// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot 1`] = ` { "Parameters": { "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": { "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691": { "DependsOn": [ "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", ], "Properties": { "Code": { "ZipFile": "import boto3 # type: ignore import json import logging import urllib.request s3 = boto3.client("s3") EVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration' CONFIGURATION_TYPES = ["TopicConfigurations", "QueueConfigurations", "LambdaFunctionConfigurations"] def handler(event: dict, context): response_status = "SUCCESS" error_message = "" try: props = event["ResourceProperties"] bucket = props["BucketName"] notification_configuration = props["NotificationConfiguration"] request_type = event["RequestType"] managed = props.get('Managed', 'true').lower() == 'true' stack_id = event['StackId'] if managed: config = handle_managed(request_type, notification_configuration) else: config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration) put_bucket_notification_configuration(bucket, config) except Exception as e: logging.exception("Failed to put bucket notification configuration") response_status = "FAILED" error_message = f"Error: {str(e)}. " finally: submit_response(event, context, response_status, error_message) def handle_managed(request_type, notification_configuration): if request_type == 'Delete': return {} return notification_configuration def handle_unmanaged(bucket, stack_id, request_type, notification_configuration): external_notifications = find_external_notifications(bucket, stack_id) if request_type == 'Delete': return external_notifications def with_id(notification): notification['Id'] = f"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}" return notification notifications = {} for t in CONFIGURATION_TYPES: external = external_notifications.get(t, []) incoming = [with_id(n) for n in notification_configuration.get(t, [])] notifications[t] = external + incoming if EVENTBRIDGE_CONFIGURATION in notification_configuration: notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION] elif EVENTBRIDGE_CONFIGURATION in external_notifications: notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION] return notifications def find_external_notifications(bucket, stack_id): existing_notifications = get_bucket_notification_configuration(bucket) external_notifications = {} for t in CONFIGURATION_TYPES: external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f"{stack_id}-")] if EVENTBRIDGE_CONFIGURATION in existing_notifications: external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION] return external_notifications def get_bucket_notification_configuration(bucket): return s3.get_bucket_notification_configuration(Bucket=bucket) def put_bucket_notification_configuration(bucket, notification_configuration): s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration) def submit_response(event: dict, context, response_status: str, error_message: str): response_body = json.dumps( { "Status": response_status, "Reason": f"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}", "PhysicalResourceId": event.get("PhysicalResourceId") or event["LogicalResourceId"], "StackId": event["StackId"], "RequestId": event["RequestId"], "LogicalResourceId": event["LogicalResourceId"], "NoEcho": False, } ).encode("utf-8") headers = {"content-type": "", "content-length": str(len(response_body))} try: req = urllib.request.Request(url=event["ResponseURL"], headers=headers, data=response_body, method="PUT") with urllib.request.urlopen(req) as response: print(response.read().decode("utf-8")) print("Status code: " + response.reason) except Exception as e: print("send(..) failed executing request.urlopen(..): " + str(e)) ", }, "Description": "AWS CloudFormation handler for "Custom::S3BucketNotifications" resources (@aws-cdk/aws-s3)", "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", "Arn", ], }, "Runtime": "python3.9", "Timeout": 300, }, "Type": "AWS::Lambda::Function", }, "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "AWS managed policies acceptable here", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "The IAM entity in this example contain wildcard permissions. In a real world production workload it is recommended adhering to AWS security best practices regarding least-privilege permissions (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege) ", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": "s3:PutBucketNotification", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", "Roles": [ { "Ref": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", }, ], }, "Type": "AWS::IAM::Policy", }, "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { "DependsOn": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", ], "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "2332a8953f2d92ebffdc01cf20d5a2fb5bf2ef29764cda4186f01c55edee8c73.zip", }, "Description": { "Fn::Join": [ "", [ "Lambda function for auto-deleting objects in ", { "Ref": "sourcebucketE323AAE3", }, " S3 bucket.", ], ], }, "Handler": "__entrypoint__.handler", "MemorySize": 128, "Role": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Sub": "arn:\${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", }, ], }, "Type": "AWS::IAM::Role", }, "destinationefs25C963EE": { "DeletionPolicy": "Retain", "Properties": { "Encrypted": true, "FileSystemTags": [ { "Key": "Name", "Value": "s3-to-efs-lambda-example", }, ], "PerformanceMode": "generalPurpose", }, "Type": "AWS::EFS::FileSystem", "UpdateReplacePolicy": "Retain", }, "destinationefsEfsMountTarget1006D47AD": { "Properties": { "FileSystemId": { "Ref": "destinationefs25C963EE", }, "SecurityGroups": [ { "Fn::GetAtt": [ "destinationefsEfsSecurityGroup7163293C", "GroupId", ], }, ], "SubnetId": { "Ref": "vpcprivateegressSubnet1SubnetEE64C319", }, }, "Type": "AWS::EFS::MountTarget", }, "destinationefsEfsMountTarget211FCB6DE": { "Properties": { "FileSystemId": { "Ref": "destinationefs25C963EE", }, "SecurityGroups": [ { "Fn::GetAtt": [ "destinationefsEfsSecurityGroup7163293C", "GroupId", ], }, ], "SubnetId": { "Ref": "vpcprivateegressSubnet2Subnet5B9243CC", }, }, "Type": "AWS::EFS::MountTarget", }, "destinationefsEfsSecurityGroup7163293C": { "Properties": { "GroupDescription": "test/destination-efs/EfsSecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "Tags": [ { "Key": "Name", "Value": "s3-to-efs-lambda-example", }, ], "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::SecurityGroup", }, "destinationefsEfsSecurityGroupfromtestfilemoverfunctionSecurityGroupF3B8E3EE20493A418631": { "Properties": { "Description": "from testfilemoverfunctionSecurityGroupF3B8E3EE:2049", "FromPort": 2049, "GroupId": { "Fn::GetAtt": [ "destinationefsEfsSecurityGroup7163293C", "GroupId", ], }, "IpProtocol": "tcp", "SourceSecurityGroupId": { "Fn::GetAtt": [ "filemoverfunctionSecurityGroup5E4EE32A", "GroupId", ], }, "ToPort": 2049, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "destinationefsapE6210869": { "Properties": { "AccessPointTags": [ { "Key": "Name", "Value": "test/destination-efs-ap", }, ], "FileSystemId": { "Ref": "destinationefs25C963EE", }, "PosixUser": { "Gid": "1000", "Uid": "1000", }, "RootDirectory": { "CreationInfo": { "OwnerGid": "1000", "OwnerUid": "1000", "Permissions": "0777", }, "Path": "/efs", }, }, "Type": "AWS::EFS::AccessPoint", }, "filemoverfunction4B688748": { "DependsOn": [ "destinationefsEfsMountTarget1006D47AD", "destinationefsEfsMountTarget211FCB6DE", "destinationefsEfsSecurityGroupfromtestfilemoverfunctionSecurityGroupF3B8E3EE20493A418631", "filemoverfunctionServiceRoleDefaultPolicyA84611FE", "filemoverfunctionServiceRole563C494F", "vpcprivateegressSubnet1DefaultRouteA58848DF", "vpcprivateegressSubnet1RouteTableAssociation05AC35BF", "vpcprivateegressSubnet2DefaultRoute48C96327", "vpcprivateegressSubnet2RouteTableAssociation41333E50", ], "Properties": { "Architectures": [ "arm64", ], "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "bcb6407aca7de508e8613402e9910c8d71d77a4471466be5444114c6966147ff.zip", }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "EFS_PATH": "/mnt/efs0", }, }, "FileSystemConfigs": [ { "Arn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":elasticfilesystem:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":access-point/", { "Ref": "destinationefsapE6210869", }, ], ], }, "LocalMountPath": "/mnt/efs0", }, ], "Handler": "index.handler", "MemorySize": 256, "Role": { "Fn::GetAtt": [ "filemoverfunctionServiceRole563C494F", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, "VpcConfig": { "SecurityGroupIds": [ { "Fn::GetAtt": [ "filemoverfunctionSecurityGroup5E4EE32A", "GroupId", ], }, ], "SubnetIds": [ { "Ref": "vpcprivateegressSubnet1SubnetEE64C319", }, { "Ref": "vpcprivateegressSubnet2Subnet5B9243CC", }, ], }, }, "Type": "AWS::Lambda::Function", }, "filemoverfunctionSecurityGroup5E4EE32A": { "DependsOn": [ "destinationefsEfsMountTarget1006D47AD", "destinationefsEfsMountTarget211FCB6DE", "vpcprivateegressSubnet1DefaultRouteA58848DF", "vpcprivateegressSubnet1RouteTableAssociation05AC35BF", "vpcprivateegressSubnet2DefaultRoute48C96327", "vpcprivateegressSubnet2RouteTableAssociation41333E50", ], "Properties": { "GroupDescription": "Automatic security group for Lambda Function testfilemoverfunction8E3C9586", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::SecurityGroup", }, "filemoverfunctionServiceRole563C494F": { "DependsOn": [ "destinationefsEfsMountTarget1006D47AD", "destinationefsEfsMountTarget211FCB6DE", "vpcprivateegressSubnet1DefaultRouteA58848DF", "vpcprivateegressSubnet1RouteTableAssociation05AC35BF", "vpcprivateegressSubnet2DefaultRoute48C96327", "vpcprivateegressSubnet2RouteTableAssociation41333E50", ], "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "AWS managed policies acceptable here", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "filemoverfunctionServiceRoleDefaultPolicyA84611FE": { "DependsOn": [ "destinationefsEfsMountTarget1006D47AD", "destinationefsEfsMountTarget211FCB6DE", "vpcprivateegressSubnet1DefaultRouteA58848DF", "vpcprivateegressSubnet1RouteTableAssociation05AC35BF", "vpcprivateegressSubnet2DefaultRoute48C96327", "vpcprivateegressSubnet2RouteTableAssociation41333E50", ], "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "The IAM entity in this example contain wildcard permissions. In a real world production workload it is recommended adhering to AWS security best practices regarding least-privilege permissions (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege) ", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": "elasticfilesystem:ClientMount", "Condition": { "StringEquals": { "elasticfilesystem:AccessPointArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":elasticfilesystem:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":access-point/", { "Ref": "destinationefsapE6210869", }, ], ], }, }, }, "Effect": "Allow", "Resource": "*", }, { "Action": "elasticfilesystem:ClientWrite", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":elasticfilesystem:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":file-system/", { "Ref": "destinationefs25C963EE", }, ], ], }, }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "sourcebucketE323AAE3", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "sourcebucketE323AAE3", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "filemoverfunctionServiceRoleDefaultPolicyA84611FE", "Roles": [ { "Ref": "filemoverfunctionServiceRole563C494F", }, ], }, "Type": "AWS::IAM::Policy", }, "sourcebucketAllowBucketNotificationsTotestfilemoverfunction8E3C95864D01826F": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "filemoverfunction4B688748", "Arn", ], }, "Principal": "s3.amazonaws.com", "SourceAccount": { "Ref": "AWS::AccountId", }, "SourceArn": { "Fn::GetAtt": [ "sourcebucketE323AAE3", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, "sourcebucketAutoDeleteObjectsCustomResource59CAEE16": { "DeletionPolicy": "Delete", "DependsOn": [ "sourcebucketPolicyC570F537", ], "Properties": { "BucketName": { "Ref": "sourcebucketE323AAE3", }, "ServiceToken": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", "Arn", ], }, }, "Type": "Custom::S3AutoDeleteObjects", "UpdateReplacePolicy": "Delete", }, "sourcebucketE323AAE3": { "DeletionPolicy": "Delete", "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-S1", "reason": "Example bucket does not need access logs enabled", }, ], }, }, "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "Tags": [ { "Key": "aws-cdk:auto-delete-objects", "Value": "true", }, ], }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Delete", }, "sourcebucketNotifications3B378D89": { "DependsOn": [ "sourcebucketAllowBucketNotificationsTotestfilemoverfunction8E3C95864D01826F", ], "Properties": { "BucketName": { "Ref": "sourcebucketE323AAE3", }, "Managed": true, "NotificationConfiguration": { "LambdaFunctionConfigurations": [ { "Events": [ "s3:ObjectCreated:*", ], "LambdaFunctionArn": { "Fn::GetAtt": [ "filemoverfunction4B688748", "Arn", ], }, }, ], }, "ServiceToken": { "Fn::GetAtt": [ "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691", "Arn", ], }, }, "Type": "Custom::S3BucketNotifications", }, "sourcebucketPolicyC570F537": { "Properties": { "Bucket": { "Ref": "sourcebucketE323AAE3", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "sourcebucketE323AAE3", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "sourcebucketE323AAE3", "Arn", ], }, "/*", ], ], }, ], }, { "Action": [ "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::GetAtt": [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn", ], }, }, "Resource": [ { "Fn::GetAtt": [ "sourcebucketE323AAE3", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "sourcebucketE323AAE3", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "vpcA2121C38": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-VPC7", "reason": "This VPC is for the example only and should not be used in production workloads, no need to enabled VPC flow logs", }, ], }, }, "Properties": { "CidrBlock": "10.0.0.0/16", "EnableDnsHostnames": true, "EnableDnsSupport": true, "InstanceTenancy": "default", "Tags": [ { "Key": "Name", "Value": "s3-to-efs-lambda-example-vpc", }, ], }, "Type": "AWS::EC2::VPC", }, "vpcIGWE57CBDCA": { "Properties": { "Tags": [ { "Key": "Name", "Value": "s3-to-efs-lambda-example-vpc", }, ], }, "Type": "AWS::EC2::InternetGateway", }, "vpcVPCGW7984C166": { "Properties": { "InternetGatewayId": { "Ref": "vpcIGWE57CBDCA", }, "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::VPCGatewayAttachment", }, "vpcprivateegressSubnet1DefaultRouteA58848DF": { "Properties": { "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "vpcpublicSubnet1NATGateway974E731F", }, "RouteTableId": { "Ref": "vpcprivateegressSubnet1RouteTableA31B62EC", }, }, "Type": "AWS::EC2::Route", }, "vpcprivateegressSubnet1RouteTableA31B62EC": { "Properties": { "Tags": [ { "Key": "Name", "Value": "test/vpc/private-egressSubnet1", }, ], "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::RouteTable", }, "vpcprivateegressSubnet1RouteTableAssociation05AC35BF": { "Properties": { "RouteTableId": { "Ref": "vpcprivateegressSubnet1RouteTableA31B62EC", }, "SubnetId": { "Ref": "vpcprivateegressSubnet1SubnetEE64C319", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "vpcprivateegressSubnet1SubnetEE64C319": { "Properties": { "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.0.0.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "private-egress", }, { "Key": "aws-cdk:subnet-type", "Value": "Private", }, { "Key": "Name", "Value": "test/vpc/private-egressSubnet1", }, ], "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::Subnet", }, "vpcprivateegressSubnet2DefaultRoute48C96327": { "Properties": { "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "vpcpublicSubnet2NATGateway97E8DB6F", }, "RouteTableId": { "Ref": "vpcprivateegressSubnet2RouteTableDB0FB0D2", }, }, "Type": "AWS::EC2::Route", }, "vpcprivateegressSubnet2RouteTableAssociation41333E50": { "Properties": { "RouteTableId": { "Ref": "vpcprivateegressSubnet2RouteTableDB0FB0D2", }, "SubnetId": { "Ref": "vpcprivateegressSubnet2Subnet5B9243CC", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "vpcprivateegressSubnet2RouteTableDB0FB0D2": { "Properties": { "Tags": [ { "Key": "Name", "Value": "test/vpc/private-egressSubnet2", }, ], "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::RouteTable", }, "vpcprivateegressSubnet2Subnet5B9243CC": { "Properties": { "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.0.64.0/18", "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "private-egress", }, { "Key": "aws-cdk:subnet-type", "Value": "Private", }, { "Key": "Name", "Value": "test/vpc/private-egressSubnet2", }, ], "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::Subnet", }, "vpcpublicSubnet1DefaultRouteF0973989": { "DependsOn": [ "vpcVPCGW7984C166", ], "Properties": { "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "vpcIGWE57CBDCA", }, "RouteTableId": { "Ref": "vpcpublicSubnet1RouteTableA38152FE", }, }, "Type": "AWS::EC2::Route", }, "vpcpublicSubnet1EIP909BE2D3": { "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": "test/vpc/publicSubnet1", }, ], }, "Type": "AWS::EC2::EIP", }, "vpcpublicSubnet1NATGateway974E731F": { "DependsOn": [ "vpcpublicSubnet1DefaultRouteF0973989", "vpcpublicSubnet1RouteTableAssociationB46101B8", ], "Properties": { "AllocationId": { "Fn::GetAtt": [ "vpcpublicSubnet1EIP909BE2D3", "AllocationId", ], }, "SubnetId": { "Ref": "vpcpublicSubnet1SubnetA635257E", }, "Tags": [ { "Key": "Name", "Value": "test/vpc/publicSubnet1", }, ], }, "Type": "AWS::EC2::NatGateway", }, "vpcpublicSubnet1RouteTableA38152FE": { "Properties": { "Tags": [ { "Key": "Name", "Value": "test/vpc/publicSubnet1", }, ], "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::RouteTable", }, "vpcpublicSubnet1RouteTableAssociationB46101B8": { "Properties": { "RouteTableId": { "Ref": "vpcpublicSubnet1RouteTableA38152FE", }, "SubnetId": { "Ref": "vpcpublicSubnet1SubnetA635257E", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "vpcpublicSubnet1SubnetA635257E": { "Properties": { "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.0.128.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "public", }, { "Key": "aws-cdk:subnet-type", "Value": "Public", }, { "Key": "Name", "Value": "test/vpc/publicSubnet1", }, ], "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::Subnet", }, "vpcpublicSubnet2DefaultRoute13685A07": { "DependsOn": [ "vpcVPCGW7984C166", ], "Properties": { "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "vpcIGWE57CBDCA", }, "RouteTableId": { "Ref": "vpcpublicSubnet2RouteTableA6135437", }, }, "Type": "AWS::EC2::Route", }, "vpcpublicSubnet2EIPB56D1A92": { "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": "test/vpc/publicSubnet2", }, ], }, "Type": "AWS::EC2::EIP", }, "vpcpublicSubnet2NATGateway97E8DB6F": { "DependsOn": [ "vpcpublicSubnet2DefaultRoute13685A07", "vpcpublicSubnet2RouteTableAssociation73F6478A", ], "Properties": { "AllocationId": { "Fn::GetAtt": [ "vpcpublicSubnet2EIPB56D1A92", "AllocationId", ], }, "SubnetId": { "Ref": "vpcpublicSubnet2Subnet027D165B", }, "Tags": [ { "Key": "Name", "Value": "test/vpc/publicSubnet2", }, ], }, "Type": "AWS::EC2::NatGateway", }, "vpcpublicSubnet2RouteTableA6135437": { "Properties": { "Tags": [ { "Key": "Name", "Value": "test/vpc/publicSubnet2", }, ], "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::RouteTable", }, "vpcpublicSubnet2RouteTableAssociation73F6478A": { "Properties": { "RouteTableId": { "Ref": "vpcpublicSubnet2RouteTableA6135437", }, "SubnetId": { "Ref": "vpcpublicSubnet2Subnet027D165B", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "vpcpublicSubnet2Subnet027D165B": { "Properties": { "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "", }, ], }, "CidrBlock": "10.0.192.0/18", "MapPublicIpOnLaunch": true, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "public", }, { "Key": "aws-cdk:subnet-type", "Value": "Public", }, { "Key": "Name", "Value": "test/vpc/publicSubnet2", }, ], "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::Subnet", }, "vpcs3gwendpointE51E266B": { "Properties": { "RouteTableIds": [ { "Ref": "vpcprivateegressSubnet1RouteTableA31B62EC", }, { "Ref": "vpcprivateegressSubnet2RouteTableDB0FB0D2", }, ], "ServiceName": { "Fn::Join": [ "", [ "com.amazonaws.", { "Ref": "AWS::Region", }, ".s3", ], ], }, "VpcEndpointType": "Gateway", "VpcId": { "Ref": "vpcA2121C38", }, }, "Type": "AWS::EC2::VPCEndpoint", }, }, "Rules": { "CheckBootstrapVersion": { "Assertions": [ { "Assert": { "Fn::Not": [ { "Fn::Contains": [ [ "1", "2", "3", "4", "5", ], { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `;