// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`BLEA-FSI snapshot check OpenAPI sample Stacks 1`] = ` { "Outputs": { "ApiGatewaysampleapiEndpoint9CF5B768": { "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "ApiGatewaysampleapiDBBB2137", }, ".execute-api.", { "Ref": "AWS::Region", }, ".", { "Ref": "AWS::URLSuffix", }, "/", { "Ref": "ApiGatewaysampleapiDeploymentStageprodC0F005DA", }, "/", ], ], }, }, }, "Parameters": { "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": { "ApiGatewayOpenApiCustomDomain19035A66": { "Properties": { "DomainName": "api.xxxx.xxxxx", "EndpointConfiguration": { "Types": [ "REGIONAL", ], }, "RegionalCertificateArn": "arn:aws:acm:ap-northeast-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", }, "Type": "AWS::ApiGateway::DomainName", }, "ApiGatewayOpenApiCustomDomainMapSampleOpenApiStackApiGatewaysampleapi57C3BC4B3A602C39": { "Properties": { "DomainName": { "Ref": "ApiGatewayOpenApiCustomDomain19035A66", }, "RestApiId": { "Ref": "ApiGatewaysampleapiDBBB2137", }, "Stage": { "Ref": "ApiGatewaysampleapiDeploymentStageprodC0F005DA", }, }, "Type": "AWS::ApiGateway::BasePathMapping", }, "ApiGatewayRestApiLogAccessLogGroupC83A6B38": { "DeletionPolicy": "Retain", "Properties": { "RetentionInDays": 365, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiGatewaycognitoAuthorizerB81838E3": { "Properties": { "IdentitySource": "method.request.header.Authorization", "Name": "CognitoAuthorizer", "ProviderARNs": [ { "Fn::GetAtt": [ "CognitoPooluserPool4E2EFBAB", "Arn", ], }, ], "RestApiId": { "Ref": "ApiGatewaysampleapiDBBB2137", }, "Type": "COGNITO_USER_POOLS", }, "Type": "AWS::ApiGateway::Authorizer", }, "ApiGatewaysampleapiAccountD70D965D": { "DeletionPolicy": "Retain", "DependsOn": [ "ApiGatewaysampleapiDBBB2137", ], "Properties": { "CloudWatchRoleArn": { "Fn::GetAtt": [ "ApiGatewaysampleapiCloudWatchRoleA7A396B2", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiGatewaysampleapiCloudWatchRoleA7A396B2": { "DeletionPolicy": "Retain", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiGatewaysampleapiDBBB2137": { "Properties": { "Name": "sample-api", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiGatewaysampleapiDeployment5E799FB1c671d1771b791fbbeb0514e049e46555": { "DependsOn": [ "ApiGatewaysampleapiproxyGET8086C489", "ApiGatewaysampleapiproxy9A12D52B", ], "Properties": { "Description": "Automatically created by the RestApi construct", "RestApiId": { "Ref": "ApiGatewaysampleapiDBBB2137", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiGatewaysampleapiDeploymentStageprodC0F005DA": { "DependsOn": [ "ApiGatewaysampleapiAccountD70D965D", ], "Properties": { "AccessLogSetting": { "DestinationArn": { "Fn::GetAtt": [ "ApiGatewayRestApiLogAccessLogGroupC83A6B38", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] "$context.httpMethod $context.resourcePath $context.protocol" $context.status $context.responseLength $context.requestId", }, "DeploymentId": { "Ref": "ApiGatewaysampleapiDeployment5E799FB1c671d1771b791fbbeb0514e049e46555", }, "MethodSettings": [ { "DataTraceEnabled": true, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": { "Ref": "ApiGatewaysampleapiDBBB2137", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiGatewaysampleapiproxy9A12D52B": { "Properties": { "ParentId": { "Fn::GetAtt": [ "ApiGatewaysampleapiDBBB2137", "RootResourceId", ], }, "PathPart": "{proxy+}", "RestApiId": { "Ref": "ApiGatewaysampleapiDBBB2137", }, }, "Type": "AWS::ApiGateway::Resource", }, "ApiGatewaysampleapiproxyGET8086C489": { "Properties": { "AuthorizationType": "COGNITO_USER_POOLS", "AuthorizerId": { "Ref": "ApiGatewaycognitoAuthorizerB81838E3", }, "HttpMethod": "GET", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "CognitoPoolHelloHandler02EE54D1", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "ApiGatewaysampleapiproxy9A12D52B", }, "RestApiId": { "Ref": "ApiGatewaysampleapiDBBB2137", }, }, "Type": "AWS::ApiGateway::Method", }, "ApiGatewaysampleapiproxyGETApiPermissionSampleOpenApiStackApiGatewaysampleapi57C3BC4BGETproxyBE716FA1": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "CognitoPoolHelloHandler02EE54D1", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "ApiGatewaysampleapiDBBB2137", }, "/", { "Ref": "ApiGatewaysampleapiDeploymentStageprodC0F005DA", }, "/GET/*", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiGatewaysampleapiproxyGETApiPermissionTestSampleOpenApiStackApiGatewaysampleapi57C3BC4BGETproxy44C7DAD5": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "CognitoPoolHelloHandler02EE54D1", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "ApiGatewaysampleapiDBBB2137", }, "/test-invoke-stage/GET/*", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "CloudFrontAppLogBucketA1F4F698": { "DeletionPolicy": "Delete", "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "OwnershipControls": { "Rules": [ { "ObjectOwnership": "ObjectWriter", }, ], }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Delete", }, "CloudFrontAppLogBucketPolicy0693088C": { "Properties": { "Bucket": { "Ref": "CloudFrontAppLogBucketA1F4F698", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "CloudFrontAppLogBucketA1F4F698", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "CloudFrontAppLogBucketA1F4F698", "Arn", ], }, "/*", ], ], }, ], }, { "Action": "s3:*", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com", }, "Resource": [ { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "CloudFrontAppLogBucketA1F4F698", }, ], ], }, { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "CloudFrontAppLogBucketA1F4F698", }, "/*", ], ], }, ], "Sid": "AllowCloudFrontOnly", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "CloudFrontOpenApiDistribution51862AA5": { "Properties": { "DistributionConfig": { "Aliases": [ "openapi.xxxx.xxxx", ], "Comment": "OpenAPI-distribution", "DefaultCacheBehavior": { "AllowedMethods": [ "GET", "HEAD", ], "CachePolicyId": { "Ref": "CloudFrontcachePolicyForApiGatewayE604413E", }, "CachedMethods": [ "GET", "HEAD", ], "Compress": true, "TargetOriginId": "SampleOpenApiStackCloudFrontOpenApiDistributionOrigin16E0F0DDC", "ViewerProtocolPolicy": "https-only", }, "Enabled": true, "HttpVersion": "http2", "IPV6Enabled": true, "Logging": { "Bucket": { "Fn::GetAtt": [ "CloudFrontAppLogBucketA1F4F698", "RegionalDomainName", ], }, }, "Origins": [ { "CustomOriginConfig": { "OriginProtocolPolicy": "https-only", "OriginSSLProtocols": [ "TLSv1.2", ], }, "DomainName": "api.xxxx.xxxxx", "Id": "SampleOpenApiStackCloudFrontOpenApiDistributionOrigin16E0F0DDC", }, ], "PriceClass": "PriceClass_All", "Restrictions": { "GeoRestriction": { "Locations": [ "US", "GB", "JP", ], "RestrictionType": "whitelist", }, }, "ViewerCertificate": { "AcmCertificateArn": "arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "MinimumProtocolVersion": "TLSv1.2_2021", "SslSupportMethod": "sni-only", }, }, }, "Type": "AWS::CloudFront::Distribution", }, "CloudFrontcachePolicyForApiGatewayE604413E": { "Properties": { "CachePolicyConfig": { "DefaultTTL": 86400, "MaxTTL": 31536000, "MinTTL": 0, "Name": "cachePolicyForApiGateway", "ParametersInCacheKeyAndForwardedToOrigin": { "CookiesConfig": { "CookieBehavior": "none", }, "EnableAcceptEncodingBrotli": true, "EnableAcceptEncodingGzip": true, "HeadersConfig": { "HeaderBehavior": "whitelist", "Headers": [ "Authorization", ], }, "QueryStringsConfig": { "QueryStringBehavior": "none", }, }, }, }, "Type": "AWS::CloudFront::CachePolicy", }, "CognitoPoolHelloHandler02EE54D1": { "DependsOn": [ "CognitoPoolHelloHandlerServiceRole4FFAEFA7", ], "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "222a3a7cad2a200ab801e4bfe3ce4a5e3d04a8d24140b25045c4de9cb03562f8.zip", }, "Handler": "hello.handler", "Role": { "Fn::GetAtt": [ "CognitoPoolHelloHandlerServiceRole4FFAEFA7", "Arn", ], }, "Runtime": "nodejs18.x", }, "Type": "AWS::Lambda::Function", }, "CognitoPoolHelloHandlerServiceRole4FFAEFA7": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "CognitoPooluserPool4E2EFBAB": { "DeletionPolicy": "Delete", "Properties": { "AccountRecoverySetting": { "RecoveryMechanisms": [ { "Name": "verified_email", "Priority": 1, }, ], }, "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": true, }, "AutoVerifiedAttributes": [ "email", ], "EmailVerificationMessage": "The verification code to your new account is {####}", "EmailVerificationSubject": "Verify your new account", "EnabledMfas": [ "SMS_MFA", ], "MfaConfiguration": "OPTIONAL", "Policies": { "PasswordPolicy": { "MinimumLength": 8, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": true, "RequireUppercase": true, "TemporaryPasswordValidityDays": 7, }, }, "Schema": [ { "Mutable": true, "Name": "email", "Required": true, }, { "Mutable": true, "Name": "phone_number", "Required": true, }, ], "SmsConfiguration": { "ExternalId": "SampleOpenApiStackCognitoPooluserPoolB9D740FB", "SnsCallerArn": { "Fn::GetAtt": [ "CognitoPooluserPoolsmsRole6EB1C6B5", "Arn", ], }, }, "SmsVerificationMessage": "The verification code to your new account is {####}", "UserPoolName": "apiUserPool", "UsernameAttributes": [ "email", ], "UsernameConfiguration": { "CaseSensitive": false, }, "VerificationMessageTemplate": { "DefaultEmailOption": "CONFIRM_WITH_CODE", "EmailMessage": "The verification code to your new account is {####}", "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}", }, }, "Type": "AWS::Cognito::UserPool", "UpdateReplacePolicy": "Delete", }, "CognitoPooluserPoolclient81506C4E": { "Properties": { "AllowedOAuthFlows": [ "implicit", "code", ], "AllowedOAuthFlowsUserPoolClient": true, "AllowedOAuthScopes": [ "profile", "phone", "email", "openid", "aws.cognito.signin.user.admin", ], "CallbackURLs": [ "https://example.com", ], "ClientName": "apiUserPoolClient", "ExplicitAuthFlows": [ "ALLOW_USER_PASSWORD_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", ], "GenerateSecret": false, "SupportedIdentityProviders": [ "COGNITO", ], "UserPoolId": { "Ref": "CognitoPooluserPool4E2EFBAB", }, }, "Type": "AWS::Cognito::UserPoolClient", }, "CognitoPooluserPoolsmsRole6EB1C6B5": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "SampleOpenApiStackCognitoPooluserPoolB9D740FB", }, }, "Effect": "Allow", "Principal": { "Service": "cognito-idp.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": "sns:Publish", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "sns-publish", }, ], }, "Type": "AWS::IAM::Role", }, "WafForApiGWSampleWafAclApigw0325C289": { "DependsOn": [ "ApiGatewaysampleapiAccountD70D965D", "ApiGatewaysampleapiCloudWatchRoleA7A396B2", "ApiGatewaysampleapiproxyGETApiPermissionSampleOpenApiStackApiGatewaysampleapi57C3BC4BGETproxyBE716FA1", "ApiGatewaysampleapiproxyGETApiPermissionTestSampleOpenApiStackApiGatewaysampleapi57C3BC4BGETproxy44C7DAD5", "ApiGatewaysampleapiproxyGET8086C489", "ApiGatewaysampleapiproxy9A12D52B", "ApiGatewaysampleapiDeployment5E799FB1c671d1771b791fbbeb0514e049e46555", "ApiGatewaysampleapiDeploymentStageprodC0F005DA", "ApiGatewaysampleapiDBBB2137", ], "Properties": { "DefaultAction": { "Allow": {}, }, "Name": "sample-waf-web-acl-apigw", "Rules": [ { "Name": "AWSManagedRulesCommonRuleSet", "OverrideAction": { "Count": {}, }, "Priority": 1, "Statement": { "ManagedRuleGroupStatement": { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, { "Name": "AWSManagedRulesKnownBadInputsRuleSet", "OverrideAction": { "Count": {}, }, "Priority": 2, "Statement": { "ManagedRuleGroupStatement": { "Name": "AWSManagedRulesKnownBadInputsRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSManagedRulesKnownBadInputsRuleSet", "SampledRequestsEnabled": true, }, }, { "Name": "AWSManagedRulesAmazonIpReputationList", "OverrideAction": { "Count": {}, }, "Priority": 3, "Statement": { "ManagedRuleGroupStatement": { "Name": "AWSManagedRulesAmazonIpReputationList", "VendorName": "AWS", }, }, "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSManagedRulesAmazonIpReputationList", "SampledRequestsEnabled": true, }, }, { "Name": "AWSManagedRulesLinuxRuleSet", "OverrideAction": { "Count": {}, }, "Priority": 4, "Statement": { "ManagedRuleGroupStatement": { "Name": "AWSManagedRulesLinuxRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSManagedRulesLinuxRuleSet", "SampledRequestsEnabled": true, }, }, { "Name": "AWSManagedRulesSQLiRuleSet", "OverrideAction": { "Count": {}, }, "Priority": 5, "Statement": { "ManagedRuleGroupStatement": { "Name": "AWSManagedRulesSQLiRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSManagedRulesSQLiRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "sample-waf-web-acl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "WafForApiGWTestWebAclAssociationApigw7BD5CDF3": { "Properties": { "ResourceArn": { "Fn::Join": [ "", [ "arn:aws:apigateway:ap-northeast-1::/restapis/", { "Ref": "ApiGatewaysampleapiDBBB2137", }, "/stages/prod", ], ], }, "WebACLArn": { "Fn::GetAtt": [ "WafForApiGWSampleWafAclApigw0325C289", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, }, "Rules": { "CheckBootstrapVersion": { "Assertions": [ { "Assert": { "Fn::Not": [ { "Fn::Contains": [ [ "1", "2", "3", "4", "5", ], { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `;