diff --git a/packages/stacks/maintenance-site/test/__snapshots__/main.spec.ts.snap b/packages/stacks/maintenance-site/test/__snapshots__/main.spec.ts.snap new file mode 100644 index 00000000..1931a45a --- /dev/null +++ b/packages/stacks/maintenance-site/test/__snapshots__/main.spec.ts.snap @@ -0,0 +1,1778 @@ +// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html + +exports[`MaintenanceSite > renders expected template 1`] = ` +{ + "Outputs": { + "testmaintenancesitestaticsiteDistributionDomainName98FBA8BF": { + "Value": { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteCloudfrontDistributionC473D8AA", + "DomainName", + ], + }, + }, + }, + "Parameters": { + "BootstrapVersion": { + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", + "Type": "AWS::SSM::Parameter::Value", + }, + }, + "Resources": { + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536": { + "DependsOn": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", + ], + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", + }, + "S3Key": "9eb41a5505d37607ac419321497a4f8c21cf0ee1f9b4a6b29aa04301aea5c7fd.zip", + }, + "Environment": { + "Variables": { + "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", + }, + }, + "Handler": "index.handler", + "Layers": [ + { + "Ref": "testmaintenancesitestaticsiteWebsiteDeploymentAwsCliLayer76CA91FD", + }, + ], + "Role": { + "Fn::GetAtt": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", + "Arn", + ], + }, + "Runtime": "python3.9", + "Timeout": 900, + }, + "Type": "AWS::Lambda::Function", + }, + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + ], + ], + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", + }, + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":s3:::", + { + "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", + }, + "/*", + ], + ], + }, + ], + }, + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging", + "s3:Abort*", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + { + "Action": [ + "cloudfront:GetInvalidation", + "cloudfront:CreateInvalidation", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", + "Roles": [ + { + "Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + ], + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", + }, + "S3Key": "a657308e723bb9460b800cb3b47dadb74e28243edfe246bf7755c45ec312eb97.zip", + }, + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + }, + " S3 bucket.", + ], + ], + }, + "Handler": "index.handler", + "MemorySize": 128, + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn", + ], + }, + "Runtime": "nodejs18.x", + "Timeout": 900, + }, + "Type": "AWS::Lambda::Function", + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:\${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "testmaintenancesitestaticsiteAccessLogsBucketAutoDeleteObjectsCustomResource6E95A8C4": { + "DeletionPolicy": "Delete", + "DependsOn": [ + "testmaintenancesitestaticsiteAccessLogsBucketPolicy6E0CFF16", + ], + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "BucketName": { + "Ref": "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + }, + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn", + ], + }, + }, + "Type": "Custom::S3AutoDeleteObjects", + "UpdateReplacePolicy": "Delete", + }, + "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6": { + "DeletionPolicy": "Delete", + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256", + }, + }, + ], + }, + "OwnershipControls": { + "Rules": [ + { + "ObjectOwnership": "ObjectWriter", + }, + ], + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true, + }, + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true", + }, + ], + }, + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + }, + "testmaintenancesitestaticsiteAccessLogsBucketPolicy6E0CFF16": { + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "Bucket": { + "Ref": "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false", + }, + }, + "Effect": "Deny", + "Principal": { + "AWS": "*", + }, + "Resource": [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + { + "Action": [ + "s3:GetBucket*", + "s3:List*", + "s3:DeleteObject*", + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn", + ], + }, + }, + "Resource": [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + "Arn", + ], + }, + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId", + }, + }, + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com", + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + "Arn", + ], + }, + "/website-access-logs*", + ], + ], + }, + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteDistributionLogBucketAF2F2F4E", + "Arn", + ], + }, + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId", + }, + }, + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com", + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + "Arn", + ], + }, + "/distribution-access-logs*", + ], + ], + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::S3::BucketPolicy", + }, + "testmaintenancesitestaticsiteCloudfrontDistributionC473D8AA": { + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-CFR4", + "reason": "Certificate is not mandatory therefore the Cloudfront certificate will be used.", + }, + { + "id": "AwsPrototyping-CloudFrontDistributionHttpsViewerNoOutdatedSSL", + "reason": "Certificate is not mandatory therefore the Cloudfront certificate will be used.", + }, + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "DistributionConfig": { + "Aliases": [ + "maintenance.crisiscleanup.org", + ], + "Comment": "Maintenance Site", + "CustomErrorResponses": [ + { + "ErrorCode": 404, + "ResponseCode": 200, + "ResponsePagePath": "/index.html", + }, + ], + "DefaultCacheBehavior": { + "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", + "Compress": true, + "TargetOriginId": "testmaintenancesitetestmaintenancesitestaticsiteCloudfrontDistributionOrigin12CA64569", + "ViewerProtocolPolicy": "redirect-to-https", + }, + "DefaultRootObject": "index.html", + "Enabled": true, + "HttpVersion": "http2", + "IPV6Enabled": true, + "Logging": { + "Bucket": { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteDistributionLogBucketAF2F2F4E", + "RegionalDomainName", + ], + }, + }, + "Origins": [ + { + "DomainName": { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + "RegionalDomainName", + ], + }, + "Id": "testmaintenancesitetestmaintenancesitestaticsiteCloudfrontDistributionOrigin12CA64569", + "S3OriginConfig": { + "OriginAccessIdentity": { + "Fn::Join": [ + "", + [ + "origin-access-identity/cloudfront/", + { + "Ref": "testmaintenancesitestaticsiteOriginAccessIdentity6B417CF8", + }, + ], + ], + }, + }, + }, + ], + "PriceClass": "PriceClass_100", + }, + }, + "Type": "AWS::CloudFront::Distribution", + }, + "testmaintenancesitestaticsiteDistributionLogBucketAF2F2F4E": { + "DeletionPolicy": "Delete", + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256", + }, + }, + ], + }, + "LoggingConfiguration": { + "DestinationBucketName": { + "Ref": "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + }, + "LogFilePrefix": "distribution-access-logs", + }, + "OwnershipControls": { + "Rules": [ + { + "ObjectOwnership": "BucketOwnerPreferred", + }, + ], + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true, + }, + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true", + }, + ], + }, + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + }, + "testmaintenancesitestaticsiteDistributionLogBucketAutoDeleteObjectsCustomResource5F2FB661": { + "DeletionPolicy": "Delete", + "DependsOn": [ + "testmaintenancesitestaticsiteDistributionLogBucketPolicy232B94B1", + ], + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "BucketName": { + "Ref": "testmaintenancesitestaticsiteDistributionLogBucketAF2F2F4E", + }, + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn", + ], + }, + }, + "Type": "Custom::S3AutoDeleteObjects", + "UpdateReplacePolicy": "Delete", + }, + "testmaintenancesitestaticsiteDistributionLogBucketPolicy232B94B1": { + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "Bucket": { + "Ref": "testmaintenancesitestaticsiteDistributionLogBucketAF2F2F4E", + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false", + }, + }, + "Effect": "Deny", + "Principal": { + "AWS": "*", + }, + "Resource": [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteDistributionLogBucketAF2F2F4E", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteDistributionLogBucketAF2F2F4E", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + { + "Action": [ + "s3:GetBucket*", + "s3:List*", + "s3:DeleteObject*", + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn", + ], + }, + }, + "Resource": [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteDistributionLogBucketAF2F2F4E", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteDistributionLogBucketAF2F2F4E", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::S3::BucketPolicy", + }, + "testmaintenancesitestaticsiteOriginAccessIdentity6B417CF8": { + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "CloudFrontOriginAccessIdentityConfig": { + "Comment": "Allows CloudFront to reach the bucket", + }, + }, + "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity", + }, + "testmaintenancesitestaticsiteWebsiteBucket734B2C11": { + "DeletionPolicy": "Delete", + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256", + }, + }, + ], + }, + "LoggingConfiguration": { + "DestinationBucketName": { + "Ref": "testmaintenancesitestaticsiteAccessLogsBucketEA3BB1E6", + }, + "LogFilePrefix": "website-access-logs", + }, + "OwnershipControls": { + "Rules": [ + { + "ObjectOwnership": "BucketOwnerEnforced", + }, + ], + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true, + }, + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true", + }, + { + "Key": "aws-cdk:cr-owned:e1136a52", + "Value": "true", + }, + ], + "VersioningConfiguration": { + "Status": "Enabled", + }, + }, + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + }, + "testmaintenancesitestaticsiteWebsiteBucketAutoDeleteObjectsCustomResourceF23427B2": { + "DeletionPolicy": "Delete", + "DependsOn": [ + "testmaintenancesitestaticsiteWebsiteBucketPolicy6CC28212", + ], + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "BucketName": { + "Ref": "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + }, + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn", + ], + }, + }, + "Type": "Custom::S3AutoDeleteObjects", + "UpdateReplacePolicy": "Delete", + }, + "testmaintenancesitestaticsiteWebsiteBucketPolicy6CC28212": { + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "Bucket": { + "Ref": "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false", + }, + }, + "Effect": "Deny", + "Principal": { + "AWS": "*", + }, + "Resource": [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + { + "Action": [ + "s3:GetBucket*", + "s3:List*", + "s3:DeleteObject*", + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn", + ], + }, + }, + "Resource": [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + { + "Action": "s3:ListBucket", + "Effect": "Allow", + "Principal": { + "CanonicalUser": { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteOriginAccessIdentity6B417CF8", + "S3CanonicalUserId", + ], + }, + }, + "Resource": { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + "Arn", + ], + }, + }, + { + "Action": "s3:GetObject", + "Effect": "Allow", + "Principal": { + "CanonicalUser": { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteOriginAccessIdentity6B417CF8", + "S3CanonicalUserId", + ], + }, + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + "Arn", + ], + }, + "/*", + ], + ], + }, + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::S3::BucketPolicy", + }, + "testmaintenancesitestaticsiteWebsiteDeploymentAwsCliLayer76CA91FD": { + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "Content": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", + }, + "S3Key": "e2277687077a2abf9ae1af1cc9565e6715e2ebb62f79ec53aa75a1af9298f642.zip", + }, + "Description": "/opt/awscli/aws", + }, + "Type": "AWS::Lambda::LayerVersion", + }, + "testmaintenancesitestaticsiteWebsiteDeploymentCustomResourceB75382EC": { + "DeletionPolicy": "Delete", + "Metadata": { + "cdk_nag": { + "rules_to_suppress": [ + { + "id": "AwsSolutions-L1", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "id": "AwsPrototyping-LambdaLatestVersion", + "reason": "Latest runtime cannot be configured. CDK will need to upgrade the BucketDeployment construct accordingly.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsSolutions-IAM5", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Action::s3:.*$/g", + }, + { + "regex": "/^Resource::.*$/g", + }, + ], + "id": "AwsPrototyping-IAMNoWildcardPermissions", + "reason": "All Policies have been scoped to a Bucket. Given Buckets can contain arbitrary content, wildcard resources with bucket scope are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsSolutions-IAM4", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "applies_to": [ + { + "regex": "/^Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole$/g", + }, + ], + "id": "AwsPrototyping-IAMNoManagedPolicies", + "reason": "Buckets can contain arbitrary content, therefore wildcard resources under a bucket are required.", + }, + { + "id": "AwsSolutions-S1", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + { + "id": "AwsPrototyping-S3BucketLoggingEnabled", + "reason": "Access Log buckets should not have s3 bucket logging", + }, + ], + }, + }, + "Properties": { + "DestinationBucketName": { + "Ref": "testmaintenancesitestaticsiteWebsiteBucket734B2C11", + }, + "DistributionId": { + "Ref": "testmaintenancesitestaticsiteCloudfrontDistributionC473D8AA", + }, + "Prune": true, + "ServiceToken": { + "Fn::GetAtt": [ + "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536", + "Arn", + ], + }, + "SourceBucketNames": [ + { + "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", + }, + ], + "SourceObjectKeys": [ + "1ebc9d3ac2033816c4abb63e4afd69d350b4aba8704cc9236b82ea520b74f4b0.zip", + ], + }, + "Type": "Custom::CDKBucketDeployment", + "UpdateReplacePolicy": "Delete", + }, + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5", + ], + { + "Ref": "BootstrapVersion", + }, + ], + }, + ], + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", + }, + ], + }, + }, +} +`;