevBLEAEc2AppAlbSgB1E49274805D7F9651": { + "Properties": { "Description": "from DevBLEAEc2AppAlbSgB1E49274:80", "FromPort": 80, - "GroupId": Object { - "Fn::GetAtt": Array [ + "GroupId": { + "Fn::GetAtt": [ "Ec2AppAppSgF34C625B", "GroupId", ], }, "IpProtocol": "tcp", - "SourceSecurityGroupId": Object { - "Fn::GetAtt": Array [ + "SourceSecurityGroupId": { + "Fn::GetAtt": [ "Ec2AppAlbSg4F64FD2A", "GroupId", ], @@ -633,21 +633,21 @@ chown apache.apache /var/www/html/index.html", }, "Type": "AWS::EC2::SecurityGroupIngress", }, - "Ec2AppSsmInstanceRole98A9FB18": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "Ec2AppSsmInstanceRole98A9FB18": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ + "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy", ], @@ -655,100 +655,100 @@ chown apache.apache /var/www/html/index.html", }, "Type": "AWS::IAM::Role", }, - "InvestigationInstance2E4D52A0": Object { - "DependsOn": Array [ + "InvestigationInstance2E4D52A0": { + "DependsOn": [ "InvestigationInstanceSsmInstanceRole95F6BCCB", ], - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ 0, - Object { + { "Fn::GetAZs": "", }, ], }, - "BlockDeviceMappings": Array [ - Object { + "BlockDeviceMappings": [ + { "DeviceName": "/dev/xvda", - "Ebs": Object { + "Ebs": { "Encrypted": true, "VolumeSize": 10, }, }, ], - "IamInstanceProfile": Object { + "IamInstanceProfile": { "Ref": "InvestigationInstanceInstanceProfileAF68C034", }, - "ImageId": Object { + "ImageId": { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter", }, "InstanceType": "t3.micro", - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ "InvestigationInstanceInvInstanceSgB92E484E", "GroupId", ], }, ], - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "Value": "Investigation", }, ], - "UserData": Object { + "UserData": { "Fn::Base64": "#!/bin/bash sudo yum -y install mariadb", }, }, "Type": "AWS::EC2::Instance", }, - "InvestigationInstanceInstanceProfileAF68C034": Object { - "Properties": Object { - "Roles": Array [ - Object { + "InvestigationInstanceInstanceProfileAF68C034": { + "Properties": { + "Roles": [ + { "Ref": "InvestigationInstanceSsmInstanceRole95F6BCCB", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, - "InvestigationInstanceInvInstanceSgB92E484E": Object { - "Properties": Object { + "InvestigationInstanceInvInstanceSgB92E484E": { + "Properties": { "GroupDescription": "Dev-BLEAEc2App/InvestigationInstance/InvInstanceSg", - "SecurityGroupEgress": Array [ - Object { + "SecurityGroupEgress": [ + { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "InvestigationInstanceSsmInstanceRole95F6BCCB": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "InvestigationInstanceSsmInstanceRole95F6BCCB": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ + "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy", ], @@ -756,20 +756,20 @@ sudo yum -y install mariadb", }, "Type": "AWS::IAM::Role", }, - "MonitoringAlarmTopicAF62D4F1": Object { + "MonitoringAlarmTopicAF62D4F1": { "Type": "AWS::SNS::Topic", }, - "MonitoringAlarmTopicPolicyCB9CCFB0": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { + "MonitoringAlarmTopicPolicyCB9CCFB0": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { "Action": "sns:Publish", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudwatch.amazonaws.com", }, - "Resource": Object { + "Resource": { "Ref": "MonitoringAlarmTopicAF62D4F1", }, "Sid": "0", @@ -777,66 +777,66 @@ sudo yum -y install mariadb", ], "Version": "2012-10-17", }, - "Topics": Array [ - Object { + "Topics": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], }, "Type": "AWS::SNS::TopicPolicy", }, - "MonitoringChatbotChannel3696F0E4": Object { - "Properties": Object { + "MonitoringChatbotChannel3696F0E4": { + "Properties": { "ConfigurationName": "DevBLEAEc2AppMonitoring7E28C0B1", - "IamRoleArn": Object { - "Fn::GetAtt": Array [ + "IamRoleArn": { + "Fn::GetAtt": [ "MonitoringChatbotRoleD766A77D", "Arn", ], }, "SlackChannelId": "CYYYYYYYYYY", "SlackWorkspaceId": "TXXXXXXXXXX", - "SnsTopicArns": Array [ - Object { + "SnsTopicArns": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], }, "Type": "AWS::Chatbot::SlackChannelConfiguration", }, - "MonitoringChatbotRoleD766A77D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "MonitoringChatbotRoleD766A77D": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "chatbot.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/ReadOnlyAccess", ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchReadOnlyAccess", @@ -847,26 +847,26 @@ sudo yum -y install mariadb", }, "Type": "AWS::IAM::Role", }, - "MonitoringEmailSubsc6D15C956": Object { - "Properties": Object { + "MonitoringEmailSubsc6D15C956": { + "Properties": { "Endpoint": "notify-security@example.com", "Protocol": "email", - "TopicArn": Object { + "TopicArn": { "Ref": "MonitoringAlarmTopicAF62D4F1", }, }, "Type": "AWS::SNS::Subscription", }, - "NetworkingFlowLogBucket33187957": Object { + "NetworkingFlowLogBucket33187957": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "AccessControl": "Private", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "KMSMasterKeyID": Object { - "Fn::GetAtt": Array [ + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::GetAtt": [ "NetworkingKey5DCEF7CD", "Arn", ], @@ -876,7 +876,7 @@ sudo yum -y install mariadb", }, ], }, - "PublicAccessBlockConfiguration": Object { + "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, @@ -886,37 +886,37 @@ sudo yum -y install mariadb", "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "NetworkingFlowLogBucketPolicy1EE356A6": Object { - "Properties": Object { - "Bucket": Object { + "NetworkingFlowLogBucketPolicy1EE356A6": { + "Properties": { + "Bucket": { "Ref": "NetworkingFlowLogBucket33187957", }, - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "s3:*", - "Condition": Object { - "Bool": Object { + "Condition": { + "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "NetworkingFlowLogBucket33187957", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "NetworkingFlowLogBucket33187957", "Arn", ], @@ -933,27 +933,27 @@ sudo yum -y install mariadb", }, "Type": "AWS::S3::BucketPolicy", }, - "NetworkingKey5DCEF7CD": Object { + "NetworkingKey5DCEF7CD": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "Description": "BLEA Guest Sample: CMK for Ec2App VPC Flow Logs", "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { + "KeyPolicy": { + "Statement": [ + { "Action": "kms:*", "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ + "Principal": { + "AWS": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":root", @@ -963,8 +963,8 @@ sudo yum -y install mariadb", }, "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -972,7 +972,7 @@ sudo yum -y install mariadb", "kms:Describe*", ], "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "delivery.logs.amazonaws.com", }, "Resource": "*", @@ -984,11 +984,11 @@ sudo yum -y install mariadb", "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, - "NetworkingKeyAlias2BF09FC0": Object { - "Properties": Object { + "NetworkingKeyAlias2BF09FC0": { + "Properties": { "AliasName": "alias/DevBLEAEc2AppNetworkingD87AB721", - "TargetKeyId": Object { - "Fn::GetAtt": Array [ + "TargetKeyId": { + "Fn::GetAtt": [ "NetworkingKey5DCEF7CD", "Arn", ], @@ -996,41 +996,47 @@ sudo yum -y install mariadb", }, "Type": "AWS::KMS::Alias", }, - "NetworkingPrivateNacl8E602059": Object { - "Properties": Object { - "VpcId": Object { + "NetworkingPrivateNacl8E602059": { + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "Dev-BLEAEc2App/Networking/PrivateNacl", + }, + ], + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::NetworkAcl", }, - "NetworkingPrivateNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPrivateSubnet15B31922B8E6227D5": Object { - "Properties": Object { - "NetworkAclId": Object { + "NetworkingPrivateNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPrivateSubnet15B31922B8E6227D5": { + "Properties": { + "NetworkAclId": { "Ref": "NetworkingPrivateNacl8E602059", }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPrivateSubnet1Subnet717BCE48", }, }, "Type": "AWS::EC2::SubnetNetworkAclAssociation", }, - "NetworkingPrivateNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPrivateSubnet239B35D27D643660A": Object { - "Properties": Object { - "NetworkAclId": Object { + "NetworkingPrivateNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPrivateSubnet239B35D27D643660A": { + "Properties": { + "NetworkAclId": { "Ref": "NetworkingPrivateNacl8E602059", }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPrivateSubnet2Subnet4313381B", }, }, "Type": "AWS::EC2::SubnetNetworkAclAssociation", }, - "NetworkingPrivateNaclPrivateEgress8D7BEE42": Object { - "Properties": Object { + "NetworkingPrivateNaclPrivateEgress8D7BEE42": { + "Properties": { "CidrBlock": "0.0.0.0/0", "Egress": true, - "NetworkAclId": Object { + "NetworkAclId": { "Ref": "NetworkingPrivateNacl8E602059", }, "Protocol": -1, @@ -1039,11 +1045,11 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::NetworkAclEntry", }, - "NetworkingPrivateNaclPrivateIngressA5CFFFD6": Object { - "Properties": Object { + "NetworkingPrivateNaclPrivateIngressA5CFFFD6": { + "Properties": { "CidrBlock": "0.0.0.0/0", "Egress": false, - "NetworkAclId": Object { + "NetworkAclId": { "Ref": "NetworkingPrivateNacl8E602059", }, "Protocol": -1, @@ -1052,41 +1058,47 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::NetworkAclEntry", }, - "NetworkingPublicNacl8F0D44A5": Object { - "Properties": Object { - "VpcId": Object { + "NetworkingPublicNacl8F0D44A5": { + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "Dev-BLEAEc2App/Networking/PublicNacl", + }, + ], + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::NetworkAcl", }, - "NetworkingPublicNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPublicSubnet109F200B211B5AB43": Object { - "Properties": Object { - "NetworkAclId": Object { + "NetworkingPublicNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPublicSubnet109F200B211B5AB43": { + "Properties": { + "NetworkAclId": { "Ref": "NetworkingPublicNacl8F0D44A5", }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPublicSubnet1Subnet918289EE", }, }, "Type": "AWS::EC2::SubnetNetworkAclAssociation", }, - "NetworkingPublicNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPublicSubnet24591B590BD988215": Object { - "Properties": Object { - "NetworkAclId": Object { + "NetworkingPublicNaclDefaultAssociationDevBLEAEc2AppNetworkingVpcPublicSubnet24591B590BD988215": { + "Properties": { + "NetworkAclId": { "Ref": "NetworkingPublicNacl8F0D44A5", }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPublicSubnet2Subnet9D9E5AFB", }, }, "Type": "AWS::EC2::SubnetNetworkAclAssociation", }, - "NetworkingPublicNaclPublicEgress927B5E86": Object { - "Properties": Object { + "NetworkingPublicNaclPublicEgress927B5E86": { + "Properties": { "CidrBlock": "0.0.0.0/0", "Egress": true, - "NetworkAclId": Object { + "NetworkAclId": { "Ref": "NetworkingPublicNacl8F0D44A5", }, "Protocol": -1, @@ -1095,11 +1107,11 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::NetworkAclEntry", }, - "NetworkingPublicNaclPublicIngressAC30352B": Object { - "Properties": Object { + "NetworkingPublicNaclPublicIngressAC30352B": { + "Properties": { "CidrBlock": "0.0.0.0/0", "Egress": false, - "NetworkAclId": Object { + "NetworkAclId": { "Ref": "NetworkingPublicNacl8F0D44A5", }, "Protocol": -1, @@ -1108,14 +1120,14 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::NetworkAclEntry", }, - "NetworkingVpc6B5E6F44": Object { - "Properties": Object { + "NetworkingVpc6B5E6F44": { + "Properties": { "CidrBlock": "10.100.0.0/16", "EnableDnsHostnames": true, "EnableDnsSupport": true, "InstanceTenancy": "default", - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, @@ -1123,58 +1135,58 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::VPC", }, - "NetworkingVpcEc2EndpointCDE9BE0C": Object { - "Properties": Object { + "NetworkingVpcEc2EndpointCDE9BE0C": { + "Properties": { "PrivateDnsEnabled": true, - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ "NetworkingVpcEc2EndpointSecurityGroup28494A31", "GroupId", ], }, ], "ServiceName": "com.amazonaws.ap-northeast-1.ec2", - "SubnetIds": Array [ - Object { + "SubnetIds": [ + { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, - Object { + { "Ref": "NetworkingVpcProtectedSubnet2SubnetE110C692", }, ], "VpcEndpointType": "Interface", - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCEndpoint", }, - "NetworkingVpcEc2EndpointSecurityGroup28494A31": Object { - "Properties": Object { + "NetworkingVpcEc2EndpointSecurityGroup28494A31": { + "Properties": { "GroupDescription": "Dev-BLEAEc2App/Networking/Vpc/Ec2Endpoint/SecurityGroup", - "SecurityGroupEgress": Array [ - Object { + "SecurityGroupEgress": [ + { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": Object { - "Fn::GetAtt": Array [ + "SecurityGroupIngress": [ + { + "CidrIp": { + "Fn::GetAtt": [ "NetworkingVpc6B5E6F44", "CidrBlock", ], }, - "Description": Object { - "Fn::Join": Array [ + "Description": { + "Fn::Join": [ "", - Array [ + [ "from ", - Object { - "Fn::GetAtt": Array [ + { + "Fn::GetAtt": [ "NetworkingVpc6B5E6F44", "CidrBlock", ], @@ -1188,70 +1200,70 @@ sudo yum -y install mariadb", "ToPort": 443, }, ], - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "NetworkingVpcEc2MessagesEndpointD64BDA68": Object { - "Properties": Object { + "NetworkingVpcEc2MessagesEndpointD64BDA68": { + "Properties": { "PrivateDnsEnabled": true, - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ "NetworkingVpcEc2MessagesEndpointSecurityGroupA9FD1F29", "GroupId", ], }, ], "ServiceName": "com.amazonaws.ap-northeast-1.ec2messages", - "SubnetIds": Array [ - Object { + "SubnetIds": [ + { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, - Object { + { "Ref": "NetworkingVpcProtectedSubnet2SubnetE110C692", }, ], "VpcEndpointType": "Interface", - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCEndpoint", }, - "NetworkingVpcEc2MessagesEndpointSecurityGroupA9FD1F29": Object { - "Properties": Object { + "NetworkingVpcEc2MessagesEndpointSecurityGroupA9FD1F29": { + "Properties": { "GroupDescription": "Dev-BLEAEc2App/Networking/Vpc/Ec2MessagesEndpoint/SecurityGroup", - "SecurityGroupEgress": Array [ - Object { + "SecurityGroupEgress": [ + { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": Object { - "Fn::GetAtt": Array [ + "SecurityGroupIngress": [ + { + "CidrIp": { + "Fn::GetAtt": [ "NetworkingVpc6B5E6F44", "CidrBlock", ], }, - "Description": Object { - "Fn::Join": Array [ + "Description": { + "Fn::Join": [ "", - Array [ + [ "from ", - Object { - "Fn::GetAtt": Array [ + { + "Fn::GetAtt": [ "NetworkingVpc6B5E6F44", "CidrBlock", ], @@ -1265,48 +1277,48 @@ sudo yum -y install mariadb", "ToPort": 443, }, ], - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "NetworkingVpcFlowLogsFlowLog7DF32A67": Object { - "DependsOn": Array [ + "NetworkingVpcFlowLogsFlowLog7DF32A67": { + "DependsOn": [ "NetworkingFlowLogBucketPolicy1EE356A6", ], - "Properties": Object { - "LogDestination": Object { - "Fn::GetAtt": Array [ + "Properties": { + "LogDestination": { + "Fn::GetAtt": [ "NetworkingFlowLogBucket33187957", "Arn", ], }, "LogDestinationType": "s3", - "ResourceId": Object { + "ResourceId": { "Ref": "NetworkingVpc6B5E6F44", }, "ResourceType": "VPC", - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", - "Value": "Dev-BLEAEc2App/Networking/Vpc", + "Value": "Dev-BLEAEc2App/Networking/Vpc/FlowLogs", }, ], "TrafficType": "ALL", }, "Type": "AWS::EC2::FlowLog", }, - "NetworkingVpcIGW21218DAB": Object { - "Properties": Object { - "Tags": Array [ - Object { + "NetworkingVpcIGW21218DAB": { + "Properties": { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, @@ -1314,278 +1326,278 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::InternetGateway", }, - "NetworkingVpcPrivateSubnet1DefaultRouteDE58E6A0": Object { - "Properties": Object { + "NetworkingVpcPrivateSubnet1DefaultRouteDE58E6A0": { + "Properties": { "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { + "NatGatewayId": { "Ref": "NetworkingVpcPublicSubnet1NATGateway70EEEC07", }, - "RouteTableId": Object { + "RouteTableId": { "Ref": "NetworkingVpcPrivateSubnet1RouteTable69CC9A73", }, }, "Type": "AWS::EC2::Route", }, - "NetworkingVpcPrivateSubnet1RouteTable69CC9A73": Object { - "Properties": Object { - "Tags": Array [ - Object { + "NetworkingVpcPrivateSubnet1RouteTable69CC9A73": { + "Properties": { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PrivateSubnet1", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcPrivateSubnet1RouteTableAssociation761725EA": Object { - "Properties": Object { - "RouteTableId": Object { + "NetworkingVpcPrivateSubnet1RouteTableAssociation761725EA": { + "Properties": { + "RouteTableId": { "Ref": "NetworkingVpcPrivateSubnet1RouteTable69CC9A73", }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPrivateSubnet1Subnet717BCE48", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcPrivateSubnet1Subnet717BCE48": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ + "NetworkingVpcPrivateSubnet1Subnet717BCE48": { + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ 0, - Object { + { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.4.0/22", "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { + "Tags": [ + { "Key": "aws-cdk:subnet-name", "Value": "Private", }, - Object { + { "Key": "aws-cdk:subnet-type", "Value": "Private", }, - Object { + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PrivateSubnet1", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcPrivateSubnet2DefaultRoute5BF16047": Object { - "Properties": Object { + "NetworkingVpcPrivateSubnet2DefaultRoute5BF16047": { + "Properties": { "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { + "NatGatewayId": { "Ref": "NetworkingVpcPublicSubnet1NATGateway70EEEC07", }, - "RouteTableId": Object { + "RouteTableId": { "Ref": "NetworkingVpcPrivateSubnet2RouteTableAE92CE40", }, }, "Type": "AWS::EC2::Route", }, - "NetworkingVpcPrivateSubnet2RouteTableAE92CE40": Object { - "Properties": Object { - "Tags": Array [ - Object { + "NetworkingVpcPrivateSubnet2RouteTableAE92CE40": { + "Properties": { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PrivateSubnet2", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcPrivateSubnet2RouteTableAssociation9EFBB61D": Object { - "Properties": Object { - "RouteTableId": Object { + "NetworkingVpcPrivateSubnet2RouteTableAssociation9EFBB61D": { + "Properties": { + "RouteTableId": { "Ref": "NetworkingVpcPrivateSubnet2RouteTableAE92CE40", }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPrivateSubnet2Subnet4313381B", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcPrivateSubnet2Subnet4313381B": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ + "NetworkingVpcPrivateSubnet2Subnet4313381B": { + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ 1, - Object { + { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.8.0/22", "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { + "Tags": [ + { "Key": "aws-cdk:subnet-name", "Value": "Private", }, - Object { + { "Key": "aws-cdk:subnet-type", "Value": "Private", }, - Object { + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PrivateSubnet2", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcProtectedSubnet1RouteTable2C1558E9": Object { - "Properties": Object { - "Tags": Array [ - Object { + "NetworkingVpcProtectedSubnet1RouteTable2C1558E9": { + "Properties": { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/ProtectedSubnet1", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcProtectedSubnet1RouteTableAssociation011790AB": Object { - "Properties": Object { - "RouteTableId": Object { + "NetworkingVpcProtectedSubnet1RouteTableAssociation011790AB": { + "Properties": { + "RouteTableId": { "Ref": "NetworkingVpcProtectedSubnet1RouteTable2C1558E9", }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcProtectedSubnet1SubnetF97DE33B": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ + "NetworkingVpcProtectedSubnet1SubnetF97DE33B": { + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ 0, - Object { + { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.12.0/22", "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { + "Tags": [ + { "Key": "aws-cdk:subnet-name", "Value": "Protected", }, - Object { + { "Key": "aws-cdk:subnet-type", "Value": "Isolated", }, - Object { + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/ProtectedSubnet1", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcProtectedSubnet2RouteTableA434E57C": Object { - "Properties": Object { - "Tags": Array [ - Object { + "NetworkingVpcProtectedSubnet2RouteTableA434E57C": { + "Properties": { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/ProtectedSubnet2", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcProtectedSubnet2RouteTableAssociation01AFDB7E": Object { - "Properties": Object { - "RouteTableId": Object { + "NetworkingVpcProtectedSubnet2RouteTableAssociation01AFDB7E": { + "Properties": { + "RouteTableId": { "Ref": "NetworkingVpcProtectedSubnet2RouteTableA434E57C", }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcProtectedSubnet2SubnetE110C692", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcProtectedSubnet2SubnetE110C692": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ + "NetworkingVpcProtectedSubnet2SubnetE110C692": { + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ 1, - Object { + { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.16.0/22", "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { + "Tags": [ + { "Key": "aws-cdk:subnet-name", "Value": "Protected", }, - Object { + { "Key": "aws-cdk:subnet-type", "Value": "Isolated", }, - Object { + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/ProtectedSubnet2", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcPublicSubnet1DefaultRoute80C01FA6": Object { - "DependsOn": Array [ + "NetworkingVpcPublicSubnet1DefaultRoute80C01FA6": { + "DependsOn": [ "NetworkingVpcVPCGW12E561D8", ], - "Properties": Object { + "Properties": { "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { + "GatewayId": { "Ref": "NetworkingVpcIGW21218DAB", }, - "RouteTableId": Object { + "RouteTableId": { "Ref": "NetworkingVpcPublicSubnet1RouteTable8FB3C18A", }, }, "Type": "AWS::EC2::Route", }, - "NetworkingVpcPublicSubnet1EIP7D5353EC": Object { - "Properties": Object { + "NetworkingVpcPublicSubnet1EIP7D5353EC": { + "Properties": { "Domain": "vpc", - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet1", }, @@ -1593,23 +1605,23 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::EIP", }, - "NetworkingVpcPublicSubnet1NATGateway70EEEC07": Object { - "DependsOn": Array [ + "NetworkingVpcPublicSubnet1NATGateway70EEEC07": { + "DependsOn": [ "NetworkingVpcPublicSubnet1DefaultRoute80C01FA6", "NetworkingVpcPublicSubnet1RouteTableAssociationD13830EA", ], - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ "NetworkingVpcPublicSubnet1EIP7D5353EC", "AllocationId", ], }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPublicSubnet1Subnet918289EE", }, - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet1", }, @@ -1617,157 +1629,157 @@ sudo yum -y install mariadb", }, "Type": "AWS::EC2::NatGateway", }, - "NetworkingVpcPublicSubnet1RouteTable8FB3C18A": Object { - "Properties": Object { - "Tags": Array [ - Object { + "NetworkingVpcPublicSubnet1RouteTable8FB3C18A": { + "Properties": { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet1", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcPublicSubnet1RouteTableAssociationD13830EA": Object { - "Properties": Object { - "RouteTableId": Object { + "NetworkingVpcPublicSubnet1RouteTableAssociationD13830EA": { + "Properties": { + "RouteTableId": { "Ref": "NetworkingVpcPublicSubnet1RouteTable8FB3C18A", }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPublicSubnet1Subnet918289EE", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcPublicSubnet1Subnet918289EE": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ + "NetworkingVpcPublicSubnet1Subnet918289EE": { + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ 0, - Object { + { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.0.0/24", "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { + "Tags": [ + { "Key": "aws-cdk:subnet-name", "Value": "Public", }, - Object { + { "Key": "aws-cdk:subnet-type", "Value": "Public", }, - Object { + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet1", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcPublicSubnet2DefaultRouteDF98F60F": Object { - "DependsOn": Array [ + "NetworkingVpcPublicSubnet2DefaultRouteDF98F60F": { + "DependsOn": [ "NetworkingVpcVPCGW12E561D8", ], - "Properties": Object { + "Properties": { "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { + "GatewayId": { "Ref": "NetworkingVpcIGW21218DAB", }, - "RouteTableId": Object { + "RouteTableId": { "Ref": "NetworkingVpcPublicSubnet2RouteTable22886677", }, }, "Type": "AWS::EC2::Route", }, - "NetworkingVpcPublicSubnet2RouteTable22886677": Object { - "Properties": Object { - "Tags": Array [ - Object { + "NetworkingVpcPublicSubnet2RouteTable22886677": { + "Properties": { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet2", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::RouteTable", }, - "NetworkingVpcPublicSubnet2RouteTableAssociation2D4CEA06": Object { - "Properties": Object { - "RouteTableId": Object { + "NetworkingVpcPublicSubnet2RouteTableAssociation2D4CEA06": { + "Properties": { + "RouteTableId": { "Ref": "NetworkingVpcPublicSubnet2RouteTable22886677", }, - "SubnetId": Object { + "SubnetId": { "Ref": "NetworkingVpcPublicSubnet2Subnet9D9E5AFB", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, - "NetworkingVpcPublicSubnet2Subnet9D9E5AFB": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ + "NetworkingVpcPublicSubnet2Subnet9D9E5AFB": { + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ 1, - Object { + { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.100.1.0/24", "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { + "Tags": [ + { "Key": "aws-cdk:subnet-name", "Value": "Public", }, - Object { + { "Key": "aws-cdk:subnet-type", "Value": "Public", }, - Object { + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc/PublicSubnet2", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::Subnet", }, - "NetworkingVpcS3GWEndpointA935E1AA": Object { - "Properties": Object { - "RouteTableIds": Array [ - Object { + "NetworkingVpcS3GWEndpointA935E1AA": { + "Properties": { + "RouteTableIds": [ + { "Ref": "NetworkingVpcPrivateSubnet1RouteTable69CC9A73", }, - Object { + { "Ref": "NetworkingVpcPrivateSubnet2RouteTableAE92CE40", }, - Object { + { "Ref": "NetworkingVpcProtectedSubnet1RouteTable2C1558E9", }, - Object { + { "Ref": "NetworkingVpcProtectedSubnet2RouteTableA434E57C", }, ], - "ServiceName": Object { - "Fn::Join": Array [ + "ServiceName": { + "Fn::Join": [ "", - Array [ + [ "com.amazonaws.", - Object { + { "Ref": "AWS::Region", }, ".s3", @@ -1775,64 +1787,64 @@ sudo yum -y install mariadb", ], }, "VpcEndpointType": "Gateway", - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCEndpoint", }, - "NetworkingVpcSsmEndpoint054488E3": Object { - "Properties": Object { + "NetworkingVpcSsmEndpoint054488E3": { + "Properties": { "PrivateDnsEnabled": true, - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ "NetworkingVpcSsmEndpointSecurityGroup897B24DC", "GroupId", ], }, ], "ServiceName": "com.amazonaws.ap-northeast-1.ssm", - "SubnetIds": Array [ - Object { + "SubnetIds": [ + { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, - Object { + { "Ref": "NetworkingVpcProtectedSubnet2SubnetE110C692", }, ], "VpcEndpointType": "Interface", - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCEndpoint", }, - "NetworkingVpcSsmEndpointSecurityGroup897B24DC": Object { - "Properties": Object { + "NetworkingVpcSsmEndpointSecurityGroup897B24DC": { + "Properties": { "GroupDescription": "Dev-BLEAEc2App/Networking/Vpc/SsmEndpoint/SecurityGroup", - "SecurityGroupEgress": Array [ - Object { + "SecurityGroupEgress": [ + { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": Object { - "Fn::GetAtt": Array [ + "SecurityGroupIngress": [ + { + "CidrIp": { + "Fn::GetAtt": [ "NetworkingVpc6B5E6F44", "CidrBlock", ], }, - "Description": Object { - "Fn::Join": Array [ + "Description": { + "Fn::Join": [ "", - Array [ + [ "from ", - Object { - "Fn::GetAtt": Array [ + { + "Fn::GetAtt": [ "NetworkingVpc6B5E6F44", "CidrBlock", ], @@ -1846,70 +1858,70 @@ sudo yum -y install mariadb", "ToPort": 443, }, ], - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "NetworkingVpcSsmMessagesEndpointDA21F821": Object { - "Properties": Object { + "NetworkingVpcSsmMessagesEndpointDA21F821": { + "Properties": { "PrivateDnsEnabled": true, - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ "NetworkingVpcSsmMessagesEndpointSecurityGroup4F815FEB", "GroupId", ], }, ], "ServiceName": "com.amazonaws.ap-northeast-1.ssmmessages", - "SubnetIds": Array [ - Object { + "SubnetIds": [ + { "Ref": "NetworkingVpcProtectedSubnet1SubnetF97DE33B", }, - Object { + { "Ref": "NetworkingVpcProtectedSubnet2SubnetE110C692", }, ], "VpcEndpointType": "Interface", - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCEndpoint", }, - "NetworkingVpcSsmMessagesEndpointSecurityGroup4F815FEB": Object { - "Properties": Object { + "NetworkingVpcSsmMessagesEndpointSecurityGroup4F815FEB": { + "Properties": { "GroupDescription": "Dev-BLEAEc2App/Networking/Vpc/SsmMessagesEndpoint/SecurityGroup", - "SecurityGroupEgress": Array [ - Object { + "SecurityGroupEgress": [ + { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": Object { - "Fn::GetAtt": Array [ + "SecurityGroupIngress": [ + { + "CidrIp": { + "Fn::GetAtt": [ "NetworkingVpc6B5E6F44", "CidrBlock", ], }, - "Description": Object { - "Fn::Join": Array [ + "Description": { + "Fn::Join": [ "", - Array [ + [ "from ", - Object { - "Fn::GetAtt": Array [ + { + "Fn::GetAtt": [ "NetworkingVpc6B5E6F44", "CidrBlock", ], @@ -1923,46 +1935,46 @@ sudo yum -y install mariadb", "ToPort": 443, }, ], - "Tags": Array [ - Object { + "Tags": [ + { "Key": "Name", "Value": "Dev-BLEAEc2App/Networking/Vpc", }, ], - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::SecurityGroup", }, - "NetworkingVpcVPCGW12E561D8": Object { - "Properties": Object { - "InternetGatewayId": Object { + "NetworkingVpcVPCGW12E561D8": { + "Properties": { + "InternetGatewayId": { "Ref": "NetworkingVpcIGW21218DAB", }, - "VpcId": Object { + "VpcId": { "Ref": "NetworkingVpc6B5E6F44", }, }, "Type": "AWS::EC2::VPCGatewayAttachment", }, }, - "Rules": Object { - "CheckBootstrapVersion": Object { - "Assertions": Array [ - Object { - "Assert": Object { - "Fn::Not": Array [ - Object { - "Fn::Contains": Array [ - Array [ + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ "1", "2", "3", "4", "5", ], - Object { + { "Ref": "BootstrapVersion", }, ], From 6491979cbe4294f91f766400fbd037a50911735c Mon Sep 17 00:00:00 2001 From: Yozo Suzuki Date: Thu, 14 Dec 2023 17:45:17 +0900 Subject: [PATCH 6/6] modify snapshots --- .../blea-gov-base-standalone.test.ts.snap | 1286 ++++++------ ...ea-guest-apiapp-nodejs-sample.test.ts.snap | 1865 +++++++++-------- 2 files changed, 1576 insertions(+), 1575 deletions(-) diff --git a/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap b/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap index 6d662d766..9d9bcb205 100644 --- a/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap +++ b/usecases/blea-gov-base-standalone/test/__snapshots__/blea-gov-base-standalone.test.ts.snap @@ -1,27 +1,27 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for BLEAGovBaseStandalone Stack 1`] = ` -Object { - "Outputs": Object { - "ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152": Object { - "Export": Object { +{ + "Outputs": { + "ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152": { + "Export": { "Name": "Dev-BLEABaseStandalone:ExportsOutputRefDetectionAlarmTopic36C4BB557D18D152", }, - "Value": Object { + "Value": { "Ref": "DetectionAlarmTopic36C4BB55", }, }, }, - "Parameters": Object { - "BootstrapVersion": Object { + "Parameters": { + "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": Object { - "CheckForEbsOptimizedInstance": Object { - "DependsOn": Array [ + "Resources": { + "CheckForEbsOptimizedInstance": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -38,23 +38,23 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForEbsOptimizedInstance", "Description": "Disallow launch of EC2 instance types that are not EBS-optimized - Checks whether EBS optimization is enabled for your EC2 instances that can be EBS-optimized", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::EC2::Instance", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "EBS_OPTIMIZED_INSTANCE", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForEc2VolumesInUse": Object { - "DependsOn": Array [ + "CheckForEc2VolumesInUse": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -71,26 +71,26 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForEc2VolumesInUs", "Description": "Disallow EBS volumes that are unattached to an EC2 instance - Checks whether EBS volumes are attached to EC2 instances", - "InputParameters": Object { + "InputParameters": { "deleteOnTermination": true, }, - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::EC2::Volume", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "EC2_VOLUME_INUSE_CHECK", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForEncryptedVolumes": Object { - "DependsOn": Array [ + "CheckForEncryptedVolumes": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -107,23 +107,23 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForEncryptedVolumes", "Description": "Enable encryption for EBS volumes attached to EC2 instances - Checks whether EBS volumes that are in an attached state are encrypted.", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::EC2::Volume", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "ENCRYPTED_VOLUMES", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForIAMUserConsoleMFA": Object { - "DependsOn": Array [ + "CheckForIAMUserConsoleMFA": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -140,19 +140,19 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForIAMUserConsoleMFA", "Description": "Disallow console access to IAM users without MFA - Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all AWS Identity and Access Management (IAM) users that use a console password. The rule is COMPLIANT if MFA is enabled.", "MaximumExecutionFrequency": "One_Hour", - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForIAMUserMFA": Object { - "DependsOn": Array [ + "CheckForIAMUserMFA": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -169,19 +169,19 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForIAMUserMFA", "Description": "Disallow access to IAM users without MFA - Checks whether the AWS Identity and Access Management users have multi-factor authentication (MFA) enabled. The rule is COMPLIANT if MFA is enabled.", "MaximumExecutionFrequency": "One_Hour", - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "IAM_USER_MFA_ENABLED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForPublicRdsSnapshots": Object { - "DependsOn": Array [ + "CheckForPublicRdsSnapshots": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -198,23 +198,23 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForPublicRdsSnapshots", "Description": "Disallow public access to RDS database snapshots - Checks if Amazon Relational Database Service (Amazon RDS) snapshots are public. The rule is non-compliant if any existing and new Amazon RDS snapshots are public.", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::RDS::DBSnapshot", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "RDS_SNAPSHOTS_PUBLIC_PROHIBITED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForRdsPublicAccess": Object { - "DependsOn": Array [ + "CheckForRdsPublicAccess": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -231,23 +231,23 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForRdsPublicAccess", "Description": "Disallow public access to RDS database instances - Checks whether the Amazon Relational Database Service (RDS) instances are not publicly accessible. The rule is non-compliant if the publiclyAccessible field is true in the instance configuration item.", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::RDS::DBInstance", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "RDS_INSTANCE_PUBLIC_ACCESS_CHECK", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForRdsStorageEncryption": Object { - "DependsOn": Array [ + "CheckForRdsStorageEncryption": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -264,23 +264,23 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForRdsStorageEncryption", "Description": "Disallow RDS database instances that are not storage encrypted - Checks whether storage encryption is enabled for your RDS DB instances.", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::RDS::DBInstance", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "RDS_STORAGE_ENCRYPTED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForRestrictedCommonPortsPolicy": Object { - "DependsOn": Array [ + "CheckForRestrictedCommonPortsPolicy": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -297,30 +297,30 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForRestrictedCommonPortsPolicy", "Description": "Disallow internet connection through RDP - Checks whether security groups that are in use disallow unrestricted incoming TCP traffic to the specified ports.", - "InputParameters": Object { + "InputParameters": { "blockedPort1": 20, "blockedPort2": 21, "blockedPort3": 3389, "blockedPort4": 3306, "blockedPort5": 4333, }, - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::EC2::SecurityGroup", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "RESTRICTED_INCOMING_TRAFFIC", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForRestrictedSshPolicy": Object { - "DependsOn": Array [ + "CheckForRestrictedSshPolicy": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -337,23 +337,23 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForRestrictedSshPolicy", "Description": "Disallow internet connection through SSH - Checks whether security groups that are in use disallow unrestricted incoming SSH traffic.", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::EC2::SecurityGroup", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "INCOMING_SSH_DISABLED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForRootMfa": Object { - "DependsOn": Array [ + "CheckForRootMfa": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -370,19 +370,19 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForRootMfa", "Description": "Enable MFA for the root user - Checks whether the root user of your AWS account requires multi-factor authentication for console sign-in.", "MaximumExecutionFrequency": "One_Hour", - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "ROOT_ACCOUNT_MFA_ENABLED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForS3PublicRead": Object { - "DependsOn": Array [ + "CheckForS3PublicRead": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -399,23 +399,23 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForS3PublicRead", "Description": "Disallow public read access to S3 buckets - Checks that your S3 buckets do not allow public read access. If an S3 bucket policy or bucket ACL allows public read access, the bucket is noncompliant.", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::S3::Bucket", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "S3_BUCKET_PUBLIC_READ_PROHIBITED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForS3PublicWrite": Object { - "DependsOn": Array [ + "CheckForS3PublicWrite": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -432,23 +432,23 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForS3PublicWrite", "Description": "Disallow public write access to S3 buckets - Checks that your S3 buckets do not allow public write access. If an S3 bucket policy or bucket ACL allows public write access, the bucket is noncompliant.", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::S3::Bucket", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "S3_BUCKET_PUBLIC_WRITE_PROHIBITED", }, }, "Type": "AWS::Config::ConfigRule", }, - "CheckForS3VersioningEnabled": Object { - "DependsOn": Array [ + "CheckForS3VersioningEnabled": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -465,23 +465,23 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "CheckForS3VersioningEnabled", "Description": "Disallow S3 buckets that are not versioning enabled - Checks whether versioning is enabled for your S3 buckets.", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::S3::Bucket", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "S3_BUCKET_VERSIONING_ENABLED", }, }, "Type": "AWS::Config::ConfigRule", }, - "DetectionAlarmTopic36C4BB55": Object { - "DependsOn": Array [ + "DetectionAlarmTopic36C4BB55": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -500,8 +500,8 @@ Object { ], "Type": "AWS::SNS::Topic", }, - "DetectionAlarmTopicPolicyDEB08BF4": Object { - "DependsOn": Array [ + "DetectionAlarmTopicPolicyDEB08BF4": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -518,27 +518,27 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { + "Properties": { + "PolicyDocument": { + "Statement": [ + { "Action": "sns:Publish", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudwatch.amazonaws.com", }, - "Resource": Object { + "Resource": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Sid": "0", }, - Object { + { "Action": "sns:Publish", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "events.amazonaws.com", }, - "Resource": Object { + "Resource": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Sid": "1", @@ -546,16 +546,16 @@ Object { ], "Version": "2012-10-17", }, - "Topics": Array [ - Object { + "Topics": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], }, "Type": "AWS::SNS::TopicPolicy", }, - "DetectionAwsHealthEventRule6825AFCC": Object { - "DependsOn": Array [ + "DetectionAwsHealthEventRule6825AFCC": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -572,20 +572,20 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "Description": "Notify AWS Health event", - "EventPattern": Object { - "detail-type": Array [ + "EventPattern": { + "detail-type": [ "AWS Health Event", ], - "source": Array [ + "source": [ "aws.health", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -594,8 +594,8 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionCloudTrailChangeEventRuleA526075C": Object { - "DependsOn": Array [ + "DetectionCloudTrailChangeEventRuleA526075C": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -612,27 +612,27 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "Description": "Notify to change on CloudTrail log configuration", - "EventPattern": Object { - "detail": Object { - "eventName": Array [ + "EventPattern": { + "detail": { + "eventName": [ "StopLogging", "DeleteTrail", "UpdateTrail", ], - "eventSource": Array [ + "eventSource": [ "cloudtrail.amazonaws.com", ], }, - "detail-type": Array [ + "detail-type": [ "AWS API Call via CloudTrail", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -641,8 +641,8 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionDefaultSgClosedEventRuleFB96D536": Object { - "DependsOn": Array [ + "DetectionDefaultSgClosedEventRuleFB96D536": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -659,30 +659,30 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "Description": "CloudWatch Event Rule to send notification on Config Rule compliance changes.", - "EventPattern": Object { - "detail": Object { - "configRuleName": Array [ + "EventPattern": { + "detail": { + "configRuleName": [ "bb-default-security-group-closed", ], - "newEvaluationResult": Object { - "complianceType": Array [ + "newEvaluationResult": { + "complianceType": [ "NON_COMPLIANT", ], }, }, - "detail-type": Array [ + "detail-type": [ "Config Rules Compliance Change", ], - "source": Array [ + "source": [ "aws.config", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -691,8 +691,8 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionDefaultSgClosedRuleFED7310D": Object { - "DependsOn": Array [ + "DetectionDefaultSgClosedRuleFED7310D": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -709,23 +709,23 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ConfigRuleName": "bb-default-security-group-closed", "Description": "Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not allow inbound or outbound traffic. The rule is non-compliant if the default security group has one or more inbound or outbound traffic.", - "Scope": Object { - "ComplianceResourceTypes": Array [ + "Scope": { + "ComplianceResourceTypes": [ "AWS::EC2::SecurityGroup", ], }, - "Source": Object { + "Source": { "Owner": "AWS", "SourceIdentifier": "VPC_DEFAULT_SECURITY_GROUP_CLOSED", }, }, "Type": "AWS::Config::ConfigRule", }, - "DetectionDefaultSgRemediation21C0DB33": Object { - "DependsOn": Array [ + "DetectionDefaultSgRemediation21C0DB33": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -742,18 +742,18 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "Automatic": true, - "ConfigRuleName": Object { + "ConfigRuleName": { "Ref": "DetectionDefaultSgClosedRuleFED7310D", }, "MaximumAutomaticAttempts": 5, - "Parameters": Object { - "AutomationAssumeRole": Object { - "StaticValue": Object { - "Values": Array [ - Object { - "Fn::GetAtt": Array [ + "Parameters": { + "AutomationAssumeRole": { + "StaticValue": { + "Values": [ + { + "Fn::GetAtt": [ "DetectionDefaultSgRemediationRoleAEF5626C", "Arn", ], @@ -761,8 +761,8 @@ Object { ], }, }, - "GroupId": Object { - "ResourceValue": Object { + "GroupId": { + "ResourceValue": { "Value": "RESOURCE_ID", }, }, @@ -774,8 +774,8 @@ Object { }, "Type": "AWS::Config::RemediationConfiguration", }, - "DetectionDefaultSgRemediationRoleAEF5626C": Object { - "DependsOn": Array [ + "DetectionDefaultSgRemediationRoleAEF5626C": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -792,28 +792,28 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ssm.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ + "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole", ], "Path": "/", }, "Type": "AWS::IAM::Role", }, - "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE": Object { - "DependsOn": Array [ + "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -830,11 +830,11 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:DescribeSecurityGroups", @@ -842,17 +842,17 @@ Object { "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "iam:PassRole", "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "DetectionDefaultSgRemediationRoleAEF5626C", "Arn", ], }, }, - Object { + { "Action": "ssm:StartAutomationExecution", "Effect": "Allow", "Resource": "arn:aws:ssm:::automation-definition/AWSConfigRemediation-RemoveVPCDefaultSecurityGroupRules", @@ -861,16 +861,16 @@ Object { "Version": "2012-10-17", }, "PolicyName": "DetectionDefaultSgRemediationRoleDefaultPolicy87C90FDE", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "DetectionDefaultSgRemediationRoleAEF5626C", }, ], }, "Type": "AWS::IAM::Policy", }, - "DetectionGuardDutyDetector43B5BAA7": Object { - "DependsOn": Array [ + "DetectionGuardDutyDetector43B5BAA7": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -887,13 +887,13 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "Enable": true, }, "Type": "AWS::GuardDuty::Detector", }, - "DetectionGuardDutyEventRule60AAD2D7": Object { - "DependsOn": Array [ + "DetectionGuardDutyEventRule60AAD2D7": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -910,11 +910,11 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "Description": "CloudWatch Event Rule to send notification on GuardDuty findings.", - "EventPattern": Object { - "detail": Object { - "severity": Array [ + "EventPattern": { + "detail": { + "severity": [ 4, 4, 4.1, @@ -972,17 +972,17 @@ Object { 8.9, ], }, - "detail-type": Array [ + "detail-type": [ "GuardDuty Finding", ], - "source": Array [ + "source": [ "aws.guardduty", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -991,8 +991,8 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionIAMPolicyChangeAlarm7DBC7A65": Object { - "DependsOn": Array [ + "DetectionIAMPolicyChangeAlarm7DBC7A65": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1009,10 +1009,10 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -1028,8 +1028,8 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionIAMPolicyChangeFilterA31FCC40": Object { - "DependsOn": Array [ + "DetectionIAMPolicyChangeFilterA31FCC40": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1046,13 +1046,13 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "FilterPattern": "{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}", - "LogGroupName": Object { + "LogGroupName": { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": Array [ - Object { + "MetricTransformations": [ + { "MetricName": "IAMPolicyEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -1061,8 +1061,8 @@ Object { }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionNetworkAclChangeEventRuleE99FF49F": Object { - "DependsOn": Array [ + "DetectionNetworkAclChangeEventRuleE99FF49F": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1079,11 +1079,11 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "Description": "Notify to create, update or delete a Network ACL.", - "EventPattern": Object { - "detail": Object { - "eventName": Array [ + "EventPattern": { + "detail": { + "eventName": [ "CreateNetworkAcl", "CreateNetworkAclEntry", "DeleteNetworkAcl", @@ -1091,21 +1091,21 @@ Object { "ReplaceNetworkAclEntry", "ReplaceNetworkAclAssociation", ], - "eventSource": Array [ + "eventSource": [ "ec2.amazonaws.com", ], }, - "detail-type": Array [ + "detail-type": [ "AWS API Call via CloudTrail", ], - "source": Array [ + "source": [ "aws.ec2", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -1114,8 +1114,8 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionNewAccessKeyCreatedAlarm00969636": Object { - "DependsOn": Array [ + "DetectionNewAccessKeyCreatedAlarm00969636": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1132,10 +1132,10 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -1151,8 +1151,8 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionNewAccessKeyCreatedFilter011F7D99": Object { - "DependsOn": Array [ + "DetectionNewAccessKeyCreatedFilter011F7D99": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1169,13 +1169,13 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "FilterPattern": "{($.eventName=CreateAccessKey)}", - "LogGroupName": Object { + "LogGroupName": { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": Array [ - Object { + "MetricTransformations": [ + { "MetricName": "NewAccessKeyCreatedEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -1184,8 +1184,8 @@ Object { }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionRootUserActivityAlarm4B9356FC": Object { - "DependsOn": Array [ + "DetectionRootUserActivityAlarm4B9356FC": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1202,10 +1202,10 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -1221,8 +1221,8 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionRootUserActivityFilter5C9C4989": Object { - "DependsOn": Array [ + "DetectionRootUserActivityFilter5C9C4989": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1239,13 +1239,13 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { - "FilterPattern": "{$.userIdentity.type=\\"Root\\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !=\\"AwsServiceEvent\\"}", - "LogGroupName": Object { + "Properties": { + "FilterPattern": "{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}", + "LogGroupName": { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": Array [ - Object { + "MetricTransformations": [ + { "MetricName": "RootUserPolicyEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -1254,8 +1254,8 @@ Object { }, "Type": "AWS::Logs::MetricFilter", }, - "DetectionSecurityAlarmEmail872B09F1": Object { - "DependsOn": Array [ + "DetectionSecurityAlarmEmail872B09F1": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1272,17 +1272,17 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "Endpoint": "notify-security@example.com", "Protocol": "email", - "TopicArn": Object { + "TopicArn": { "Ref": "DetectionAlarmTopic36C4BB55", }, }, "Type": "AWS::SNS::Subscription", }, - "DetectionSecurityHub0FF05D88": Object { - "DependsOn": Array [ + "DetectionSecurityHub0FF05D88": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1301,8 +1301,8 @@ Object { ], "Type": "AWS::SecurityHub::Hub", }, - "DetectionSecurityHubEventRule95BEBD4F": Object { - "DependsOn": Array [ + "DetectionSecurityHubEventRule95BEBD4F": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1319,44 +1319,44 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "Description": "CloudWatch Event Rule to send notification on SecurityHub all new findings and all updates.", - "EventPattern": Object { - "detail": Object { - "findings": Object { - "Compliance": Object { - "Status": Array [ + "EventPattern": { + "detail": { + "findings": { + "Compliance": { + "Status": [ "FAILED", ], }, - "RecordState": Array [ + "RecordState": [ "ACTIVE", ], - "Severity": Object { - "Label": Array [ + "Severity": { + "Label": [ "CRITICAL", "HIGH", ], }, - "Workflow": Object { - "Status": Array [ + "Workflow": { + "Status": [ "NEW", "NOTIFIED", ], }, }, }, - "detail-type": Array [ + "detail-type": [ "Security Hub Findings - Imported", ], - "source": Array [ + "source": [ "aws.securityhub", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -1365,8 +1365,8 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionSecurityHubRoleDBC68A4D": Object { - "DependsOn": Array [ + "DetectionSecurityHubRoleDBC68A4D": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1383,13 +1383,13 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "AWSServiceName": "securityhub.amazonaws.com", }, "Type": "AWS::IAM::ServiceLinkedRole", }, - "DetectionSgChangedEventRule80666B19": Object { - "DependsOn": Array [ + "DetectionSgChangedEventRule80666B19": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1406,31 +1406,31 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "Description": "Notify to create, update or delete a Security Group.", - "EventPattern": Object { - "detail": Object { - "eventName": Array [ + "EventPattern": { + "detail": { + "eventName": [ "AuthorizeSecurityGroupIngress", "AuthorizeSecurityGroupEgress", "RevokeSecurityGroupIngress", "RevokeSecurityGroupEgress", ], - "eventSource": Array [ + "eventSource": [ "ec2.amazonaws.com", ], }, - "detail-type": Array [ + "detail-type": [ "AWS API Call via CloudTrail", ], - "source": Array [ + "source": [ "aws.ec2", ], }, "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { + "Targets": [ + { + "Arn": { "Ref": "DetectionAlarmTopic36C4BB55", }, "Id": "Target0", @@ -1439,8 +1439,8 @@ Object { }, "Type": "AWS::Events::Rule", }, - "DetectionUnauthorizedAttemptsAlarmB897676B": Object { - "DependsOn": Array [ + "DetectionUnauthorizedAttemptsAlarmB897676B": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1457,10 +1457,10 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], @@ -1476,8 +1476,8 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "DetectionUnauthorizedAttemptsFilterCA20EEAA": Object { - "DependsOn": Array [ + "DetectionUnauthorizedAttemptsFilterCA20EEAA": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrail44E92DB9", @@ -1494,13 +1494,13 @@ Object { "LoggingConfigRecorderFC55B19F", "LoggingConfigRole0E4FDF1F", ], - "Properties": Object { - "FilterPattern": "{($.errorCode = \\"*UnauthorizedOperation\\" || $.errorCode = \\"AccessDenied*\\") && ($.eventName != \\"Decrypt\\" || $.userIdentity.invokedBy != \\"config.amazonaws.com\\" )}", - "LogGroupName": Object { + "Properties": { + "FilterPattern": "{($.errorCode = "*UnauthorizedOperation" || $.errorCode = "AccessDenied*") && ($.eventName != "Decrypt" || $.userIdentity.invokedBy != "config.amazonaws.com" )}", + "LogGroupName": { "Ref": "LoggingCloudTrailLogGroupEFC12822", }, - "MetricTransformations": Array [ - Object { + "MetricTransformations": [ + { "MetricName": "UnauthorizedAttemptsEventCount", "MetricNamespace": "CloudTrailMetrics", "MetricValue": "1", @@ -1509,39 +1509,39 @@ Object { }, "Type": "AWS::Logs::MetricFilter", }, - "IamIamAdminGroup25000CB5": Object { - "Properties": Object { - "ManagedPolicyArns": Array [ - Object { + "IamIamAdminGroup25000CB5": { + "Properties": { + "ManagedPolicyArns": [ + { "Ref": "IamIamAdminPolicy7A593281", }, ], }, "Type": "AWS::IAM::Group", }, - "IamIamAdminPolicy7A593281": Object { - "Properties": Object { + "IamIamAdminPolicy7A593281": { + "Properties": { "Description": "", "Path": "/", - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "iam:*", - "Condition": Object { - "Bool": Object { + "Condition": { + "Bool": { "aws:MultiFactorAuthPresent": "true", }, }, "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "account:GetAccountInformation", "billing:GetBillingData", "billing:GetBillingDetails", @@ -1629,66 +1629,66 @@ Object { }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamIamAdminRole4B2B80CC": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "IamIamAdminRole4B2B80CC": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { + "ManagedPolicyArns": [ + { "Ref": "IamIamAdminPolicy7A593281", }, ], }, "Type": "AWS::IAM::Role", }, - "IamInstanceOpsGroup05587F7C": Object { - "Properties": Object { - "ManagedPolicyArns": Array [ - Object { + "IamInstanceOpsGroup05587F7C": { + "Properties": { + "ManagedPolicyArns": [ + { "Ref": "IamInstanceOpsPolicy3A664659", }, ], }, "Type": "AWS::IAM::Group", }, - "IamInstanceOpsPolicy3A664659": Object { - "Properties": Object { + "IamInstanceOpsPolicy3A664659": { + "Properties": { "Description": "", "Path": "/", - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "ec2:*", "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "elasticloadbalancing:*", "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "cloudwatch:*", "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "autoscaling:*", "Effect": "Allow", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "ec2:CreateVpc*", "ec2:DeleteVpc*", "ec2:ModifyVpc*", @@ -1712,13 +1712,13 @@ Object { "Effect": "Deny", "Resource": "*", }, - Object { + { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "account:GetAccountInformation", "billing:GetBillingData", "billing:GetBillingDetails", @@ -1800,8 +1800,8 @@ Object { "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Create*", "kms:Revoke*", "kms:Enable*", @@ -1820,46 +1820,46 @@ Object { }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamInstanceOpsRole580371E4": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "IamInstanceOpsRole580371E4": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { + "ManagedPolicyArns": [ + { "Ref": "IamInstanceOpsPolicy3A664659", }, ], }, "Type": "AWS::IAM::Role", }, - "IamReadOnlyAdminGroupEA35CD95": Object { - "Properties": Object { - "ManagedPolicyArns": Array [ - Object { + "IamReadOnlyAdminGroupEA35CD95": { + "Properties": { + "ManagedPolicyArns": [ + { "Ref": "IamReadOnlyAdminPolicyB7107EA2", }, ], }, "Type": "AWS::IAM::Group", }, - "IamReadOnlyAdminPolicyB7107EA2": Object { - "Properties": Object { + "IamReadOnlyAdminPolicyB7107EA2": { + "Properties": { "Description": "", "Path": "/", - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "PolicyDocument": { + "Statement": [ + { + "Action": [ "appstream:Get*", "autoscaling:Describe*", "cloudformation:DescribeStacks", @@ -1924,13 +1924,13 @@ Object { "Effect": "Allow", "Resource": "*", }, - Object { + { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "account:GetAccountInformation", "billing:GetBillingData", "billing:GetBillingDetails", @@ -2018,47 +2018,47 @@ Object { }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamReadOnlyAdminRoleD519CCF3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "IamReadOnlyAdminRoleD519CCF3": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { + "ManagedPolicyArns": [ + { "Ref": "IamReadOnlyAdminPolicyB7107EA2", }, ], }, "Type": "AWS::IAM::Role", }, - "IamSysAdminGroup3543FAD1": Object { - "Properties": Object { - "ManagedPolicyArns": Array [ - Object { + "IamSysAdminGroup3543FAD1": { + "Properties": { + "ManagedPolicyArns": [ + { "Ref": "IamSysAdminPolicy03754AB3", }, ], }, "Type": "AWS::IAM::Group", }, - "IamSysAdminPolicy03754AB3": Object { - "Properties": Object { + "IamSysAdminPolicy03754AB3": { + "Properties": { "Description": "", "Path": "/", - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Condition": Object { - "Bool": Object { + "PolicyDocument": { + "Statement": [ + { + "Condition": { + "Bool": { "aws:MultiFactorAuthPresent": "true", }, }, @@ -2066,13 +2066,13 @@ Object { "NotAction": "iam:*", "Resource": "*", }, - Object { + { "Action": "aws-portal:*Billing", "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "account:GetAccountInformation", "billing:GetBillingData", "billing:GetBillingDetails", @@ -2154,8 +2154,8 @@ Object { "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "cloudtrail:DeleteTrail", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail", @@ -2163,8 +2163,8 @@ Object { "Effect": "Deny", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Create*", "kms:Revoke*", "kms:Enable*", @@ -2183,84 +2183,84 @@ Object { }, "Type": "AWS::IAM::ManagedPolicy", }, - "IamSysAdminRoleB0EE4AA6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "IamSysAdminRoleB0EE4AA6": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "ec2.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { + "ManagedPolicyArns": [ + { "Ref": "IamSysAdminPolicy03754AB3", }, ], }, "Type": "AWS::IAM::Role", }, - "LoggingCloudTrail44E92DB9": Object { - "DependsOn": Array [ + "LoggingCloudTrail44E92DB9": { + "DependsOn": [ "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", "LoggingCloudTrailLogsRoleE1DD6030", "LoggingCloudTrailBucketPolicy4004472F", ], - "Properties": Object { - "CloudWatchLogsLogGroupArn": Object { - "Fn::GetAtt": Array [ + "Properties": { + "CloudWatchLogsLogGroupArn": { + "Fn::GetAtt": [ "LoggingCloudTrailLogGroupEFC12822", "Arn", ], }, - "CloudWatchLogsRoleArn": Object { - "Fn::GetAtt": Array [ + "CloudWatchLogsRoleArn": { + "Fn::GetAtt": [ "LoggingCloudTrailLogsRoleE1DD6030", "Arn", ], }, "EnableLogFileValidation": true, - "EventSelectors": Array [], + "EventSelectors": [], "IncludeGlobalServiceEvents": true, "IsLogging": true, "IsMultiRegionTrail": true, - "KMSKeyId": Object { - "Fn::GetAtt": Array [ + "KMSKeyId": { + "Fn::GetAtt": [ "LoggingCloudTrailKey43327553", "Arn", ], }, - "S3BucketName": Object { + "S3BucketName": { "Ref": "LoggingCloudTrailBucket7560781D", }, }, "Type": "AWS::CloudTrail::Trail", }, - "LoggingCloudTrailAccessLogBucketA7B773C8": Object { + "LoggingCloudTrailAccessLogBucketA7B773C8": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { + "LifecycleConfiguration": { + "Rules": [ + { "ExpirationInDays": 2555, "Status": "Enabled", - "Transitions": Array [ - Object { + "Transitions": [ + { "StorageClass": "GLACIER", "TransitionInDays": 90, }, @@ -2268,57 +2268,57 @@ Object { }, ], }, - "OwnershipControls": Object { - "Rules": Array [ - Object { + "OwnershipControls": { + "Rules": [ + { "ObjectOwnership": "ObjectWriter", }, ], }, - "PublicAccessBlockConfiguration": Object { + "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, - "VersioningConfiguration": Object { + "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailAccessLogBucketPolicyE58866E2": Object { - "Properties": Object { - "Bucket": Object { + "LoggingCloudTrailAccessLogBucketPolicyE58866E2": { + "Properties": { + "Bucket": { "Ref": "LoggingCloudTrailAccessLogBucketA7B773C8", }, - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "s3:*", - "Condition": Object { - "Bool": Object { + "Condition": { + "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], @@ -2329,18 +2329,18 @@ Object { }, ], }, - Object { + { "Action": "s3:Delete*", "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingCloudTrailAccessLogBucketA7B773C8", "Arn", ], @@ -2357,60 +2357,60 @@ Object { }, "Type": "AWS::S3::BucketPolicy", }, - "LoggingCloudTrailBucket7560781D": Object { + "LoggingCloudTrailBucket7560781D": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "AccessControl": "Private", - "LoggingConfiguration": Object { - "DestinationBucketName": Object { + "LoggingConfiguration": { + "DestinationBucketName": { "Ref": "LoggingCloudTrailAccessLogBucketA7B773C8", }, "LogFilePrefix": "cloudtraillogs", }, - "PublicAccessBlockConfiguration": Object { + "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, - "VersioningConfiguration": Object { + "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailBucketPolicy4004472F": Object { - "Properties": Object { - "Bucket": Object { + "LoggingCloudTrailBucketPolicy4004472F": { + "Properties": { + "Bucket": { "Ref": "LoggingCloudTrailBucket7560781D", }, - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "s3:*", - "Condition": Object { - "Bool": Object { + "Condition": { + "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingCloudTrailBucket7560781D", "Arn", ], @@ -2421,18 +2421,18 @@ Object { }, ], }, - Object { + { "Action": "s3:Delete*", "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingCloudTrailBucket7560781D", "Arn", ], @@ -2443,42 +2443,42 @@ Object { }, "Sid": "Restrict Delete* Actions", }, - Object { + { "Action": "s3:GetBucketAcl", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudtrail.amazonaws.com", }, - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, }, - Object { + { "Action": "s3:PutObject", - "Condition": Object { - "StringEquals": Object { + "Condition": { + "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control", }, }, "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudtrail.amazonaws.com", }, - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingCloudTrailBucket7560781D", "Arn", ], }, "/AWSLogs/", - Object { + { "Ref": "AWS::AccountId", }, "/*", @@ -2492,27 +2492,27 @@ Object { }, "Type": "AWS::S3::BucketPolicy", }, - "LoggingCloudTrailKey43327553": Object { + "LoggingCloudTrailKey43327553": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "Description": "BLEA Governance Base: CMK for CloudTrail", "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { + "KeyPolicy": { + "Statement": [ + { "Action": "kms:*", "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ + "Principal": { + "AWS": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":root", @@ -2522,17 +2522,17 @@ Object { }, "Resource": "*", }, - Object { + { "Action": "kms:GenerateDataKey*", - "Condition": Object { - "StringLike": Object { - "kms:EncryptionContext:aws:cloudtrail:arn": Array [ - Object { - "Fn::Join": Array [ + "Condition": { + "StringLike": { + "kms:EncryptionContext:aws:cloudtrail:arn": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:aws:cloudtrail:*:", - Object { + { "Ref": "AWS::AccountId", }, ":trail/*", @@ -2543,38 +2543,38 @@ Object { }, }, "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudtrail.amazonaws.com", }, "Resource": "*", }, - Object { + { "Action": "kms:DescribeKey", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudtrail.amazonaws.com", }, "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Decrypt", "kms:ReEncryptFrom", ], - "Condition": Object { - "StringEquals": Object { - "kms:CallerAccount": Object { + "Condition": { + "StringEquals": { + "kms:CallerAccount": { "Ref": "AWS::AccountId", }, }, - "StringLike": Object { - "kms:EncryptionContext:aws:cloudtrail:arn": Array [ - Object { - "Fn::Join": Array [ + "StringLike": { + "kms:EncryptionContext:aws:cloudtrail:arn": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:aws:cloudtrail:*:", - Object { + { "Ref": "AWS::AccountId", }, ":trail/*", @@ -2585,31 +2585,31 @@ Object { }, }, "Effect": "Allow", - "Principal": Object { + "Principal": { "AWS": "*", }, "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*", ], - "Condition": Object { - "ArnEquals": Object { - "kms:EncryptionContext:aws:logs:arn": Object { - "Fn::Join": Array [ + "Condition": { + "ArnEquals": { + "kms:EncryptionContext:aws:logs:arn": { + "Fn::Join": [ "", - Array [ + [ "arn:aws:logs:", - Object { + { "Ref": "AWS::Region", }, ":", - Object { + { "Ref": "AWS::AccountId", }, ":log-group:*", @@ -2619,17 +2619,17 @@ Object { }, }, "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ + "Principal": { + "Service": { + "Fn::Join": [ "", - Array [ + [ "logs.", - Object { + { "Ref": "AWS::Region", }, ".", - Object { + { "Ref": "AWS::URLSuffix", }, ], @@ -2645,11 +2645,11 @@ Object { "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailKeyAlias65A5FEEA": Object { - "Properties": Object { + "LoggingCloudTrailKeyAlias65A5FEEA": { + "Properties": { "AliasName": "alias/DevBLEABaseStandaloneLogging7164FEBB", - "TargetKeyId": Object { - "Fn::GetAtt": Array [ + "TargetKeyId": { + "Fn::GetAtt": [ "LoggingCloudTrailKey43327553", "Arn", ], @@ -2657,11 +2657,11 @@ Object { }, "Type": "AWS::KMS::Alias", }, - "LoggingCloudTrailLogGroupEFC12822": Object { + "LoggingCloudTrailLogGroupEFC12822": { "DeletionPolicy": "Retain", - "Properties": Object { - "KmsKeyId": Object { - "Fn::GetAtt": Array [ + "Properties": { + "KmsKeyId": { + "Fn::GetAtt": [ "LoggingCloudTrailKey43327553", "Arn", ], @@ -2671,18 +2671,18 @@ Object { "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, - "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "logs:PutLogEvents", "logs:CreateLogStream", ], "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "LoggingCloudTrailLogGroupEFC12822", "Arn", ], @@ -2692,22 +2692,22 @@ Object { "Version": "2012-10-17", }, "PolicyName": "LoggingCloudTrailLogsRoleDefaultPolicy7A5B650C", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "LoggingCloudTrailLogsRoleE1DD6030", }, ], }, "Type": "AWS::IAM::Policy", }, - "LoggingCloudTrailLogsRoleE1DD6030": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "LoggingCloudTrailLogsRoleE1DD6030": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudtrail.amazonaws.com", }, }, @@ -2717,63 +2717,63 @@ Object { }, "Type": "AWS::IAM::Role", }, - "LoggingConfigBucket139B5174": Object { + "LoggingConfigBucket139B5174": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "AccessControl": "Private", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, - "PublicAccessBlockConfiguration": Object { + "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, - "VersioningConfiguration": Object { + "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, - "LoggingConfigBucketPolicy66A7F5E7": Object { - "Properties": Object { - "Bucket": Object { + "LoggingConfigBucketPolicy66A7F5E7": { + "Properties": { + "Bucket": { "Ref": "LoggingConfigBucket139B5174", }, - "PolicyDocument": Object { - "Statement": Array [ - Object { + "PolicyDocument": { + "Statement": [ + { "Action": "s3:*", - "Condition": Object { - "Bool": Object { + "Condition": { + "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", - "Principal": Object { + "Principal": { "AWS": "*", }, - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "LoggingConfigBucket139B5174", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingConfigBucket139B5174", "Arn", ], @@ -2784,52 +2784,52 @@ Object { }, ], }, - Object { + { "Action": "s3:GetBucketAcl", "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ + "Principal": { + "AWS": { + "Fn::GetAtt": [ "LoggingConfigRole0E4FDF1F", "Arn", ], }, }, - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "LoggingConfigBucket139B5174", "Arn", ], }, }, - Object { + { "Action": "s3:PutObject", - "Condition": Object { - "StringEquals": Object { + "Condition": { + "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control", }, }, "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ + "Principal": { + "AWS": { + "Fn::GetAtt": [ "LoggingConfigRole0E4FDF1F", "Arn", ], }, }, - "Resource": Object { - "Fn::Join": Array [ + "Resource": { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "LoggingConfigBucket139B5174", "Arn", ], }, "/AWSLogs/", - Object { + { "Ref": "AWS::AccountId", }, "/Config/*", @@ -2843,22 +2843,22 @@ Object { }, "Type": "AWS::S3::BucketPolicy", }, - "LoggingConfigDeliveryChannel44B4762B": Object { - "Properties": Object { - "S3BucketName": Object { + "LoggingConfigDeliveryChannel44B4762B": { + "Properties": { + "S3BucketName": { "Ref": "LoggingConfigBucket139B5174", }, }, "Type": "AWS::Config::DeliveryChannel", }, - "LoggingConfigRecorderFC55B19F": Object { - "Properties": Object { - "RecordingGroup": Object { + "LoggingConfigRecorderFC55B19F": { + "Properties": { + "RecordingGroup": { "AllSupported": true, "IncludeGlobalResourceTypes": true, }, - "RoleARN": Object { - "Fn::GetAtt": Array [ + "RoleARN": { + "Fn::GetAtt": [ "LoggingConfigRole0E4FDF1F", "Arn", ], @@ -2866,27 +2866,27 @@ Object { }, "Type": "AWS::Config::ConfigurationRecorder", }, - "LoggingConfigRole0E4FDF1F": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "LoggingConfigRole0E4FDF1F": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "config.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWS_ConfigRole", @@ -2897,58 +2897,58 @@ Object { }, "Type": "AWS::IAM::Role", }, - "NotificationChatbotChannel053BCEF2": Object { - "Properties": Object { + "NotificationChatbotChannel053BCEF2": { + "Properties": { "ConfigurationName": "DevBLEABaseStandaloneNotificationC6359BD8", - "IamRoleArn": Object { - "Fn::GetAtt": Array [ + "IamRoleArn": { + "Fn::GetAtt": [ "NotificationChatbotRole9B60F7B3", "Arn", ], }, "SlackChannelId": "C00XXXXXXXX", "SlackWorkspaceId": "T8XXXXXXX", - "SnsTopicArns": Array [ - Object { + "SnsTopicArns": [ + { "Ref": "DetectionAlarmTopic36C4BB55", }, ], }, "Type": "AWS::Chatbot::SlackChannelConfiguration", }, - "NotificationChatbotRole9B60F7B3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "NotificationChatbotRole9B60F7B3": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "chatbot.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/ReadOnlyAccess", ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchReadOnlyAccess", @@ -2960,22 +2960,22 @@ Object { "Type": "AWS::IAM::Role", }, }, - "Rules": Object { - "CheckBootstrapVersion": Object { - "Assertions": Array [ - Object { - "Assert": Object { - "Fn::Not": Array [ - Object { - "Fn::Contains": Array [ - Array [ + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ "1", "2", "3", "4", "5", ], - Object { + { "Ref": "BootstrapVersion", }, ], diff --git a/usecases/blea-guest-serverless-api-sample/test/__snapshots__/blea-guest-apiapp-nodejs-sample.test.ts.snap b/usecases/blea-guest-serverless-api-sample/test/__snapshots__/blea-guest-apiapp-nodejs-sample.test.ts.snap index 64703d038..05271c202 100644 --- a/usecases/blea-guest-serverless-api-sample/test/__snapshots__/blea-guest-apiapp-nodejs-sample.test.ts.snap +++ b/usecases/blea-guest-serverless-api-sample/test/__snapshots__/blea-guest-apiapp-nodejs-sample.test.ts.snap @@ -1,23 +1,23 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot test for ServerlessApi Stack 1`] = ` -Object { - "Outputs": Object { - "ApiRestApiEndpoint4DEFB5CC": Object { - "Value": Object { - "Fn::Join": Array [ +{ + "Outputs": { + "ApiRestApiEndpoint4DEFB5CC": { + "Value": { + "Fn::Join": [ "", - Array [ + [ "https://", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, ".execute-api.ap-northeast-1.", - Object { + { "Ref": "AWS::URLSuffix", }, "/", - Object { + { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/", @@ -26,26 +26,26 @@ Object { }, }, }, - "Parameters": Object { - "BootstrapVersion": Object { + "Parameters": { + "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, - "Resources": Object { - "ApiAPIGatewayInvocationCountB691929A": Object { - "Properties": Object { + "Resources": { + "ApiAPIGatewayInvocationCountB691929A": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "ApiName", "Value": "RestApi", }, @@ -59,75 +59,75 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiApiGatewayLogGroup7BC2F58D": Object { + "ApiApiGatewayLogGroup7BC2F58D": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "RetentionInDays": 30, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, - "ApiLambdaNodejsGetItemFunction690D1743": Object { - "DependsOn": Array [ + "ApiLambdaNodejsGetItemFunction690D1743": { + "DependsOn": [ "ApiLambdaNodejsGetItemFunctionServiceRoleDefaultPolicy47E2D438", "ApiLambdaNodejsGetItemFunctionServiceRoleE5916FAE", ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { + "Properties": { + "Code": { + "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, - "S3Key": "a616604aaa5cc7457cca5373a05c61891e93469ced11392a0cd056762c7c50aa.zip", + "S3Key": "0157fe07cfc88764efa12fcb763d754f369f10425465a09d15e1d590506494df.zip", }, - "Environment": Object { - "Variables": Object { + "Environment": { + "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DDB_TABLE": Object { + "DDB_TABLE": { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "index.getItem", - "KmsKeyArn": Object { - "Fn::GetAtt": Array [ + "KmsKeyArn": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, - "Layers": Array [ + "Layers": [ "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 256, - "Role": Object { - "Fn::GetAtt": Array [ + "Role": { + "Fn::GetAtt": [ "ApiLambdaNodejsGetItemFunctionServiceRoleE5916FAE", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 25, - "TracingConfig": Object { + "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaNodejsGetItemFunctionLogRetentionAEF27AB1": Object { - "Properties": Object { - "LogGroupName": Object { - "Fn::Join": Array [ + "ApiLambdaNodejsGetItemFunctionLogRetentionAEF27AB1": { + "Properties": { + "LogGroupName": { + "Fn::Join": [ "", - Array [ + [ "/aws/lambda/", - Object { + { "Ref": "ApiLambdaNodejsGetItemFunction690D1743", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": Object { - "Fn::GetAtt": Array [ + "ServiceToken": { + "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -135,20 +135,20 @@ Object { }, "Type": "Custom::LogRetention", }, - "ApiLambdaNodejsGetItemFunctionServiceRoleDefaultPolicy47E2D438": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "ApiLambdaNodejsGetItemFunctionServiceRoleDefaultPolicy47E2D438": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -156,32 +156,32 @@ Object { "kms:Describe*", ], "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, }, - Object { - "Action": Array [ + { + "Action": [ "dynamodb:Query", "dynamodb:GetItem", ], "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], @@ -196,47 +196,47 @@ Object { "Version": "2012-10-17", }, "PolicyName": "ApiLambdaNodejsGetItemFunctionServiceRoleDefaultPolicy47E2D438", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "ApiLambdaNodejsGetItemFunctionServiceRoleE5916FAE", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaNodejsGetItemFunctionServiceRoleE5916FAE": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "ApiLambdaNodejsGetItemFunctionServiceRoleE5916FAE": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -247,67 +247,67 @@ Object { }, "Type": "AWS::IAM::Role", }, - "ApiLambdaNodejsListItemsFunction7383885E": Object { - "DependsOn": Array [ + "ApiLambdaNodejsListItemsFunction7383885E": { + "DependsOn": [ "ApiLambdaNodejsListItemsFunctionServiceRoleDefaultPolicy79E6AC10", "ApiLambdaNodejsListItemsFunctionServiceRole568FA032", ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { + "Properties": { + "Code": { + "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, - "S3Key": "0d9e5c676e6afe9e67a4e2ec1973be8d83308ef75062c2a39b03be6da1d6dcb3.zip", + "S3Key": "1e9ca361a3f211f391de1a63a75aa25053dbf11ebf7b6ad57020c9d08caeafa5.zip", }, - "Environment": Object { - "Variables": Object { + "Environment": { + "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DDB_TABLE": Object { + "DDB_TABLE": { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "index.listItems", - "KmsKeyArn": Object { - "Fn::GetAtt": Array [ + "KmsKeyArn": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, - "Layers": Array [ + "Layers": [ "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 256, - "Role": Object { - "Fn::GetAtt": Array [ + "Role": { + "Fn::GetAtt": [ "ApiLambdaNodejsListItemsFunctionServiceRole568FA032", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 25, - "TracingConfig": Object { + "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaNodejsListItemsFunctionLogRetention28222FF3": Object { - "Properties": Object { - "LogGroupName": Object { - "Fn::Join": Array [ + "ApiLambdaNodejsListItemsFunctionLogRetention28222FF3": { + "Properties": { + "LogGroupName": { + "Fn::Join": [ "", - Array [ + [ "/aws/lambda/", - Object { + { "Ref": "ApiLambdaNodejsListItemsFunction7383885E", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": Object { - "Fn::GetAtt": Array [ + "ServiceToken": { + "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -315,39 +315,39 @@ Object { }, "Type": "Custom::LogRetention", }, - "ApiLambdaNodejsListItemsFunctionServiceRole568FA032": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "ApiLambdaNodejsListItemsFunctionServiceRole568FA032": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -358,20 +358,20 @@ Object { }, "Type": "AWS::IAM::Role", }, - "ApiLambdaNodejsListItemsFunctionServiceRoleDefaultPolicy79E6AC10": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "ApiLambdaNodejsListItemsFunctionServiceRoleDefaultPolicy79E6AC10": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -379,32 +379,32 @@ Object { "kms:Describe*", ], "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, }, - Object { - "Action": Array [ + { + "Action": [ "dynamodb:Query", "dynamodb:Scan", ], "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], @@ -419,75 +419,75 @@ Object { "Version": "2012-10-17", }, "PolicyName": "ApiLambdaNodejsListItemsFunctionServiceRoleDefaultPolicy79E6AC10", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "ApiLambdaNodejsListItemsFunctionServiceRole568FA032", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaNodejsPutItemFunctionFC2FA584": Object { - "DependsOn": Array [ + "ApiLambdaNodejsPutItemFunctionFC2FA584": { + "DependsOn": [ "ApiLambdaNodejsPutItemFunctionServiceRoleDefaultPolicy04245F1A", "ApiLambdaNodejsPutItemFunctionServiceRoleB67323AE", ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { + "Properties": { + "Code": { + "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, - "S3Key": "da011cc76728148664f8d21f1fb5767cc8c16ccefedd41942eae64a6135e4699.zip", + "S3Key": "17b346b18d1dd1c466b1915e9cd7962315bf33dabe5eabff497ee1eef6315afd.zip", }, - "Environment": Object { - "Variables": Object { + "Environment": { + "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DDB_TABLE": Object { + "DDB_TABLE": { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "index.putItem", - "KmsKeyArn": Object { - "Fn::GetAtt": Array [ + "KmsKeyArn": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, - "Layers": Array [ + "Layers": [ "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 256, - "Role": Object { - "Fn::GetAtt": Array [ + "Role": { + "Fn::GetAtt": [ "ApiLambdaNodejsPutItemFunctionServiceRoleB67323AE", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 25, - "TracingConfig": Object { + "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaNodejsPutItemFunctionLogRetentionF06A63D6": Object { - "Properties": Object { - "LogGroupName": Object { - "Fn::Join": Array [ + "ApiLambdaNodejsPutItemFunctionLogRetentionF06A63D6": { + "Properties": { + "LogGroupName": { + "Fn::Join": [ "", - Array [ + [ "/aws/lambda/", - Object { + { "Ref": "ApiLambdaNodejsPutItemFunctionFC2FA584", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": Object { - "Fn::GetAtt": Array [ + "ServiceToken": { + "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -495,39 +495,39 @@ Object { }, "Type": "Custom::LogRetention", }, - "ApiLambdaNodejsPutItemFunctionServiceRoleB67323AE": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "ApiLambdaNodejsPutItemFunctionServiceRoleB67323AE": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -538,20 +538,20 @@ Object { }, "Type": "AWS::IAM::Role", }, - "ApiLambdaNodejsPutItemFunctionServiceRoleDefaultPolicy04245F1A": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "ApiLambdaNodejsPutItemFunctionServiceRoleDefaultPolicy04245F1A": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -559,29 +559,29 @@ Object { "kms:Describe*", ], "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, }, - Object { + { "Action": "dynamodb:PutItem", "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], @@ -596,28 +596,28 @@ Object { "Version": "2012-10-17", }, "PolicyName": "ApiLambdaNodejsPutItemFunctionServiceRoleDefaultPolicy04245F1A", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "ApiLambdaNodejsPutItemFunctionServiceRoleB67323AE", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaNodejsgetItemConcurrentExecutionsAlarmFFA1BD91": Object { - "Properties": Object { + "ApiLambdaNodejsgetItemConcurrentExecutionsAlarmFFA1BD91": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsGetItemFunction690D1743", }, }, @@ -631,20 +631,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsgetItemDurationAlarm5EA5942E": Object { - "Properties": Object { + "ApiLambdaNodejsgetItemDurationAlarm5EA5942E": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsGetItemFunction690D1743", }, }, @@ -658,20 +658,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsgetItemErrorsAlarm5A5A18BF": Object { - "Properties": Object { + "ApiLambdaNodejsgetItemErrorsAlarm5A5A18BF": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsGetItemFunction690D1743", }, }, @@ -685,20 +685,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsgetItemThrottlesAlarmB352F6E5": Object { - "Properties": Object { + "ApiLambdaNodejsgetItemThrottlesAlarmB352F6E5": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsGetItemFunction690D1743", }, }, @@ -712,20 +712,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejslistItemsConcurrentExecutionsAlarmD2695C91": Object { - "Properties": Object { + "ApiLambdaNodejslistItemsConcurrentExecutionsAlarmD2695C91": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsListItemsFunction7383885E", }, }, @@ -739,20 +739,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejslistItemsDurationAlarmEE962444": Object { - "Properties": Object { + "ApiLambdaNodejslistItemsDurationAlarmEE962444": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsListItemsFunction7383885E", }, }, @@ -766,20 +766,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejslistItemsErrorsExecutionsAlarm509E4CEC": Object { - "Properties": Object { + "ApiLambdaNodejslistItemsErrorsExecutionsAlarm509E4CEC": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsListItemsFunction7383885E", }, }, @@ -793,20 +793,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejslistItemsThrottlesAlarm9C26D78C": Object { - "Properties": Object { + "ApiLambdaNodejslistItemsThrottlesAlarm9C26D78C": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsListItemsFunction7383885E", }, }, @@ -820,20 +820,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsputItemConcurrentExecutionsAlarm96A1F417": Object { - "Properties": Object { + "ApiLambdaNodejsputItemConcurrentExecutionsAlarm96A1F417": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsPutItemFunctionFC2FA584", }, }, @@ -847,20 +847,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsputItemDurationAlarm4DEC7925": Object { - "Properties": Object { + "ApiLambdaNodejsputItemDurationAlarm4DEC7925": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsPutItemFunctionFC2FA584", }, }, @@ -874,20 +874,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsputItemErrorsAlarmB59BB9FA": Object { - "Properties": Object { + "ApiLambdaNodejsputItemErrorsAlarmB59BB9FA": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsPutItemFunctionFC2FA584", }, }, @@ -901,20 +901,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaNodejsputItemThrottlesAlarmDA173E04": Object { - "Properties": Object { + "ApiLambdaNodejsputItemThrottlesAlarmDA173E04": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaNodejsPutItemFunctionFC2FA584", }, }, @@ -928,67 +928,67 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonGetItemFunction7F81F93B": Object { - "DependsOn": Array [ + "ApiLambdaPythonGetItemFunction7F81F93B": { + "DependsOn": [ "ApiLambdaPythonGetItemFunctionServiceRoleDefaultPolicy550CE002", "ApiLambdaPythonGetItemFunctionServiceRole87970B01", ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { + "Properties": { + "Code": { + "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, "S3Key": "6c6248559cf324952895870a3b546cf7cbfbafe0cce9e4a60bc61e6ec8eef051.zip", }, - "Environment": Object { - "Variables": Object { - "DDB_TABLE": Object { + "Environment": { + "Variables": { + "DDB_TABLE": { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "getItem.lambda_handler", - "KmsKeyArn": Object { - "Fn::GetAtt": Array [ + "KmsKeyArn": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, - "Layers": Array [ + "Layers": [ "arn:aws:lambda:ap-northeast-1:017000801446:layer:AWSLambdaPowertoolsPython:3", "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 256, - "Role": Object { - "Fn::GetAtt": Array [ + "Role": { + "Fn::GetAtt": [ "ApiLambdaPythonGetItemFunctionServiceRole87970B01", "Arn", ], }, "Runtime": "python3.7", "Timeout": 25, - "TracingConfig": Object { + "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaPythonGetItemFunctionLogRetentionBA7F7CC2": Object { - "Properties": Object { - "LogGroupName": Object { - "Fn::Join": Array [ + "ApiLambdaPythonGetItemFunctionLogRetentionBA7F7CC2": { + "Properties": { + "LogGroupName": { + "Fn::Join": [ "", - Array [ + [ "/aws/lambda/", - Object { + { "Ref": "ApiLambdaPythonGetItemFunction7F81F93B", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": Object { - "Fn::GetAtt": Array [ + "ServiceToken": { + "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -996,39 +996,39 @@ Object { }, "Type": "Custom::LogRetention", }, - "ApiLambdaPythonGetItemFunctionServiceRole87970B01": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "ApiLambdaPythonGetItemFunctionServiceRole87970B01": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -1039,20 +1039,20 @@ Object { }, "Type": "AWS::IAM::Role", }, - "ApiLambdaPythonGetItemFunctionServiceRoleDefaultPolicy550CE002": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "ApiLambdaPythonGetItemFunctionServiceRoleDefaultPolicy550CE002": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -1060,32 +1060,32 @@ Object { "kms:Describe*", ], "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, }, - Object { - "Action": Array [ + { + "Action": [ "dynamodb:Query", "dynamodb:GetItem", ], "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], @@ -1100,75 +1100,75 @@ Object { "Version": "2012-10-17", }, "PolicyName": "ApiLambdaPythonGetItemFunctionServiceRoleDefaultPolicy550CE002", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "ApiLambdaPythonGetItemFunctionServiceRole87970B01", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaPythonListItemsFunction6E2E7058": Object { - "DependsOn": Array [ + "ApiLambdaPythonListItemsFunction6E2E7058": { + "DependsOn": [ "ApiLambdaPythonListItemsFunctionServiceRoleDefaultPolicy365FE2DB", "ApiLambdaPythonListItemsFunctionServiceRoleD3B9A3A3", ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { + "Properties": { + "Code": { + "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, "S3Key": "9935294482ff6ee39a0af20cfbf740c113a6d493e51300bfd6e98e85e6e9f360.zip", }, - "Environment": Object { - "Variables": Object { - "DDB_TABLE": Object { + "Environment": { + "Variables": { + "DDB_TABLE": { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "listItems.lambda_handler", - "KmsKeyArn": Object { - "Fn::GetAtt": Array [ + "KmsKeyArn": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, - "Layers": Array [ + "Layers": [ "arn:aws:lambda:ap-northeast-1:017000801446:layer:AWSLambdaPowertoolsPython:3", "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 2048, - "Role": Object { - "Fn::GetAtt": Array [ + "Role": { + "Fn::GetAtt": [ "ApiLambdaPythonListItemsFunctionServiceRoleD3B9A3A3", "Arn", ], }, "Runtime": "python3.7", "Timeout": 25, - "TracingConfig": Object { + "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaPythonListItemsFunctionLogRetention4AAEE7BC": Object { - "Properties": Object { - "LogGroupName": Object { - "Fn::Join": Array [ + "ApiLambdaPythonListItemsFunctionLogRetention4AAEE7BC": { + "Properties": { + "LogGroupName": { + "Fn::Join": [ "", - Array [ + [ "/aws/lambda/", - Object { + { "Ref": "ApiLambdaPythonListItemsFunction6E2E7058", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": Object { - "Fn::GetAtt": Array [ + "ServiceToken": { + "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -1176,39 +1176,39 @@ Object { }, "Type": "Custom::LogRetention", }, - "ApiLambdaPythonListItemsFunctionServiceRoleD3B9A3A3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "ApiLambdaPythonListItemsFunctionServiceRoleD3B9A3A3": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -1219,20 +1219,20 @@ Object { }, "Type": "AWS::IAM::Role", }, - "ApiLambdaPythonListItemsFunctionServiceRoleDefaultPolicy365FE2DB": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "ApiLambdaPythonListItemsFunctionServiceRoleDefaultPolicy365FE2DB": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -1240,32 +1240,32 @@ Object { "kms:Describe*", ], "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, }, - Object { - "Action": Array [ + { + "Action": [ "dynamodb:Query", "dynamodb:Scan", ], "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], @@ -1280,75 +1280,75 @@ Object { "Version": "2012-10-17", }, "PolicyName": "ApiLambdaPythonListItemsFunctionServiceRoleDefaultPolicy365FE2DB", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "ApiLambdaPythonListItemsFunctionServiceRoleD3B9A3A3", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaPythonPutItemFunction0EA5A227": Object { - "DependsOn": Array [ + "ApiLambdaPythonPutItemFunction0EA5A227": { + "DependsOn": [ "ApiLambdaPythonPutItemFunctionServiceRoleDefaultPolicyBA2B5B41", "ApiLambdaPythonPutItemFunctionServiceRole2AD40DC0", ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { + "Properties": { + "Code": { + "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, "S3Key": "dc0a332c2c8fb4d4e7977a51466ff04fda2926977fd3f496acfa00722ded9563.zip", }, - "Environment": Object { - "Variables": Object { - "DDB_TABLE": Object { + "Environment": { + "Variables": { + "DDB_TABLE": { "Ref": "DatastoreTable6900098D", }, }, }, "Handler": "putItem.lambda_handler", - "KmsKeyArn": Object { - "Fn::GetAtt": Array [ + "KmsKeyArn": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, - "Layers": Array [ + "Layers": [ "arn:aws:lambda:ap-northeast-1:017000801446:layer:AWSLambdaPowertoolsPython:3", "arn:aws:lambda:ap-northeast-1:580247275435:layer:LambdaInsightsExtension:14", ], "MemorySize": 256, - "Role": Object { - "Fn::GetAtt": Array [ + "Role": { + "Fn::GetAtt": [ "ApiLambdaPythonPutItemFunctionServiceRole2AD40DC0", "Arn", ], }, "Runtime": "python3.7", "Timeout": 25, - "TracingConfig": Object { + "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, - "ApiLambdaPythonPutItemFunctionLogRetention1C3D6644": Object { - "Properties": Object { - "LogGroupName": Object { - "Fn::Join": Array [ + "ApiLambdaPythonPutItemFunctionLogRetention1C3D6644": { + "Properties": { + "LogGroupName": { + "Fn::Join": [ "", - Array [ + [ "/aws/lambda/", - Object { + { "Ref": "ApiLambdaPythonPutItemFunction0EA5A227", }, ], ], }, "RetentionInDays": 90, - "ServiceToken": Object { - "Fn::GetAtt": Array [ + "ServiceToken": { + "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], @@ -1356,39 +1356,39 @@ Object { }, "Type": "Custom::LogRetention", }, - "ApiLambdaPythonPutItemFunctionServiceRole2AD40DC0": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "ApiLambdaPythonPutItemFunctionServiceRole2AD40DC0": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", @@ -1399,20 +1399,20 @@ Object { }, "Type": "AWS::IAM::Role", }, - "ApiLambdaPythonPutItemFunctionServiceRoleDefaultPolicyBA2B5B41": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "ApiLambdaPythonPutItemFunctionServiceRoleDefaultPolicyBA2B5B41": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", @@ -1420,29 +1420,29 @@ Object { "kms:Describe*", ], "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ + "Resource": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], }, }, - Object { + { "Action": "dynamodb:PutItem", "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ + "Resource": [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ - Object { - "Fn::GetAtt": Array [ + [ + { + "Fn::GetAtt": [ "DatastoreTable6900098D", "Arn", ], @@ -1457,28 +1457,28 @@ Object { "Version": "2012-10-17", }, "PolicyName": "ApiLambdaPythonPutItemFunctionServiceRoleDefaultPolicyBA2B5B41", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "ApiLambdaPythonPutItemFunctionServiceRole2AD40DC0", }, ], }, "Type": "AWS::IAM::Policy", }, - "ApiLambdaPythongetItemConcurrentExecutionsAlarm09E169A6": Object { - "Properties": Object { + "ApiLambdaPythongetItemConcurrentExecutionsAlarm09E169A6": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonGetItemFunction7F81F93B", }, }, @@ -1492,20 +1492,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythongetItemDurationAlarmD9B0D891": Object { - "Properties": Object { + "ApiLambdaPythongetItemDurationAlarmD9B0D891": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonGetItemFunction7F81F93B", }, }, @@ -1519,20 +1519,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythongetItemErrorsAlarm1636EC90": Object { - "Properties": Object { + "ApiLambdaPythongetItemErrorsAlarm1636EC90": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonGetItemFunction7F81F93B", }, }, @@ -1546,20 +1546,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythongetItemThrottlesAlarm34456187": Object { - "Properties": Object { + "ApiLambdaPythongetItemThrottlesAlarm34456187": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonGetItemFunction7F81F93B", }, }, @@ -1573,20 +1573,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonlistItemsConcurrentExecutionsAlarm307F2F04": Object { - "Properties": Object { + "ApiLambdaPythonlistItemsConcurrentExecutionsAlarm307F2F04": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonListItemsFunction6E2E7058", }, }, @@ -1600,20 +1600,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonlistItemsDurationAlarm8D3DC059": Object { - "Properties": Object { + "ApiLambdaPythonlistItemsDurationAlarm8D3DC059": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonListItemsFunction6E2E7058", }, }, @@ -1627,20 +1627,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonlistItemsErrorsExecutionsAlarm50F77830": Object { - "Properties": Object { + "ApiLambdaPythonlistItemsErrorsExecutionsAlarm50F77830": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonListItemsFunction6E2E7058", }, }, @@ -1654,20 +1654,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonlistItemsThrottlesAlarm6969E734": Object { - "Properties": Object { + "ApiLambdaPythonlistItemsThrottlesAlarm6969E734": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonListItemsFunction6E2E7058", }, }, @@ -1681,20 +1681,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonputItemConcurrentExecutionsAlarmA11DBC15": Object { - "Properties": Object { + "ApiLambdaPythonputItemConcurrentExecutionsAlarmA11DBC15": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonPutItemFunction0EA5A227", }, }, @@ -1708,20 +1708,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonputItemDurationAlarm3B22CCB7": Object { - "Properties": Object { + "ApiLambdaPythonputItemDurationAlarm3B22CCB7": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonPutItemFunction0EA5A227", }, }, @@ -1735,20 +1735,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonputItemErrorsAlarm6023E1EC": Object { - "Properties": Object { + "ApiLambdaPythonputItemErrorsAlarm6023E1EC": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonPutItemFunction0EA5A227", }, }, @@ -1762,20 +1762,20 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiLambdaPythonputItemThrottlesAlarm7981B2AC": Object { - "Properties": Object { + "ApiLambdaPythonputItemThrottlesAlarm7981B2AC": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "FunctionName", - "Value": Object { + "Value": { "Ref": "ApiLambdaPythonPutItemFunction0EA5A227", }, }, @@ -1789,14 +1789,14 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "ApiRestApiAccount598A1DA6": Object { + "ApiRestApiAccount598A1DA6": { "DeletionPolicy": "Retain", - "DependsOn": Array [ + "DependsOn": [ "ApiRestApiE35FEAFE", ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ + "Properties": { + "CloudWatchRoleArn": { + "Fn::GetAtt": [ "ApiRestApiCloudWatchRoleB7879BFC", "Arn", ], @@ -1805,28 +1805,28 @@ Object { "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, - "ApiRestApiCloudWatchRoleB7879BFC": Object { + "ApiRestApiCloudWatchRoleB7879BFC": { "DeletionPolicy": "Retain", - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", @@ -1838,8 +1838,8 @@ Object { "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, - "ApiRestApiDeploymentDC05A82D897c301a1bec5a379eebd5094efed118": Object { - "DependsOn": Array [ + "ApiRestApiDeploymentDC05A82D897c301a1bec5a379eebd5094efed118": { + "DependsOn": [ "ApiRestApinodejsitemtitleGETC0EE8F85", "ApiRestApinodejsitemtitle29B62070", "ApiRestApinodejsitemPOST296B5713", @@ -1855,33 +1855,33 @@ Object { "ApiRestApipythonlist4EC12D2C", "ApiRestApipython2F6D6644", ], - "Properties": Object { + "Properties": { "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Deployment", }, - "ApiRestApiDeploymentStageprodE828476C": Object { - "DependsOn": Array [ + "ApiRestApiDeploymentStageprodE828476C": { + "DependsOn": [ "ApiRestApiAccount598A1DA6", ], - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ + "Properties": { + "AccessLogSetting": { + "DestinationArn": { + "Fn::GetAtt": [ "ApiApiGatewayLogGroup7BC2F58D", "Arn", ], }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", + "Format": "{"requestId":"$context.requestId","ip":"$context.identity.sourceIp","user":"$context.identity.user","caller":"$context.identity.caller","requestTime":"$context.requestTime","httpMethod":"$context.httpMethod","resourcePath":"$context.resourcePath","status":"$context.status","protocol":"$context.protocol","responseLength":"$context.responseLength"}", }, - "DeploymentId": Object { + "DeploymentId": { "Ref": "ApiRestApiDeploymentDC05A82D897c301a1bec5a379eebd5094efed118", }, - "MethodSettings": Array [ - Object { + "MethodSettings": [ + { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", @@ -1889,7 +1889,7 @@ Object { "ResourcePath": "/*", }, ], - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, "StageName": "prod", @@ -1897,57 +1897,57 @@ Object { }, "Type": "AWS::ApiGateway::Stage", }, - "ApiRestApiE35FEAFE": Object { - "Properties": Object { + "ApiRestApiE35FEAFE": { + "Properties": { "Name": "RestApi", }, "Type": "AWS::ApiGateway::RestApi", }, - "ApiRestApinodejsD890E984": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ + "ApiRestApinodejsD890E984": { + "Properties": { + "ParentId": { + "Fn::GetAtt": [ "ApiRestApiE35FEAFE", "RootResourceId", ], }, "PathPart": "nodejs", - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApinodejsitemB718EB4B": Object { - "Properties": Object { - "ParentId": Object { + "ApiRestApinodejsitemB718EB4B": { + "Properties": { + "ParentId": { "Ref": "ApiRestApinodejsD890E984", }, "PathPart": "item", - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApinodejsitemPOST296B5713": Object { - "Properties": Object { + "ApiRestApinodejsitemPOST296B5713": { + "Properties": { "AuthorizationType": "NONE", "HttpMethod": "POST", - "Integration": Object { + "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ + "Uri": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ + { + "Fn::GetAtt": [ "ApiLambdaNodejsPutItemFunctionFC2FA584", "Arn", ], @@ -1957,43 +1957,43 @@ Object { ], }, }, - "ResourceId": Object { + "ResourceId": { "Ref": "ApiRestApinodejsitemB718EB4B", }, - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApinodejsitemPOSTApiPermissionDevBLEAServerlessApiRestApiEBE3BF9APOSTnodejsitem1DBCEB01": Object { - "Properties": Object { + "ApiRestApinodejsitemPOSTApiPermissionDevBLEAServerlessApiRestApiEBE3BF9APOSTnodejsitem1DBCEB01": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaNodejsPutItemFunctionFC2FA584", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/", - Object { + { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/POST/nodejs/item", @@ -2003,30 +2003,30 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApinodejsitemPOSTApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9APOSTnodejsitem1523F9C5": Object { - "Properties": Object { + "ApiRestApinodejsitemPOSTApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9APOSTnodejsitem1523F9C5": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaNodejsPutItemFunctionFC2FA584", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/POST/nodejs/item", @@ -2036,46 +2036,46 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApinodejsitemtitle29B62070": Object { - "Properties": Object { - "ParentId": Object { + "ApiRestApinodejsitemtitle29B62070": { + "Properties": { + "ParentId": { "Ref": "ApiRestApinodejsitemB718EB4B", }, "PathPart": "{title}", - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApinodejsitemtitleGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETnodejsitemtitle81B2BFF3": Object { - "Properties": Object { + "ApiRestApinodejsitemtitleGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETnodejsitemtitle81B2BFF3": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaNodejsGetItemFunction690D1743", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/", - Object { + { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/GET/nodejs/item/*", @@ -2085,30 +2085,30 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApinodejsitemtitleGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETnodejsitemtitleB659ABEB": Object { - "Properties": Object { + "ApiRestApinodejsitemtitleGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETnodejsitemtitleB659ABEB": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaNodejsGetItemFunction690D1743", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/GET/nodejs/item/*", @@ -2118,24 +2118,24 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApinodejsitemtitleGETC0EE8F85": Object { - "Properties": Object { + "ApiRestApinodejsitemtitleGETC0EE8F85": { + "Properties": { "AuthorizationType": "NONE", "HttpMethod": "GET", - "Integration": Object { + "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ + "Uri": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ + { + "Fn::GetAtt": [ "ApiLambdaNodejsGetItemFunction690D1743", "Arn", ], @@ -2145,45 +2145,45 @@ Object { ], }, }, - "ResourceId": Object { + "ResourceId": { "Ref": "ApiRestApinodejsitemtitle29B62070", }, - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApinodejslistEE136EF7": Object { - "Properties": Object { - "ParentId": Object { + "ApiRestApinodejslistEE136EF7": { + "Properties": { + "ParentId": { "Ref": "ApiRestApinodejsD890E984", }, "PathPart": "list", - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApinodejslistGET729AFFC7": Object { - "Properties": Object { + "ApiRestApinodejslistGET729AFFC7": { + "Properties": { "AuthorizationType": "NONE", "HttpMethod": "GET", - "Integration": Object { + "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ + "Uri": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ + { + "Fn::GetAtt": [ "ApiLambdaNodejsListItemsFunction7383885E", "Arn", ], @@ -2193,43 +2193,43 @@ Object { ], }, }, - "ResourceId": Object { + "ResourceId": { "Ref": "ApiRestApinodejslistEE136EF7", }, - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApinodejslistGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETnodejslist5B482CF3": Object { - "Properties": Object { + "ApiRestApinodejslistGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETnodejslist5B482CF3": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaNodejsListItemsFunction7383885E", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/", - Object { + { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/GET/nodejs/list", @@ -2239,30 +2239,30 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApinodejslistGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETnodejslist5E7FE9FC": Object { - "Properties": Object { + "ApiRestApinodejslistGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETnodejslist5E7FE9FC": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaNodejsListItemsFunction7383885E", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/GET/nodejs/list", @@ -2272,51 +2272,51 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipython2F6D6644": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ + "ApiRestApipython2F6D6644": { + "Properties": { + "ParentId": { + "Fn::GetAtt": [ "ApiRestApiE35FEAFE", "RootResourceId", ], }, "PathPart": "python", - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApipythonitemF1EBD3B9": Object { - "Properties": Object { - "ParentId": Object { + "ApiRestApipythonitemF1EBD3B9": { + "Properties": { + "ParentId": { "Ref": "ApiRestApipython2F6D6644", }, "PathPart": "item", - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApipythonitemPOST15FD049D": Object { - "Properties": Object { + "ApiRestApipythonitemPOST15FD049D": { + "Properties": { "AuthorizationType": "NONE", "HttpMethod": "POST", - "Integration": Object { + "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ + "Uri": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ + { + "Fn::GetAtt": [ "ApiLambdaPythonPutItemFunction0EA5A227", "Arn", ], @@ -2326,43 +2326,43 @@ Object { ], }, }, - "ResourceId": Object { + "ResourceId": { "Ref": "ApiRestApipythonitemF1EBD3B9", }, - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApipythonitemPOSTApiPermissionDevBLEAServerlessApiRestApiEBE3BF9APOSTpythonitem5761D1B8": Object { - "Properties": Object { + "ApiRestApipythonitemPOSTApiPermissionDevBLEAServerlessApiRestApiEBE3BF9APOSTpythonitem5761D1B8": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaPythonPutItemFunction0EA5A227", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/", - Object { + { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/POST/python/item", @@ -2372,30 +2372,30 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipythonitemPOSTApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9APOSTpythonitem715A3E20": Object { - "Properties": Object { + "ApiRestApipythonitemPOSTApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9APOSTpythonitem715A3E20": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaPythonPutItemFunction0EA5A227", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/POST/python/item", @@ -2405,36 +2405,36 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipythonitemtitle896EFCA5": Object { - "Properties": Object { - "ParentId": Object { + "ApiRestApipythonitemtitle896EFCA5": { + "Properties": { + "ParentId": { "Ref": "ApiRestApipythonitemF1EBD3B9", }, "PathPart": "{title}", - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApipythonitemtitleGET4BA7981E": Object { - "Properties": Object { + "ApiRestApipythonitemtitleGET4BA7981E": { + "Properties": { "AuthorizationType": "NONE", "HttpMethod": "GET", - "Integration": Object { + "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ + "Uri": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ + { + "Fn::GetAtt": [ "ApiLambdaPythonGetItemFunction7F81F93B", "Arn", ], @@ -2444,43 +2444,43 @@ Object { ], }, }, - "ResourceId": Object { + "ResourceId": { "Ref": "ApiRestApipythonitemtitle896EFCA5", }, - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApipythonitemtitleGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETpythonitemtitle9380763F": Object { - "Properties": Object { + "ApiRestApipythonitemtitleGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETpythonitemtitle9380763F": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaPythonGetItemFunction7F81F93B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/", - Object { + { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/GET/python/item/*", @@ -2490,30 +2490,30 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipythonitemtitleGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETpythonitemtitleE2FDEC9D": Object { - "Properties": Object { + "ApiRestApipythonitemtitleGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETpythonitemtitleE2FDEC9D": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaPythonGetItemFunction7F81F93B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/GET/python/item/*", @@ -2523,36 +2523,36 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipythonlist4EC12D2C": Object { - "Properties": Object { - "ParentId": Object { + "ApiRestApipythonlist4EC12D2C": { + "Properties": { + "ParentId": { "Ref": "ApiRestApipython2F6D6644", }, "PathPart": "list", - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Resource", }, - "ApiRestApipythonlistGETA946A0F8": Object { - "Properties": Object { + "ApiRestApipythonlistGETA946A0F8": { + "Properties": { "AuthorizationType": "NONE", "HttpMethod": "GET", - "Integration": Object { + "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ + "Uri": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ + { + "Fn::GetAtt": [ "ApiLambdaPythonListItemsFunction6E2E7058", "Arn", ], @@ -2562,43 +2562,43 @@ Object { ], }, }, - "ResourceId": Object { + "ResourceId": { "Ref": "ApiRestApipythonlist4EC12D2C", }, - "RestApiId": Object { + "RestApiId": { "Ref": "ApiRestApiE35FEAFE", }, }, "Type": "AWS::ApiGateway::Method", }, - "ApiRestApipythonlistGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETpythonlist6FD5F4CB": Object { - "Properties": Object { + "ApiRestApipythonlistGETApiPermissionDevBLEAServerlessApiRestApiEBE3BF9AGETpythonlist6FD5F4CB": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaPythonListItemsFunction6E2E7058", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/", - Object { + { "Ref": "ApiRestApiDeploymentStageprodE828476C", }, "/GET/python/list", @@ -2608,30 +2608,30 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "ApiRestApipythonlistGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETpythonlistC2B18F06": Object { - "Properties": Object { + "ApiRestApipythonlistGETApiPermissionTestDevBLEAServerlessApiRestApiEBE3BF9AGETpythonlistC2B18F06": { + "Properties": { "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ + "FunctionName": { + "Fn::GetAtt": [ "ApiLambdaPythonListItemsFunction6E2E7058", "Arn", ], }, "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ + "SourceArn": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":execute-api:ap-northeast-1:", - Object { + { "Ref": "AWS::AccountId", }, ":", - Object { + { "Ref": "ApiRestApiE35FEAFE", }, "/test-invoke-stage/GET/python/list", @@ -2641,27 +2641,27 @@ Object { }, "Type": "AWS::Lambda::Permission", }, - "CMK56817A4C": Object { + "CMK56817A4C": { "DeletionPolicy": "Retain", - "Properties": Object { + "Properties": { "Description": "BLEA Guest Sample: CMK for ServerlessApi", "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { + "KeyPolicy": { + "Statement": [ + { "Action": "kms:*", "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ + "Principal": { + "AWS": { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::", - Object { + { "Ref": "AWS::AccountId", }, ":root", @@ -2671,22 +2671,22 @@ Object { }, "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*", ], - "Condition": Object { - "ArnLike": Object { - "aws:PrincipalArn": Object { - "Fn::Join": Array [ + "Condition": { + "ArnLike": { + "aws:PrincipalArn": { + "Fn::Join": [ "", - Array [ + [ "arn:aws:iam::", - Object { + { "Ref": "AWS::AccountId", }, ":role/BLEA-LambdaNodejs-*", @@ -2696,27 +2696,27 @@ Object { }, }, "Effect": "Allow", - "Principal": Object { + "Principal": { "AWS": "*", }, "Resource": "*", }, - Object { - "Action": Array [ + { + "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*", ], - "Condition": Object { - "ArnLike": Object { - "aws:PrincipalArn": Object { - "Fn::Join": Array [ + "Condition": { + "ArnLike": { + "aws:PrincipalArn": { + "Fn::Join": [ "", - Array [ + [ "arn:aws:iam::", - Object { + { "Ref": "AWS::AccountId", }, ":role/BLEA-LambdaPython-*", @@ -2726,7 +2726,7 @@ Object { }, }, "Effect": "Allow", - "Principal": Object { + "Principal": { "AWS": "*", }, "Resource": "*", @@ -2738,11 +2738,11 @@ Object { "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, - "CMKAliasFD5A95C9": Object { - "Properties": Object { + "CMKAliasFD5A95C9": { + "Properties": { "AliasName": "alias/DevBLEAServerlessApi", - "TargetKeyId": Object { - "Fn::GetAtt": Array [ + "TargetKeyId": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], @@ -2750,20 +2750,20 @@ Object { }, "Type": "AWS::KMS::Alias", }, - "DatastoreDynamoConsumedReadCapacityUnitE16CED8A": Object { - "Properties": Object { + "DatastoreDynamoConsumedReadCapacityUnitE16CED8A": { + "Properties": { "ActionsEnabled": true, - "AlarmActions": Array [ - Object { + "AlarmActions": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], "ComparisonOperator": "GreaterThanOrEqualToThreshold", "DatapointsToAlarm": 3, - "Dimensions": Array [ - Object { + "Dimensions": [ + { "Name": "TableName", - "Value": Object { + "Value": { "Ref": "DatastoreTable6900098D", }, }, @@ -2777,55 +2777,55 @@ Object { }, "Type": "AWS::CloudWatch::Alarm", }, - "DatastoreTable6900098D": Object { + "DatastoreTable6900098D": { "DeletionPolicy": "Retain", - "Properties": Object { - "AttributeDefinitions": Array [ - Object { + "Properties": { + "AttributeDefinitions": [ + { "AttributeName": "title", "AttributeType": "S", }, - Object { + { "AttributeName": "content", "AttributeType": "S", }, - Object { + { "AttributeName": "createdAt", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", - "KeySchema": Array [ - Object { + "KeySchema": [ + { "AttributeName": "title", "KeyType": "HASH", }, - Object { + { "AttributeName": "content", "KeyType": "RANGE", }, ], - "LocalSecondaryIndexes": Array [ - Object { + "LocalSecondaryIndexes": [ + { "IndexName": "CreatedAtLSI", - "KeySchema": Array [ - Object { + "KeySchema": [ + { "AttributeName": "title", "KeyType": "HASH", }, - Object { + { "AttributeName": "createdAt", "KeyType": "RANGE", }, ], - "Projection": Object { + "Projection": { "ProjectionType": "ALL", }, }, ], - "SSESpecification": Object { - "KMSMasterKeyId": Object { - "Fn::GetAtt": Array [ + "SSESpecification": { + "KMSMasterKeyId": { + "Fn::GetAtt": [ "CMK56817A4C", "Arn", ], @@ -2837,50 +2837,51 @@ Object { "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Retain", }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": Object { - "DependsOn": Array [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { + "DependsOn": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { + "Properties": { + "Code": { + "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-ap-northeast-1", }, - "S3Key": "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8.zip", + "S3Key": "5bc602ecde93c947efe5899ae355f999986a1acbe610b1c0b9c468d738857555.zip", }, "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ + "Role": { + "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", "Arn", ], }, - "Runtime": "nodejs16.x", + "Runtime": "nodejs18.x", + "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", @@ -2891,12 +2892,12 @@ Object { }, "Type": "AWS::IAM::Role", }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], @@ -2907,28 +2908,28 @@ Object { "Version": "2012-10-17", }, "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", - "Roles": Array [ - Object { + "Roles": [ + { "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", }, ], }, "Type": "AWS::IAM::Policy", }, - "MonitoringAlarmTopicAF62D4F1": Object { + "MonitoringAlarmTopicAF62D4F1": { "Type": "AWS::SNS::Topic", }, - "MonitoringAlarmTopicPolicyCB9CCFB0": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { + "MonitoringAlarmTopicPolicyCB9CCFB0": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { "Action": "sns:Publish", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "cloudwatch.amazonaws.com", }, - "Resource": Object { + "Resource": { "Ref": "MonitoringAlarmTopicAF62D4F1", }, "Sid": "0", @@ -2936,66 +2937,66 @@ Object { ], "Version": "2012-10-17", }, - "Topics": Array [ - Object { + "Topics": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], }, "Type": "AWS::SNS::TopicPolicy", }, - "MonitoringChatbotChannel3696F0E4": Object { - "Properties": Object { + "MonitoringChatbotChannel3696F0E4": { + "Properties": { "ConfigurationName": "DevBLEAServerlessApiMonitoring9149EEBF", - "IamRoleArn": Object { - "Fn::GetAtt": Array [ + "IamRoleArn": { + "Fn::GetAtt": [ "MonitoringChatbotRoleD766A77D", "Arn", ], }, "SlackChannelId": "CYYYYYYYYYY", "SlackWorkspaceId": "TXXXXXXXXXX", - "SnsTopicArns": Array [ - Object { + "SnsTopicArns": [ + { "Ref": "MonitoringAlarmTopicAF62D4F1", }, ], }, "Type": "AWS::Chatbot::SlackChannelConfiguration", }, - "MonitoringChatbotRoleD766A77D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { + "MonitoringChatbotRoleD766A77D": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { "Action": "sts:AssumeRole", "Effect": "Allow", - "Principal": Object { + "Principal": { "Service": "chatbot.amazonaws.com", }, }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/ReadOnlyAccess", ], ], }, - Object { - "Fn::Join": Array [ + { + "Fn::Join": [ "", - Array [ + [ "arn:", - Object { + { "Ref": "AWS::Partition", }, ":iam::aws:policy/CloudWatchReadOnlyAccess", @@ -3006,33 +3007,33 @@ Object { }, "Type": "AWS::IAM::Role", }, - "MonitoringEmailSubsc6D15C956": Object { - "Properties": Object { + "MonitoringEmailSubsc6D15C956": { + "Properties": { "Endpoint": "notify-security@example.com", "Protocol": "email", - "TopicArn": Object { + "TopicArn": { "Ref": "MonitoringAlarmTopicAF62D4F1", }, }, "Type": "AWS::SNS::Subscription", }, }, - "Rules": Object { - "CheckBootstrapVersion": Object { - "Assertions": Array [ - Object { - "Assert": Object { - "Fn::Not": Array [ - Object { - "Fn::Contains": Array [ - Array [ + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ "1", "2", "3", "4", "5", ], - Object { + { "Ref": "BootstrapVersion", }, ],